Labelling this PR as size/L

GCE e2e test build/test passed for commit 549ae8386443242a2554e0924452ac6c62437a73.

• Build Log
• Test Artifacts
• Internal Jenkins Results

/cc @sttts since I'm OOO after Monday

@timothysc - I think that this PR should fix the remaining issue in Go 1.5 - see #18701 for more details.

Can we prioritize it to have this merged ASAP?

on it.

@timothysc - thanks a lot!

@wojtek-t I think I'll need to ping you tomorrow on the cacher tomorrow, there is some subtlety that I'm missing that is causing an issue there.

@timothysc - sure

@timothysc - can you please rebase this PR - it will be much simpler for me to patch it and debug the cacher problem

@timothysc - cacher_test.go - line 205 (initialVersion--) should be removed

This solves the problem (at least when I'm running it locally).

unit tests passed, e2e flake

@k8s-bot test this please

infrastructure unit-test failure:

git checkout -f b43af14b26801071c65ee65bab22f5247840dd15
FATAL: Could not checkout b43af14b26801071c65ee65bab22f5247840dd15

@k8s-bot unit test this please

GCE e2e test build/test passed for commit c505a5d.

• Build Log
• Test Artifacts
• Internal Jenkins Results

The same again:

git checkout -f b43af14b26801071c65ee65bab22f5247840dd15
FATAL: Could not checkout b43af14b26801071c65ee65bab22f5247840dd15

@k8s-bot test this please

GCE e2e build/test failed for commit c505a5d.

• Build Log
• Test Artifacts
• Internal Jenkins Results

@k8s-bot e2e test this please

GCE e2e test build/test passed for commit c505a5d.

• Build Log
• Test Artifacts
• Internal Jenkins Results

All tests are passing - merging manually, to unblock effort to update to Go 1.5

Awesome!

I think this PR started causing several etcd unit tests to data race or timeout, as linked in the above issues.

xref #18153

@timothysc
@jdef
@wojtek-t

I am running into this issue:

#24578

trying to run apiserver with etcd TLS.

TLS worked fine with v1.1.2 I am trying to upgrade from.
I could get into the apiserver container and cat the files apiserver is complaining about not finding, so I don't understand what is wrong.

same problem with 1.2.1

in using TLS for the etcd client before I had to have something like

var cfg store.Config

    if caCert != "" && clientCert != "" && clientKey != "" {
        var tlsInfo = transport.TLSInfo{
            CAFile:   caCert,
            CertFile: clientCert,
            KeyFile:  clientKey,
            TrustedCAFile: caCert,
            ClientCertAuth: true,
        }
        t, err := transport.NewTransport(tlsInfo, 10 * time.Second)
        if err != nil {
            fmt.Fprintln(os.Stderr, err)
            os.Exit(1)
        }

        cfg = store.Config{
            ConnectionTimeout: 10 * time.Second,
            TLS: t.TLSClientConfig,
        }
    } else {
        cfg = store.Config{
                ConnectionTimeout: 10 * time.Second,
            }
    }

@streamnsight The fix is here #21535, but it changes the default initialization. I believe the release note denotes as well.

@timothysc
Sorry Tim but I don't get it:
I don't see anything in the release notes, and I don't understand the 'fix': what I see is a PR but no explanation about how I'm now suppose to configure secured etcd properly.
If i go by the docs it doesn't work as intended.

Could you please explain what I'm supposed to do or point me to the proper documentation.
Thanks

the updates needed for secured etcd were in the v1.2.0 release notes in the "action required" section:

Running against a secured etcd requires these flags to be passed to kube-apiserver (instead of --etcd-config):
    --etcd-certfile, --etcd-keyfile (if using client cert auth)
    --etcd-cafile (if not using system roots)

@liggitt Thanks for pointing this out.

FYI the problem I was having was having quotes around the file names in the etcd config.
This is a pretty stupid mistake, but I thought yaml supported both quoted or not quoted string, so just wanted to point it out here.