Automatic merge from submit-queue
Autoconvert cleanups
A few accumulated cleanups to conversion, and then a big change. Please review commit-by-commit. Verified by nuking all generated files and comparing the new results.
cc @lavalamp
Automatic merge from submit-queue
Variables should be initialized near where it would be used
As inner the for-loop, it would continue before hash-value being used, so i thinks the hash value calculation should be moved below
Automatic merge from submit-queue
Unwrap aggregates of size 1 when writing errors
Our special error logic was being defeated by aggregates.
Also, only use aggregate in get when we actually are dealing with
multiple errors.
@kubernetes/kubectl
For other kubectl reviewers - no one should use an aggregate unless you are ranging over a list, and even then ask yourself whether you really care about returning all errors.
Automatic merge from submit-queue
Copy auth plugin to client-go repo
client-go doesn't copy the [auth plugin](https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/client/auth/plugins.go). This causes user cannot access cluster run by GKE. User will see error "No Auth Provider found for name gcp".
This PR fixes this issue. It's marked as WIP because I'll need to rebase after #32906 gets merged. Also, the fix needs to be cherry-picked into 1.4 branch to update client-go/1.4.
Automatic merge from submit-queue
Add a lower-bound for conntrack (128k default)
Fixes#32435
kube-proxy will use a lower-bound, default 128k, for conntrack records. This
is in concert with the per-core scaling factor.
Automatic merge from submit-queue
vSphere cloud provider: ExternalID/InstanceID not returning appropriate error for non-existing VM
Addresses #33215.
When vCenter returns error vm not found, this is now being translated to
the appropriate error 'cloudprovider.InstanceNotFound' which indicates
to Kubernetes node controller that the VM is in fact not found.
Automatic merge from submit-queue
controller: don't retry deployments with overlapping selectors
Returning an error will cause the deployment to be requeued. We should
just emit an event for deployments with overlapping selectors and silently
drop then out of the queue. This should be transitioned to a Condition
once we have them.
@kubernetes/deployment ptal
Automatic merge from submit-queue
Prune unused parameters and call only once
Two parameters of `InstallServiceErrorHandler` were not used. Pruning them allows us to move the service error handler installation for each api group to be moved into the constructor.
Automatic merge from submit-queue
Fix cache expiration check
The check for whether an entry in the `forceLiveLookup` cache had expired was backwards. Fixed the logic and added tests
Previously we refused to emit 'autoConvert_*' functions if any field was not
convertible. The way around this was to write manual Conversion functions, but
to do so safely you must handle every fields. Huge opportunity for errors.
This PR cleans up the filtering such that it only operates on types that should
be converted (remove a lot of code) and tracks when fields are skipped. In
that case, it emits an 'autoConvert' function but not a public 'Convert'
function. If there is no manual function, the compile will fail.
This also means that manual conversion functions can call autoConvert functions
and then "patch up" what they need.
Automatic merge from submit-queue
Fixed a bug that causes k8s to delete all healthmonitors on your OpenStack tenant
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
The OpenStack LBaaS v2 api does not support filtering health monitors by pool_id, so /lbaas/healthmonitors?pool_id=abc123 will always return all health monitors in your OpenStack tenant.
This presents a problem when, in the very next block of code, we loop over the list of monitorIDs and delete them one-by-one. This will delete all the health monitors in your tenant without warning.
Fortunately, we already got the healthmonitor IDs when we built the list of pools. Using those, we can delete only those healthmonitors associated with our pool(s).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
The main issue here was the use of v2_monitors.List(lbaas.network, v2_monitors.ListOpts{PoolID: poolID}). This is trying to filter healthmonitors by pool_id, but that is not supported by the API. It creates a call like /lbaas/healthmonitors?pool_id=abc123. The API server ignores the pool_id parameter and returns a list of all healthmonitors (which k8s then tries to delete).
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
add port validate when --port is set or --expose=true
```shell
$ kubectl run nginx --image=nginx --port=88888 --expose=true
The Deployment "nginx" is invalid.
spec.template.spec.containers[0].ports[0].containerPort: Invalid value: 88888: must be between 1 and 65535, inclusive
$ kubectl run nginx --image=nginx --port=0 --expose=true
error: --port must be a positive integer when exposing a service
```
1. when port is greater than 65535, port is required between 1 and 65535 and deployment 'nginx' can not be created.
2. when port is less than 1, port is not validated and deployment 'nginx' can be created. But service will be created failed.
so i add this change:
when --port is set or --expose=true, validate port range so that error reported can be the same when port is greater than 65535 or less than 1.
And this can also find the port range error before creating the deployment other than during creating the deployment.
Automatic merge from submit-queue
Update kubectl create message when using --dry-run
`kubectl create <resource> <name> --dry-run` provides a misleading success
message.
When commands such as `kubectl new-app node` are run with a
`--dry-run` flag, they make this clear by appending a "(DRY RUN)"
string to the final output. `kubectl create <resource> <name> --dry-run`
does not do this, providing a potentially misleading output.
This patch appends a "(DRY RUN)" string to the end of a successful
message of `kubectl create` subcommands that support the `--dry-run` flag.
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created
```
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created (DRY RUN)
```
**Release note**:
```release-note
release-note-none
```
rename plugin/pkg/client/auth/plugins.go package name to auth
add the plugin import line in client-gen
update import_known_versions for release_1_5 clientset
change copy.sh
Automatic merge from submit-queue
Fix DaemonSet namespace handling for predicates
In order to determine whether a node should run its daemon pod,
DaemonController creates a dummy pod based on DaemonSet's template and
then uses scheduler predicates (currently GeneralPredicates) to test
whether such pod can be run by the node. The problem was that
DaemonController was not setting Namespace for the dummy pod. This was
not affecting currently used GeneralPredicates but this problem could
bite later when some namespace-dependent predicates are added to
GeneralPredicates or directly to DaemonController's node checks
(e.g. pod affinity).
Stumbled upon it while working on e2e test for #31136
Automatic merge from submit-queue
Pass SelectionPredicate instead of Filter to storage layer
Depends on #31189 (first commit).
ref: #29888
What?
This PR removes the filtering logic and passes SelectionPredicate to storage layer.
Why?
Filter doesn't provide enough information of and isn't the right abstraction for indexing. We need to pass in SelectionPredicate instead.
Automatic merge from submit-queue
Default HTTP2 on, post fixes from #29001
This reverts commit 8cb799c789.
Enables HTTP2 on by default post fixes from https://github.com/kubernetes/kubernetes/issues/29001 for 1.5
NOTE: We are nearing lb connection limits at current thresholds.
/cc @bradfitz @lavalamp @smarterclayton
In order to determine whether a node should run its daemon pod,
DaemonController creates a dummy pod based on DaemonSet's template and
then uses scheduler predicates (currently GeneralPredicates) to test
whether such pod can be run by the node. The problem was that
DaemonController was not setting Namespace for the dummy pod. This was
not affecting currently used GeneralPredicates but this problem could
bite later when some namespace-dependent predicates are added to
GeneralPredicates or directly to DaemonController's node checks
(e.g. pod affinity).
Stumbled upon it while working on e2e test for #31136
Returning an error will cause the deployment to be requeued. We should
just emit an event for deployments with overlapping selectors and silently
drop then out of the queue. This should be transitioned to a Condition
once we have them.
Automatic merge from submit-queue
start creating controller SA roles. start with just one
This creates a clusterrole for the replicationcontroller controller. It also streamlines the rule creation code and I'll use this role as practice for wiring up RBAC rules.
@kubernetes/sig-auth
@ericchiang Jordan is ooto, mind taking a look?
Automatic merge from submit-queue
remove the clientset adapter
This removes the clientset adapter entirely. There is one focused adapter that remains in a single e2e test. Every other reference was removed.
Automatic merge from submit-queue
move the REST storage creation to its proper packages
Moves the `RESTStorageProvider` interfaces to their proper packages.
Automatic merge from submit-queue
Do not report error when deleting an attached volume
Persistent volume controller should not send warning events to a PV and mark the PV as failed when the volume is still attached.
This happens when a user quickly deletes a pod and associated PVC - PV is slowly detaching, while the PVC is already deleted and the PV enters Failed phase.
`Deleter.Deleter` can now return `tryAgainError`, which is sent as INFO to the PV to let the user know we did not forget to delete the PV, however the PV stays in Released state. The controller tries again in the next sync (15 seconds by default).
Fixes#31511
Automatic merge from submit-queue
Remove kubectl namespace command
**What this PR does / why we need it**:
It removes deprecated `kubectl namespace` command, which `has been superseded by the context.namespace field of .kubeconfig files. See 'kubectl config set-context --help' for more details`. It was done nearly two years ago, so like `// TODO remove once people have been given enough time to notice` comment says it may be a good time to get rid of it.
**Special notes for your reviewer**:
None ATM.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Remove kubectl namespace command
```
Kubernetes Submit Queue