Automatic merge from submit-queue (batch tested with PRs 39475, 38666, 39327, 38396, 39613)
e2e tests: new portforwardertester with another three tests for case …
PR include:
- add new e2e test cases for BIND_ADDRESS='0.0.0.0'
- add to portforwardertester.go os.Getenv("BIND_ADDRESS") and if not set, it should be localhost for backward compability with existing tests
- for existing tests pass explicity BIND_ADDRESS='localhost'
- rename existing tests
It was mention in the issue: #32128
cc @mzylowski @pskrzyns
Automatic merge from submit-queue (batch tested with PRs 39475, 38666, 39327, 38396, 39613)
Fix a bug in cascading deletion of federation objects
When FinalizerOrphan is present and set to true in federated object we are currently removing the FinalizerOrphan first and then removing FinalizerDeleteFromUnderlyingClusters. if a reconciliation is triggered in between the finalizer removals, it has undesired effect of object deletion in federated cluster.
So we should remove FinalizerDeleteFromUnderlyingClusters first and then remove FinalizerOrphan, when FinalizerOrphan is set to true.
@nikhiljindal, @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 39475, 38666, 39327, 38396, 39613)
Add checking the nil value
**What this PR does / why we need it**:
Add checking the nil value.
Thanks.
**Special notes for your reviewer**:
Automatic merge from submit-queue (batch tested with PRs 39475, 38666, 39327, 38396, 39613)
Create k8s.io/apimachinery repo
Don't panic.
The diff is quite large, but its all generated change. The first few commits are where are all the action is. I built a script to find the fanout from
```
k8s.io/kubernetes/pkg/apimachinery/registered
k8s.io/kubernetes/pkg/runtime/serializer
k8s.io/kubernetes/pkg/runtime/serializer/yaml
k8s.io/kubernetes/pkg/runtime/serializer/streaming
k8s.io/kubernetes/pkg/runtime/serializer/recognizer/testing
```
It copied
```
k8s.io/kubernetes/pkg/api/meta
k8s.io/kubernetes/pkg/apimachinery
k8s.io/kubernetes/pkg/apimachinery/registered
k8s.io/kubernetes/pkg/apis/meta/v1
k8s.io/kubernetes/pkg/apis/meta/v1/unstructured
k8s.io/kubernetes/pkg/conversion
k8s.io/kubernetes/pkg/conversion/queryparams
k8s.io/kubernetes/pkg/genericapiserver/openapi/common - this needs to renamed post-merge. It's just types
k8s.io/kubernetes/pkg/labels
k8s.io/kubernetes/pkg/runtime
k8s.io/kubernetes/pkg/runtime/schema
k8s.io/kubernetes/pkg/runtime/serializer
k8s.io/kubernetes/pkg/runtime/serializer/json
k8s.io/kubernetes/pkg/runtime/serializer/protobuf
k8s.io/kubernetes/pkg/runtime/serializer/recognizer
k8s.io/kubernetes/pkg/runtime/serializer/recognizer/testing
k8s.io/kubernetes/pkg/runtime/serializer/streaming
k8s.io/kubernetes/pkg/runtime/serializer/versioning
k8s.io/kubernetes/pkg/runtime/serializer/yaml
k8s.io/kubernetes/pkg/selection
k8s.io/kubernetes/pkg/types
k8s.io/kubernetes/pkg/util/diff
k8s.io/kubernetes/pkg/util/errors
k8s.io/kubernetes/pkg/util/framer
k8s.io/kubernetes/pkg/util/json
k8s.io/kubernetes/pkg/util/net
k8s.io/kubernetes/pkg/util/runtime
k8s.io/kubernetes/pkg/util/sets
k8s.io/kubernetes/pkg/util/validation
k8s.io/kubernetes/pkg/util/validation/field
k8s.io/kubernetes/pkg/util/wait
k8s.io/kubernetes/pkg/util/yaml
k8s.io/kubernetes/pkg/watch
k8s.io/kubernetes/third_party/forked/golang/reflect
```
The script does the import rewriting and gofmt. Then you do a build, codegen, bazel update, and it produces all the updates.
If we agree this is the correct approach. I'll create a verify script to make sure that no one messes with any files in the "dead" packages above.
@kubernetes/sig-api-machinery-misc @smarterclayton @sttts @lavalamp @caesarxuchao
`staging/prime-apimachinery.sh && hack/update-codegen.sh && nice make WHAT="federation/cmd/federation-apiserver/ cmd/kube-apiserver" && hack/update-openapi-spec.sh && hack/update-federation-openapi-spec.sh && hack/update-codecgen.sh && hack/update-codegen.sh && hack/update-generated-protobuf.sh && hack/update-bazel.sh`
Automatic merge from submit-queue (batch tested with PRs 39714, 39646)
use etcd2 as storage-backend for federation until federation features are completely tested with etcd3
**What this PR does / why we need it**: move federation etcd to etcd3
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#39594
**Special notes for your reviewer**: here is the [link](https://github.com/kubernetes/features/issues/44#issuecomment-270772674) to announcement making etcd3 as default
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 39230, 39718)
Remove special case for StatefulSets in scheduler
**What this PR does / why we need it**: Removes special case for StatefulSet in scheduler code
/ref: https://github.com/kubernetes/kubernetes/issues/39687
**Special notes for your reviewer**:
**Release note**:
```release-note
Scheduler treats StatefulSet pods as belonging to a single equivalence class.
```
Automatic merge from submit-queue (batch tested with PRs 39230, 39718)
[Federation] Kubefed init verifies if control plane pods are up before returning success
This PR updates the functionality as needed in issue https://github.com/kubernetes/kubernetes/issues/37841.
cc @kubernetes/sig-cluster-federation @nikhiljindal @madhusudancs @shashidharatd
Automatic merge from submit-queue (batch tested with PRs 39495, 39547)
Tag persistent volume PersistentVolume E2E [Volume][Serial][Flaky]
**What this PR does / why we need it**:
When run parallel with other tests that use PV(C)s, cross-test binding causes flakes. Add `[Serial]` tag.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: f
Partly addresses #39119
**Special notes for your reviewer**:
cc @saad-ali @jsafrane @jeffvance
Automatic merge from submit-queue (batch tested with PRs 39495, 39547)
kubeadm: updated preflight types to avoid stutter
Small change to kubeadm preflight pkg to remove stutter from preflight types PreFlightError and PreFlightCheck (now names Error and Checker).
**Release note**:
`NONE`
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)
kubelet: request client auth certificates from certificate API.
This fixes kubeadm and --experiment-kubelet-bootstrap.
cc @liggitt
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)
kubeadm: refactored token discovery.
**What this PR does / why we need it**: refactored `kubeadm` token discovery to follow the discovery interface and use new TLS bootstrap mechanism.
/cc @luxas @mikedanese
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)
Set PodStatus QOSClass field
This PR continues the work for https://github.com/kubernetes/kubernetes/pull/37968
It converts all local usage of the `qos` package class types to the new API level types (first commit) and sets the pod status QOSClass field in the at pod creation time on the API server in `PrepareForCreate` and in the kubelet in the pod status update path (second commit). This way the pod QOS class is set even if the pod isn't scheduled yet.
Fixes#33255
@ConnorDoyle @derekwaynecarr @vishh
Automatic merge from submit-queue (batch tested with PRs 39684, 39577, 38989, 39534, 39702)
add subresource to forbidden message
Fixes https://github.com/kubernetes/kubernetes/issues/39640
The message will now be `user "username" cannot verb resource.group/subresource in the the namespace "ns"`.
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
Fix evictions test
**What this PR does / why we need it**:
Fixes bugs in evictions test. Make vet happy.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#39412
Ref: #39452
cc: @calebamiles
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
Bump container-linux and gci timeout for docker health check
The command `docker ps` can take longer time to respond under heavy load or
when encountering some known issues. In these cases, the containers are running
fine, so aggressive health check could cause serious disruption. Bump the
timeout to 60s to be consistent with the debian-based containerVM.
This addresses #38588
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
Add support for groups to passwordfile
As we move deployment methods to using RBAC, it is useful to be able to place the admin user in the bootstrap kubeconfig files in a superuser group. The tokencsv file supports specifying group membership, but the basicauth file does not. This adds it for parity.
I plan to update the generated password file to put the admin user in a group (similar to the way https://github.com/kubernetes/kubernetes/pull/39537 puts that user in a group in the token file)
```release-note
--basic-auth-file supports optionally specifying groups in the fourth column of the file
```
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
Allow rolebinding/clusterrolebinding with explicit bind permission check
Fixes https://github.com/kubernetes/kubernetes/issues/39176
Fixes https://github.com/kubernetes/kubernetes/issues/39258
Allows creating/updating a rolebinding/clusterrolebinding if the user has explicitly been granted permission to perform the "bind" verb against the referenced role/clusterrole (previously, they could only bind if they already had all the permissions in the referenced role via an RBAC role themselves)
```release-note
To create or update an RBAC RoleBinding or ClusterRoleBinding object, a user must:
1. Be authorized to make the create or update API request
2. Be allowed to bind the referenced role, either by already having all of the permissions contained in the referenced role, or by having the "bind" permission on the referenced role.
```
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
HPA Controller: Check for 0-sum request value
In certain conditions in which the set of metrics returned by Heapster
is completely disjoint from the set of pods returned by the API server,
we can have a request sum of zero, which can cause a panic (due to
division by zero). This checks for that condition.
Fixes#39680
**Release note**:
```release-note
Fixes an HPA-related panic due to division-by-zero.
```
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
remove API to server library dependency
A client library (which must include api types), should not depend on our server library. This duplicates one constant for conversion to avoid the link.
@smarterclayton @liggitt
The import-boss rule to keep us from forming these dependencies is non-trivial since some of the bits under /apis are server only (validation for instance).
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
kubeadm: updated DNS deployment.
**What this PR does / why we need it**: Updates KubeDNS deployment to match upstream.
**Special notes for your reviewer**: It was tested manually by bootstrapping a new cluster, running a busybox container and making sure one could `nslookup` from within the container to find `kubernetes` and other services.
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
Adding storageclass to resource printers for get pv and pvc
Give ability to see what Storage Class a PV is using, as well as what StorageClass a PVC has requested
```
[root@screeley-sc1 gce]# kubectl get pv
NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE
pv-gce 2Gi RWO Retain Available anything 41m
pvc-774217fd-d440-11e6-9d11-42010af00010 2Gi RWO Delete Bound default/gce-claim-storageclass slow 0s
[root@screeley-sc1 gce]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESSMODES REQUESTEDSTORAGECLASS AGE
gce-claim-class1 Pending 6m
gce-claim-classless Pending 6m
gce-claim-storageclass Bound pvc-774217fd-d440-11e6-9d11-42010af00010 2Gi RWO slow 6m
gce-claim-storageclass-nonexist Pending superfly 4s
```
@kubernetes/sig-storage
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
Generate stable bindata output
fixes#30621
bindata generation produces spurious diffs when run with different go versions because gzip output is not stable between versions.
It also produces spurious diffs when invoked directly vs via make/go:generate.
This PR:
* adds data to bindata uncompressed (makes translation files human-readable, and the zip files were already compressed... for reference the file was 27.7 KB before, and 20.1 KB with this change)
* runs the generation from KUBE_ROOT, so it doesn't matter whether it is invoked directly or via go:generate
supercedes https://github.com/kubernetes/kubernetes/pull/39631
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Set MemorySwap to zero on Windows
Fixes https://github.com/kubernetes/kubernetes/issues/39003
@dchen1107 @michmike @kubernetes/sig-node-misc
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Updating federated service controller to support cascading deletion
Ref https://github.com/kubernetes/kubernetes/issues/33612
Service controller is special than other federation controllers because it does not use federatedinformer and updater to sync services (it was written before we had those frameworks).
Updating service controller code to instantiate these frameworks and then use deletion helper to perform cascading deletion.
Note that, I havent changed the queuing logic in this PR so we still dont use federated informer to manage the queue. Will do that in the next PR.
cc @kubernetes/sig-federation-misc @mwielgus @quinton-hoole
```release-note
federation: Adding support for DeleteOptions.OrphanDependents for federated services. Setting it to false while deleting a federated service also deletes the corresponding services from all registered clusters.
```
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Allow node-controller to update node status
ref: #39639
* adds required permissions to node-controller
* fixes typo in role name for pod-garbage-collector role
* adds event watching permissions to persistent volume controller
* adds event permissions to node proxier
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth.
cc @cjcullen
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Add configs that run more advanced density and load tests
Wojtek is on vacation this week - @timothysc can you please take a look? It's rather terrible, but I don't have a better idea on how to make parametric tests.
cc @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Use Dynamic Config in e2e_node inode eviction test
Alternative solution to #39249. Similar to solution proposed by @vishh in #36828.
@Random-Liu @mtaufen
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
fixed error log that would cause two log lines to run into each other…
**What this PR does / why we need it**:
Fixed error log that would cause two log lines to run into each other. Logs running into each other can be reproduced by running local-up-cluster.sh on osx.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
remove repeating const declaration
**What this PR does / why we need it**:
remove repeating const declaration , and avoid const declaration in loop
Thanks.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Always --pull in docker build to ensure recent base images
**What this PR does / why we need it**: By default, Docker will use a locally cached image rather than looking for a newer image. This can be problematic when using a common base image like debian:jessie, since you may end up unintentionally using a very old base image.
I think everything here is only used on release paths, so it shouldn't affect any regular development workflows.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 34488, 39511, 39619, 38342, 39491)
Update FitError as a message component into the PodConditionUpdater.
Fixes#20064 , after a roundabout volley of ideas, we ended up digging into existing Conditions for this, rather then a first class API object. This is just a quick sketch of the skeleton minimal implementation, it should pretty much "just work". I'll test it more later today.
Release Note:
```
Histogram data of predicate failures is contained in pod conditions and thus available to users by kubectl commands.
```
Kubernetes Submit Queue