Automatic merge from submit-queue
Update verify-openapi-spec script to check for extra generated spec
hack/verify-openapi-spec.sh only check for existing spec changes. If for some reason (here most probably I forgot to delete a file in api/openapi-spec folder in #35388 after a rebase) there is an old spec exists in the spec folder, it won't panic but it should. This resulted in an unused out of date v1.spec file in the api/openapi-spec folder that this PR also removes.
Automatic merge from submit-queue
CRI: Handle empty container name in dockershim.
Fixes https://github.com/kubernetes/kubernetes/issues/35924.
Dead container may have no name, we should handle this properly.
@yujuhong @bprashanth
Automatic merge from submit-queue
make ./pkg/client/listers compile
currently compilation is broken
```
$ go install ./pkg/client/listers/...
# k8s.io/kubernetes/pkg/client/listers/apps/v1alpha1
pkg/client/listers/apps/v1alpha1/zz_generated.statefulset.go:89: undefined: apps in apps.Resource
# k8s.io/kubernetes/pkg/client/listers/autoscaling/v1
pkg/client/listers/autoscaling/v1/zz_generated.horizontalpodautoscaler.go:89: undefined: autoscaling in autoscaling.Resource
# k8s.io/kubernetes/pkg/client/listers/batch/v2alpha1
pkg/client/listers/batch/v2alpha1/zz_generated.job.go:89: undefined: batch in batch.Resource
pkg/client/listers/batch/v2alpha1/zz_generated.scheduledjob.go:89: undefined: batch in batch.Resource
# k8s.io/kubernetes/pkg/client/listers/authentication/v1beta1
pkg/client/listers/authentication/v1beta1/zz_generated.tokenreview.go:63: undefined: authentication in authentication.Resource
# k8s.io/kubernetes/pkg/client/listers/batch/v1
pkg/client/listers/batch/v1/zz_generated.job.go:89: undefined: batch in batch.Resource
# k8s.io/kubernetes/pkg/client/listers/authorization/v1beta1
pkg/client/listers/authorization/v1beta1/zz_generated.localsubjectaccessreview.go:89: undefined: authorization in authorization.Resource
pkg/client/listers/authorization/v1beta1/zz_generated.selfsubjectaccessreview.go:63: undefined: authorization in authorization.Resource
pkg/client/listers/authorization/v1beta1/zz_generated.subjectaccessreview.go:63: undefined: authorization in authorization.Resource
# k8s.io/kubernetes/pkg/client/listers/certificates/v1alpha1
pkg/client/listers/certificates/v1alpha1/zz_generated.certificatesigningrequest.go:63: undefined: certificates in certificates.Resource
# k8s.io/kubernetes/pkg/client/listers/policy/v1alpha1
pkg/client/listers/policy/v1alpha1/zz_generated.poddisruptionbudget.go:89: undefined: policy in policy.Resource
# k8s.io/kubernetes/pkg/client/listers/core/v1
pkg/client/listers/core/v1/zz_generated.componentstatus.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.configmap.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.endpoints.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.event.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.limitrange.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.namespace.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.node.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.persistentvolume.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.persistentvolumeclaim.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.pod.go:89: undefined: api
pkg/client/listers/core/v1/zz_generated.pod.go:89: too many errors
# k8s.io/kubernetes/pkg/client/listers/imagepolicy/v1alpha1
pkg/client/listers/imagepolicy/v1alpha1/zz_generated.imagereview.go:63: undefined: imagepolicy in imagepolicy.Resource
# k8s.io/kubernetes/pkg/client/listers/rbac/v1alpha1
pkg/client/listers/rbac/v1alpha1/zz_generated.clusterrole.go:63: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.clusterrolebinding.go:63: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.role.go:89: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.rolebinding.go:89: undefined: rbac in rbac.Resource
# k8s.io/kubernetes/pkg/client/listers/storage/v1beta1
pkg/client/listers/storage/v1beta1/zz_generated.storageclass.go:63: undefined: storage in storage.Resource
# k8s.io/kubernetes/pkg/client/listers/extensions/v1beta1
pkg/client/listers/extensions/v1beta1/zz_generated.daemonset.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.deployment.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.ingress.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.job.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.podsecuritypolicy.go:63: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.replicaset.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.scale.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.thirdpartyresource.go:63: undefined: extensions in extensions.Resource
```
cc @ncdc @caesarxuchao
Automatic merge from submit-queue
Disable gci-mounter in cri node e2e tests
gci-mounter is still being validated and there are known issues. Do not enable it
for cri tests for now.
Automatic merge from submit-queue
CRI: Add kuberuntime container logs
Based on https://github.com/kubernetes/kubernetes/pull/34858.
The first 2 commits are from #34858. And the last 2 commits are new.
This PR added kuberuntime container logs support and add unit test for it.
I've tested all the functions manually, and I'll send another PR to write a node e2e test for container log.
**_Notice: current implementation doesn't support log rotation**_, which means that:
- It will not retrieve logs in rotated log file.
- If log rotation happens when following the log:
- If the rotation is using create mode, we'll still follow the old file.
- If the rotation is using copytruncate, we'll be reading at the original position and get nothing.
To solve these issues, kubelet needs to rotate the log itself, or at least kubelet should be able to control the the behavior of log rotator. These are doable but out of the scope of 1.5 and will be addressed in future release.
@yujuhong @feiskyer @yifan-gu
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Node controller to not force delete pods
Fixes https://github.com/kubernetes/kubernetes/issues/35145
- [x] e2e tests to test Petset, RC, Job.
- [x] Remove and cover other locations where we force-delete pods within the NodeController.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
``` release-note
Node controller no longer force-deletes pods from the api-server.
* For StatefulSet (previously PetSet), this change means creation of replacement pods is blocked until old pods are definitely not running (indicated either by the kubelet returning from partitioned state, or deletion of the Node object, or deletion of the instance in the cloud provider, or force deletion of the pod from the api-server). This has the desirable outcome of "fencing" to prevent "split brain" scenarios.
* For all other existing controllers except StatefulSet , this has no effect on the ability of the controller to replace pods because the controllers do not reuse pod names (they use generate-name).
* User-written controllers that reuse names of pod objects should evaluate this change.
```
Status is exposed as v1 in the current schema (so all groups are
returning v1.Status). However, if you give a codec only "mygroup"
"myversion", it will fail to convert Status to v1. For now, unversioned
types should be allowed to be projected into all group versions, and
when we add the server group we'll rip out the unversioned concept
entirely.
restclient must be able to deal with multiple types of servers. Alter
the behavior of restclient.Result#Raw() to not process the body on
error, but instead to return the generic error (which still matches the
error checking cases in api/error like IsBadRequest). If the caller uses
.Error(), .Into(), or .Get(), try decoding the body as a Status.
For older servers, continue to default apiVersion "v1" when calling
restclient.Result#Error(). This was only for 1.1 servers and the
extensions group, which we have since fixed.
This removes a double decode of very large objects (like LIST).
Calling `internalclientset.New()` with a rest client as an argument simply
copies that rest client to all the API group clients irrespective of the
configured GroupVersion or versionedAPIPath in the client. So only one
API group client gets the client configured correctly for that API
group. All the other API group clients get misconfigured rest clients.
On the other hand, `internalclientset.NewForConfigOrDie()` does the right
thing by reconfiguring the passed configs for each API group and
initializes an appropriate rest client for that group.
Now that we are relying on the `NewForConfigOrDie()` method to
initialize the rest clients, we need to swap the underlying http clients
in each of these rest clients with a fake one for testing.
Automatic merge from submit-queue
CRI: Rename container/sandbox states
The enum constants are not namespaced. The shorter, unspecifc names are likely
to cause naming conflicts in the future.
Also replace "SandBox" with "Sandbox" in the API for consistency.
/cc @kubernetes/sig-node
This check is too restrictive if building into multiple _output
targets, such as the way anago produces releases
When branching we build essentially 2 copies of the same thing
(GKE requirement) the second build will always fail because the
docker image is the same.
Automatic merge from submit-queue
Add FeatureGates field to KubeletConfiguration
This threads the `--feature-gates` flag through the `KubeletConfiguration` object and also allows setting feature gates via dynamic Kubelet configuration.
/cc @jlowdermilk
Automatic merge from submit-queue
e2e.go/kops: Bump timeout to 20m, fix KUBERNETES_PROVIDER
**What this PR does / why we need it**: I don't have a ton of proof, but I think https://k8s-testgrid.appspot.com/google-aws#kops-aws-updown builds 4045-4047 are just AWS and DNS slowness.
In addition, my original PR was meant to change `KUBERNETES_PROVIDER` based on `KUBERNETES_CONFORMANCE_PROVIDER`.
Automatic merge from submit-queue
kubeadm preflight checks: Warn user if connections to API or Discovery are going to be over proxy
**What this PR does / why we need it**: Continuing discussion from PR #35044, new version will provide warning if kubeadm run in environment where http connections would go over proxy.
Most of the time, it is not expected behaviour and leads to situations like in #34695
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#34695
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
kubeadm during initialization of master and slave nodes need to make
several API calls directly to the node where it is running or master.
In environments with http/https proxies, user might accidentally
have configuration where connections to API would go over proxy instead
of directly.
User can re-run kubeadm with corrected NO_PROXY variable. Example:
$ NO_PROXY=* kubeadm join ...
Kubernetes Submit Queue
