Automatic merge from submit-queue
common.sh should load before kube-down/kube-up function called
#38921 common.sh should load before kube-down/kube-up function called,now it load in kube-down/kube-up function,so can't find verify-kube-binaries command
Automatic merge from submit-queue
conversion-gen: add --skip-unsafe flag
We should expose the SkipUnsafe option, for legacy compatability, so
that conversion-go can be used in other projects, and for platforms
where unsafe is not available.
Make unsafe code generation the default though, and have the help text
hint that the resulting code is sub-optimal.
Automatic merge from submit-queue
path.Clean paths in GlobalEnvParams and remove unnecessary path.Join
**What this PR does / why we need it**:
1. clean all paths in `GlobalEnvParams`
1. remove unnecessary path.Join call in `pki.go`
2. fix some typos and comment errors
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue (batch tested with PRs 38906, 38808)
change the version in the yaml file
change the version in heapster-controller.yaml with image version
Automatic merge from submit-queue
cluster/gce/coreos: add OWNERS
See #33965 for context.
The code in `cluster/gce/coreos` has mostly been written/maintained by @yifan-gu and myself thusfar, so I added our names to the owner list.
@ethernetdan has also volunteered as well (thanks!).
**Release note**:
```release-note
NONE
```
cc @roberthbailey
Automatic merge from submit-queue
Remove two zany unit tests.
These two tests aren't unit tests in the usual sense. We can consider switching them to run as verify checks, but I'm not convinced that they're even necessary.
They essentially work by searching their code for public functions with signatures that look like `FitPredicate`, then they shell out to grep to see that they're used somewhere in the source tree. This will never work in bazel.
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
Remove extensions/v1beta1 Job
Fixes https://github.com/kubernetes/kubernetes/issues/32763. This endpoint was deprecated in 1.5 and was planned to be removed in 1.6.
**Release note**:
```release-note
Remove extensions/v1beta1 Jobs resource, and job/v1beta1 generator.
```
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
[Federation] Remove unnecessary functions from develop.sh as part of …
This is part of a big refactor to deprecate a short-lived deploy.sh
mechanism that nobody really could use due to bugs.
```release-note
`federation/deploy/deploy.sh` was an interim solution introduced in Kubernetes v1.4 to simplify the federation control plane deployment experience. Now that we have `kubefed`, we are deprecating `deploy.sh` scripts.
```
cc @kubernetes/sig-federation-misc @irfanurrehman
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
local-up-cluster additions
**What this PR does / why we need it**:
Changes to local-cluster-up: These include: 1) a simple additional help option. 2) additional error message to not being able to run `docker ps`. 3) fail faster when etcd is not found in path. Hopefully these make developing a bit more pleasant.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
Adds e2e firewall tests for LoadBalancer service, ingress, and e2e cluster
Fixes#25488 and fixes#31827.
This PR adds e2e firewall test for LoadBalancer type service, ingress and e2e cluster.
Test details for LoadBalancer type service as below:
- Verifies corresponding firewall rule has correct `sourceRanges`, `ports and protocols` and `target tags`.
- Verifies requests can reach all expected instances.
- Verifies requests can not reach instances that are not included.
Overview of the test procedure:
- Creates a LoadBalancer type service.
- Validates the corresponding firewall rule.
- Creates netexec pods as service backends.
- Sends requests from outside of the cluster and examine hitting all instances in range.
- Removes tags from one of the instances in order to get it out of firewall rule's range.
- Sends requests from outside of the cluster and examine not hitting this instance.
- Recovers tags for this instances and verifies its traffic is back.
@bprashanth @bowei @thockin
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
rename constant MaxPatchConflicts to maxRetryWhenPatchConflicts
**What this PR does / why we need it**:
1. literally `MaxPatchConflicts` means max number of patch conflicts allowed during a patch operation. but actually in codes it is used to indicate max number of patch retry when patch conflicts happened.
2. there is no need to export this constant because it is only used in `resthandler.go` and shouldn't be used in other packages.
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue
Admit critical pods in the kubelet
Haven't verified in a live cluster yet, just unittested, so applying do-not-merge label.
For LoadBalancer type service:
- Verifies corresponding firewall rule has correct sourceRanges, ports
& protocols, target tags.
- Verifies requests can reach all expected instances.
- Verifies requests can not reach instances that are not included.
For Ingress resrouce:
- Verifies the ingress firewall rule has correct sourceRanges, target
tags and tcp ports.
For general e2e cluster:
- Verifies all required firewall rules has correct sourceRange, ports
& protocols, source tags and target tags.
- Verifies well know ports on master and nodes are not
exposed externally
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)
InodeEviction Test failing because of docker race condition.
The inode eviciton test was failing because of a bug in docker/docker#21215.
Inode eviction test triggers garbage collection of images, which causes an error if kubernetes tries to "docker images list" at the same time.
This is not relevant to the inode eviction test, so do not cause the test to fail if this race occurs.
@Random-Liu
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)
Bundle federation/develop directory in the test tarball for federation testing.
cc @kubernetes/sig-federation-misc
Automatic merge from submit-queue
Use daemonset in docker registry add on
When using registry add on with kubernetes cluster it will be right to use `daemonset` to bring up a pod on each node of cluster, right now the docs suggests to bring up a pod on each node manually by dropping the pod manifests into directory `/etc/kubernetes/manifests`.
Automatic merge from submit-queue
use in-cluster kubeconfig for genericapiserver
Allow the use of the in-cluster config to communicate with the core API server for delegated authn/authz for an addon API server.
@kubernetes/sig-api-machinery @sttts
Automatic merge from submit-queue
Don't check nodeport for nginx ingress
Services behind a standard nginx ingress don't need nodeport, so don't check that.
Automatic merge from submit-queue (batch tested with PRs 38730, 37299)
[scheduling] Moved node affinity from annotations to api fields. #35518
Converted node affinity from annotations to api fields
Fixes: #35518
Related: #25319
Related: #34508
**Release note**:
```release-note
Node affinity has moved from annotations to api fields in the pod spec. Node affinity that is defined in the annotations will be ignored.
```
Automatic merge from submit-queue
Automatically download missing kube binaries in kube-up/kube-down.
**What this PR does / why we need it**: some users extract `kubernetes.tar.gz` and then immediately call `cluster/kube-up.sh` without first calling the new `cluster/get-kube-binaries.sh` script. As a result, the cluster fails to start, but it's not immediately clear why binaries are missing.
This PR streamlines this workflow by detecting this condition and prompting the user to download necessary binaries (using `cluster/get-kube-binaries.sh`).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#38725
cc @arun-gupta @christian-posta
Jerzy Szczepkowski