Automatic merge from submit-queue
Move SELinux proposal to docs/design
Moves the proposal into the docs/design directory, as should have happened long ago.
Automatic merge from submit-queue
Update storage API group in docs
It reflects actual state of implementation (i.e. the API group was already changed in 1.4).
Automatic merge from submit-queue
Add a multi-platform proposal
This is a proposal for the work I've done with multiarch Kubernetes. I've worked quite a lot on it and now I've written it down so others may easily use and learn from it, while at the same time pointing out issues that we should fix in the future.
I would like to get this in before `v1.3`.
Feel free to comment on it if it's something that's unclear.
@david-mcmahon @ixdy @mikedanese @Pensu @davidopp @bgrant0607 @dlorenc @eparis @vishh @thockin @dchen1107 @lavalamp
Automatic merge from submit-queue
Implement dynamic provisioning (beta) of PersistentVolumes via StorageClass
Implemented according to PR #26908. There are several patches in this PR with one huge code regen inside.
* Please review the API changes (the first patch) carefully, sometimes I don't know what the code is doing...
* `PV.Spec.Class` and `PVC.Spec.Class` is not implemented, use annotation `volume.alpha.kubernetes.io/storage-class`
* See e2e test and integration test changes - Kubernetes won't provision a thing without explicit configuration of at least one `StorageClass` instance!
* Multiple provisioning volume plugins can coexist together, e.g. HostPath and AWS EBS. This is important for Gluster and RBD provisioners in #25026
* Contradicting the proposal, `claim.Selector` and `volume.alpha.kubernetes.io/storage-class` annotation are **not** mutually exclusive. They're both used for matching existing PVs. However, only `volume.alpha.kubernetes.io/storage-class` is used for provisioning, configuration of provisioning with `Selector` is left for (near) future.
* Documentation is missing. Can please someone write some while I am out?
For now, AWS volume plugin accepts classes with these parameters:
```
kind: StorageClass
metadata:
name: slow
provisionerType: kubernetes.io/aws-ebs
provisionerParameters:
type: io1
zone: us-east-1d
iopsPerGB: 10
```
* parameters are case-insensitive
* `type`: `io1`, `gp2`, `sc1`, `st1`. See AWS docs for details
* `iopsPerGB`: only for `io1` volumes. I/O operations per second per GiB. AWS volume plugin multiplies this with size of requested volume to compute IOPS of the volume and caps it at 20 000 IOPS (maximum supported by AWS, see AWS docs).
* of course, the plugin will use some defaults when a parameter is omitted in a `StorageClass` instance (`gp2` in the same zone as in 1.3).
GCE:
```
apiVersion: extensions/v1beta1
kind: StorageClass
metadata:
name: slow
provisionerType: kubernetes.io/gce-pd
provisionerParameters:
type: pd-standard
zone: us-central1-a
```
* `type`: `pd-standard` or `pd-ssd`
* `zone`: GCE zone
* of course, the plugin will use some defaults when a parameter is omitted in a `StorageClass` instance (SSD in the same zone as in 1.3 ?).
No OpenStack/Cinder yet
@kubernetes/sig-storage
Automatic merge from submit-queue
kubelet eviction on inode exhaustion
Add support for kubelet to monitor for inode exhaustion of either image or rootfs, and in response, attempt to reclaim node level resources and/or evict pods.
Automatic merge from submit-queue
Remove incorrect docs about unset fields in NetworkPolicyPeer
While hammering out the semantics of not-present vs present-but-empty, we appear to have added incorrect clarifications to NetworkPolicyPeer, where the semantics of PodSelector not being present is supposed to be "do what NamespaceSelector" says, not "select no pods", and likewise with NamespaceSelector not being present.
I think it's clearest if we just don't say anything, since we already said "Exactly one of the following must be specified" above. Alternatively we could be redundant and say "(If not provided, then NamespaceSelector must be set.)" or something like that.
@caseydavenport @thockin
Automatic merge from submit-queue
docs/proposal: add proposal for kubectl login
This PR updates https://github.com/kubernetes/features/issues/32 and https://github.com/kubernetes/kubernetes/pull/25758 by adding a proposal for a "kubectl login" command.
It's a bit more involved than the implementation discussed with @deads2k in #25758, by proposing a long term goal for the overall subcommand.
cc @kubernetes/sig-auth @kubernetes/kubectl
Automatic merge from submit-queue
component feature config proposal
This adds a proposal for a simple mechanism to pass runtime config to kube system components. Motivation is to have a consistent way to toggle new features that are not tied to an API group. Feedback appreciated
@mikedanese @lavalamp @kubernetes/sig-api-machinery @kubernetes/sig-cluster-lifecycle @kubernetes/sig-node
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/30003)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Allow expressing inodes in percentages for eviction
Per discussion here:
https://github.com/kubernetes/kubernetes/pull/28055#issuecomment-230078770
The amount of inodes per disk can vary, and our operators would prefer to express eviction in terms of percentage available. So independent of a disk having 3.2M or 12M of total inodes, its more convenient to just express eviction as saying if available inodes falls below 10 or 5 percent of total capacity then trigger an action.
/cc @vishh @ronnielai @kubernetes/rh-cluster-infra @twiest @kubernetes/sig-node
Automatic merge from submit-queue
docs: Detail possible transitions in CRI
Right now the document doesn't make it clear that transitions are unidirectional and a exited container won't be restarted, but replaced by a fresh copy.
cc @yujuhong @feiskyer @kubernetes/sig-node
Automatic merge from submit-queue
Update the Pod Resource Management Proposal with Implementation status
This is tied to the upstream issue #27204 for adding pod level cgroups into Kubernetes.
@vishh @derekwaynecarr @Random-Liu PTAL.
Automatic merge from submit-queue
Update the AppArmor design proposal
3 modifications to the original AppArmor design proposal:
1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.
/cc @bgrant0607 @erictune @pmorie @pweil-
Automatic merge from submit-queue
Update proposed flag names for kubelet eviction
This PR changes the flag names proposed in kubelet eviction for minimum amount of resource to reclaim when triggering an eviction.
This captures the design change proposed and agreed to in #27199
Having it in a separate PR removes noise from reviewing the core PR.
/cc @vishh @ronnielai PTAL
Automatic merge from submit-queue
Flannel doc description cidr modify
File "docs\proposals\flannel-integration.md", line 123, "node controller backs off cidr allocation", here cidr is not easy to understand, can be modified to CIDR.
Automatic merge from submit-queue
Proposal for ControllerReference
Proposal for including the reference pointing to the owning "collection" (controller) for objects that can be grouped. The goal is to prevent a situation when two controllers are fighting over some resources.
cc @bgrant0607 @lavalamp @caesarxuchao @davidopp @fgrzadkowski @wojtek-t @kubernetes/sig-api-machinery
Automatic merge from submit-queue
Add proposal for service externalName
This is a proposal to address: #13748.
@smarterclayton @ncdc @thockin. Please check this out when you have time, hopefully this is okay :-D
I created the proposal because was unsure if the feature would be able to go in if there isn't a proposal already merged, because of this mail to kubernetes-pm: https://groups.google.com/forum/#!topic/kubernetes-pm/Ki63EztfZMo.
So, IIUC it would be nice to have the proposal merged ASAP (I think the interface looks ok for all, so hopefully this will be easy) so we can have this feature in 1.4 as you guys ( @smarterclayton @ncdc ) need.
Automatic merge from submit-queue
Add proposal for secret and configmap files mode bits
This is a proposal to address https://github.com/kubernetes/kubernetes/issues/28317.
cc @pmorie (owner) @thockin
@thockin: Sorry if you preferred not to be CCed, I thougth you'd be interested :-)
I think this is always the case, but let me say it one more time just in case: as this is a PR, ALL the feedback is more than welcome!
It's my first time in kubernetes, so sorry in advance if this is obviously wrong. What I realize now is that I forgot to add the headers to the proposal. Is there some script to add them? Or should I just c&p from some other proposal?
Thanks a lot,
Rodrigo
Automatic merge from submit-queue
Doc referrence "container-id" incorrect
File "docs\proposals\disk-accounting.md", line 154, "Everything under `/var/lib/docker/overlay/<container-id>` are files required for running the container", here "container-id" is incorrect because files under "/var/lib/docker/overlay" are layer files, and "container-id" should be "id" thus consistent with line 148 "Image layers and writable layers are stored under `/var/lib/docker/overlay/<id>`".
Automatic merge from submit-queue
Deprecate the term "Ubernetes"
Deprecate the term "Ubernetes" in favor of "Cluster Federation" and "Multi-AZ Clusters"
Search and replace for references to moved examples
Reverted find and replace paths on auto gen docs
Reverting changes to changelog
Fix bugs in test-cmd.sh
Fixed path in examples README
ran update-all successfully
Updated verify-flags exceptions to include renamed files
This commit includes a proposal and a Go file to re-define the container
runtime interface.
Note that this is an experimental interface and is expected to go through
multiple revisions once developers start implementing against it. As stated in
the proposal, there are also individual issues to carry discussions of
specific features.
Automatic merge from submit-queue
to remove workflow proposal
@erictune @brendanburns
I think workflow proposal should be removed now. If you have a specific plan to remove it disregard this.
Ilya Dmitrichenko
