Merge branch 'master' of github.com:kubernetes/minikube into 1.16.0-beta.0

d43261c7 · Sharif Elgamal · 77931498 · b8184c16 · d43261c7 · d43261c7
5 changed file
--- a/hack/jenkins/common.sh
+++ b/hack/jenkins/common.sh
@@ -30,6 +30,8 @@ export GOPATH="$HOME/go"
 export KUBECONFIG="${TEST_HOME}/kubeconfig"
 export PATH=$PATH:"/usr/local/bin/:/usr/local/go/bin/:$GOPATH/bin"

+readonly TIMEOUT=${1:-70m}
+
 if [ "$(uname)" != "Darwin" ]; then
  # install lsof for finding none driver procs, psmisc to use pstree in cronjobs
  sudo apt-get -y install lsof psmisc
@@ -41,8 +43,8 @@ sudo ./installers/check_install_golang.sh "1.15.5" "/usr/local" || true
 # install docker and kubectl if not present
 sudo ./installers/check_install_docker.sh

-docker rm -f -v $(docker ps -aq) >/dev/null 2>&1 || true
-docker volume prune -f || true
+# let's just clean all docker artifacts up
+docker system prune --force --volumes || true
 docker system df || true

 echo ">> Starting at $(date)"
@@ -295,7 +297,7 @@ fi
 touch "${TEST_OUT}"
 ${SUDO_PREFIX}${E2E_BIN} \
  -minikube-start-args="--driver=${VM_DRIVER} ${EXTRA_START_ARGS}" \
-  -test.timeout=70m -test.v \
+  -test.timeout=${TIMEOUT} -test.v \
  ${EXTRA_TEST_ARGS} \
  -binary="${MINIKUBE_BIN}" 2>&1 | tee "${TEST_OUT}"


--- a/hack/jenkins/linux_integration_tests_virtualbox.sh
+++ b/hack/jenkins/linux_integration_tests_virtualbox.sh
@@ -28,9 +28,10 @@ set -e
 OS_ARCH="linux-amd64"
 VM_DRIVER="virtualbox"
 JOB_NAME="VirtualBox_Linux"
+EXTRA_TEST_ARGS=""
 EXPECTED_DEFAULT_DRIVER="kvm2"

 mkdir -p cron && gsutil -qm rsync "gs://minikube-builds/${MINIKUBE_LOCATION}/cron" cron || echo "FAILED TO GET CRON FILES"
 sudo install cron/cleanup_and_reboot_Linux.sh /etc/cron.hourly/cleanup_and_reboot || echo "FAILED TO INSTALL CLEANUP"

-source ./common.sh
+source ./common.sh 2h
--- a/hack/jenkins/minikube_set_pending.sh
+++ b/hack/jenkins/minikube_set_pending.sh
@@ -32,7 +32,7 @@ if [ "${ghprbPullId}" == "master" ]; then
 fi

 jobs=(
-     'HyperKit_macOS'
+     'HyperKit_Functional_macOS'
     'Hyper-V_Windows'
     'VirtualBox_Linux'
     # 'VirtualBox_macOS'

--- a/pkg/drivers/kic/kic.go
+++ b/pkg/drivers/kic/kic.go
@@ -17,9 +17,11 @@ limitations under the License.
 package kic

 import (
+	"context"
 	"fmt"
 	"net"
 	"os/exec"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -214,6 +216,33 @@ func (d *Driver) prepareSSH() error {
 		return errors.Wrapf(err, "apply authorized_keys file ownership, output %s", rr.Output())
 	}

+	if runtime.GOOS == "windows" {
+		path, _ := exec.LookPath("powershell")
+		ctx, cancel := context.WithTimeout(context.Background(), 8*time.Second)
+		defer cancel()
+
+		klog.Infof("ensuring only current user has permissions to key file located at : %s...", keyPath)
+
+		// Get the SID of the current user
+		currentUserSidCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value")
+		currentUserSidOut, currentUserSidErr := currentUserSidCmd.CombinedOutput()
+		if currentUserSidErr != nil {
+			klog.Warningf("unable to determine current user's SID. minikube tunnel may not work.")
+		} else {
+			icaclsArguments := fmt.Sprintf(`"%s" /grant:r *%s:F /inheritancelevel:r`, keyPath, strings.TrimSpace(string(currentUserSidOut)))
+			icaclsCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "icacls.exe", icaclsArguments)
+			icaclsCmdOut, icaclsCmdErr := icaclsCmd.CombinedOutput()
+
+			if icaclsCmdErr != nil {
+				return errors.Wrap(icaclsCmdErr, "unable to execute icacls to set permissions")
+			}
+
+			if !strings.Contains(string(icaclsCmdOut), "Successfully processed 1 files; Failed processing 0 files") {
+				klog.Errorf("icacls failed applying permissions - err - [%s], output - [%s]", icaclsCmdErr, strings.TrimSpace(string(icaclsCmdOut)))
+			}
+		}
+	}
+
 	return nil
 }


--- a/pkg/minikube/tunnel/kic/ssh_conn.go
+++ b/pkg/minikube/tunnel/kic/ssh_conn.go
@@ -19,6 +19,7 @@ package kic
 import (
 	"fmt"
 	"os/exec"
+	"runtime"

 	"github.com/phayes/freeport"
 	v1 "k8s.io/api/core/v1"
@@ -39,7 +40,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,
@@ -66,8 +67,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	}

 	command := "ssh"
-
-	if askForSudo {
+	if askForSudo && runtime.GOOS != "windows" {
 		out.Step(
 			style.Warning,
 			"The service {{.service}} requires privileged ports to be exposed: {{.ports}}",
@@ -79,7 +79,6 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 		command = "sudo"
 		sshArgs = append([]string{"ssh"}, sshArgs...)
 	}
-
 	cmd := exec.Command(command, sshArgs...)

 	return &sshConn{
@@ -94,7 +93,7 @@ func createSSHConnWithRandomPorts(name, sshPort, sshKey string, svc *v1.Service)
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,