github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
41,753 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

4037 Commits (0b94834b17cf8347ce65951a6c3f9ec8890074d5)

Author SHA1 Message Date
Kubernetes Submit Queue 4ac5f278c5 Merge pull request #38742 from timstclair/cri-exec-long 
Automatic merge from submit-queue

[CRI] Don't include user data in CRI streaming redirect URLs

Fixes: https://github.com/kubernetes/kubernetes/issues/36187

Avoid userdata in the redirect URLs by caching the {Exec,Attach,PortForward}Requests with a unique token. When the redirect URL is created, the token is substituted for the request params. When the streaming server receives the token request, the token is used to fetch the actual request parameters out of the cache.

For additional security, the token is generated using the secure random function, is single use (i.e. the first request with the token consumes it), and has a short expiration time.

/cc @kubernetes/sig-node
 2017-01-11 17:16:07 -08:00
Tim St. Clair c17f3ee367
Don't include user data in CRI streaming redirect URLs 2017-01-11 13:40:43 -08:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
Kubernetes Submit Queue 636902c759 Merge pull request #39731 from apprenda/dockertools_fix 
Automatic merge from submit-queue

Fix kubelet cross build

**What this PR does / why we need it**: Cross builds are not passing for MacOS and Windows. We are expecting Windows binaries for `kubelet` and `kube-proxy` to be released by the first time with 1.5.2 to be released later today.

**Which issue this PR fixes**:
fixes #39005
fixes #39714

**Special notes for your reviewer**: /cc @feiskyer @smarterclayton @vishh this should be P0 in order to be merged before 1.5.2 and obviously fix the cross build.
 2017-01-11 10:53:27 -08:00
Kubernetes Submit Queue bc861bf756 Merge pull request #39475 from deads2k/generic-14-apimachinery 
Automatic merge from submit-queue (batch tested with PRs 39475, 38666, 39327, 38396, 39613)

Create k8s.io/apimachinery repo

Don't panic.

The diff is quite large, but its all generated change.  The first few commits are where are all the action is.  I built a script to find the fanout from 
```
k8s.io/kubernetes/pkg/apimachinery/registered
k8s.io/kubernetes/pkg/runtime/serializer
k8s.io/kubernetes/pkg/runtime/serializer/yaml
k8s.io/kubernetes/pkg/runtime/serializer/streaming
k8s.io/kubernetes/pkg/runtime/serializer/recognizer/testing 
```

It copied 
```
k8s.io/kubernetes/pkg/api/meta
k8s.io/kubernetes/pkg/apimachinery
k8s.io/kubernetes/pkg/apimachinery/registered
k8s.io/kubernetes/pkg/apis/meta/v1
k8s.io/kubernetes/pkg/apis/meta/v1/unstructured
k8s.io/kubernetes/pkg/conversion
k8s.io/kubernetes/pkg/conversion/queryparams
k8s.io/kubernetes/pkg/genericapiserver/openapi/common - this needs to renamed post-merge.  It's just types
k8s.io/kubernetes/pkg/labels
k8s.io/kubernetes/pkg/runtime
k8s.io/kubernetes/pkg/runtime/schema
k8s.io/kubernetes/pkg/runtime/serializer
k8s.io/kubernetes/pkg/runtime/serializer/json
k8s.io/kubernetes/pkg/runtime/serializer/protobuf
k8s.io/kubernetes/pkg/runtime/serializer/recognizer
k8s.io/kubernetes/pkg/runtime/serializer/recognizer/testing
k8s.io/kubernetes/pkg/runtime/serializer/streaming
k8s.io/kubernetes/pkg/runtime/serializer/versioning
k8s.io/kubernetes/pkg/runtime/serializer/yaml
k8s.io/kubernetes/pkg/selection
k8s.io/kubernetes/pkg/types
k8s.io/kubernetes/pkg/util/diff
k8s.io/kubernetes/pkg/util/errors
k8s.io/kubernetes/pkg/util/framer
k8s.io/kubernetes/pkg/util/json
k8s.io/kubernetes/pkg/util/net
k8s.io/kubernetes/pkg/util/runtime
k8s.io/kubernetes/pkg/util/sets
k8s.io/kubernetes/pkg/util/validation
k8s.io/kubernetes/pkg/util/validation/field
k8s.io/kubernetes/pkg/util/wait
k8s.io/kubernetes/pkg/util/yaml
k8s.io/kubernetes/pkg/watch
k8s.io/kubernetes/third_party/forked/golang/reflect
```

The script does the import rewriting and gofmt.  Then you do a build, codegen, bazel update, and it produces all the updates.

If we agree this is the correct approach.  I'll create a verify script to make sure that no one messes with any files in the "dead" packages above.

@kubernetes/sig-api-machinery-misc @smarterclayton @sttts @lavalamp @caesarxuchao 

`staging/prime-apimachinery.sh && hack/update-codegen.sh && nice make WHAT="federation/cmd/federation-apiserver/ cmd/kube-apiserver" && hack/update-openapi-spec.sh && hack/update-federation-openapi-spec.sh && hack/update-codecgen.sh && hack/update-codegen.sh && hack/update-generated-protobuf.sh && hack/update-bazel.sh`
 2017-01-11 09:14:49 -08:00
Paulo Pires f4edaf2b8c
dockertools: disable swap on Linux since it's unsupported. 
Refs #39005
 2017-01-11 17:07:53 +00:00
Paulo Pires dacc363605
dockertools: fix Windows implementation. 
Fixes #39005
Fixes #39714
 2017-01-11 17:07:52 +00:00
Kubernetes Submit Queue cd55e1b259 Merge pull request #39714 from feiskyer/fix 
Automatic merge from submit-queue (batch tested with PRs 39714, 39646)

dockertools: fix build on OSX

#39005 introduces a build problem on OSX. This PR fixes it.

Refer [here](https://github.com/kubernetes/kubernetes/pull/39005#issuecomment-271781026).
 2017-01-11 08:00:47 -08:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Kubernetes Submit Queue 1fbb22e115 Merge pull request #39702 from mikedanese/kubelet-csr 
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)

kubelet: request client auth certificates from certificate API.

This fixes kubeadm and --experiment-kubelet-bootstrap.

cc @liggitt
 2017-01-10 22:24:17 -08:00
Kubernetes Submit Queue 3f9f7471af Merge pull request #38989 from sjenning/set-qos-field 
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)

Set PodStatus QOSClass field

This PR continues the work for https://github.com/kubernetes/kubernetes/pull/37968

It converts all local usage of the `qos` package class types to the new API level types (first commit) and sets the pod status QOSClass field in the at pod creation time on the API server in `PrepareForCreate` and in the kubelet in the pod status update path (second commit).  This way the pod QOS class is set even if the pod isn't scheduled yet.

Fixes #33255

@ConnorDoyle @derekwaynecarr @vishh
 2017-01-10 22:24:13 -08:00
Pengfei Ni 1f17a47f4e dockertools: fix build on OSX 2017-01-11 14:08:30 +08:00
Kubernetes Submit Queue d3c0914a14 Merge pull request #39005 from brendandburns/windows 
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)

Set MemorySwap to zero on Windows

Fixes https://github.com/kubernetes/kubernetes/issues/39003

@dchen1107 @michmike @kubernetes/sig-node-misc
 2017-01-10 19:48:16 -08:00
Kubernetes Submit Queue addc6cae4a Merge pull request #38212 from mikedanese/kubeletauth 
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)

Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth.

cc @cjcullen
 2017-01-10 19:48:09 -08:00
Mike Danese d2032fd83c kubelet: request client auth certificates from certificate API. 2017-01-10 17:57:39 -08:00
Kubernetes Submit Queue 65d6a5c6a8 Merge pull request #39455 from kubernetes/revert-39306-oom_score_adj 
Automatic merge from submit-queue (batch tested with PRs 39486, 37288, 39477, 39455, 39542)

Revert "Small improve for GetContainerOOMScoreAdjust"

Reverts kubernetes/kubernetes#39306

This does not help current code healthy, let's revert it to avoid further confusing.
 2017-01-10 14:33:17 -08:00
Seth Jennings e2402b781b set qos class field in pod status 2017-01-10 16:31:52 -06:00
Seth Jennings 4c30459e49 switch from local qos types to api types 2017-01-10 10:54:30 -06:00
Brendan Burns c050826fea Set MemorySwap to zero on Windows 2017-01-09 23:08:48 -08:00
deads2k 1df5b658f2 switch webhook to clientgo 2017-01-09 16:53:24 -05:00
Kubernetes Submit Queue 0bbb49d2d5 Merge pull request #39479 from fraenkel/podkiller 
Automatic merge from submit-queue

Avoid panic when stopping the podKiller

use a mutex instead of a channel

fixes #38857
 2017-01-06 16:02:16 -08:00
Kubernetes Submit Queue aa7509989b Merge pull request #39318 from NickrenREN/eviction-manager-start 
Automatic merge from submit-queue

remove eviction-manager start return err
 2017-01-06 11:55:41 -08:00
Kubernetes Submit Queue 402abd23ef Merge pull request #39493 from sjenning/fix-null-deref 
Automatic merge from submit-queue (batch tested with PRs 39493, 39496)

kubelet: fix nil deref in volume type check

An attempt to address memory exhaustion through a build up of terminated pods with memory backed volumes on the node in PR https://github.com/kubernetes/kubernetes/pull/36779 introduced this.

For the `VolumeSpec`, either the `Volume` or `PersistentVolume` field is set, not both.  This results in a situation where there is a nil deref on PVs.  Since PVs are inherently not memory-backend, only local/temporal volumes should be considered.

This needs to go into 1.5 as well.

Fixes #39480

@saad-ali @derekwaynecarr @grosskur @gnufied

```release-note
fixes nil dereference when doing a volume type check on persistent volumes
```
 2017-01-06 08:44:18 -08:00
NickrenREN 85e6076fab remove eviction-manager start return err 
Start() function will never return err,we do not need the return value
 2017-01-06 09:32:16 +08:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Seth Jennings c4e6725236 fix nil deref 2017-01-05 15:36:42 -06:00
Michael Fraenkel fb3a1d6851 Avoid panic when stopping the podKiller 
use a mutex instead of a channel
 2017-01-05 14:52:24 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
Harry Zhang 9712fe8455 Revert "Small improve for GetContainerOOMScoreAdjust" 2017-01-05 09:54:11 +08:00
Michael Fraenkel f6c9ab4312 Check if key is a valid after prefix is prepended 
- Allow invalid keys to become valid by requiring a prefix
 2017-01-04 17:26:44 -05:00
Kubernetes Submit Queue 5ee52e8bce Merge pull request #39384 from deads2k/generic-01-start-staging 
Automatic merge from submit-queue

Start moving genericapiserver to staging

This moves `pkg/auth/user` to `staging/k8s.io/genericapiserver/pkg/authentication/user`.  I'll open a separate pull into the upstream gengo to support using `import-boss` on vendored folders to support staging.

After we agree this is the correct approach and see everything build, I'll start moving other packages over which don't have k8s.io/kubernetes deps.

@kubernetes/sig-api-machinery-misc @lavalamp 
@sttts @caesarxuchao ptal
 2017-01-04 12:06:34 -08:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Kubernetes Submit Queue 2cc9650e7e Merge pull request #39306 from hex108/oom_score_adj 
Automatic merge from submit-queue (batch tested with PRs 38084, 39306)

Small improve for GetContainerOOMScoreAdjust

In `GetContainerOOMScoreAdjust`, make logic more clear for the case `oomScoreAdjust >= besteffortOOMScoreAdj`. If `besteffortOOMScoreAdj`  is defined to another value(e.g. 996), suppose `oomScoreAdjust` is 999, the function will return 998(which equals 999 - 1) instead of 995(996 -1).
 2017-01-04 07:18:07 -08:00
Kubernetes Submit Queue 9b726d6b8f Merge pull request #38687 from ivan4th/remove-dockerlegacyservice-comment-from-kubelet 
Automatic merge from submit-queue

Remove DockerLegacyService comment from kubelet
 2017-01-03 23:28:22 -08:00
Kubernetes Submit Queue 819535b96a Merge pull request #36245 from fraenkel/env_configmap 
Automatic merge from submit-queue (batch tested with PRs 38433, 36245)

Allow pods to define multiple environment variables from a whole ConfigMap

Allow environment variables to be populated from ConfigMaps

- ConfigMaps represent an entire set of EnvVars
- EnvVars can override ConfigMaps


fixes #26299
 2017-01-03 23:28:09 -08:00
Kubernetes Submit Queue fe391d7bb0 Merge pull request #37350 from chentao1596/delete-meaningless-judgments 
Automatic merge from submit-queue (batch tested with PRs 39280, 37350, 39389, 39390, 39313)

delete meaningless judgments

What this PR does / why we need it:
      Whether "err" is nil or not, "err" can be return, so the judgment "err !=nil " is unnecessary
 2017-01-03 18:25:10 -08:00
Kubernetes Submit Queue 9eaf1aa38f Merge pull request #39273 from NickrenREN/kubelet-node-status 
Automatic merge from submit-queue (batch tested with PRs 39001, 39104, 35978, 39361, 39273)

delete SetNodeStatus() function and fix some function notes words
 2017-01-03 17:18:12 -08:00
CJ Cullen d0997a3d1f Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth. 
Plumb through to kubelet/kube-apiserver on gci & cvm.
 2017-01-03 14:30:45 -08:00
Kubernetes Submit Queue 1cee8c45d6 Merge pull request #39237 from NickrenREN/pod-manager 
Automatic merge from submit-queue (batch tested with PRs 39092, 39126, 37380, 37093, 39237)

Add unit test function to test DeletePod
 2017-01-03 09:45:26 -08:00
Michael Fraenkel 2d803afc98 ConfigMaps populate environment variables 2017-01-03 11:02:15 -05:00
Dr. Stefan Schimanski 87dd990bb7 Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-03 14:57:33 +01:00
NickrenREN fd336cde07 drop SetNodeStatus() function and fix some function notes words 
drop SetNodeStatus() Since it is never called now. klet.defaultNodeStatusFuncs() is set to klet.setNodeStatusFuncs now and setNodeStatus() function is called by other functions.
 2017-01-03 11:26:50 +08:00
NickrenREN 2fa0935c19 Add unit test function to test DeletePod 
Add unit test function to test DeletePod() of podManager
 2017-01-03 11:08:39 +08:00
Jeff Grafton fae627dd65 Update generated for 2017 2017-01-01 23:11:09 -08:00
Kubernetes Submit Queue f5d9c430e9 Merge pull request #39298 from feiskyer/images 
Automatic merge from submit-queue

Kubelet: add image ref to ImageService interfaces

This PR adds image ref (digest or ID, depending on runtime) to PullImage result, and pass image ref in CreateContainer instead of image name. It also

* Adds image ref to CRI's PullImageResponse
* Updates related image puller
* Updates related testing utilities

~~One remaining issue is: it breaks some e2e tests because they [checks image repoTags](https://github.com/kubernetes/kubernetes/blob/master/test/e2e/framework/util.go#L1941) while docker always returns digest in this PR. Should we update e2e test or continue to return repoTags in `containerStatuses.image`?~~

Fixes #38833.
 2016-12-30 22:51:18 -08:00
Pengfei Ni 67a5bf8454 Rename imageservice.IsImagePresent to GetImageRef 2016-12-31 08:36:55 +08:00
Pengfei Ni 1de92a91e9 Return repoTags instead of digest in containerStatuses.image 2016-12-30 10:48:49 +08:00
Kubernetes Submit Queue d97f125ddf Merge pull request #39050 from mikedanese/gazel-bump 
Automatic merge from submit-queue

bump gazel: pick up some new unit tests
 2016-12-29 15:19:18 -08:00
Kubernetes Submit Queue c7063fd6c0 Merge pull request #39300 from feiskyer/kubenet 
Automatic merge from submit-queue (batch tested with PRs 39307, 39300)

kubenet: define KubenetPluginName for all platforms

This PR moved KubenetPluginName to a general file for all platforms.

Fixes #39299.

cc/ @yifan-gu @freehan
 2016-12-29 13:35:03 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00