From 348e76ba03ca390b4d6ae378a1d49592d8747582 Mon Sep 17 00:00:00 2001 From: Andy Zhang Date: Wed, 19 Dec 2018 01:47:59 +0800 Subject: [PATCH 1/8] use a fixed version for flex addons (#153) --- pkg/api/addons.go | 4 ++-- pkg/api/defaults_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/api/addons.go b/pkg/api/addons.go index 92ff2db900d..3ea4762da3b 100644 --- a/pkg/api/addons.go +++ b/pkg/api/addons.go @@ -99,7 +99,7 @@ func (cs *ContainerService) setAddonsConfig(isUpdate bool) { MemoryRequests: "10Mi", CPULimits: "50m", MemoryLimits: "10Mi", - Image: "mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume", + Image: "mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume:1.0.7", }, }, } @@ -114,7 +114,7 @@ func (cs *ContainerService) setAddonsConfig(isUpdate bool) { MemoryRequests: "10Mi", CPULimits: "50m", MemoryLimits: "10Mi", - Image: "mcr.microsoft.com/k8s/flexvolume/smb-flexvolume", + Image: "mcr.microsoft.com/k8s/flexvolume/smb-flexvolume:1.0.2", }, }, } diff --git a/pkg/api/defaults_test.go b/pkg/api/defaults_test.go index 3051eda10a2..85105520cbb 100644 --- a/pkg/api/defaults_test.go +++ b/pkg/api/defaults_test.go @@ -189,8 +189,8 @@ func TestAssignDefaultAddonImages(t *testing.T) { DefaultTillerAddonName: "gcr.io/kubernetes-helm/tiller:v2.11.0", DefaultACIConnectorAddonName: "microsoft/virtual-kubelet:latest", DefaultClusterAutoscalerAddonName: "k8s.gcr.io/cluster-autoscaler:v1.2.2", - DefaultBlobfuseFlexVolumeAddonName: "mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume", - DefaultSMBFlexVolumeAddonName: "mcr.microsoft.com/k8s/flexvolume/smb-flexvolume", + DefaultBlobfuseFlexVolumeAddonName: "mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume:1.0.7", + DefaultSMBFlexVolumeAddonName: "mcr.microsoft.com/k8s/flexvolume/smb-flexvolume:1.0.2", DefaultKeyVaultFlexVolumeAddonName: "mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v0.0.5", DefaultDashboardAddonName: "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0", DefaultReschedulerAddonName: "k8s.gcr.io/rescheduler:v0.3.1", From 4ace5af640c93b661ab0d09a3950725a03a8fbb8 Mon Sep 17 00:00:00 2001 From: Jun Sun <33297523+JunSun17@users.noreply.github.com> Date: Tue, 18 Dec 2018 10:48:31 -0800 Subject: [PATCH 2/8] Add toggle for switching ip-masq-agent logic for AKS. (#129) * Add toggle for switching ip-masq-agent logic for AKS. * Add unit tests. --- parts/k8s/kubernetesagentcustomdata.yml | 2 +- pkg/api/defaults-kubelet.go | 4 +-- pkg/api/defaults-kubelet_test.go | 40 +++++++++++++++++++++++++ pkg/api/types.go | 7 +++++ pkg/engine/template_generator.go | 3 ++ 5 files changed, 53 insertions(+), 3 deletions(-) diff --git a/parts/k8s/kubernetesagentcustomdata.yml b/parts/k8s/kubernetesagentcustomdata.yml index 209ebc7a049..59ec1ae89b6 100644 --- a/parts/k8s/kubernetesagentcustomdata.yml +++ b/parts/k8s/kubernetesagentcustomdata.yml @@ -224,7 +224,7 @@ AGENT_ARTIFACTS_CONFIG_PLACEHOLDER {{if not EnablePodSecurityPolicy}} sed -i "s|apparmor_parser|d|g" "/etc/systemd/system/kubelet.service" {{end}} -{{if IsHostedMaster}} +{{if IsHostedMasterIPMasqAgentDisabled}} {{if IsAzureCNI}} iptables -t nat -A POSTROUTING -m iprange ! --dst-range 168.63.129.16 -m addrtype ! --dst-type local ! -d {{WrapAsParameter "vnetCidr"}} -j MASQUERADE {{end}} diff --git a/pkg/api/defaults-kubelet.go b/pkg/api/defaults-kubelet.go index 9f013319f2a..0db75a73846 100644 --- a/pkg/api/defaults-kubelet.go +++ b/pkg/api/defaults-kubelet.go @@ -67,8 +67,8 @@ func (cs *ContainerService) setKubeletConfig() { "--image-pull-progress-deadline": "30m", } - // AKS overrides - if cs.Properties.IsHostedMasterProfile() { + // Set --non-masquerade-cidr if ip-masq-agent is disabled on AKS + if cs.Properties.IsHostedMasterIPMasqAgentDisabled() { defaultKubeletConfig["--non-masquerade-cidr"] = cs.Properties.OrchestratorProfile.KubernetesConfig.ClusterSubnet } diff --git a/pkg/api/defaults-kubelet_test.go b/pkg/api/defaults-kubelet_test.go index c257401e98d..f6b64c56e33 100644 --- a/pkg/api/defaults-kubelet_test.go +++ b/pkg/api/defaults-kubelet_test.go @@ -211,3 +211,43 @@ func TestKubeletCalico(t *testing.T) { NetworkPolicyCalico, k["--network-plugin"]) } } + +func TestKubeletHostedMasterIPMasqAgentDisabled(t *testing.T) { + subnet := "172.16.0.0/16" + defaultSubnet := "0.0.0.0" + // MasterIPMasqAgent disabled, --non-masquerade-cidr should be subnet + cs := CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) + cs.Properties.HostedMasterProfile = &HostedMasterProfile{ + IPMasqAgent: false, + } + cs.Properties.OrchestratorProfile.KubernetesConfig.ClusterSubnet = subnet + cs.setKubeletConfig() + k := cs.Properties.OrchestratorProfile.KubernetesConfig.KubeletConfig + if k["--non-masquerade-cidr"] != subnet { + t.Fatalf("got unexpected '--non-masquerade-cidr' kubelet config value %s, the expected value is %s", + k["--non-masquerade-cidr"], subnet) + } + + // MasterIPMasqAgent enabled, --non-masquerade-cidr should be 0.0.0.0 + cs = CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) + cs.Properties.HostedMasterProfile = &HostedMasterProfile{ + IPMasqAgent: true, + } + cs.Properties.OrchestratorProfile.KubernetesConfig.ClusterSubnet = subnet + cs.setKubeletConfig() + k = cs.Properties.OrchestratorProfile.KubernetesConfig.KubeletConfig + if k["--non-masquerade-cidr"] != defaultSubnet { + t.Fatalf("got unexpected '--non-masquerade-cidr' kubelet config value %s, the expected value is %s", + k["--non-masquerade-cidr"], defaultSubnet) + } + + // no HostedMasterProfile, --non-masquerade-cidr should be 0.0.0.0 + cs = CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) + cs.Properties.OrchestratorProfile.KubernetesConfig.ClusterSubnet = subnet + cs.setKubeletConfig() + k = cs.Properties.OrchestratorProfile.KubernetesConfig.KubeletConfig + if k["--non-masquerade-cidr"] != defaultSubnet { + t.Fatalf("got unexpected '--non-masquerade-cidr' kubelet config value %s, the expected value is %s", + k["--non-masquerade-cidr"], defaultSubnet) + } +} diff --git a/pkg/api/types.go b/pkg/api/types.go index b997daab825..cb65c5001ce 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -491,6 +491,7 @@ type AgentPoolProfile struct { EnableAutoScaling *bool `json:"enableAutoScaling,omitempty"` AvailabilityZones []string `json:"availabilityZones,omitempty"` SinglePlacementGroup *bool `json:"singlePlacementGroup,omitempty"` + VnetCidrs []string `json:"vnetCidrs,omitempty"` } // AgentPoolProfileRole represents an agent role @@ -570,6 +571,7 @@ type HostedMasterProfile struct { Subnet string `json:"subnet"` // ApiServerWhiteListRange is a comma delimited CIDR which is whitelisted to AKS APIServerWhiteListRange *string `json:"apiServerWhiteListRange"` + IPMasqAgent bool `json:"ipMasqAgent"` } // AuthenticatorType represents the authenticator type the cluster was @@ -808,6 +810,11 @@ func (p *Properties) IsHostedMasterProfile() bool { return p.HostedMasterProfile != nil } +// IsHostedMasterIPMasqAgentDisabled returns true if the cluster has a hosted master and IpMasqAgent is disabled +func (p *Properties) IsHostedMasterIPMasqAgentDisabled() bool { + return p.HostedMasterProfile != nil && !p.HostedMasterProfile.IPMasqAgent +} + // GetVNetResourceGroupName returns the virtual network resource group name of the cluster func (p *Properties) GetVNetResourceGroupName() string { var vnetResourceGroupName string diff --git a/pkg/engine/template_generator.go b/pkg/engine/template_generator.go index 2cbfca280fb..fd4a49a6791 100644 --- a/pkg/engine/template_generator.go +++ b/pkg/engine/template_generator.go @@ -209,6 +209,9 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) templat "IsHostedMaster": func() bool { return cs.Properties.IsHostedMasterProfile() }, + "IsHostedMasterIPMasqAgentDisabled": func() bool { + return cs.Properties.IsHostedMasterIPMasqAgentDisabled() + }, "IsDCOS19": func() bool { return cs.Properties.OrchestratorProfile.OrchestratorType == api.DCOS && (cs.Properties.OrchestratorProfile.OrchestratorVersion == common.DCOSVersion1Dot9Dot0 || From aa1b2649903fad653c6b0cd82845e1cb826be104 Mon Sep 17 00:00:00 2001 From: Tariq Ibrahim Date: Tue, 18 Dec 2018 12:10:13 -0800 Subject: [PATCH 3/8] Fix Failing Unit test (#166) --- pkg/api/defaults-kubelet_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/api/defaults-kubelet_test.go b/pkg/api/defaults-kubelet_test.go index f6b64c56e33..699dfdf81c2 100644 --- a/pkg/api/defaults-kubelet_test.go +++ b/pkg/api/defaults-kubelet_test.go @@ -214,7 +214,7 @@ func TestKubeletCalico(t *testing.T) { func TestKubeletHostedMasterIPMasqAgentDisabled(t *testing.T) { subnet := "172.16.0.0/16" - defaultSubnet := "0.0.0.0" + defaultSubnet := "0.0.0.0/0" // MasterIPMasqAgent disabled, --non-masquerade-cidr should be subnet cs := CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) cs.Properties.HostedMasterProfile = &HostedMasterProfile{ @@ -228,7 +228,7 @@ func TestKubeletHostedMasterIPMasqAgentDisabled(t *testing.T) { k["--non-masquerade-cidr"], subnet) } - // MasterIPMasqAgent enabled, --non-masquerade-cidr should be 0.0.0.0 + // MasterIPMasqAgent enabled, --non-masquerade-cidr should be 0.0.0.0/0 cs = CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) cs.Properties.HostedMasterProfile = &HostedMasterProfile{ IPMasqAgent: true, @@ -241,7 +241,7 @@ func TestKubeletHostedMasterIPMasqAgentDisabled(t *testing.T) { k["--non-masquerade-cidr"], defaultSubnet) } - // no HostedMasterProfile, --non-masquerade-cidr should be 0.0.0.0 + // no HostedMasterProfile, --non-masquerade-cidr should be 0.0.0.0/0 cs = CreateMockContainerService("testcluster", defaultTestClusterVer, 3, 2, false) cs.Properties.OrchestratorProfile.KubernetesConfig.ClusterSubnet = subnet cs.setKubeletConfig() From b2d7d2316a89eab2fed9579269f7bad7088e5be5 Mon Sep 17 00:00:00 2001 From: Tariq Ibrahim Date: Tue, 18 Dec 2018 12:15:45 -0800 Subject: [PATCH 4/8] replace gometalinter with golangci-lint (#164) --- .circleci/config.yml | 2 +- .golangci.yml | 21 +++++++++++++++++ Makefile | 7 +++--- pkg/armhelpers/groupsclient.go | 2 +- scripts/validate-go.sh | 41 ++-------------------------------- 5 files changed, 28 insertions(+), 45 deletions(-) create mode 100644 .golangci.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 2ec5d0ab54a..a967fc27cf4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -23,7 +23,7 @@ jobs: echo 'export CLIENT_SECRET=${CLUSTER_SERVICE_PRINCIPAL_CLIENT_SECRET}' >> $BASH_ENV - run: name: Install dependencies - command: make bootstrap + command: make generate - run: name: Run linting rules command: make validate-copyright-headers test-style diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000000..345b5769e27 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,21 @@ +run: + deadline: 1m + skip-dirs: + - test/i18n + - pkg/test + skip-files: + - pkg/i18n/i18n.go + - pkg/i18n/translations.go + - exclude pkg/engine/templates.go + +linters: + disable-all: true + enable: + - gofmt + - goimports + - gosimple + - golint + - govet + - ineffassign + - misspell + - unused diff --git a/Makefile b/Makefile index f3638c09b7e..bd334d2633f 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,7 @@ test-e2e: HAS_DEP := $(shell command -v dep;) HAS_GOX := $(shell command -v gox;) HAS_GIT := $(shell command -v git;) -HAS_GOMETALINTER := $(shell command -v gometalinter;) +HAS_GOLANGCI := $(shell command -v golangci-lint;) HAS_GINKGO := $(shell command -v ginkgo;) .PHONY: bootstrap @@ -133,9 +133,8 @@ endif ifndef HAS_GIT $(error You must install Git) endif -ifndef HAS_GOMETALINTER - go get -u github.com/alecthomas/gometalinter - gometalinter --install +ifndef HAS_GOLANGCI + curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin endif ifndef HAS_GINKGO go get -u github.com/onsi/ginkgo/ginkgo diff --git a/pkg/armhelpers/groupsclient.go b/pkg/armhelpers/groupsclient.go index 425a30f7b53..c514c57f0ce 100644 --- a/pkg/armhelpers/groupsclient.go +++ b/pkg/armhelpers/groupsclient.go @@ -10,7 +10,7 @@ import ( "github.com/Azure/go-autorest/autorest" ) -// EnsureResourceGroup ensures the named resouce group exists in the given location. +// EnsureResourceGroup ensures the named resource group exists in the given location. func (az *AzureClient) EnsureResourceGroup(ctx context.Context, name, location string, managedBy *string) (resourceGroup *resources.Group, err error) { var tags map[string]*string group, err := az.groupsClient.Get(ctx, name) diff --git a/scripts/validate-go.sh b/scripts/validate-go.sh index 3805e65cbb3..62bf078316f 100755 --- a/scripts/validate-go.sh +++ b/scripts/validate-go.sh @@ -17,46 +17,9 @@ set -euo pipefail exit_code=0 -if ! hash gometalinter 2>/dev/null ; then - go get -u github.com/alecthomas/gometalinter - gometalinter --install -fi - echo -echo "==> Running static validations <==" +echo "==> Running static validations and linters <==" # Run linters that should return errors -gometalinter \ - --disable-all \ - --enable deadcode \ - --enable gofmt \ - --enable goimports \ - --enable gosimple \ - --enable ineffassign \ - --enable misspell \ - --enable unused \ - --enable vet \ - --tests \ - --vendor \ - --deadline 120s \ - --skip test/i18n \ - --skip pkg/test \ - --exclude pkg/i18n/i18n.go \ - --exclude pkg/i18n/translations.go \ - --exclude pkg/engine/templates.go \ - ./... || exit_code=1 - -echo -echo "==> Running linters <==" -# Run linters that should return warnings -gometalinter \ - --disable-all \ - --enable golint \ - --vendor \ - --skip proto \ - --skip pkg/test \ - --deadline 60s \ - --exclude pkg/i18n/translations.go \ - --exclude pkg/engine/templates.go \ - ./... || exit_code=1 +golangci-lint run || exit_code=1 exit $exit_code From da7bbdcf6039b053f64e35580a8bcc2983c12d54 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 3 Dec 2018 21:07:23 -0700 Subject: [PATCH 5/8] Add support for Kubernetes 1.12.3 See https://github.com/kubernetes/kubernetes/releases/tag/v1.12.3 --- packer/install-dependencies.sh | 2 +- pkg/api/common/versions.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/install-dependencies.sh b/packer/install-dependencies.sh index c8aa14a573d..c3c47670ef3 100644 --- a/packer/install-dependencies.sh +++ b/packer/install-dependencies.sh @@ -159,7 +159,7 @@ done pullContainerImage "docker" "busybox" # TODO: fetch supported k8s versions from an aks-engine command instead of hardcoding them here -K8S_VERSIONS="1.7.15 1.7.16 1.8.14 1.8.15 1.9.10 1.9.11 1.10.8 1.10.9 1.11.5 1.11.6 1.12.1 1.12.2 1.13.1" +K8S_VERSIONS="1.7.15 1.7.16 1.8.14 1.8.15 1.9.10 1.9.11 1.10.8 1.10.9 1.11.5 1.11.6 1.12.2 1.12.4 1.13.1" for KUBERNETES_VERSION in ${K8S_VERSIONS}; do HYPERKUBE_URL="k8s.gcr.io/hyperkube-amd64:v${KUBERNETES_VERSION}" diff --git a/pkg/api/common/versions.go b/pkg/api/common/versions.go index f00585391d4..3e1342e7a38 100644 --- a/pkg/api/common/versions.go +++ b/pkg/api/common/versions.go @@ -91,7 +91,7 @@ var AllKubernetesSupportedVersions = map[string]bool{ "1.12.0-rc.1": false, "1.12.0-rc.2": false, "1.12.0": false, - "1.12.1": true, + "1.12.1": false, "1.12.2": true, "1.13.0-alpha.1": false, "1.13.0-alpha.2": false, From 40d84ff6a174b56fb55705b3c5f3428a1c38ee54 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 3 Dec 2018 21:14:02 -0700 Subject: [PATCH 6/8] Bump cluster-autoscaler to recommended version for 1.12.3 --- packer/install-dependencies.sh | 2 +- pkg/api/k8s_versions.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/install-dependencies.sh b/packer/install-dependencies.sh index c3c47670ef3..667586fee20 100644 --- a/packer/install-dependencies.sh +++ b/packer/install-dependencies.sh @@ -91,7 +91,7 @@ for TILLER_VERSION in ${TILLER_VERSIONS}; do pullContainerImage "docker" "gcr.io/kubernetes-helm/tiller:v${TILLER_VERSION}" done -CLUSTER_AUTOSCALER_VERSIONS="1.3.4 1.3.3 1.2.2 1.1.2" +CLUSTER_AUTOSCALER_VERSIONS="1.12.1 1.3.4 1.3.3 1.2.2 1.1.2" for CLUSTER_AUTOSCALER_VERSION in ${CLUSTER_AUTOSCALER_VERSIONS}; do pullContainerImage "docker" "k8s.gcr.io/cluster-autoscaler:v${CLUSTER_AUTOSCALER_VERSION}" done diff --git a/pkg/api/k8s_versions.go b/pkg/api/k8s_versions.go index 545fd7b9429..e4a786be90c 100644 --- a/pkg/api/k8s_versions.go +++ b/pkg/api/k8s_versions.go @@ -30,7 +30,7 @@ var k8sComponentVersions = map[string]map[string]string{ "aci-connector": "virtual-kubelet:latest", ContainerMonitoringAddonName: "oms:ciprod10162018-2", AzureCNINetworkMonitoringAddonName: "networkmonitor:v0.0.4", - "cluster-autoscaler": "cluster-autoscaler:v1.3.3", + "cluster-autoscaler": "cluster-autoscaler:v1.12.1", NVIDIADevicePluginAddonName: "k8s-device-plugin:1.11", "k8s-dns-sidecar": "k8s-dns-sidecar-amd64:1.14.10", "nodestatusfreq": DefaultKubernetesNodeStatusUpdateFrequency, From 9d3309ac9864d9418c031a34827905cc027c3329 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 17 Dec 2018 10:05:22 -0700 Subject: [PATCH 7/8] Bump to k8s 1.12.4 See https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md#v1124 --- pkg/api/common/versions.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/api/common/versions.go b/pkg/api/common/versions.go index 3e1342e7a38..6a72e9ac442 100644 --- a/pkg/api/common/versions.go +++ b/pkg/api/common/versions.go @@ -93,6 +93,7 @@ var AllKubernetesSupportedVersions = map[string]bool{ "1.12.0": false, "1.12.1": false, "1.12.2": true, + "1.12.4": true, "1.13.0-alpha.1": false, "1.13.0-alpha.2": false, "1.13.1": true, From 0ff3d3bb4544d67e5a3c112e8280289a896cdf45 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 18 Dec 2018 14:59:31 -0700 Subject: [PATCH 8/8] Move cluster-autoscaler bump to correct stanza --- pkg/api/k8s_versions.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/api/k8s_versions.go b/pkg/api/k8s_versions.go index e4a786be90c..d574ad015e4 100644 --- a/pkg/api/k8s_versions.go +++ b/pkg/api/k8s_versions.go @@ -30,7 +30,7 @@ var k8sComponentVersions = map[string]map[string]string{ "aci-connector": "virtual-kubelet:latest", ContainerMonitoringAddonName: "oms:ciprod10162018-2", AzureCNINetworkMonitoringAddonName: "networkmonitor:v0.0.4", - "cluster-autoscaler": "cluster-autoscaler:v1.12.1", + "cluster-autoscaler": "cluster-autoscaler:v1.3.3", NVIDIADevicePluginAddonName: "k8s-device-plugin:1.11", "k8s-dns-sidecar": "k8s-dns-sidecar-amd64:1.14.10", "nodestatusfreq": DefaultKubernetesNodeStatusUpdateFrequency, @@ -63,7 +63,7 @@ var k8sComponentVersions = map[string]map[string]string{ "aci-connector": "virtual-kubelet:latest", ContainerMonitoringAddonName: "oms:ciprod10162018-2", AzureCNINetworkMonitoringAddonName: "networkmonitor:v0.0.4", - "cluster-autoscaler": "cluster-autoscaler:v1.3.3", + "cluster-autoscaler": "cluster-autoscaler:v1.12.1", NVIDIADevicePluginAddonName: "k8s-device-plugin:1.11", "k8s-dns-sidecar": "k8s-dns-sidecar-amd64:1.14.10", "nodestatusfreq": DefaultKubernetesNodeStatusUpdateFrequency,