Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
Automatic merge from submit-queue
relocate FC multipath readme to examples from pkg/volume
Signed-off-by: rootfs <hchen@redhat.com>
**What this PR does / why we need it**:
`pkg/volume/README.md` is not a good place for Fiber Channel specific doc. Move the block into FC README.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Cluster-Autoscaler e2e to catch unnecessary scale-ups
This e2e catches the bug in 0.5.0 CA with reasonable probability.
```release-note
```
Automatic merge from submit-queue
Use shared informers for proxy endpoints and service configs
Use shared informers instead of creating local controllers/reflectors
for the proxy's endpoints and service configs. This allows downstream
integrators to pass in preexisting shared informers to save on memory &
cpu usage.
This also enables the cache mutation detector for kube-proxy for those
presubmit jobs that already turn it on.
Follow-up to #43295 cc @wojtek-t
Will race with #43937 for conflicting changes 😄 cc @thockin
cc @smarterclayton @sttts @liggitt @deads2k @derekwaynecarr @eparis @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
e2e for cluster-autoscaler unhealthy cluster handling
Add e2e test for cluster-autoscaler handling of unhealthy cluster.
~~This only passes reliably with https://github.com/kubernetes/contrib/pull/2488 and should not be merged before it.~~ (included in current CA image)
**Release note**:
```release-note
```
Adding test cases for HC updates found a bug with an update that
simultaneously removes one port and adds another. Map iteration is
randomized, so sometimes no HC would be created.
- reuse default framework setup rather than duplicating
- skip namespace creation for each test in hosting cluster
- ensure FederationAfterEach is called if BeforeEach fails
Automatic merge from submit-queue (batch tested with PRs 42288, 44055)
Fixed inaccurate comments for Secret and ConfigMap
**What this PR does / why we need it**:
Updates the comments for ConfigMap and Secret in types.go to correspond to the regex used in validation.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#42203
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 44008, 41929)
vSphere Cloud Provider: Fstype in storage class
This PR does following,
1. Adds fstype support in storage class for vSphere Cloud Provider.
2. Modify examples to include fstype in storage class.
3. Adds fstype support in storage class for Photon Controller Cloud Provider (@luomiao)
Internally reviewed [here](https://github.com/vmware/kubernetes/pull/88).
cc @pdhamdhere @tusharnt @kerneltime @BaluDontu @divyenpatel @luomiao
Automatic merge from submit-queue (batch tested with PRs 44008, 41929)
Bump rules_go to latest
**What this PR does / why we need it**: updates the Bazel go_rules dependency which provides several important bugfixes and feature enhancements. It's still using go1.7.5, so all tests should still pass.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 44047, 43514, 44037, 43467)
Juju: Enable GPU mode if GPU hardware detected
**What this PR does / why we need it**:
Automatically configures kubernetes-worker node to utilize GPU hardware when such hardware is detected.
layer-nvidia-cuda does the hardware detection, installs CUDA and Nvidia
drivers, and sets a state that the k8s-worker can react to.
When gpu is available, worker updates config and restarts kubelet to
enable gpu mode. Worker then notifies master that it's in gpu mode via
the kube-control relation.
When master sees that a worker is in gpu mode, it updates to privileged
mode and restarts kube-apiserver.
The kube-control interface has subsumed the kube-dns interface
functionality.
An 'allow-privileged' config option has been added to both worker and
master charms. The gpu enablement respects the value of this option;
i.e., we can't enable gpu mode if the operator has set
allow-privileged="false".
**Special notes for your reviewer**:
Quickest test setup is as follows:
```bash
# Bootstrap. If your aws account doesn't have a default vpc, you'll need to
# specify one at bootstrap time so that juju can provision a p2.xlarge.
# Otherwise you can leave out the --config "vpc-id=vpc-xxxxxxxx" bit.
juju bootstrap --config "vpc-id=vpc-xxxxxxxx" --constraints "cores=4 mem=16G root-disk=64G" aws/us-east-1 k8s
# Deploy the bundle containing master and worker charms built from
# https://github.com/tvansteenburgh/kubernetes/tree/gpu-support/cluster/juju/layers
juju deploy cs:~tvansteenburgh/bundle/kubernetes-gpu-support-3
# Setup kubectl locally
mkdir -p ~/.kube
juju scp kubernetes-master/0:config ~/.kube/config
juju scp kubernetes-master/0:kubectl ./kubectl
# Download a gpu-dependent job spec
wget -O /tmp/nvidia-smi.yaml https://raw.githubusercontent.com/madeden/blogposts/master/k8s-gpu-cloud/src/nvidia-smi.yaml
# Create the job
kubectl create -f /tmp/nvidia-smi.yaml
# You should see a new nvidia-smi-xxxxx pod created
kubectl get pods
# Wait a bit for the job to run, then view logs; you should see the
# nvidia-smi table output
kubectl logs $(kubectl get pods -l name=nvidia-smi -o=name -a)
```
kube-control interface: https://github.com/juju-solutions/interface-kube-control
nvidia-cuda layer: https://github.com/juju-solutions/layer-nvidia-cuda
(Both are registered on http://interfaces.juju.solutions/)
**Release note**:
```release-note
Juju: Enable GPU mode if GPU hardware detected
```
Automatic merge from submit-queue (batch tested with PRs 44047, 43514, 44037, 43467)
Update boltdb dependency to fix golang 1.7 intermittent failures
We have a old boltdb/bolt, etcd has moved to newer boltdb, so we should
do the same. Specifically this change needs to be in our tree:
92410e0673
as this fixes intermittent issues we see in our CI runs. So in this
PR, we vendor the v1.3.0 version of boltdb/bolt.
Fixes#43973
Automatic merge from submit-queue (batch tested with PRs 44047, 43514, 44037, 43467)
unit test for kubectl config use-context
**What this PR does / why we need it**:
unit test for kubectl config use-context
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
think you
**Release note**:
```release-note
```
Automatic merge from submit-queue
get-kube-local.sh checks pods with option "--namespace=kube-system"
**What this PR does / why we need it**:
Local cluster creation using get-kube-local.sh is never finished.
The get-kube-local.sh monitors running_count of pods such as etcd,
master and kube-proxy, but these pods are created under the namespace
kube-system. Therefore kubectl can't find these pods then cluster
creation isn't completed.
The get-kube-local.sh should monitor created pods with option
"--namespace=kube-system".
**Which issue this PR fixes** : fixes#42517
**Release note**:
```
`NONE`
```
Moved remaining util functions
moved cinder specific function back to volumes.go, will have to be extracted later when a cinder e2e package is created.
remove dupe code from common/volume.go
Moved [Volume] tags to KubeDescribe
Automatic merge from submit-queue
Change an Errorf to a Fatalf to prevent a panic.
In #37982 we see that if this error is hit then we will panic on the next line. Lets use `Fatalf` where appropriate :)
This does *not* fix the flake, since that's caused by the test assuming that a particular port is free.
Automatic merge from submit-queue
Clearer ImageGC failure errors. Fewer events.
Addresses #26000. Kubelet often "fails" image garbage collection if cAdvisor has not completed the first round of stats collection. Don't create events for a single failure, and make log messages more specific.
@kubernetes/sig-node-bugs
Automatic merge from submit-queue
Fixes links in CHANGELOG.md table of contents
**What this PR does / why we need it**:
Fixes TOC in `CHANGELOG.md`
**Special notes for your reviewer**:
`NONE`
**Release note**:
`NONE`
Automatic merge from submit-queue
Remove 'beta' from default storage class annotation (storage/util)
**What this PR does / why we need it**:
This is a follow up to: #42991 where I believe this file was overlooked.
It removes `beta` from the default storageclass annotation.
Without this fix you are not able to specify a default storage class like this:
```yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
```
because the annotation is ignored in: https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/admission/storageclass/default/admission.go#L129
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/cc @jsafrane
Automatic merge from submit-queue
cluster/log-dump - chmod files before dumping
We make the files world-readable, so that installation techniques that
lock down the logfiles can still be dumped.
Issue https://github.com/kubernetes/test-infra/issues/2397
```release-note
NONE
```
Use shared informers instead of creating local controllers/reflectors
for the proxy's endpoints and service configs. This allows downstream
integrators to pass in preexisting shared informers to save on memory &
cpu usage.
This also enables the cache mutation detector for kube-proxy for those
presubmit jobs that already turn it on.
Automatic merge from submit-queue
Adding more proxy options and header to nginx load-balancer.
**What this PR does / why we need it**: The kubeapi-load-balancer uses nginx to proxy commands to the kube-apiserver. It currently does not support SPDY and therefore the `kubectl exec` command is broken.
**Which issue this PR fixes** :
fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/226
fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/201
**Special notes for your reviewer**: This only changes the nginx configuration no code change was required.
**Release note**:
```release-note
Using http2 in kubeapi-load-balancer to fix kubectl exec uses
```
We have a old boltdb/bolt, etcd has moved to newer boltdb, so we should
do the same. Specifically this change needs to be in our tree:
92410e0673
as this fixes intermittent issues we see in our CI runs. So in this
PR, we vendor the v1.3.0 version of boltdb/bolt.
Fixes#43973
Andy Goldstein