Automatic merge from submit-queue
make: allow overriding quick-release opts
Prior to this change, `make quick-release KUBE_RELEASE_RUN_TESTS=y`
would still not run the tests. This change makes it so such overriding
works.
It also specifies the options as variables, which helps some shells with
tab-completion.
Finally, I plan to add a new "quick-release" option that not everyone will want on in #35249 (`RELEASE_HYPERKUBE_ONLY`), and this sets the needed groundwork to make such an "opt-in for quickness" flag possible.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41756, 36344, 34259, 40843, 41526)
add swagger ui in local cluster
use `ENABLE_SWAGGER_UI=true hack/local-up-cluster.sh`
Automatic merge from submit-queue (batch tested with PRs 41756, 36344, 34259, 40843, 41526)
Update Photon Controller cloud provider for authentication support
Resolve Issue: [#40755](https://github.com/kubernetes/kubernetes/issues/40755)
1. Update the configuration file for Photon Controller cloud provider
2. Only master nodes can communicate with Photon Controller endpoint
3. Enable support for authentication-enabled Photon Controller endpoint
4. Update NodeAddresses function for query from local node
New format of photon controller config file:
```
[Global]
target = https://[LOAD_BALANCER_IP]:443
project = [PROJECT ID]
overrideIP = true
vmID = [LOCAL VM ID]
authentication = true
```
This config file will be automatically created by Photon Controller cluster management.
If authentication file is set to true, then a pc_login_info file should be placed under /etc/kubernetes with username and password.
This file can be created by user directly.
Or the user can choose to use kubernetes secret and a handling pod to avoid directly login to master nodes. This usage will be available with Photon Controller 1.2.
This is a temporary solution before metadata service becomes available in Photon Controller.
Automatic merge from submit-queue (batch tested with PRs 41756, 36344, 34259, 40843, 41526)
add InternalDNS/ExternalDNS node address types
This PR adds internal/external DNS names to the types of NodeAddresses that can be reported by the kubelet.
will spawn follow up issues for cloud provider owners to include these when possible
```release-note
Nodes can now report two additional address types in their status: InternalDNS and ExternalDNS. The apiserver can use `--kubelet-preferred-address-types` to give priority to the type of address it uses to reach nodes.
```
Automatic merge from submit-queue (batch tested with PRs 41756, 36344, 34259, 40843, 41526)
Migrate rackspace/gophercloud -> gophercloud/gophercloud
`gophercloud` is the go library we use to interact with openstack. It has recently been renamed and incorporated a number of breaking code cleanups. This change migrates the Kubernetes openstack code (openstack provider, keystone auth, cinder volumes) to the new library.
Fixes#30404
```release-note
The openstack cloud provider config no longer supports the deprecated `api-key` option.
```
Note this PR doesn't change the rackspace provider. It uses some rackspace-specific APIs and continues to use the older rackspace/gophercloud library.
Automatic merge from submit-queue
Revert "first steps to adding kubelet option to enable debugger mode, next steps is to included a warning message."
This reverts commit d3b2708ae8.
Kubelet already defaults to enabling debug handlers. I don't think we want to surface every possible option in local-up-cluster.sh
Automatic merge from submit-queue
Docs updated for CLI deprecations
**What this PR does / why we need it**: Fixed docs
**Release note**: NONE
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 41421, 41440, 36765, 41722)
Use watch param instead of deprecated /watch/ prefix
Switches clients to use watch param instead of /watch/ prefix
```release-note
Clients now use the `?watch=true` parameter to make watch API calls, instead of the `/watch/` path prefix
```
Automatic merge from submit-queue (batch tested with PRs 41421, 41440, 36765, 41722)
ResourceQuota ability to support default limited resources
Add support for the ability to configure the quota system to identify specific resources that are limited by default. A limited resource means its consumption is denied absent a covering quota. This is in contrast to the current behavior where consumption is unlimited absent a covering quota. Intended use case is to allow operators to restrict consumption of high-cost resources by default.
Example configuration:
**admission-control-config-file.yaml**
```
apiVersion: apiserver.k8s.io/v1alpha1
kind: AdmissionConfiguration
plugins:
- name: "ResourceQuota"
configuration:
apiVersion: resourcequota.admission.k8s.io/v1alpha1
kind: Configuration
limitedResources:
- resource: pods
matchContains:
- pods
- requests.cpu
- resource: persistentvolumeclaims
matchContains:
- .storageclass.storage.k8s.io/requests.storage
```
In the above configuration, if a namespace lacked a quota for any of the following:
* cpu
* any pvc associated with particular storage class
The attempt to consume the resource is denied with a message stating the user has insufficient quota for the matching resources.
```
$ kubectl create -f pvc-gold.yaml
Error from server: error when creating "pvc-gold.yaml": insufficient quota to consume: gold.storageclass.storage.k8s.io/requests.storage
$ kubectl create quota quota --hard=gold.storageclass.storage.k8s.io/requests.storage=10Gi
$ kubectl create -f pvc-gold.yaml
... created
```
Automatic merge from submit-queue (batch tested with PRs 41421, 41440, 36765, 41722)
local-up-cluster, allow debug option to kubelet
**What this PR does / why we need it**: Allows for kubelet to start in debug mode.
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Support PATCH operation in root proxy
Not sure if we want to continue to expand the root proxy capabilities, but if we do, this fixes#40383
Automatic merge from submit-queue
Fix kubemark default e2e test suite's name
Seems like the suite "[Feature:performance]" doesn't trigger tests anymore. Changed it to "[Feature:Performance]" in kubemark run-e2e-tests.sh.
cc @wojtek-t @gmarek
Automatic merge from submit-queue
Make controller-manager resilient to stale serviceaccount tokens
Now that the controller manager is spinning up controller loops using service accounts, we need to be more proactive in making sure the clients will actually work.
Future additional work:
* make a controller that reaps invalid service account tokens (c.f. https://github.com/kubernetes/kubernetes/issues/20165)
* allow updating the client held by a controller with a new token while the controller is running (c.f. https://github.com/kubernetes/kubernetes/issues/4672)
Automatic merge from submit-queue
Defaulting client certs owner to current user if not speicified
**What this PR does / why we need it**:
Defaulting client certs owner to current user if not speicified.
**Which issue this PR fixes**
Fixes#41560.
**Release note**:
```release-note
NONE
```
cc/ @sttts @liggitt
Automatic merge from submit-queue
Adjust nodiskconflict support based on iscsi multipath.
With the multipath support is in place, to declare whether both iscsi disks are same, we need to only depend on IQN.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue
Convert HPA controller to support HPA v2 mechanics
This PR converts the HPA controller to support the mechanics from HPA v2.
The HPA controller continues to make use of the HPA v1 client, but utilizes
the conversion logic to work with autoscaling/v2alpha1 objects internally.
It is the follow-up PR to #36033 and part of kubernetes/features#117.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Improved code coverage for plugin/pkg/scheduler/algorithm/priorities…
…/most_requested.go
**What this PR does / why we need it**:
Part of #39559 , code coverage improved from 70+% to 80+%
There was a bug in the HPA v1 conversion logic that would occur when
a custom metric and a metric that was encoded in v1 as
targetCPUUtilizationPercentage were used at the same time. In this
case, the custom metric could overwrite the CPU metric, or vice versa.
This fixes that bug, and ensures that the fuzzer tests round-tripping
with multiple metrics.
Automatic merge from submit-queue (batch tested with PRs 39991, 39964)
route53 dnsprovider: add more logging
In the aws cloudprovider, we have a custom logger. This adds the same
logger to the route53 dnsprovider.
We copy the (simple) code in anticipation that the providers are likely
to live in separate repos in future.
```release-note
federation aws: add logging of route53 calls
```
Automatic merge from submit-queue
dnsprovider route53: log changeset details at v(8)
Otherwise it can be hard to know exactly what is changing and whether
the changes could be optimized, or to troubleshoot if someone were
accidentally to have a bug in their calling code.
```release-note
NONE
```
Automatic merge from submit-queue
Refactor federation-up.sh script.
Move common variables to common.sh script in preparation for the upcoming changes to federation-down.sh that also depends on these common variables.
```release-note
NONE
```
cc @kubernetes/sig-federation-pr-reviews @shashidharatd
This change migrates the 'openstack' provider and 'keystone'
authenticator plugin to the newer gophercloud/gophercloud library.
Note the 'rackspace' provider still uses rackspace/gophercloud.
Fixes#30404
Kubernetes Submit Queue