This matches StartCluster, and is used to revert
the changes done to reset the VM machine state.
Even if it fails, continue to deleting the VM...
Make sure to handle the case of missing config.
Both #3502 (which this commit reverts) and #3523 attempted to fix the same issue.
Keeping the change from the latter PR since it fixes it at the source template.
When a storage provider is enabled (storage-provisioner-glusterfile),
mark it "is-default" and set "is-default" to "false" in all other
StorageClasses.
There can only be one StorageClass be marked as default. When the
storage-provisioner-gluster addon is enabled, users expect it to be the
default StorageClass.
Instead of removing the "is-default" annotation from the other
StorageClasses, set it to "false". This leaves only the "glusterfile"
StorageClass as "is-default".
With this addon dynamic provisioning based on Gluster can be enabled:
$ minikube addons enable storage-provisioner-gluster
This will deploy several pods in a new 'storage-gluster' namespace:
- glusterfs, storage service with a 10GB sparse /srv/fake-disk.img
- heketi, a smart Gluster volume manager
- glusterfile-provisioner, external-storage provisioner
In addition, the StorageClass 'glusterfile' will be created. It is
currently not configured as default StorageClass, so PVCs need to refer
to the new StorageClass.
Previously, minikube has been shipped with the default CNI config
(/etc/cni/net.d/k8s.conf) in its rootfs. This complicated a lot
when using a custom CNI plugin, as the default config was picked
by kubelet before the custom CNI plugin has installed its own CNI
config. So, the end result was that some Pods were attached to a
network defined in the default config, and some got managed by
the custom plugin.
This commit introduces the flag "--enable-default-cni" to
"minikube start" to trigger the provisioning of the default CNI
config.
Signed-off-by: Martynas Pumputis <m@lambda.lt>
* Save old cluster config in memory before overwriting
In PR #3426, I changed "minikube start" to overwrite the cluster config earlier so that the container runtime could be extracted from it by the buildroot provisioner. This introduced a bug later on, where minikube expected to read the kubernetes version from theold config (which no longer existed, because the config was overwritten).
To fix this, I changed the code to store the old version of the config in memory before overwriting it.
This should fix#3447
This PR adds the code for enabling gvisor in minikube. It adds the pod
that will run when the addon is enabled, and the code for the image
which will run when this happens.
When gvisor is enabled, the pod will download runsc and the
gvisor-containerd-shim. It will replace the containerd config.toml and
restart containerd.
When gvisor is disabled, the pod will be deleted by the addon manager.
This will trigger a pre-stop hook which will revert the config.toml to
it's original state and restart containerd.
* Only restart docker service if container runtime is docker
Only allow the buildroot provisioner to restart docker if the container
runtime is docker. This change should fix the bug in #3424, since now
docker will not be restarted if the container runtime is containerd.
* Added files to fix FileContent--proc-sys-net-bridge-bridge-nf-call-iptables precheck error
From this issue: https://github.com/kubernetes/kubeadm/issues/1062
these files need to be added to prevent this precheck error (which occurs when running any container runtime that isn't docker).
Also, save the machine config on the user's filesystem earlier so that the buildprovisioner can access it.
sudo -E minikube start --vm-driver=none does not change directory
owner when CHANGE_MINIKUBE_NONE_USER=true.
This patch fixes to change directory owner when
CHANGE_MINIKUBE_NONE_USER=true.
* Implement a check to see if an ISO URL is valid
* Use strings.TrimPrefix instead of []rune casting for 'file://' prefix removal
* Handle file permissions error with a user-friendly message
Small improvements to debugging and reducing integration test flakiness:
* added logging to kubeadm init in the SSHExecutor
* increasing timeout for RBAC creation via the kubernetes client set
* only log tunnel output to test logger
This change is a bit of a hack to make IP routing work over the virtio-net interface - it forces the virtio-net interface (bridge100) created by hyperkit/xhyve to reset via removing and readding the single member of the interface. Without this "reset" packets are just simply lost most of the time, despite a completely healthy IP route.
This error was also the reason for a large percentage of our integration test failures. While reducing the flakiness of tunnel related tests I also increased the timeout requirement and adding retries to the nginx request in TestTunnel.
After stopping any runtimes that aren't being used, if we're using
containerd then we need to restart it. This is because it competes with
cri-o to listen on port 10010, causing a necesary plugin to not be
installed. After stopping cri-o, we need to restart containerd so that
the plugin is installed.
I also added some preflight checks when using alternative runtimes.
kubeadm checks to make sure the Docker service is running, so I disabled
that. It also checks if a few ports are available; these are ports that
containerd uses, so I also added them to the ignore list.
This should finish the work started in #3211, which stopped alternative
runtimes but didn't restart containerd. I was able to run "minikube
start" with containerd locally with this change.
* Stop extra container runtimes, before bootstrapper
The minikube.iso starts every runtime, by default
* Disable docker-env output, if docker isn't running
Might be running an alternative container runtime
* Add config parameter for the cri socket path
Closes#3153
* Remove stray newline, when not using criSocket
* Add the --cri-socket parameter to configuration
Also fix the syntax for CRI-O, adding unix://
kubectl releases older than August 2017 don't include a newline, which
means there is effectively no hint that the output has completed. I
believe this is why tests have been failing on the macOS.
Should resolve test timeout panics such as #3203
This commit introduces a new command, `minikube tunnel`, a LoadBalancer emulator functionality, that must be run with root permissions.
This command:
* Establishes networking routes from the host into the VM for all IP ranges used by Kubernetes.
* Enables a cluster controller that allocates IPs to services external `LoadBalancer` IPs.
* Cleans up routes and IPs when stopped (Ctrl+C), when `minikube` stops, and when `minikube tunnel` is ran with the `--cleanup` flag
This provides an additional level of security, by enforcing host checking, applying port randomization, and requiring explicit user intent to expose the service to the host.
Previously we were mixed between the two forms. This commit picks %v,
which is consistent with the Kubernetes code base. They both effectively
do the same thing in this case, though %v works with any object, and %s
only with string objects.
Opt-in with `minikube config set embed-certs true`. Similar to the
behaviour of `kubectl config set-credentials --embed-certs`.
Enables Minikube on Windows to produce a .kube/config file that
can be shared directly with kubectl inside the Windows Subsystem
for Linux (WSL) without needing to perform additional translation
of the certificate paths within the configuration file.
Previously, files installed to /usr/local/bin/ would be owned by the
user executing the command, not root. This change makes these installed
files owned by root instead. Improving security is the goal.
The purpose of these changes is to enhance Hyperkit support from the
minikube command line for better integration with enterprise networks
behind a VPN.
uuid: Provide VM UUID to restore MAC address (only supported with
Hyperkit driver).
vpnkitSock: Location of the VPNKit socket used for networking. If empty,
disables Hyperkit VPNKitSock, if 'auto' uses Docker for Mac
VPNKit connection, otherwise uses the specified VSock."
vsockPorts: List of guest VSock ports that should be exposed as sockets
on the host (Only supported on with hyperkit now).
Note:
tests pass but file:
`vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go`
has to be edited to correct an issue - not committed since this is in
the vendor directory.
- Add registry to register all supported drivers in different platforms.
- Add DriverDef to define driver's metadata.
- All driver support logic moved to pkg/minikube/drivers, removed all
driver name switches scattered in different packages.
CombinedOutput function return after command complete.
When we run a long run command, such as continuously get
new log entries, it failed to get run results.
Fixes: https://github.com/kubernetes/minikube/issues/2447
Right now the cri-o socket is placed in `/var/run/crio.sock`, this
commit changes it to `/var/run/crio/crio.sock` which is similar to
upstream.
Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>
https://github.com/kubernetes-incubator/cri-o
Updated the runc version to its latest master commit.
Got crio into the automounter to get off the tmpfs
This feature bubbles up to the minikube command by reusing the
`--container-runtime=` flag, by enabling the value of "`crio`"
(`minikube start --container-runtime=crio`), while the flags/config
passed to localkube are more like k8s (`--container-runtime=remote
--remote-runtime-endpoint=/var/run/crio.sock`)
This is mostly ready for review. It is still lacking having
--insecure-registry plumbed through, but for now the policy.json is
open.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Share most of the disk image setup between hyperkit and kvm drivers.
Move and remove a lot of shared configuration between all the in-tree
drivers: kvm, hyperkit, none.
This PR introduces caching of localkube images. It makes a best effort
to cache the essential images localkube needs as minikube starts up.
Currently, the list of cached images is hardcoded, but future work might
entail
1. Cached images as a property of the cluster bootstrapper - to allow
localkube and kubeadm to cache their respective images.
2. Addons contain image information. Then, we can selectively cache and
preload only the addon images that are enabled.
Introduce the --bootstraper or -b flag that toggles the cluster
bootstrapper. The default bootstrapper (and only bootstrapper at this
time) is localkube.
The bootstrapper interface contains all the functions needed to
bootstrap a kubernetes cluster. It ingests a KubernetesConfig, which
contains all the configuration for the cluster, as well as a
CommandRunner, which is the interface upon which it will run commands
and transfer files to possibly remotely set up the cluster.
This moves the localkube functions out of cluster.go into their own
package at k8s.io/minikube/pkg/minikube/bootstrapper/localkube.
Two implementations, SSHRunner and ExecRunner allow commands to be run
either through SSH or os.Exec respectively. This allows the cluster
bootstrappers to be unaware of how they are actually executing the
commands they need. Copy and Remove functions provide a nice
convenience function for running commands that copy and remove files
respectively.
- Create Config struct to store MachineConfig and KubernetesConfig as cluster
configuration.
- Write cluster configuration under $MINIKUBE_HOME/profiles/ directory
when a cluster is launched.
- Load the cluster configuration at `start` and compare the loaded k8s
version with the requested version. Prevent any version downgrade requests.
The k8s components are registering their flags on localkube, polluting
the flag namespace. A 'version' flag was added, which conflicts with a
localkube flag. Changing the name of this flag so that there is no
conflict.
These flags don't do anything anymore.
`show-libmachine-logs` behavior is triggered by the log level `--v`
`use-vendored-driver` was a feature flag and now we default to vendored
drivers when we can automatically.
Retrieving the IP address depends on guest/host communication channels (e.g. KVP on Hyper-V) that might fail.
This commit adds a message that can help the user in troubleshooting potential issues.
In a last-minute fix, I accidentally changed the pod labels all to
the minikube add-on reconciliation mode label instead of the add-on
name. This is causing the registry service to be unable to forward
requests over to the pods due to mismatched label selectors.
Also, cache in memory localkube versions in multiple calls to the GCS
bucket. These versions will not change during the life of the minikube
process once fetched and are used multiple times.
* Add support for using raw disks with xhyve, default it to true
* Fix formatting issue
* Prefix disk-driver with xhyve to make it clear it is only for xhyve
* Add missing config
This is already printed to stderr through RootCmd.Execute(). We could
save to this the glog logs by supressing the RootCmd.Execute() error
output, but this displays a more user friendly error (i.e. no log
prepended info)
TestSetupKubeConfig fails when running "go test --race", because of
concurrent accesses from multiple goroutines.
```
WARNING: DATA RACE
Write at 0x00c4201cc4b8 by goroutine 16:
k8s.io/minikube/pkg/minikube/kubeconfig.TestSetupKubeConfig.func1()
k8s.io/minikube/pkg/minikube/kubeconfig/config_test.go:103 +0x23a
testing.tRunner()
/usr/local/golang/src/testing/testing.go:657 +0x107
```
To fix that, convert KubeConfigFile to an atomic value that stores
string. Callers should run helper functions, SetKubeConfigFile() and
GetKubeConfigFile() instead of direct access to the value.
pkg/minikube/cluster has become too crowded with service related
functions. I've moved these to their own package, which will make
updating client-go easier because everything will be in one place.
There is still a little bit of work to be done with making
pkg/minikube/cluster free of references to kubernetes packages
Several error messages don't print out newline characters at the end,
for example:
```
$ minikube addons open dashboard
This addon does not have an endpoint defined for the 'addons open' command
You can add one by annotating a service with the label kubernetes.io/minikube-addons-endpoint:dashboard$
```
This adds a new libmachine API implementation that skips RPC and instead
uses a vendored in driver directly. This removes the need to download a
separate driver binary. Currently, only the "core" drivers, and kvm are
supported as vendored in. This means that xhyve is the only driver that
requires a separate binary for now.
We use docker/go-units for human readable disk sizes on the --disk-size
flag. However, sometime a user use wrong syntax and specify a disk
size that they didn't mean. Fixes#976
Thomas Stromberg
Yugo Horie
Anders F Björklund
Denis Denisov
Skip Baney
Niels de Vos
Narendra Kangralkar
Martynas Pumputis
Amim Knabben
Balint Pato
Chris Eason
priyawadhwa
ivans3
Hidekazu Nakamura
Joey
dlorenc
Bartel Sielski
Arijit Basu
Jason Stangroome
Sebastien Collin
Asbjørn Apeland
dlorenc
Aaron Prindle
Dusty Rip
kairen
Rohit Agarwal
Peter Trotman
seborama
Mark Gibbons
Li Yi
AdamDang
Yongkun Anfernee Gui
David Muckle
Steve Sloka
Chen Li
Remi FUSSIEN
Matt Rickard
adolphlwq
sheng zhang
Colin Hoglund
Zvi Cahana
kairen
basp
Suraj Deshmukh
Mohit Gupta
Matt Rickard
Patrik Erdes
ulyssessouza
Quentin Nerden
Mahdi Mohammadi
Jiahao Chen
Vincent Batts
Sandeep Rajan
Charlie Drage
Kent Rancourt
Ben Corlett
Aaron Schlesinger
hanks
Sunny
Andy Clayton
Steve Sloka
Stephan van Ellewee
Alessandro Pilotti
Travis Cline
Matthew Fisher
Budh Ram Gurung
Shane Ramey
Abby Tisdale
Roland Schilter
Teddy Schmitz
Dale Hamel
Wiiliam Chang
Everett Toews
Max Lavrenov
Dongsu Park
fate-grand-order
Paulo Bittencourt