-
Notifications
You must be signed in to change notification settings - Fork 295
Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases #1015
Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases #1015
Conversation
if _, err := os.Stat(filePath); os.IsNotExist(err) { | ||
if defaultValue == nil { | ||
return nil, fmt.Errorf("%s must exist. Please confirm that you have not deleted the file manually", filePath) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems like the contents of #1014 got mixed in here as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing that out!
Sorry but I had no time to resolving possible conflicts and testing them in isolations.
Marking this to depend on #1014 anyway.
resources: ["tokenreviews"] | ||
omitStages: | ||
- "RequestReceived" | ||
# Get repsonses can be large; skip them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo in repsonses
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch! Fixed.
# Get repsonses can be large; skip them. | ||
- level: Request | ||
verbs: ["get", "list", "watch"] | ||
resources: ${known_apis} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are not substituting the known_apis
variable, like it's done here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Manually substituted them anyway 😄
|
||
auditlogs() { | ||
if [ "$AUDIT_LOG_PATH" == "/dev/stdout" ]; then | ||
docker logs --since 11s ${DOCKERIMAGE} |& cat |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason behind this magic number here (11s
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
queryserver
is called every 10+ seconds below. I wanted to gather logs for periods slightly longer than that not to drop any lines(hopefully)
Codecov Report
@@ Coverage Diff @@
## master #1015 +/- ##
==========================================
- Coverage 34.88% 34.86% -0.03%
==========================================
Files 59 59
Lines 4133 4156 +23
==========================================
+ Hits 1442 1449 +7
- Misses 2532 2545 +13
- Partials 159 162 +3
Continue to review full report at Codecov.
|
… fail in certain cases - check-worker-connection was failing when audit logging is disabled - In addition to that, it was failing since K8S v1.8 due to the change in K8S that no audits are logged when missing an audit policy file Follow-up for kubernetes-retired#991 and kubernetes-retired#996 Fix for kubernetes-retired#991 (comment)
e17e73c
to
3e0aceb
Compare
I've manually verified this to work by updating my cluster few times:
|
/lgtm |
@danielfm Thanks for reviewing! |
…nn-check Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases
Follow-up for #991 and #996
Fix for #991 (comment)
Depends on #1014