Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry pick of #9069 onto release-1.17 #9092

Merged
merged 1 commit into from
May 8, 2020
Merged

Cherry pick of #9069 onto release-1.17 #9092

merged 1 commit into from
May 8, 2020

Conversation

justinsb
Copy link
Member

@justinsb justinsb commented May 8, 2020

Cherry pick of #9069

@k8s-ci-robot k8s-ci-robot added this to the v1.17 milestone May 8, 2020
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 8, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 8, 2020
@johngmyers
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 8, 2020
@johngmyers
Copy link
Member

hack/verify-packages.sh is failing

@justinsb @johngmyers
kube-apiserver: healthcheck via sidecar container
3f19ca6 
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
@justinsb justinsb force-pushed the cherrypick_9069_release-1.17 branch from 0710605 to 3f19ca6 Compare May 8, 2020 04:47
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 8, 2020
@justinsb
Copy link
Member Author

justinsb commented May 8, 2020

Thanks for the heads up! Hopefully it'll pass this time. It wasn't a totally clean cherry-pick, e.g. I had to add wellknownusers.

@johngmyers
Copy link
Member

Yes, I noticed that during review.
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 8, 2020
@hakman
Copy link
Member

hakman commented May 8, 2020

Any ideas if this change could have affected the containerd periodic e2e?
https://testgrid.k8s.io/sig-cluster-lifecycle-kops#kops-aws-containerd

@k8s-ci-robot k8s-ci-robot merged commit ccb700b into kubernetes:release-1.17 May 8, 2020
@johngmyers
Copy link
Member

johngmyers commented May 8, 2020
edited
Loading

I'm seeing that the failed e2e test is having a problem pulling the new sidecar container. Perhaps the e2e test config or somesuch needs to be tweaked to use the locally built container?

I'm also seeing kops-controller isn't starting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrislovecnm chrislovecnm Awaiting requested review from chrislovecnm

@robinpercy robinpercy Awaiting requested review from robinpercy

Assignees

@johngmyers johngmyers

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.17
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@justinsb @k8s-ci-robot @johngmyers @hakman