github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
58,015 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

6018 Commits (7fdea2b0cf1d6974d429e39066606eca0fe65af9)

Author SHA1 Message Date
Kubernetes Submit Queue 4d4dd23820 Merge pull request #50418 from liggitt/target-godep 
Automatic merge from submit-queue (batch tested with PRs 50418, 49830, 49206, 49061, 49912)

Target godep script change verifications

helps with #50319

`hack/verify-godeps.sh` takes ~15 minutes of the verify job time. We should not run it if not required, especially since the job is regularly timing out at 1 hour when this check is included.

https://github.com/kubernetes/kubernetes/pull/48653 added a check to run it if *anything* under `hack` was changed. This targetes just changes to the godep scripts
 2017-08-09 22:07:12 -07:00
Lucas Käldström cb73972224
autogenerated 2017-08-10 06:46:46 +03:00
Jordan Liggitt 125a840445
Target godep script change verifications 2017-08-09 22:34:13 -04:00
shashidharatd 37dd1219e2 Remove redundant files 2017-08-10 05:21:51 +05:30
shashidharatd 5cfc724b9e Simplify hack/verify-flags-underscore.py 2017-08-10 05:21:10 +05:30
Kubernetes Submit Queue 458cc04330 Merge pull request #46254 from mtaufen/dkcfg 
Automatic merge from submit-queue (batch tested with PRs 50016, 49583, 49930, 46254, 50337)

Alpha Dynamic Kubelet Configuration

Feature: https://github.com/kubernetes/features/issues/281

This proposal contains the alpha implementation of the Dynamic Kubelet Configuration feature proposed in ~#29459~ [community/contributors/design-proposals/dynamic-kubelet-configuration.md](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/dynamic-kubelet-configuration.md). 

Please note:
- ~The proposal doc is not yet up to date with this implementation, there are some subtle differences and some more significant ones. I will update the proposal doc to match by tomorrow afternoon.~
- ~This obviously needs more tests. I plan to write several O(soon). Since it's alpha and feature-gated, I'm decoupling this review from the review of the tests.~ I've beefed up the unit tests, though there is still plenty of testing to be done.
- ~I'm temporarily holding off on updating the generated docs, api specs, etc, for the sake of my reviewers 😄~ these files now live in a separate commit; the first commit is the one to review.

/cc @dchen1107 @vishh @bgrant0607 @thockin @derekwaynecarr 

```release-note
Adds (alpha feature) the ability to dynamically configure Kubelets by enabling the DynamicKubeletConfig feature gate, posting a ConfigMap to the API server, and setting the spec.configSource field on Node objects. See the proposal at https://github.com/kubernetes/community/blob/master/contributors/design-proposals/dynamic-kubelet-configuration.md for details.
```
 2017-08-09 14:14:32 -07:00
Kubernetes Submit Queue 82b3a80ad1 Merge pull request #49583 from irfanurrehman/fed-hpa-configTimeout 
Automatic merge from submit-queue (batch tested with PRs 50016, 49583, 49930, 46254, 50337)

[Federation] Make the hpa scale time window configurable

This PR is on top of open pr https://github.com/kubernetes/kubernetes/pull/45993.
Please review only the last commit in this PR.
This adds a config param to controller manager, the value of which gets passed to hpa adapter via sync controller.
This is needed to reduce the overall time limit of the hpa scaling window to much lesser (then the default 2 mins) to get e2e tests run faster. Please see the comment on the newly added parameter.

**Special notes for your reviewer**:
@kubernetes/sig-federation-pr-reviews 
@quinton-hoole 
@marun to please validate the mechanism used to pass a parameter from cmd line to adapter.

**Release note**:

``` 
federation-controller-manager gets a new flag --hpa-scale-forbidden-window.
This flag is used to configure the duration used by federation hpa controller to determine if it can move max and/or min replicas 
around (or not), of a cluster local hpa object, by comparing current time with the last scaled time of that cluster local hpa. 
Lower value will result in faster response to scalibility conditions achieved by cluster local hpas on local replicas, but too low 
a value can result in thrashing. Higher values will result in slower response to scalibility conditions on local replicas.
```
 2017-08-09 14:14:27 -07:00
Jordan Liggitt dd7be70a4a
Add rbac.authorization.k8s.io/v1 2017-08-09 17:04:54 -04:00
Kubernetes Submit Queue 190ee708a6 Merge pull request #48659 from shiywang/fix-sort 
Automatic merge from submit-queue

Fix sort-by output problem

Fixes https://github.com/kubernetes/kubectl/issues/43

This bug was original introduced in pr here: https://github.com/kubernetes/kubernetes/pull/46265, I think next time if we touch something printer related package, maybe should let @smarterclayton have a review, although he is pretty busy I guess : ) and that package also changed a lot recently since he's been working on refactoring.
 
this is a quick and dirty fix, not sure if there's better way, I will add some regression test soon...

@kubernetes/sig-cli-pr-reviews 

```release-note
NONE
```

/assign @mengqiy 
/assign @smarterclayton
 2017-08-09 10:56:49 -07:00
Steve Kuznetsov 54809de387
Rewrite staging import verifier in Go 
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
 2017-08-08 16:08:20 -07:00
Michael Taufen 443d58e40a Dynamic Kubelet Configuration 
Alpha implementation of the Dynamic Kubelet Configuration feature.
See the proposal doc in #29459.
 2017-08-08 12:21:37 -07:00
Kubernetes Submit Queue c9d142d73d Merge pull request #49382 from bskiba/kubemark_e2e_nm 
Automatic merge from submit-queue

Add a simple cloud provider for e2e tests on kubemark

**What this PR does / why we need it**:
Adds a simplified cloud provider for kubemark. This enables us to add and
remove nodes and operate on nodegroups while running tests on kubemark.

This is needed to run scalability tests for cluster autoscaler on kubemark.
See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/proposals/kubemark_integration.md

**Release note**:
```
NONE
```
 2017-08-08 08:50:07 -07:00
Klaus Ma 4fdb701e3c Moved node/testutil to upper dir. 2017-08-08 10:14:21 +08:00
jianhuiz 4dcdfd4aa8 add job controller 2017-08-07 11:36:45 -07:00
Kubernetes Submit Queue 47999c5803 Merge pull request #50087 from deads2k/server-39-convert 
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)

convert default predicates to use the default

Builds on https://github.com/kubernetes/kubernetes/pull/50019 (lgtm'd already)

This converts the already default field selectors to use the default value.  I'll let CI point out the unit test failures for me to chase.

@kubernetes/sig-api-machinery-misc
 2017-08-07 10:58:55 -07:00
Beata Skiba 2f747f3d3c Add a simple cloud provider for e2e tests on kubemark 
This is needed for cluster autoscaler e2e test to
run on kubemark. We need the ability to add and
remove nodes and operate on nodegroups. Kubemark
does not provide this at the moment.
 2017-08-07 16:31:02 +02:00
Kubernetes Submit Queue 2d5729e227 Merge pull request #50236 from crassirostris/sig-instrumentation-e2e-last-move 
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)

Move the sig-instrumentation test to a dedicated folder

Move the last remaining test to sig-instrumentation folder, also move "metrics" package to the "framework" folder

Related issue: https://github.com/kubernetes/kubernetes/issues/49161

/cc @xiangpengzhao @piosz
 2017-08-07 07:14:58 -07:00
deads2k ec397c4374 convert default predicates to use the default 2017-08-07 09:05:17 -04:00
Kubernetes Submit Queue 7deb3b29cd Merge pull request #50141 from gmarek/verify 
Automatic merge from submit-queue (batch tested with PRs 49868, 50143, 49377, 50141, 50145)

Don't expect internal clientset to be generated for groups without ne…

…w types
 2017-08-07 04:04:59 -07:00
Mik Vyatskov e79a228a78 Move the sig-instrumentation test to a dedicated folder 2017-08-07 10:33:03 +02:00
Irfan Ur Rehman 2be69a515c [Federation] Make the hpa scale time window configurable 2017-08-06 01:09:34 +05:30
Kubernetes Submit Queue fae79dd4b4 Merge pull request #47181 from dims/fail-on-swap-enabled 
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)

Fail on swap enabled and deprecate experimental-fail-swap-on flag

**What this PR does / why we need it**:

    * Deprecate the old experimental-fail-swap-on
    * Add a new flag fail-swap-on and set it to true

    Before this change, we would not fail when swap is on. With this
    change we fail for everyone when swap is on, unless they explicitly
    set --fail-swap-on to false.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Fixes #34726

**Special notes for your reviewer**:

**Release note**:

```release-note
Kubelet will by default fail with swap enabled from now on. The experimental flag "--experimental-fail-swap-on" has been deprecated, please set the new "--fail-swap-on" flag to false if you wish to run with /proc/swaps on.
```
 2017-08-04 14:29:36 -07:00
gmarek 03cee68e47 Don't expect internal clientset to be generated for groups without new types 2017-08-04 12:27:32 +02:00
Dr. Stefan Schimanski 4b709e8485 kube-gen: unify update-codecgen.sh scripts 2017-08-04 08:03:15 +02:00
Dr. Stefan Schimanski 927341c6d3 verify-staging-import: ignore k8s.io/kube-gen/test 2017-08-04 08:03:15 +02:00
Dr. Stefan Schimanski 98042b77f3 kube-gen: fixup moved tests 2017-08-04 08:03:15 +02:00
Kubernetes Submit Queue d15baf69e1 Merge pull request #48969 from ixdy/update-kazel 
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)

Run kazel on the entire tree

**What this PR does / why we need it**: part of #47558: auto-generate `BUILD` files on the entire tree, since this is what `gazelle` does, and it'll make subsequent reviews easier if less is changing.

**Release note**:

```release-note
NONE
```
/assign
/release-note-none
 2017-08-03 16:43:41 -07:00
Kubernetes Submit Queue 928cf542d2 Merge pull request #49942 from xiangpengzhao/nw-e2e 
Automatic merge from submit-queue

Moves left networking e2e tests to test/e2e/network

**What this PR does / why we need it**:
#48784 forgot to move some networking e2e tests. This PR moves them.

It also move the networking tests from within `test/e2e/common/networking.go` to  `test/e2e/network/networking.go`

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Associated PR #48784
Umbrella issue #49161

**Special notes for your reviewer**:
/assign @wojtek-t @bowei 

**Release note**:

```release-note
NONE
```
 2017-08-03 08:35:36 -07:00
Dr. Stefan Schimanski ea39971b7c Remove traces of go2idl 2017-08-03 09:33:58 +02:00
Kubernetes Submit Queue a0fe9edd27 Merge pull request #49808 from dims/fix-dynamic-admission-control-in-local-cluster 
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045)

Add admission controller API to runtime config and externalize ADMISSION_CONTROL

**What this PR does / why we need it**:

Enable the dynamic admission controller registration API by
adding "admissionregistration.k8s.io/v1alpha1" to --runtime-config
to fix problems when starting up local-up-cluster. Also make sure
ADMISSION_CONTROL can be specified externally.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Fixes #47385

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-08-02 22:32:56 -07:00
Jeff Grafton 3afeb7cd3c Fix BUILD files 2017-08-02 18:33:32 -07:00
Jeff Grafton 3579017b86 Run hack/update-bazel.sh to generate BUILD files 2017-08-02 18:33:25 -07:00
Jeff Grafton 5d4f83468e Make hack/boilerplate/test files use a more appropriate package name 2017-08-02 18:32:50 -07:00
Jeff Grafton e2ce25da4b Update kazel to include kubernetes/repo-infra#21 2017-08-02 18:32:50 -07:00
Davanum Srinivas 71e8c8eba4 Fail on swap enabled and deprecate experimental-fail-swap-on flag 
* Deprecate the old experimental-fail-swap-on
* Add a new flag fail-swap-on and set it to true

Before this change, we would not fail when swap is on. With this
change we fail for everyone when swap is on, unless they explicitly
set --fail-swap-on to false.
 2017-08-02 16:20:01 -04:00
Christoph Blecker be74799358
Add cblecker to hack/ approvers 2017-08-02 10:39:26 -07:00
Kubernetes Submit Queue 0f10e61241 Merge pull request #44278 from aveshagarwal/master-fix-resource-quota 
Automatic merge from submit-queue (batch tested with PRs 49990, 49997, 44278, 49936, 49891)

Move ResourceQuota plugin at the end of the admission plugin chain.

@liggitt @derekwaynecarr
 2017-08-02 10:21:46 -07:00
xiangpengzhao 8d7543415e Move left networking e2e tests to test/e2e/network 2017-08-02 23:47:10 +08:00
Kubernetes Submit Queue dd819b5013 Merge pull request #49886 from ironcladlou/int-test-logging 
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)

Set default vmodule flag in integration tests

Re-introduce a default glog vmodule flag to the integration test setup.
The default was removed in d08dfb9 because it was hard-coded and
prevented local override. This commit makes the default overridable.

```release-note
NONE
```

/cc @caesarxuchao
 2017-08-02 05:16:07 -07:00
Kubernetes Submit Queue 9067d35951 Merge pull request #48861 from mbohlool/openapi_aggr 
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)

Reintegrate aggregation support for OpenAPI

Reintegrating changes of #46734

Changes summary:

- Extracted all OpenAPI specs to new repo `kube-openapi`
- Make OpenAPI spec aggregator to copy and rename any non-requal model (even with documentation change only).
- Load specs when adding APIServices and retry on failure until successful spec retrieval or a 404.
- Assumes all Specs except aggregator's Spec are static 
- A re-register of any APIService will result in updating the spec for that service (Suggestion for TPR: they should be registered to aggregator API Server, Open for discussion if any more changes needed for another PR.)

fixes #48548
 2017-08-02 05:15:57 -07:00
xiangpengzhao d6aca27b53 Remove deprecated kubectl command aliases 2017-08-02 03:08:48 -04:00
mbohlool 10d9a475be Bugfix: verify-no-vendor-cycles.sh detects wrong cycles 2017-08-01 21:09:53 -07:00
gmarek aad18ccfdd Add gmarek to hack/ OWNERS 2017-08-01 15:55:47 +02:00
mbohlool 400b77b48f Update main repo references to new kube-openapi repo 2017-08-01 03:37:16 -07:00
Kubernetes Submit Queue 6eea28381e Merge pull request #49720 from dhilipkumars/verifyAllFix 
Automatic merge from submit-queue (batch tested with PRs 46519, 49794, 49720, 49692, 49821)

[make verify] Display list of failed tests to the user at the end

**What this PR does / why we need it**:
Minor improvement to verify all script as it now displays list of failed tests at the end, makes it easier for fixing errors
```
$KUBE_VERIFY_GIT_BRANCH=someBranch hack/make-rules/verify.sh -v -Q
.
.
.
========================
FAILED TESTS
========================
hack/make-rules/../../hack/verify-boilerplate.sh
hack/make-rules/../../hack/verify-godep-licenses.sh
hack/make-rules/../../hack/verify-readonly-packages.sh
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #49845

**Special notes for your reviewer**:

**Release note**:

```release-note
None
```
 2017-08-01 03:04:44 -07:00
Ken'ichi Ohmichi c39e231c29 Fix indent of ginkgo-e2e.sh 
The condition of GINKGO_UNTIL_IT_FAILS didn't contain a valid indent.
So this PR fixes it for readable code.
 2017-07-31 15:10:56 -07:00
Kubernetes Submit Queue 11f8047735 Merge pull request #49729 from LihuaWu/feature-zjt 
Automatic merge from submit-queue

fix hack/local-up-cluster.sh apiserver not listening bug

**What this PR does / why we need it**:
This PR fix a potential bug int hack/local-up-cluster.sh and it helps developers to build local cluster properly

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fix #49728 

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-31 13:30:45 -07:00
Dan Mace a98801c100 Set default vmodule flag in integration tests 
Re-introduce a default glog vmodule flag to the integration test setup.
The default was removed in d08dfb9 because it was hard-coded and
prevented local override. This commit makes the default overridable.
 2017-07-31 14:06:46 -04:00
Kubernetes Submit Queue a1c0510d00 Merge pull request #49812 from liggitt/local-up-node-authorizer 
Automatic merge from submit-queue

Enable node authorizer in local-up-cluster

Fixes #49822 

Enables the Node authorization mode to ensure the kubelet credential we create has permission to do kubelet-related things. Matches the default authorizers in gce/gke and CI clusters.

Related to the deprecation of the automatic binding of the `system:nodes` group to the `system:node` role on new deployments (https://github.com/kubernetes/kubernetes/pull/49638)

```release-note
`hack/local-up-cluster.sh` now enables the Node authorizer by default. Authorization modes can be overridden with the `AUTHORIZATION_MODE` environment variable, and the `ENABLE_RBAC` environment variable is no longer used.
```
 2017-07-31 08:44:59 -07:00
wulihua e0fefbee9c Fix issue: https://github.com/kubernetes/kubernetes/issues/49728 
Let user choose ADVERTISE_ADDRESS in case the apiserver heuristic
 for the external address is broken
 2017-07-31 21:36:31 +08:00
Kubernetes Submit Queue 7be28a15cc Merge pull request #47665 from ironcladlou/gc-poll-types 
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)

Enable garbage collection of custom resources

Enhance the garbage collector to periodically refresh the resources it monitors (via discovery) to enable custom resource definition GC (addressing #44507 and reverting #47432).

This is a replacement for #46000.

/cc @lavalamp @deads2k @sttts @caesarxuchao 

/ref https://github.com/kubernetes/kubernetes/pull/48065

```release-note
The garbage collector now supports custom APIs added via CustomeResourceDefinition or aggregated apiservers. Note that the garbage collector controller refreshes periodically, so there is a latency between when the API is added and when the garbage collector starts to manage it.
```
 2017-07-29 05:28:53 -07:00
Kubernetes Submit Queue ba8b26d47a Merge pull request #49708 from mborsz/regional 
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)

Add a support for GKE regional clusters in e2e tests.

**What this PR does / why we need it**:
Add a support for GKE regional clusters in e2e tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
 2017-07-29 05:28:51 -07:00
Kubernetes Submit Queue 9dc3a661d7 Merge pull request #49681 from mikedanese/kubelet-csr 
Automatic merge from submit-queue (batch tested with PRs 49581, 49652, 49681, 49688, 44655)

kubeadm: use kubelet bootstrap instead of reimplementing

@kubernetes/sig-cluster-lifecycle-api-reviews
 2017-07-28 13:45:48 -07:00
Kubernetes Submit Queue a4dd65c7e9 Merge pull request #49581 from spiffxp/sig-testing-owners-aliases 
Automatic merge from submit-queue (batch tested with PRs 49581, 49652, 49681, 49688, 44655)

Add sig-testing OWNERS_ALIASES

/sig testing

**What this PR does / why we need it**: 

follow the sig-foo-{reviewers,approvers} convention
- rename test-infra-maintainers to sig-testing-approvers
- copy sig-testing-approvers to sig-testing-reviewers
- remove inviduals in test/OWNERS in favor of new aliases

as a result
- rmmh gets test/ approver privileges
- spiffxp gets hack/jenkins/ approver privileges

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #49580

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
 2017-07-28 13:45:43 -07:00
Jordan Liggitt 33a3a7c730
Enable node authorizer in local-up-cluster 2017-07-28 14:59:41 -04:00
Davanum Srinivas 13558335bd Add admission controller API to config and externalize ADMISSION_CONTROL 
Enable the dynamic admission controller registration API by
adding "admissionregistration.k8s.io/v1alpha1" to --runtime-config
to fix problems when starting up local-up-cluster. Also make sure
ADMISSION_CONTROL can be specified externally.

Fixes 47385
 2017-07-28 14:12:50 -04:00
Dan Mace d08dfb92c7 Enable garbage collection of custom resources 
Enhance the garbage collector to periodically refresh the resources it
monitors (via discovery) to enable custom resource definition GC.

This implementation caches Unstructured structs for any kinds not
covered by a shared informer. The existing meta-only codec only supports
compiled types; an improved codec which supports arbitrary types could
be introduced to optimize caching to store only metadata for all
non-informer types.
 2017-07-28 10:00:10 -04:00
Avesh Agarwal b6b26ae9c0 Move ResourceQuota plugin at the end of the admission plugin chain. 2017-07-28 08:57:46 -04:00
Kubernetes Submit Queue 8f8b9fa971 Merge pull request #47267 from fabianofranz/kubectl_plugins_v1_part3 
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)

Flag support in kubectl plugins

Adds support to flags in `kubectl` plugins. Flags are declared in the plugin descriptor and are passed to plugins through env vars, similar to global flags (which already works).

Fixes https://github.com/kubernetes/kubernetes/issues/49122

**Release note**:

```release-note
Added flag support to kubectl plugins
```
PTAL @monopole @kubernetes/sig-cli-pr-reviews
 2017-07-28 05:08:05 -07:00
Kubernetes Submit Queue 85f19ec6e9 Merge pull request #47738 from php-coder/code_simplification 
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)

ParseEncryptionConfiguration: simplify code

**What this PR does / why we need it**:
Reorder `if`-s to make code a bit more readable. It also improves godoc comment and error message.

**Release note**:
```release-note
NONE
```

PTAL @sakshamsharma
 2017-07-28 03:10:29 -07:00
Maciej Borsz 7822b5d9fd Add a support for GKE regional clusters in e2e tests. 2017-07-28 11:42:54 +02:00
dhilipkumars f9d5abb75e Remove blank lines-review comments 2017-07-28 14:21:20 +05:30
Mike Danese fe7ba9e748 kubeadm: use kubelet bootstrap instead of reimplementing 2017-07-27 09:21:24 -07:00
dhilipkumars 43a2999581 Display list of failed tests to the user 2017-07-27 19:10:17 +05:30
Kubernetes Submit Queue d4897e875b Merge pull request #47160 from shashidharatd/fed-internalclientset 
Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)

federation: Stop using and remove federation internalclientset

**What this PR does / why we need it**:
This probably a left over job. We should not be using the internal clientset and instead be using versioned ones as described in #29934

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

```release-note
NONE
```

/assign @nikhiljindal 
/cc @kubernetes/sig-federation-misc
 2017-07-25 23:00:38 -07:00
Kubernetes Submit Queue 76b4eab553 Merge pull request #48910 from mtaufen/test-fixit-node-dir 
Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)

move sig-node related e2e tests to node subdir

I need help making sure I picked the right ones and/or didn't miss anything.
Potential additions include: `logging_soak.go`, `ssh.go`, `kubelet_perf.go`.

/cc @dchen1107 @vishh @tallclair @yujuhong @Random-Liu @abgworrall @dashpole @yguo0905
 2017-07-25 23:00:31 -07:00
Kubernetes Submit Queue f9f43143a4 Merge pull request #46193 from cblecker/staging-godeps-dockerized 
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)

Run the update-staging-godeps script inside a docker container

**What this PR does / why we need it**:
This PR moves the update-staging-godeps script to run inside a docker container.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #45757 

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

/assign @ixdy @sttts
 2017-07-25 21:52:48 -07:00
Kubernetes Submit Queue 66a1ae38ea Merge pull request #43443 from irfanurrehman/kubefed-doc-1 
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)

[Federation][Kubefed] Support reference document autogeneration for kubefed

This PR is needed to address the documentation issue https://github.com/kubernetes/kubernetes.github.io/issues/2888

Apart from the code auto generation have updated some descriptions for consistency.

**Special notes for your reviewer**:
@kubernetes/sig-federation-misc 
cc @madhusudancs @csbell  

**Release note**:

```NONE
```
 2017-07-25 21:52:45 -07:00
shashidharatd 1a93c46197 Stop generating federation internal clientset 2017-07-26 06:20:08 +05:30
Michael Taufen 3c5b050da6 move sig-node related e2e tests to node subdir 2017-07-25 15:22:43 -07:00
Christoph Blecker 2ee8983daf
Dockerize update-staging-godeps 2017-07-25 12:26:57 -07:00
Kubernetes Submit Queue 427dfd5ce1 Merge pull request #49430 from dims/set-external-hostname-in-local-up-cluster 
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)

Set external hostname in local-up-cluster

**What this PR does / why we need it**:

If we set --external-hostname, then the api server does not look
in the CloudProviderOptions.DefaultExternalHost method. While we
are at it, let's log an info message, so if there is a failure
the operator gets a hint that they can use --external-hostname
to bypass the lookup in the cloud provider. This will enable us
to set the CLOUD_PROVIDER to openstack for example and not have to
really run api server inside a openstack vm.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-25 12:14:48 -07:00
Kubernetes Submit Queue 2189314895 Merge pull request #40050 from mtaufen/standalone-mode 
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)

Use presence of kubeconfig file to toggle standalone mode

Fixes #40049 

```release-note
The deprecated --api-servers flag has been removed. Use --kubeconfig to provide API server connection information instead. The --require-kubeconfig flag is now deprecated. The default kubeconfig path is also deprecated. Both --require-kubeconfig and the default kubeconfig path will be removed in Kubernetes v1.10.0.
```

/cc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-node-misc
 2017-07-25 12:14:43 -07:00
Christoph Blecker a4d838edb2
Log times to restore godeps 2017-07-25 12:11:07 -07:00
Christoph Blecker 26491cef81
Simplify output of ensure_godep_version 2017-07-25 12:11:06 -07:00
Christoph Blecker 499d6da965
Bump required golang version to 1.8 2017-07-25 12:11:03 -07:00
Kubernetes Submit Queue 393b1228c9 Merge pull request #45431 from DirectXMan12/feature/fake-dynamic-client 
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)

[client-go] Fake Dynamic Client

This commit converts `"k8s.io/client-go/dynamic".Client` to an interface, and implements fake versions of both `ClientPool` and `Client`.  This allows components which make uses of these clients to be tested in the same way that clientset-based components can be tested, using the standard `testing.Fake` machinery.

**Release note**:
```release-note
NONE
```
 2017-07-25 11:06:49 -07:00
Aaron Crickenberger 7e63bf5e07 Add sig-testing OWNERS_ALIASES 
follow the sig-foo-{reviewers,approvers} convention
- rename test-infra-maintainers to sig-testing-approvers
- copy sig-testing-approvers to sig-testing-reviewers
- remove inviduals in test/OWNERS in favor of new aliases

as a result
- rmmh gets test/ approver privileges
- spiffxp gets hack/jenkins/ approver privileges
 2017-07-25 11:05:18 -07:00
Kubernetes Submit Queue 9bdf464bd5 Merge pull request #49286 from kargakis/remote-myself-from-some-places 
Automatic merge from submit-queue (batch tested with PRs 49286, 49550)

Remove myself from a bunch of places

I am assigned in reviews which I never get to do. I prefer drive-bys whenever I can do them rather than the bot choosing myself in random, ends up being mere spam.

@smarterclayton please approve.
 2017-07-25 06:41:08 -07:00
Kubernetes Submit Queue db7a47fe75 Merge pull request #49479 from sttts/sttts-no-staging-in-gopath 
Automatic merge from submit-queue (batch tested with PRs 49479, 49496)

hack/update-staging-godep.sh: check for staging repos in GOPATH
 2017-07-25 01:41:28 -07:00
Kubernetes Submit Queue 7f1d9382ec Merge pull request #48846 from dashpole/remove_ood 
Automatic merge from submit-queue

Remove flags low-diskspace-threshold-mb and outofdisk-transition-frequency

issue: #48843

This removes two flags replaced by the eviction manager.  These have been depreciated for two releases, which I believe correctly follows the kubernetes depreciation guidelines.

```release-note
Remove depreciated flags: --low-diskspace-threshold-mb and --outofdisk-transition-frequency, which are replaced by --eviction-hard
```

cc @mtaufen since I am changing kubelet flags
cc @vishh @derekwaynecarr 
/sig node
 2017-07-24 23:05:50 -07:00
Kubernetes Submit Queue 97eed3f71a Merge pull request #48911 from verult/StorageTests 
Automatic merge from submit-queue

Added sig-storage labels to upgrade tests and moved them to appropriate directory

**What this PR does / why we need it**: Adding necessary sig identifier for storage upgrade tests.

/release-note-none
 2017-07-24 20:26:59 -07:00
Kubernetes Submit Queue 633079eb01 Merge pull request #47864 from droot/podpreset-conflict-fix 
Automatic merge from submit-queue (batch tested with PRs 49444, 47864, 48584, 49395, 49118)

fixed conflict resolution behavior while apply podpresets

**What this PR does / why we need it**:
This fixes the PodPreset application behavior in case of conflicts occur during the merging of Pod's information with PodPreset's. More details are in issue #47861 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes #47861

**Special notes for your reviewer**:
We are splitting the PodPreset application logic in two phases. In first phase, we try to detect the conflicts in information merging without modifying the Pod at all. If conflict occurs, then we reject the PodPresets injection. Incase of no conflicts, we apply the PodPresets and merge the information.

**Release note**:

```release-note
PodPreset is not injected if conflict occurs while applying PodPresets to a Pod.
```
 2017-07-24 13:52:34 -07:00
Cheng Xing ffd48f6311 Added sig-storage labels to upgrade tests and moved them to appropriate directory 2017-07-24 13:23:43 -07:00
Solly Ross 3e6bf24e08 [client-go] Add fake dynamic Client/ClientPool 
This introduces fake implementations of dynamic.Client and
dynamic.ClientPool.  They function similarly to the fake generated
clientsets, since they're also based in testing.Fake.
 2017-07-24 15:21:02 -04:00
Michael Taufen 38aee0464d Providing kubeconfig file is now the switch for standalone mode 
Replaces use of --api-servers with --kubeconfig in Kubelet args across
the turnup scripts. In many cases this involves generating a kubeconfig
file for the Kubelet and placing it in the correct location on the node.
 2017-07-24 11:03:00 -07:00
Davanum Srinivas f4011d485a Set external hostname in local-up-cluster 
If we set --external-hostname, then the api server does not look
in the CloudProviderOptions.DefaultExternalHost method. While we
are at it, let's log an info message, so if there is a failure
the operator gets a hint that they can use --external-hostname
to bypass the lookup in the cloud provider. This will enable us
to set the CLOUD_PROVIDER to openstack for example and not have to
really run api server inside a openstack vm.
 2017-07-24 07:58:46 -04:00
Kubernetes Submit Queue 6fdf0e4157 Merge pull request #49247 from cblecker/fix-staging-godeps-master 
Automatic merge from submit-queue

Fix staging godeps for k8s.io/metrics and k8s.io/kube-gen

**What this PR does / why we need it**:
#49095 introduced an issue with the formatting of the k8s.io/metrics staging godeps. This fixes that issue, and alters the script to prevent it from happening again.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-24 01:47:37 -07:00
Dr. Stefan Schimanski 263b918541 hack/update-staging-godep.sh: check for staging repos in GOPATH 2017-07-24 10:44:42 +02:00
Bowei Du 92a8c1fcb0 Moves networking e2e tests to test/e2e/network 
This also adds sig-network-{approvers,reviewers} alias
 2017-07-22 09:43:42 -07:00
Michail Kargakis 5e93ed27bd
Rename test dir to allude sig-apps ownership 
Signed-off-by: Michail Kargakis <mkargaki@redhat.com>
 2017-07-22 12:43:36 +02:00
Kubernetes Submit Queue a79e6b183d Merge pull request #49346 from caesarxuchao/generate-to-client-go 
Automatic merge from submit-queue (batch tested with PRs 49326, 49394, 49346, 49379, 49399)

Make client-go authoritative

client-go now is authoritative except for `client-go/pkg/version`, which I think we can leave as is for a while.
 2017-07-21 23:23:35 -07:00
Christoph Blecker 6ad4544778
Use absolute path when updating staging godeps 2017-07-21 18:29:02 -07:00
Kubernetes Submit Queue 22cc294364 Merge pull request #46598 from xiangpengzhao/fix-kubectl-version 
Automatic merge from submit-queue (batch tested with PRs 46210, 48607, 46874, 46598, 49240)

Make "kubectl version" json format output more readable.

**What this PR does / why we need it**:
##39858 adds a flag --output to `kubectl version`, but the json format output is displayed in one line. It's not so readable. This PR fixes it.

and

- adds a shorthand for `output`
- ~~refactors that: if `--short` is specified, `--output` will be ignored~~

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #43750

**Special notes for your reviewer**:
/cc @php-coder @alejandroEsc 

**Release note**:

```release-note
NONE
```
 2017-07-21 17:00:21 -07:00
Chao Xu 44f0188fe7 generated innocuous change 2017-07-21 14:29:59 -07:00
Chao Xu 4bc9195616 remove update-staging-client-go.sh. Note that client-go/pkg/version is copied from kubernetes 2017-07-21 13:35:23 -07:00
Sunil Arora 4d5b96f94e fixed conflict resolution behavior while apply podpresets 2017-07-21 13:19:57 -07:00
Chao Xu a87ed3871d generate clientset, external listers, and external informers to client-go directly 2017-07-21 13:13:35 -07:00
Kubernetes Submit Queue ae1ff1a2d4 Merge pull request #48746 from janetkuo/apps-v1beta2 
Automatic merge from submit-queue

Add a new API version apps/v1beta2

xref: #49135
This PR adds a new API version `apps/v1beta2` which contains a copy (of types, conversions, and defaults) of `apps/v1beta1` StatefulSet, Deployment, and their subresources. Note that `apps/v1beta2` is still WIP and we will make breaking changes to it before releasing 1.8.

Moving core controllers (StatefulSet, Deployment, ReplicaSet, DaemonSet) to `apps/v1beta2` is the first step of moving them to `apps/v1` (GA). 

This PR is a starting point for DaemonSet and ReplicaSet to move from `/extensions` to `/apps` and for Deployment and StatefulSet to make some breaking changes (e.g. new defaults and/or remove deprecated fields).

```release-note
Add a new API version apps/v1beta2
```
 2017-07-21 11:47:21 -07:00
Kubernetes Submit Queue ab6f1f0da1 Merge pull request #48708 from bmwiedemann/date 
Automatic merge from submit-queue (batch tested with PRs 49222, 49333, 48708, 49337)

Allow to override build date

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

Background: issue #48710
when trying to build the kubernetes package
for the openSUSE Linux distribution
```
/usr/bin/hyperkube
/usr/bin/kubeadm
/usr/src/kubernetes/platforms/linux/amd64/e2e.test
```
had a date+time string embedded in them in the format
2018-08-15T19:08:34Z

which meant that each build produced new binaries
even when nothing actually changed.
Those then had to be synced to mirrors, wasting their and our users' bandwidth.
 2017-07-20 23:01:21 -07:00
Kubernetes Submit Queue fcd4bdd7b0 Merge pull request #49252 from caesarxuchao/vendor-staging-import-check 
Automatic merge from submit-queue

Do not allow vendor code to import staging code

Otherwise we cannot update the imported staging code.
 2017-07-20 21:56:59 -07:00
Kubernetes Submit Queue 74ce80f588 Merge pull request #49323 from mtanino/issue/49319 
Automatic merge from submit-queue (batch tested with PRs 49316, 46117, 49064, 48073, 49323)

Enable RBAC by default in hack/local-up-cluster.sh

**What this PR does / why we need it**:

Since hack/local-up-cluster.sh checks https API port after commit 413ab26df9, RBAC should be enabled by default to avoid TLS port access denied.




**Which issue this PR fixes** : Fixes #49319

**Special notes for your reviewer**:

@liggitt 

**Release note**:

```release-note
hack/local-up-cluster.sh now enables RBAC authorization by default
```
 2017-07-20 17:02:54 -07:00
Kubernetes Submit Queue 29f8ff32c2 Merge pull request #48073 from wanghaoran1988/e2e_bootstrap 
Automatic merge from submit-queue (batch tested with PRs 49316, 46117, 49064, 48073, 49323)

add e2e tests for the bootstrapsigner and tokencleaner controllers, integration testing for bootstrap token auth

**What this PR does / why we need it**:
Add e2e test for bootstrap signer

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:
```
None
```
 2017-07-20 17:02:52 -07:00
Chao Xu d6adc37a0a Do not allow vendored code to import staging code 2017-07-20 15:30:06 -07:00
Kubernetes Submit Queue feed4aa12a Merge pull request #49234 from mengqiy/master 
Automatic merge from submit-queue (batch tested with PRs 49107, 47177, 49234, 49224, 49227)

Move util/exec to vendor

Move util/exec to vendor.
Update import paths.
Update godep

Part of #48209

Associate PR against `k8s.io/utils` repo: https://github.com/kubernetes/utils/pull/5

```release-note
NONE
```

/assign @apelisse
 2017-07-20 15:08:22 -07:00
Janet Kuo f6c5392de6 Fix golint failures by skipping auto-generated codes 2017-07-20 14:16:42 -07:00
David Ashpole 7a23f8b018 remove deprecated flags LowDiskSpaceThresholdMB and OutOfDiskTransitionFrequency 2017-07-20 13:23:13 -07:00
Kubernetes Submit Queue d9bf88ceeb Merge pull request #49229 from shyamjvs/remove-old-logdump 
Automatic merge from submit-queue

Remove old log-dump.sh script

Ref https://github.com/kubernetes/kubernetes/issues/48513

Since we moved to new kubetest image which no longer needs the old one - https://github.com/kubernetes/test-infra/pull/3585

/cc @wojtek-t @fejta
 2017-07-20 12:55:44 -07:00
mtanino f1351e34e7 Enable RBAC by default in hack/local-up-cluster.sh 
Since hack/local-up-cluster.sh checks https API port
after commit 413ab26df9,
RBAC should be enabled by default to avoid TLS port
access denied.

Fixes #49319
 2017-07-20 15:05:26 -04:00
ymqytw aa557c1028 fix golint 2017-07-20 11:03:50 -07:00
Janet Kuo 767082e8e9 Add new API version apps/v1beta2 
Add a new API version apps/v1beta2 and enable it by default.
apps/v1beta2 has a copy of apps/v1beta1 types, except for
ControllerRevision.
 2017-07-20 10:25:21 -07:00
Kubernetes Submit Queue e1a2cf0178 Merge pull request #49216 from sttts/sttts-fix-ugorji-staging-tsort 
Automatic merge from submit-queue

update-codecgen.sh: support staging dirs in tsort logic

Fixes #48984.
 2017-07-20 09:07:55 -07:00
Kubernetes Submit Queue 6a3a570f50 Merge pull request #49276 from CaoShuFeng/audit_doc_trival 
Automatic merge from submit-queue

[trival] fix typo

reopen https://github.com/kubernetes/kubernetes/pull/47300

**Release note**:

```
NONE
```
 2017-07-20 08:13:06 -07:00
Dr. Stefan Schimanski 3a18959288 update-codecgen.sh: add staging dir support to tsort logic 2017-07-20 16:38:36 +02:00
Haoran Wang f02008338f add integration testing for bootstrap token auth 2017-07-20 22:34:21 +08:00
Kubernetes Submit Queue 5529d01a22 Merge pull request #48810 from sttts/sttts-fuzzer-cleanup 
Automatic merge from submit-queue (batch tested with PRs 49114, 48810)

Unify fuzzers and roundtrip tests

- reorganize apimachinery/pkg/api/testing package to avoid circular imports
- make fuzzers modular per apigroup
- add roundtrip test for meta types
- add roundtrip test for a couple of staging apigroups

Follow-up:

- split `pkg/api` tests by apigroup
 2017-07-20 07:20:40 -07:00
Slava Semushin bf51722ffb ParseEncryptionConfiguration: simplify code. 
Also improves function name in godoc and many error messages.
 2017-07-20 14:36:21 +02:00
Cao Shufeng 6c7aef07cb fix typo 2017-07-20 18:39:33 +08:00
Dr. Stefan Schimanski ecc811d263 Unify fuzzers and roundtrip tests 2017-07-20 12:31:00 +02:00
Michail Kargakis e884eac6fe
Remove myself from a bunch of places 
Signed-off-by: Michail Kargakis <mkargaki@redhat.com>
 2017-07-20 12:10:46 +02:00
Dr. Stefan Schimanski 70947fa3a2 Make staging hack/update-codec.sh scripts relocatable and kube independent 2017-07-20 07:41:37 +02:00
Dr. Stefan Schimanski edfbb9aa64 Fixup go2idl references 2017-07-20 07:41:37 +02:00
Kubernetes Submit Queue 9e5eb70d55 Merge pull request #46862 from dims/respect-build-platform-env-var 
Automatic merge from submit-queue (batch tested with PRs 49083, 45540, 46862)

Respect KUBE_BUILD_PLATFORMS set by user

**What this PR does / why we need it**:

Currently the only(?) toggle available for custom arch builds is
KUBE_FASTBUILD. We should allow the user to specify a list
of arch(es) in the environment variable KUBE_BUILD_PLATFORMS.

Example:
KUBE_BUILD_PLATFORMS="linux/amd64 linux/arm64" hack/build-cross.sh

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Fixes #20365

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-19 21:18:27 -07:00
Kubernetes Submit Queue 5a3cc4fab6 Merge pull request #49083 from sakeven/fix/golang_version_check 
Automatic merge from submit-queue (batch tested with PRs 49083, 45540, 46862)

update golang version to go1.8

Signed-off-by: sakeven <jc5930@sina.cn>



**What this PR does / why we need it**:

There are some code breaking the compatibility with golang 1.6. Now kubernetes only support golang 1.8.
We need to update golang version check script.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #49082

**Special notes for your reviewer**:

**Release note**:

```
NONE
```
 2017-07-19 21:18:23 -07:00
Kubernetes Submit Queue f14472ffdd Merge pull request #49144 from mikedanese/sig-lifecycle-tests 
Automatic merge from submit-queue (batch tested with PRs 48377, 48940, 49144, 49062, 49148)

fixit: break sig-cluster-lifecycle tests into subpackage

this is part of fixit week. ref #49161

@kubernetes/sig-cluster-lifecycle-misc
 2017-07-19 19:10:14 -07:00
Kubernetes Submit Queue 8d26afa8a6 Merge pull request #48377 from bsalamat/priority_class 
Automatic merge from submit-queue

Add PriorityClass API object under new "scheduling" API group

**What this PR does / why we need it**: This PR is a part of a series of PRs to add pod priority to Kubernetes. This PR adds a new API group called "scheduling" with a new API object called "PriorityClass". PriorityClass maps the string value of priority to its integer value.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**: Given the size of this PR, I will add the admission controller for the PriorityClass in a separate PR.

**Release note**:

```release-note
Add PriorityClass API object under new "scheduling" API group
```

ref/ #47604
ref/ #48646
 2017-07-19 19:04:29 -07:00
Davanum Srinivas 476e816107 Respect KUBE_BUILD_PLATFORMS set by user 
Currently the only(?) toggle available for custom arch builds is
KUBE_FASTBUILD. We should allow the user to specify a list
of arch(es) in the environment variable KUBE_BUILD_PLATFORMS.

Example:
KUBE_BUILD_PLATFORMS="linux/amd64 linux/arm64" hack/build-cross.sh

Fixes #20365
 2017-07-19 20:00:39 -04:00
Kubernetes Submit Queue 3fb2d8248d Merge pull request #48964 from ixdy/switch-to-kazel 
Automatic merge from submit-queue

Switch from gazel to kazel

**What this PR does / why we need it**: switches to `kazel`, where all new development will be focused. Part of the effort for switching from `gazel` to `gazelle`.

I'm imagining that we'll use `kube::util::go_install_from_commit` to version `gazelle` as well.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: x-ref #47558

**Release note**:

```release-note
NONE
```

/release-note-none
/assign @mikedanese @spxtr
 2017-07-19 13:31:24 -07:00
Shyam Jeedigunta d2bf533938 Remove deprecated cluster/log-dump.sh 2017-07-19 21:50:09 +02:00
Kubernetes Submit Queue b78fc209a4 Merge pull request #49045 from ericchiang/remove-anytoken-authenticator-option 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

*: remove --insecure-allow-any-token option

~Since the authenticator is still used in e2e tests, don't remove
the actual package. Maybe a follow up?~

edit: e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

closes #49031

cc @kubernetes/sig-auth-pr-reviews
 2017-07-19 10:27:29 -07:00
Kubernetes Submit Queue 92d310eddc Merge pull request #49072 from xilabao/wait-rbac-in-local-cluster 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

use https to check healthz in hack/local-up-cluster.sh

**What this PR does / why we need it**:
```
# PSP_ADMISSION=true ALLOW_PRIVILEGED=true ALLOW_SECURITY_CONTEXT=true ALLOW_ANY_TOKEN=true ENABLE_RBAC=true RUNTIME_CONFIG="extensions/v1beta1=true,extensions/v1beta1/podsecuritypolicy=true" hack/local-up-cluster.sh
...
Waiting for apiserver to come up
+++ [0718 09:34:38] On try 5, apiserver: : 
Cluster "local-up-cluster" set.
use 'kubectl --kubeconfig=/var/run/kubernetes/admin-kube-aggregator.kubeconfig' to use the aggregated API server
Creating kube-system namespace
clusterrolebinding "system:kube-dns" created
serviceaccount "kube-dns" created
configmap "kube-dns" created
error: unable to recognize "kubedns-deployment.yaml": no matches for extensions/, Kind=Deployment
service "kube-dns" created
Kube-dns deployment and service successfully deployed.
kubelet ( 10952 ) is running.
Create podsecuritypolicy policies for RBAC.
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
Create default storage class for 
error: unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/cluster/addons/storage-class/local/default.yaml": no matches for storage.k8s.io/, Kind=StorageClass
Local Kubernetes cluster is running. Press Ctrl-C to shut it down.

Logs:
  /tmp/kube-apiserver.log
  /tmp/kube-controller-manager.log
  /tmp/kube-proxy.log
  /tmp/kube-scheduler.log
  /tmp/kubelet.log
...
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47739

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-19 10:27:23 -07:00
Mike Danese 3c39173ee4 fixit: break sig-cluster-lifecycle tests into subpackage 2017-07-19 10:14:51 -07:00
Kubernetes Submit Queue 6af05149aa Merge pull request #49058 from shyamjvs/logexporter-support 
Automatic merge from submit-queue

Pass logexporter config through e2e framework

Ref https://github.com/kubernetes/kubernetes/issues/48513

/cc @wojtek-t @fejta
 2017-07-19 09:57:47 -07:00
Kubernetes Submit Queue 2e6e314ade Merge pull request #49091 from sttts/sttts-metrics-imports 
Automatic merge from submit-queue

k8s.io/metrics: restrict k8s.io/metrics imports
 2017-07-19 06:11:39 -07:00
Bernhard M. Wiedemann cd0e7b9e17 Allow to override build date 
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
 2017-07-19 13:27:13 +02:00
Kubernetes Submit Queue c0be1671f2 Merge pull request #49095 from sttts/sttts-metrics-godeps 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

update-staging-godeps: do not exclude k8s.io/metrics

Counterpart to https://github.com/kubernetes/test-infra/pull/3560
 2017-07-19 03:21:27 -07:00
Kubernetes Submit Queue 36ade22a5a Merge pull request #49116 from sttts/sttts-authorative-api-v1-ref 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

Move pkg/api/v1/ref -> client-go/tools/reference

`pkg/api/v1/ref` is the only remaining package copied from pkg/api/v1 to client-go via staging/copy.sh.
 2017-07-19 03:21:25 -07:00
Kubernetes Submit Queue 164cae1151 Merge pull request #46755 from CaoShuFeng/cani-test-cmd 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

add cmd test for kubectl auth can-i

**Release note**:

```
NONE
```
 2017-07-19 00:06:23 -07:00
Kubernetes Submit Queue ccaaf5cad5 Merge pull request #48232 from caesarxuchao/move-admission-v1alph1 
Automatic merge from submit-queue (batch tested with PRs 48702, 48965, 48740, 48974, 48232)

Move admission/v1alpha1 to k8s.io/api

Fix https://github.com/kubernetes/kubernetes/issues/47972
 2017-07-18 20:06:21 -07:00
Kubernetes Submit Queue fc1d2b3be7 Merge pull request #48256 from xiangpengzhao/move-pkg-util 
Automatic merge from submit-queue (batch tested with PRs 48481, 48256)

Refactor: pkg/util into sub-pkgs

**What this PR does / why we need it**:
- move code in pkg/util into sub-pkgs
- delete some unused funcs

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #15634

**Special notes for your reviewer**:
This is the final work of #15634. It will close that issue.
/cc @thockin 

**Release note**:

```release-note
NONE
```
 2017-07-18 18:19:19 -07:00
Bobby Salamat 33e6a476ba Add PriorityClass API 
Add PriorityClass to pkg/registry

Add PriorityClass to pkg/master/master.go

Add PriorityClass to import_know_versions.go

Update linted packages

minor fix
 2017-07-18 17:47:57 -07:00
Eric Chiang e2f2ab67f2 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
 2017-07-18 16:03:15 -07:00
Chao Xu 590793f9a7 generated 2017-07-18 15:20:05 -07:00
Shyam Jeedigunta 5cdedd22cf Pass logexporter config through e2e framework 2017-07-18 23:28:06 +02:00
Dr. Stefan Schimanski 5925a0a1df Move pkg/api/v1/ref -> client-go/tools/reference 2017-07-18 22:45:43 +02:00
Jeff Grafton 64b0c9ec47 Switch from gazel to kazel, and move kazelcfg into build/root 2017-07-18 12:48:51 -07:00
Jeff Grafton 9ac0950166 Add utility function to install go package at a particular commit 2017-07-18 12:48:02 -07:00
Fabiano Franz 71cbad7cbb Flag support in kubectl plugins 2017-07-18 15:35:40 -03:00
Dr. Stefan Schimanski 1d1ec2c016 update-staging-godeps: do not exclude k8s.io/metrics 2017-07-18 10:22:54 +02:00
Dr. Stefan Schimanski 4677b1776e k8s.io/metrics: restrict k8s.io/metrics imports 2017-07-18 10:11:45 +02:00
Dr. Stefan Schimanski 78ce38b926 deepcopy: run deepcopy-gen in client-go 2017-07-18 09:28:48 +02:00
Dr. Stefan Schimanski 39d95b9b06 deepcopy: add interface deepcopy funcs 
- add DeepCopyObject() to runtime.Object interface
- add DeepCopyObject() via deepcopy-gen
- add DeepCopyObject() manually
- add DeepCopySelector() to selector interfaces
- add custom DeepCopy func for TableRow.Cells
 2017-07-18 09:28:47 +02:00
xiangpengzhao 01daf707c5 Refactor: pkg/util into sub-pkgs 2017-07-18 14:34:08 +08:00
sakeven e6d2d726ed update golang version to go1.8 
Signed-off-by: sakeven <jc5930@sina.cn>
 2017-07-18 14:11:28 +08:00
Kubernetes Submit Queue 0d88afa131 Merge pull request #48102 from liggitt/optional-doc-generation 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

Make doc generation on cherry-picks optional

Follow up of https://github.com/kubernetes/kubernetes/pull/46993, xref #44533

Most cherry-picks don't require doc changes, and doing it unconditionally actually breaks picking to the release-1.6 branch
 2017-07-17 22:21:23 -07:00
Kubernetes Submit Queue 6507a94d8e Merge pull request #49001 from fejta/ginkgo 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

Explicitly set --cluster-ip-range --clean-start --minStartupPods

ref https://github.com/kubernetes/test-infra/pull/3535 https://github.com/kubernetes/test-infra/pull/3375

Also remove unused `GINKGO_PARALLELISM`

/assign @krzyzacy @ixdy
 2017-07-17 22:21:15 -07:00
Kubernetes Submit Queue c8fb186391 Merge pull request #49043 from zmerlynn/allow-external-node-instance-group 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

cluster/gke: If NODE_INSTANCE_GROUP is set, don't execute any bash

Transitional part of kubernetes/test-infra#3307, should be eliminated by kubernetes/test-infra#3330: 
Allow NODE_INSTANCE_GROUP to be set externally from `hack/ginkgo-e2e.sh`, which eliminates any cluster/gke use if KUBERNETES_CONFORMANCE_PROVIDER is set to `gke`.

```release-note
NONE
```
 2017-07-17 22:21:13 -07:00
Chen Rong 413ab26df9 use https to check healthz in hack/local-up-cluster.sh 2017-07-18 12:17:47 +08:00
xiangpengzhao a6be3b64f8 Make "kubectl version" json output more readable. 2017-07-18 11:21:35 +08:00
Joe Finney ab5e285197 Invert .linted_packages into .golint_failures. 2017-07-17 14:37:40 -07:00
Zach Loafman 3a2e9d51bb cluster/gke: If NODE_INSTANCE_GROUP is set, don't execute any bash 
Transitional part of kubernetes/test-infra#3307, should be eliminated
by kubernetes/test-infra#3330: Allow NODE_INSTANCE_GROUP to be set
before we get here, which eliminates any cluster/gke use if
KUBERNETES_CONFORMANCE_PROVIDER is set to "gke".
 2017-07-17 14:26:10 -07:00
Kubernetes Submit Queue 8b39fa9cd1 Merge pull request #48494 from mkumatag/webserver 
Automatic merge from submit-queue (batch tested with PRs 48494, 48733)

Move test-webserver from contrib/for-demos to kubernetes/test/images

**What this PR does / why we need it**:
This PR is for
- Moving the https://github.com/kubernetes/contrib/tree/master/for-demos/test-webserver to kubernetes/test/images - Refer https://github.com/kubernetes/contrib/pull/2544 for more information
- Multi architecture support for test-webserver image

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
 2017-07-17 08:43:37 -07:00
Shiyang Wang f1afc3d09d fix sort-by output problem 2017-07-17 10:26:34 +08:00
Erick Fejta 46bcc330b7 Explicitly set --cluster-ip-range --clean-start --minStartupPods 2017-07-16 18:18:43 -07:00
Kubernetes Submit Queue 8ce6378512 Merge pull request #46091 from xilabao/new-output-in-edit 
Automatic merge from submit-queue (batch tested with PRs 46091, 48280)

allow output patch string in edit command

**What this PR does / why we need it**:
allow user to get the patch from edit command if user is not familiar with the patch format.

```
# ./cluster/kubectl.sh create role a --verb=get,list --resource=no
role "a" created

# ./cluster/kubectl.sh edit role a --output-patch=true
Patch: {"rules":[{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","delete"]}]}
role "a" edited

# ./cluster/kubectl.sh create role b --verb=get,list --resource=no
role "b" created

# ./cluster/kubectl.sh patch role b -p '{"rules":[{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","delete"]}]}'
role "b" patched
```
**Which issue this PR fixes**: fixes #47173

**Special notes for your reviewer**:

**Release note**:

```release-note
Could get the patch from kubectl edit command
```
 2017-07-16 18:04:42 -07:00
Kubernetes Submit Queue 3448d2fa86 Merge pull request #48906 from caesarxuchao/fix-import-cycle 
Automatic merge from submit-queue (batch tested with PRs 44129, 48030, 48906)

Fix import cycle

Removed apimahcinery's dependency on k8s.io/api, introduced in https://github.com/kubernetes/kubernetes/pull/48497#discussion_r127312690.

Fixed hack/verify-staging-imports.sh to prevent future occurrences.
 2017-07-15 17:13:41 -07:00
Kubernetes Submit Queue cab07f3af0 Merge pull request #46893 from yguo0905/image-spec 
Automatic merge from submit-queue (batch tested with PRs 48890, 46893, 48872, 48896)

Support customized system spec in the node conformance test and create the GKE system spec

ref: https://github.com/kubernetes/kubernetes/issues/46891

- System specs are located in `test/e2e_node/system/specs`. Created one for validating GKE images in `test/e2e_node/system/specs/gke.yaml`.
- `--image-spec-name` can be used to specify a system spec in node e2e and conformance tests. This option maps to `SYSTEM_SPEC_NAME` in a test properties file, which is the user facing configuration. So, users can specify `SYSTEM_SPEC_NAME=gke` to run the image validation using the GKE system spec.
- If `SYSTEM_SPEC_NAME` is unspecified, the default spec (`system.DefaultSysSpec`) will be used.
- We can also use `make test-e2e-node SYSTEM_SPEC_NAME=gke` to run tests using GKE image spec.

**Release note**:
`None`
 2017-07-14 16:49:52 -07:00
Kubernetes Submit Queue 048b0600f9 Merge pull request #48842 from enisoc/quick-verify 
Automatic merge from submit-queue

Add quick-verify make rule.

This is useful for humans to run to catch obvious problems before
pushing commits and waiting for CI to run verify checks.

Quick mode only runs a whitelist of verify scripts that are reasonably fast.
I set the initial bar arbitrarily at <10s each on my workstation.

The whole set runs in <30s for me, assuming I had already run `make` and
`hack/godep-restore.sh`. This is compared to the full `make verify`
which takes [I don't know how long because I gave up after 45min].
 2017-07-14 14:38:28 -07:00
Kubernetes Submit Queue df47592d5a Merge pull request #48854 from colemickens/msi 
Automatic merge from submit-queue (batch tested with PRs 47066, 48892, 48933, 48854, 48894)

azure: msi: add managed identity field, logic

**What this PR does / why we need it**: Enables managed service identity support for the Azure cloudprovider. "Managed Service Identity" allows us to ask the Azure Compute infra to provision an identity for the VM. Users can then retrieve the identity and assign it RBAC permissions to talk to Azure ARM APIs for the purpose of the cloudprovider needs.

Per the commit text:
```
The azure cloudprovider will now use the Managed Service Identity
to retrieve access tokens for the Azure ARM APIs, rather than
requiring hard-coded, user-specified credentials.
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a 

**Special notes for your reviewer**: none

**Release note**:

```release-note
azure: support retrieving access tokens via managed identity extension
```

cc: @brendandburns @jdumars @anhowe
 2017-07-14 12:50:55 -07:00
Kubernetes Submit Queue 9e97b5249b Merge pull request #46360 from khenidak/azure-pd-final 
Automatic merge from submit-queue

Azure PD (Managed/Blob)

This is exactly the same code as this [PR](https://github.com/kubernetes/kubernetes/pull/41950). It has a clean set of generated items. We created a separate PR to accelerate the accept/merge the PR

CC @colemickens 
CC @brendandburns 

**What this PR does / why we need it**:

1. Adds K8S support for Azure Managed Disks. 
2. Adds support for dedicated blob disks (1:1 to storage account) in addition to shared blob disks (n:1 to storage account). 
3. Automatically manages the underlying storage accounts. New storage accounts are created at 50% utilization. Max is 100 disks, 60 disks per storage account.    
2. Addresses the current issues with Blob Disks:
..* Significantly faster attach process. Disks are now usually available for pods on nodes under 30 sec if formatted, under a min if not formatted. 
..* Adds support to move disks between nodes.
..* Adds consistent attach/detach behavior, checks if the disk is leased/attached on a different node before attempting to attach to target nodes.
..* Fixes a random hang behavior on Azure VMs during mount/format (for both blob + managed disks).
..* Fixes a potential conflict by avoiding the use of disk names for mount paths. The new plugin uses hashed disk uri for mount path.  

The existing AzureDisk is used as is. Additional "kind" property was added  allowing the user to decide if the pd will be shared, dedicated or managed (Azure Managed Disks are used).

Due to the change in mounting paths, existing PDs need to be recreated as PV or PVCs on the new plugin.
 2017-07-14 09:57:51 -07:00
Yang Guo 22c9e23202 Supports customized system spec in the node conformance test and creates the GKE system spec 2017-07-14 09:39:19 -07:00
Kubernetes Submit Queue ca0a868823 Merge pull request #48651 from shyamjvs/logexporter-supporter 
Automatic merge from submit-queue (batch tested with PRs 48864, 48651, 47703)

Enable logexporter mechanism to dump logs from k8s nodes to GCS directly

Ref https://github.com/kubernetes/kubernetes/issues/48513

This adds support for logexporter from k8s side. Next I'll send a PR adding support from test-infra side.

/cc @kubernetes/sig-scalability-misc @kubernetes/test-infra-maintainers @fejta @wojtek-t @gmarek
 2017-07-14 03:10:45 -07:00
Khaled Henidak & Andy Zhang 677e593d86 Add Azure managed disk support 2017-07-14 14:09:44 +08:00
Kubernetes Submit Queue a14abaabab Merge pull request #48824 from yguo0905/docker-validation 
Automatic merge from submit-queue (batch tested with PRs 48082, 48815, 48901, 48824)

Add test image name to the OS image field of the perf metrics

I'd like to add the resource usage benchmarks for COS m60 (docker 1.13.1) but don't want to remove the existing m59 (docker 1.11.2) [ones](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/benchmark/benchmark-config.yaml#L51-L71), in order to compare the results between the two docker versions.

The `image` reported in the metrics is from `Node.Status.NodeInfo.OSImage`, which is always "Container-Optimized OS from Google" (from `/etc/os-releases`) for COS. So there's no way to differentiate two milestones in the metrics.

This PR attaches the [image name](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/benchmark/benchmark-config.yaml#L52) to the `image` field of the metrics. So it will become "Container-Optimized OS from Google (cos-stable-59-9460-64-0)".

See the results of the test run:

[performance-memory-containervm-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-containervm-resource1-resource_0.json)
[performance-memory-coreos-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-coreos-resource1-resource_0.json)
[performance-memory-gci-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-gci-resource1-resource_0.json)

**Release note**:
```
None
```

Ref: https://github.com/kubernetes/kubernetes/issues/42926

/sig node
/area node-e2e
/assign @dchen1107
 2017-07-13 22:44:00 -07:00
Kubernetes Submit Queue 8ad1be7833 Merge pull request #44475 from freehan/checkpoint-test 
Automatic merge from submit-queue

add dockershim checkpoint node e2e test

Add a bunch of disruptive cases to test kubelet/dockershim's checkpoint work flow.

Some steps are quite hacky. Not sure if there is better ways to do things.
 2017-07-13 18:50:10 -07:00
Cole Mickens cd177dcd11 add pkg/credentailprovider/azure to hack/.linted_packages 2017-07-13 14:29:11 -07:00
Chao Xu 40be152c95 update verify-staging-imports.sh 2017-07-13 13:01:35 -07:00
Anthony Yeh db869a6b0b
Add quick-verify make rule. 
This is useful for humans to run to catch obvious problems before
pushing commits and waiting for CI to run verify checks.

Quick mode only runs a whitelist of verify scripts that are reasonably fast.
I set the initial bar arbitrarily at <10s each on my workstation.

The whole set runs in <30s for me, assuming I had already run `make` and
`hack/godep-restore.sh`. This is compared to the full `make verify`
which takes [I don't know how long because I gave up after 45min].
 2017-07-12 16:29:31 -07:00
Anthony Yeh e3fed1ce6d
Allow verify-sh to run in SILENT mode. 
Because of nounset, it was impossible to run without -v.
 2017-07-12 15:02:52 -07:00
Yang Guo b17c6a1769 Add test image name to the OS image field of the perf metrics 2017-07-12 14:51:45 -07:00
Kubernetes Submit Queue 77b6b126cb Merge pull request #48641 from smarterclayton/refactor_exec 
Automatic merge from submit-queue (batch tested with PRs 48594, 47042, 48801, 48641, 48243)

Prepare to introduce websockets for exec and portforward

Refactor the code in remotecommand to better represent the structure of
what is common between portforward and exec.

Ref #48633
 2017-07-12 14:08:10 -07:00
Kubernetes Submit Queue 50aa8e0f07 Merge pull request #48794 from gyliu513/remove-mesos-flags 
Automatic merge from submit-queue (batch tested with PRs 48279, 48566, 48319, 48794, 47952)

Removed mesos flags from known-flags.txt.

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
none
```
 2017-07-12 11:52:21 -07:00
Shyam Jeedigunta 5f8cb3d9ff Enable logexporter mechanism to dump logs from k8s nodes to GCS directly 2017-07-12 14:39:49 +02:00
Kubernetes Submit Queue 0e461035cb Merge pull request #48734 from tallclair/namechange 
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)

Name change: s/timstclair/tallclair/

I changed my name, and I'm migrating my user name to be consistent.
 2017-07-12 04:56:32 -07:00
Kubernetes Submit Queue 1f1f9ef962 Merge pull request #48549 from maleck13/add-generated-clients 
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)

add generated clients. modify codegen script 

**What this PR does / why we need it**:
Adds in the generated clientsets for the sample apiserver. Modifies the update-codgen script to copy over the client from the generated location. We need it in order to be able to add integrations and unit tests that make use of the clientsets and their fakes.

**Special notes for your reviewer**:
@deads2k  @p0lyn0mial  hopefully done the correct thing here. Not 100% sure on needing the copy but it seemed what was needed to get the import paths correct?

**Release note**:

```release-note
NONE
```
 2017-07-12 04:03:58 -07:00
Kubernetes Submit Queue 172df7e23d Merge pull request #46865 from sttts/sttts-kube-apiserver-run-test 
Automatic merge from submit-queue

kube-apiserver: tests for aggregation and CRDs via delegation

In our integration tests we do not use the real kube-apiserver setup code, but mock our own. Here I use the actual `cmd/kube-apiserver/app.Run()` func with an testing etcd server. This can test the whole delegation chain of aggregator, apiextensions and kube-apiserver.
 2017-07-12 02:55:15 -07:00
Guangya Liu 104ed33a48 Removed mesos flags from known-flags.txt. 2017-07-12 16:15:00 +08:00
Kubernetes Submit Queue d396ac53dc Merge pull request #48625 from MrHohn/kube-proxy-metrics-flags 
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)

Make kube-proxy's MetricsBindAddress configurable via flag

**What this PR does / why we need it**: From #48600, `MetricsBindAddress` used to be configurable through flag (coupled with `HealthzBindAddress`). But this functionality went away after #44968 separated healthz server from metrics server. This PR adds that functionality back.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: 

**Special notes for your reviewer**:
/assign @ncdc 
cc @bowei @r0bj

**Release note**:

```release-note
none
```
 2017-07-12 00:10:14 -07:00
Dr. Stefan Schimanski 5835cfbcce kube-apiserver: add integration test with real Run() func 
- for simple Run()
- for aggregation API group priorities
- for CRD creation
 2017-07-12 08:47:25 +02:00
Kubernetes Submit Queue b07581e60f Merge pull request #47719 from xilabao/fix-set-selector-1 
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)

fix parse resource in setting selector

**What this PR does / why we need it**:

**Which issue this PR fixes**: fixes #47718

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-11 23:09:13 -07:00
craig 87f8e79658 Add generated clients. modify codegen script to make modification easier and to allow it to work from the root of the sample server. 
fix issue where binaries not being removed. Add new client packages to lint

put new linted packages in correct location. remove flag from variables

Add all pkgs that should be linted and run sort

Add output from hack/update-bazel.sh

remove genclient=true from FischerList and regenerate client

re update bazel build files

fix missing resource method in register.go
 2017-07-11 19:49:37 +01:00
Tim Allclair a2f2e1d491 Name change: s/timstclair/tallclair/ 2017-07-10 14:05:46 -07:00
Dr. Stefan Schimanski cd2552749f godep-save.sh: workaround broken vendor/github.com/docker/docker/project/CONTRIBUTING.md symlink 2017-07-10 13:02:38 +02:00
Dr. Stefan Schimanski 9775a66310 godep-save.sh: add verbosity 2017-07-10 13:02:38 +02:00
Clayton Coleman cf026a3314
Move SPDY specific code into its own package 2017-07-09 16:11:05 -04:00
Kubernetes Submit Queue 5ca03d674e Merge pull request #48653 from cblecker/verify-godep-fix 
Automatic merge from submit-queue (batch tested with PRs 47040, 48597, 48608, 48653)

Fix godep verify to use godep restore script

**What this PR does / why we need it**:
A bug was introduced in #48615. `hack/verify-godeps.sh` only downloads and compares if godeps have changed, so it wasn't caught on the original PR. However, when it does run (e.g. https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/48630/pull-kubernetes-verify/38350/) it fails because the godep-save script now doesn't permit a compex GOPATH. verify-godeps.sh actually sets one because it restores godeps not using the `hack/godep-restore.sh` script.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

/assign @sttts
/priority failing-test
 2017-07-08 15:33:28 -07:00
Kubernetes Submit Queue 7201e1c848 Merge pull request #48660 from sttts/sttts-hack-owners 
Automatic merge from submit-queue

hack/OWNERS: add myself (sttts)
 2017-07-08 07:09:57 -07:00
Kubernetes Submit Queue ed66bfd2a1 Merge pull request #48604 from sttts/sttts-remove-tpr-example 
Automatic merge from submit-queue (batch tested with PRs 48497, 48604, 48599, 48560, 48546)

client-go: remove TPR example

Now that the TPR api is gone (https://github.com/kubernetes/kubernetes/issues/48152).
 2017-07-08 07:09:33 -07:00
Kubernetes Submit Queue af3dde34a6 Merge pull request #48497 from shiywang/move 
Automatic merge from submit-queue (batch tested with PRs 48497, 48604, 48599, 48560, 48546)

Move pkg/apimachinery/test to apimachinery

Fixes https://github.com/kubernetes/kubernetes/issues/48265

for circular dependency reason, all the test file contain both `"k8s.io/apimachinery/pkg/apis/meta/v1"` and `"k8s.io/apimachinery/pkg/runtime"` is hard to move to a ideal location, so I create a separated test package for those files

I also bump the example package :https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/apiserver/pkg/apis/example here for apimachinery, @sttts told me it's ok if to bump file if only for test   EDIT: seems it's no need to bump, will update soon
```
NONE
```
 2017-07-08 07:09:31 -07:00
Dr. Stefan Schimanski bc80a679c4 hack/OWNERS: add myself (sttts) 2017-07-08 11:01:03 +02:00
Kubernetes Submit Queue 6cd6d89d40 Merge pull request #48410 from xiangpengzhao/remove-empty-util-dir 
Automatic merge from submit-queue (batch tested with PRs 47234, 48410, 48514, 48529, 48348)

Remove unused sub-pkgs in pkg/util

**What this PR does / why we need it**:
Remove no longer used sug-pkgs in pkg/util

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48386

**Special notes for your reviewer**:
/cc @deads2k 

**Release note**:

```release-note
NONE
```
 2017-07-07 23:53:34 -07:00
Christoph Blecker 8b3bf13806
Fix godep verify to use godep restore script 2017-07-07 23:16:54 -07:00
Christoph Blecker 2b111c5a55
Run verify-godeps.sh fully if hack/ dir changes 2017-07-07 23:16:37 -07:00
Shiyang Wang da4a875ef8 Move pkg/apimachinery/test to apimachinery 2017-07-08 08:48:38 +08:00
Zihong Zheng a4e359aa12 Make kube-proxy's MetricsBindAddress configurable via flag 2017-07-07 12:46:20 -07:00
Dr. Stefan Schimanski 918721078f godep-save.sh: add sanity checks 2017-07-07 21:16:34 +02:00
Dr. Stefan Schimanski b34464241d client-go: remove TPR example 2017-07-07 14:13:46 +02:00
xilabao 0ba41e7285 fix parse resource in setting selector 2017-07-07 10:36:29 +08:00
Kubernetes Submit Queue b00df7eb89 Merge pull request #47435 from luxas/kubeadm_new_selfhosting 
Automatic merge from submit-queue (batch tested with PRs 47435, 46044)

kubeadm: Make self-hosting work and split it out to a phase

**What this PR does / why we need it**:

 - Removes the old self-hosting code
 - Puts the new self-hosting code in `phases/selfhosting`
   - The new code reads manifests from disk (static pods)...
   - ...mutates the PodSpec as necessary...
   - ...and posts the DaemonSet to the API Server...
   - ...and waits for it to come up
 - Uses DaemonSets for all control plane components
 - Creates a `kubeadm alpha phase selfhosting` command that can be invoked against any kubeadm-cluster after install.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

fixes: https://github.com/kubernetes/kubeadm/issues/127
(large part of at least)

**Special notes for your reviewer**:

Please only review the fourth commit, based on https://github.com/kubernetes/kubernetes/pull/47345

**Release note**:

```release-note
kubeadm: Make self-hosting work by using DaemonSets and split it out to a phase that can be invoked via the CLI
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @jbeda
 2017-07-06 12:43:39 -07:00
Lucas Käldström 9f1c5a6f0f
kubeadm self-hosting: unit tests and bazel 2017-07-06 20:54:47 +03:00
Kubernetes Submit Queue 9cfb0ae565 Merge pull request #48508 from mengqiy/fix_term 
Automatic merge from submit-queue

fix cross build

Fix the issue introduced in #48299 which breaks cross-build (https://github.com/kubernetes/kubernetes/pull/48299#issuecomment-312846398).
move setsize.go and setsize_unsupported.go back to util/term for kubelet.
move unmark_windows.go as well.

```release-note
NONE
```
 2017-07-06 00:08:49 -07:00
Kubernetes Submit Queue c0c3fe011c Merge pull request #48292 from mml/fnord 
Automatic merge from submit-queue (batch tested with PRs 48292, 48121)

Return a slightly more verbose error when "go get" fails.
 2017-07-05 17:41:38 -07:00
Kubernetes Submit Queue b39a0a7482 Merge pull request #48489 from xiangpengzhao/check-golint 
Automatic merge from submit-queue (batch tested with PRs 48309, 48489)

Check if golint exists first in hack/verify-golint.sh

**What this PR does / why we need it**:
Check if golint exists first in hack/verify-golint.sh

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48488

**Special notes for your reviewer**:
nope.

**Release note**:

```release-note
NONE
```
 2017-07-05 15:50:12 -07:00
Matt Liggett 421166db0f Fix e2e_test.go 2017-07-05 14:24:25 -07:00
ymqytw ce561b2044 fix cross build for windows 2017-07-05 12:42:41 -07:00
deads2k 254e71bfc6 bulk delete of tpr packages 2017-07-05 11:02:23 -04:00
Manjunath A Kumatagi 5447ec97f0 Move test-webserver from contrib/for-demos to kubernetes/test/images 2017-07-05 18:55:40 +05:30
Kubernetes Submit Queue c10cc3decd Merge pull request #48353 from deads2k/tpr-17-delete-01 
Automatic merge from submit-queue (batch tested with PRs 48480, 48353)

remove tpr api access

xref https://github.com/kubernetes/kubernetes/issues/48152

TPR tentacles go pretty deep. This gets us started by removing API access and we'll move down from there.

@kubernetes/sig-api-machinery-misc 
@ironcladlou this should free up the GC implementation since TPRs will no longer be present and failing.

```release-note
Removing TPR api access per https://github.com/kubernetes/kubernetes/issues/48152
```
 2017-07-05 05:49:30 -07:00
xiangpengzhao c265719759 Check if golint exists first in hack/verify-golint.sh 2017-07-05 14:51:51 +08:00
Kubernetes Submit Queue 0ec36bdc8f Merge pull request #47043 from CaoShuFeng/validate_audit 
Automatic merge from submit-queue

Add Validate() function for audit options

**Release note**:

```
NONE
```
Fixes: #47114
 2017-07-04 08:48:20 -07:00
xiangpengzhao 016f1cfd8f Remove unused sub-pkgs in pkg/util 2017-07-04 12:04:06 +08:00
deads2k 3ee458d246 remove tpr API access 2017-07-03 11:25:59 -04:00
ymqytw 8dac9639e4 split util/slice 2017-06-30 23:04:18 -07:00
Kubernetes Submit Queue c0337c92cc Merge pull request #47881 from cadmuxe/endpoint 
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)

Add ApiEndpoint support to GCE config.

**What this PR does / why we need it**:
Add the ability to change ApiEndpoint  for GCE.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:
```release-note
None
```
 2017-06-30 18:42:40 -07:00
Tim Hockin a0db287299 Merge pull request #47934 from wlan0/master 
enable docs and man page autogeneration for cloud-controller-manager
 2017-06-30 16:58:08 -07:00
Kubernetes Submit Queue a92123c530 Merge pull request #48037 from wanghaoran1988/add_bootstrap_option 
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037)

Make the `--controllers` flag configurable in hack/local-up-cluster.sh

**What this PR does / why we need it**:
add options to enable tokencleaner,bootstrapsigner controller for bootstrap token testing

**Release note**:
```
None
```
 2017-06-30 14:34:32 -07:00
Kubernetes Submit Queue 228822a95b Merge pull request #44910 from mkumatag/ppc64le_test_images 
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037)

Make Makefiles in `test/images/` compatible with multiple architectures

**What this PR does / why we need it**:
This PR is for making test images multi architecture for different platforms like amd64, arm, arm64, ppc64le
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes  #31331

**Special notes for your reviewer**:
- Actual tests need to be modified to use these images based on the architecture later.
- Not covering the cross building of docker images for `s390x` platform due to problem faced while running containers with `qemu-s390x-static`
- Will submit separate PR for `volume and pet` test images
- This PR depends on - https://github.com/kubernetes/ingress/pull/587

**Release note**:

```NONE```
 2017-06-30 14:34:30 -07:00
Matt Liggett 2ee08591b0 Return a slightly more verbose error when "go get" fails. 2017-06-30 12:06:27 -07:00
Kubernetes Submit Queue 17e19dfce6 Merge pull request #48271 from shyamjvs/cluster-ip-e2e-flag 
Automatic merge from submit-queue

Make cluster IP range an argument to ginkgo to fix firewall test

This should fix the failing "Firewall rule should have correct firewall rules for e2e cluster" test when using a non-default cluster IP range.
(Ref: https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-enormous-cluster/13#k8sio-firewall-rule-should-have-correct-firewall-rules-for-e2e-cluster)

/cc @kubernetes/sig-network-pr-reviews @gmarek
 2017-06-30 09:26:32 -07:00
Shyam Jeedigunta c1a76fbb57 Make cluster IP range an argument to ginkgo to fix firewall test 2017-06-30 16:18:18 +02:00
Manjunath A Kumatagi 5f0c16b5d0 Fix verify-golint 2017-06-30 19:42:55 +05:30
Minhan Xia 6da0c11063 add dockershim checkpoint node e2e test 2017-06-29 13:26:09 -07:00
Koonwah Chen 0db5b37165 testing fixed 
hack/verify-gofmt.sh and hack/verify-flags-underscore.py
 2017-06-29 10:42:29 -07:00
Kubernetes Submit Queue 33fc75e223 Merge pull request #47984 from ironcladlou/local-cluster-vmodule 
Automatic merge from submit-queue (batch tested with PRs 46850, 47984)

Enable vmodule support for all components

Support vmodule (via `LOG_SPEC`) for all local cluster components.

```release-note
NONE
```
 2017-06-29 07:18:34 -07:00
Jordan Liggitt 6967ae78b3
Make doc generation on cherry-picks optional 2017-06-26 16:54:11 -04:00
Nikhita Raghunath 52bd0bc713
Fix error in local-cluster-up 
When $GO_OUT is not set, line 152 will output the error:
[: ==: unary operator expected. This occurs because the if condition becomes
if [  == "" ]. This results in an error because == is a binary operator.
 2017-06-26 21:59:01 +05:30
Haoran Wang 38f3a9cc4b add options enable tokencleaner,bootstrapsigner controller 2017-06-26 23:46:55 +08:00
Kubernetes Submit Queue b042c76d10 Merge pull request #47936 from caesarxuchao/test-api-dependency 
Automatic merge from submit-queue (batch tested with PRs 47650, 47936, 47939, 47986, 48006)

External dependency of k8s.io/api

Fix https://github.com/kubernetes/kubernetes/issues/48007

It's unfortunate that k8s.io/api has external dependencies.

Most of the dependencies are introduced by "k8s.io/apimachinery/pkg/util/intstr" and ugorji.
 2017-06-24 05:15:40 -07:00
Matthew Wong 76a72f6248 Move e2e fromManifest funcs to manifest package 2017-06-23 18:47:42 -04:00
Dan Mace 321ed7f7cf Enable vmodule support for all components 
Support vmodule (via `LOG_SPEC`) for all local cluster components.
 2017-06-23 15:12:35 -04:00
Kubernetes Submit Queue 418c319e0a Merge pull request #47227 from supereagle/correct-script-name 
Automatic merge from submit-queue

correct the name of the script to generate swagger doc

**What this PR does / why we need it**: The name of the script to generate swagger doc is not correct, this PR is to fix it.

**Which issue this PR fixes**: fixes #

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
 2017-06-22 23:27:15 -07:00
Kubernetes Submit Queue 7ecb6cc238 Merge pull request #47095 from MrHohn/fix-e2e-firewall-multizone 
Automatic merge from submit-queue (batch tested with PRs 47922, 47195, 47241, 47095, 47401)

Fix firewall e2e test for multizone CIs

Fixes #46894.

- Getting node/master tags from config instead of instance.
- Don't assume instance always run in default zone.

/assign @freehan 

**Release note**:

```release-note
NONE
```
 2017-06-22 21:33:31 -07:00
Kubernetes Submit Queue e4af9dccb0 Merge pull request #46923 from dims/nuke-wrapper-go-flags 
Automatic merge from submit-queue (batch tested with PRs 47921, 45984, 46829, 46896, 46923)

Remove unnecessary wrapper flags

**What this PR does / why we need it**:

Drop KUBE_GOFLAGS, KUBE_GOGCFLAGS, KUBE_GOLDFLAGS references
from the build infrastructure

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47296

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-22 20:26:29 -07:00
Kubernetes Submit Queue a509cbf919 Merge pull request #46829 from cblecker/swagger-dir-fix 
Automatic merge from submit-queue (batch tested with PRs 47921, 45984, 46829, 46896, 46923)

Create output_dir if doesn't exist

**What this PR does / why we need it**:
Minor fix to the swagger spec gen, that if the directory doesn't exist, create it before copying.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-22 20:26:24 -07:00
Kubernetes Submit Queue dafe578377 Merge pull request #45984 from cblecker/hack-vet 
Automatic merge from submit-queue (batch tested with PRs 47921, 45984, 46829, 46896, 46923)

Move govet verify into rest of verify*-.sh scripts

**What this PR does / why we need it**:
Instead of having two govet scripts, consolidate them to into one and have both the Makefile and verify.sh scripts target the same script. This also will allow proper syntax highlighting and timing when the vet script is run as part of `make verify`.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/test-infra/issues/2725

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

/cc @fejta @rmmh
 2017-06-22 20:26:21 -07:00
Kubernetes Submit Queue 4e1b608391 Merge pull request #45784 from xiangpengzhao/fix-integration-tips 
Automatic merge from submit-queue

Give developer more help info when running integration tests without etcd found.

**What this PR does / why we need it**:
When running integration tests, if etcd version on env is lower than expected, developer will get info `You can use 'hack/install-etcd.sh' to install a copy in third_party/.` It would be better to have the same info if no etcd installed on env.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-22 18:53:22 -07:00
wlan0 38b060c4fd enable docs and man page autogeneration for cloud-controller-manager 2017-06-22 17:04:26 -07:00
Chao Xu 8642e6f0c0 include k8s.io/api in update-godep-staging.sh 2017-06-22 16:58:53 -07:00
Chao Xu 339183181d revert hack/update-all to its original form 2017-06-22 11:31:04 -07:00
Chao Xu 593e7c0256 revert!! temporary change to hack/update-all.sh 2017-06-22 11:31:03 -07:00
Chao Xu 83235f940a manually fix hack/verify-staging-imports.sh 
manually fix hack/godep-save.sh

manually fix .linted_packages

squash, manually fix lint

manually fix hack/update-staging-godeps.sh

manually fix update-staging-godeps.sh; let it update godep of client-go
 2017-06-22 11:31:00 -07:00
Chao Xu 633ef0d44d change hack/update-codecgen.sh 2017-06-22 11:30:58 -07:00
Chao Xu 7d5dbdaa09 manually fix protogen 2017-06-22 11:30:58 -07:00
Chao Xu 0a853fec93 hack/lib/init.sh util.sh update-codegen.sh 2017-06-22 11:30:57 -07:00
Chao Xu bad65b4c95 Don't revert, necessary change to make helpers to include k8s.io/api 
Don't revert, change boundingdirs in Makefile for deepcopy-gen

manually fix pkg/client/clientset_generated/clientset/typed/core/v1/pod_expansion.go because external policy types are moved now
 2017-06-22 11:30:43 -07:00
Kubernetes Submit Queue 98c868d038 Merge pull request #46993 from david-mcmahon/gen-docs 
Automatic merge from submit-queue

Regenerate docs (if necessary) during cherry-pick operations.

This change ensures that cherrypicks are coupled with any related doc generation required.
closes #44533
 2017-06-21 17:32:33 -07:00
Christoph Blecker 97783f9093
Run hack/verify-govet.sh as part of verify make target 
This commit ensures that:
- go vet will be run as part of the make verify target
- the vet make-rule script won't be run directly, as generated_files won't be run in that case
- that go vet errors show up in the build log with a start time, finish time, and SUCCESS/FAILED message as part of the verify make rule script
 2017-06-21 11:10:25 -07:00
mbohlool 222f6ae37f Add test from #47578 2017-06-21 10:56:00 -07:00
Kubernetes Submit Queue e626d381fb Merge pull request #47331 from wasylkowski/fix-gofmt 
Automatic merge from submit-queue

Fixed the issue with formatting issues not being reported when verification fails

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-20 09:06:25 -07:00
Davanum Srinivas 5b3c3665f3 Remove timestamps from docs/api-reference/*/*.html 
If there are 2 or more PR(s) in the queue, they will end up with
conflicts (and rechecks). So let us remove the timestamp entirely
when we generate the files.

Fixes #46814
 2017-06-19 21:41:38 -04:00
Kubernetes Submit Queue cc645a8c6f Merge pull request #46327 from supereagle/mark-network-plugin-dir-deprecated 
Automatic merge from submit-queue (batch tested with PRs 46327, 47166)

mark --network-plugin-dir deprecated for kubelet

**What this PR does / why we need it**:

**Which issue this PR fixes** : fixes #43967

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-19 11:23:54 -07:00
Kubernetes Submit Queue b6faf34862 Merge pull request #47530 from mindprince/issue-47388-remove-dead-code 
Automatic merge from submit-queue (batch tested with PRs 47530, 47679)

Use cos-stable-59-9460-64-0 instead of cos-beta-59-9460-20-0.

Remove dead code that has now moved to another repo as part of #47467

**Release note**:
```release-note
NONE
```

/sig node
 2017-06-16 20:57:58 -07:00
Kubernetes Submit Queue d7b631a52d Merge pull request #46883 from ahmetb/clientgo-toc 
Automatic merge from submit-queue

clientgo/examples: add ToC for examples

Also add authenticate- prefix to auth samples. This patch could use some
improvement explaining workqueue and TPR examples as I'm not entirely sure.

/assign @caesarxuchao

Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
 2017-06-16 14:14:26 -07:00
Rohit Agarwal 3a86c97cf6 Use cos-stable-59-9460-64-0 instead of cos-beta-59-9460-20-0. 
- It contains a fix for ipaliasing.
- It contains a fix which decouples GPU driver installation from kernel
version.

Remove dead code that has now moved to another repo as part of #47467
 2017-06-16 13:48:50 -07:00
Kubernetes Submit Queue c31893978b Merge pull request #45918 from juanvallejo/jvallejo/fix-kubectl-set-resources-local 
Automatic merge from submit-queue

fix --local flag for kubectl commands

Fixes https://github.com/kubernetes/kubernetes/issues/47079

**Release note**:
```release-note
NONE
```

Fixes the `--local` flag for `kubectl set ...` sub-commands.
**As of the 1.7 release**, `PrinterForCommand` was updated to [use a mapper and typer for unstructured objects](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/util/factory_builder.go#L52), which further prevented the use of `--local` when there was no connection to an api server.


**before** (with no connection to a server)
```
$ kubectl set resources -f pod.json --limits=cpu=200m,memory=512Mi --local
error: unable to connect to a server to handle "pods": Get https://10.13.137.149:8443/api: dial tcp 10.13.137.149:8443: getsockopt: connection refused
```

**after** (with no connection to a server)
```
$ kubectl set resources -f pod.json --limits=cpu=200m,memory=512Mi --local
NAME              READY     STATUS    RESTARTS   AGE
mypod   0/1                 0          <unknown>
```

cc @smarterclayton @fabianofranz
 2017-06-16 08:19:13 -07:00
Anthony Yeh 394c6a5980
CRD: Test delete both with and without cascading. 2017-06-14 22:36:45 -07:00
Kubernetes Submit Queue 8cbf3a33d4 Merge pull request #47542 from enisoc/tpr-watch 
Automatic merge from submit-queue (batch tested with PRs 47492, 47542, 46800, 47545, 45764)

Fix TPR watches.

Fixes #47027

TPR watch has been broken since #44350.
 2017-06-14 21:43:41 -07:00
Kubernetes Submit Queue 304106f0f7 Merge pull request #47099 from mengqiy/add_junit_for_cmd_tests 
Automatic merge from submit-queue (batch tested with PRs 47204, 46808, 47432, 47400, 47099)

support junit in test-cmd

Output junit result for cmd tests.

Fixes #45196

There will be a followup PR to refactor the cmd test into functions as test cases there is not a lot changes in `hack/make-rules/test-cmd-util.sh`

```release-note
NONE
```
 2017-06-14 17:14:08 -07:00
Kubernetes Submit Queue ef20034a04 Merge pull request #47204 from janetkuo/kubectl-apply-change-cause 
Automatic merge from submit-queue (batch tested with PRs 47204, 46808, 47432, 47400, 47099)

Make kubectl apply add change-cause before patching

**What this PR does / why we need it**: We shouldn't patch the project with applied change, and then patch again with the change cause. Otherwise, DaemonSet change cause wouldn't be copied to its history (after the first patch, history will be created with the old change cause). 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47210

**Special notes for your reviewer**: 
/assign @mengqiy 
@kubernetes/sig-apps-bugs @kubernetes/sig-cli-maintainers 

**Release note**:

```release-note
NONE
```
 2017-06-14 17:13:54 -07:00
Anthony Yeh 17cbc5e014
Fix TPR watches. 2017-06-14 16:58:49 -07:00
Kubernetes Submit Queue 16640d892f Merge pull request #46135 from krousey/upgrades 
Automatic merge from submit-queue (batch tested with PRs 47470, 47260, 47411, 46852, 46135)

Write reports for each upgrade test

Due to the way Ginkgo runs individual test cases and the level of coordination required for the upgrade tests, they were all run under a single Ginkgo test case. This PR generates and auxiliary report that break out the results of each upgrade test. This is accomplished by:

  1) Wrapping `ginkgo.Fail` and `ginkgo.Skip` to get the actual failure or skip messages.
  2) Recovering that info in the upgrade test to generate an auxiliary report.

I suggest reviewing commit by commit. 

Sample report: https://storage.googleapis.com/krouseytestreports/logs/results/1/artifacts/junit_upgrades.xml

Fixes: #47371
 2017-06-14 12:52:27 -07:00
Kubernetes Submit Queue d797c219b3 Merge pull request #47260 from yguo0905/perf-dash 
Automatic merge from submit-queue (batch tested with PRs 47470, 47260, 47411, 46852, 46135)

Logs node e2e perf data to standalone json files

Fixes the node-dash-perf issue in https://github.com/kubernetes/kubernetes/issues/44003.

- Move perf data types to `test/e2e/perftype/perftype.go` so that the node-perf-dash can depend on.
- Logs the perf data to standalone json files so that node-perf-dash can consume it easily. A sample run of `ci-kubernetes-node-kubelet-benchmark` is at https://console.cloud.google.com/storage/browser/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/1.

The corresponding changes in node-perf-dash is at https://github.com/kubernetes/contrib/pull/2628.

**Release note**:
`None`

/sig node
/area node-e2e
/assign @Random-Liu
 2017-06-14 12:52:18 -07:00
Ahmet Alp Balkan 62d1251874
clientgo/examples: add ToC for examples 
Also add authenticate- prefix to auth samples.

Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
 2017-06-13 15:48:40 -07:00
ymqytw 1480f6c368 refactor cmd test case into functions for easier generating junit results 2017-06-13 14:09:06 -07:00
Kubernetes Submit Queue 72a046d858 Merge pull request #43987 from cosmincojocar/azure_plugin_for_client_auth 
Automatic merge from submit-queue (batch tested with PRs 46441, 43987, 46921, 46823, 47276)

Azure plugin for client auth

This is an Azure Active Directory plugin for client authentification. It provides an integration with Azure CLI 2.0 login command. It can also be used standalone, in that case it will use the device code flow to acquire an access token. 

More details are provided in the README.md file. 

https://github.com/kubernetes/kubectl/issues/29

cc @brendandburns @colemickens
 2017-06-13 13:55:45 -07:00
ymqytw 471327f95f output junit for cmd tests 2017-06-13 10:13:23 -07:00
juanvallejo d036686185
fix --local flag for `kubectl set` commands 2017-06-13 12:57:05 -04:00
Janet Kuo 03af5233bd Make kubectl apply add change-cause before patching 2017-06-12 23:49:42 -07:00
Kubernetes Submit Queue aa35738a21 Merge pull request #47075 from janetkuo/ds-history-patch 
Automatic merge from submit-queue

Change what is stored in DaemonSet history `.data`

**What this PR does / why we need it**: 
In DaemonSet history `.data`, store a strategic merge patch that can be applied to restore a DaemonSet. Only PodSpecTemplate is saved. 

This will become consistent with the data stored in StatefulSet history. 

Before this fix, a serialized pod template is stored in `.data`; however, seriazlized pod template isn't a `runtime.RawExtension`, and caused problems when controllers try to patch the history's controller ref. 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47008

**Special notes for your reviewer**: @kubernetes/sig-apps-bugs @erictune @kow3ns @kargakis @lukaszo @mengqiy 

**Release note**:

```release-note
NONE
```
 2017-06-12 23:31:08 -07:00
Kris 32db61da76 Adding ginkgowrapper and junit to linted packages 2017-06-12 16:59:54 -07:00
Yang Guo 29b2db5af3 Logs node e2e perf data to standalone json files 2017-06-12 14:27:56 -07:00
Andrzej Wasylkowski 9920fea527 Fixed the issue with formatting issues not being reported when verification fails. 2017-06-12 17:59:08 +02:00
Kubernetes Submit Queue df1e289888 Merge pull request #47004 from ixdy/bazel-stamp-multiple-packages 
Automatic merge from submit-queue

bazel: stamp multiple packages by using x_defs instead of linkstamp in go_binary rules

**What this PR does / why we need it**: Fixes regression introduced sometime in the last few months that prevented bazel-built clusters from identifying version properly. 

It does so by updating the bazelbuild/rules_go and kubernetes/repo-infra dependencies to support using stamp values in `go_binary` `x_defs`, and then changing our `go_binary` rules to use `x_defs` instead of `linkstamp`.

This whole charade is necessary because we need to stamp version information in multiple packages.

This pretty much only affects the bazel build, so it should be low risk.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #45298

**Special notes for your reviewer**: depends on https://github.com/kubernetes/repo-infra/pull/18; should not be merged before it.

**Release note**:

```release-note
NONE
```

/assign @spxtr @mikedanese
 2017-06-11 00:33:13 -07:00
Janet Kuo 2b8f91e549 Update kubectl rollout to consume `.data` of DaemonSet history 
Also update tset data to make sure DaemonSet template is replaced, not
merged, when rolling back.
 2017-06-10 10:52:33 -07:00
supereagle 606c32bc92 correct the script name for generating swagger doc 2017-06-09 14:25:32 +08:00
Pengfei Ni 83676175b0 Update hack scripts 2017-06-09 10:13:34 +08:00
Jeff Grafton 64bd79fad7 Convert go_binary linkstamp to x_defs 2017-06-08 14:59:55 -07:00
Jeff Grafton 14e1889372 Disable verify-gofmt bazel test 2017-06-08 14:59:55 -07:00
David McMahon 4d70ec9531 Regenerate docs (if necessary) during cherry-pick operations. 2017-06-08 13:18:20 -07:00
Kubernetes Submit Queue d16d64f620 Merge pull request #46916 from smarterclayton/secretbox 
Automatic merge from submit-queue (batch tested with PRs 46979, 47078, 47138, 46916)

Add a secretbox and AES-CBC path for encrypt at rest

Add a secretbox and AES-CBC encrypt at rest provider and alter the config, based on feedback from security review.  AES-CBC is more well reviewed and generally fits better with common criteria and FIPS, secretbox is newer and faster than CBC.

```release-note
Add secretbox and AES-CBC encryption modes to at rest encryption.  AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20.
```
 2017-06-07 19:01:53 -07:00
Kubernetes Submit Queue 20bf5f2311 Merge pull request #47086 from enisoc/crd-namespace-cleanup 
Automatic merge from submit-queue (batch tested with PRs 47024, 47050, 47086, 47081, 47013)

apiextensions-apiserver: Fix decoding of DeleteOptions.

Fixes #47072 by making apiextensions-apiserver capable of decoding unversioned DeleteOptions, rather than only handling Unstructured objects (i.e. Custom Resources).

This also closes #46736 and #37554 since the added regression test works for TPR as well.
 2017-06-07 16:53:43 -07:00
Kubernetes Submit Queue 43295501a3 Merge pull request #47050 from sttts/sttts-deprecate-tpr-example 
Automatic merge from submit-queue (batch tested with PRs 47024, 47050, 47086, 47081, 47013)

client-go: deprecate TPR example and add CRD example

/cc @nilebox

Part of https://github.com/kubernetes/kubernetes/issues/46702
 2017-06-07 16:53:40 -07:00
Kubernetes Submit Queue 783b940c30 Merge pull request #47088 from mikedanese/integration-race 
Automatic merge from submit-queue

enable race detection on integration tests

Fix an old TODO
 2017-06-07 11:04:57 -07:00
Davanum Srinivas 823e26ddbf Remove unnecessary wrapper flags 
Drop KUBE_GOFLAGS, KUBE_GOGCFLAGS, KUBE_GOLDFLAGS references
from the build infrastructure. There are some usages still
for KUBE_GOFLAGS, so we should print a deprecation message
until all those are fixed. If both KUBE_GOFLAGS and GOFLAGS
are just then we just bail out.
 2017-06-07 12:31:01 -04:00
Dr. Stefan Schimanski e2b50ac9b8 client-go: deprecate TPR example and add CRD example 2017-06-07 13:45:58 +02:00
Cao Shufeng cf8e3ccf19 Add Validate() function for audit options 2017-06-07 16:53:02 +08:00
Kubernetes Submit Queue 0613ae5077 Merge pull request #46669 from kow3ns/statefulset-update 
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)

implements StatefulSet update

**What this PR does / why we need it**:
1. Implements rolling update for StatefulSets
2. Implements controller history for StatefulSets.
3. Makes StatefulSet status reporting consistent with DaemonSet and ReplicaSet.

https://github.com/kubernetes/features/issues/188

**Special notes for your reviewer**:

**Release note**:
```release-note
Implements rolling update for StatefulSets. Updates can be performed using the RollingUpdate, Paritioned, or OnDelete strategies. OnDelete implements the manual behavior from 1.6. status now tracks 
replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to this release.
```
 2017-06-07 00:27:53 -07:00
Kubernetes Submit Queue eae59aaf72 Merge pull request #44786 from tsandall/f8n-scheduling-policy 
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)

federation: Add admission controller for policy-based placement

@nikhiljindal 

Here's the initial version of the scheduling policy admission controller. It's at the point where it would benefit from having another pair of eyes look at it. The main thing I'm unsure of is the serialization of Kube resources for the webhook/query call.

Release Note:

```
The federation-apiserver now supports a SchedulingPolicy admission controller that enables policy-based control over placement of federated resources.
```

Ref #39982
 2017-06-07 00:27:47 -07:00
Zihong Zheng 0acdc89d96 Pipe in GCE master/node tags through flags for e2e test 2017-06-06 17:27:07 -07:00
Mike Danese 64f77ebfb7 enable race detection on integration tests 2017-06-06 16:27:49 -07:00
Kenneth Owens 1a784ef86f Auto generated code for StatefulSet update 2017-06-06 13:47:19 -07:00
Anthony Yeh 6044bea32b
Add test for TPR/CRD namespace cleanup. 2017-06-06 11:45:15 -07:00
Clayton Coleman 23cd6c52ba
Add a secretbox implementation for encryption 
Uses nacl/secretbox
 2017-06-06 10:50:38 -04:00
Dr. Stefan Schimanski bb663aa7e6 hack/verify-staging-imports.sh: add apiextensions-apiserver 2017-06-06 12:06:31 +02:00
Dr. Stefan Schimanski 33e50da9f4 Rename {kube- ->}apiextensions-{-> api}server 2017-06-06 12:06:31 +02:00
Kubernetes Submit Queue a552ee61a0 Merge pull request #46672 from smarterclayton/initializer_with_config 
Automatic merge from submit-queue (batch tested with PRs 46967, 46992, 43338, 46717, 46672)

Select initializers from the dynamic configuration

Continues #36721

kubernetes/features#209
 2017-06-05 20:27:50 -07:00
Kubernetes Submit Queue 6b50a5cb39 Merge pull request #43338 from fabianofranz/group_aliases_in_api 
Automatic merge from submit-queue (batch tested with PRs 46967, 46992, 43338, 46717, 46672)

Add group alias names to API resources to allow discovery

**What this PR does / why we need it**: 
Adds `GroupNames []string` to API resources, which represents the list of group aliases that every resource belongs to. 

Partially fixes https://github.com/kubernetes/kubernetes/issues/41353

This moves the logic of "all" (which currently [translates](fbc94c0896/pkg/kubectl/cmd/util/shortcut_restmapper.go (L106)) to "pods,replicationcontrollers,services,...") to the server-side. Will allow clients like `kubectl` to discover group aliases instead of having it hardcoded and the API server to better handle consistency across multiple clients, version skew, etc; and will make "all" un-special and allow other groups to be created.

As a follow-up we'll patch `kubectl` to make groups aliases discoverable and the hardcoded list a fallback while we still have to support it.

Related to https://github.com/kubernetes/kubernetes/pull/42595#issuecomment-286839885.

**Release note**:
```release-note
Adds the `Categories []string` field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to. 
```
@kubernetes/sig-api-machinery-misc @deads2k @bgrant0607
 2017-06-05 20:27:46 -07:00
Kubernetes Submit Queue 8280bd5e1a Merge pull request #46799 from mikedanese/gce-3 
Automatic merge from submit-queue (batch tested with PRs 46972, 42829, 46799, 46802, 46844)

promote tls-bootstrap to beta

last commit of this PR.

Towards https://github.com/kubernetes/kubernetes/issues/46999

```release-note
Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag.
```
 2017-06-05 17:46:52 -07:00
Kubernetes Submit Queue f893cddfba Merge pull request #46460 from sakshamsharma/location_transformer 
Automatic merge from submit-queue (batch tested with PRs 46550, 46663, 46816, 46820, 46460)

Add configuration for encryption providers

## Additions

Allows providing a configuration file (using flag `--experimental-encryption-provider-config`) to use the existing AEAD transformer (with multiple keys) by composing mutable transformer, prefix transformer (for parsing providerId), another prefix transformer (for parsing keyId), and AES-GCM transformers (one for each key). Multiple providers can be configured using the configuration file.

Example configuration:
```
kind: EncryptionConfig
apiVersion: v1
resources:
  - resources:
    - namespaces
    providers:
    - aes:
        keys:
        - name: key1
          secret: c2vjcmv0iglzihnly3vyzq==
        - name: key2
          secret: dghpcybpcybwyxnzd29yza==
    - identity: {}
```

Need for configuration discussed in:
#41939
[Encryption](3418b4e4c6/contributors/design-proposals/encryption.md)

**Pathway of a read/write request**:
1. MutableTransformer
2. PrefixTransformer reads the provider-id, and passes the request further if that matches.
3. PrefixTransformer reads the key-id, and passes the request further if that matches.
4. GCMTransformer tries decrypting and authenticating the cipher text in case of reads. Similarly for writes.

## Caveats
1. To keep the command line parameter parsing independent of the individual transformer's configuration, we need to convert the configuration to an `interface{}` and manually parse it in the transformer. Suggestions on better ways to do this are welcome.

2. Flags `--encryption-provider` and `--encrypt-resource` (both mentioned in [this document](3418b4e4c6/contributors/design-proposals/encryption.md) ) are not supported in this because they do not allow more than one provider, and the current format for the configuration file possibly supersedes their functionality.

3. Currently, it can be tested by adding `--experimental-encryption-provider-config=config.yml` to `hack/local-up-cluster.sh` on line 511, and placing the above configuration in `config.yml` in the root project directory.

Previous discussion on these changes:
https://github.com/sakshamsharma/kubernetes/pull/1

@jcbsmpsn @destijl @smarterclayton

## TODO
1. Investigate if we need to store keys on disk (per [encryption.md](3418b4e4c6/contributors/design-proposals/encryption.md (option-1-simple-list-of-keys-on-disk)))
2. Look at [alpha flag conventions](https://github.com/kubernetes/kubernetes/blob/master/pkg/features/kube_features.go)
3. Need to reserve `k8s:enc` prefix formally for encrypted data. Else find a better way to detect transformed data.
 2017-06-05 16:43:48 -07:00
Fabiano Franz 058f9b4f32 Add group alias names to discovery in registry 2017-06-05 20:18:12 -03:00
Clayton Coleman 034f06d7e4
Remove Initializers from federation 2017-06-05 19:12:36 -04:00
mbohlool c7ae61b38b Add OpenAPI README file 2017-06-05 13:18:07 -07:00
Mike Danese cdcfa35c2a promote tls-bootstrap to beta 2017-06-05 12:20:58 -07:00
Torin Sandall 470e99c6a5 federation: Add admission controller for policy-based placement 2017-06-05 07:58:59 -07:00
Janet Kuo edabdac094 Implement kubectl rollout history and undo for DaemonSet 2017-06-03 17:10:57 -07:00
Kubernetes Submit Queue 07f85565a2 Merge pull request #36721 from smarterclayton/initializers 
Automatic merge from submit-queue

Add initializer support to admission and uninitialized filtering to rest storage

Initializers are the opposite of finalizers - they allow API clients to react to object creation and populate fields prior to other clients seeing them.

High level description:

1. Add `metadata.initializers` field to all objects
2. By default, filter objects with > 0 initializers from LIST and WATCH to preserve legacy client behavior (known as partially-initialized objects)
3. Add an admission controller that populates .initializer values per type, and denies mutation of initializers except by certain privilege levels (you must have the `initialize` verb on a resource)
4. Allow partially-initialized objects to be viewed via LIST and WATCH for initializer types
5. When creating objects, the object is "held" by the server until the initializers list is empty
6. Allow some creators to bypass initialization (set initializers to `[]`), or to have the result returned immediately when the object is created.

The code here should be backwards compatible for all clients because they do not see partially initialized objects unless they GET the resource directly. The watch cache makes checking for partially initialized objects cheap. Some reflectors may need to change to ask for partially-initialized objects.

```release-note
Kubernetes resources, when the `Initializers` admission controller is enabled, can be initialized (defaulting or other additive functions) by other agents in the system prior to those resources being visible to other clients.  An initialized resource is not visible to clients unless they request (for get, list, or watch) to see uninitialized resources with the `?includeUninitialized=true` query parameter.  Once the initializers have completed the resource is then visible.  Clients must have the the ability to perform the `initialize` action on a resource in order to modify it prior to initialization being completed.
```
 2017-06-03 07:16:52 -07:00
Irfan Ur Rehman bc9852fca4 [Federation][Kubefed] Support documentation for kubefed and its sub commands 2017-06-03 17:11:36 +05:30
Cao Shufeng c28efb85ff add cmd test for kubectl auth can-i 2017-06-03 17:01:00 +08:00
Kubernetes Submit Queue e837c3bbc2 Merge pull request #46388 from lavalamp/whitlockjc-generic-webhook-admission 
Automatic merge from submit-queue (batch tested with PRs 46239, 46627, 46346, 46388, 46524)

Dynamic webhook admission control plugin

Unit tests pass.

Needs plumbing:
* [ ] service resolver (depends on @wfender PR)
* [x] client cert (depends on ????)
* [ ] hook source (depends on @caesarxuchao PR)

Also at least one thing will need to be renamed after Chao's PR merges.

```release-note
Allow remote admission controllers to be dynamically added and removed by administrators.  External admission controllers make an HTTP POST containing details of the requested action which the service can approve or reject.
```
 2017-06-02 23:37:42 -07:00
Clayton Coleman 4ce3907639
Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
Kubernetes Submit Queue 5bf5d45c2b Merge pull request #46192 from cblecker/verify-dockerized 
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)

Exclude dockerized verify patterns

**What this PR does / why we need it**:
Change some of the `make verify` logic to allow excluding based on a pattern. Add the `verify-*-dockerized.sh` pattern to the excluded list.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-06-02 18:05:57 -07:00
Kubernetes Submit Queue caead74171 Merge pull request #45184 from DirectXMan12/feature/metrics-client-gen-tweaks 
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)

Tweak client-gen to support metrics API

This PR adds support to client-gen for readonly APIs as well as for customizing the resource name used for a given type.

This is required to support the clients generated for `k8s.io/metrics/pkg/apis/metrics`.

cc @caesarxuchao 

Currently based on #45180

**Release note**:
```release-note
NONE
```
 2017-06-02 18:05:50 -07:00
Kubernetes Submit Queue dcf19e8865 Merge pull request #45865 from caesarxuchao/remove-exception 
Automatic merge from submit-queue

remove exception in verify-no-vendor-cycles.sh

The exception is fixed by https://github.com/kubernetes/kubernetes/pull/45758.
 2017-06-02 13:02:18 -07:00
Kubernetes Submit Queue 97a5d37841 Merge pull request #40848 from smarterclayton/serverside_get 
Automatic merge from submit-queue (batch tested with PRs 46432, 46701, 46326, 40848, 46396)

Add a server side Get operation

Implement proposal kubernetes/community#363

```release-note
The Kubernetes API supports retrieving tabular output for API resources via a new mime-type `application/json;as=Table;v=v1alpha1;g=meta.k8s.io`.  The returned object (if the server supports it) will be of type `meta.k8s.io/v1alpha1` with `Table`, and contain column and row information related to the resource.  Each row will contain information about the resource - by default it will be the object metadata, but callers can add the `?includeObject=Object` query parameter and receive the full object.  In the future kubectl will use this to retrieve the results of `kubectl get`.
```
 2017-06-02 11:47:11 -07:00
Christoph Blecker f75274e04e
Create output_dir if doesn't exist 2017-06-01 23:09:14 -07:00
Saksham Sharma 9760d00d08 Add configuration options for encryption providers 
Add location transformer, config for transformers

Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.

Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.

Add new files to BUILD, AEAD => k8s-aes-gcm

Use group resources to select encryption provider

Update tests for configuration parsing

Remove location transformer

Allow specifying providers per resource group in configuration

Add IdentityTransformer configuration option

Fix minor issues with initial AEAD implementation

Unified parsing of all configurations

Parse configuration using a union struct

Run configuration parsing in APIserver, refactor parsing

More gdoc, fix minor bugs

Add test coverage for combined transformers

Use table driven tests for encryptionconfig
 2017-06-01 20:25:11 -07:00
Kubernetes Submit Queue f7a1f10275 Merge pull request #45919 from ericchiang/audit-webhook-backend 
Automatic merge from submit-queue

apiserver: add a webhook implementation of the audit backend

This builds off of #45315 and is intended to implement an interfaced defined in #45766.

TODO:

- [x] Rebase on top of API types PR.
- [x] Rebase on top of API types updates (#46065)
- [x] Rebase on top of feature flag (#46009)
- [x] Rebase on top of audit instrumentation.
- [x] Hook up API server flag or register plugin (depending on #45766)

Features issue https://github.com/kubernetes/features/issues/22

Design proposal https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auditing.md

```release-notes
Webhook added to the API server which omits structured audit log events.
```

/cc @soltysh @timstclair @soltysh @deads2k
 2017-06-01 13:41:59 -07:00
Kubernetes Submit Queue 62435edeff Merge pull request #46448 from dashpole/disk_eviction_defaults 
Automatic merge from submit-queue

Set Kubelet Disk Defaults for the 1.7 release

The `--low-diskspace-threshold-mb` flag has been depreciated since 1.6.
This PR sets the default to `0`, and sets defaults for disk eviction based on the values used for our [e2e tests](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/services/kubelet.go#L145).
This also removes the custom defaults for vagrant, as the new defaults should work for it as well.

/assign @derekwaynecarr 
cc @vishh 

```release-note
By default, --low-diskspace-threshold-mb is not set, and --eviction-hard includes "nodefs.available<10%,nodefs.inodesFree<5%"
```
 2017-06-01 10:04:27 -07:00
Kubernetes Submit Queue d3554ac0ce Merge pull request #46709 from wanghaoran1988/fix_46691 
Automatic merge from submit-queue

Disable all alpha feature gates by default in local-up-cluster.sh

**What this PR does / why we need it**:
Disable all alpha feature gates by default in local-up-cluster.sh
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #46691

**Special notes for your reviewer**:

**Release note**:
```
None
```
 2017-06-01 08:18:15 -07:00
Kubernetes Submit Queue 555fdf425d Merge pull request #46777 from sttts/sttts-inverse-verify-staging-imports-logic 
Automatic merge from submit-queue

hack/verify-staging-imports.sh: simplify by negating package list

The forbidden list of repos got lengthy. The inverse is much shorter and easiert to maintain.
 2017-06-01 07:11:13 -07:00
supereagle dc9f0f9729 mark --network-plugin-dir deprecated for kubelet, and update related bootstrap scripts 2017-06-01 22:06:44 +08:00
Dr. Stefan Schimanski 2b26a946a2 hack/verify-staging-imports.sh: simplify by negating package list 2017-06-01 14:49:13 +02:00
Kubernetes Submit Queue 98e5496aa2 Merge pull request #46677 from enisoc/tpr-migrate-etcd 
Automatic merge from submit-queue (batch tested with PRs 43505, 45168, 46439, 46677, 46623)

Add TPR to CRD migration helper.

This is a helper for migrating TPR data to CustomResource. It's rather hacky because it requires crossing apiserver boundaries, but doing it this way keeps the mess contained to the TPR code, which is scheduled for deletion anyway.

It's also not completely hands-free because making it resilient enough to be completely automated is too involved to be worth it for an alpha-to-beta migration, and would require investing significant effort to fix up soon-to-be-deleted TPR code. Instead, this feature will be documented as a best-effort helper whose results should be verified by hand.

The intended benefit of this over a totally manual process is that it should be possible to copy TPR data into a CRD without having to tear everything down in the middle. The process would look like this:

1. Upgrade to k8s 1.7. Nothing happens to your TPRs.
1. Create CRD with group/version and resource names that match the TPR. Still nothing happens to your TPRs, as the CRD is hidden by the overlapping TPR.
1. Delete the TPR. The TPR data is converted to CustomResource data, and the CRD begins serving at the same REST path.

Note that the old TPR data is left behind by this process, so watchers should not receive DELETE events. This also means the user can revert to the pre-migration state by recreating the TPR definition.

Ref. https://github.com/kubernetes/kubernetes/issues/45728
 2017-06-01 05:43:44 -07:00
Kubernetes Submit Queue c365829d01 Merge pull request #46487 from CaoShuFeng/LANG 
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

set LANG to 'C' in Makefile

Now we support multi-languages:
https://github.com/kubernetes/kubernetes/tree/master/translations

But some tests support only English. This test fails when LANG is set to zh_CN.UTF-8:
https://github.com/kubernetes/kubernetes/blob/master/hack/make-rules/test-cmd-util.sh#L2838
The expected err string is translated to Chinese:
https://github.com/kubernetes/kubernetes/blob/master/translations/kubectl/zh_CN/LC_MESSAGES/k8s.po#L82

**Release note**:

```
NONE
```
 2017-06-01 03:42:12 -07:00
Kubernetes Submit Queue 3e1d68624e Merge pull request #46323 from marun/fed-kubefed-beta-storage-class-annotation 
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

[Federation][kubefed]: Use StorageClassName for etcd pvc

This PR updates kubefed to use the StorageClassName field [added in 1.6](http://blog.kubernetes.io/2017/03/dynamic-provisioning-and-storage-classes-kubernetes.html
) for etcd's pvc to allow the user to specify which storage class they want to use.  If no value is provided to ``kubefed init``, the field will not be set, and initialization of the pvc may fail on a cluster without a default storage class configured.

The alpha annotation that was previously used (``volume.alpha.kubernetes.io/storage-class``) was deprecated as of 1.4 according to the following blog post:

http://blog.kubernetes.io/2016/10/dynamic-provisioning-and-storage-in-kubernetes.html

**Release note**:

```
'kubefed init' has been updated to support specification of the storage class (via --etcd-pv-storage-class) for the Persistent Volume Claim (PVC) used for etcd storage.  If --etcd-pv-storage-class is not specified, the default storage class configured for the cluster will be used.
```

cc: @kubernetes/sig-federation-pr-reviews
 2017-06-01 03:42:07 -07:00
Kubernetes Submit Queue bcc674bc9c Merge pull request #46686 from CaoShuFeng/deprecated-flags 
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

Update deprecated flags for "make test-cmd"

**Release note**:

```
NONE
```
 2017-06-01 03:42:03 -07:00
xilabao fe4afa8643 allow output patch string in edit command 2017-06-01 14:53:17 +08:00
Anthony Yeh ba59e14d44
Add TPR to CRD migration helper. 2017-05-31 19:07:38 -07:00
Christoph Blecker 079abb9ec9
Exclude dockerized verify patterns 2017-05-31 18:08:16 -07:00
Daniel Smith d6e1140b5d Implement dynamic admission webhooks 
Also fix a bug in rest client
 2017-05-31 16:38:46 -07:00
Jeremy Whitlock 83d3d59ce0 add "install" package for admission API group 
To properly register the types in the admission API group we need to
create an "install" package and wire it up.  This is required by the
webhook admission controller being developed as part of
https://github.com/kubernetes/community/pull/132
 2017-05-31 11:41:10 -07:00
Eric Chiang a88e0187f9 apiserver: add a webhook implementation of the audit backend 2017-05-31 09:45:23 -07:00
Haoran Wang cadbcf9419 Disable all alpha feature gates by default 2017-05-31 23:30:00 +08:00
Dr. Stefan Schimanski 781d27acac hack/update-swagger-spec.sh: use posix regex syntax 2017-05-31 11:57:03 +02:00
Kubernetes Submit Queue c79df64306 Merge pull request #46242 from ahmetb/clientgo-examples/crud-deployment 
Automatic merge from submit-queue

clientgo/examples: Add CRUD Deployment sample
 2017-05-31 01:54:07 -07:00
Cao Shufeng 33cecc3499 Update deprecated flags for "make test-cmd" 2017-05-31 15:20:09 +08:00
Cao Shufeng 58c6200764 set LANG to 'C' for "make test-cmd" 
Now we support multi-languages:
https://github.com/kubernetes/kubernetes/tree/master/translations

But some tests support only English. This test fails when LANG is set to zh_CN.UTF-8:
https://github.com/kubernetes/kubernetes/blob/master/hack/make-rules/test-cmd-util.sh#L2838
The expected err string is translated to Chinese:
https://github.com/kubernetes/kubernetes/blob/master/translations/kubectl/zh_CN/LC_MESSAGES/k8s.po#L82
 2017-05-31 13:44:16 +08:00
Kubernetes Submit Queue 5995690396 Merge pull request #46076 from liggitt/node-authorizer 
Automatic merge from submit-queue

Node authorizer

This PR implements the authorization portion of https://github.com/kubernetes/community/blob/master/contributors/design-proposals/kubelet-authorizer.md and kubernetes/features#279:
* Adds a new authorization mode (`Node`) that authorizes requests from nodes based on a graph of related pods,secrets,configmaps,pvcs, and pvs:
  * Watches pods, adds edges (secret -> pod, configmap -> pod, pvc -> pod, pod -> node)
  * Watches pvs, adds edges (secret -> pv, pv -> pvc)
  * When both Node and RBAC authorization modes are enabled, the default RBAC binding that grants the `system:node` role to the `system:nodes` group is not automatically created.
* Tightens the `NodeRestriction` admission plugin to require identifiable nodes for requests from users in the `system:nodes` group.

This authorization mode is intended to be used in combination with the `NodeRestriction` admission plugin, which limits the pods and nodes a node may modify. To enable in combination with RBAC authorization and the NodeRestriction admission plugin:
* start the API server with `--authorization-mode=Node,RBAC --admission-control=...,NodeRestriction,...`
* start kubelets with TLS boostrapping or with client credentials that place them in the `system:nodes` group with a username of `system:node:<nodeName>`

```release-note
kube-apiserver: a new authorization mode (`--authorization-mode=Node`) authorizes nodes to access secrets, configmaps, persistent volume claims and persistent volumes related to their pods.
* Nodes must use client credentials that place them in the `system:nodes` group with a username of `system:node:<nodeName>` in order to be authorized by the node authorizer (the credentials obtained by the kubelet via TLS bootstrapping satisfy these requirements)
* When used in combination with the `RBAC` authorization mode (`--authorization-mode=Node,RBAC`), the `system:node` role is no longer automatically granted to the `system:nodes` group.
```

```release-note
RBAC: the automatic binding of the `system:node` role to the `system:nodes` group is deprecated and will not be created in future releases. It is recommended that nodes be authorized using the new `Node` authorization mode instead. Installations that wish to continue giving all members of the `system:nodes` group the `system:node` role (which grants broad read access, including all secrets and configmaps) must create an installation-specific ClusterRoleBinding.
```

Follow-up:
- [ ] enable e2e CI environment with admission and authorizer enabled (blocked by kubelet TLS bootstrapping enablement in https://github.com/kubernetes/kubernetes/pull/40760)
- [ ] optionally enable this authorizer and admission plugin in kubeadm
- [ ] optionally enable this authorizer and admission plugin in kube-up
 2017-05-30 22:42:54 -07:00
xiangpengzhao 0cacf526b2 Suggest user to use 'hack/install-etcd.sh' when running integration tests without etcd found. 2017-05-31 11:39:34 +08:00
Kubernetes Submit Queue 438e737657 Merge pull request #46415 from shiywang/prvent304 
Automatic merge from submit-queue (batch tested with PRs 46635, 45619, 46637, 45059, 46415)

Update url information to prevent http 304 redirection

Although repo [https://github.com/GoogleCloudPlatform/kubernetes](https://github.com/GoogleCloudPlatform/kubernetes) still can be access, but I think one more 304 redirection is no needed

```release-note
NONE
```
 2017-05-30 19:49:04 -07:00