This is so that we can use NewAPIFactory() from cmd/set/*test.go
Up until now we would get a import loop error.
This commit also adds a basic unit test case for cmd/set/set_image.go
Automatic merge from submit-queue
add optional mutation checks for shared informer cache
We need to make sure that no one is mutating caches if they're using a shared informer. It is important that whatever is tracking those changes gets the object *before* anyone else possibly could.
This adds the ability to track the original objects in the cache and their current values. Go doesn't have an exit hook or a way to say "wait for non-daemon go-funcs to complete before exit", so this runs a gofunc on a loop that can panic the entire process. It's gated behind an env var.
@derekwaynecarr did I get the right spots to make sure that e2e runs with this flag?
@smarterclayton @kubernetes/rh-cluster-infra
@elsonrodriguez, @hunter, and @leseb have gotten Ceph to run almost entirely within Kubernetes. Also, the official Ceph Docker image is more likely to be kept updated.
Automatic merge from submit-queue
Remove static kubelet client, refactor ConnectionInfoGetter
Follow up to https://github.com/kubernetes/kubernetes/pull/33718
* Collapses the multi-valued return to a `ConnectionInfo` struct
* Removes the "raw" connection info method and interface, since it was only used in a single non-test location (by the "real" connection info method)
* Disentangles the node REST object from being a ConnectionInfoProvider itself by extracting an implementation of ConnectionInfoProvider that takes a node (using a provided NodeGetter) and determines ConnectionInfo
* Plumbs the KubeletClientConfig to the point where we construct the helper object that combines the config and the node lookup. I anticipate adding a preference order for choosing an address type in https://github.com/kubernetes/kubernetes/pull/34259
Automatic merge from submit-queue
kubelet: storage: don't hang kubelet on unresponsive nfs
Fixes#31272
Currently, due to the nature of nfs, an unresponsive nfs volume in a pod can wedge the kubelet such that additional pods can not be run.
The discussion thus far surrounding this issue was to wrap the `lstat`, the syscall that ends up hanging in uninterruptible sleep, in a goroutine and limiting the number of goroutines that hang to one per-pod per-volume.
However, in my investigation, I found that the callsites that request a listing of the volumes from a particular volume plugin directory don't care anything about the properties provided by the `lstat` call. They only care about whether or not a directory exists.
Given that constraint, this PR just avoids the `lstat` call by using `Readdirnames()` instead of `ReadDir()` or `ReadDirNoExit()`
### More detail for reviewers
Consider the pod mounted nfs volume at `/var/lib/kubelet/pods/881341b5-9551-11e6-af4c-fa163e815edd/volumes/kubernetes.io~nfs/myvol`. The kubelet wedges because when we do a `ReadDir()` or `ReadDirNoExit()` it calls `syscall.Lstat` on `myvol` which requires communication with the nfs server. If the nfs server is unreachable, this call hangs forever.
However, for our code, we only care what about the names of files/directory contained in `kubernetes.io~nfs` directory, not any of the more detailed information the `Lstat` call provides. Getting the names can be done with `Readdirnames()`, which doesn't need to involve the nfs server.
@pmorie @eparis @ncdc @derekwaynecarr @saad-ali @thockin @vishh @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
docs generation: Use macOS compatible copying method
Replace option unknown for bsd version of `cp` used on macOS with compatible between systems replacement.
Closes#34890
```release-note
NONE
```
Automatic merge from submit-queue
Added option to specify the flannel backend, to cluster/ubuntu
```release-note
```
Generalized the cluster/ubuntu scripting so that there is a way to
specify the Flannel "backend" to use.
Also updated the default setting of ADMISSION_CONTROL, to match that
recommended for the latest release in
http://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-plug-ins-to-use,
and updated the comment on that setting to explain it.
Also made `cluster/ubuntu/reconfDocker.sh` sensitive to the `DEBUG` envar.
Automatic merge from submit-queue
Add PSP support for seccomp profiles
Seccomp support for PSP. There are still a couple of TODOs that need to be fixed but this is passing tests.
One thing of note, since seccomp is all being stored in annotations right now it breaks some of the assumptions we've stated for the provider in terms of mutating the passed in pod. I've put big warning comments around the pieces that do that to make sure it's clear and covered the rollback in admission if the policy fails to validate.
@sttts @pmorie @erictune @smarterclayton @liggitt
Automatic merge from submit-queue
recommendations for writing controllers
There have been questions about how to write controllers. Many of the gotchas are not obvious to new authors. This doc tries to help explain the common pitfalls.
@lavalamp @smarterclayton @kubernetes/rh-cluster-infra @kargakis ptal
Automatic merge from submit-queue
convert TPR controller to posthook instead of disable flag
Converts the third party resource controller into a posthook using a loopback client instead going direct to etcd. This let's us eliminate more flags and special-casing during initialization. Also, using a client brings us closer to building this without side-effects for downstream composers.
Automatic merge from submit-queue
glog non-fatal, usually unimportant error instead of fmt
Fixes https://github.com/kubernetes/kubernetes/issues/34977
This particular message isn't usually important, so demote it to glog.
Automatic merge from submit-queue
make version an explicit choice so zero config and customized work
Makes `/version` key off of setting the version. This allows composers to add a version that is correct.
Automatic merge from submit-queue
Refactor scheduler to enable switch on equivalence cache
Part 2 of #30844
Refactoring to enable easier switch on of equivalence cache.
Automatic merge from submit-queue
Fix lint error in remotecommand.go
Before:
```
pkg/client/unversioned/remotecommand/remotecommand.go:101:9: should omit type http.RoundTripper from declaration of var rt; it will be inferred from the right-hand side
Please fix the above errors. You can test via "golint" and commit the result.
```
Automatic merge from submit-queue
e2e: stop tracking resource usage for the "misc" container
There is e2e test checking the resource usage of "misc", and it is not
supported on GCI.
Automatic merge from submit-queue
New client-go structure
This PR is part of restructuring client-go (https://github.com/kubernetes/client-go/issues/9#issue-181545998). In short, the top-level folder for client-go versions are removed.
This PR also runs copy.sh to pick up changes in the main repository. The number of files in client-go has increase from 1361 files to 1405.
@mbohlool @mml @timoreimann
Don't store Gluster SotrageClass parameters in annotations, it's insecure.
Instead, expect that there is the StorageClass available at the time
when it's needed by Gluster deleter.
Automatic merge from submit-queue
hack/: update cherry-pick script to have settings to override remote names
**What this PR does / why we need it**:
it allows you to override the remote names for the cherry-pick script in case you have it named differently
Automatic merge from submit-queue
Improvements to CLI usability and maintainability
Improves `kubectl` from an usability perspective by
1. Fixing how we handle terminal width in help. Some sections like the flags use the entire available width, while others like long descriptions breaks lines but don't follow a well established max width (screenshot below). This PR adds a new responsive writer that will adjust to terminal width and set 80, 100, or 120 columns as the max width, but not more than that given POSIX best practices and recommendations for better readability.
2. Adds our own normalizers for long descriptions and cmd examples which allows us better control about how things like lists, paragraphs, line breaks, etc are printed. Features markdown support. Looks like `templates.LongDesc` and `templates.Examples` instead of `dedent.Dedend`.
3. Allows simple reordering and reuse of help and usage sections.
3. Adds `verify-cli-conventions.sh` which intends to run tests to make sure cmd developers are using what we propose as [kubectl conventions](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/kubectl-conventions.md). Just a couple simple tests for now but the framework is there and it's easy to extend.
4. Update [kubectl conventions](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/kubectl-conventions.md) to use our own normalizers instead of `dedent.Dedent`.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Improves how 'kubectl' uses the terminal size when printing help and usage.
```
@kubernetes/kubectl
Automatic merge from submit-queue
Avoid unnecessary allocation
This is supposed to avoid unnecessary memory allocations.
PodToSelectableFields seems to be the biggest contributor to memory allocations:
```
Showing top 10 nodes out of 247 (cum >= 83166442)
flat flat% sum% cum cum%
1796823715 31.09% 31.09% 1796823715 31.09% k8s.io/kubernetes/pkg/registry/core/pod.PodToSelectableFields
530856268 9.19% 40.28% 530856268 9.19% k8s.io/kubernetes/pkg/storage.NamespaceKeyFunc
241505351 4.18% 44.46% 241505351 4.18% reflect.unsafe_New
...
```
Automatic merge from submit-queue
+optional tag for OpenAPI spec
OpenAPI rely on "omitempty" json tag to determine if a field is optional or not. This change will add "+optional" tag to all fields with "omitempty" json tag and support the tag in OpenAPI spec generator.
Automatic merge from submit-queue
Do not cache hyperkube package installation
**What this PR does / why we need it**:
The hyperkube build process could use a cached layer containing out of date packages. For example, the v1.4.0 image contains packages with security vulnerabilities, which should have been available as of the release build date.
This was surfaced from quay.io/clair scanning the hyperkube images:
17bc61b54e047da8cd1b23316aac6961db?tab=vulnerabilities
This patch adds a cache-busting comment to the RUN command which installs/updates packages.
Kubernetes Submit Queue
