Errors being fixed or ignored:
```
Errors from staticcheck:
cmd/kops/create_cluster.go:740:37: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:736:7: this check suggests that the pointer can be nil
cmd/kops/create_cluster.go:828:30: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:825:7: this check suggests that the pointer can be nil
dns-controller/pkg/dns/dnscontroller.go:585:5: this value of existing is never used (SA4006)
nodeup/pkg/model/kubelet_test.go:67:23: possible nil pointer dereference (SA5011)
nodeup/pkg/model/kubelet_test.go:63:5: this check suggests that the pointer can be nil
pkg/apis/kops/validation/legacy.go:138:97: unnecessary use of fmt.Sprintf (S1039)
pkg/apis/kops/validation/legacy.go:150:112: unnecessary use of fmt.Sprintf (S1039)
upup/pkg/fi/nodeup/nodetasks/update_packages.go:48:9: unnecessary use of fmt.Sprintf (S1039)
cmd/kops-controller/controllers/node_controller.go:89:1: comment on exported method Reconcile should be of the form "Reconcile ..." (ST1020)
dnsprovider/pkg/dnsprovider/dns.go:102:1: comment on exported function ResourceRecordSetsEquivalent should be of the form "ResourceRecordSetsEquivalent ..." (ST1020)
dnsprovider/pkg/dnsprovider/plugins.go:65:1: comment on exported function RegisteredDnsProviders should be of the form "RegisteredDnsProviders ..." (ST1020)
dnsprovider/pkg/dnsprovider/providers/aws/route53/stubs/route53api.go:30:1: comment on exported type Route53API should be of the form "Route53API ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/providers/google/clouddns/internal/stubs/clouddns.go:26:2: comment on exported type Project should be of the form "Project ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/tests/commontests.go:28:1: comment on exported function CommonTestResourceRecordSetsReplace should be of the form "CommonTestResourceRecordSetsReplace ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:52:1: comment on exported function CommonTestResourceRecordSetsReplaceAll should be of the form "CommonTestResourceRecordSetsReplaceAll ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:78:1: comment on exported function CommonTestResourceRecordSetsDifferentTypes should be of the form "CommonTestResourceRecordSetsDifferentTypes ..." (ST1020)
pkg/apis/kops/instancegroup.go:318:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/instancegroup.go:23:1: comment on exported type InstanceGroup should be of the form "InstanceGroup ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/networking.go:449:1: comment on exported type LyftVPCNetworkingSpec should be of the form "LyftVPCNetworkingSpec ..." (with optional leading article) (ST1021)
pkg/dns/gossip.go:21:1: comment on exported function IsGossipHostname should be of the form "IsGossipHostname ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:47:1: comment on exported function NewKubeconfigBuilder should be of the form "NewKubeconfigBuilder ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:82:1: comment on exported method BuildRestConfig should be of the form "BuildRestConfig ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:102:1: comment on exported method WriteKubecfg should be of the form "WriteKubecfg ..." (ST1020)
pkg/model/alimodel/context.go:52:1: comment on exported method LinkToNatGateway should be of the form "LinkToNatGateway ..." (ST1020)
pkg/model/domodel/context.go:21:1: comment on exported type DOModelContext should be of the form "DOModelContext ..." (with optional leading article) (ST1021)
pkg/model/gcemodel/autoscalinggroup.go:38:1: comment on exported type AutoscalingGroupModelBuilder should be of the form "AutoscalingGroupModelBuilder ..." (with optional leading article) (ST1021)
pkg/nodeidentity/do/identify.go:51:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/aws/aws.go:1560:1: comment on exported function ListELBV2s should be of the form "ListELBV2s ..." (ST1020)
pkg/resources/digitalocean/cloud.go:47:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/spotinst/spotinst.go:84:1: comment on exported function NewInstanceGroup should be of the form "NewInstanceGroup ..." (ST1020)
protokube/pkg/gossip/dns/dns.go:29:1: comment on exported const DefaultZoneName should be of the form "DefaultZoneName ..." (ST1022)
protokube/pkg/gossip/mesh/mesh.pb.go:421:4: this value of iNdEx is never used (SA4006)
protokube/pkg/protokube/openstack_volume.go:53:1: comment on exported type OpenstackVolumes should be of the form "OpenstackVolumes ..." (with optional leading article) (ST1021)
upup/pkg/fi/assetstore.go:132:1: comment on exported method AddForTest should be of the form "AddForTest ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/disk.go:128:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/eip_natgateway_association.go:34:1: comment on exported type EIP should be of the form "EIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancer.go:169:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:33:1: comment on exported type LoadBalancerListener should be of the form "LoadBalancerListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:106:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/natgateway.go:30:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/securitygroup.go:32:1: comment on exported const SecurityResource should be of the form "SecurityResource ..." (ST1022)
upup/pkg/fi/cloudup/alitasks/sshkey.go:33:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vpc.go:30:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitch.go:31:1: comment on exported type VSwitch should be of the form "VSwitch ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitchSNAT.go:31:1: comment on exported type VSwitchSNAT should be of the form "VSwitchSNAT ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/aliup/ali_cloud.go:50:1: comment on exported var KubernetesKopsIdentity should be of the form "KubernetesKopsIdentity ..." (ST1022)
upup/pkg/fi/cloudup/awstasks/dhcp_options.go:33:1: comment on exported type DHCPOptions should be of the form "DHCPOptions ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/dnsname.go:33:1: comment on exported type DNSName should be of the form "DNSName ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/ebsvolume.go:32:1: comment on exported type EBSVolume should be of the form "EBSVolume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_load_balancer_attachment.go:31:1: comment on exported type ExternalLoadBalancerAttachment should be of the form "ExternalLoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_target_group_attachment.go:32:1: comment on exported type ExternalTargetGroupAttachment should be of the form "ExternalTargetGroupAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go:34:1: comment on exported type IAMInstanceProfile should be of the form "IAMInstanceProfile ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofilerole.go:32:1: comment on exported type IAMInstanceProfileRole should be of the form "IAMInstanceProfileRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamoidcprovider.go:32:1: comment on exported type IAMOIDCProvider should be of the form "IAMOIDCProvider ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrole.go:38:1: comment on exported type IAMRole should be of the form "IAMRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrolepolicy.go:37:1: comment on exported type IAMRolePolicy should be of the form "IAMRolePolicy ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/internetgateway.go:30:1: comment on exported type InternetGateway should be of the form "InternetGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go:150:1: comment on exported method CloudformationVersion should be of the form "CloudformationVersion ..." (ST1020)
upup/pkg/fi/cloudup/awstasks/load_balancer.go:39:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/load_balancer_attachment.go:32:1: comment on exported type LoadBalancerAttachment should be of the form "LoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/natgateway.go:32:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/route.go:31:1: comment on exported type Route should be of the form "Route ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetable.go:31:1: comment on exported type RouteTable should be of the form "RouteTable ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetableassociation.go:31:1: comment on exported type RouteTableAssociation should be of the form "RouteTableAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygroup.go:33:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygrouprule.go:34:1: comment on exported type SecurityGroupRule should be of the form "SecurityGroupRule ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/sshkey.go:34:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/subnet.go:32:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc.go:33:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc_dhcpoptions_association.go:30:1: comment on exported type VPCDHCPOptionsAssociation should be of the form "VPCDHCPOptionsAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpccidrblock.go:29:1: comment on exported type VPCCIDRBlock should be of the form "VPCCIDRBlock ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awsup/aws_cloud.go:58:1: comment on exported const ClientMaxRetries should be of the form "ClientMaxRetries ..." (ST1022)
upup/pkg/fi/cloudup/awsup/status.go:44:1: comment on exported method FindClusterStatus should be of the form "FindClusterStatus ..." (ST1020)
upup/pkg/fi/cloudup/dotasks/droplet.go:32:1: comment on exported type Droplet should be of the form "Droplet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/loadbalancer.go:35:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/volume.go:32:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/address.go:29:1: comment on exported type Address should be of the form "Address ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instance.go:33:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancegroupmanager.go:29:1: comment on exported type InstanceGroupManager should be of the form "InstanceGroupManager ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancetemplate.go:35:1: comment on exported const InstanceTemplateNamePrefixMaxLength should be of the form "InstanceTemplateNamePrefixMaxLength ..." (ST1022)
upup/pkg/fi/cloudup/gcetasks/network.go:30:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/subnet.go:30:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/floatingip.go:32:1: comment on exported type FloatingIP should be of the form "FloatingIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/instance.go:32:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lb.go:34:1: comment on exported type LB should be of the form "LB ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lblistener.go:30:1: comment on exported type LBListener should be of the form "LBListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lbpool.go:28:1: comment on exported type LBPool should be of the form "LBPool ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/network.go:28:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/poolassociation.go:30:1: comment on exported type PoolAssociation should be of the form "PoolAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/port.go:29:1: comment on exported type Port should be of the form "Port ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/router.go:28:1: comment on exported type Router should be of the form "Router ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/routerinterface.go:29:1: comment on exported type RouterInterface should be of the form "RouterInterface ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/securitygroup.go:31:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/servergroup.go:30:1: comment on exported type ServerGroup should be of the form "ServerGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/sshkey.go:31:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/subnet.go:29:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/volume.go:28:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go:42:1: comment on exported type Elastigroup should be of the form "Elastigroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go:37:1: comment on exported type LaunchSpec should be of the form "LaunchSpec ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/ocean.go:39:1: comment on exported type Ocean should be of the form "Ocean ..." (with optional leading article) (ST1021)
upup/pkg/fi/context.go:249:1: comment on exported function NewExistsAndWarnIfChangesError should be of the form "NewExistsAndWarnIfChangesError ..." (ST1020)
upup/pkg/fi/context.go:256:1: comment on exported method Error should be of the form "Error ..." (ST1020)
upup/pkg/fi/fitasks/keypair.go:31:1: comment on exported type Keypair should be of the form "Keypair ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/keypair.go:55:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/fitasks/managedfile.go:29:1: comment on exported type ManagedFile should be of the form "ManagedFile ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorkeystore.go:25:1: comment on exported type MirrorKeystore should be of the form "MirrorKeystore ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorsecrets.go:26:1: comment on exported type MirrorSecrets should be of the form "MirrorSecrets ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:25:1: comment on exported type Secret should be of the form "Secret ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:33:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/resources.go:248:1: comment on exported method AsBytes should be of the form "AsBytes ..." (ST1020)
upup/pkg/kutil/import_cluster.go:680:1: comment on exported function GetInstanceUserData should be of the form "GetInstanceUserData ..." (ST1020)
```
This requires passing a cloud object in additional places throughout the validation package and originating mostly from cmd/kops
This means that some kops commands now require valid cloud provider credentials, but I don't think this is an issue because the vast majority of use-cases already require the same cloud provider credentials in order to interact with the state store.
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
The rpm containerd 1.2.10 package depends on container-selinux, which
isn't available on amazonlinux2. We can't just skip it, because we
can't install the package without its dependencies.
Instead, install from a binary package (tar.gz).
We do the same for dockker 18.09.9 and 19.03.4, as these would
otherwise depend on containerd 1.2.10.
Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
This will automatically label PRs that touch these directories.
This makes it easier to query GitHub for PRs that affect certain areas of the code.
I mostly used existing labels but created some new ones as well.
0xCAFE4A11 is bigger than the max of int32, so doing int32(uint32(0xCAFE4A11))
(will not compile directly unless done over two lines) will result in 0x-3501b5ef.
For linux/amd64 "fsdata.Type" is an int64, while on darwin/amd64 it is
an uint32. This code is however not supposed to be compiled for darwin,
since it is linux spesific.
Due to some strange errors[0] in the types in "unix.Statfs_t" for 32 bits
systems on linux, we have to explicitly convert to uint to support those (eg.
armv7). If we only need support for 64 bit systems, we can remove the
uint conversion.
[0]: For 32bits systems "fsdata.Type" should be uint32 instead of the
current int32, as it is in the linux kernel. This is due to the types in
glibc that the go types are generated from. For 64 bit systems the type
is correctly set to int64.
* Force cilium-operator run on master nodes
* Add option for setting cilium ipam mode
* If cilium ipam mode is eni, add additional permissions to master nodes
* Allow NonMasqueradeCIDR overlap with NetworkCIDR when Cilium ENI is enabled
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today. See
discussion in #8454
We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.
We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
Ciprian Hacman