Automatic merge from submit-queue
Fix kubectl describe for pods with controllerRef
**What this PR does / why we need it**:
kubectl describe doesn't take controllerRef into consideration, resulting confusing result. e.g. if we have two replicaset with the same selector, one with 1 replica and the other 2 replicase, then both replicaset will show 3 running pods.
```sh
$ kubectl describe rs replicaset-2
Name: replicaset-2
Namespace: default
Selector: environment=prod
Labels: environment=prod
Annotations: <none>
Replicas: 2 current / 2 desired
Pods Status: 3 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: environment=prod
Containers:
created-from-replicaset:
Image: nginx
Port:
Environment: <none>
Mounts: <none>
Volumes: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5m 5m 1 replicaset-controller Normal SuccessfulCreate Created pod: replicaset-2-39szb
5m 5m 1 replicaset-controller Normal SuccessfulCreate Created pod: replicaset-2-470jr
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
xref #24946
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix kubectl describe for pods with controllerRef
```
Automatic merge from submit-queue (batch tested with PRs 48480, 48353)
remove tpr api access
xref https://github.com/kubernetes/kubernetes/issues/48152
TPR tentacles go pretty deep. This gets us started by removing API access and we'll move down from there.
@kubernetes/sig-api-machinery-misc
@ironcladlou this should free up the GC implementation since TPRs will no longer be present and failing.
```release-note
Removing TPR api access per https://github.com/kubernetes/kubernetes/issues/48152
```
Automatic merge from submit-queue (batch tested with PRs 48480, 48353)
Ensure namespace exists as part of RBAC reconciliation
reconciliation can race with the controller that creates the namespaces containing the bootstrap roles. if it loses, it gets a NotFound error trying to create the namespaced role/rolebinding.
Fixes https://github.com/kubernetes/kubeadm/issues/335
```release-note
RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup.
```
Automatic merge from submit-queue (batch tested with PRs 48473, 48341)
Refactor podListEqual()
**What this PR does / why we need it**:
To solve the problem:
this is not correct if there are duplicate pods in the list.
for example: podListEqual([a, a, b], [a, b, b]) will return true
**Special notes for your reviewer**:
the original method is O(N^2), while current method is 3* O(N).
I think it is much better.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Factored out simulate from nodeShouldRunDaemonPod.
Addressed comments from https://github.com/kubernetes/kubernetes/pull/48189#issuecomment-312223162
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
/sig apps
Automatic merge from submit-queue
Pods which exit and won't restart should not be in the Endpoints.NotReadyAddresses
**What this PR does / why we need it**:
Such pods should not be in the Endpoints.NotReadyAddresses:
* Failed pods with restart policy=Never
* Succeeded pods with restart policy=Never
* Succeeded pods with restart policy=OnFailure
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46776
**Special notes for your reviewer**:
/cc @wojtek-t
**Release note**:
```release-note
NONE
```
Refactors and removes the need for the more complex old code,
temporarily limits what output is shown for truly unknown objects (a
follow up change will allow server side handling and generic fallback),
and removes all of the generic printers in favor of a single code path.
Automatic merge from submit-queue
Use the azure certificate password when decoding the certificate
**What this PR does / why we need it**:
Use the correct password when decoding the azure client certificate.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47286
cc @colemickens
Automatic merge from submit-queue
modify the meassage in kubectl secret command when the envFile path is not an file path
What this PR does / why we need it:
We found that the error message of kubectl secret command when the the envFile path is not an file path
is inaccurate and the style is different with which in kubectl configmap command. We modified “must be a file” to "env secret file cannot be a directory"
Special notes for your reviewer:
None
Automatic merge from submit-queue (batch tested with PRs 47784, 47793, 48334, 48435, 48354)
allow a deletestrategy to opt-out of GC
Not all resources should be GC-able and we implemented an ignore list to handle this, but at the storage layer they could still set finalizers, they just hung in a stuck state forever. This updates the strategy to allow a resource to indicate that they shouldn't be GCed.
@kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue
Use %q formatter for error messages from the AWS SDK. #47789
Error messages from the AWS SDK can have return keys in them, so use %q formatter for those messages.
Automatic merge from submit-queue
support NoSchedule taints correctly in DaemonSet controller
Fixes https://github.com/kubernetes/kubernetes/issues/48190
```release-note
Support NoSchedule taints correctly in DaemonSet controller.
```
cc @kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue
Remove old node role label that is not used by kubeadm
**What this PR does / why we need it**:
This label hasn't been used by kubeadm since v1.5.
v1.5 support was dropped when v1.6 arrived due to a potential security flaw and the earlier alpha status.
So this label hasn't been used for around three months.
It makes sense to remove it in time for v1.8, could already have been done for v1.7
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 48264, 48324, 48125, 47944, 47489)
fix CopyStrings and ShuffleStrings for slice when slice is nil
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
This PR fixes two functions in util/slice.go, in which I think `CopyStrings` and `ShuffleStrings` miss one case. The case is input data is nil, in this case I think the data returned should be nil as well rather than a non-nil slice with 0 element.
In addition, I added some test code for this.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE, I did not raise a issue for this code. I ran into this when code learning.
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48264, 48324, 48125, 47944, 47489)
Add Pod UID (metadata.uid) to downward API env var
**What this PR does / why we need it**:
Exposing Pod UID by downward API.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#28918
**Special notes for your reviewer**:
Generated files aren't committed. I'd like CI to tell me what scripts should I run to generate these files.
/cc @smarterclayton @vishh @dubstack
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48264, 48324, 48125, 47944, 47489)
Set quota for volumes
**What this PR does / why we need it**:
This PR allows users of the Quobyte Storage class to specify if automatically a Quota for the volume should be created. With a Quota a Quobyte volume can only grow in the specified size.
**Special notes for your reviewer**:
Update the Quobyte API version for the needed functionality.
Automatic merge from submit-queue (batch tested with PRs 48317, 48313, 48351, 48357, 48115)
Cleanup lint errors in the pkg/kubelet/server/... directory
Cleanup some issues that were found while experimenting with https://github.com/alecthomas/gometalinter on the `pkg/kubelet/server/...` directories.
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
move term to kubectl/util
move term from pkg/util/term to pkg/kubectl/util/term
remove dependency of `k8s.io/kubernetes/pkg/util/term` for `pkg/kubelet/dockershim/exec.go` and `pkg/kubelet/dockershim/exec.go`
Ref: https://github.com/kubernetes/kubernetes/issues/48209
```release-note
NONE
```
/assign @apelisse @monopole
cc: @pwittrock
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
Add ApiEndpoint support to GCE config.
**What this PR does / why we need it**:
Add the ability to change ApiEndpoint for GCE.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
removed 'Storage' option from 'kubectl top' like options
**What this PR does / why we need it**:
https://github.com/kubernetes/kubectl/issues/34
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
Add unit test coverage for nvidiaGPUManager initialization
Part of #47750
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
kubelet: remove unused bandwidth shaping teardown code
Since v1.5 and the removal of --configure-cbr0:
0800df74ab "Remove the legacy networking mode --configure-cbr0"
kubelet hasn't done any shaping operations internally. They
have all been delegated to network plugins like kubenet or
external CNI plugins. But some shaping code was still left
in kubelet, so remove it now that it's unused.
@freehan @thockin @bprashanth
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
OpenAPI downloads protobuf rather than Json
**What this PR does / why we need it**:
The current implementation of the OpenAPI getter fetches the swagger in a Json format from the apiserver. The Json file is big (~1.7mb), which means that it takes a long time to download, and then a long time to parse. Because that is going to be needed on each `kubectl` run later, we want this to be as fast as possible.
The apiserver has been modified to be able to return a protobuf version of the swagger, which this patch intends to use.
Note that there is currently no piece of code that exists that allows us to go from the protobuf version of the file, back into Json and/or `spec.Swagger`. Because the protobuf is not very different (but significantly different enough that it can't be translated), I've updated the code to use `openapi_v2.Document` (the protobuf type) everywhere rather than `spec.Swagger`. The behavior should be identical though.
There are more changes that are coming in follow-up pull-requests: using the gzip version (also provided by the new apiserver) to even further reduce the size of the downloaded content, and use the HTTP Etag cache mechanism to completely get rid of recurrent fetch requests. I'm currently working on these two features.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
Fix removing finalizer for garbage collector
The loop should use 'continue' not 'break', otherwise removeFinalizer()
not only removes "orphaningFinalizer" from its finalizers list but
also removes others.
Fix#48363
**Release note**:
```release-note
NONE
```
Since v1.5 and the removal of --configure-cbr0:
0800df74ab "Remove the legacy networking mode --configure-cbr0"
kubelet hasn't done any shaping operations internally. They
have all been delegated to network plugins like kubenet or
external CNI plugins. But some shaping code was still left
in kubelet, so remove it now that it's unused.
Automatic merge from submit-queue
Validate if service has duplicate targetPort
**What this PR does / why we need it**:
Validate if a service has dup targetport
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47222
**Special notes for your reviewer**:
/cc @thockin
@kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Populate endpoints for headless service with no ports
**What this PR does / why we need it**:
- populate endpoints with headless service (thanks @fraenkel for the original PR!)
- allow ports with headless service
- nits
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#32796https://github.com/kubernetes/kubernetes/issues/32796#issuecomment-270462724
**Special notes for your reviewer**:
/cc @thockin @fraenkel
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Allocate clusterIP when change service type from ExternalName to ClusterIP
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#35354#46190
**Special notes for your reviewer**:
/cc @smarterclayton @thockin
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
dockershim: checkpoint HostNetwork property
To ensure kubelet doesn't attempt network teardown on HostNetwork
containers that no longer exist but are still checkpointed, make
sure we preserve the HostNetwork property in checkpoints. If
the checkpoint indicates the container was a HostNetwork one,
don't tear down the network since that would fail anyway.
Related: https://github.com/kubernetes/kubernetes/issues/44307#issuecomment-299548609
@freehan @kubernetes/sig-network-misc
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
iSCSi plugin: Remove redundant nil check
**What this PR does / why we need it**:
This patch is for cleanup of redundant nil check in iSCSI plugin.
This was mentioned at the code review on origin github thread.
https://github.com/openshift/origin/pull/14565
**Which issue this PR fixes**
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Add type conversion judgment
If do not type conversion judgment, there may be panic.
**Release note**:
```release-note
NONE
```
The loop should use 'continue' not 'break', otherwise removeFinalizer()
not only removes "orphaningFinalizer" from its finalizers list but
also removes others.
This partially reverts commit 2b311fefba.
We drop the changes to the DaemonSet controller but leave the test. By
reverting the changes, we make it easier to return different values of
shouldContinueRunning for intentional predicate failures, rather then
lumping all intentional predicate failures together. The test should
continue to pass after the fix.
Automatic merge from submit-queue (batch tested with PRs 47286, 47729)
Set default User-Agent on http probe
**Set a default User-Agent on `httpGet` probes**:
Currently the default Go HTTP client sets a `User-Agent` specific to the language and version, but every Go client has the same one. In Kubernetes, users can override the User-Agent by setting a header in their probe definition, but its tedious to do this everywhere.
This PR changes the default User-Agent only if not set (or removed) in the probe definition.
**Which issue this PR fixes**
fixes#29025
**Special notes for your reviewer**:
**Release note**:
```release-note
Change default `httpGet` probe `User-Agent` to `kube-probe/<version major.minor>` if none specified, overriding the default Go `User-Agent`.
```
Automatic merge from submit-queue (batch tested with PRs 47286, 47729)
Add client certificate authentication to Azure cloud provider
This adds support for client cert authentication in Azure cloud provider. The certificate can be provided in PKCS #12 format with password protection. Not that this authentication will be active only when no client secret is configured.
cc @brendandburns @colemickens
Automatic merge from submit-queue
fixes to two pkg/util unit tests
Spun out from #46537. Trivial unit test fixes:
- `pkg/util/ebtables/ebtables_test.go`'s tests are incorrectly named and so weren't getting run by "go test". (And one of them had a typo in it so it failed after the name was fixed)
- In `pkg/util/iptables/iptables_test.go`, the deletion tests were apparently written by copying+pasting+editing the creation tests, but they forgot to change the names of the tests to match the behavior that was being tested in the new version
Automatic merge from submit-queue
Remove repeat type conversions
Here is the type of conversion for the variable is repeated.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
deletePod handler in the deployment controller shouldn't set owner refs
**What this PR does / why we need it**:
This PR stops the deletePod handler in the deployment controller from adopting replica sets when determining if a deployment needs to be requeued. It leaves this logic to the replication loop, removing the replica set adoption side effect.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46933
**Special notes for your reviewer**:
@kargakis PR for delete pod handler setting owner refs issue
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 48183, 45611, 48065)
Fix Unstructured field accessor
Fix the Unstructured GetDeletionGracePeriodSeconds accessor which was
always returning nil regardless of the underlying stored value. The
field value always appearing nil prevents Custom Resource instances
from being deleted when garbage collection is enabled for CRs and
when DeletePropagationOrphan is used. More generally, this fix means that
delete-on-update now works for CR instances.
Add some test coverage for Unstructured metadata deserialization.
The Unstructured DeletionGracePeriodSeconds field marshals as a value
type from JSON and as a pointer type via SetDeletionGracePeriodSeconds.
The GetDeletionGracePeriodSeconds method now supports handling both
int64 and *int64 values so that either underlying value can be returned.
Add a reflection-based unit test which attempts to exercise all the
Object Get/Set methods for nil handling.
```release-note
Registries backed by the generic Store's `Update` implementation support delete-on-update, which allows resources to be automatically deleted during an update provided:
* Garbage collection is enabled for the Store
* The resource being updated has no finalizers
* The resource being updated has a non-nil DeletionGracePeriodSeconds equal to 0
With this fix, Custom Resource instances now also support delete-on-update behavior under the same circumstances.
```
Automatic merge from submit-queue (batch tested with PRs 48183, 45611, 48065)
kubectl: 'apply view-last-applied' must not use printf() semantics
**What this PR does / why we need it**:
This fixes `kubectl apply view-last-applied` to not use `fmt.Fprintf()`, as this will cause format codes in the YAML/JSON to be interpreted. For example, if a resource manifest contains `%r`, this would cause `view-last-applied` so print `%!r(MISSING)`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45608.
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixes an edge case where "kubectl apply view-last-applied" would emit garbage if the data contained Go format codes.
```
Fix the Unstructured GetDeletionGracePeriodSeconds accessor which was
always returning nil regardless of the underlying stored value. The
field value always appearing nil prevents Custom Resource instances
from being deleted when garbage collection is enabled for CRs and
when DeletePropagationOrphan is used. More generally, this fix means that
delete-on-update now works for CR instances.
Add some test coverage for Unstructured metadata deserialization.
The Unstructured DeletionGracePeriodSeconds field marshals as a value
type from JSON and as a pointer type via SetDeletionGracePeriodSeconds.
The GetDeletionGracePeriodSeconds method now supports handling both
int64 and *int64 values so that either underlying value can be returned.
Add a reflection-based unit test which attempts to exercise all the
Object Get/Set methods for nil handling.
GPU support is ramping up and we do not have a lot of reviewers that
are familiar with the codebase. I added myself as a reviewer and
copied a few people from the kubelet OWNERS file as approvers.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Automatic merge from submit-queue (batch tested with PRs 48123, 48079)
kubectl/cmd: many small refactors
#### Improve Code Quality in `pkg/kubectl/cmd`
___
* [x] Rename variables and functions to match Go convention. For example, UsageError --> UsageErrorf.
* [x] Remove redundant or unreachable code.
* [x] Simplify some utility functions (no functionality changes).
* [x] Fix hanging 'if { return } else { return }' constructs.
* [x] Fix several incorrect printf verbs.
These changes were extracted from the refactoring and flag parity work I'm doing in kubectl.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48123, 48079)
[Kubelet] Fix race condition in container manager
**What this PR does / why we need it**:
This fixes a race condition where the container manager capacity map was being updated without synchronization. It moves the storage capacity detection to kubelet initialization, which happens serially in one thread.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48045
**Release note**:
```release-note
Fixes kubelet race condition in container manager.
```
Centralize Capacity discovery of standard resources in Container manager.
Have storage derive node capacity from container manager.
Move certain cAdvisor interfaces to the cAdvisor package in the process.
This patch fixes a bug in container manager where it was writing to a map without synchronization.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
Automatic merge from submit-queue (batch tested with PRs 45610, 47628)
Add Priority to Kubernetes API
**What this PR does / why we need it**: This is the first in a series of PRs to add priority to Kubernetes API. Subsequent PRs will add priority name resolution to admission controller.
**Release note**:
```release-note
Add PriorityClassName and Priority fields to PodSpec.
```
* Rename variables and functions to match Go convention.
For example, UsageError --> UsageErrorf.
* Remove redundant or unreachable code.
* Simplify some utility functions (no functionality changes).
* Fix hanging 'if { return } else { return }' constructs.
* Fix several incorrect printf verbs.
Automatic merge from submit-queue (batch tested with PRs 47675, 48001)
cmd/create_deployment: refactor long function
Refactor the `createDeployment` function under `pkg/kubectl/cmd`.
- [x] Behavior has been extracted to two helper functions.
- [x] Behavior remains identical.
- [x] Logic has been made explicit through function naming and comments.
This is essentially the pattern I've been following in my larger branches (the ones that are pending the merge of #46468). Want to get some design feedback before I get too far away from `master`.
Thanks!
cc @apelisse @mengqiy @droot
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48106, 46761)
removing unnecessary shallow copy on SyncService
**What this PR does / why we need it**: remove shallow copy + avoid using same index name as the nested loop
**Which issue this PR fixes**: fixes#46703
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 48139, 48042, 47645, 48054, 48003)
Pipe clusterID into gce_loadbalancer_external.go
**What this PR does / why we need it**: Small cleanup for GCE ELB codes.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48002
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47038, 47105)
extending DefaultExternalHost for any registred cloud provider
**What this PR does / why we need it**: this PR enables DefaultExternalHost to work with any registered cloud provider.
**Which issue this PR fixes** : fixes#46567
**Special notes for your reviewer**:
**Release note**:
```release-note
When determining the default external host of the kube apiserver, any configured cloud provider is now consulted
```
Automatic merge from submit-queue
Use endpoints informer for the endpoint controller
This substantially reduces the number of API calls made by the endpoint
controller. Currently the controller makes an API call per endpoint for
each service that is synced. When the 30s resync is triggered, this
results in an API call for every single endpoint in the cluster. This
quickly exceeds the default qps/burst limit of 20/30 even in small
clusters, leading to delays in endpoint updates.
This change modifies the controller to use the endpoint informer cache
for all endpoint GETs. This means we only make API calls for changes in
endpoints. As a result, qps only depends on the pod activity in the
cluster, rather than the number of services.
**What this PR does / why we need it**:
Address endpoint update delays as described in https://github.com/kubernetes/kubernetes/issues/47597.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/47597
**Special notes for your reviewer**:
**Release note**:
```release-note
```
This substantially reduces the number of API calls made by the endpoint
controller. Currently the controller makes an API call per endpoint for
each service that is synced. When the 30s resync is triggered, this
results in an API call for every single endpoint in the cluster. This
quickly exceeds the default qps/burst limit of 20/30 even in small
clusters, leading to delays in endpoint updates.
This change modifies the controller to use the endpoint informer cache
for all endpoint GETs. This means we only make API calls for changes in
endpoints. As a result, qps only depends on the pod activity in the
cluster, rather than the number of services.
Automatic merge from submit-queue (batch tested with PRs 47484, 47904, 48034)
fix nits in kubelet server
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
fix nits in kubelet server
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44058, 48085, 48077, 48076, 47823)
don't pass CRI error through to waiting state reason
Raw gRPC errors are getting into the `Reason` field of the container status `State`, causing it to be output inline on a `kubectl get pod`
xref https://bugzilla.redhat.com/show_bug.cgi?id=1449820
Basically the issue is that the err and msg are reversed in `startContainer()`. The msg is short and the err is long. It should be the other way around.
This PR changes `startContainer()` to return a short error that becomes the Reason and the extracted gPRC error description that becomes the Message.
@derekwaynecarr @smarterclayton @eparis
Automatic merge from submit-queue (batch tested with PRs 44058, 48085, 48077, 48076, 47823)
Move iptables logging in kubeproxy from Errorf to V(2).Infof
Fixes https://github.com/kubernetes/kubernetes/issues/48052
This will stop fluentd from OOM'ing in reasonably large clusters with services due to kube-proxy. You'll still get iptables printed on setups which run at >= v2, but we can at least optout.
@bowei Does this look reasonable?
cc @kubernetes/sig-network-misc
Automatic merge from submit-queue (batch tested with PRs 44058, 48085, 48077, 48076, 47823)
Make background garbage collection cascading
Fix#44046, fix#47843 where user reported that the garbage collector didn't delete pods when a deployment was deleted with PropagationPolicy=Background.
The cause is that when propagating background garbage collection request, the garbage collector deletes dependents with DeleteOptions.PropagationPolicy=nil, which means the default GC policy of a resource (defined by its REST strategy) and the existing GC-related finalizers will decide how the delete request is propagated further. Unfortunately, the default GC policy for RS is orphaning, so the pods are behind when a deployment is deleted.
This PR changes the garbage collector to delete dependents with DeleteOptions.PropagationPolicy=Background when the owner is deleted in background. This means the dependent's existing GC finalizers will be overridden, making orphaning less flexible (see this made-up [case](https://github.com/kubernetes/kubeadm/issues/149#issuecomment-278942012)). I think sacrificing the flexibility of orphaning is worthwhile, because making the behavior of background garbage collection matching users' expectation is more important.
cc @lavalamp @kargakis @krmayankk @enisoc
```release-note
The garbage collector now cascades deletion properly when deleting an object with propagationPolicy="background". This resolves issue [#44046](https://github.com/kubernetes/kubernetes/issues/44046), so that when a deployment is deleted with propagationPolicy="background", the garbage collector ensures dependent pods are deleted as well.
```
Automatic merge from submit-queue (batch tested with PRs 48074, 47971, 48044, 47514, 47647)
Use more meaningful and consistent variable names in glusterfs plugin.
Automatic merge from submit-queue
Get rid of 30s ResyncPeriod in endpoint controller
Ref: #47597
This should fix one of the demons of endpoint controller.
/cc @smarterclayton @gmarek
Automatic merge from submit-queue
kubelet should let cloud-controller-manager set the node addresses
*Before this change:*
1. cloud-controller-manager sets all the addresses for a node.
2. kubelet on that node replaces these addresses with an incomplete set. (i.e. replace InternalIP and Hostname and delete all other addresses--ExternalIP, etc.)
*After this change:*
kubelet doesn't touch its node's addresses when there is an external cloudprovider.
Fixes#47155
```release-note
NONE
```
Automatic merge from submit-queue
Cleanup pkg/kubectl
I was reading through `pkg/kubectl` in preparation for completing https://github.com/kubernetes/kubectl/issues/11 and noticed several opportunities for improvement. This should be easy to review since it's mostly mechanical changes. The only complicated changes are in `addFromEnvFile`, which I refactored into two functions and wrote tests for.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47869, 48013, 48016, 48005)
Fix kubectl api-versions caching
xref https://github.com/kubernetes/kubectl/issues/41
The point of the `api-versions` and `version` commands is to ask the server for its API groups or versions, so we don't want to use cached data
Automatic merge from submit-queue
Removes alpha feature gate for affinity annotations.
**What this PR does / why we need it**:
In 1.5 we added a backstop to support alpha affinity annotations. This PR removes that support in favor of the Beta fields per discussions.
It also serves as a precursor to some of the component config work that @ncdc has done around @mikedanese design proposal.
xref: https://github.com/kubernetes/kubernetes/pull/41617
**Special notes for your reviewer**:
**Release note**:
```
Removes alpha feature gate for pod affinity annotations.
```
/cc @kubernetes/sig-scheduling-pr-reviews @kubernetes/sig-cluster-lifecycle-misc
Automatic merge from submit-queue
fixed the logging of which conversions.
Hi Guys,
After enable the function of logging of which conversions at [TestSpecificKind](d31a7cb301/pkg/api/serialization_test.go (L140)), I got the below errors:
```
pkg/api/serialization_test.go:140: cannot refer to unexported name api.scheme
pkg/api/serialization_test.go:140: undefined: api.scheme in api.scheme.Log
ok k8s.io/kubernetes/cmd/genutils 0.066s
```
So, this PR will fix that.
Automatic merge from submit-queue (batch tested with PRs 47776, 46220, 46878, 47942, 47947)
fix comment mistake
fix comment mistake
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47776, 46220, 46878, 47942, 47947)
update openstack metadata-service url
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47776, 46220, 46878, 47942, 47947)
Add statefulset to the completion candidates of kubectl scale
**What this PR does / why we need it**: This commit adds `statefulset` to the completion candidates of kubectl scale.
```
$ kubectl scale <tab>
deployment job --replicas replicaset replicationcontroller statefulset
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixeskubernetes/kubectl#14
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add token authentication method for websocket browser clients
Closes#47967
Browser clients do not have the ability to set an `Authorization` header programatically on websocket requests. All they have control over is the URL and the websocket subprotocols sent (see https://developer.mozilla.org/en-US/docs/Web/API/WebSocket)
This PR adds support for specifying a bearer token via a websocket subprotocol, with the format `base64url.bearer.authorization.k8s.io.<encoded-token>`
1. The client must specify at least one other subprotocol, since the server must echo a selected subprotocol back
2. `<encoded-token>` is `base64url-without-padding(token)`
This enables web consoles to use websocket-based APIs (like watch, exec, logs, etc) using bearer token authentication.
For example, to authenticate with the bearer token `mytoken`, the client could do:
```js
var ws = new WebSocket(
"wss://<server>/api/v1/namespaces/myns/pods/mypod/logs?follow=true",
[
"base64url.bearer.authorization.k8s.io.bXl0b2tlbg",
"base64.binary.k8s.io"
]
);
```
This results in the following headers:
```
Sec-WebSocket-Protocol: base64url.bearer.authorization.k8s.io.bXl0b2tlbg, base64.binary.k8s.io
```
Which this authenticator would recognize as the token `mytoken`, and if authentication succeeded, hand off to the rest of the API server with the headers
```
Sec-WebSocket-Protocol: base64.binary.k8s.io
```
Base64-encoding the token is required, since bearer tokens can contain characters a websocket protocol may not (`/` and `=`)
```release-note
Websocket requests may now authenticate to the API server by passing a bearer token in a websocket subprotocol of the form `base64url.bearer.authorization.k8s.io.<base64url-encoded-bearer-token>`
```
Automatic merge from submit-queue
Fix const naming in node/metrics
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47993, 47892, 47591, 47469, 47845)
deprecate created-by annotation for cronjob
**What this PR does / why we need it**: This PR deprecates created-by annotation for cronjob. This is needed as we now have ControllerRef.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44407
**Special notes for your reviewer**: I will create 3 PRs to fix the issue as the annotation is used in various parts of the codebase: cronjob, pod drain, and e2e test framework. This is the first PR. Other PRs can be found here: #47471, #47475
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47993, 47892, 47591, 47469, 47845)
Only do string trim when it's necessary
This will enhance performance a little bit.
**Release note**:
```
NONE
```
Automatic merge from submit-queue
storageclass ceph add imageformat parameter
**What this PR does / why we need it**:
Add a imageformat parameter for StorageClass(ceph rbd)
k8s hard coded ceph imageformat 1, according to [ceph manual](http://docs.ceph.com/docs/master/man/8/rbd/), imageformat 1 was deprecated, we should add an extra ceph parameter to set ceph rbd imageformat. Ceph rbd imageformat can only be 1 or 2, set the default value to 1.
**Release note**:
```release-note
Allow StorageClass Ceph RBD to specify image format and image features.
```
Automatic merge from submit-queue
Enhance message in cluster-info dump
**What this PR does / why we need it**:
This PR fixes the information message prints in the end after the cluster-info dump command.
- Added newline in the end
- Enhanced the message for dumping information to standard out
**Which issue this PR fixes** *
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This doesn't seem to be affecting anything and I'm not sure what the
correct behavior needs to be here. I'll highlight this in the code
review and hopefully work out a correct solution with the help of the
reviewers.
Run() is too overloaded in the codebase already. The other commands have
a pattern of RunExpose, RunScale, and so on. Since the command name is
"run", the associated function should be called RunRun.
Automatic merge from submit-queue
Ignore ErrNotFound when delete LB resources
IsNotFound error is fine since that means the object is
deleted already, so let's check it before return error.
Automatic merge from submit-queue (batch tested with PRs 47694, 47772, 47783, 47803, 47673)
Make different container runtimes constant
Make different container runtimes constant to avoid hardcode
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47694, 47772, 47783, 47803, 47673)
delete the for loops that done nothing
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47694, 47772, 47783, 47803, 47673)
Output TYPE for getting service
**What this PR does / why we need it**:
Now service already supported 4 ServiceTypes, ServiceTypes is
friendly to distinguish services, so outputing service type better
when running 'kubectl get service'.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47958, 46261, 46667, 47709, 47579)
Clean up Deployment overlap annotation code
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43322
**Special notes for your reviewer**:
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 47958, 46261, 46667, 47709, 47579)
use appsv1beta1 for statefulsets
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes https://github.com/kubernetes/kubernetes/issues/46922
Automatic merge from submit-queue (batch tested with PRs 47958, 46261, 46667, 47709, 47579)
Delete meaningless err check
**What this PR does / why we need it**:
Delete meaningless err check
We don't need to care about err check. In cited function, if err is not nil, I return t.Errorf directly.
So it does not matter that whether data is nil or err is nil.
**Release note**:
```release-note\
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47958, 46261, 46667, 47709, 47579)
Add a feature gate for Debug Containers
**What this PR does / why we need it**: Adds a feature gate for Debug Containers feature proposed in kubernetes/community#649. This feature requires changes to the kubelet, apiserver and kubectl which can be decoupled except for the gate.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46151, 47602, 47507, 46203, 47471)
deprecate created-by annotation for pod drain
**What this PR does / why we need it**: This PR deprecates created-by annotation for pod drain. This is required as we now have ControllerRef.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44407
**Special notes for your reviewer**: This is the second PR for deprecating created-by annotation. Other PRs can be found here: https://github.com/kubernetes/kubernetes/pull/47469 , #47475
**Release note**:
```release-note
```
Automatic merge from submit-queue
Add alpha command to kubectl
Also allow new commands to disable themselves by returning a nil value. This can be used to disable commands based on feature gates.
**What this PR does / why we need it**: Method of enabling alpha functionality in kubectl
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: ref #45922
**Special notes for your reviewer**: Part of a discussion in #45922 with @pwittrock
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47915, 47856, 44086, 47575, 47475)
AWS: Fix suspicious loop comparing permissions
Because we only ever call it with a single UserId/GroupId, this would
not have been a problem in practice, but this fixes the code.
Fix#36902
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47915, 47856, 44086, 47575, 47475)
Change second StorageClass Column to provisioner
Some provisioners have key-value pairs in parameters map which key is type, here TYPE in StorageClass columns may be confused.
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#storageclasses
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47915, 47856, 44086, 47575, 47475)
kubelet should resume csr bootstrap
Right now the kubelet creates a new csr object with the same key every
time it restarts during the bootstrap process. It should resume with the
old csr object if it exists. To do this the name of the csr object must
be stable.
Issue https://github.com/kubernetes/kubernetes/issues/47855
Automatic merge from submit-queue (batch tested with PRs 47403, 46646, 46906, 46527, 46792)
Add test case for namespace
**What this PR does / why we need it**:
Unit test case need add that when name is "".
**Special notes for your reviewer**:
refer to https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/namespace.go#L74
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47403, 46646, 46906, 46527, 46792)
add ContainerRuntimeVersion to `kubectl get nodes -o=wide` output
**What this PR does / why we need it**: adds container runtime version to `kubectl get nodes -o=wide` output as a way to surface more node-level information
When upgrading to a new container runtime version (docker 1.11 -> docker 1.12) or when experimenting with a different container runtime version (experimenting with rkt in a docker cluster), it's useful for cluster operators to see which nodes are running which container runtime version. `kubectl get nodes -o=wide` already provides kernel and OS version, and I believe adding container runtime version would be good.
**Release note**:
```release-note
container runtime version has been added to the output of `kubectl get nodes -o=wide` as `CONTAINER-RUNTIME`
```
Automatic merge from submit-queue
Fix error message of isDir
**What this PR does / why we need it**:
Use IsRegular to replace isDir
Accoding to the code logic, using IsRegular is proper.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
add test for kubectl create pdb
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47227, 47119, 46280, 47414, 46696)
Mark deprecated info in short description of deprecated commands.
**What this PR does / why we need it**:
Mark deprecated commands in 'kubectl help'. See https://github.com/kubernetes/kubectl/issues/20
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubectl/issues/20
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47227, 47119, 46280, 47414, 46696)
Move seccomp helper methods and tests to platform-specific files.
**What this PR does / why we need it**:
Seccomp helper methods are for linux only, move them to linux-specific helper file.
As discussed in https://github.com/kubernetes/kubernetes/pull/46744
**Which issue this PR fixes**
**Special notes for your reviewer**:
**Release note**:
Automatic merge from submit-queue (batch tested with PRs 47227, 47119, 46280, 47414, 46696)
Improve code coverage for pkg/printer
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47227, 47119, 46280, 47414, 46696)
controller: fix error message
**What this PR does / why we need it**:
just fix error typo, think you :)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
volumes: SetNodeStatusUpdateNeeded on error
If an error happened during the UpdateNodeStatuses loop, there were some
code paths where we would not call SetNodeStatusUpdateNeeded, leaking
the state. Add it to all paths by adding a function.
Part of #40583
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47922, 47195, 47241, 47095, 47401)
AWS: Set CredentialsChainVerboseErrors
This avoids a rather confusing error message.
Fix#39374
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47922, 47195, 47241, 47095, 47401)
Run cAdvisor on the same interface as kubelet
**What this PR does / why we need it**:
cAdvisor currently binds to all interfaces. Currently the only
solution is to use iptables to block access to the port. We
are better off making cAdvisor to bind to the interface that
kubelet uses for better security.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#11710
**Special notes for your reviewer**:
**Release note**:
```release-note
cAdvisor binds only to the interface that kubelet is running on instead of all interfaces.
```
Kubernetes Submit Queue