kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
This is one step towards removing the requirement that kops lives in the GOPATH.
* Consolidate the redundant KOPS_ROOT and MAKEDIR variables
* Remove dependency of GOPATH_1ST variable except for `GOPATH_1ST/bin`
* Remove broken check-builds-in-go111 target
* Remove unused KOPS_SERVER_TAG
The tagging of both formats was cherry-picked back to 1.15 and will be used in 1.16.0 stable.
I think having all 1.16.X and 1.17.X releases tagged with both formats is long enough, so I'm removing the non-prefixed tag for 1.18.0
Go modules require the v prefix [0], and k/k also tags with the v prefix [1]
We have some inconsistent tags already, for 1.11.0 we have tags of both `1.11.0` and `v1.11.0` which is the most recent tag with the prefix.
This is also why 1.11.0 is the default version imported by `go get`:
```
go get -v k8s.io/kops
go: downloading k8s.io/kops v1.11.0
```
and the latest version in `go list`:
```
go list -m -versions k8s.io/kops
k8s.io/kops v1.4.0-alpha.1 v1.4.0 v1.4.1 v1.4.2 v1.4.3 v1.4.4 v1.10.0 v1.11.0
```
I'm proposing we switch to only tagging with the v prefix. I'm only updating the actual git tag and not the entire version string used throughout kops due to its larger impact:
* Output by `kops version`
* Public URLs for kops assets
* Protokube tag
I'm hoping this is the least invasive way we can make this change.
If we think advanced notice is required, we could tag with both formats for a number of releases before tagging only with the v prefix.
[0] https://github.com/golang/go/wiki/Modules#modules
[1] https://github.com/kubernetes/kubernetes/releases/tag/v1.17.0
We were previously building it in development using bazel, but then
using go build for the release. That is risky, better to just use
bazel everywhere.
The new job was missing the generated files from go-bindata.
I noticed some of the prow jobs use make and others call hack/ scripts directly.
I think it'd be better to use make so we can more easily add dependencies like this, therefor I'd like to propose that we merge this, update the jobs to call make targets, then remove the make command I added to hack/verify-staticcheck.sh
By fixing the existing job as well as the make target, we can unblock other PRs and not get another swarm of failure notifications when the job gets updated to use make.
Justin SB
Kubernetes Prow Robot
Peter Rifel
Rodrigo Menezes
John Gardiner Myers
Ciprian Hacman
mikesplain
Gabriel Tiossi