Merge branch 'master' of github.com:kubernetes/minikube into test-fixes

2020-12-15 09:21:33 -08:00 · 2020-12-15 09:21:33 -08:00 · 6e4eb6c309
parent 5b73771ff1 f85bed1150
commit 6e4eb6c309
17 changed files with 128 additions and 39 deletions
--- a/2
+++ b/2
@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co
 KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2)

 # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
-ISO_VERSION ?= v1.16.0-snapshot1
+ISO_VERSION ?= v1.16.0-snapshot4
 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta
 DEB_VERSION ?= $(subst -,~,$(RAW_VERSION))
 RPM_VERSION ?= $(DEB_VERSION)
--- a/cmd/minikube/cmd/config/config.go
+++ b/cmd/minikube/cmd/config/config.go
@ -181,7 +181,7 @@ var settings = []Setting{
 var ConfigCmd = &cobra.Command{
 	Use:   "config SUBCOMMAND [flags]",
 	Short: "Modify persistent configuration values",
-	Long: `config modifies minikube config files using subcommands like "minikube config set driver kvm"
+	Long: `config modifies minikube config files using subcommands like "minikube config set driver kvm2"
 Configurable fields: ` + "\n\n" + configurableFields(),
 	Run: func(cmd *cobra.Command, args []string) {
 		if err := cmd.Help(); err != nil {
--- a/cmd/minikube/cmd/start_flags.go
+++ b/cmd/minikube/cmd/start_flags.go
@ -138,7 +138,7 @@ func initMinikubeFlags() {
 	startCmd.Flags().String(containerRuntime, "docker", fmt.Sprintf("The container runtime to be used (%s).", strings.Join(cruntime.ValidRuntimes(), ", ")))
 	startCmd.Flags().Bool(createMount, false, "This will start the mount daemon and automatically mount files into minikube.")
 	startCmd.Flags().String(mountString, constants.DefaultMountDir+":/minikube-host", "The argument to pass the minikube mount command on start.")
-	startCmd.Flags().StringArrayVar(&config.AddonList, "addons", nil, "Enable addons. see `minikube addons list` for a list of valid addon names.")
+	startCmd.Flags().StringSliceVar(&config.AddonList, "addons", nil, "Enable addons. see `minikube addons list` for a list of valid addon names.")
 	startCmd.Flags().String(criSocket, "", "The cri socket path to be used.")
 	startCmd.Flags().String(networkPlugin, "", "Kubelet network plug-in to use (default: auto)")
 	startCmd.Flags().Bool(enableDefaultCNI, false, "DEPRECATED: Replaced by --cni=bridge")
--- a/deploy/iso/minikube-iso/package/automount/minikube-automount
+++ b/deploy/iso/minikube-iso/package/automount/minikube-automount
@ -105,6 +105,10 @@ if [ -n "$BOOT2DOCKER_DATA" ]; then
    mkdir -p /var/lib/containerd
    mount --bind /mnt/$PARTNAME/var/lib/containerd /var/lib/containerd

+    mkdir -p /mnt/$PARTNAME/var/lib/buildkit
+    mkdir -p /var/lib/buildkit
+    mount --bind /mnt/$PARTNAME/var/lib/buildkit /var/lib/buildkit
+
    mkdir -p /mnt/$PARTNAME/var/lib/containers
    mkdir -p /var/lib/containers
    mount --bind /mnt/$PARTNAME/var/lib/containers /var/lib/containers
--- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
+++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
@ -1 +1,2 @@
 sha256 33bcaa49b31bc3a277ac75d32fce3f5442d39f53a1799b8624e985279b579f74  buildkit-v0.7.2.linux-amd64.tar.gz
+sha256 28005748fae926edf8c93b7cb1df53ec49df65dec67105b94e7fb9c513fa78a4  buildkit-v0.8.0.linux-amd64.tar.gz
--- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
+++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
@ -4,17 +4,24 @@
 #
 ################################################################################

-BUILDKIT_BIN_VERSION = v0.7.2
+BUILDKIT_BIN_VERSION = v0.8.0
+BUILDKIT_BIN_COMMIT = 73fe4736135645a342abc7b587bba0994cccf0f9
 BUILDKIT_BIN_SITE = https://github.com/moby/buildkit/releases/download/$(BUILDKIT_BIN_VERSION)
 BUILDKIT_BIN_SOURCE = buildkit-$(BUILDKIT_BIN_VERSION).linux-amd64.tar.gz

+# https://github.com/opencontainers/runc.git
+BUILDKIT_RUNC_VERSION = 939ad4e3fcfa1ab531458355a73688c6f4ee5003
+
 define BUILDKIT_BIN_INSTALL_TARGET_CMDS
 	$(INSTALL) -D -m 0755 \
 		$(@D)/buildctl \
-		$(TARGET_DIR)/usr/bin/buildctl
+		$(TARGET_DIR)/usr/bin
+	$(INSTALL) -D -m 0755 \
+		$(@D)/buildkit-runc \
+		$(TARGET_DIR)/usr/sbin
 	$(INSTALL) -D -m 0755 \
 		$(@D)/buildkitd \
-		$(TARGET_DIR)/usr/sbin/buildkitd
+		$(TARGET_DIR)/usr/sbin
 endef

 $(eval $(generic-package))
--- a/deploy/kicbase/Dockerfile
+++ b/deploy/kicbase/Dockerfile
@ -21,7 +21,7 @@
 # for a kubernetes node image, it doesn't contain much we don't need
 FROM ubuntu:focal-20201106

-ARG BUILDKIT_VERSION="v0.7.2"
+ARG BUILDKIT_VERSION="v0.8.0"

 # copy in static files (configs, scripts)
 COPY 10-network-security.conf /etc/sysctl.d/10-network-security.conf
--- a/hack/release_notes.sh
+++ b/hack/release_notes.sh
@ -39,5 +39,6 @@ recent=$(git describe --abbrev=0)

 "${DIR}/release-notes" kubernetes minikube --since $recent

-echo "Thank you to our contributors for this release! "
+echo "Thank you to our contributors for this release!"
+echo ""
 git log "$recent".. --format="%aN" --reverse | sort | uniq | awk '{printf "- %s\n", $0 }'
--- a/pkg/drivers/kic/kic.go
+++ b/pkg/drivers/kic/kic.go
@ -17,9 +17,11 @@ limitations under the License.
 package kic

 import (
+	"context"
 	"fmt"
 	"net"
 	"os/exec"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@ -214,6 +216,33 @@ func (d *Driver) prepareSSH() error {
 		return errors.Wrapf(err, "apply authorized_keys file ownership, output %s", rr.Output())
 	}

+	if runtime.GOOS == "windows" {
+		path, _ := exec.LookPath("powershell")
+		ctx, cancel := context.WithTimeout(context.Background(), 8*time.Second)
+		defer cancel()
+
+		klog.Infof("ensuring only current user has permissions to key file located at : %s...", keyPath)
+
+		// Get the SID of the current user
+		currentUserSidCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value")
+		currentUserSidOut, currentUserSidErr := currentUserSidCmd.CombinedOutput()
+		if currentUserSidErr != nil {
+			klog.Warningf("unable to determine current user's SID. minikube tunnel may not work.")
+		} else {
+			icaclsArguments := fmt.Sprintf(`"%s" /grant:r *%s:F /inheritancelevel:r`, keyPath, strings.TrimSpace(string(currentUserSidOut)))
+			icaclsCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "icacls.exe", icaclsArguments)
+			icaclsCmdOut, icaclsCmdErr := icaclsCmd.CombinedOutput()
+
+			if icaclsCmdErr != nil {
+				return errors.Wrap(icaclsCmdErr, "unable to execute icacls to set permissions")
+			}
+
+			if !strings.Contains(string(icaclsCmdOut), "Successfully processed 1 files; Failed processing 0 files") {
+				klog.Errorf("icacls failed applying permissions - err - [%s], output - [%s]", icaclsCmdErr, strings.TrimSpace(string(icaclsCmdOut)))
+			}
+		}
+	}
+
 	return nil
 }

--- a/pkg/minikube/cruntime/crio.go
+++ b/pkg/minikube/cruntime/crio.go
@ -109,6 +109,26 @@ func (r *CRIO) Active() bool {
 	return r.Init.Active("crio")
 }

+// enableIPForwarding configures IP forwarding, which is handled normally by Docker
+// Context: https://github.com/kubernetes/kubeadm/issues/1062
+func enableIPForwarding(cr CommandRunner) error {
+	// The bridge-netfilter module enables iptables rules to work on Linux bridges
+	// NOTE: br_netfilter isn't available in WSL2, but forwarding works fine there anyways
+	c := exec.Command("sudo", "sysctl", "net.bridge.bridge-nf-call-iptables")
+	if rr, err := cr.RunCmd(c); err != nil {
+		klog.Infof("couldn't verify netfilter by %q which might be okay. error: %v", rr.Command(), err)
+		c = exec.Command("sudo", "modprobe", "br_netfilter")
+		if _, err := cr.RunCmd(c); err != nil {
+			klog.Warningf("%q failed, which may be ok: %v", rr.Command(), err)
+		}
+	}
+	c = exec.Command("sudo", "sh", "-c", "echo 1 > /proc/sys/net/ipv4/ip_forward")
+	if _, err := cr.RunCmd(c); err != nil {
+		return errors.Wrapf(err, "ip_forward")
+	}
+	return nil
+}
+
 // Enable idempotently enables CRIO on a host
 func (r *CRIO) Enable(disOthers, _ bool) error {
 	if disOthers {
--- a/pkg/minikube/cruntime/cruntime.go
+++ b/pkg/minikube/cruntime/cruntime.go
@ -22,7 +22,6 @@ import (
 	"os/exec"

 	"github.com/blang/semver"
-	"github.com/pkg/errors"
 	"k8s.io/klog/v2"
 	"k8s.io/minikube/pkg/minikube/assets"
 	"k8s.io/minikube/pkg/minikube/command"
@ -210,21 +209,3 @@ func disableOthers(me Manager, cr CommandRunner) error {
 	}
 	return nil
 }
-
-// enableIPForwarding configures IP forwarding, which is handled normally by Docker
-// Context: https://github.com/kubernetes/kubeadm/issues/1062
-func enableIPForwarding(cr CommandRunner) error {
-	c := exec.Command("sudo", "sysctl", "net.bridge.bridge-nf-call-iptables")
-	if rr, err := cr.RunCmd(c); err != nil {
-		klog.Infof("couldn't verify netfilter by %q which might be okay. error: %v", rr.Command(), err)
-		c = exec.Command("sudo", "modprobe", "br_netfilter")
-		if _, err := cr.RunCmd(c); err != nil {
-			return errors.Wrapf(err, "br_netfilter")
-		}
-	}
-	c = exec.Command("sudo", "sh", "-c", "echo 1 > /proc/sys/net/ipv4/ip_forward")
-	if _, err := cr.RunCmd(c); err != nil {
-		return errors.Wrapf(err, "ip_forward")
-	}
-	return nil
-}
--- a/pkg/minikube/out/out.go
+++ b/pkg/minikube/out/out.go
@ -138,6 +138,10 @@ func spinnerString(format string, a ...interface{}) {
 	}

 	klog.Infof(format, a...)
+	// if spin is active from a previous step, it will stop spinner displaying
+	if spin.Active() {
+		spin.Stop()
+	}
 	_, err := fmt.Fprintf(outFile, format, a...)
 	if err != nil {
 		klog.Errorf("Fprintf failed: %v", err)
--- a/pkg/minikube/tunnel/kic/ssh_conn.go
+++ b/pkg/minikube/tunnel/kic/ssh_conn.go
@ -19,6 +19,7 @@ package kic
 import (
 	"fmt"
 	"os/exec"
+	"runtime"

 	"github.com/phayes/freeport"
 	v1 "k8s.io/api/core/v1"
@ -39,7 +40,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,
@ -66,8 +67,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	}

 	command := "ssh"
-
-	if askForSudo {
+	if askForSudo && runtime.GOOS != "windows" {
 		out.Step(
 			style.Warning,
 			"The service {{.service}} requires privileged ports to be exposed: {{.ports}}",
@ -79,7 +79,6 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 		command = "sudo"
 		sshArgs = append([]string{"ssh"}, sshArgs...)
 	}
-
 	cmd := exec.Command(command, sshArgs...)

 	return &sshConn{
@ -94,7 +93,7 @@ func createSSHConnWithRandomPorts(name, sshPort, sshKey string, svc *v1.Service)
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,
--- a/site/content/en/docs/commands/start.md
+++ b/site/content/en/docs/commands/start.md
@ -64,7 +64,7 @@ minikube start [flags]
      --insecure-registry strings         Insecure Docker registries to pass to the Docker daemon.  The default service CIDR range will automatically be added.
      --install-addons                    If set, install addons. Defaults to true. (default true)
      --interactive                       Allow user prompts for more information (default true)
-      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube/iso/minikube-v1.16.0-snapshot1.iso,https://github.com/kubernetes/minikube/releases/download/v1.16.0-snapshot1/minikube-v1.16.0-snapshot1.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.16.0-snapshot1.iso])
+      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube/iso/minikube-v1.16.0-snapshot4.iso,https://github.com/kubernetes/minikube/releases/download/v1.16.0-snapshot4/minikube-v1.16.0-snapshot4.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.16.0-snapshot4.iso])
      --keep-context                      This will keep the existing kubectl context and will create a minikube context.
      --kubernetes-version string         The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.20.0, 'latest' for v1.20.0). Defaults to 'stable'.
      --kvm-gpu                           Enable experimental NVIDIA GPU support in minikube
--- a/site/content/en/docs/handbook/persistent_volumes.md
+++ b/site/content/en/docs/handbook/persistent_volumes.md
@ -18,6 +18,9 @@ minikube is configured to persist files stored under the following directories,
 * `/data`
 * `/var/lib/minikube`
 * `/var/lib/docker`
+* `/var/lib/containerd`
+* `/var/lib/buildkit`
+* `/var/lib/containers`
 * `/tmp/hostpath_pv`
 * `/tmp/hostpath-provisioner`

--- a/site/content/en/docs/handbook/pushing.md
+++ b/site/content/en/docs/handbook/pushing.md
@ -2,7 +2,7 @@
 title: "Pushing images"
 weight: 5
 description: >
- comparing 5 ways to push your image into a minikiube cluster.
+ comparing 5 ways to push your image into a minikube cluster.
 aliases:
 - /docs/tasks/building
 - /docs/tasks/caching
@ -31,6 +31,7 @@ Here is a comparison table to help you choose:

 ## 1. Pushing directly to the in-cluster Docker daemon (docker-env)

+This is similar to podman-env but only for Docker runtime.
 When using a container or VM driver (all drivers except none), you can reuse the Docker daemon inside minikube cluster.
 this means you don't have to build on your host machine and push the image into a docker registry. You can just build inside the same docker daemon as minikube which speeds up local experiments.

@ -137,6 +138,12 @@ You should now be able to use podman client on the command line on your host mac
 podman-remote help
 ```

+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
+```shell
+podman-remote build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On Linux the remote client is called "podman-remote", while the local program is called "podman".
 {{% /pageinfo %}}
@ -148,6 +155,12 @@ Note: On Linux the remote client is called "podman-remote", while the local prog
 podman help
 ```

+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
+```shell
+podman build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On macOS the remote client is called "podman", since there is no local "podman" program available.
 {{% /pageinfo %}}
@ -155,10 +168,16 @@ Note: On macOS the remote client is called "podman", since there is no local "po
 {{% /mactab %}}
 {{% windowstab %}}

+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
 ```shell
 podman help
 ```

+```shell
+podman build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On Windows the remote client is called "podman", since there is no local "podman" program available.
 {{% /pageinfo %}}
@ -200,8 +219,10 @@ docker push $(minikube ip):5000/test-img

 ## 5. Building images inside of minikube using SSH

-Use `minikube ssh` to run commands inside the minikube node, and run the `docker build` directly there.
-Any command you run there will run against the same daemon that kubernetes cluster is using.
+Use `minikube ssh` to run commands inside the minikube node, and run the build command directly there.
+Any command you run there will run against the same daemon / storage that kubernetes cluster is using.
+
+For Docker, use:

 ```shell
 docker build
@ -209,15 +230,24 @@ docker build

 For more information on the `docker build` command, read the [Docker documentation](https://docs.docker.com/engine/reference/commandline/build/) (docker.com).

-For Podman, use:
+For CRI-O, use:

 ```shell
 sudo podman build
 ```

-For more information on the `podman build` command, read the [Podman documentation](https://github.com/containers/libpod/blob/master/docs/source/markdown/podman-build.1.md) (podman.io).
+For more information on the `podman build` command, read the [Podman documentation](https://github.com/containers/podman/blob/master/docs/source/markdown/podman-build.1.md) (podman.io).
+
+For Containerd, use:
+
+```shell
+sudo buildctl build
+```
+
+For more information on the `buildctl build` command, read the [Buildkit documentation](https://github.com/moby/buildkit#quick-start) (mobyproject.org).

 to exit minikube ssh and come back to your terminal type:
+
 ```shell
 exit
 ```
--- a/site/content/en/docs/start/_index.md
+++ b/site/content/en/docs/start/_index.md
@ -98,12 +98,22 @@ sudo install minikube-darwin-amd64 /usr/local/bin/minikube
 {{% /mactab %}}
 {{% windowstab %}}

-If the [Chocolatey Package Manager](https://chocolatey.org/) is installed, use it to install minikube:
+### Windows Package Manager
+
+If the [Windows Package Manager](https://docs.microsoft.com/en-us/windows/package-manager/) is installed, use the following command to install minikube:
+
+```shell
+winget install minikube
+```
+
+### Chocolatey
+If the [Chocolatey Package Manager](https://chocolatey.org/) is installed, use the following command:

 ```shell
 choco install minikube
 ```

+### Stand-alone Windows Installer
 Otherwise, download and run the [Windows installer](https://storage.googleapis.com/minikube/releases/latest/minikube-installer.exe)

 {{% /windowstab %}}