Automatic merge from submit-queue
Update the AppArmor design proposal
3 modifications to the original AppArmor design proposal:
1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.
/cc @bgrant0607 @erictune @pmorie @pweil-
Automatic merge from submit-queue
Delete useless code
The correct code is `cluster, ok := obj.(*v1beta1.Cluster)`, so the above `cluster := obj.(*v1beta1.Cluster)` is useless.
Automatic merge from submit-queue
Kubelet: add gRPC implementation of new runtime interface
Add gRPC implementation of new runtime interface.
CC @yujuhong @Random-Liu @kubernetes/sig-node
Automatic merge from submit-queue
Validate list objects when building scheme
The first commit is #29468. This PR is a followup.
Modified the description of **List** in api-convention.md to:
`The name of a list kind must end with "List". Lists have a limited set of common metadata. All lists use the required "items" field to contain the array of objects they return. Any kind that has the "items" field must be a list kind.`
Also added code to enforce the above rules during scheme registration.
@kubernetes/sig-api-machinery @bgrant0607 @erictune @lavalamp @smarterclayton
Automatic merge from submit-queue
Documented second arg to create-flanneld-opts in cluster/ubuntu/util.sh
This is a bug fix, no release note needed.
Fixes#29546
Automatic merge from submit-queue
Clone kubernetes/release into something other than /release due to conflict with /release.
It looks like $WORKSPACE is the root of the kubernetes clone. I think ideally we'd move that down a level and allow subdirectories of different repos. I think this may become the norm as we split things up further as well. What do you think and how should we proceed here? @ixdy @spxtr
Automatic merge from submit-queue
GKE test-build-release: Actually do the build.
Multiple devs (myself included!) have experienced frustration with the fact that if `KUBERNETES_PROVIDER=gke` then `hack/e2e.go --build` doesn't actually do a build.
Are we actually relying on this behavior anywhere?
Automatic merge from submit-queue
allow watching old resources with kubectl
Right now, one can not watch a resource with kubectl whose resourceVersion is outside the etcd watch window. Specifying resourceVersion=0 returns the current object, then watches from the current index.
This PR changes the logic to use resourceVersion=0, which will work regardless of the resourceVersion of the object, and discard the first event if --watch-only is specified.
@ncdc @aveshagarwal
Automatic merge from submit-queue
[Garbage Collector] add e2e tests again
#27151 is reverted because gke didn't start correctly after it's merged (https://github.com/kubernetes/kubernetes/pull/27151#issuecomment-233030686).
The possible problem is the `unbound variable`, which is fixed in the second commit of this PR. However, I cannot verify if the PR will fail the gke suite since I don't have the environment to run that suite.
@wojtek-t @lavalamp
Automatic merge from submit-queue
Update test-owners with new tests, add catch-all assignment to test-infra team.
We will triage any additional failures, since they're more likely to be infra related. If they're not, they can always be reassigned (and the owners list can be updated!)
/cc @kubernetes/test-infra-maintainers
Automatic merge from submit-queue
discovery: Adding a discover based RESTMapper
Added a PriorityRESTMapper that operates off of discovery information. I
made an auxiliary data type and function to help collect and organize
the information.
Automatic merge from submit-queue
azure: kube-up respects AZURE_RESOURCE_GROUP
This fixes#28482.
* declare AZKUBE_ variables as global to workaround lack of bash support for exporting array variables
Added a PriorityRESTMapper that operates off of discovery information. I
made an auxiliary data type and function to help collect and organize
the information.
Automatic merge from submit-queue
Change eviction logic in NodeController and make it Zone-aware
Ref. #28832
This PR changes the behavior of the NodeController. From now on
```release-note
Change eviction policies in NodeController:
- add a "partialDisruption" mode, when more than 33% of Nodes in the zone are not Ready
- add "fullDisruption" mode, when all Nodes in the zone are not Ready
Eviction behavior depends on the mode in which NodeController is operating:
- if the new state is "partialDisruption" or "fullDisruption" we call a user defined function that returns a new QPS to use (default 1/10 of the default rate, and the default rate respectively),
- if the new state is "normal" we resume normal operation (go back to default limiter settings),
- if all zones in the cluster are in "fullDisruption" state we stop all evictions.
```
cc @wojtek-t @smarterclayton @davidopp
Automatic merge from submit-queue
Create client from API version passed in config or use default
When creating a client read the `GroupVersion` value passed in the `restclient.Config`. If the passed `GroupVersion` does not match current group or is not enabled fallback to default `GroupVersion` for that group.
This PR should allow accessing `ScheduledJob` properly in `batch/v2alpha1`.
@smarterclayton @deads2k @caesarxuchao @lavalamp ptal
Automatic merge from submit-queue
Node E2E: Add serial jenkins job.
This PR added a jenkins job for serial test. It will run all serial test one by one.
This will be useful for https://github.com/kubernetes/kubernetes/pull/29809.
@coufon @yujuhong @dchen1107
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Kubelet: add fake kube runtime
Add a new fake kube runtime with kubelet using the new runtime API.
CC @yujuhong @Random-Liu
Dominika Hodovska