Automatic merge from submit-queue (batch tested with PRs 46979, 47078, 47138, 46916)
DeleteCollection should include uninitialized resources
Users who delete a collection expect all resources to be deleted, and
users can also delete an uninitialized resource. To preserve this
expectation, DeleteCollection selects all resources regardless of
initialization.
The namespace controller should list uninitialized resources in order to
gate cleanup of a namespace.
Fixes#47137
Automatic merge from submit-queue (batch tested with PRs 46979, 47078, 47138, 46916)
HPA: only send updates when the status has changed
This commit only sends updates if the status has actually changed.
Since the HPA runs at a regular interval, this should reduce the volume
of writes, especially on short HPA intervals with relatively constant
metrics.
Fixes#47077
**Release note**:
```release-note
The HorizontalPodAutoscaler controller will now only send updates when it has new status information, reducing the number of writes caused by the controller.
```
Automatic merge from submit-queue (batch tested with PRs 45877, 46846, 46630, 46087, 47003)
gpusInUse info error when kubelet restarts
**What this PR does / why we need it**:
In my test, I found 2 errors in the nvidia_gpu_manager.go.
1. the number of activePods in gpusInUse() equals to 0 when kubelet restarts. It seems the Start() method was called before pods recovery which caused this error. So I decide not to call gpusInUse() in the Start() function, just let it happen when new pod needs to be created.
2. the container.ContainerID in line 242 returns the id in format of "docker://<container_id>", this will make the client failed to inspect the container by id. We have to erase the prefix of "docker://".
**Special notes for your reviewer**:
**Release note**:
```
Avoid assigning the same GPU to multiple containers.
```
Automatic merge from submit-queue (batch tested with PRs 45877, 46846, 46630, 46087, 47003)
func parseEndpointWithFallbackProtocol should check if protocol of endpoint is empty
**What this PR does / why we need it**:
func parseEndpointWithFallbackProtocol should check if protocol of endpoint is empty
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: part of #45927
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45877, 46846, 46630, 46087, 47003)
add Unit Test for PodList Printer
Signed-off-by: zhangxiaoyu-zidif <zhang.xiaoyu33@zte.com.cn>
**What this PR does / why we need it**:
add Unit Test for PodList Printer
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47024, 47050, 47086, 47081, 47013)
Wrap HumanReadablePrinter in tab output unless explicitly asked not to
`kubectl get` was not properly aligning its output due to #40848
Fixes an accidental regression. In general, we should not accept an incoming tabwriter and instead manage at a higher level. Fix the bug and add a comment re: future refactoring.
Users who delete a collection expect all resources to be deleted, and
users can also delete an uninitialized resource. To preserve this
expectation, DeleteCollection selects all resources regardless of
initialization.
The namespace controller should list uninitialized resources in order to
gate cleanup of a namespace.
Automatic merge from submit-queue (batch tested with PRs 43005, 46660, 46385, 46991, 47103)
Azure cloudprovider retry using flowcontrol
An initial attempt at engaging exponential backoff for API error responses.
Addresses #47048
Uses k8s.io/client-go/util/flowcontrol; implementation inspired by GCE
cloudprovider backoff.
**What this PR does / why we need it**:
The existing azure cloudprovider implementation has no guard rails in place to adapt to unexpected underlying operational conditions (i.e., clogs in resource plumbing between k8s runtime and the cloud API). The purpose of these changes is to support exponential backoff wrapping around API calls; and to support targeted rate limiting. Both of these options are configurable via `--cloud-config`.
Implementation inspired by the GCE's use of `k8s.io/client-go/util/flowcontrol` and `k8s.io/apimachinery/pkg/util/wait`, this PR likewise uses `flowcontrol` for rate limiting; and `wait` to thinly wrap backoff retry attempts to the API.
**Special notes for your reviewer**:
Pay especial note to the declaration of retry-able conditions from an unsuccessful HTTP request:
- all `4xx` and `5xx` HTTP responses
- non-nil error responses
And the declaration of retry success conditions:
- `2xx` HTTP responses
Tests updated to include additions to `Config`.
Those may be incomplete, or in other ways non-representative.
**Release note**:
```release-note
Added exponential backoff to Azure cloudprovider
```
Automatic merge from submit-queue (batch tested with PRs 43005, 46660, 46385, 46991, 47103)
Consolidate sysctl commands for kubelet
**What this PR does / why we need it**:
These commands are important enough to be in the Kubelet itself.
By default, Ubuntu 14.04 and Debian Jessie have these set to 200 and
20000. Without this setting, nodes are limited in the number of
containers that they can start.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#26005
**Special notes for your reviewer**:
I had a difficult time writing tests for this. It is trivial to create a fake sysctl for testing, but the Kubelet does not have any tests for the prior settings.
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46977, 47005, 47018, 47061, 46809)
Fix HostAlias to validate against DNS1123 hostname instead of just labels
**What this PR does / why we need it**: the validation for HostAlias was validating the hostnames against DNS labels instead of hostnames. This means hostnames like `foo.bar` would fail. I did not catch this because unit test cases only had hostnames like `foo`.
**Which issue this PR fixes**: fixes issue introduced in #44641
**Release note**:
```release-note
fixed HostAlias in PodSpec to allow `foo.bar` hostnames instead of just `foo` DNS labels.
```
Automatic merge from submit-queue (batch tested with PRs 46977, 47005, 47018, 47061, 46809)
Waiting attach operation to be finished rather than returning nil
Fixes#46882
This commit only sends updates if the status has actually changed.
Since the HPA runs at a regular interval, this should reduce the volume
of writes, especially on short HPA intervals with relatively constant
metrics.
Automatic merge from submit-queue
newCFSSLSigner: improve error reporting by including file name in the message
**What this PR does / why we need it**:
This PR improves error reporting by including an action and a file name into the error message.
Before:
>E0605 17:01:57.020485 29156 certificates.go:38] Failed to start certificate controller: open : no such file or directory
After:
>E0605 18:21:32.375884 4896 certificates.go:38] Failed to start certificate controller: error reading CA file "": open : no such file or directory
**Release note**:
```release-note
NONE
```
CC @mfojtik
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)
implements StatefulSet update
**What this PR does / why we need it**:
1. Implements rolling update for StatefulSets
2. Implements controller history for StatefulSets.
3. Makes StatefulSet status reporting consistent with DaemonSet and ReplicaSet.
https://github.com/kubernetes/features/issues/188
**Special notes for your reviewer**:
**Release note**:
```release-note
Implements rolling update for StatefulSets. Updates can be performed using the RollingUpdate, Paritioned, or OnDelete strategies. OnDelete implements the manual behavior from 1.6. status now tracks
replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to this release.
```
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)
Add Japanese translation for kubectl
**What this PR does / why we need it**:
I messed up the original PR(#45562) which was already been reviewed and approved. This PR provides first attempt to translate kubectl in Japanese (related to #40645 and #40591).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
No issues
**Special notes for your reviewer**:
Should be reviewed by member of Japanese k8s community (I stayed in Japan for 4 years, but my language is not as good as native Japanese)
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)
Get command uses print-column extn from Openapi schema
**What this PR does / why we need it**:
Kubectl Get command now uses metadata 'x-kubernetes-print-column' from Openapi schema to display a resource. This is to enable richer experience for non-compiled types (like service catalog API resources) in Kubectl. This functionality is currently guarded by a boolean flag "use-openapi-print-columns".
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes https://github.com/kubernetes/kubectl/issues/22
**Special notes for your reviewer**:
**Release note**:
```release-note
Get command uses OpenAPI schema to enhance display for a resource if run with flag 'use-openapi-print-columns'.
An example command:
kubectl get pods --use-openapi-print-columns
```
Automatic merge from submit-queue (batch tested with PRs 47083, 44115, 46881, 47082, 46577)
Do not fire InsufficientResourceError when there are intentional reasons
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45780
**Special notes for your reviewer**:
Return directly of essential predicates failed.
**Release note**:
```release-note
NONE
```
Get command now uses metadata x-kubernetes-print-columns, if present, in Openapi schema
to format output for a resource. This functionality is guarded by a boolean
flag 'use-openapi-print-columns'.
Implements history utilities for ControllerRevision in the controller/history package
StatefulSetStatus now has additional fields for consistency with DaemonSet and Deployment
StatefulSetStatus.Replicas now represents the current number of createdPods and StatefulSetStatus.ReadyReplicas is the current number of ready Pods
Automatic merge from submit-queue (batch tested with PRs 46718, 46828, 46988)
Update docs/ links to point to main site
**What this PR does / why we need it**:
This updates various links to either point to kubernetes.io or to the kubernetes/community repo instead of the legacy docs/ tree in k/k
Pre-requisite for #46813
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-docs-maintainers @chenopis @ahmetb @thockin
Automatic merge from submit-queue (batch tested with PRs 46718, 46828, 46988)
handle unversioned objects for encoding for CRs
Fixes https://github.com/kubernetes/kubernetes/issues/47036
This updates the encoding for "special" types like `Status` when coming back through the CR APIs. It also closes a bug this allowed to be exposed in validation for CRs
xref: https://github.com/kubernetes/features/issues/95
Automatic merge from submit-queue (batch tested with PRs 46775, 47009)
kuberuntime: check the value of RunAsNonRoot when verifying
The verification function is fixed to check the value of RunAsNonRoot,
not just the existence of it. Also adds unit tests to verify the correct
behavior.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46996
**Release note**:
```release-note
Fix the bug where container cannot run as root when SecurityContext.RunAsNonRoot is false.
```
Automatic merge from submit-queue
Rename {kube- ->}apiextensions-{-> api}server
Completely mechanical renaming, as preparation of the repo sync. This repo is generic, the prefix does not make sense.
Part of issue https://github.com/kubernetes/kubernetes/issues/46702
TODOs
- [ ] Waiting for the submit queue to settle, then rebase.
Automatic merge from submit-queue (batch tested with PRs 46112, 46764, 46727, 46974, 46968)
iscsi storage plugin: bkpPortal should be initialized beforehand
**What this PR does / why we need it**:
This patch is a follow up patch for the PR #46239.
The bkpPortal in DetachDisk() path should be initialized before using it.
**Special notes for your reviewer**:
/cc @rootfs @childsb
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46112, 46764, 46727, 46974, 46968)
Add controllerrevisions as valid resource in kubectl help
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**: controllerrevisions is a new resource added in 1.7 @kubernetes/sig-cli-maintainers
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46787, 46876, 46621, 46907, 46819)
Fix cAdvisorPort, 0 is a valid option
wrt #11710, this maintains the current default if nobody provides the flag, but allows explicitly passing 0.
/cc @farcaller @vishh @liggitt @antoineco @philips
/assign @liggitt @vishh
```release-note
Fixes a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue #11710.
```
Automatic merge from submit-queue
Add EmptyDir volume capacity isolation
This PR adds the support for isolating the emptyDir volume use. If user
sets a size limit for emptyDir volume, kubelet's eviction manager monitors its usage
and evict the pod if the usage exceeds the limit.
This feature is part of local storage capacity isolation and described in the proposal kubernetes/community#306
**Release note**:
```release-note
Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits
```
Automatic merge from submit-queue (batch tested with PRs 46967, 46992, 43338, 46717, 46672)
Add group alias names to API resources to allow discovery
**What this PR does / why we need it**:
Adds `GroupNames []string` to API resources, which represents the list of group aliases that every resource belongs to.
Partially fixes https://github.com/kubernetes/kubernetes/issues/41353
This moves the logic of "all" (which currently [translates](fbc94c0896/pkg/kubectl/cmd/util/shortcut_restmapper.go (L106)) to "pods,replicationcontrollers,services,...") to the server-side. Will allow clients like `kubectl` to discover group aliases instead of having it hardcoded and the API server to better handle consistency across multiple clients, version skew, etc; and will make "all" un-special and allow other groups to be created.
As a follow-up we'll patch `kubectl` to make groups aliases discoverable and the hardcoded list a fallback while we still have to support it.
Related to https://github.com/kubernetes/kubernetes/pull/42595#issuecomment-286839885.
**Release note**:
```release-note
Adds the `Categories []string` field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to.
```
@kubernetes/sig-api-machinery-misc @deads2k @bgrant0607
Fixes an accidental regression. In general, we should not accept an
incoming tabwriter and instead manage at a higher level. Fix the bug and
add a comment re: future refactoring.
Automatic merge from submit-queue (batch tested with PRs 44883, 46836, 46765, 46683, 46050)
Fix round-trip of Unstructured.OwnerReferences
**What this PR does / why we need it**:
Previously `setOwnerReference()` was storing pointers but `extractOwnerReference()` is expecting pointer fields as plain values so it cannot read those pointers. And hence you cannot read what you've just stored.
**Which issue this PR fixes**
#46817
**Special notes for your reviewer**:
This is similar to #43346.
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue