Automatic merge from submit-queue
Add community expectations about conduct and reviewing.
@sarahnovotny @smarterclayton @philips @thockin @davidopp @jbeda
As discussed in the previous community meeting here's a description of the expectations around community, I expanded it a little bit beyond code review because it seemed like a good place to put it
down in one location.
Please let me know what I got wrong (or right ;)
Thanks
--brendan
Automatic merge from submit-queue
Proposal: Add HyperContainer runtime
This PR adds a proposal for integrating [HyperContainer](http://hypercontainer.io) runtime via CRI.
CC @dchen1107 @kubernetes/sig-node
Automatic merge from submit-queue
Change minion to node
Continuation of #1111
I tried to keep this PR down to just a simple search-n-replace to keep
things simple. I may have gone too far in some spots but its easy to
roll those back if needed - just let me know.
I avoided renaming `contrib/mesos/pkg/minion` because there's already
a `contrib/mesos/pkg/node` dir and fixing that will require a bit of work
due to a circular import chain that pops up. So I'm saving that for a
follow-on PR.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Contination of #1111
I tried to keep this PR down to just a simple search-n-replace to keep
things simple. I may have gone too far in some spots but its easy to
roll those back if needed.
I avoided renaming `contrib/mesos/pkg/minion` because there's already
a `contrib/mesos/pkg/node` dir and fixing that will require a bit of work
due to a circular import chain that pops up. So I'm saving that for a
follow-on PR.
I rolled back some of this from a previous commit because it just got
to big/messy. Will follow up with additional PRs
Signed-off-by: Doug Davis <dug@us.ibm.com>
Automatic merge from submit-queue
Move SELinux proposal to docs/design
Moves the proposal into the docs/design directory, as should have happened long ago.
Automatic merge from submit-queue
Dynamic provisioning for flocker volume plugin
Refactor flocker volume plugin
* [x] Support provisioning beta (#29006)
* [x] Support deletion
* [x] Use bind mounts instead of /flocker in containers
* [x] support ownership management or SELinux relabeling.
* [x] adds volume specification via datasetUUID (this is guranted to be unique)
I based my refactor work to replicate pretty much GCE-PD behaviour
**Related issues**: #29006#26908
@jsafrane @mattbates @wallrj @wallnerryan
Automatic merge from submit-queue
Use strongly-typed types.NodeName for a node name
We had another bug where we confused the hostname with the NodeName.
Also, if we want to use different values for the Node.Name (which is
an important step for making installation easier), we need to keep
better control over this.
A tedious but mechanical commit therefore, to change all uses of the
node name to use types.NodeName
Automatic merge from submit-queue
Update storage API group in docs
It reflects actual state of implementation (i.e. the API group was already changed in 1.4).
We had another bug where we confused the hostname with the NodeName.
To avoid this happening again, and to make the code more
self-documenting, we use types.NodeName (a typedef alias for string)
whenever we are referring to the Node.Name.
A tedious but mechanical commit therefore, to change all uses of the
node name to use types.NodeName
Also clean up some of the (many) places where the NodeName is referred
to as a hostname (not true on AWS), or an instanceID (not true on GCE),
etc.
* flocker datasets should be attached using an unique identifier. This
is not the case for the name metadata used by datasetName
* allow only one of datasetUUID / datasetName specified
Automatic merge from submit-queue
Add targets for PHONY in Makefile
Add targets for PHONY in Makefile and keep the same style between rules and PHONY
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
Automatic merge from submit-queue
Remove kubectl namespace command
**What this PR does / why we need it**:
It removes deprecated `kubectl namespace` command, which `has been superseded by the context.namespace field of .kubeconfig files. See 'kubectl config set-context --help' for more details`. It was done nearly two years ago, so like `// TODO remove once people have been given enough time to notice` comment says it may be a good time to get rid of it.
**Special notes for your reviewer**:
None ATM.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Remove kubectl namespace command
```
Automatic merge from submit-queue
Automatic generation of man pages
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
Currently genman supports only kubectl command, so this PR will enable genman to generate man pages for rest of the command like - kube-apiserver, kube-controller-manager, kube-proxy, kube-scheduler, kubelet
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
N/A
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
unify available api group versions in our scripts
There are currently many parallel lists of available group versions with slightly different syntaxes in each one. This collapses them into a single list for us to maintain.
Also caught spots where the lists didn't match before.
@sttts @ncdc
Automatic merge from submit-queue
Correct versioned.Event output in Swagger
Fixes#24240
```release-note
The value of the `versioned.Event` object (returned by watch APIs) in the Swagger 1.2 schemas has been updated from `*versioned.Event` which was not expected by many client tools. The new value is consistent with other structs returned by the API.
```
Automatic merge from submit-queue
typo fixes
**What this PR does / why we need it**: Fixes typographical errors.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: None
**Special notes for your reviewer**: None
**Release note**: None
Automatic merge from submit-queue
Extend all to more resources
Added more things from the list here:
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/cmd.go#L159
Update the devel/kubectl-conventions.md with the rules mentioned by
a few folks on which resources could be added to the special 'all' alias
Automatic merge from submit-queue
api: types: document NodeSpec ID fields
Document MachineID as the preferred field from the discussion here:
https://groups.google.com/d/msg/kubernetes-sig-node/_3mXXB1ohZs/EuYtCzHvBgAJ
I couldn't get the generated things to update. I ran:
```
hack/update-generated-runtime.sh
hack/update-codegen.sh
hack/update-generated-swagger-docs.sh
hack/update-generated-protobuf.sh
hack/update-codecgen.sh
```
What did I miss?!
cc @dchen1107 @thockin
Automatic merge from submit-queue
Doc API group suffix, add test to catch new groups
Spawned from discussion in https://github.com/kubernetes/kubernetes/pull/31887
Doc and add tests to ensure new API groups are suffixed.
Also changed the doc to reference an API group containing the suffix as a starting point for new API groups.
Automatic merge from submit-queue
Asciidoc for scheduler
Add more structure to the scheduler introduction. This diagram should be easier to maintain as we add more features.
Automatic merge from submit-queue
Add detect-master to local provider to get e2e working
Make it possible to run some e2e tests using the local provider (./hack/local-up-cluster.sh)
This will now work for tests that don't need more than one node:
export KUBERNETES_PROVIDER=local
go run hack/e2e.go -v -test --check_node_count=false --check_version_skew=false --test_args="--ginkgo.focus=Cadvisor"
Note: without this commit, the port and ip address are wrong and require the --host option (which is inconsistent with the other providers).
Automatic merge from submit-queue
Deprecate release infrastructure and doc - moved to kubernetes/release
Part 2 of https://github.com/kubernetes/release/pull/1
This PR finalizes the split between the main kubernetes repo and the release tooling now under kubernetes/release.
ref #16529
Automatic merge from submit-queue
Convert bool to error, helper func for cd to skew
Switch from various functions returning `False` when something bad happens to returning an `error`
Encapsulate logic to switch to the skew directory inside chdirSkew
Also add a TODO for using `hyphen-flags` instead of `underscore_flags`
Automatic merge from submit-queue
Move StorageClass to a storage group
We discussed the pros and cons in sig-api-machinery yesterday. Choosing a particular group name means that clients (including our internal code) require less work and re-swizzling to handle promotions between versions. Even if you choose a group you end up not liking, the amount of work remains the same as the incubator work case: you move the affected kind, resource, and storage.
This moves the `StorageClass` type to the `storage.k8s.io` group (named for consistency with authentication, authorization, rbac, and imagepolicy). There are two commits, one for manaul changes and one for generated code.
Automatic merge from submit-queue
Add go-bindata as development dependency
**What this PR does / why we need it**:
Small update in the developer notes (a go dependency was missing, which I noticed when setting up my own development environment)
**Which issue this PR fixes**:
Not applicable
**Special notes for your reviewer**:
**Release note**:
N/A
```release-note
```
Automatic merge from submit-queue
Namespace certificates API group
New API groups should follow best-practices for naming, including using DNS names within the k8s.io namespace
```release-note
The certificates API group has been renamed to certificates.k8s.io
```
Automatic merge from submit-queue
Add a multi-platform proposal
This is a proposal for the work I've done with multiarch Kubernetes. I've worked quite a lot on it and now I've written it down so others may easily use and learn from it, while at the same time pointing out issues that we should fix in the future.
I would like to get this in before `v1.3`.
Feel free to comment on it if it's something that's unclear.
@david-mcmahon @ixdy @mikedanese @Pensu @davidopp @bgrant0607 @dlorenc @eparis @vishh @thockin @dchen1107 @lavalamp
Automatic merge from submit-queue
Add get/delete cluster, delete context to kubectl config
Fixes#29794 by adding `get-clusters`, `delete-cluster` and `delete-context` actions to `kubectl config`.
Most of the contents of docs/ has moved to kubernetes.github.io.
Development of the docs and accompanying files has continued there, making
the copies in this repo stale. I've removed everything but the .md files
which remain to redirect old links. The .yaml config files in the docs
were used by some tests, these have been moved to test/fixtures/doc-yaml,
and can remain there to be used by tests or other purposes.
Automatic merge from submit-queue
Implement ExternalName in kube-dns
Part of the ongoing saga formerly known as https://github.com/kubernetes/features/issues/33
This is the prelude (first commit) in #30931, spawn into a separate PR to allow building a new kube-dns image before e2e tests (the rest of #30931) are updated.
ExternalName allows kubedns to return CNAME records for external
services. No proxying is involved.
cc @thockin
Automatic merge from submit-queue
support Azure data disk volume
This is a WIP of supporting azure data disk volume. Will add test and dynamic provisioning support once #29006 is merged
replace #25915fix#23259
@kubernetes/sig-storage
@colemickens @brendandburns
Automatic merge from submit-queue
Clarify documentation that new admission control plugin must be imported
```release-note
```
Admission control design doc doesn't mention importing the plugin to plugins.go. I was unable to get the plugin to build into my binary without it. Updated documentation to prevent future confusion.
Automatic merge from submit-queue
Add readyReplicas to replica sets
@bgrant0607 for the api changes
@bprashanth for the controllers changes
@deads2k fyi
Automatic merge from submit-queue
docs/devel: document the behavior of github UI for PRs
Documents the problem encountered in #30596
cc @bgrant0607 @thockin @roberthbailey
Automatic merge from submit-queue
Unblock iterative development on pod-level cgroups
In order to allow forward progress on this feature, it takes the commits from #28017#29049 and then it globally disables the flag that allows these features to be exercised in the kubelet. The flag can be re-added to the kubelet when its actually ready.
/cc @vishh @dubstack @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
Add Service type "ExternalName" which results in CNAME DNS
ExternalName allows kubedns to return CNAME records for external
services. No proxying is involved.
First step for https://github.com/kubernetes/features/issues/33
See original issue at
https://github.com/kubernetes/kubernetes/issues/13748
No release note yet, that will come with the kubedns change.
```release-note
NONE
```
Automatic merge from submit-queue
Add a short `-n` for `kubectl --namespace`
fixes#24078
`--namespace` is a very common flag for nearly every `kubectl` command we have. We should claim `-n` for it.
Automatic merge from submit-queue
more explictly about NoDiskConflicts policy and applicable volume types
partially clarify #29670
@kubernetes/sig-scheduling
Automatic merge from submit-queue
Incorrect branch name for git push command in development.md
the branch name is "my-feature":
### Create a branch and make changes
```sh
git checkout -b my-feature
Automatic merge from submit-queue
Quobyte Volume plugin
@quofelix and myself developed a volume plugin for [Quobyte](http://www.quobyte.com) which is a software-defined storage solution. This PR allows Kubernetes users to mount a Quobyte Volume inside their containers over Kubernetes.
Here are some further informations about [Quobyte and Storage for containers](http://www.quobyte.com/containers)
Automatic merge from submit-queue
Implement dynamic provisioning (beta) of PersistentVolumes via StorageClass
Implemented according to PR #26908. There are several patches in this PR with one huge code regen inside.
* Please review the API changes (the first patch) carefully, sometimes I don't know what the code is doing...
* `PV.Spec.Class` and `PVC.Spec.Class` is not implemented, use annotation `volume.alpha.kubernetes.io/storage-class`
* See e2e test and integration test changes - Kubernetes won't provision a thing without explicit configuration of at least one `StorageClass` instance!
* Multiple provisioning volume plugins can coexist together, e.g. HostPath and AWS EBS. This is important for Gluster and RBD provisioners in #25026
* Contradicting the proposal, `claim.Selector` and `volume.alpha.kubernetes.io/storage-class` annotation are **not** mutually exclusive. They're both used for matching existing PVs. However, only `volume.alpha.kubernetes.io/storage-class` is used for provisioning, configuration of provisioning with `Selector` is left for (near) future.
* Documentation is missing. Can please someone write some while I am out?
For now, AWS volume plugin accepts classes with these parameters:
```
kind: StorageClass
metadata:
name: slow
provisionerType: kubernetes.io/aws-ebs
provisionerParameters:
type: io1
zone: us-east-1d
iopsPerGB: 10
```
* parameters are case-insensitive
* `type`: `io1`, `gp2`, `sc1`, `st1`. See AWS docs for details
* `iopsPerGB`: only for `io1` volumes. I/O operations per second per GiB. AWS volume plugin multiplies this with size of requested volume to compute IOPS of the volume and caps it at 20 000 IOPS (maximum supported by AWS, see AWS docs).
* of course, the plugin will use some defaults when a parameter is omitted in a `StorageClass` instance (`gp2` in the same zone as in 1.3).
GCE:
```
apiVersion: extensions/v1beta1
kind: StorageClass
metadata:
name: slow
provisionerType: kubernetes.io/gce-pd
provisionerParameters:
type: pd-standard
zone: us-central1-a
```
* `type`: `pd-standard` or `pd-ssd`
* `zone`: GCE zone
* of course, the plugin will use some defaults when a parameter is omitted in a `StorageClass` instance (SSD in the same zone as in 1.3 ?).
No OpenStack/Cinder yet
@kubernetes/sig-storage
Automatic merge from submit-queue
kubelet eviction on inode exhaustion
Add support for kubelet to monitor for inode exhaustion of either image or rootfs, and in response, attempt to reclaim node level resources and/or evict pods.
Automatic merge from submit-queue
Allow setting permission mode bits on secrets, configmaps and downwardAPI files
cc @thockin @pmorie
Here is the first round to implement: https://github.com/kubernetes/kubernetes/pull/28733.
I made two commits: one with the actual change and the other with the auto-generated code. I think it's easier to review this way, but let me know if you prefer in some other way.
I haven't written any tests yet, I wanted to have a first glance and not write them till this (and the API) are more close to the "LGTM" :)
There are some things:
* I'm not sure where to do the "AND 0777". I'll try to look better in the code base, but suggestions are always welcome :)
* The write permission on group and others is not set when you do an `ls -l` on the running container. It does work with write permissions to the owner. Debugging seems to show that is something happening after this is correctly set on creation. Will look closer.
* The default permission (when the new fields are not specified) are the same that on kubernetes v1.3
* I do realize there are conflicts with master, but I think this is good enough to have a look. The conflicts is with the autog-enerated code, so the actual code is actually the same (and it takes like ~30 minutes to generate it here)
* I didn't generate the docs (`generated-docs` and `generated-swagger-docs` from `hack/update-all.sh`) because my machine runs out of mem. So that's why it isn't in this first PR, will try to investigate and see why it happens.
Other than that, this works fine here with some silly scripts I did to create a secret&configmap&downwardAPI, a pod and check the file permissions. Tested the "defaultMode" and "mode" for all. But of course, will write tests once this is looking fine :)
Thanks a lot again!
Rodrigo
Automatic merge from submit-queue
Remove incorrect docs about unset fields in NetworkPolicyPeer
While hammering out the semantics of not-present vs present-but-empty, we appear to have added incorrect clarifications to NetworkPolicyPeer, where the semantics of PodSelector not being present is supposed to be "do what NamespaceSelector" says, not "select no pods", and likewise with NamespaceSelector not being present.
I think it's clearest if we just don't say anything, since we already said "Exactly one of the following must be specified" above. Alternatively we could be redundant and say "(If not provided, then NamespaceSelector must be set.)" or something like that.
@caseydavenport @thockin
Automatic merge from submit-queue
re-organize development.md
Addresses issue #13876; reorganizes and cleans up parts of development.md; splits out the godep section for managing `vendor/` tree dependencies into a new godep.md file.
```release-note
The developer guide has been reorganized to facilitate the majority of new developers working on Kubernetes.
```
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
Automatic merge from submit-queue
Add NodeName to EndpointAddress object
Adding a new string type `nodeName` to api.EndpointAddress.
We could also do *ObjectReference to the api.Node object instead, which would be more precise for the future.
```
type ObjectReference struct {
Kind string `json:"kind,omitempty"`
Namespace string `json:"namespace,omitempty"`
Name string `json:"name,omitempty"`
UID types.UID `json:"uid,omitempty"`
APIVersion string `json:"apiVersion,omitempty"`
ResourceVersion string `json:"resourceVersion,omitempty"`
// Optional. If referring to a piece of an object instead of an entire object, this string
// should contain information to identify the sub-object. For example, if the object
// reference is to a container within a pod, this would take on a value like:
// "spec.containers{name}" (where "name" refers to the name of the container that triggered
// the event) or if no container name is specified "spec.containers[2]" (container with
// index 2 in this pod). This syntax is chosen only to have some well-defined way of
// referencing a part of an object.
// TODO: this design is not final and this field is subject to change in the future.
FieldPath string `json:"fieldPath,omitempty"`
}
```
Automatic merge from submit-queue
docs/proposal: add proposal for kubectl login
This PR updates https://github.com/kubernetes/features/issues/32 and https://github.com/kubernetes/kubernetes/pull/25758 by adding a proposal for a "kubectl login" command.
It's a bit more involved than the implementation discussed with @deads2k in #25758, by proposing a long term goal for the overall subcommand.
cc @kubernetes/sig-auth @kubernetes/kubectl
Automatic merge from submit-queue
Implement 'kubectl top' command
```release-note
Added 'kubectl top' command showing the resource usage metrics.
```
Sample output:
Nodes:
```
$ kubectl top node
NAME CPU MEMORY STORAGE TIMESTAMP
kubernetes-minion-group-xxxx 76m 1468 Mi 0 Mi Tue, 12 Jul 2016 17:37:00 +0200
kubernetes-minion-group-yyyy 73m 1511 Mi 0 Mi Tue, 12 Jul 2016 17:37:00 +0200
kubernetes-minion-group-zzzz 46m 1506 Mi 0 Mi Tue, 12 Jul 2016 17:37:00 +0200
kubernetes-master 76m 2059 Mi 0 Mi Tue, 12 Jul 2016 17:37:00 +0200
```
Pods in all namespaces:
```
$ kubectl top pod --all-namespaces
NAMESPACE NAME CPU MEMORY STORAGE TIMESTAMP
default nginx-1111111111-zzzzz 0m 1 Mi 0 Mi Tue, 12 Jul 2016 17:49:00 +0200
kube-system etcd-server-kubernetes-master 4m 116 Mi 0 Mi Tue, 12 Jul 2016 17:49:00 +0200
kube-system fluentd-cloud-logging-kubernetes-minion-group-xxxx 14m 110 Mi 0 Mi Tue, 12 Jul 2016 17:49:00 +0200
kube-system kube-dns-v18-zzzzz 1m 6 Mi 0 Mi Tue, 12 Jul 2016 17:49:00 +0200
...
```
Pod with containers:
```
$ kubectl top pod heapster-v1.1.0-1111111111-miail --namespace=kube-system --containers
NAMESPACE NAME CPU MEMORY STORAGE TIMESTAMP
kube-system heapster-v1.1.0-1111111111-miail 1m 42 Mi 0 Mi Tue, 12 Jul 2016 17:52:00 +0200
heapster 1m 26 Mi 0 Mi
eventer 0m 3 Mi 0 Mi
heapster-nanny 0m 6 Mi 0 Mi
eventer-nanny 0m 6 Mi 0 Mi
```
ref #11382
[]()
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/28844)
<!-- Reviewable:end -->
Automatic merge from submit-queue
component feature config proposal
This adds a proposal for a simple mechanism to pass runtime config to kube system components. Motivation is to have a consistent way to toggle new features that are not tied to an API group. Feedback appreciated
@mikedanese @lavalamp @kubernetes/sig-api-machinery @kubernetes/sig-cluster-lifecycle @kubernetes/sig-node
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/30003)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Add service and deployment create sub-commands to kubectl
```release-note
Added new commands kubectl create service & kubectl create deployment
```
Partial #25382
Automatic merge from submit-queue
Allow expressing inodes in percentages for eviction
Per discussion here:
https://github.com/kubernetes/kubernetes/pull/28055#issuecomment-230078770
The amount of inodes per disk can vary, and our operators would prefer to express eviction in terms of percentage available. So independent of a disk having 3.2M or 12M of total inodes, its more convenient to just express eviction as saying if available inodes falls below 10 or 5 percent of total capacity then trigger an action.
/cc @vishh @ronnielai @kubernetes/rh-cluster-infra @twiest @kubernetes/sig-node
Automatic merge from submit-queue
docs: Detail possible transitions in CRI
Right now the document doesn't make it clear that transitions are unidirectional and a exited container won't be restarted, but replaced by a fresh copy.
cc @yujuhong @feiskyer @kubernetes/sig-node
Automatic merge from submit-queue
Fix Incorrect response model for pods/{name}/log
The swagger spec for pods/{name}/log does not include
"text/plain" as a possible content-type for the the response.
So we implement ProducesMIMETypes to make sure "text/plain"
gets added to the default list ot content-types.
the v1.json was generated by running:
hack/update-generated-swagger-docs.sh;./hack/update-swagger-spec.sh;
Automatic merge from submit-queue
Update the Pod Resource Management Proposal with Implementation status
This is tied to the upstream issue #27204 for adding pod level cgroups into Kubernetes.
@vishh @derekwaynecarr @Random-Liu PTAL.
The swagger spec for pods/{name}/log does not include
"text/plain" as a possible content-type for the the response.
So we implement ProducesMIMETypes to make sure "text/plain"
gets added to the default list ot content-types.
the v1.json was generated by running:
hack/update-generated-swagger-docs.sh;./hack/update-swagger-spec.sh;
Fixes#14071
Automatic merge from submit-queue
Replace with explicit kubernetes fork path
At other place in development.md, explicit kubernetes fork path has been existed:
mkdir -p $GOPATH/src/k8s.io
cd $GOPATH/src/k8s.io
# Replace "$YOUR_GITHUB_USERNAME" below with your github username
git clone https://github.com/$YOUR_GITHUB_USERNAME/kubernetes.git
the following is easy to be confused and can be replaced with same description:
git clone https://path/to/your/fork .
Automatic merge from submit-queue
Modify some detail information in contributing workflow
"Compare and pull request" is "Compare & pull request" actually.
Automatic merge from submit-queue
Move non-Minikube local cluster guides from docs repo to kubernetes d…
Move the local cluster docs out of the docs repo. Keeping them around since they may be used by some folks for development.
Automatic merge from submit-queue
Update the AppArmor design proposal
3 modifications to the original AppArmor design proposal:
1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.
/cc @bgrant0607 @erictune @pmorie @pweil-
Automatic merge from submit-queue
Validate list objects when building scheme
The first commit is #29468. This PR is a followup.
Modified the description of **List** in api-convention.md to:
`The name of a list kind must end with "List". Lists have a limited set of common metadata. All lists use the required "items" field to contain the array of objects they return. Any kind that has the "items" field must be a list kind.`
Also added code to enforce the above rules during scheme registration.
@kubernetes/sig-api-machinery @bgrant0607 @erictune @lavalamp @smarterclayton
Automatic merge from submit-queue
change the relative links to definition in operations.html
...to satisfy the new directory layout in the kubernetes.io.
This will make the manual changes in https://github.com/kubernetes/kubernetes.github.io/pull/369 persist.
I still need to bump up the gcr.io/google_containers/gen-swagger-docs image version. I'll do that after I get LGTM here.
cc @bgrant0607 @xiangpengzhao
Automatic merge from submit-queue
Node E2E: Make node e2e parallel
For https://github.com/kubernetes/kubernetes/issues/29081.
Fix https://github.com/kubernetes/kubernetes/issues/26215.
Based on https://github.com/kubernetes/kubernetes/pull/28807, https://github.com/kubernetes/kubernetes/pull/29020, will rebase after they are merged.
**Only the last commit is new.**
We are going to move more tests into the node e2e test. However, currently node e2e test only run sequentially, the test duration will increase quickly when we add more test.
This PR makes the node e2e test run in parallel so as to shorten test duration, so that we can add more test to improve the test coverage.
* If you run the test locally with `make test-e2e-node`, it will use `-p` ginkgo flag, which uses `(cores-1)` parallel test nodes by default.
* If you run the test remotely or in the Jenkin, the parallelism will be controlled by the environment variable `PARALLELISM`. The default value is `8`, which is reasonable for our test node (n1-standard-1).
Before this PR, it took **833.592s** to run all test on my desktop.
With this PR, it only takes **234.058s** to run.
The pull request node e2e run with this PR takes **232.327s**.
The pull request node e2e run for other PRs takes **673.810s**.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Add API for StorageClasses
This is the API objects only required for dynamic provisioning picked apart from the controller logic.
Entire feature is here: https://github.com/kubernetes/kubernetes/pull/29006
Automatic merge from submit-queue
Initial support for pod eviction based on disk
This PR adds the following:
1. node reports disk pressure condition based on configured thresholds
1. scheduler does not place pods on nodes reporting disk pressure
1. kubelet will not admit any pod when it reports disk pressure
1. kubelet ranks pods for eviction when low on disk
1. kubelet evicts greediest pod
Follow-on PRs will need to handle:
1. integrate with new image gc PR (https://github.com/kubernetes/kubernetes/pull/27199)
1. container gc policy should always run (will not be launched from eviction, tbd who does that)
1. this means kill pod is fine for all eviction code paths since container gc will remove dead container
1. min reclaim support will just poll summary provider (derek will do follow-on)
1. need to know if imagefs is same device as rootfs from summary (derek follow-on)
/cc @vishh @kubernetes/sig-node
Automatic merge from submit-queue
remove the omitempty tag from CertificateSigningRequestList.Items
As a general rule, `Items` should be a required field in all lists. In a followup PR, I'll update the api-convention.md and add a check in the schema registration path to enforce the rule. I need to fix this bug to unblock other work.
@kubernetes/api-review-team cc @bgrant0607-cc
Automatic merge from submit-queue
Add support for kubectl create quota command
Follow-up of https://github.com/kubernetes/kubernetes/pull/19625
```
Create a resourcequota with the specified name, hard limits and optional scopes
Usage:
kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=bool] [flags]
Aliases:
quota, q
Examples:
// Create a new resourcequota named my-quota
$ kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
// Create a new resourcequota named best-effort
$ kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort
```
Automatic merge from submit-queue
Redirect the website to new location in gpu-support.md
The website has been changed, should be redirected to new one.
Automatic merge from submit-queue
Give the complete and correct path to client/kubectl/apiserver related
for client/kubectl, “client/unversioned","kubectl/describe.go","kubectl/stop.go", it is not easy to find the location, better add "pkg/".
for apiserver, "registry/daemon", also better add "pkg/", and daemon not exists, should be "daemonset".
Automatic merge from submit-queue
Update proposed flag names for kubelet eviction
This PR changes the flag names proposed in kubelet eviction for minimum amount of resource to reclaim when triggering an eviction.
This captures the design change proposed and agreed to in #27199
Having it in a separate PR removes noise from reviewing the core PR.
/cc @vishh @ronnielai PTAL
Automatic merge from submit-queue
Flannel doc description cidr modify
File "docs\proposals\flannel-integration.md", line 123, "node controller backs off cidr allocation", here cidr is not easy to understand, can be modified to CIDR.
Automatic merge from submit-queue
adds source debug build options
See issue & discussion here: #28227
Enables source debugging the Kubernetes binaries with tools like delve by providing the user with the ability to provide debug build options to the glang compiler.
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
Automatic merge from submit-queue
"server.go" directory error
In file "docs\devel\profiling.md", line 55:
"In 'pkg/master/server/server.go' more servers are created“
Here server.go directory is wrong, should be :pkg/kubelet/server/server.go
Automatic merge from submit-queue
Proposal for ControllerReference
Proposal for including the reference pointing to the owning "collection" (controller) for objects that can be grouped. The goal is to prevent a situation when two controllers are fighting over some resources.
cc @bgrant0607 @lavalamp @caesarxuchao @davidopp @fgrzadkowski @wojtek-t @kubernetes/sig-api-machinery
Automatic merge from submit-queue
Add proposal for service externalName
This is a proposal to address: #13748.
@smarterclayton @ncdc @thockin. Please check this out when you have time, hopefully this is okay :-D
I created the proposal because was unsure if the feature would be able to go in if there isn't a proposal already merged, because of this mail to kubernetes-pm: https://groups.google.com/forum/#!topic/kubernetes-pm/Ki63EztfZMo.
So, IIUC it would be nice to have the proposal merged ASAP (I think the interface looks ok for all, so hopefully this will be easy) so we can have this feature in 1.4 as you guys ( @smarterclayton @ncdc ) need.
Automatic merge from submit-queue
Both the file name and directory of fake docker manager are wrong
In file "docs/devel/kubemark-guide.md b/docs/devel/kubemark-guide.md", line 232
"manager with `pkg/kubelet/fake-docker-manager.go`"
here both the name and directory of fake docker manger are wrong, it should be "pkg/kubelet/dockertools/fake_manager.go".
Automatic merge from submit-queue
File "cluster/kube-env.sh" not exist
In file "docs/devel/developer-guides/vagrant.md", line 281:
"your environment in `cluster/kube-env.sh`:"
Here file "cluster/kube-env.sh" not exist.
Automatic merge from submit-queue
The directory of file "request.go" has been changed, need to modify
In file "docs/devel/api_changes.md", line 402:
"library](../../pkg/client/unversioned/request.go) has custom conversion code for"
Here the directory of request.go "pkg/client/unversioned" has been changed to "pkg/client/restclient", need to modify.
Automatic merge from submit-queue
Add proposal for secret and configmap files mode bits
This is a proposal to address https://github.com/kubernetes/kubernetes/issues/28317.
cc @pmorie (owner) @thockin
@thockin: Sorry if you preferred not to be CCed, I thougth you'd be interested :-)
I think this is always the case, but let me say it one more time just in case: as this is a PR, ALL the feedback is more than welcome!
It's my first time in kubernetes, so sorry in advance if this is obviously wrong. What I realize now is that I forgot to add the headers to the proposal. Is there some script to add them? Or should I just c&p from some other proposal?
Thanks a lot,
Rodrigo
Automatic merge from submit-queue
Doc referrence "container-id" incorrect
File "docs\proposals\disk-accounting.md", line 154, "Everything under `/var/lib/docker/overlay/<container-id>` are files required for running the container", here "container-id" is incorrect because files under "/var/lib/docker/overlay" are layer files, and "container-id" should be "id" thus consistent with line 148 "Image layers and writable layers are stored under `/var/lib/docker/overlay/<id>`".
This allows us to start building real dependencies into Makefile.
Leave old hack/* scripts in place but advise to use 'make'. There are a few
rules that call things like 'go run' or 'build/*' that I left as-is for now.
Automatic merge from submit-queue
Fix some errors in the e2e doc and make it more consistent
- "--tests" is not a valid argument
- use --ginko-skip to exclude (not focus)
- add "--check_node_count=false" to test against local cluster
- always use "--" for long args (there was a mix of "-" and "--" and it was a bit confusing)
Automatic merge from submit-queue
Deprecate the term "Ubernetes"
Deprecate the term "Ubernetes" in favor of "Cluster Federation" and "Multi-AZ Clusters"
Automatic merge from submit-queue
Allow specifying base location for test etcd data
Allows controlling where etcd test data goes. Needed in some environments (like AWS/EBS) to allow putting etcd data on a higher performing volume than /tmp
Search and replace for references to moved examples
Reverted find and replace paths on auto gen docs
Reverting changes to changelog
Fix bugs in test-cmd.sh
Fixed path in examples README
ran update-all successfully
Updated verify-flags exceptions to include renamed files
- "--tests" is not a valid argument
- use --ginko-skip to exclude (not focus)
- add "--check_node_count=false" to test against local cluster
- always use "--" for long args (there was a mix of "-" and "--" and it was a bit confusing)
Automatic merge from submit-queue
Enable extensions/v1beta1/NetworkPolicy by default
Fixes https://github.com/kubernetes/kubernetes/issues/28401
For some reason this also triggered an update to the swagger spec (which apparently hadn't been done before but wasn't failing validation...)
This drives conversion generation from file tags like:
// +conversion-gen=k8s.io/my/internal/version
.. rather than hardcoded lists of packages.
The only net change in generated code can be explained as correct. Previously
it didn't know that conversion was available.
Automatic merge from submit-queue
Prep for not checking in generated, part 1/2
This PR is extracted from #25978 - it is just the deep-copy related parts. All the Makefile and conversion stuff is excluded.
@wojtek-t this is literally branched, a bunch of commits deleted, and a very small number of manual fixups applied. If you think this is easier to review (and if it passes CI) you can feel free to go over it again. I will follow this with a conversion-related PR to build on this.
Or if you prefer, just close this and let the mega-PR ride.
@lavalamp
This is the last piece of Clayton's #26179 to be implemented with file tags.
All diffs are accounted for. Followup will use this to streamline some
packages.
Also add some V(5) debugging - it was helpful in diagnosing various issues, it
may be helpful again.
This drives most of the logic of deep-copy generation from tags like:
// +deepcopy-gen=package
..rather than hardcoded lists of packages. This will make it possible to
subsequently generate code ONLY for packages that need it *right now*, rather
than all of them always.
Also remove pkgs that really do not need deep-copies (no symbols used
anywhere).
Automatic merge from submit-queue
Represent unversioned.Time correctly in swagger spec
unversioned.Time previously represented as "string" type with no format while the correct representation should also have "date-time" as format. fixes#2968
Automatic merge from submit-queue
delete the redundant word "a"
In file docs/reporting-security-issues.md, line #37, "If you believe you have discovered a vulnerability or a have a security incident to report", here the second "a" is redundant, should be deleted.
Automatic merge from submit-queue
"Mover" should be "Moreover"
In file docs/proposals/apiserver-watch.md, line #108, "Mover, this will not require any changes in other parts of the code.", here "Mover" should be "Moreover".
This commit includes a proposal and a Go file to re-define the container
runtime interface.
Note that this is an experimental interface and is expected to go through
multiple revisions once developers start implementing against it. As stated in
the proposal, there are also individual issues to carry discussions of
specific features.
Automatic merge from submit-queue
Remove comment about empty selectors in the service spec
As discussed, removing the comment about empty selectors in Service specs.
Automatic merge from submit-queue
TLS bootstrap API group (alpha)
This PR only covers the new types and related client/storage code- the vast majority of the line count is codegen. The implementation differs slightly from the current proposal document based on discussions in design thread (#20439). The controller logic and kubelet support mentioned in the proposal are forthcoming in separate requests.
I submit that #18762 ("Creating a new API group is really hard") is, if anything, understating it. I've tried to structure the commits to illustrate the process.
@mikedanese @erictune @smarterclayton @deads2k
```release-note-experimental
An alpha implementation of the the TLS bootstrap API described in docs/proposals/kubelet-tls-bootstrap.md.
```
[]()
Automatic merge from submit-queue
Dedent
Adding the dedent package and then applying it to the kubectl help commands. Also updating the documentation to reflect the use of dedent.
Automatic merge from submit-queue
to remove workflow proposal
@erictune @brendanburns
I think workflow proposal should be removed now. If you have a specific plan to remove it disregard this.
Automatic merge from submit-queue
Allow conformance tests to run on non-GCE providers
fixes https://github.com/kubernetes/kubernetes/issues/26869
Creates a skeleton provider which has all the required function stubs -- but will allow a previously set "skeleton" KUBERNETES_PROVIDER to not be overriden with "gce".
Automatic merge from submit-queue
Kubelet Volume Manager Wait For Attach Detach Controller and Backoff on Error
* Closes https://github.com/kubernetes/kubernetes/issues/27483
* Modified Attach/Detach controller to report `Node.Status.AttachedVolumes` on successful attach (unique volume name along with device path).
* Modified Kubelet Volume Manager wait for Attach/Detach controller to report success before proceeding with attach.
* Closes https://github.com/kubernetes/kubernetes/issues/27492
* Implemented an exponential backoff mechanism for for volume manager and attach/detach controller to prevent operations (attach/detach/mount/unmount/wait for controller attach/etc) from executing back to back unchecked.
* Closes https://github.com/kubernetes/kubernetes/issues/26679
* Modified volume `Attacher.WaitForAttach()` methods to uses the device path reported by the Attach/Detach controller in `Node.Status.AttachedVolumes` instead of calling out to cloud providers.
This commit adds a new volume manager in kubelet that synchronizes
volume mount/unmount (and attach/detach, if attach/detach controller
is not enabled).
This eliminates the race conditions between the pod creation loop
and the orphaned volumes loops. It also removes the unmount/detach
from the `syncPod()` path so volume clean up never blocks the
`syncPod` loop.
Also includes other improvements:
- Makefile rule to run tests against remote instance using existing host or image
- Makefile will reuse an instance created from an image if it was not torn down
- Runner starts gce instances in parallel with building source
- Runner uses instance ip instead of hostname so that it doesn't need to resolve
- Runner supports cleaning up files and processes on an instance without stopping / deleting it
- Runner runs tests using `ginkgo` binary to support running tests in parallel
Automatic merge from submit-queue
Add the criteria for including new APIs
@bgrant0607 @smarterclayton @davidopp @thockin @jbeda
As discussed in community meeting today.
Double slashes are not allowed in annotation keys. Moreover, using the 63
characters of the name component in an annotation key will shorted the space
for the container name.
This PR contains Kubelet changes to enable attach/detach controller control.
* It introduces a new "enable-controller-attach-detach" kubelet flag to
enable control by controller. Default enabled.
* It removes all references "SafeToDetach" annoation from controller.
* It adds the new VolumesInUse field to the Node Status API object.
* It modifies the controller to use VolumesInUse instead of SafeToDetach
annotation to gate detachment.
* There is a bug in node-problem-detector that causes VolumesInUse to
get reset every 30 seconds. Issue https://github.com/kubernetes/node-problem-detector/issues/9
opened to fix that.
Automatic merge from submit-queue
federation: Update the list of supported admission controls
Ref https://github.com/kubernetes/kubernetes/pull/26298#issuecomment-221697124
In 1.3, we are going to support only AlwaysAdmit and AlwaysDeny admission controls.
Updating the documentation accordingly.
@kubernetes/sig-cluster-federation
Automatic merge from submit-queue
Switch DNS addons from skydns to kubedns
Change GCI and trusty cluster-helper scripts to use kubedns instead of skydns.
Unified skydns templates using a simple underscore based template and
added transform sed scripts to transform into salt and sed yaml
templates
Moved all content out of cluster/addons/dns into build/kube-dns and
saltbase/salt/kube-dns
Automatic merge from submit-queue
Reduce volume controller sync period
fixes#24236 and most probably also fixes#25294.
Needs #25881! With the cache, binder is not affected by sync period. Without the cache, binding of 1000 PVCs takes more than 5 minutes (instead of ~70 seconds).
15 seconds were chosen by fair 2d10 roll :-)
Automatic merge from submit-queue
kube-controller-manager: Add configure-cloud-routes option
This allows kube-controller-manager to allocate CIDRs to nodes (with
allocate-node-cidrs=true), but will not try to configure them on the
cloud provider, even if the cloud provider supports Routes.
The default is configure-cloud-routes=true, and it will only try to
configure routes if allocate-node-cidrs is also configured, so the
default behaviour is unchanged.
This is useful because on AWS the cloud provider configures routes by
setting up VPC routing table entries, but there is a limit of 50
entries. So setting configure-cloud-routes on AWS would allow us to
continue to allocate node CIDRs as today, but replace the VPC
route-table mechanism with something not limited to 50 nodes.
We can't just turn off the cloud-provider entirely because it also
controls other things - node discovery, load balancer creation etc.
Fix#25602
Automatic merge from submit-queue
Expose GET and PATCH for status subresource
We can do this for other status subresource. I only updated node/status in this PR to unblock https://github.com/kubernetes/node-problem-detector/issues/9.
cc @Random-Liu @lavalamp
This allows kube-controller-manager to allocate CIDRs to nodes (with
allocate-node-cidrs=true), but will not try to configure them on the
cloud provider, even if the cloud provider supports Routes.
The default is configure-cloud-routes=true, and it will only try to
configure routes if allocate-node-cidrs is also configured, so the
default behaviour is unchanged.
This is useful because on AWS the cloud provider configures routes by
setting up VPC routing table entries, but there is a limit of 50
entries. So setting configure-cloud-routes on AWS would allow us to
continue to allocate node CIDRs as today, but replace the VPC
route-table mechanism with something not limited to 50 nodes.
We can't just turn off the cloud-provider entirely because it also
controls other things - node discovery, load balancer creation etc.
Fix#25602
Automatic merge from submit-queue
Attach Detach Controller Business Logic
This PR adds the meat of the attach/detach controller proposed in #20262.
The PR splits the in-memory cache into a desired and actual state of the world.
Automatic merge from submit-queue
Downward API implementation for resources limits and requests
This is an implementation of Downward API for resources limits and requests, and it works with environment variables and volume plugin.
This is based on proposal https://github.com/kubernetes/kubernetes/pull/24051. This implementation follows API with magic keys approach as discussed in the proposal.
@kubernetes/rh-cluster-infra
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/24179)
<!-- Reviewable:end -->
Split controller cache into actual and desired state of world.
Controller will only operate on volumes scheduled to nodes that
have the "volumes.kubernetes.io/controller-managed-attach" annotation.
Automatic merge from submit-queue
Add a 'kubectl clusterinfo dump' option
Ref: #3500
@bgrant0607 @smarterclayton @jszczepkowski
Usage:
```
# Dump current cluster state to stdout
kubectl clusterinfo dump
# Dump current cluster state to /tmp
kubectl clusterinfo dump --output-directory=/tmp
# Dump all namespaces to stdout
kubectl clusterinfo dump --all-namespaces
# Dump a set of namespaces to /tmp
kubectl clusterinfo dump --namespaces default,kube-system --output-directory=/tmp
```
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/20672)
<!-- Reviewable:end -->
Automatic merge from submit-queue
remove ConfigMap example from GC proposal
We need more thoughts on the design. Remove it to avoid causing confusion.
@derekwaynecarr @lavalamp
Automatic merge from submit-queue
Proposal: persistent volume selector
Partially replaces #17056. Another proposal will follow dealing with dynamic provisioning on top of storage classes.
@kubernetes/sig-storage
Automatic merge from submit-queue
vSphere Volume Plugin Implementation
This PR implements vSphere Volume plugin support in Kubernetes (ref. issue #23932).
Automatic merge from submit-queue
Introduce node memory pressure condition to scheduler
Following the work done by @derekwaynecarr at https://github.com/kubernetes/kubernetes/pull/21274, introducing memory pressure predicate for scheduler.
Missing:
* write down unit-test
* test the implementation
At the moment this is a heads up for further discussion how the new node's memory pressure condition should be handled in the generic scheduler.
**Additional info**
* Based on [1], only best effort pods are subject to filtering.
* Based on [2], best effort pods are those pods "iff requests & limits are not specified for any resource across all containers".
[1] 542668cc79/docs/proposals/kubelet-eviction.md (scheduler)
[2] https://github.com/kubernetes/kubernetes/pull/14943
Automatic merge from submit-queue
Use protobufs by default to communicate with apiserver (still store JSONs in etcd)
@lavalamp @kubernetes/sig-api-machinery
Automatic merge from submit-queue
Cache Webhook Authentication responses
Add a simple LRU cache w/ 2 minute TTL to the webhook authenticator.
Kubectl is a little spammy, w/ >= 4 API requests per command. This also prevents a single unauthenticated user from being able to DOS the remote authenticator.
Automatic merge from submit-queue
Extend secrets volumes with path control
As per [1] this PR extends secrets mapped into volume with:
* key-to-path mapping the same way as is for configmap. E.g.
```
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "mypod",
"namespace": "default"
},
"spec": {
"containers": [{
"name": "mypod",
"image": "redis",
"volumeMounts": [{
"name": "foo",
"mountPath": "/etc/foo",
"readOnly": true
}]
}],
"volumes": [{
"name": "foo",
"secret": {
"secretName": "mysecret",
"items": [{
"key": "username",
"path": "my-username"
}]
}
}]
}
}
```
Here the ``spec.volumes[0].secret.items`` added changing original target ``/etc/foo/username`` to ``/etc/foo/my-username``.
* secondly, refactoring ``pkg/volumes/secrets/secrets.go`` volume plugin to use ``AtomicWritter`` to project a secret into file.
[1] https://github.com/kubernetes/kubernetes/blob/master/docs/design/configmap.md#changes-to-secret
Automatic merge from submit-queue
Updaing QoS policy to be at the pod level
Quality of Service will be derived from an entire Pod Spec, instead of being derived from resource specifications of individual resources per-container.
A Pod is `Guaranteed` iff all its containers have limits == requests for all the first-class resources (cpu, memory as of now).
A Pod is `BestEffort` iff requests & limits are not specified for any resource across all containers.
A Pod is `Burstable` otherwise.
Note: Existing pods might be more susceptible to OOM Kills on the node due to this PR! To protect pods from being OOM killed on the node, set `limits` for all resources across all containers in a pod.
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/14943)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Update AWS under the hood doc with ELB SSL annotations
Document #23495. No e2e tests or release notes needed (the other PR is already in the release docs).
Automatic merge from submit-queue
add CIDR allocator for NodeController
This PR:
* use pkg/controller/framework to watch nodes and reduce lists when allocate CIDR for node
* decouple the cidr allocation logic from monitoring status logic
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/19242)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Add 'kubectl set image'
```release-note
Add "kubectl set image" for easier updating container images (for pods or resources with pod templates).
```
**Usage:**
```
kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
```
**Example:**
```console
# Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
$ kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1
# Update all deployments' nginx container's image to 'nginx:1.9.1'
$ kubectl set image deployments nginx=nginx:1.9.1 --all
# Update image of all containers of daemonset abc to 'nginx:1.9.1'
$ kubectl set image daemonset abc *=nginx:1.9.1
# Print result (in yaml format) of updating nginx container image from local file, without hitting the server
$ kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
```
I abandoned the `--container=xxx --image=xxx` flags in the [deploy proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/deploy.md#kubectl-set) since it's much easier to use with just KEY=VALUE (CONTAINER_NAME=CONTAINER_IMAGE) pairs.
Ref #21648
@kubernetes/kubectl @bgrant0607 @kubernetes/sig-config
[]()
Automatic merge from submit-queue
systemd node spec proposal
The following outlines changes that I want to make to the ```kubelet``` in order to better integrate with ```systemd``` systems, and to better isolate containers in their own ```cgroup``` based on the qos tier.
I think this is a precursor to getting more intelligent low compute resource eviction.
/cc @smarterclayton @ncdc @pmorie @dchen1107 @vishh @bgrant0607
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/17688)
<!-- Reviewable:end -->
This patch adds the --exit-on-lock-contention flag, which must be used
in conjunction with the --lock-file flag. When provided, it causes the
kubelet to wait for inotify events for that lock file. When an 'open'
event is received, the kubelet will exit.
Automatic merge from submit-queue
Add init containers to pods
This implements #1589 as per proposal #23666
Incorporates feedback on #1589, creates parallel structure for InitContainers and Containers, adds validation for InitContainers that requires name uniqueness, and comments on a number of implications of init containers.
This is a complete alpha implementation.
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/23567)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Automatically add node labels beta.kubernetes.io/{os,arch}
Proposal: #17981
As discussed in #22623:
> @davidopp: #9044 says cloud provider but can also cover platform stuff.
Adds a label `beta.kubernetes.io/platform` to `kubelet` that informs about the os/arch it's running on.
Makes it easy to specify `nodeSelectors` for different arches in multi-arch clusters.
```console
$ kubectl get no --show-labels
NAME STATUS AGE LABELS
127.0.0.1 Ready 1m beta.kubernetes.io/platform=linux-amd64,kubernetes.io/hostname=127.0.0.1
$ kubectl describe no
Name: 127.0.0.1
Labels: beta.kubernetes.io/platform=linux-amd64,kubernetes.io/hostname=127.0.0.1
CreationTimestamp: Thu, 31 Mar 2016 20:39:15 +0300
```
@davidopp @vishh @fgrzadkowski @thockin @wojtek-t @ixdy @bgrant0607 @dchen1107 @preillyme
Automatic merge from submit-queue
Add eviction-pressure-transitition-period flag to kubelet
This PR does the following:
* add the new flag to control how often a node will go out of memory pressure or disk pressure conditions see: https://github.com/kubernetes/kubernetes/pull/25282
* pass an `eviction.Config` into `kubelet` so we can group config
/cc @vishh
Automatic merge from submit-queue
WIP v0 NVIDIA GPU support
```release-note
* Alpha support for scheduling pods on machines with NVIDIA GPUs whose kubelets use the `--experimental-nvidia-gpus` flag, using the alpha.kubernetes.io/nvidia-gpu resource
```
Implements part of #24071 for #23587
I am not familiar with the scheduler enough to know what to do with the scores. Mostly punting for now.
Missing items from the implementation plan: limitranger, rkt support, kubectl
support and docs
cc @erictune @davidopp @dchen1107 @vishh @Hui-Zhi @gopinatht
Automatic merge from submit-queue
Webhook Token Authenticator
Add a webhook token authenticator plugin to allow a remote service to make authentication decisions.
Minhan Xia
