According to Kernel documentation, support for Transparent Proxying (TPROXY)
requires 2 Netfilter modules to be installed: `xt_TPROXY` and `xt_socket`.
So far, Minikube had only `xt_TPROXY`.
See https://www.kernel.org/doc/Documentation/networking/tproxy.txt
Some users (especially for those in mainland China) may have issue
accessing the default image repository. This patchset allows users
to override the default image repository gcr.io to a different
repository by specifying --image-repository option in the command
line as a simple workaround. Images will be pulled from the
specified image repository instead of the default ones.
Example (using mirror by Aliyun):
minikube start ...
--image-repository
registry.cn-hangzhou.aliyuncs.com/google_containers
Should use the proper name for display, even if we use a name more
suitable to naming classes and methods for the implementation...
Also use the --runtime=cri-o when testing, and update the github
repository now that cri-o has graduated from incubator to a sig.
See https://cri-o.io/
When a storage provider is enabled (storage-provisioner-glusterfile),
mark it "is-default" and set "is-default" to "false" in all other
StorageClasses.
There can only be one StorageClass be marked as default. When the
storage-provisioner-gluster addon is enabled, users expect it to be the
default StorageClass.
Instead of removing the "is-default" annotation from the other
StorageClasses, set it to "false". This leaves only the "glusterfile"
StorageClass as "is-default".
With this addon dynamic provisioning based on Gluster can be enabled:
$ minikube addons enable storage-provisioner-gluster
This will deploy several pods in a new 'storage-gluster' namespace:
- glusterfs, storage service with a 10GB sparse /srv/fake-disk.img
- heketi, a smart Gluster volume manager
- glusterfile-provisioner, external-storage provisioner
In addition, the StorageClass 'glusterfile' will be created. It is
currently not configured as default StorageClass, so PVCs need to refer
to the new StorageClass.
As per https://github.com/kubernetes/kubernetes/pull/32151, kubelet
doesn't search for CNI configs in /usr/libexec/kubernetes/kubelet-plugins/net/exec/
by default anymore.
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Previously, minikube has been shipped with the default CNI config
(/etc/cni/net.d/k8s.conf) in its rootfs. This complicated a lot
when using a custom CNI plugin, as the default config was picked
by kubelet before the custom CNI plugin has installed its own CNI
config. So, the end result was that some Pods were attached to a
network defined in the default config, and some got managed by
the custom plugin.
This commit introduces the flag "--enable-default-cni" to
"minikube start" to trigger the provisioning of the default CNI
config.
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Change the policy for the minikube-hostpath storage class addon from
Reconcile to EnsureExists. When it's set to reconcile, it's impossible
to change the default storage class in Minikube because it will keep
setting the minikube-hostpath storageclass to default.
Ported from kubernetes/kubernetes#66235
* Change restart policy on gvisor pod
Change the restart policy on the gvisor pod to Always. This way, if a
user runs
minikube addons enable gvisor
minikube stop
minikube start
when the addon manager tries to restart the gvisor pod, it will be
restarted and gvisor will start running automatically. This PR also adds an
integration test for this functionality.
* Test stop and start
* Revert test to delete
Revert test to delete for now, for some reason "stop" and then "start"
is failing both locally and in Jenkins for VirtualBox with a "panic test
timed out after 30 min" error
This PR adds the code for enabling gvisor in minikube. It adds the pod
that will run when the addon is enabled, and the code for the image
which will run when this happens.
When gvisor is enabled, the pod will download runsc and the
gvisor-containerd-shim. It will replace the containerd config.toml and
restart containerd.
When gvisor is disabled, the pod will be deleted by the addon manager.
This will trigger a pre-stop hook which will revert the config.toml to
it's original state and restart containerd.
- Updates Ingress-Controller Version to 0.19.0
- Adds Service Account for Ingress-Controller
- Adds Support for Prometheus
- Fixes bug with TCP/UDP ConfigMaps not Loading
- Adds more resource limits to default-backend
- Use new ingress class name
- Use app.kubernetes.io/xxxxxxxxxxx labels
This provides an additional level of security, by enforcing host checking, applying port randomization, and requiring explicit user intent to expose the service to the host.
Minikube automount relies on a VM disk to be mounted (usually /dev/sda)
to provide .ssh credentials.
This commit adds a dependency on systemd-udev-settle to ensure that all devices
(including disks) are up and available before executing the mount
script.
We use systemd-udev-settle
https://github.com/systemd/systemd/blob/master/units/systemd-udev-settle.service.in
To ensure this. Note that in the above link, we can read a comment
stating that systemd-udev-settle is used to ensure a populated /dev
during bootup, which is exaclty what we want.
Signed-off-by: David Genest <david.genest@gmail.com>
Previously we were mixed between the two forms. This commit picks %v,
which is consistent with the Kubernetes code base. They both effectively
do the same thing in this case, though %v works with any object, and %s
only with string objects.
The default configuration here for ES_JAVA_OPTS will pretty much always fail as is, making this addon useless and broken unless modified. Since this is deployed automatically when addon is enabled, it seems like providing a value that works is the best option here, otherwise in a minikube the pod(s) deployed will continually fail to start.
Simple management tool for containers and images
"podman shares state with crio and so has the
capability to debug pods/images created by crio"
https://github.com/projectatomic/libpod/pull/145
This change adds gluster and heketi dependencies to buildroot config,
that is dm_snapshot, dm_thin_pool and XFS kernel modules, XFS tools,
and gluster itself.
linux is upgraded to 4.16, binutils is upgraded to 2.30, and
libelf is installed for the newer kernel.
Other configuration changes are changes in defaults and ordering.
Now using glibc 2.27. systemd 237, and Go 1.10.
vbox-guest is removed because it's upstream as of linux 4.16.
More on buildroot at https://git.buildroot.net/buildroot/tree/CHANGES
HSTS has been deactivated explicitly by default for the ingress controller in minikube, because it causes trouble for local development. Minikube is intended for local development, so this feature should not be turned on by default.
Yaroslav Skopets
Zhongcheng Lao
minikube-bot
Anders Björklund
Thomas Stromberg
Kauê Doretto Grecchi
Leif Ringstad
Niels de Vos
Martynas Pumputis
Jason Cwik
Balint Pato
Jeffrey Sica
priyawadhwa
ivans3
Fernando Diaz
dlorenc
Akihiro Suda
David Genest
Sven Anderson
oilbeater
Sandeep Rajan
Bennett Ellis
yanxuean
dlorenc
Aaron Prindle
Rohit Agarwal
Manuel de Brito Fontes
ijl
Martynas Pumputis
ruicao
kairen
maiksensi
AdamDang
Rohit Agarwal
Tim Hockin
Matt Rickard
Praveen Kumar
Lena Brüder