Fixed flakiness of firewall cases of e2e reboot test: blocking packages on firewall was also blocking localhost and was causing kubelet to be restarted by monit.
This may help Salt reload services correctly, although we still
need the script until Salt's bug with reloading services on systemd
is resolved.
Salt bug: https://github.com/saltstack/salt/issues/16778
This is a partial reversion of #9728, and should fix#10612.
9728 used the AWS instance id as the node name. But proxy, logs
and exec all used the node name as the host name for contacting the minion.
It is possible to resolve a host to the IP, and this fixes logs. But
exec and proxy also require an SSL certificate match on the hostname,
and this is harder to fix.
So the sensible fix seems to be a minimal reversion of the changes in #9728,
and we can revisit this post 1.0.
GCE does this in its per-provider scripts; this does the same for AWS and lets
other providers do the same; I believe kube2sky requires 10.0.0.1 as a SAN.
This commit does 4 things:
* Adds a script which will: (a) clone from a git tag, make release,
and give you very detailed instructions as to what to do from that
point.
* Changes `push-official-release.sh` so we can't push "dirty"
releases anymore (which `build-official-release.sh` also double
checks at the end.)
* Fixes#9576 by ensuring a correct umask.
* Changes common.sh to gtar all the way through, to ensure that
bloody OS X tar never touches the release process, because I don't
want to have to understand two tar programs and how release
artifacts are created from both (c.f. #10615.)
The namespace test is currently taking about 18 minutes because it
creates and deletes namespaces sequentially, and for various reasons it
takes at least 10 seconds for each namespace.
By parallelizing the creation and deletion of namespaces, this test now
takes about 2-3 minutes.
ImagePullKeys -> ImagePullSecret
Explain that overwriting the /root/.dockercfg not recommended for GKE.
Give detailed and tested steps for distributing a .dockercfg.
Report an error if someone asks for --all-namespaces
when getting a thing that is not namespaced.
This is in preparation for a subsequent commit which prints namespace
as its own column.
Restructured test to expect an error for non-namespaced things.
Dropped the part where it was trying to test that not printing
namespace didn't contain namespace. Some other test can cover that.
The test verifies that kubelet deletes the pods/containers within a reasonable
time. It queries the kubelet /runningpods endpoint to retrieve a list of
running pods directly. The outline of the test is:
- Create an RC
- Wait until all pods are running (based on the pod status)
- Verify pods are running by querying the /runningpods
- Delete the RC
- Check all pods are deleted by querying /runningpods
hyeongkyu.lee