Break up the monolithic volumes code in kubelet into very small individual
modules with a well-defined interface. Move them all into their own packages
and beef up testing along the way.
Added a kubelet config source for watching pods on apiserver.
The pods are converted to boundpods for merging with other
config sources.
The preferred way to create a kubelet is now to pass an apiserver
client but not an etcd client. Changed cmd/integration to use
apiserver to talk to kubelets. And cmd/kubernetes.
Unit, integration, and e2e tests pass, except for a failure of the pd
e2e test which was unrelated.
Fixes issue #3202.
* Validates SyncFrequency and minimum GC age and propagates error to RunKubelet
* Defaults for Kubelet config and minor cleanup
* cmd Kubelet MinimumGCAge to 1m instead of 0
This adds --cluster_dns and --cluster_domain flags to kubelet. If
non-empty, kubelet will set docker --dns and --dns-search flags based on
these. It uses the cluster DNS and appends the hosts's DNS servers.
Likewise for DNS search domains.
This also adds API support to bypass cluster DNS entirely, needed to
bootstrap DNS.
This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library.
The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials.
With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential.
This change provides common implementations of DockerConfigProvider for:
- "Default": load .dockercfg from disk
- "Caching": wraps another provider in a cache that expires after a pre-specified lifetime.
GCP-only:
- "google-dockercfg": reads a .dockercfg from a GCE instance's metadata
- "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata.
- "google-container-registry": reads an access token from GCE metadata into a password field.
Public access to the DockerHub is not guaranteed in all environments,
add a flag to the kubelet that allows it to use a different image (like
one on a private registry) as well as only pull the first time the
image is needed.
Fixes#1545
This avoids some conflict with the built-in `flag` module in Go. The
module was already being renamed to `verflag` on import anyways, so we
might as well just call it that.
Tested:
- hack/build-go.sh and ran the resulting binaries with -version args.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
The sync frequency should be part of the syncLoop and resync no
less often than every X seconds. The current implementation runs
even if a config update was delivered less than X seconds ago.
Tim Hockin