this prevents spurious changes from being made based on the shell's env vars.
Also adding a parameter to override the package being updated, so that we dont need to test the full repo
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
hack/update-expected.sh should ignore KOPSCONTROLLER_IMAGE when
regenerating the golden test outputs, just as it ignores the local
DNSCONTROLLER_IMAGE override.
There are a few env vars which are frequently set in development, but
should not be reflected in the tests. Clear them before generated the
expected output.
Ciprian Hacman
justinsb
Leïla MARABESE
Peter Rifel
tanjunchen