Automatic merge from submit-queue
OpenAPI support for kubectl
Support for openapi spec in kubectl.
Includes:
- downloading and caching openapi spec to a local file
- parsing openapi spec into binary serializable datastructures (10x faster load times 600ms -> 40ms)
- caching parsed openapi spec in memory for each command
```release-note
NONE
```
Automatic merge from submit-queue
Fixes#43461
**What this PR does / why we need it**:
The master-components started state triggers a daemon recycle. The guard
was to prevent the daemons from being cycled too often and interrupting
normal workflow. This additional state check is probing the etcd
connection and if changing triggers a re-configure and recycle of the api-control
plane when etcd units are scaling up and down.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43461
**Special notes for your reviewer**:
Check the contents of /var/snap/kube-apiserver/current/args after scaling etcd both up and down and the values will have changed, and kube-apiserver will have recycled to read the new connection string.
**Release note**:
```release-note
kubernetes-master juju charm properly detects etcd-scale events and reconfigures appropriately.
```
Automatic merge from submit-queue
Add redirect support to SpdyRoundTripper
Add support for following redirects to the SpdyRoundTripper. This is
necessary for clients using it directly (e.g. the apiserver talking
directly to the kubelet) because the CRI streaming server issues a
redirect for streaming requests.
We need this in OpenShift because we have code that executes inside our apiserver that talks directly to the node to perform an attach request, and we need to be able to follow that redirect.
This code was adapted from the upgrade-aware proxy handler.
cc @smarterclayton @sttts @liggitt @timstclair @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43395, 44960)
[Federation] Cleanup unused code in service controller
Post merging the PR #41258, lot of unused code is left behind in federation service controller. These changes were segregated to this PR, so that the original PR was small and manageable.
**Release note**:
```
NONE
```
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43395, 44960)
e2e-node: refactor lifecycle test to avoid selinux issues
Fixes#42905
Previously, the exec hook tests mounted a HostPath volume from /tmp and touched a file as a indicator that the hook had run. This is prohibited by selinux policy on Fedora/RHEL/Centos.
This PR refactors the test to avoid filesystem indication and use the same indication that the HTTP hooks use; a GET to a http endpoint. The exec hooks run `curl` to hit this endpoint and trigger the indication. This simplifies this test quite a bit as well, removing over 85 lines of code.
REVIEWER NOTE: The diff is a mess on this one. Probably better to just review the new version of the file.
@derekwaynecarr
Automatic merge from submit-queue (batch tested with PRs 44962, 44964)
Fix the last deprecated "gcloud docker push args" usage.
This deprecated usage will break in March 2017.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Remove misleading error from CronJob controller when it can't find parent UID
CronJob controller lists all `Jobs` and then tries to match then against `CronJobs` using parent UID. It reports error if parent UID can't be found which means it reports error on every job which is not part of CronJob
```release-note
NONE
```
The master-components started state triggers a daemon recycle. The guard
was to prevent the daemons from being cycled too often and interrupting
normal workflow. This additional state check is guarded against the etcd
connection string from changing, allowing the current behavior but
triggers a re-configure and recycle of the api-control plane when etcd
units are scaling up and down.
Automatic merge from submit-queue
Support running Ubuntu image on GCE
**What this PR does / why we need it**:
This PR (on top of #44629) contains the script changes for running Ubuntu image on GCE.
**Special notes for your reviewer**:
We made change in `gci/node.yaml` and `gci/master.yaml` to ensure that Kubernetes jobs can start automatically after reboot. This is not needed for GCI but required by Ubuntu. See https://github.com/kubernetes/kubernetes/pull/44744#discussion_r113105970 for details. With this change, Ubuntu could use the same provisioning scripts as GCI's.
Ran e2e tests using the following command and all tests passed.
```
KUBE_GCE_NODE_IMAGE=ubuntu-gke-1604-xenial-v20170420-1 KUBE_GCE_NODE_PROJECT=ubuntu-os-gke-cloud KUBE_NODE_OS_DISTRIBUTION=ubuntu GINKGO_PARALLEL=y GINKGO_PARALLEL_NODES=30 go run hack/e2e.go -- -v --build --up --test --test_args="--ginkgo.skip=\[Slow\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:.+\]" --down
```
Also tested manually for both GCI and Ubuntu images.
**Release note**:
`Support Ubuntu 16.04 image on GCE`
Automatic merge from submit-queue
Send dns details only after cdk-addons are configured
**What this PR does / why we need it**: This is a bugfix on the deployment of Kubernetes via Juju. See issue below.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40386 and
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/262
**Special notes for your reviewer**:
**Release note**:
```
Fix KubeDNS issue in Juju deployments.
```
Automatic merge from submit-queue (batch tested with PRs 44942, 41258)
[Federation] Use federated informer for service controller and annotations to store lb ingress
**What this PR does / why we need it**:
This is breaking up of the PR #40296 into smaller one. please refer to #41253
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Handles 2 tasks in #41253
Fixes issues in #27623, #35827
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
cc @quinton-hoole @nikhiljindal @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue
fix typo
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Add support for following redirects to the SpdyRoundTripper. This is
necessary for clients using it directly (e.g. the apiserver talking
directly to the kubelet) because the CRI streaming server issues a
redirect for streaming requests.
Also extract common logic for following redirects.
Automatic merge from submit-queue
Allow disabling log dump for nodes (in preparation for using logexporter)
This is, in part, a change required for allowing usage of [logexporter](https://github.com/kubernetes/test-infra/tree/master/logexporter) for dumping node logs to GCS directly, instead of doing it through log-dump.sh.
cc @kubernetes/test-infra-maintainers @wojtek-t @gmarek @fejta
Automatic merge from submit-queue (batch tested with PRs 44931, 44808)
Update to use Semantic.DeepEqual in regsitry
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/43402
**Release note**:
```
NONE
```
/assign @janetkuo
Automatic merge from submit-queue (batch tested with PRs 44931, 44808)
Closes#44392
**What this PR does / why we need it**:
Fix the pause action with regard to the new behavior where
--delete-local-data=false by default. Historically --force was all that
was required, this flag has changed to be more descriptive of the
actions it's taking.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#44392
**Release note**:
```release-note
Added support to the pause action in the kubernetes-worker charm for new flag --delete-local-data
```
Automatic merge from submit-queue
kubeadm: remove func arg that isn't being used
**What this PR does / why we need it**: Functions had args passed to them that weren't being used. See https://github.com/kubernetes/kubernetes/pull/44601 for more details.
**Special notes for your reviewer**: @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826)
Enable default signer implementation
**What this PR does / why we need it**:
The Kubernetes controller manager provides a default implementation
of a signer. We should enable it by passing the --cluster-signing-cert-file
and --cluster-signing-key-file parameters to the controller manager
with paths to your Certificate Authority’s keypair. Hoping this will
help pass the "Certificates API [It] should support building a client with a CSR"
e2e test when run against k8s started using local-up-cluster.sh
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826)
[Federation] Only attempt to log information about pods in federation/cluster/log-dump.sh if those pods exist.
Fixes an issue where the script fails, because bash considers an empty array an unbound variable.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826)
Bump to go1.8 and remove the edge GOROOT
**What this PR does / why we need it**:
Bumps to go1.8; we get:
- performance improvements
- build time improvements
- the possibility to remove the hacky edge-GOROOT for arm and ppc64le that must use go1.8
- all other awesome features that are included in go1.8: https://golang.org/doc/go1.8
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/38228
**Special notes for your reviewer**:
@ixdy Please push the image ASAP so we can see if this passes all tests
**Release note**:
```release-note
Upgrade go version to v1.8
```
cc @ixdy @bradfitz @jessfraz @wojtek-t @timothysc @spxtr @thockin @smarterclayton @bprashanth @gmarek
Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826)
apiserver: add pkg/util/webhook tests
This commit adds tests for pkg/util/webhooks. The purpose of this was not only for better code coverage but also to alleviate the need for consumers to write their own tests for core functionality.
**Reasoning**
While working on the generic webhook admission plugin for https://github.com/kubernetes/community/pull/132, I found out that there are no tests for `staging/k8s.io/apiserver/pkg/util/webhook` and I also noticed that various places in the k8s sources were also replicating the same core tests that could/should be handled in `staging/k8s.io/apiserver/pkg/util/webhook`:
* `staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook_test.go`
* `staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_test.go`
* `plugin/pkg/admission/imagepolicy/admission_test.go`
* _possibly more..._
That's what this PR does, adds tests for `staging/k8s.io/apiserver/pkg/util/webhook` so that consumers no longer have to worry about testing client configuration issues, TLS issues, etc. just to use `staging/k8s.io/apiserver/pkg/util/webhook`.
cc @cjcullen
Automatic merge from submit-queue
Add --apiserver-advertise-address option to kubeadm alpha phase certs…
**What this PR does / why we need it**:
`kubeadm alpha phase certs` command currently does not support `--apiserver-advertise-address` options, and certificates by default are linked to the bind address of the machine where the kubeadm command is run. This behaviour is not adequate f.i. for use cases where you are using `kubeadm alpha phase certs` for an HA deployments or for use cases where you generate certificates on a machine different that the master.
The PR adds support for `--apiserver-advertise-address` to `kubeadm alpha phase certs`, with the following behaviour:
- if `--apiserver-advertise-address` is specified and valid, certificates are linked to the given IP
- if `--apiserver-advertise-address` is specified but not valid, the given ip is not valid an error is given
**Special notes for your reviewer**:
Implementation follow the track already in place for other flags (with validation, but no tests).
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482)
Used Pods interface for binding.
Used Pods interface for binding in scheduler.
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482)
[Federation] Fix the comments on FederationNameAnnotation
Follow-up for minor issues raised in #42683
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482)
update kubectl apply doc for required resource name
**What this PR does / why we need it**:
Update kubectl apply doc to illustrate that the resource name is required.
**Which issue this PR fixes** : fixes#44501
**Special notes for your reviewer**:
@liggitt @adohe @jayunit100
**Release note**:
```release-note
```
Fix the pause action with regard to the new behavior where
--delete-local-data=false by default. Historically --force was all that
was required, this flag has changed to be more descriptive of the
actions it's taking.
Automatic merge from submit-queue (batch tested with PRs 44583, 44139, 44753)
Federation: Removing duplicate finalizer manipulation logic in federation controllers
Ref #40989
Using apimachinery's meta accessor to manipulate objects instead of duplicating that logic in each controller.
Just a cleanup, no behavior change.
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue
bump bazel build to go1.8.1 and remove invalid unit tests
part of https://github.com/kubernetes/kubernetes/issues/38228
I firmly believe that unit tests that check error strings are incorrect unit tests. If we care about what type of error is returned, we need to use public error types. Anywhere we are using generic errors, we don't care other then that we saw an error.
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)
kubeadm: add flag to skip token print out
**What this PR does / why we need it**: When kubeadm init is used in an automated context, it still prints the token to standard out. When standard output ends up in a log file, it can be considered that the token is leaked there and can be compromised. This PR adds a flag you can select to not have it print out and explicitly disable this behavior.
This is a continuation from https://github.com/kubernetes/kubernetes/pull/42823 since it had to be closed.
**Which issue this PR fixes** : fixes #https://github.com/kubernetes/kubeadm/issues/160
**Special notes for your reviewer**: /cc @luxas @errordeveloper
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)
Define const annotation variable once
We do not need to define the const annotation var twice in pkg/volume and pkg/volume/validation
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)
secret.go: add initial symbol and format err
secret.go: add initial symbol and format err
line 198: add initialization symbol
other lines: format err.
Automatic merge from submit-queue
Cleanup: replace some hardcoded vars and remove unused functions
Replace some hardcoded vars and remove unused functions
**Release note**:
```release-note
NONE
```
zhangxiaoyu-zidif