Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases #1015
Conversation
k8s-ci-robot
added
cncf-cla: yes
| if _, err := os.Stat(filePath); os.IsNotExist(err) { | ||
| if defaultValue == nil { | ||
| return nil, fmt.Errorf("%s must exist. Please confirm that you have not deleted the file manually", filePath) | ||
| } |
There was a problem hiding this comment.
It seems like the contents of #1014 got mixed in here as well.
There was a problem hiding this comment.
Thanks for pointing that out!
Sorry but I had no time to resolving possible conflicts and testing them in isolations.
Marking this to depend on #1014 anyway.
| resources: ["tokenreviews"] | ||
| omitStages: | ||
| - "RequestReceived" | ||
| # Get repsonses can be large; skip them. |
| # Get repsonses can be large; skip them. | ||
| - level: Request | ||
| verbs: ["get", "list", "watch"] | ||
| resources: ${known_apis} |
There was a problem hiding this comment.
We are not substituting the known_apis variable, like it's done here.
There was a problem hiding this comment.
Thanks! Manually substituted them anyway 😄
|
|
||
| auditlogs() { | ||
| if [ "$AUDIT_LOG_PATH" == "/dev/stdout" ]; then | ||
| docker logs --since 11s ${DOCKERIMAGE} |& cat |
There was a problem hiding this comment.
Is there a reason behind this magic number here (11s)?
There was a problem hiding this comment.
queryserver is called every 10+ seconds below. I wanted to gather logs for periods slightly longer than that not to drop any lines(hopefully)
Codecov Report
@@ Coverage Diff @@
## master #1015 +/- ##
==========================================
- Coverage 34.88% 34.86% -0.03%
==========================================
Files 59 59
Lines 4133 4156 +23
==========================================
+ Hits 1442 1449 +7
- Misses 2532 2545 +13
- Partials 159 162 +3
Continue to review full report at Codecov.
|
… fail in certain cases - check-worker-connection was failing when audit logging is disabled - In addition to that, it was failing since K8S v1.8 due to the change in K8S that no audits are logged when missing an audit policy file Follow-up for kubernetes-retired#991 and kubernetes-retired#996 Fix for kubernetes-retired#991 (comment)
mumoshu
force-pushed
the
fix-worker-conn-check
branch
from
e17e73c
to
3e0aceb
Compare
|
I've manually verified this to work by updating my cluster few times:
|
|
/lgtm |
|
@danielfm Thanks for reviewing! |
…nn-check Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases
Follow-up for #991 and #996
Fix for #991 (comment)
Depends on #1014