Hold the pullLock while pulling regular container images, not just the
network container.
Also: previously, the locks were grabbed at too-low a layer in the
callstack, leaving a (narrow) window where images could be pulled and
then garbage collected before being used.
This change takes the existing pullLock a layer higher in the call stack
so the critical regions encompass the entire find+delete and pull+use
operation in both cases.
RESTClient is an abstraction for simplifying access to resources that
follow the Kubernetes API pattern. Currently, both Namespace and Path
are coupled, which means changes across versions is complex. In general,
most access to resources should be to a resource collection (e.g.
"services") with a name (e.g. "foo"). Other constructs, like prefix sections
("watch") or proposed suffix sections ("/pods/foo/spec") only modify this
core pattern.
This commit removes the Path() helper from Request and introduces:
* Prefix(segments ...string) - segments that should go to the beginning of the path.
* Suffix(segments ...string) - segments that should go to the end of the path.
* Resource(string) - collection name, should be after prefix
* Namespace(string) - if specified, should be set after resource but before name
* Name(string) - if specified, should be after namespace
Now, only Prefix and Suffix are order dependent (and with variadics, should be
simpler). Resource, Namespace, and Name may be specified in any order.
Path() has been removed to prevent downstream consumers of RESTClient from experiencing
behavior change.
After this DNS is resolvable from the host, if the DNS server is targetted
explicitly. This does NOT add the cluster DNS to the host's resolv.conf. That
is a larger problem, with distro-specific tie-ins and circular deps.
Rather than have to keep SkyDNS up to date with Kubernetes, use a
buddy-container "kube2sky" to watch kubernetes and sync Service records
into etcd for SkyDNS ot find. This also adds namespace support.
This adds --cluster_dns and --cluster_domain flags to kubelet. If
non-empty, kubelet will set docker --dns and --dns-search flags based on
these. It uses the cluster DNS and appends the hosts's DNS servers.
Likewise for DNS search domains.
This also adds API support to bypass cluster DNS entirely, needed to
bootstrap DNS.
Daniel Smith