From b044b9e18deaf101e9bdc2b0e68bf5b5008433cc Mon Sep 17 00:00:00 2001 From: KUOKA Yusuke Date: Fri, 23 Mar 2018 00:13:20 +0900 Subject: [PATCH 1/2] Set the test timeout longer (25m -> 30m) Just to save contributors from being forced to rerun the build by pushing a commit in case of a timeout --- make/test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/test b/make/test index b3c3a8f43..c7a30b5bc 100755 --- a/make/test +++ b/make/test @@ -10,7 +10,7 @@ default() { with-cover() { test -z "$(find . -path ./vendor -prune -type f -o -name '*.go' -exec gofmt -d {} + | tee /dev/stderr)" for d in $(go list ./... | grep -v '/vendor/' | grep -v '/hack'); do - go test -timeout 25m -v --race -coverprofile=profile.out -covermode=atomic $d + go test -timeout 30m -v --race -coverprofile=profile.out -covermode=atomic $d if [ -f profile.out ]; then cat profile.out >> coverage.txt rm profile.out From 1d541fb4f83039681c60f5625653d84badc59689 Mon Sep 17 00:00:00 2001 From: Romain Dorgueil Date: Fri, 23 Mar 2018 09:14:59 +0100 Subject: [PATCH 2/2] Doc: notice about service token invalidation after credentials update. --- docs/getting-started/step-4-update.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/getting-started/step-4-update.md b/docs/getting-started/step-4-update.md index 57d93c96e..aae7abdb0 100644 --- a/docs/getting-started/step-4-update.md +++ b/docs/getting-started/step-4-update.md @@ -37,6 +37,9 @@ More concretely, steps should be taken in order to rotate your certs on nodes ar kube-aws update ``` +There are cases where the service account tokens used by the system pods become invalid after credentials update, and +some of your system pods will break (especially `kube-dns`). Deleting the said secrets will solve the issue (see https://github.com/kubernetes-incubator/kube-aws/issues/1057). + ## The etcd caveat There is no solution for hosting an etcd cluster in a way that is easily updateable in this fashion- so updates are automatically masked for the etcd instances. This means that, after the cluster is created, nothing about the etcd ec2 instances is allowed to be updated.