Automatic merge from submit-queue
Move non-Minikube local cluster guides from docs repo to kubernetes d…
Move the local cluster docs out of the docs repo. Keeping them around since they may be used by some folks for development.
Automatic merge from submit-queue
Update the AppArmor design proposal
3 modifications to the original AppArmor design proposal:
1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.
/cc @bgrant0607 @erictune @pmorie @pweil-
Automatic merge from submit-queue
Validate list objects when building scheme
The first commit is #29468. This PR is a followup.
Modified the description of **List** in api-convention.md to:
`The name of a list kind must end with "List". Lists have a limited set of common metadata. All lists use the required "items" field to contain the array of objects they return. Any kind that has the "items" field must be a list kind.`
Also added code to enforce the above rules during scheme registration.
@kubernetes/sig-api-machinery @bgrant0607 @erictune @lavalamp @smarterclayton
Automatic merge from submit-queue
change the relative links to definition in operations.html
...to satisfy the new directory layout in the kubernetes.io.
This will make the manual changes in https://github.com/kubernetes/kubernetes.github.io/pull/369 persist.
I still need to bump up the gcr.io/google_containers/gen-swagger-docs image version. I'll do that after I get LGTM here.
cc @bgrant0607 @xiangpengzhao
Automatic merge from submit-queue
Node E2E: Make node e2e parallel
For https://github.com/kubernetes/kubernetes/issues/29081.
Fix https://github.com/kubernetes/kubernetes/issues/26215.
Based on https://github.com/kubernetes/kubernetes/pull/28807, https://github.com/kubernetes/kubernetes/pull/29020, will rebase after they are merged.
**Only the last commit is new.**
We are going to move more tests into the node e2e test. However, currently node e2e test only run sequentially, the test duration will increase quickly when we add more test.
This PR makes the node e2e test run in parallel so as to shorten test duration, so that we can add more test to improve the test coverage.
* If you run the test locally with `make test-e2e-node`, it will use `-p` ginkgo flag, which uses `(cores-1)` parallel test nodes by default.
* If you run the test remotely or in the Jenkin, the parallelism will be controlled by the environment variable `PARALLELISM`. The default value is `8`, which is reasonable for our test node (n1-standard-1).
Before this PR, it took **833.592s** to run all test on my desktop.
With this PR, it only takes **234.058s** to run.
The pull request node e2e run with this PR takes **232.327s**.
The pull request node e2e run for other PRs takes **673.810s**.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Add API for StorageClasses
This is the API objects only required for dynamic provisioning picked apart from the controller logic.
Entire feature is here: https://github.com/kubernetes/kubernetes/pull/29006
Automatic merge from submit-queue
Initial support for pod eviction based on disk
This PR adds the following:
1. node reports disk pressure condition based on configured thresholds
1. scheduler does not place pods on nodes reporting disk pressure
1. kubelet will not admit any pod when it reports disk pressure
1. kubelet ranks pods for eviction when low on disk
1. kubelet evicts greediest pod
Follow-on PRs will need to handle:
1. integrate with new image gc PR (https://github.com/kubernetes/kubernetes/pull/27199)
1. container gc policy should always run (will not be launched from eviction, tbd who does that)
1. this means kill pod is fine for all eviction code paths since container gc will remove dead container
1. min reclaim support will just poll summary provider (derek will do follow-on)
1. need to know if imagefs is same device as rootfs from summary (derek follow-on)
/cc @vishh @kubernetes/sig-node
Automatic merge from submit-queue
remove the omitempty tag from CertificateSigningRequestList.Items
As a general rule, `Items` should be a required field in all lists. In a followup PR, I'll update the api-convention.md and add a check in the schema registration path to enforce the rule. I need to fix this bug to unblock other work.
@kubernetes/api-review-team cc @bgrant0607-cc
Automatic merge from submit-queue
Add support for kubectl create quota command
Follow-up of https://github.com/kubernetes/kubernetes/pull/19625
```
Create a resourcequota with the specified name, hard limits and optional scopes
Usage:
kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=bool] [flags]
Aliases:
quota, q
Examples:
// Create a new resourcequota named my-quota
$ kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
// Create a new resourcequota named best-effort
$ kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort
```
Automatic merge from submit-queue
Redirect the website to new location in gpu-support.md
The website has been changed, should be redirected to new one.
Automatic merge from submit-queue
Give the complete and correct path to client/kubectl/apiserver related
for client/kubectl, “client/unversioned","kubectl/describe.go","kubectl/stop.go", it is not easy to find the location, better add "pkg/".
for apiserver, "registry/daemon", also better add "pkg/", and daemon not exists, should be "daemonset".
Automatic merge from submit-queue
Update proposed flag names for kubelet eviction
This PR changes the flag names proposed in kubelet eviction for minimum amount of resource to reclaim when triggering an eviction.
This captures the design change proposed and agreed to in #27199
Having it in a separate PR removes noise from reviewing the core PR.
/cc @vishh @ronnielai PTAL
Automatic merge from submit-queue
Flannel doc description cidr modify
File "docs\proposals\flannel-integration.md", line 123, "node controller backs off cidr allocation", here cidr is not easy to understand, can be modified to CIDR.
Automatic merge from submit-queue
adds source debug build options
See issue & discussion here: #28227
Enables source debugging the Kubernetes binaries with tools like delve by providing the user with the ability to provide debug build options to the glang compiler.
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
Automatic merge from submit-queue
"server.go" directory error
In file "docs\devel\profiling.md", line 55:
"In 'pkg/master/server/server.go' more servers are created“
Here server.go directory is wrong, should be :pkg/kubelet/server/server.go
Automatic merge from submit-queue
Proposal for ControllerReference
Proposal for including the reference pointing to the owning "collection" (controller) for objects that can be grouped. The goal is to prevent a situation when two controllers are fighting over some resources.
cc @bgrant0607 @lavalamp @caesarxuchao @davidopp @fgrzadkowski @wojtek-t @kubernetes/sig-api-machinery
Automatic merge from submit-queue
Add proposal for service externalName
This is a proposal to address: #13748.
@smarterclayton @ncdc @thockin. Please check this out when you have time, hopefully this is okay :-D
I created the proposal because was unsure if the feature would be able to go in if there isn't a proposal already merged, because of this mail to kubernetes-pm: https://groups.google.com/forum/#!topic/kubernetes-pm/Ki63EztfZMo.
So, IIUC it would be nice to have the proposal merged ASAP (I think the interface looks ok for all, so hopefully this will be easy) so we can have this feature in 1.4 as you guys ( @smarterclayton @ncdc ) need.
Automatic merge from submit-queue
Both the file name and directory of fake docker manager are wrong
In file "docs/devel/kubemark-guide.md b/docs/devel/kubemark-guide.md", line 232
"manager with `pkg/kubelet/fake-docker-manager.go`"
here both the name and directory of fake docker manger are wrong, it should be "pkg/kubelet/dockertools/fake_manager.go".
Automatic merge from submit-queue
File "cluster/kube-env.sh" not exist
In file "docs/devel/developer-guides/vagrant.md", line 281:
"your environment in `cluster/kube-env.sh`:"
Here file "cluster/kube-env.sh" not exist.
Automatic merge from submit-queue
The directory of file "request.go" has been changed, need to modify
In file "docs/devel/api_changes.md", line 402:
"library](../../pkg/client/unversioned/request.go) has custom conversion code for"
Here the directory of request.go "pkg/client/unversioned" has been changed to "pkg/client/restclient", need to modify.
Automatic merge from submit-queue
Add proposal for secret and configmap files mode bits
This is a proposal to address https://github.com/kubernetes/kubernetes/issues/28317.
cc @pmorie (owner) @thockin
@thockin: Sorry if you preferred not to be CCed, I thougth you'd be interested :-)
I think this is always the case, but let me say it one more time just in case: as this is a PR, ALL the feedback is more than welcome!
It's my first time in kubernetes, so sorry in advance if this is obviously wrong. What I realize now is that I forgot to add the headers to the proposal. Is there some script to add them? Or should I just c&p from some other proposal?
Thanks a lot,
Rodrigo
Automatic merge from submit-queue
Doc referrence "container-id" incorrect
File "docs\proposals\disk-accounting.md", line 154, "Everything under `/var/lib/docker/overlay/<container-id>` are files required for running the container", here "container-id" is incorrect because files under "/var/lib/docker/overlay" are layer files, and "container-id" should be "id" thus consistent with line 148 "Image layers and writable layers are stored under `/var/lib/docker/overlay/<id>`".
This allows us to start building real dependencies into Makefile.
Leave old hack/* scripts in place but advise to use 'make'. There are a few
rules that call things like 'go run' or 'build/*' that I left as-is for now.
Automatic merge from submit-queue
Fix some errors in the e2e doc and make it more consistent
- "--tests" is not a valid argument
- use --ginko-skip to exclude (not focus)
- add "--check_node_count=false" to test against local cluster
- always use "--" for long args (there was a mix of "-" and "--" and it was a bit confusing)
Automatic merge from submit-queue
Deprecate the term "Ubernetes"
Deprecate the term "Ubernetes" in favor of "Cluster Federation" and "Multi-AZ Clusters"
Automatic merge from submit-queue
Allow specifying base location for test etcd data
Allows controlling where etcd test data goes. Needed in some environments (like AWS/EBS) to allow putting etcd data on a higher performing volume than /tmp
Search and replace for references to moved examples
Reverted find and replace paths on auto gen docs
Reverting changes to changelog
Fix bugs in test-cmd.sh
Fixed path in examples README
ran update-all successfully
Updated verify-flags exceptions to include renamed files
- "--tests" is not a valid argument
- use --ginko-skip to exclude (not focus)
- add "--check_node_count=false" to test against local cluster
- always use "--" for long args (there was a mix of "-" and "--" and it was a bit confusing)
Automatic merge from submit-queue
Enable extensions/v1beta1/NetworkPolicy by default
Fixes https://github.com/kubernetes/kubernetes/issues/28401
For some reason this also triggered an update to the swagger spec (which apparently hadn't been done before but wasn't failing validation...)
This drives conversion generation from file tags like:
// +conversion-gen=k8s.io/my/internal/version
.. rather than hardcoded lists of packages.
The only net change in generated code can be explained as correct. Previously
it didn't know that conversion was available.
Automatic merge from submit-queue
Prep for not checking in generated, part 1/2
This PR is extracted from #25978 - it is just the deep-copy related parts. All the Makefile and conversion stuff is excluded.
@wojtek-t this is literally branched, a bunch of commits deleted, and a very small number of manual fixups applied. If you think this is easier to review (and if it passes CI) you can feel free to go over it again. I will follow this with a conversion-related PR to build on this.
Or if you prefer, just close this and let the mega-PR ride.
@lavalamp
This is the last piece of Clayton's #26179 to be implemented with file tags.
All diffs are accounted for. Followup will use this to streamline some
packages.
Also add some V(5) debugging - it was helpful in diagnosing various issues, it
may be helpful again.
This drives most of the logic of deep-copy generation from tags like:
// +deepcopy-gen=package
..rather than hardcoded lists of packages. This will make it possible to
subsequently generate code ONLY for packages that need it *right now*, rather
than all of them always.
Also remove pkgs that really do not need deep-copies (no symbols used
anywhere).
Automatic merge from submit-queue
Represent unversioned.Time correctly in swagger spec
unversioned.Time previously represented as "string" type with no format while the correct representation should also have "date-time" as format. fixes#2968
Automatic merge from submit-queue
delete the redundant word "a"
In file docs/reporting-security-issues.md, line #37, "If you believe you have discovered a vulnerability or a have a security incident to report", here the second "a" is redundant, should be deleted.
Automatic merge from submit-queue
"Mover" should be "Moreover"
In file docs/proposals/apiserver-watch.md, line #108, "Mover, this will not require any changes in other parts of the code.", here "Mover" should be "Moreover".
This commit includes a proposal and a Go file to re-define the container
runtime interface.
Note that this is an experimental interface and is expected to go through
multiple revisions once developers start implementing against it. As stated in
the proposal, there are also individual issues to carry discussions of
specific features.
Automatic merge from submit-queue
Remove comment about empty selectors in the service spec
As discussed, removing the comment about empty selectors in Service specs.
Automatic merge from submit-queue
TLS bootstrap API group (alpha)
This PR only covers the new types and related client/storage code- the vast majority of the line count is codegen. The implementation differs slightly from the current proposal document based on discussions in design thread (#20439). The controller logic and kubelet support mentioned in the proposal are forthcoming in separate requests.
I submit that #18762 ("Creating a new API group is really hard") is, if anything, understating it. I've tried to structure the commits to illustrate the process.
@mikedanese @erictune @smarterclayton @deads2k
```release-note-experimental
An alpha implementation of the the TLS bootstrap API described in docs/proposals/kubelet-tls-bootstrap.md.
```
[]()
Automatic merge from submit-queue
Dedent
Adding the dedent package and then applying it to the kubectl help commands. Also updating the documentation to reflect the use of dedent.
lixiaobing10051267