Automatic merge from submit-queue
Reverted conversion of influx-db to PetSet.
```release-note
Reverted conversion of influx-db to Pet Set, it is now a Replication Controller.
```
Reverted conversion of influx-db to PetSet, it is now a Replication Controller and Persistent Volumes are no longer used.
* Add a pillar for hostname (because even if there's a good Salt
function for it, I don't trust it to return the short hostname)
* Move INITIAL_ETCD_CLUSTER to just the GCE turn-up
* Remove the master_name, which isn't needed as a pillar
Automatic merge from submit-queue
Handle container terminated but pod still running in conditions
Sometimes when you have a pod with more than one container, and the container runs and terminates really fast, `PodContainerRunning` can go into a state where the pod indicates it's still running, but the container is already terminated. Handle that condition by returning `ErrContainerTerminated` when it happens.
Automatic merge from submit-queue
Replacing skydns with kubedns for the juju cluster. #29720
```release-note
* Updating the cluster/juju provider to use kubedns in place of skydns.
```
Automatic merge from submit-queue
Install go-bindata in cross-build image
Another follow-up to #25584.
We need `go-bindata` to create `test/e2e/generated`, and downloading it with `go get` at build time is painful for a variety of reasons. We can just include it in the cross-build image and not worry about it, especially as it updates very infrequently.
This fixes `hack/update-generated-protobuf.sh` as well.
cc @jayunit100 @soltysh
Automatic merge from submit-queue
pv e2e refactor and pre-bind test
refactored persistentvolume e2e so that multiple It() tests can be run. Added one test case for pre-binding, but the overall structure of the test should allow additional test cases to be more easily added.
Automatic merge from submit-queue
rbac validation: rules can't combine non-resource URLs and regular resources
This PR updates the validation used for RBAC to prevent rules from mixing non-resource URLs and regular resources.
For example the following is no longer valid
```yml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: admins
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
nonResourceURLs: ["*"]
```
And must be rewritten as so.
```yml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: admins
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ["*"]
verbs: ["*"]
```
It also:
* Mandates non-zero length arrays for required resources.
* Mandates non-resource URLs only be used for ClusterRoles (not namespaced Roles).
* Updates the swagger validation so `verbs` are the only required field in a rule. Further validation is done by the server.
Also, do we need to bump the API version?
Discussed by @erictune and @liggitt in #28304
Updates kubernetes/features#2
cc @kubernetes/sig-auth
Edit:
* Need to update the RBAC docs if this change goes in.
Automatic merge from submit-queue
Make verify-godeps check the results
Verify the results of godep restore/save. When forced to run this finds a handful of real deltas that need to be resolved.
Fixes#29402
@rmmh because you wrote #29571 which is the major culprit
Automatic merge from submit-queue
Prepare for using "ControllerRef" in scheduler
This is part of a PR that I already have to avoid a bunch of rebases in the future (controller ref probably won't happen in 1.4 release).
@davidopp
Automatic merge from submit-queue
Resolve docker-daemon cgroup issue for both systemd and non-systemd node for node e2e tests
Fixed https://github.com/kubernetes/kubernetes/issues/29827
cc/ @coufon this should unblock your pr: #29764
I validated both containervm image and coreos image, and works as expected.
This is also required for adding gci image to node e2e test infrastructure.
Automatic merge from submit-queue
Fix deployment e2e test: waitDeploymentStatus should error when entering an invalid state
Follow up #28162
1. We should check that max unavailable and max surge aren't violated at all times in e2e tests (didn't check this in deployment scaled rollout yet, but we should wait for it to become valid and then continue do the check until it finishes)
2. Fix some minor bugs in e2e tests
@kubernetes/deployment
Automatic merge from submit-queue
Remove myself from test ownership.
These are almost certainly not correct, but probably more likely owners than myself.
@rmmh @dchen1107 @timstclair @erictune @mtaufen @caesarxuchao @fgrzadkowski @krousey @lavalamp
Automatic merge from submit-queue
Add dry run capability to cherry_pick_pull.sh
When creating patches for downstream projects like OpenShift, I found it to be helpful to have a dry run mode for the cherry-pick script.
@k8s-oncall
cc @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
Verify if Secure and InsecurePort are equal for apiserver
If we specify the kube-apiserver flags `--secure-port` and `--insecure-port` with the same port, the server will print the below error info repeatedly. In fact, it's meaningless to do this. It should verify if the two flags are equal. If so, the server should give error info and exit directly.
```
root@vm:~# [restful] 2016/08/01 13:11:52 log.go:30: [restful/swagger] listing is available at https://172.16.1.11:8888/swaggerapi/
[restful] 2016/08/01 13:11:52 log.go:30: [restful/swagger] https://172.16.1.11:8888/swaggerui/ is mapped to folder /swagger-ui/
E0801 13:11:53.102232 2481 genericapiserver.go:733] Unable to listen for secure (listen tcp 0.0.0.0:8888: bind: address already in use); will try again.
E0801 13:12:08.116463 2481 genericapiserver.go:733] Unable to listen for secure (listen tcp 0.0.0.0:8888: bind: address already in use); will try again.
```
After fixing, the print is like this:
```
root@vm:~# F0801 11:51:44.308180 1921 genericapiserver.go:599] --secure-port and --insecure-port cannot use the same port.
goroutine 1 [running]:
k8s.io/kubernetes/vendor/github.com/golang/glog.stacks(0x4871d00, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:766 +0xb8
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).output(0x48517c0, 0xc800000003, 0xc820368000, 0x470aeab, 0x13, 0x257, 0x0)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:717 +0x259
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).printf(0x48517c0, 0xc800000003, 0x3518280, 0x3b, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:655 +0x1d4
k8s.io/kubernetes/vendor/github.com/golang/glog.Fatalf(0x3518280, 0x3b, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:1145 +0x5d
k8s.io/kubernetes/pkg/genericapiserver.verifySecureAndInsecurePort(0xc820132800)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:599 +0xad
k8s.io/kubernetes/pkg/genericapiserver.ValidateRunOptions(0xc820132800)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:607 +0x4b
k8s.io/kubernetes/pkg/genericapiserver.DefaultAndValidateRunOptions(0xc820132800)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:611 +0x4e
k8s.io/kubernetes/cmd/kube-apiserver/app.Run(0xc8202c9560, 0x0, 0x0)
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:84 +0x8e
main.main()
/home/paas/zxp/code/k8s/fork/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/apiserver.go:48 +0x111
[2]+ Exit 255
```
This will fix the same issue of federation-apiserver.
cc @lavalamp @quinton-hoole
Zhou Fang