Automatic merge from submit-queue (batch tested with PRs 35300, 36709, 37643, 37813, 37697)
add rbac action to subjects type
This adds the ability to go from an authorization action to the list subjects who have the power to perform the action. This will be used to either back an RBAC specific endpoint or generic authorization endpoint. Because of the way authorization works today, the set of subjects returned will always be a subset of those with access since any authorizer can say yes.
@kubernetes/sig-auth
Automatic merge from submit-queue (batch tested with PRs 37094, 37663, 37442, 37808, 37826)
Fix the PATH that install-etcd.sh tells you to use
After you run install-etcd.sh, it tells you:
etcd v3.0.14 installed. To use:
export PATH=${PATH}:/home/danw/rh/go/src/k8s.io/kubernetes/third_party/etcd
which doesn't work if you have an older etcd installed in /usr/bin:
danw@w541:kubernetes (master)> PATH=${PATH}:/home/danw/rh/go/src/k8s.io/kubernetes/third_party/etcd etcd --version
etcd Version: 2.2.5
You need to put the local etcd dir first in PATH, not last.
Automatic merge from submit-queue (batch tested with PRs 37094, 37663, 37442, 37808, 37826)
fix if condition question in kubelet run() function
Here variable err returned by function NewForConfig(&eventClientConfig) if CreateAPIServerClientConfig() function runs correctly . And we should not print "invalid kubeconfig" info.
Should we use else instead of if.
Automatic merge from submit-queue (batch tested with PRs 37094, 37663, 37442, 37808, 37826)
Moved gobindata, refactored ReadOrDie refs
**What this PR does / why we need it**: Having gobindata inside of test/e2e/framework prevents external projects from importing the framework. Moving it out and managing refs fixes this problem.
**Which issue this PR fixes**: fixes#37007
Automatic merge from submit-queue
Refactor describe.go with PrefixWriter
**What this PR does / why we need it**:
refactor describeContainers function and decrease gocyclo result
**Special notes for your reviewer**:
the new PR for 36032
https://github.com/kubernetes/kubernetes/pull/36032
**Release note**:
```release-note
```NONE
Automatic merge from submit-queue (batch tested with PRs 37608, 37103, 37320, 37607, 37678)
Fix issue #37377: Report an event on successful PVC provisioning
This is a simple patch to fix the issue #37377: On a successful PVC provisioning an event is emitted so it's clear the provisioning actually succeeded.
cc: @jsafrane
Automatic merge from submit-queue (batch tested with PRs 37608, 37103, 37320, 37607, 37678)
Remove stray quote from API docs
There was a PR that removed backquote from the line recently, but there's also extra quote.
Automatic merge from submit-queue (batch tested with PRs 37608, 37103, 37320, 37607, 37678)
add some help info about the 'all' arg
**What this PR does / why we need it**:
There is an arg named "all" in the get command, we can use it like "kubectl get all". But we can get nothing about this arg in the help description. Users may not know how to use it without looking into the source code. So here I'm going to add some description about this arg.
**Which issue this PR fixes**
We discussed about this in
In pkg/kubectl/cmd/get.go there is a confused arg named "all" [#37533](https://github.com/kubernetes/kubernetes/issues/37533)
Automatic merge from submit-queue
Reuse fields and labels
This should significantly reduce memory allocations in apiserver in large cluster.
Explanation:
- every kubelet is refreshing watch every 5-10 minutes (this generally is not causing relist - it just renews watch)
- that means, in 5000-node cluster, we are issuing ~10 watches per second
- since we don't have "watch heartbets", the watch is issued from previously received resourceVersion
- to make some assumption, let's assume pods are evenly spread across pods, and writes for them are evenly spread - that means, that a given kubelet is interested in 1 per 5000 pod changes
- with that assumption, each watch, has to process 2500 (on average) previous watch events
- for each of such even, we are currently computing fields.
This PR is fixing this problem.
Automatic merge from submit-queue
Remove ExportOptions from api/internal and use unversioned
Should only have one internal object in use
Part of #37530
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)
Refactor certificate controller to make approval an interface
@mikedanese
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)
add controller roles
Upstream controller roles that have downstream.
@sttts this is a start at roles for controllers. I've made names match for now, but they could use some love in both the controller manager and here. I'd recommend using this as a starting point.
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)
Warn if firewalld service is enabled.
Fixes https://github.com/kubernetes/kubeadm/issues/21
Output will be:
```
(root@centos1 ~) $ kubeadm init
Running pre-flight checks
WARNING: firewalld is active, please ensure ports [6443 9898 10250] are open
```
I went with the port list from @errordeveloper 's ansible playbook here but it's possible there should be others listed.
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)
Use Go 1.7.4 due to security fixes
**What this PR does / why we need it**: Golang released 1.7.4 with few security fixes.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
- bump Go compiler to 1.7.4
```
An allocator of integers that allows for changing the range.
Previously allocated numbers are not lost, and can be
released later even if they have fallen outside of the range.
Signed-off-by: Michael Adam <obnox@redhat.com>
Automatic merge from submit-queue
staging/client-go: fix the wrong description
**What this PR does / why we need it**:
Some mistakes has been found in the file "RADMME.md"(k8s.io/kubernetes/staging), may be it cause by original files has been removed or renamed.
It can not work very well if follow current description, so i changed it.
Automatic merge from submit-queue (batch tested with PRs 37997, 37939, 37990, 36700, 37258)
Add cluster-level AppArmor E2E test
My goal is to reuse this test for an automated cluster upgrade test.
Automatic merge from submit-queue (batch tested with PRs 37997, 37939, 37990, 36700, 37258)
--export flag belongs to kubectl get, not kubectl
**What this PR does / why we need it**:
When running the kubectl via symlink to hyperkube, the ``--export`` flag is not delegated to `kubectl get` but to `kubectl` only. Ending with unrecognized flag.
Automatic merge from submit-queue (batch tested with PRs 37997, 37939, 37990, 36700, 37258)
Enable containerized mounter only for nfs and glusterfs types
This change is to only enable containerized mounter for nfs and
glusterfs types. For other types such as tmpfs, ext2/3/4 or empty type,
we should still use mount from $PATH to minimize the effect of containerized mounter.
Automatic merge from submit-queue (batch tested with PRs 37997, 37939, 37990, 36700, 37258)
Revert "Skip StatefulSet e2e tests if this resource is not found"
Replaces https://github.com/kubernetes/kubernetes/pull/37398
Automatic merge from submit-queue
Make pvc storage class annotation immutable after create
Fixes#34516
Added immutable check in validation.go
```
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
# persistentvolumeclaims "gce-claim-storageclass" was not valid:
# * metadata.annotations.volume.beta.kubernetes.io/storage-class: Invalid value: "slow2": field is immutable
#
```
Automatic merge from submit-queue (batch tested with PRs 36263, 36755, 37357, 37222, 37524)
kubeadm: Skip etcd related preflight checks and reset actions for external etcd
**What this PR does / why we need it**:
Skip etcd related preflight checks and reset actions for external etcd
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # https://github.com/kubernetes/kubeadm/issues/69#issuecomment-262988388
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
kubeadm: Skip etcd related preflight checks and reset actions for external etcd
```
Automatic merge from submit-queue (batch tested with PRs 36263, 36755, 37357, 37222, 37524)
kubeadm: Implement support for symbolic labels in --use-kubernetes-version
**What this PR does / why we need it**: This patch adds "stable", "latest" and other labels as valid versions in "kubeadm init --use-kubernetes-version" flag.
Now, defaults can be pointing to "stable" and users will always get
latest available stable build of Kubernetes via kubeadm.
There is no need anymore to hardcode version string inside kubeadm
binary.
It is also possible to use labels like "latest" or point to exact
branch: "stable-1.4"
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm init --use-kubernetes-version now understands "stable","latest", "stable-1.4" and other labels as valid version. It will fetch actual build number from release servers.
```
Automatic merge from submit-queue (batch tested with PRs 36263, 36755, 37357, 37222, 37524)
Add flag to enable contention profiling in scheduler.
```release-note
Add flag to enable contention profiling in scheduler.
```
Automatic merge from submit-queue (batch tested with PRs 36263, 36755, 37357, 37222, 37524)
add other impersonation fields to transport
Adds the group and extra fields to the impersation options in a rest and transport config.
@kubernetes/sig-auth
This change is to only enable containerized mounter for nfs and
glusterfs types. For other types such as tmpfs, ext2/3/4 or empty type,
we should still use mount from $PATH
Automatic merge from submit-queue
Kubeadm unit tests for kubeadm/app/master package
Added unit tests for the kubeadm/app/master package testing functionality of tokens.go, kubeconfig.go, manifests.go, pki.go, discovery.go, addons.go, and apiclient.go.
This PR is part of the ongoing effort to add tests (#35025)
/cc @pires @jbeda
Automatic merge from submit-queue
test: update rollover test to wait for available rs before adopting
Scenario that happened in https://github.com/kubernetes/kubernetes/issues/35355#issuecomment-257808460
-- Replica set that is about to be adopted has 2 out of 4 ready replicas
-- Deployment is created with 4 replicas, adopts pre-existing replica set, creates a new one, and starts rolling replicas over to the new replica set.
```
Nov 2 01:38:17.088: INFO: At 2016-11-02 01:38:04 -0700 PDT - event for test-rollover-deployment: {deployment-controller } ScalingReplicaSet: Scaled down replica set test-rollover-controller to 3
Nov 2 01:38:17.088: INFO: At 2016-11-02 01:38:04 -0700 PDT - event for test-rollover-deployment: {deployment-controller } ScalingReplicaSet: Scaled up replica set test-rollover-deployment-2505289747 to 1
Nov 2 01:38:17.088: INFO: At 2016-11-02 01:38:04 -0700 PDT - event for test-rollover-deployment-2505289747: {replicaset-controller } SuccessfulCreate: Created pod: test-rollover-deployment-2505289747-iuiei
Nov 2 01:38:17.088: INFO: At 2016-11-02 01:38:04 -0700 PDT - event for test-rollover-deployment-2505289747-iuiei: {default-scheduler } Scheduled: Successfully assigned test-rollover-deployment-2505289747-iuiei to gke-jenkins-e2e-default-pool-33c0400e-6q5m
Nov 2 01:38:17.088: INFO: At 2016-11-02 01:38:05 -0700 PDT - event for test-rollover-deployment: {deployment-controller } ScalingReplicaSet: Scaled up replica set test-rollover-deployment-2505289747 to 2
```
At this point there is no minimum availability for the Deployment (maxUnavailable is 1 meaning desired minimum available is 3 but we only have 2), and the new replica set uses a non-existent image. New replica set is scaled up to 1 (maxSurge is 1), then old replica set is scaled down by one, because cleanupUnhealthyReplicas observes that it has 2 unhealthy replicas - it can only scale down one though because the [maximum replicas it can cleanup is one](d87dfa2723/pkg/controller/deployment/rolling.go (L125)) (4+1-3-1). New replica set is scaled to 2. Available replicas are still 2 (third replica from the old replica set has yet to come up).
-- Deployment is rolled over with a new update. Test reaches for the WaitForDeploymentStatus check but there are only 2 availableReplicas (maxUnavailable is still violated).
This change makes the test wait for a healthy replica set before proceeding thus it should never hit the scenario described above.
@kubernetes/deployment
Automatic merge from submit-queue
Clean up redundant tests in image_manager_test
There was a lot of overlap between parallel and serialized puller tests,
extracted most of these tests internals to separate functions.
Automatic merge from submit-queue
Add optional timeout logic to e2e.go
ref https://github.com/kubernetes/test-infra/issues/1250
Add a --timeout=5 flag.
If unset this does not change behavior.
If set this first sends an interrupt signal and then 15m later starts terminating child processes.
Will test out this change in another PR using the .use_head_e2e trick
- Remaining spaghetti untangled
- Missed bazel update and a few hardcoded refs
- New instance of framework.ReadOrDie reference removed post rebase
- Resolve new clientset rebase
- Fixed e2e/generated BUILD dep
- A space
- Missed gobindata ref in golang.sh
Kubernetes Submit Queue