Allow the group claim to be a single string instead of an array of
strings. This means the following claim
{
"role": "admin"
}
Will be mapped to the groups
["admin"]
This PR fixes the race condition in setting node statusUpdateNeeded flag
in master's attachdetach controller. This flag is used to indicate
whether a node status has been updated by the node_status_updater or
not. When updater finishes update a node status, it is set to false.
When the node status is changed such as volume is detached or new volume
is attached to the node, the flag is set to true so that updater can
update the status again. The previous workflow has a race condition as
follows
1. updater gets the currently attached volume list from the node which needs to be
updated.
2. A new volume A is attached to the same node right after 1 and set the
flag to TRUE
3. updater updates the node attached volume list (which does not include volume A) and then set the flag to FALSE.
The result is that volume A will be never added to the attached volume
list so at node side, this volume is never attached.
So in this PR, the flag is set to FALSE when updater tries to get the
attached volume list (as in an atomic operation). So in the above
example, after step 2, the flag will be TRUE again, in step 3, updater
does not set the flag if updates is sucessful. So after that, flag is
still TRUE and in next round of update, the node status will be updated.
This PR also changes a unit test due to the workflow changes
Automatic merge from submit-queue
Refactor Builder.visitorResult by extra methonds.
**What this PR does / why we need it**:
Code polish; it'll make code readable.
Automatic merge from submit-queue
Apiserver don't log stacktrace when proxying
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
When we are proxying unexpected status from a service or a pod, we print the stack traces (which is not the wanted behaviour). This is an attempt at fixing the issue #32747,
With the `RequestInfoResolver` struct, it's possible to inspect the request and get the `Verb`. In this case, the `proxy` value is what I was looking for to avoid logging stack traces.
I'm wrapping the `.Log()` call with an `if` statement to remove all stack traces logging when the call is a proxy from a service or a pod
Another approach would have been to add another kind of `StacktracePred` in the `httplog` package. I found this path to be trickier to code as it's currently only accepting int values.
**Which issue this PR fixes** : fixes#32747
**Special notes for your reviewer**: N/A
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
Send recycle events from pod to pv.
This allows users to diagnose what's wrong with recycler. Recycler pods are started automatically with a cryptic name and they are deleted immediately when they finish.
e.g, `kubectl describe pv` could show that NFS cannot be mounted (and how many pods have tried it):
```
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
59m 59m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(5421800e-347b-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
53m 53m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(3c9809e5-347c-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
46m 46m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(250dd2a2-347d-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
40m 40m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(0d84ea33-347e-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
33m 33m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(f5fb63bf-347e-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
27m 27m 1 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Unable to mount volumes for pod "recycler-for-nfs_default(de7128fd-347f-11e6-a79b-3c970e965218)": timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
1h 3m 75 {persistentvolume-controller } Normal RecyclerPod Recycler pod: Successfully assigned recycler-for-nfs to 127.0.0.1
1h 3m 76 {persistentvolume-controller } Normal RecyclerPod Recycler pod: Pod was active on the node longer than specified deadline
1h 1m 12 {persistentvolume-controller } Warning RecyclerPod Recycler pod: Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "recycler-for-nfs"/"default". list of unattached/unmounted volumes=[vol]
20m 1m 4 {persistentvolume-controller } Warning RecyclerPod (events with common reason combined)
```
These steps were necessary:
- added event watcher to volume.RecycleVolumeByWatchingPodUntilCompletion
- pass all these events through volume plugins to volume controller
- rework volume.RecycleVolumeByWatchingPodUntilCompletion unit tests to a table (too much copy-paste)
- fix all unit tests along the way
The GC needs to build clients based only on Resource or Kind. Hoist the
restmapper out of the controller and the clientpool, support a new
ClientForGroupVersionKind and ClientForGroupVersionResource, and use the
appropriate one in both places.
Automatic merge from submit-queue
Add port forwarding for rkt with kvm stage1
Port forwarding for rkt kvm using `socat`.
cc @yifan-gu @euank @pskrzyns @lukasredynk
Attempt at closing #32747,
With the `RequestInfoResolver` struct, it's possible to inspect the
request and get the `Verb`. In this case, the `proxy` value is what I
was looking for to avoid logging stacktraces.
I'm wrapping the `.Log()` call with an `if` statement to remove all
stacktrace logging when we proxied through the apiserver
Another approach would have been to add another kind of
`StacktracePred` in the `httplog` package. I found this path to be
trickier to code as it's currently only accepting int values.
Automatic merge from submit-queue
Fix FakeNodeHandler Update behaviour
Two problems:
1. Get is always using Existing nodes slice, and you will for sure miss any updated data
2. Each Update adds a duplicate node entry to UpdatedNodes slice
For the 1st, we will try to find a node in UpdatedNodes slice (same as for the List).
2nd - append only if there is no node with same name as updated, if there is we will replace object in UpdatedNodes slice.
Automatic merge from submit-queue
Correct versioned.Event output in Swagger
Fixes#24240
```release-note
The value of the `versioned.Event` object (returned by watch APIs) in the Swagger 1.2 schemas has been updated from `*versioned.Event` which was not expected by many client tools. The new value is consistent with other structs returned by the API.
```
Automatic merge from submit-queue
Move image pull throttling logic to pkg/kubelet/images
This is part of #31458
This allows runtimes in different packages (dockertools, rkt, kuberuntime) to
share the same logic. Before this change, only dockertools support this
feature. Now all three packages support image pull throttling.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Remove closing audit log file and add error check when writing to audit
This picks the order fix from #33164. Additionally I've removed entirely closing the log file, since it didn't make sense where it was. I've also added error checks when actually writing to audit logs.
@sttts ptal
**1.4 justification:**
Risk: the code only runs if auditing is enabled with an apiserver flag. So the risk is low.
Rollback: nothing should depend on this
Cost: the auditing feature is broken because the impersonation filter is applied before and you might not see the proper user when using `--as` flag. Additionally no errors are logged if writing to audit fails.
Automatic merge from submit-queue
Refactor cert utils into one pkg, add funcs from bootkube for kubeadm to use
**What this PR does / why we need it**:
We have ended-up with rather incomplete and fragmented collection of utils for handling certificates. It may be worse to consider using `cfssl` for doing all of these things, but for now there is some functionality that we need in `kubeadm` that we can borrow from bootkube. It makes sense to move the utils from bookube into core, as discussed in #31221.
**Special notes for your reviewer**: I've taken the opportunity to review names of existing funcs and tried to make some improvements in that area (with help from @peterbourgon).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
move registry packages for all API groups
This continues the pattern of `registry/<group>/resource` for our backing storage. This entire pull is nothing but moves. I'll reswizzle the actual storage next, but these are cargo-culted everywhere, so I want to lay this down early.
@sttts @ncdc
Automatic merge from submit-queue
Allow secure access to apiserver from Admission Controllers
* Allow options.InsecurePort to be set to 0 to switch off insecure access
* In NewSelfClient, Set the TLSClientConfig to the cert and key files
if InsecurePort is switched off
* Mint a bearer token that allows the client(s) created in NewSelfClient
to talk to the api server
* Add a new authenticator that checks for this specific bearer token
Fixes#13598
Automatic merge from submit-queue
don't mutate original master->kubelet TLS config
fixes https://github.com/kubernetes/kubernetes/issues/33140
```release-note
Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority
```
This allows runtimes in different packages (dockertools, rkt, kuberuntime) to
share the same logic. Before this change, only dockertools support this
feature. Now all three packages support image pull throttling.
Resources are currently filtered (in order to prevent printing) at print
time in their HumanReadablePrinter handlers. This design makes it not
possible to filter objects when they are printed using any other
printer, such as YAML, JSON, or the NamePrinter.
This patch removes any filters previously added at the printer level for
pods and adds a way to define resource-specific filters before they are
sent to a printer handler. A woking filter handler for pods has also
been
implemented.
Filters affect resources being printed through the HumanReadablePrinter,
YAML, JSON, and `--template` printers.
Automatic merge from submit-queue
Behave gracefully in kubectl if /version returns 404
Fixes https://github.com/kubernetes/kubernetes/issues/32679.
It's only about caching the swagger spec here. So it's safe to fall back to non-caching mode and continue.
Automatic merge from submit-queue
simplify RC and SVC listers
Make the RC and SVC listers use the common list functions that more closely match client APIs, are consistent with other listers, and avoid unnecessary copies.
Automatic merge from submit-queue
controller: enhance timeout error message for Recreate deployments
Makes the error message from https://github.com/kubernetes/kubernetes/issues/29197 more obvious
@kubernetes/deployment
This commit moves away from using a global variable for default
configuration checking, and instead exposes a method on LoadingRules to
determine whether a particular restclient.Config should be considered
"default". This allows kubectl to provide its own defaults (the same
as before, KUBERNETES_MASTER and the static localhost:8080 values) while
allowing other clients to avoid defining them.
In-cluster config defaulting is now easier to read.
Automatic merge from submit-queue
Move generated openAPI specs out of genericapiserver and make it configurable
A follow up to #31468
Generated OpenAPI Spec does not belong to genericapiserver package. A new package "generated" created in hope of all generated codes goes into it in future. Openapi folder of that package contains generated definitions and generic API server will accept the definition map as a configuration parameter.
Reference: #13414
Automatic merge from submit-queue
stop etcd watcher when watch chan is closed
When startWatching() stops due to the watch chan is closed, the watcher could still keeps running in the background. When this case happen, we should stop the watcher entirely and close ResultChan() too.
Prior to this, we would approve eviction as long as the current state of
the pods matched the budget. The new version requires that after the
eviction, the pods would still match the budget.
Also update tests to match.
Automatic merge from submit-queue
Fix backward compatibility issue caused by promoting initcontainers f…
#31026 moves init-container feature from alpha to beta, but only took care the backward compatibility for pod specification, not deal with status. For status, it simply moved from `pods.beta.kubernetes.io/init-container-statuses` to
`pods.beta.kubernetes.io/init-container-statuses` instead of introducing one more pods.beta.kubernetes.io/init-container-statuses. This breaks when the cluster is running with 1.4, but the user is still running with kubectl 1.3.x.
Fixed#32711
Automatic merge from submit-queue
Move HighWaterMark to the top of the struct in order to fix arm
I haven't tested this yet, but let's see how e2e tests react.
It should be no difference at all except for that it will fix arm.
etcd has had to do this some times (and I think there are some fixes like this that are needed for etcd as well)
For reference see: https://golang.org/pkg/sync/atomic/
This should be a cherrypick-candidate for v1.4.1 (as I understand it, v1.4.0 has clearly left the cherrypickable state)
@lavalamp @pwittrock @xiang90 @smarterclayton
Automatic merge from submit-queue
fix a spell mistake
**What this PR does / why we need it**:
this should be "every" not 'ever'
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
Add storage api group to hack/update-codegen.sh
Add it to the script then run it in the second commit. 1.4 needs the same change, I'll do it in my other PR.
Automatic merge from submit-queue
separate RESTStorage by API group
This demonstrates how we could start separating the description of `RESTStorage` from `pkg/master`. Each API group owns constructing its own RESTStorage. Since `pkg/registry` is where we place all packages that create RESTStorage, it seems reason to split the package by `pkg/registry/<api group>/storage` to create RESTStorage and `pkg/registry/<api group>/<resource>` to support each individual resource.
The interface to construct this RESTStorage is dependent upon some `genericapiserver` types now, but we could (should?) move those items to a different location.
@kubernetes/sig-api-machinery
@lavalamp can you weigh in on how I've split these packages? I think we agree that we need better segregation, but we haven't spoken about how to spell it.
* Allow options.InsecurePort to be set to 0 to switch off insecure access
* In NewSelfClient, Set the TLSClientConfig to the cert and key files
if InsecurePort is switched off
* Mint a bearer token that allows the client(s) created in NewSelfClient
to talk to the api server
* Add a new authenticator that checks for this specific bearer token
Fixes#13598
Automatic merge from submit-queue
kubenet: SyncHostports for both running and ready to run pods.
This fixes the race that happens in rktnetes when pod B invokes
'kubenet.SetUpPod()' before another pod A becomes actually running.
The second 'kubenet.SetUpPod()' call will not pick up the pod A
and thus overwrite the host port iptable rules that breaks pod A.
This PR fixes the case by listing all 'active pods' (all non-exited
pods) instead of only running pods.
Fix https://github.com/kubernetes/kubernetes/issues/27975
Originally discussed in https://github.com/kubernetes/kubernetes/pull/27914#issuecomment-228140108
cc @euank @freehan @dcbw
Automatic merge from submit-queue
Extend all to more resources
Added more things from the list here:
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/cmd.go#L159
Update the devel/kubectl-conventions.md with the rules mentioned by
a few folks on which resources could be added to the special 'all' alias
Automatic merge from submit-queue
Add godoc on using FakeClient with subresources
Add a little godoc on using FakeClient with subresources, hoping to prevent future occurences of #32127.
Automatic merge from submit-queue
make --include-extended-apis deprecated and remove plumbing
Marks a dead CLI parameter as deprecated and removes the plumbing for it.
Automatic merge from submit-queue
controller: a couple of fixes for csr
Fixes:
* delete resource handler wasn't taking into account tombstones
* csr would requeue twice on update failure
@deads2k @mikedanese ptal
Automatic merge from submit-queue
add GenericAPIServer posthooks for initialization
Adds the concept of a `PostStartHook` to the `GenericAPIServer` to allow post-server start hooks. This gives a standard location to perform post-start bootstrapping tasks. The common case usage we have downstream are security related bootstrapping tasks that are performed on the "empty etcd" initialization cases. The RBAC authorizer is a good example of this in kube. It needs a location to create default policies to start a server which is capable of being accessed.
Kube is also likely to hit this for things like PSP and breaking the monolithic controller user into separate, scoped service accounts.
@kubernetes/sig-api-machinery for the `GenericAPIServer` bits
@kubernetes/sig-auth for the particular clusterrole bootstrapping. I've only done one to start, but I suspect we'll start making more and probably introduce a binding so that the RBAC super-user doesn't remain a special case forever.
Automatic merge from submit-queue
CRI: Add missing sandbox in runningPod.
Add a container that represents pod sandbox when converting the
pod status to runningPod.
Without the change, `kubeGenericRuntimeManager.killPodWithSyncResult()` will not kill any sandboxes.
cc @feiskyer @Random-Liu @yujuhong
The new flag, if specified, and if --container-runtime=docker, switches
kubelet to use the new CRI implementation for testing. This is hidden flag
since the feature is still under heavy development and the flag may be changed
in the near future.
Automatic merge from submit-queue
etcd watcher: centralize error handling
We should centralize error handling in watcher in run(). Otherwise this could silently return.
Also we don't need the grpc code checking anymore. It's fixed.
Automatic merge from submit-queue
fix a spell mistake
**What this PR does / why we need it**:
fixed a spell mistake
**Which issue this PR fixes** :
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
Check init containers in PodContainerRunning
Sometimes when an init container runs and terminates quickly, PodContainerRunning can go into a
state where the pod indicates it's still running, but the container is already terminated. Handle
that condition by returning ErrContainerTerminated when it happens.
See also #29952
@smarterclayton @fabianofranz
Automatic merge from submit-queue
Support Quobyte as StorageClass
This PR allows Users to use Quobyte as StorageClass for dynamic volume provisioning and implements the Provisioner/Deleter Interface.
@quolix @kubernetes/sig-storage @rootfs
Automatic merge from submit-queue
Support for storage class for vSphere volume plugin. Custom disk format for dynamic provisioning.
This PR does following,
1. Add support for storage class for vSphere volume plugin.
2. Add option for user to provision disk with different disk formats. Format choices are
"thin" (default), "zeroedthick", "eagerzeroedthick".
Sample storageclass (yaml):
```
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: kubernetes.io/vsphere-volume
parameters:
diskformat: thin
```
Automatic merge from submit-queue
api: types: document NodeSpec ID fields
Document MachineID as the preferred field from the discussion here:
https://groups.google.com/d/msg/kubernetes-sig-node/_3mXXB1ohZs/EuYtCzHvBgAJ
I couldn't get the generated things to update. I ran:
```
hack/update-generated-runtime.sh
hack/update-codegen.sh
hack/update-generated-swagger-docs.sh
hack/update-generated-protobuf.sh
hack/update-codecgen.sh
```
What did I miss?!
cc @dchen1107 @thockin
Automatic merge from submit-queue
[Controller Manager] Fix endpoint controller hot loop and use utilruntime.HandleError to replace glog.Errorf
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**Why**:
Fix endpoint controller hot loop and use `utilruntime.HandleError` to replace `glog.Errorf`
**What**
1. Fix endpoint controller hot loop in `pkg/controller/endpoint`
2. Fix endpoint controller hot loop in `contrib/mesos/pkg/service`
3. Sweep cases of `glog.Errorf` and use `utilruntime.HandleError` instead.
**Which issue this PR fixes**
Fixes#32843
Related issue is #30629
**Special notes for your reviewer**:
@deads2k @derekwaynecarr
The changes on `pkg/controller/endpoints_controller.go` and `contrib/mesos/pkg/service/endpoints_controller.go` are almost the same except `contrib/mesos/pkg/service/endpoints_controller.go` does not pass `podInformer` as the parameter of `NewEndpointController()`.
So, I didn't wait `podStoreSynced` before `syncService()`(Just leave it as it was). Will it lead to a problem?
Automatic merge from submit-queue
[kubelet] Fix oom-score-adj policy in kubelet
Fixes#32238
We have been having this regression since v1.3. It is critical for GKE/GCE deployments of k8s because docker daemon has a high likelihood of being OOM killed which will end up nuking all containers.
The reason for moving from mnt to pid is that docker daemon moves itself into a new mnt namespace with systemd based deployments.
Automatic merge from submit-queue
Improve error message when kubectl rolling-update fail due to version skew
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**: follow up #32751, we should print the real error message first, the workaround later
**Before:**
```console
$ kubectl rolling-update nginx --image=redis
Created nginx-6ee4372891ec51a97dfbf83ed0846886
Scaling up nginx-6ee4372891ec51a97dfbf83ed0846886 from 0 to 1, scaling down nginx from 1 to 0 (keep 1 pods available, don't exceed 2 pods)
Scaling nginx-6ee4372891ec51a97dfbf83ed0846886 up to 1
Scaling nginx down to 0
Update succeeded. Deleting old controller: nginx
Renaming nginx-6ee4372891ec51a97dfbf83ed0846886 to nginx
Error from server: Note: if you are using "kubectl rolling-update" and your kubectl version is older than v1.4.0, your rolling-update has probably failed, though the pods are correctly updated. Please see https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#kubectl-rolling-update for a workaround. : object is being deleted: replicationcontrollers "nginx" already exists
```
**After:** (see the error message)
```console
$ kubectl rolling-update nginx --image=redis
Created nginx-12b5782bcdff627fca46537e9e1045f8
Scaling up nginx-12b5782bcdff627fca46537e9e1045f8 from 0 to 1, scaling down nginx from 1 to 0 (keep 1 pods available, don't exceed 2 pods)
Scaling nginx-12b5782bcdff627fca46537e9e1045f8 up to 1
Scaling nginx down to 0
Update succeeded. Deleting old controller: nginx
Renaming nginx-12b5782bcdff627fca46537e9e1045f8 to nginx
Error from server: object is being deleted: replicationcontrollers "nginx" already exists: if you're using "kubectl rolling-update" with kubectl version older than v1.4.0, your rolling update has failed, though the pods are correctly updated. Please see https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#kubectl-rolling-update for a workaround
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
Print the real error message first, the workaround later
@lavalamp @gmarek
Automatic merge from submit-queue
Allow kubectl describe ns to pass if server does not support resource quotas and limit ranges
Fixes https://github.com/kubernetes/kubernetes/issues/32629
Context: federation-apiserver does not support limit ranges and resource quotas. Hence `kubectl describe ns` fails right now.
Fixing it so that `kubectl describe ns` does not error out and atleast prints information about the namespace.
cc @kubernetes/sig-cluster-federation @kubernetes/kubectl
Automatic merge from submit-queue
delete a unused function in the 'pkg/kubectl/cmd/util/helpers.go'
Delete the function `getFlag` in the `pkg/kubectl/cmd/util/helpers.go`, because it is not used anywhere in the project.
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
Automatic merge from submit-queue
make rbac authorizer use rule comparison, not covers
Updates the rbac authorizer to use rule comparisons and not a covers check to perform authorization.
Automatic merge from submit-queue
change factorization of listers to make them easier to add
`Listers` have a tremendous amount of duplicate code. This factors that out.
@smarterclayton ptal.
Automatic merge from submit-queue
Fixes#30562: Refactor kubectl command options to use common struct for common file params
Fixes#30562 : Refactor common go struct options in pkg/kubectl/cmd/*.go.
@pwittrock
This fixes the race that happens in rktnetes when pod B invokes
'kubenet.SetUpPod()' before another pod A becomes actually running.
The second 'kubenet.SetUpPod()' call will not pick up the pod A
and thus overwrite the host port iptable rules that breaks pod A.
This PR fixes the case by listing all 'active pods' (all non-exited
pods) instead of only running pods.
Automatic merge from submit-queue
Disambiguate unsupported metrics from metrics errors
**What this PR does / why we need it**:
Stop logging "metrics are not supported for MetricsNil Volumes" as it spams the log.
**Which issue this PR fixes**
fixes#20676, fixes#27373
**Special notes for your reviewer**:
None
**Release note**:
```release-note
Don't log "metrics are not supported for MetricsNil Volumes"
```
Automatic merge from submit-queue
convert daemonset controller to shared informers
Convert the daemonset controller completely to `SharedInformers` for its list/watch resources.
@kubernetes/rh-cluster-infra @ncdc
Automatic merge from submit-queue
Cleanup non-rest apiserver handlers
- rename MuxHelper -> PathRecorderMux
- move non-rest handlers into routes packages within genericapiserver and `pkg/routes` (those from master)
- move ui and logs handlers out of genericapiserver (they are
not generic)
- make version handler configurable (`config.EnableVersion`)
Kubernetes Submit Queue