Without this patch the timeout is 5m and the interval is 10m --
hard-coded with no mechanism to change, even though the config struct
already had a timeout option (which was completely unused)
klog can now support logging both to a file and to streams, so we get the output both in docker & logfiles.
A few gotchas:
* The output previously was all on stdout, now it on stderr. That is more correct
* If something writes to stdout or stderr outside of klog, it will no longer end up in the logfile.
* There's some oddities still to be ironed out about the flag syntax https://github.com/kubernetes/klog/issues/60
For the master pods (apiserver, controller manager, scheduler) this is
unlikely to ever matter (the masters aren't expected to run out of
resources and need to evict things) but evictions of kube-proxy from worker
nodes are easy to trigger in clusters with PodPriority enabled. Since these
are static pods the configuration is also somewhat difficult to change.
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog. That
will happen when we update to k8s 1.13.
In 1.12 (kops & kubenetes):
* We default etcd-manager on
* We default to etcd3
* We default to full TLS for etcd (client and peer)
* We stop allowing external access to etcd
Otherwise we end up with a circular dependency where we don't run the
node-authorizer until /var/lib/kubelet has been bind-mounted, but it
can't be bind-mounted until it exists.
This bind-mounting happens on Google's ContainerOS, which is why it
isn't always seen.
Starting from Docker 18.09.0, the Docker distribution has been split in
3 packages: the Docker daemon, the Docker CLI, and for containerd. This
adds a twist to how to upgrade Docker from the base image as the daemon
and CLI packages must be installed at the same time, otherwise dpkg/rpm
will refuse to upgrade (the new CLI is incompatible with the old package
and the daemon can't be installed without first installing the CLI and
the new containerd, so the upgrade MUST happen in a single transaction).
This code change thus adds the possibility to specify additional packages
to install in the same dpkg/yum transaction, such as the Docker CLI and
containerd in nodeup, and the ability to apply the multi-package upgrade
atomically with dpkg/rpm.
We also use this new mechanism for the SELinux policy on RHEL/CentOS.
Justin SB
Kubernetes Prow Robot
Thomas Jackson
Kashif Saadat
Srikanth
Austin Moore
liranp
Salvatore Mazzarino
Jesse Haka
Michael Frister
Arto Jantunen
xichengliudui
Ryan Bonham
Derek Lemon (delemon)
LilyFaFa
Alex Williams
Benoit Sigoure
Steven McDonald