Automatic merge from submit-queue (batch tested with PRs 38432, 36887, 38415)
Add --image-pull-stuck-timeout option to kubelet
In this PR, add --image-pull-stuck-time option to specify the stuck timeout for pulling image.
When docker extracts image layer, there is no progress. The progress will exceed 1m if the layer is big or system is busy. It happend in our cluster, so I add above option to specify the timeout.
Related error log:
<pre>
[... kube_docker_client.go:29] Cancel pulling image "our_registry/demo/test" because of no progress for 1m0s, latest progress "c914ad57d670": Extracting [==================>] 513.5 MB/513.5MB"
[... docker_manager.go:2254] container start failed: ErrImagePull: net/http: request canceled
</pre>
Automatic merge from submit-queue (batch tested with PRs 36736, 35956, 35655, 37713, 38316)
Ae/fix2
**What this PR does / why we need it**: Fixes some kubelet typos
**Release note**:
`None`
Automatic merge from submit-queue (batch tested with PRs 36736, 35956, 35655, 37713, 38316)
Optimize port_split_test test case.
The `normalized` field doesn't take affect in current test case.
This PR:
1. initializes valid and normalized cases with normalized=true.
2. adds some invalid cases.
@resouer Thanks!
Automatic merge from submit-queue (batch tested with PRs 36736, 35956, 35655, 37713, 38316)
delete one testcase from json_test.go for duplicated data
in json_test.go there are 2 duplicated tesecases. Here I'm going to delete one of them. Please review for this. thanks!
Automatic merge from submit-queue (batch tested with PRs 38413, 37164)
Remove chatty "waiting for pod" msg from kubectl run
Attacking #28695 one step at a time
Signed-off-by: Doug Davis <dug@us.ibm.com>
Its unnecessary to print the message when the user asked for it.
We should only show a msg (error) when we didn't do what they asked.
Also showing this in a "kubectl run" is bad because it then
gets appended to the user's output and they would then have to strip
it off if they want to use the output in some follow-on processing.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Automatic merge from submit-queue (batch tested with PRs 36419, 38330, 37718, 38244, 38375)
Kubelet: Add image cache.
Fixes#38373.
This should be patched into 1.5.1 to solve the customer issue.
@yujuhong
/cc @kubernetes/sig-node
Automatic merge from submit-queue (batch tested with PRs 36419, 38330, 37718, 38244, 38375)
Let DirectEncoder take a hint of what gvk to set during its construction
Fix https://github.com/kubernetes/kubeadm/issues/52.
The issue was that when the kubeadm binary executed `c.Extensions().Deployments().Delete(&v1.DeleteOptions{})`, the DeleteOptions.APIVersion is set as `kubeadm.k8s.io/v1alpha` in the serialized format. API server couldn't decode that.
With this PR, `DeleteOptions.APIVersion` will be set to `extensions.v1beta1` in the serialized format.
cc @mikedanese @luxas
@kubernetes/sig-api-machinery
Automatic merge from submit-queue (batch tested with PRs 36071, 32752, 37998, 38350, 38401)
Pass addressable values to DeepCopy
Extracted from https://github.com/kubernetes/kubernetes/pull/35728
These are the places we are currently calling DeepCopy incorrectly, and we need to fix, even if we don't pick up the changes to DeepCopy in #35728:
* creating a new cloner means we have no generated functions registered
* passing non-addressable values doesn't pick up generated deep copy functions, and forces us into reflective mode
Automatic merge from submit-queue (batch tested with PRs 36071, 32752, 37998, 38350, 38401)
Add test for concurrent evictions requests
This is a followup PR after #37668.
Add a test case to make sure concurrent eviction requests can be handled.
@davidopp @lavalamp
Automatic merge from submit-queue (batch tested with PRs 36071, 32752, 37998, 38350, 38401)
Allow a selector when retrieving logs
#19873
initial commit to see if I am headed in the right direction.
Its missing all the test cases, but the selector path works.
Automatic merge from submit-queue
fix local resource output when `-f` not specified
**Release note**:
```release-note
release-note-none
```
`kubectl set image` does not have a `--dry-run` option. Although it offers a
`--local` flag, it does not support server request, limiting input to that of stdin
or that of a local file.
This patch adds a `--dry-run` option to the `kubectl set image` command,
allowing for resources from the server to be selected, without making any
mutations.
cc @ncdc
Related PR: https://github.com/kubernetes/kubernetes/pull/36174
Automatic merge from submit-queue
Fix unmountDevice issue caused by shared mount in GCI
This is a fix on top #38124. In this fix, we move the logic to filter
out shared mount references into operation_executor's UnmountDevice
function to avoid this part is being used by other types volumes such as
rdb, azure etc. This filter function should be only needed during
unmount device for GCI image.
Automatic merge from submit-queue (batch tested with PRs 36310, 37349, 38319, 38402, 38338)
Fix space issue in volumePath with vSphere Cloud Provider
I tried to create a kubernetes deployment with vSphere volume with volume path
"[datastore] kubevols/redis-master".
In this case the cloud provider queries the getDeviceNameFromMount() to return the path of the volume mounted. Since getDeviceNameFromMount() queries the filesystem to get the mount references, it returns a volume path "[datastore]\\040kubevols/redis-master". Later the kubelet searches for this volume path in both the actual and desired states. Th actual and desired states contains volume with path "[datastore] kubevols/redis-master". So, it couldn't find such volume path and therefore kubernetes stalls unable to make any progress further similar to one described in #37022.
This PR will fix the space issue in volume path by replacing \\040 to empty space. This fixes#37712.
Also fixes#38148
@kerneltime @pdhamdhere
This is a fix on top #38124. In this fix, we move the logic to filter
out shared mount references into operation_executor's UnmountDevice
function to avoid this part is being used by other types volumes such as
rdb, azure etc. This filter function should be only needed during
unmount device for GCI image.
Automatic merge from submit-queue
kubedns: use initial resource listing as ready signal
Fix#35140.
Set up the ready signal after the first resource listing finished for both endpoints and services instead of listen on kubernetes service.
@bprashanth @bowei @thockin
**Release note**:
```
```
Automatic merge from submit-queue (batch tested with PRs 38377, 36365, 36648, 37691, 38339)
Exponential back off when volume delete fails
**What this PR does / why we need it**:
This PR implements ability in pv_controller to back off when deleting a volume fails from plugin API.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Partly fixes#38295 , but I think volume delete is most problematic thing happening in pv_controller without any sort of backoff.
After this change the attempts of volume deletion look like:
```
controller : I1208 00:18:35.532061 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:20:50.578325 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:23:05.563488 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:25:20.599158 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:27:35.560009 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:29:50.594967 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:32:05.539168 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
controller : I1208 00:34:20.581665 16388 aws_util.go:55] Error deleting EBS Disk volume aws://us-east-1d/vol-abcdefg: VolumeInUse: Volume vol-abcdefg is currently attached to i-1234567
```
Automatic merge from submit-queue (batch tested with PRs 38377, 36365, 36648, 37691, 38339)
controller: sync stuck deployments in a secondary queue
@kubernetes/deployment this makes Deployments not depend on a tight resync interval in order to estimate progress.
Automatic merge from submit-queue (batch tested with PRs 35939, 38381, 37825, 38306, 38110)
Add test for multi-threaded use of ratelimiter
Adds a test to help prevent #38273 from occurring again
Related PR: https://github.com/kubernetes/kubernetes/pull/30313
PR #30313 fixed duplicate errors for invalid aggregate errors in
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/util/helpers.go
However, duplicate aggregate errors that went through
https://github.com/kubernetes/kubernetes/blob/master/pkg/util/validation/field/errors.go
were not affected by that patch.
This patch adds duplicate aggregate error checking to
`pkg/util/validation/field/errors.go`
\##### Before
`$ kubectl set env rc/idling-echo-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName", spec.template.spec.containers[0].env[0].name:
Invalid value: "test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
`$ kubectl set env rc/node-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
\##### After
`$ kubectl set env rc/idling-echo-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
`$ kubectl set env rc/node-1 test-abc=1234`
```
error: ReplicationController "node-1" is invalid:
spec.template.spec.containers[0].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"
```
Automatic merge from submit-queue (batch tested with PRs 37701, 36702, 37145, 37424, 38261)
Limit unbound label cardinality on request errors
This converts all request errors to the string `<error>` instead of
passing the full error string. Error strings can have arbitrary values
and thus have a cardinality that is not suitable for a metric
use case.
Inspecting individual errors is a logging use case which can be handled separately by registering a client error handler.
@kubernetes/sig-instrumentation
Automatic merge from submit-queue (batch tested with PRs 35884, 37305, 37369, 37429, 35679)
fix repeat request for auth
reference to #27851
When use basic-auth/RBAC, don't set the users in .kube/config
```
# cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://127.0.0.1:6443
name: ubuntu
contexts:
- context:
cluster: ubuntu
namespace: default
user: test
name: ubuntu
current-context: ubuntu
kind: Config
preferences: {}
users: []
```
kubectl request for username/password time after time
```
$ kubectl get nodes
Please enter Username: admin
Please enter Password: ******
Please enter Username: admin
Please enter Password: ******
```
Automatic merge from submit-queue (batch tested with PRs 35884, 37305, 37369, 37429, 35679)
fix mixleading warning message regarding kube-proxy nodeIP initializa…
The current warning message implies that the operator should restart kube-proxy with some flag related to node IP which can be very misleading.
Automatic merge from submit-queue
Added support for HOME environment variable on Windows
**What this PR does / why we need it**:
On Windows the HOME environment variable should be taken in account when trying to find the home directory.
Several tools already support the HOME environment variable, notably git-bash. It would be very convenient to have the kubernete tools (including minikube) to also support the environment variable.
The current situation
**Special notes for your reviewer**:
**Release note**:
```
```
Automatic merge from submit-queue (batch tested with PRs 36626, 37294, 37463, 37943, 36541)
Remove duplicate describer errs
Downstream issue https://github.com/openshift/origin/issues/11846
**Release note**:
```release-note
release-note-none
```
The `describe` command iterates through a list of infos received from
the server and aggregates a list of errors while attempting to call each
resource's respective describer. When a resource exists, but does not
have a describer set, such as `Event`, the `describe` command outputs
the same error `error: no description has been implemented for "Event"`
for each info.
```
$ kubectl describe events
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
no description has been implemented for "Event"
```
@kubernetes/kubectl @fabianofranz
Automatic merge from submit-queue (batch tested with PRs 36626, 37294, 37463, 37943, 36541)
Add Version to the resource printer for 'get nodes'
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
openstack: Implement the `Routes` provider API
``` release-note
Implement the Routes provider API for OpenStack using Neutron extraroute extension. This removes the need for flannel/etc where supported. To use, ensure all your nodes are on the same Neutron (private) network and specify the router ID in new `[Route]` section of provider config:
[Route]
router-id = <router UUID>
```
Automatic merge from submit-queue (batch tested with PRs 37325, 38313, 38141, 38321, 38333)
typo found with controller comment for framework_test.
**What this PR does / why we need it**: fix test comment typo
**Release note**:
`NONE`
This implements pv_controller to exponentially backoff
when deleting a volume fails in Cloud API. It ensures that
we aren't making too many calls to Cloud API
Automatic merge from submit-queue (batch tested with PRs 38318, 38258)
kernel memcg notification enabled via experimental flag
Kubelet integrates with kernel memcg notification API if and only if enabled via experimental flag.
Automatic merge from submit-queue (batch tested with PRs 36140, 38304)
remove validation dependency on version negotiation
Things that just need a REST client or a bit of discovery information should not attempt to perform negotiation. Doing so just limits the genericness of the client.
@kubernetes/sig-cli
@fabianofranz this blocks the kubernetes-discovery work.
Automatic merge from submit-queue
make invocation ReadDockerConfigFile can handle .dockerconfigjson file
**What this PR does / why we need it**:
When **.docker/config.json** is used to authenticate docker registry, the data key **.dockerconfigjson** should be used if we want to save this kind of docker auth data into a secret. So this PR is mainly to make invocation `ReadDockerConfigFile `have ability to read **.dockerconfigjson** file.
@liggitt
Automatic merge from submit-queue
Cover port_allocator_test with more conditions
The test cases of port_allocator_test should cover more conditions, such as `rangeAllocator.used.Bit`.
Automatic merge from submit-queue (batch tested with PRs 36543, 38189, 38289, 38291, 36724)
context.Context should be the first parameter of a function in vsphere
**What this PR does / why we need it**:
Change the position of the context.Context parameter.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
golint
**Release note**:
```release-note
```
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
Automatic merge from submit-queue (batch tested with PRs 36543, 38189, 38289, 38291, 36724)
add authentication/authorization to kubernetes-discovery
Wires authentication and authorization into `kubernetes-discovery` and re-enables the `local-up-cluster.sh` along with proper permission granting for RBAC cases.
@sttts @liggitt
Automatic merge from submit-queue (batch tested with PRs 36543, 38189, 38289, 38291, 36724)
Kubelet: only check podUID when it is actually set
Fixes#38188.
cc/ @timstclair @yujuhong
Automatic merge from submit-queue (batch tested with PRs 38294, 37009, 36778, 38130, 37835)
fix permissions when using fsGroup
Currently, when an fsGroup is specified, the permissions of the defaultMode are not respected and all files created by the atomic writer have mode 777. This is because in `SetVolumeOwnership()` the `filepath.Walk` includes the symlinks created by the atomic writer. The symlinks have mode 777 when read from `info.Mode()`. However, when the are chmod'ed later, the chmod applies to the file the symlink points to, not the symlink itself, resulting in the wrong mode for the underlying file.
This PR skips chmod/chown for symlinks in the walk since those operations are carried out on the underlying file which will be included elsewhere in the walk.
xref https://bugzilla.redhat.com/show_bug.cgi?id=1384458
@derekwaynecarr @pmorie
Automatic merge from submit-queue (batch tested with PRs 38294, 37009, 36778, 38130, 37835)
Re-use tested ratelimiter
The ratelimiter introduced in #35583 is not working correctly when called from multiple threads
This reverts to the tested ratelimiter we were previously using to unblock 1.5 (automated revert wasn't possible)
Ref #38273
reproducing test case:
```
func TestMultiThreadedBlocking(t *testing.T) {
done := make(chan bool)
// 100 QPS, burst of 100
b := NewBucketWithRate(100, 100)
go func() {
defer close(done)
fmt.Println(time.Now(), "Waiting for 1000 (should block for ~9-10 seconds)")
b.Wait(1000)
fmt.Println(time.Now(), "Got 1000")
}()
// give the request for 1000 plenty of time to take the tokens
time.Sleep(2 * time.Second)
fmt.Println(time.Now(), "Waiting for 1 (should wait until 1000 block is refilled)")
b.Wait(1)
fmt.Println(time.Now(), "Got 1 (should happen right after the wait for 1000 completes)")
<-done
}
$ go test ./pkg/util/ratelimit/ -v -run TestMultiThreadedBlocking
=== RUN TestMultiThreadedBlocking
2016-12-07 12:15:36.222133049 -0500 EST Waiting for 1000 (should block for ~9-10 seconds)
2016-12-07 12:15:38.222797752 -0500 EST Waiting for 1 (should wait until 1000 block is refilled)
2016-12-07 12:15:38.222897951 -0500 EST Got 1 (should happen right after the wait for 1000 completes)
2016-12-07 12:15:45.223125234 -0500 EST Got 1000
```
in contrast, the same test run against juju/ratelimit:
```
go test ./pkg/util/flowcontrol/ -v -run TestMultiThreadedBlocking
=== RUN TestMultiThreadedBlocking
2016-12-07 12:32:56.796077782 -0500 EST Waiting for 1000 (should block for ~9-10 seconds)
2016-12-07 12:32:58.799159059 -0500 EST Waiting for 1 (should wait until 1000 block is refilled)
2016-12-07 12:33:05.801076002 -0500 EST Got 1000
2016-12-07 12:33:05.807510387 -0500 EST Got 1 (should happen right after the wait for 1000 completes)
--- PASS: TestMultiThreadedBlocking (9.01s)
```
Automatic merge from submit-queue (batch tested with PRs 38181, 38128, 36711)
etcd2: have prefix always prepended
The prefix issue is discussed in #36290.
This is fixing etcd2 behavior separately.
**release note**:
```
etcd2: have prefix always prepended
```
Automatic merge from submit-queue
Enable OpenAPI spec validation
Spec validation was failing on Jenkins. I am enabling it in this PR to figure out if we can get it pass. No review is necessary until all test passes.
Automatic merge from submit-queue
Fix pods/log OpenAPI/Swagger spec to return string instead of v1.Pod
log operation is part of pod and had the assumption of returning a v1.Pod. First I added the support for an operation to be able to customize its return object then add the support to pods/log operation to return an string as an object sample.
Fixes#37881
Cc @kubernetes/sig-api-machinery
Automatic merge from submit-queue
add a configuration for kubelet to register as a node with taints
and deprecate --register-schedulable
ref #28687#29178
cc @dchen1107 @davidopp @roberthbailey
Automatic merge from submit-queue (batch tested with PRs 37032, 38119, 38186, 38200, 38139)
etcd2: remove unnecessary PrevValue in SetOption
ref: https://github.com/kubernetes/kubernetes/issues/37994
Summary:
- PrevValue is set in HTTP header, and large value (>1MB) could exceed check limit
- We don't need PrevValue indeed since we already use PrevIndex in SetOptions and each PrevIndex corresponds to each PrevValue.
I don't really think we need extra tests for this. There is already test for GuaranteedUpdate covering its use cases.
Automatic merge from submit-queue (batch tested with PRs 37032, 38119, 38186, 38200, 38139)
Remove genericapiserver.Options.MasterServiceNamespace
Deprecated and not used anymore.
Automatic merge from submit-queue (batch tested with PRs 37032, 38119, 38186, 38200, 38139)
Detect long-running requests from parsed request info
Follow up to https://github.com/kubernetes/kubernetes/pull/36064
Uses parsed request info to more tightly match verbs and subresources
Removes regex-based long-running request path matching (which is easily fooled)
```release-note
The --long-running-request-regexp flag to kube-apiserver is deprecated and will be removed in a future release. Long-running requests are now detected based on specific verbs (watch, proxy) or subresources (proxy, portforward, log, exec, attach).
```
Automatic merge from submit-queue
Add integration tests for desire state of world populator
Add integration tests for desire state of world populator
This adds tests for code introduced here :
https://github.com/kubernetes/kubernetes/issues/26994
Via integration test we can now verify that if pod delete
event is somehow missed by AttachDetach controller - it still
get cleaned up by Desired State of World populator.
Automatic merge from submit-queue (batch tested with PRs 38194, 37594, 38123, 37831, 37084)
remove unnecessary fields from genericapiserver config
Cleans up some unnecessary fields in the genericapiserver config.
Automatic merge from submit-queue (batch tested with PRs 38194, 37594, 38123, 37831, 37084)
Better compat with very old iptables (e.g. CentOS 6)
Fixes reported issue with CentOS6 iptables 1.4.7 (ancient)
Older iptables expanded things like 0x4000 into 0x00004000, which defeats the
fallback "check" logic.
Fixes#37416
Automatic merge from submit-queue (batch tested with PRs 36990, 37494, 38152, 37561, 38136)
join client CA bundles
Last commit grabs client CA bundles from disparate parts of the auth config and makes a pool that contains all of them.
I suspect a rebase broke this because of ordering. I'll keep these separate to make it easier for me to debug.
Kubernetes Submit Queue