Automatic merge from submit-queue
Enable setting up Kubernetes cluster in Ubuntu on Azure
Implement basic cloud provider functionality to deploy Kubernetes on
Azure. SaltStack is used to deploy Kubernetes on top of Ubuntu
virtual machines. OpenVpn provides network connectivity. For
kubelet authentication, we use basic authentication (username and
password). The scripts use the legacy Azure Service Management APIs.
We have set up a nightly test job in our Jenkins server for federated
testing to run the e2e test suite on Azure. With the cloud provider
scripts in this commit, 14 e2e test cases pass in this environment.
We plan to implement additional Azure functionality to support more
test cases.
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/21207)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Should verify --secure-port and --insecure-port when starting kube-apiserver
When starting kube-apiserver, if we pass the flag `--secure-port` or `--insecure-port` with an invalid value (i.e. < 1 or > 65535), though there is an error message, the apiserver still runs normally. Actually, it should exit (as when not passing the flag `--etcd-servers` does), or else it's meaningless.
This fix is similar to #27762.
Maybe there is still other flags which have to be verified, if found, I will try to fix them.
Before fix:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1 &
[1] 1500
root@vm:/home/paas/zxp/log/kube# E0623 04:14:15.378332 1500 controller.go:97] Unable to perform initial Kubernetes service initialization: Endpoints "kubernetes" is invalid: [subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive, subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive]
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] listing is available at https://172.16.1.11:-1/swaggerapi/
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] https://172.16.1.11:-1/swaggerui/ is mapped to folder /swagger-ui/
E0623 04:14:15.422742 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube#
root@vm:/home/paas/zxp/log/kube# E0623 04:14:30.425211 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube# ps -ef|grep kube
root 1500 13507 1 04:14 pts/1 00:00:00 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1
```
After:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1 &
[1] 10570
root@vm:/home/paas/zxp/log/kube# F0623 05:37:16.124206 10570 genericapiserver.go:594] --insecure-port -1 must be between 1 and 65535, inclusive
goroutine 1 [running]:
k8s.io/kubernetes/vendor/github.com/golang/glog.stacks(0x4418400, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:766 +0xb8
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).output(0x43f7f60, 0xc800000003, 0xc8200e4600, 0x42b2d5a, 0x13, 0x252, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:717 +0x259
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).printf(0x43f7f60, 0xc800000003, 0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:655 +0x1d4
k8s.io/kubernetes/vendor/github.com/golang/glog.Fatalf(0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:1145 +0x5d
k8s.io/kubernetes/pkg/genericapiserver.verifyInsecurePort(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:594 +0x103
k8s.io/kubernetes/pkg/genericapiserver.ValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:603 +0x59
k8s.io/kubernetes/pkg/genericapiserver.DefaultAndValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:607 +0x4e
k8s.io/kubernetes/cmd/kube-apiserver/app.Run(0xc820468b40, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:83 +0x344
main.main()
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/apiserver.go:50 +0x121
[1]+ Exit 255 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1
root@vm:/home/paas/zxp/log/kube#
```
Add EndpointReconcilerConfig to master Config to allow downstream integrators to customize the reconciler
and reconciliation interval when starting a customized master.
Fix PersistentVolumeController.initializeCaches() to pass pointers to volume
or claim to storeObjectUpdate() and add extra functions to enforce that the
right types are checked in the future.
Fixes#28076
The one side effect is that for the "kubectl help" commands a newline
is prepended to output, which will alter the yaml output.
Here we use dedent to format the code to match the output.
hack/update-generated-docs.sh has been run and the affected files have
been added.
Note: for describe.go we added a period to the end of an output message.
Automatic merge from submit-queue
Add support for basic QoS and pod level cgroup management
This PR is a WIP and is tied to this upstream issue #27204
It adds support for creation,deletion and updates of cgroups in Kubernetes.
@vishh PTAL
Please note that the first commit is part of this PR: #27749
cc @kubernetes/sig-node
Signed-off-by: Buddha Prakash <buddhap@google.com>
Automatic merge from submit-queue
Hotfix: Fixup the hyperkube dns manifest from a breaking federation PR
This one has to be cherrypicked into v1.3.0, ref: #27986
@girishkalele @madhusudancs @quinton-hoole @eparis @nikhiljindal @mml @roberthbailey @david-mcmahon
Automatic merge from submit-queue
Use preferred group version when discovery fails due to 403
```
kubectl get pods --as bob
```
Returns:
```
error: failed to negotiate an api version; server supports: map[], client supports: map[autoscaling/v1:{} rbac.authorization.k8s.io/v1alpha1:{} federation/v1alpha1:{} batch/v1:{} v1:{} authentication.k8s.io/v1beta1:{} apps/v1alpha1:{} componentconfig/v1alpha1:{} authorization.k8s.io/v1beta1:{} batch/v2alpha1:{} extensions/v1beta1:{} policy/v1alpha1:{}]
```
It should return:
```
User "deads" cannot "impersonate" "users" with name "bob" in project ""
```
`serverVersions` is empty when discovery fails, thus we fallback to the `preferredGV`.
See openshift/origin#9307 and [openshift/origin/pull/9389](https://github.com/openshift/origin/pull/9389) for further details.
Automatic merge from submit-queue
Refactor func canRunPod
After refactoring, we only need to check `if pod.Spec.SecurityContext == nil` once. The logic is a bit clearer.
Automatic merge from submit-queue
e2e: Allow skipping tests for specific runtimes, skip a few tests under rkt
The main benefit of this is that it gives a developer more useful output (more signal to noise) for things that are known broken on that runtime.
cc @kubernetes/rktnetes-maintainers , @ixdy
I'll run this PR through our jenkins and make sure things look happy and compare to the e2e results for this PR.
Automatic merge from submit-queue
Fix pkg/kubelet unit tests fail on OSX
use runtime.GOOS for the OperatingSystem and not hardcode it to linux.
Fixes#27730
Automatic merge from submit-queue
[Refactor] QOS to have QOS Class type for QoS classes
This PR adds a QOSClass type and initializes QOSclass constants for the three QoS classes.
It would be good to use this in all future QOS related features.
This would be good to have for the (Pod level cgroups isolation proposal)[https://github.com/kubernetes/kubernetes/pull/26751] that i am working on aswell.
@vishh PTAL
Signed-off-by: Buddha Prakash <buddhap@google.com>
Automatic merge from submit-queue
Fix attach command for InitContainers
Added InitContainers to the things that GetContainer in attach.go has to look for to find a container to attach. Also test case added.
fixes#27540
Automatic merge from submit-queue
Kubelet can retrieve host IP even when apiserver has not been contacted
fixes https://github.com/kubernetes/kubernetes/issues/26590, fixes https://github.com/kubernetes/kubernetes/issues/6558
Right now the kubelet expects to get the hostIP from the kubelet's local nodeInfo cache. However, this will be empty if there is no api-server (or the apiServer has not yet been contacted).
In the case of static pods, this change means the downward api can now be used to populate hostIP.
Automatic merge from submit-queue
Add not-running check to kubectl-exec
Different cases:
- pod is started, container terminated:
```
error: error executing remote command: error executing command in container: container not found ("sleep1")
```
- pod has terminated:
```
error: cannot exec into a container in a completed pod; current phase is Succeeded
```
- container does not exist in pod spec:
```
Error from server: container foo is not valid for pod multi-container
```
Fixes https://github.com/openshift/origin/issues/8472#event-681794952
Automatic merge from submit-queue
vSphere provider - Getting node data by ip instead of uuid
To get the uuid we need the service to be running as root. This change
allows us to run the controller-manager and api server as non-root.
Automatic merge from submit-queue
kubelt: Remove a couple lines of dead code
Presumably that code was added for debugging reasons and never removed. Hopefully.
If it's actually important and there's a good reason to do what looks like a no-op to get pause-the-world behaviour or whatever, I'd hope there'd be a comment.
cc @pwittrock
Automatic merge from submit-queue
Set network related flags for container gen-swagger-docs
When running `hack/update-api-reference-docs.sh`, I get failure messages as below. This is because:
My env is behind a proxy, I have to input username/password in a page first for authentication before visiting internet. But I have no any way to visit that page in GUI mode in the container gen-swagger-docs. Can we run the container gen-swagger-docs using host network and passing an env variable `https_proxy` to it? I try this way and it works well. This would be helpful for me and other developers who may have this issue.
cc @caesarxuchao Thanks!
```
root@vm:/home/paas/zxp/code/k8s/fork/kubernetes# hack/update-api-reference-docs.sh
Note: This assumes that swagger spec has been updated. Please run hack/update-swagger-spec.sh to ensure that.
Generating api reference docs at /home/paas/zxp/code/k8s/fork/kubernetes/_output/generated_html
Reading swagger spec from: /home/paas/zxp/code/k8s/fork/kubernetes/api/swagger-spec/
--2016-06-09 16:35:26-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
--2016-06-09 16:36:06-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
--2016-06-09 16:36:46-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
!!! Error in hack/update-api-reference-docs.sh:71
'docker run ${user_flags} --rm -v "${TMP_IN_HOST}":/output:z -v "${SWAGGER_PATH}":/swagger-source:z gcr.io/google_containers/gen-swagger-docs:v5 "${SWAGGER_JSON_NAME}" "${REGISTER_FILE_URL}"' exited with status 1
Call stack:
1: hack/update-api-reference-docs.sh:71 main(...)
Exiting with status 1
```
Automatic merge from submit-queue
[client-gen]Add Patch to clientset
* add the Patch() method to the clientset.
* I have to rename the existing Patch() method of `Event` to PatchWithEventNamespace() to avoid overriding.
* some minor changes to the fake Patch action.
cc @Random-Liu since he asked for the method
@kubernetes/sig-api-machinery
ref #26580
```release-note
Add the Patch method to the generated clientset.
```
Automatic merge from submit-queue
Dynamically derive AttachOptions.CommandName
This PR sets AttachOptions.CommandName dynamically depending on the corba Command
hierarchy. If the root command is named e.g. "oc" (for the OpenShift cli) this
will result in "oc attach" instead of the static "kubectl attach" before this
patch.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1341450
Automatic merge from submit-queue
Fix startup type error in initializeCaches
The following error was getting logged:
PersistentVolumeController can't initialize caches, expected list of volumes, got:
&{TypeMeta:{Kind: APIVersion:} ListMeta:{SelfLink:/api/v1/persistentvolumes ResourceVersion:11} Items:[]}
The tests make extensive use of NewFakeControllerSource which uses api.List
instead of api.PersistentVolumeList. So use reflect to help iterate over the
items then assert the item type.
fixes#27757
Automatic merge from submit-queue
optimize deleteFromIndices method of thread_safe_store
As all methods of thread_safe_store are threadsafe, so i think, in deleteFromIndices method, if the index is nil, need not run the for structure below
David McMahon
