Automatic merge from submit-queue
Allow handlers earlier in a request flow to inject a UID for an object
This lets admission controllers specify a stable UID for an object prior to its creation. That lets the admission controller then record a reference to the object on another resource using that stable UID prior to the object being created. This would be a prerequisite for supporting quota reservations.
/cc @smarterclayton @lavalamp @deads2k
Automatic merge from submit-queue
Start namespace controller in node e2e
Fix https://github.com/kubernetes/kubernetes/issues/28320.
Based on https://github.com/kubernetes/kubernetes/pull/28807, only the last 2 commits are new.
Before this PR, there was no namespace controller running in node e2e test infrastructure. We can not enable the [`delete-namespace`](f2ddd60eb9/test/e2e/framework/test_context.go (L109)) flag in the test framework.
So after the test running, there will be running pod left on the test node. This seems to be acceptable in our test infrastructure because we create an new instance each time.
However, in 1.4 we may want to provide part of the test as node conformance test to the user, they definitely don't want the test to leave tons of pods on their node after test running.
Currently, there is no easy way to only start namespace controller in kube-controller-manager (confirmed with @mikedanese), so in this PR I started a "uncontainerized" one in the test infrastructure.
This PR:
* Started the namespace controller in the node e2e test infrastructure and enable the automatic namespace deletion.
* Change the privileged test to use framework (@yujuhong), so that all node e2e tests are using the framework and test pods will be cleaned up by namespace controller.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Info about enabling the hostpath provisioner
The README for persistent volume provisioning had information about the
hostpath provisioner for testing purposes, but lacked instructions on
how to enable it.
Automatic merge from submit-queue
Revert "Follow on for 1.4 to default HTTP2 on by default"
This reverts commit efe25553cd
in order to address: #29001#28537
Automatic merge from submit-queue
Bump the default etcd version in the Makefile to 3.0.3
Fixes: #29132
I haven't had time to manually validate the arm and arm64 version yet, but I think it should be fine.
cc @xiang90 @hongchaodeng @timothysc @lavalamp @wojtek-t @thockin @kubernetes/sig-scalability @Pensu @laboger
Automatic merge from submit-queue
Add proposal for service externalName
This is a proposal to address: #13748.
@smarterclayton @ncdc @thockin. Please check this out when you have time, hopefully this is okay :-D
I created the proposal because was unsure if the feature would be able to go in if there isn't a proposal already merged, because of this mail to kubernetes-pm: https://groups.google.com/forum/#!topic/kubernetes-pm/Ki63EztfZMo.
So, IIUC it would be nice to have the proposal merged ASAP (I think the interface looks ok for all, so hopefully this will be easy) so we can have this feature in 1.4 as you guys ( @smarterclayton @ncdc ) need.
Automatic merge from submit-queue
Change the name of the secret that delivers federation kubeconfig.
```release-note
Federation API server kubeconfig secret consumed by federation-controller-manager has a new name.
If you are upgrading your Cluster Federation components from v1.3.x, please run this command to migrate the federation-apiserver-secret to federation-apiserver-kubeconfig serect;
$ kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
You might also want to delete the old secret using this command:
$ kubectl delete secret --namespace=federation federation-apiserver-secret
```
The current name, federation-apiserver-secret, is very similar to the
other secret we have, federation-apiserver-secrets, that delivers
somewhat similar data but in a different format. This is extremely
confusing, particularly while debugging.
This change should soothe the pain.
cc @kubernetes/sig-cluster-federation
Automatic merge from submit-queue
Make "attach" and "exec" rejection in proxy more explicit
```release-note
kubectl proxy changed to now allow urls to pods with "attach" or "exec" in the pod name
```
The more explicit regular expression for rejection makes a possibility of accessing pods (or any other resources) which contain "attach" or "exec" in their names via proxy API. It was not possible before.
Also, the reference for "run" resource was removed, because it doesn't exist in any of k8s APIs currently.
Fixes: #21464
Automatic merge from submit-queue
Move ExtractPodBandwidthResources test into appropriate package
Found during #28511, this test is in the wrong package currently.
cc @kubernetes/sig-network
Automatic merge from submit-queue
AWS: Added experimental option to skip zone check
This pull request resolves#28380. In the vast majority of cases, it is appropriate to validate the AWS region against a known set of regions. However, there is the edge case where this is undesirable as Kubernetes may be deployed in an AWS-like environment where the region is not one of the known regions.
By adding the optional **DisableStrictZoneCheck true** to the **[Global]** section in the aws.conf file (e.g. /etc/aws/aws.conf) one can bypass the ragion validation.
Automatic merge from submit-queue
dnsprovider: Use route53 page functions to avoid truncated results
The List<Type>Pages functions make it pretty easy to avoid result truncation;
switch to using them
Automatic merge from submit-queue
Format apiserver options
Trivial change, code formatting only: it was hard to read long lines, and my editor was really slow when scrolling through them.
Automatic merge from submit-queue
Ubuntu: Enable ssh compression when downloading binaries during cluster creation
<!--
Checklist for submitting a Pull Request
Please remove this comment block before submitting.
1. Please read our [contributor guidelines](https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md).
2. See our [developer guide](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md).
3. If you want this PR to automatically close an issue when it is merged,
add `fixes #<issue number>` or `fixes #<issue number>, fixes #<issue number>`
to close multiple issues (see: https://github.com/blog/1506-closing-issues-via-pull-requests).
4. Follow the instructions for [labeling and writing a release note for this PR](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes) in the block below.
-->
resolves#20971 by using the options provided by ssh.
Native ssh compression has existed for years, and the server is free to disregard the setting, so this should be safe.
With things like the kube binaries I see about a 2x speed increase.
```
λ time scp kubes-bin.tar 9.30.182.251:/mnt/build/kubin
kubes-bin.tar 100% 344MB 10.7MB/s 00:32
real 0m32.284s
user 0m1.679s
sys 0m1.263s
λ time scp -C kubes-bin.tar 9.30.182.251:/mnt/build/kubin
kubes-bin.tar 100% 344MB 22.9MB/s 00:15
real 0m14.810s
user 0m12.858s
sys 0m0.994s
λ ls -lah kubes-bin.tar
-rw-r--r-- 1 mhb staff 344M Jun 2 15:29 kubes-bin.tar
λ tar -tf kubes-bin.tar
kubectl
master/
master/etcd
master/etcdctl
master/flanneld
master/kube-apiserver
master/kube-controller-manager
master/kube-scheduler
node/
node/flanneld
node/kube-proxy
node/kubelet
```
Automatic merge from submit-queue
Certificate signing controller for TLS bootstrap (alpha)
The controller handles generating and signing certificates when a CertificateSigningRequest has the "Approved" condition. Uses cfssl to support a wide set of possible keys and algorithms. Depends on PR #25562, only the last two commits are relevant to this PR.
cc @mikedanese
[]()
Automatic merge from submit-queue
Mention that comments keep pull-requests open
A comment in a pull-request will keep it open for another 90 days. Let's
mention that in the documentation for people who can't add labels.
Automatic merge from submit-queue
Add extensions/replicaset to federation-apiserver
Add extensions/replicaset for federated scheduler (#24038) as all k8s api objects were removed in #23959
Please review only the very last one commit.
#19313#23653
@nikhiljindal @quinton-hoole, @deepak-vij, @XiaoningDing, @alfred-huangjian @mfanjie @huangyuqi @colhom
Automatic merge from submit-queue
Unable to have optional message slice
When making a message slice optional, we need to handle one more
conditional case in the rewriter.
@wojtek-t
The current name, federation-apiserver-secret, is very similar to the
other secret we have, federation-apiserver-secrets, that delivers
somewhat similar data but in a different format. This is extremely
confusing, particularly while debugging.
This change should soothe the pain.
The more explicit regular expression for rejection makes a
possibility of accessing pods (or any other resources) which
contain "attach" or "exec" in their names via proxy API. It
was not possible before.
Also, the reference for "run" resource was removed, because
it doesn't exist in any of k8s APIs currently.
Fixes: #21464
Automatic merge from submit-queue
Switched watches in tests require ResourceVersion to be passed
For testing the Watches are not sufficient in that it might miss the event of transitioning a Pod from one state to another which might happen before we start Watching events. To remedy this, I'm proposing to switch to Gets to always read the actual state of a Pod.
@smarterclayton this fixes https://github.com/openshift/origin/issues/9192 and hopefully all `gave up waiting for pod...` flakes
[]()
Automatic merge from submit-queue
Use Infof/Warningf when appropriate
When we use a format string, we should use Infof/Warningf instead
of Info/Warning
Zach Loafman