Automatic merge from submit-queue
Improve scheduler throughput
Ref #28590
This improves scheduler throughput by another 10-15%.
@davidopp @kubernetes/sig-scheduling
Automatic merge from submit-queue
Remove GOMAXPROCS() calls because they are unnecessary
Now we're setting GOMAXPROCS when every binary starts up, but we don't have to do that anymore, since we've upgraded to Go 1.6
Documentation for it:
> func GOMAXPROCS(n int) int
> GOMAXPROCS sets the maximum number of CPUs that can be executing simultaneously and returns the previous setting. If n < 1, it does not change the current setting. The number of logical CPUs on the local machine can be queried with NumCPU. This call will go away when the scheduler improves.
A simple program to prove it's unnecessary:
```go
package main
import (
"fmt"
"runtime"
)
func main(){
numCPUBefore := runtime.GOMAXPROCS(runtime.NumCPU())
numCPUAfter := runtime.GOMAXPROCS(runtime.NumCPU())
fmt.Println(numCPUBefore, numCPUAfter)
}
```
Output with Go 1.4.2: `1 4`
Output with Go 1.6.2: `4 4`
So I think we should remove calls to GOMAXPROCS now, and it should be pretty straightforward
@thockin @wojtek-t @gmarek @lavalamp @vishh
Automatic merge from submit-queue
Return (bool, error) in Authorizer.Authorize()
Before this change, Authorize() method was just returning an error, regardless of whether the user is unauthorized or whether there is some other unrelated error. Returning boolean with information about user authorization and error (which should be unrelated to the authorization) separately will make it easier to debug.
Fixes#27974
Automatic merge from submit-queue
Func note not consistent with real fun name
File "plugin\pkg\webhook.go", line #41 :
"// New creates a new GenericWebhook from the provided kubeconfig file."
Here "New" not consistant with real fun name "NewGenericWebhook" in line #42 :
"func NewGenericWebhook(kubeConfigFile string, groupVersions []unversioned.GroupVersion, initialBackoff time.Duration) (*GenericWebhook, error) {"
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.
Fixes#27974
Automatic merge from submit-queue
authorize based on user.Info
Update the `authorization.Attributes` to use the `user.Info` instead of discrete getters for each piece.
@kubernetes/sig-auth
Automatic merge from submit-queue
First step of optimizing PodAffinity priority function
Ref #26144
This is obviously only a first step - I will continue working on this code. However, this is changing the general scheme of computations to what is described in: https://github.com/kubernetes/kubernetes/issues/26144#issuecomment-232612384
Automatic merge from submit-queue
Optimise the process of the CalculateSpreadPriority in selector_spreading.go
It had better inspect if the nodeLister is normal first in the CalculateSpreadPriority in selector_spreading.go. If the nodeLister.List return error, the function return directly, not need deal the serviceLister and controllerLister and replicaSetLister.
Automatic merge from submit-queue
rbac authorizer: cleanups to rule evaluation for non-resource URLs
An few oversights in the RBAC authorizer. Fixes#28291 and permits non-resource URLs to use stars in the path. E.g. ("/apis/*").
cc @liggitt @kubernetes/sig-auth
Automatic merge from submit-queue
Add hooks for cluster health detection
Separate a function that decides if zone is healthy. First real commit for preventing massive pod eviction.
Ref. #28832
cc @davidopp
k8s-merge-robot
