Previously, minikube has been shipped with the default CNI config
(/etc/cni/net.d/k8s.conf) in its rootfs. This complicated a lot
when using a custom CNI plugin, as the default config was picked
by kubelet before the custom CNI plugin has installed its own CNI
config. So, the end result was that some Pods were attached to a
network defined in the default config, and some got managed by
the custom plugin.
This commit introduces the flag "--enable-default-cni" to
"minikube start" to trigger the provisioning of the default CNI
config.
Signed-off-by: Martynas Pumputis <m@lambda.lt>
* Change restart policy on gvisor pod
Change the restart policy on the gvisor pod to Always. This way, if a
user runs
minikube addons enable gvisor
minikube stop
minikube start
when the addon manager tries to restart the gvisor pod, it will be
restarted and gvisor will start running automatically. This PR also adds an
integration test for this functionality.
* Test stop and start
* Revert test to delete
Revert test to delete for now, for some reason "stop" and then "start"
is failing both locally and in Jenkins for VirtualBox with a "panic test
timed out after 30 min" error
This PR adds the code for enabling gvisor in minikube. It adds the pod
that will run when the addon is enabled, and the code for the image
which will run when this happens.
When gvisor is enabled, the pod will download runsc and the
gvisor-containerd-shim. It will replace the containerd config.toml and
restart containerd.
When gvisor is disabled, the pod will be deleted by the addon manager.
This will trigger a pre-stop hook which will revert the config.toml to
it's original state and restart containerd.
Small improvements to debugging and reducing integration test flakiness:
* added logging to kubeadm init in the SSHExecutor
* increasing timeout for RBAC creation via the kubernetes client set
* only log tunnel output to test logger
This change is a bit of a hack to make IP routing work over the virtio-net interface - it forces the virtio-net interface (bridge100) created by hyperkit/xhyve to reset via removing and readding the single member of the interface. Without this "reset" packets are just simply lost most of the time, despite a completely healthy IP route.
This error was also the reason for a large percentage of our integration test failures. While reducing the flakiness of tunnel related tests I also increased the timeout requirement and adding retries to the nginx request in TestTunnel.
This commit introduces a new command, `minikube tunnel`, a LoadBalancer emulator functionality, that must be run with root permissions.
This command:
* Establishes networking routes from the host into the VM for all IP ranges used by Kubernetes.
* Enables a cluster controller that allocates IPs to services external `LoadBalancer` IPs.
* Cleans up routes and IPs when stopped (Ctrl+C), when `minikube` stops, and when `minikube tunnel` is ran with the `--cleanup` flag
These tests reliably cause a "panic: timed out" condition due to
hitherto unknown reasons. See issue #3200 for context.
dlorenc mentioned that this test never worked, so when I re-enabled it
recently for all platforms in af61bf790c,
it introduced a persistent test failure for darwin.
I'll leave issue #3200 open until we are able to re-enable this test.
- Updates Ingress-Controller Version to 0.19.0
- Adds Service Account for Ingress-Controller
- Adds Support for Prometheus
- Fixes bug with TCP/UDP ConfigMaps not Loading
- Adds more resource limits to default-backend
- Use new ingress class name
- Use app.kubernetes.io/xxxxxxxxxxx labels
This provides an additional level of security, by enforcing host checking, applying port randomization, and requiring explicit user intent to expose the service to the host.
Previously we were mixed between the two forms. This commit picks %v,
which is consistent with the Kubernetes code base. They both effectively
do the same thing in this case, though %v works with any object, and %s
only with string objects.
This effectively reverts 0a5efe156c - whose behavior was apparently correct. Both coredns and kubedns share k8s-app=kube-dns labels in our current environment.
Make future failures to this test easier to debug. Here's an example of
the test failure I ran into:
--- FAIL: TestFunctional/EnvVars (0.58s)
cluster_env_test.go:36: SetEnvFromEnvCmdOutput: Error: No variables were parsed from docker-env output:
set -gx DOCKER_TLS_VERIFY "1";
set -gx DOCKER_HOST "tcp://192.168.39.199:2376";
set -gx DOCKER_CERT_PATH "/usr/local/google/home/tstromberg/.minikube/certs";
set -gx DOCKER_API_VERSION "1.35";
# Run this command to configure your shell:
# eval (minikube docker-env)
* Separate start args from args passed to every command. This is so
that we can call `minikube logs` and `minikube status` with the proper
flags (for the bootstrapper)
* Add a NewMinikubeRunner function to make getting a minikube runner
easier.
If we choose a random namespace, the test will fail since RBAC
permissions will not be set up correctly.
This also chooses a randomly generated name, so that if we are running
an integration test while another busybox pod is still cleaning up,
there are no errors
Theres currently no good way to run the integration tests for the none
driver locally. Now that we've added the e2e target, we can depend on
that. Running the e2e test binary locally requires the testdata folder
to be in a different path, since it is relative to where the code is
being ran. I added a testdata-dir flag to the integration tests so we
can set it appropriately for when we want to run the e2e binary by
itself.
I also made the e2e test binary a PHONY target, so we rebuild it each
time. I had trouble collecting the dependencies on the integration
test packages
I removed this awhile ago, but I'm not sure how it snuck back in.
The original issue was that the VM was getting a new IP, but the driver
was parsing the leases file and still picking the old IP. So the only
way to fix it was to wait for the old lease to expire.
We were using an alpha v1.6 kubectl to run 1.5 and 1.6 branches of
minikube at the same time. Since we've merged in 1.6, we will always
use 1.6 kubectl. I've updated the slaves to have it.
This integration test was hanging on Windows because systemctl was paging the
(one line) output and waiting for stdin. Specify the `--no-pager` cmd to systemctl
to avoid this.
The TestDocker integration test shouldn't hard code the path to the systemd config for docker.service -- instead, it can use `systemctl show` to dump the configuration for the docker service.
In TestStartStop(), check for stopped status once in 5 seconds,
up to 30 seconds, instead of always sleeping for 30 seconds
before stopping it. That way we can reduce duration of the test.
To do that, we need to split out MinikubeRunner.CheckStatus() into
CheckStatusNoFail() that doesn't lead to T.Fatalf(). Other call sites
of CheckStatus() would not be then affected.
Thomas Stromberg
Martynas Pumputis
priyawadhwa
Nicholas Goozeff
Balint Pato
Fernando Diaz
dlorenc
dlorenc
Aaron Prindle
kairen
Yongkun Anfernee Gui
Matt Rickard
Matt Rickard
ulyssessouza
Nick Kubala
Mike Grass
Max Lavrenov
Dongsu Park
Jimmi Dyson
Subhas Dandapani
Lucas Käldström
Lucas Käldström