Automatic merge from submit-queue
kube-apiserver: tests for aggregation and CRDs via delegation
In our integration tests we do not use the real kube-apiserver setup code, but mock our own. Here I use the actual `cmd/kube-apiserver/app.Run()` func with an testing etcd server. This can test the whole delegation chain of aggregator, apiextensions and kube-apiserver.
Automatic merge from submit-queue
Update heketi dependencies to SHA@53ed62346cbd870d02be06fead8652a8fd6208c6
PR #44174 Requires this api change.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Include leaderelection in client-go;
Fix#39117
Fix https://github.com/kubernetes/client-go/issues/28
This PR:
* includes the leaderelection to the staging client-go
* to avoid conflict with golang's testing package, renames package /testing to /testutil, and renames cache/testing to cache/testframework
```release-note
client-go now includes the leaderelection package
```
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Fix issue when setting fileysystem capacity in container manager
In Container manager, we set up the capacity by retrieving information
from cadvisor. However unlike machineinfo, filesystem information is
available at a later unknown time. This PR uses a go routine to keep
retriving the information until it is avaialble or timeout.
This PR fixes issue #48452
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
proxy/userspace: honor listen IP address as host IP if given
Allows the proxier to be used on an interface that's not the default route,
otherwise hostIP gets set to the default route interface even if that's
not what the user intended.
If listen IP isn't given, falls back to previous behavior.
```release-note
To allow the userspace proxy to work correctly on multi-interface hosts when using the non-default-route interface, you may now set the `bindAddress` configuration option to an IP address assigned to a network interface. The proxy will use that IP address for any required NAT operations instead of the IP address of the interface which has the default route.
```
@kubernetes/sig-network-misc @thockin @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Make kube-proxy's MetricsBindAddress configurable via flag
**What this PR does / why we need it**: From #48600, `MetricsBindAddress` used to be configurable through flag (coupled with `HealthzBindAddress`). But this functionality went away after #44968 separated healthz server from metrics server. This PR adds that functionality back.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
/assign @ncdc
cc @bowei @r0bj
**Release note**:
```release-note
none
```
Automatic merge from submit-queue
Removed mesos as cloud provider from Kubernetes.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47205
**Special notes for your reviewer**:
**Release note**:
```release-note
Move Mesos Cloud Provider out of Kubernetes Repo
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
IPv6 support for getting IP from default route
This is another part of the effort to update ChoseHostInterface() to support
IPv6. In particular, this focuses on the call path, starting from
chooseHostInterfaceFromRoute(), which attempts to find the node IP by
using default route information.
In the original code, routes are collected, and examined to find default
routes. For a default route, the IPs for the associated interface are
checked to see if there is one that is a V4 address, and is not a
loopback, link local, or multicast address. If found, that IP will be
used for the node IP.
With this PR, there are some slight changes to prepare for allowing IPs
from IPv6 default routes. The routes (IPv4 at this time - a subsequent
PR will handle IPv6) are collected as before. If the route is a default
route AND it's GW address is a global unicast address, then the IPs
for the associated interface are checked. This time though, we just pick
the IP that is on the same subnet as the gateway IP.
This ensures it is not a link local, loopback, or multicast address. It
saves time, by nt checking IPs for interfaces that don't have a "global"
default route. It also will ensure the right IP is used, when using both
IPv4 and IPv6 addresses.
For example, if we have eth0 with global IPv4 and IPv6 addresses, and
an IPv6 default route, we want to select the IPv6 address, as it is
associated with the default route.
Another case is that same interface, along with eth1 containing an IPv4
address with a default route. We want to select eth1's IPv4 address,
and not the IPv4 on eth0.
This change adds more UT coverage to several methods, and removes UTs
that are redundantly testing at a higher level. Coverage is slightly
improved.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44848
**Special notes for your reviewer**:
This goes along with PR 46044, and will have another PR to the next part.
**Release note**:
```release-noteNONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
fix parse resource in setting selector
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#47718
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
kubeadm: Allows to use versions like 1.6.4 instead v1.6.4
**What this PR does / why we need it**:
As part of issue kubernetes/kubeadm#292 discussion, it
turned out that for users it is not always obvious that
version specification parameter must be in form "vX.Y.Z".
This patch allows to specify it in form "X.Y.Z" and
converts it internally to normal semantic version which
expected in the rest of the code.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm now can accept versions like "1.6.4" where previously it strictly required "v1.6.4"
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
add extra args validate
`ExtraArgsCheck` return warnings not errors. because kubeadm may create the newer version control plane, there are new arguments that kubeadm doesn't know.
Automatic merge from submit-queue
kubeadm: Implementing the certificates phase fully
**What this PR does / why we need it:**
This contains implementation of certs phases in kubeadm, which is part of the wider effort of implementing phases in kubeadm, previously in alpha stage.
The original proposal for this activity can be found [here](https://github.com/kubernetes/kubeadm/pull/156/files) and related comments.
Kubeadm phase implementation checklist is defined [here](https://github.com/kubernetes/kubeadm/issues/267)
Common implementation guidelines and principles for all phases are defined [here](https://docs.google.com/document/d/1VQMyFIVMfRGQPP3oCUpfjiWtOr3pLxp4g7cP-hXQFXc/edit?usp=sharing)
This PR implements:
- [x] kubeadm phase certs
- [x] kubeadm phase certs all
- [x] kubeadm phase certs ca
- [x] kubeadm phase certs apiserver
- [x] kubeadm phase certs apiserver-kubelet-client
- [x] kubeadm phase certs sa
- [x] kubeadm phase certs front-proxy-ca
- [x] kubeadm phase certs front-proxy-client
**Which issue this PR fixes:**
none
**Special notes for your reviewer:**
This PR resubmits the work of #45617, and already includes @luxas reviews.
Please note that:
- the API - phase\certs.go - is now totally free by any UX concerns, and implements only the core logic for cert generation.
- the UX - cmd\phase\certs.go - now takes charge of UX commands and kubeadm own's rules for placing certs in the certificate dir (e.g. create only if exists)
Automatic merge from submit-queue
Update labels.yaml
```release-note
NONE
```
Reminder that at some point we need to stop allowing humans to add
labels via github's UI, and instead drive changes through this file.
We'll need to get mungegithub's check-labels munger activated and
a documented policy for all that, so here's a bump in the meantime.
ref: kubernetes/test-infra#2504 (this PR doesn't fix the issue but that's the closest prior art I can find)
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
Added case on 'terminated-but-not-yet-deleted' for Admit.
**What this PR does / why we need it**:
Added case on 'terminated-but-not-yet-deleted' for Admit.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47867
**Release note**:
```release-note-none
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
HTTPExtender: should close resp.Body even when StatusCode not ok
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
close resp.Body even when StatusCode isn't ok
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
fix kubectl run --env flag
fixes: kubernetes/kubectl#19
cc: @ddcprg
```release-note
`kubectl run --env` no longer supports CSV parsing. To provide multiple env vars, use the `--env` flag multiple times instead of having env vars separated by commas. E.g. `--env ONE=1 --env TWO=2` instead of `--env ONE=1,TWO=2`.
```
Automatic merge from submit-queue
Local storage teardown fix
**What this PR does / why we need it**: Local storage uses bindmounts and the method IsLikelyNotMountPoint does not detect these as mountpoints. Therefore, local PVs are not properly unmounted when they are deleted.
**Which issue this PR fixes**: fixes#48331
**Special notes for your reviewer**:
You can use these e2e tests to reproduce the issue and validate the fix works appropriately https://github.com/kubernetes/kubernetes/pull/47999
The existing method IsLikelyNotMountPoint purposely does not check mountpoints reliability (4c5b22d4c6/pkg/util/mount/mount_linux.go (L161)), since the number of mountpoints can be large. 4c5b22d4c6/pkg/util/mount/mount.go (L46)
This implementation changes the behavior for local storage to detect mountpoints reliably, and avoids changing the behavior for any other callers to a UnmountPath.
**Release note**:
```
Fixes bind-mount teardown failure with non-mount point Local volumes (issue https://github.com/kubernetes/kubernetes/issues/48331).
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
federation: Cleanup cluster scripts of older federation bring up method
**What this PR does / why we need it**:
Remove older method of bringing up federation via scripts. Currently `kubefed` is the only supported mechanism and is well established and stable.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
Return clusterErr rather than err
The updateClusterIngressUIDToMasters() should return clusterErr, not err.
If the 'err' of 'masterCluster, masterUID, err := ic.getMasterCluster()' is nil and the 'clusterErr' of 'clusterObj, clusterErr := api.Scheme.DeepCopy(cluster)' is not nil, updateClusterIngressUIDToMasters() will return ("", nil).
And do not log fallbackUID when fallbackUID is nil.
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
recheck pod volumes before marking pod as processed
This PR allows a pod's volumes to be re-checked until all are added correctly. There's a limited amount of time when a persistent volume claim is still in the Pending phase, and if a pod is created in that time, the volume will not be added. The issue is not uncommon with helm charts that create all objects in close succession, particularly when using aws-ebs volumes.
fixes#28962
Added IsNotMountPoint method to mount utils (pkg/util/mount/mount.go)
Added UnmountMountPoint method to volume utils (pkg/volume/util/util.go)
Call UnmountMountPoint method from local storage (pkg/volume/local/local.go)
IsLikelyNotMountPoint behavior was not modified, so the logic/behavior for UnmountPath is not modified
In Container manager, we set up the capacity by retrieving information
from cadvisor. However unlike machineinfo, filesystem information is
available at a later unknown time. This PR uses a go routine to keep
retriving the information until it is avaialble or timeout.
Automatic merge from submit-queue (batch tested with PRs 47040, 48597, 48608, 48653)
Fix godep verify to use godep restore script
**What this PR does / why we need it**:
A bug was introduced in #48615. `hack/verify-godeps.sh` only downloads and compares if godeps have changed, so it wasn't caught on the original PR. However, when it does run (e.g. https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/48630/pull-kubernetes-verify/38350/) it fails because the godep-save script now doesn't permit a compex GOPATH. verify-godeps.sh actually sets one because it restores godeps not using the `hack/godep-restore.sh` script.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @sttts
/priority failing-test
Automatic merge from submit-queue
controller-manager: fix horizontal-pod-autoscaler-use-rest-clients fl…
…ag help info
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48583, 48605, 48601)
apimachinery+apiserver: separate test types in their own packages
Preparation for static deepcopy https://github.com/kubernetes/kubernetes/pull/48544
and its use of package-global deepcopy-gen tags for all runtime.Objects.
- [x] wait for #48497
Automatic merge from submit-queue (batch tested with PRs 48583, 48605, 48601)
support json output for log backend of advanced audit
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
Add json format support for advanced audit in apiserver. Use --audit-log-format=json to emit json to log backend.
```
Automatic merge from submit-queue
Record 429 and timeout errors to prometheus
Allows gathering of load being shed.
Fixes#48559
@deads2k please review, there was a logic error in apiserver RequestInfo (minor, fortunately)
```release-note
Requests with the query parameter `?watch=` are treated by the API server as a request to watch, but authorization and metrics were not correctly identifying those as watch requests, instead grouping them as list calls.
```
Automatic merge from submit-queue
[Federation] Remove flakey and redundant replicaset unit test
The coverage provided by this test duplicates coverage provided in e2e. As well, the test is 'unit' in name only, as evidenced by the dependency on sleep statements to try to coordinate timing between the test and the controller. If low-level coverage of replicaset scheduling is desired, it can be implemented in a more targeted fashion that is not prone to race conditions.
Fixes#48368
cc: @kubernetes/sig-federation-pr-reviews
Kubernetes Submit Queue