Commit Graph

58643 Commits (8dbe48652d5b25c7e81e694039ccc04fda468121)

Author SHA1 Message Date
m1093782566 787a55bb67 install ipset in debian-iptables docker image and bump tag to v10 2017-11-22 15:37:15 +08:00
Michelle Au 6540850fa2 Add note to feature gate 2017-11-21 23:19:45 -08:00
Michelle Au 781b5a99c9 Local e2e tests 2017-11-21 23:19:44 -08:00
Michelle Au f5ec326e7a Add scheduler and pv controller integration test 2017-11-21 23:19:44 -08:00
Michelle Au 2231246fa5 Add import restriction 2017-11-21 23:19:44 -08:00
Michelle Au a84e5b9613 update build files 2017-11-21 23:19:44 -08:00
Michelle Au 5871b501ac Add assume/bind volume functions to scheduler 2017-11-21 23:19:44 -08:00
Michelle Au 094841c62e Add predicate to find volume matches 2017-11-21 23:19:44 -08:00
Michelle Au 01a8772111 Scheduler volume cache plumbing and predicate invalidation 2017-11-21 23:19:43 -08:00
xiangpengzhao e75c6628de Add unit test case for new funcs 2017-11-22 14:41:41 +08:00
xiangpengzhao 7549b4184f Make expired cert check more clear. 2017-11-22 14:41:40 +08:00
xiangpengzhao 2b00d36241 Address review comments. 2017-11-22 14:41:40 +08:00
xiangpengzhao b37d6641a7 Auto generated BUILD files. 2017-11-22 14:41:37 +08:00
Kubernetes Submit Queue afb26b9323
Merge pull request #51493 from mtanino/pr/BlockVolumesSupport-fc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Block volumes Support: FC plugin update

**What this PR does / why we need it**:

Add interface changes to FC volume plugin to enable block volumes support feature.

**Which issue this PR fixes**: 
Based on this proposal (kubernetes/community#805 & kubernetes/community#1265) and this feature issue: kubernetes/features#351

**Special notes for your reviewer**:

This PR temporarily includes following changes except FC plugin change for reviewing purpose.
These changes will be removed from the PR once they are merged.
- (#50457) API Change 
- (#53385) VolumeMode PV-PVC Binding change
- (#51494) Container runtime interface change, volumemanager changes, operationexecutor changes

There are another PRs related to this functionality.
(#50457) API Change
(#53385) VolumeMode PV-PVC Binding change
(#51494) Container runtime interface change, volumemanager changes, operationexecutor changes
(#55112) Block volume: Command line printer update
Plugins
(#51493) Block volumes Support: FC plugin update
(#54752) Block volumes Support: iSCSI plugin update

**Release note**:

```
FC plugin: Support for block volume 
- This enables uses to allow attaching raw block volume to their pod without filesystem through FC plugin.
```
2017-11-21 22:25:50 -08:00
edisonxiang 18f0802852 fix controlplane unit tests
What this PR does / why we need it:

when the flexvolumeDirVolumePath is truely existent in the host,
```cmd/kubeadm/app/phases/controlplane``` unit tests will be failed.

Fixes #56189

Release note:
```release-note
NONE
```
2017-11-22 14:19:12 +08:00
Michelle Au fa6b62fa63 Library for scheduler volume binding 2017-11-21 21:42:36 -08:00
Michelle Au b49a1ce1a4 Cache for pod bindings 2017-11-21 21:42:36 -08:00
Michelle Au 10800e68ac Add assume cache for PVs 2017-11-21 21:42:35 -08:00
Michelle Au 58823a75a4 In findMatchingVolumes:
- Delay binding until Pod is scheduled
- Check for PV node affinity and access modes
- Exclude volumes from being matching
2017-11-21 21:42:35 -08:00
Kubernetes Submit Queue 9a0bbd0aa9
Merge pull request #53765 from tanshanshan/fix-bug1
Automatic merge from submit-queue (batch tested with PRs 54529, 53765). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix  #53735, check whether  interface conversion is ok

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

fix #53735

avoid interface conversion error 

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-11-21 21:38:59 -08:00
Kubernetes Submit Queue 1bdb61f828
Merge pull request #54529 from vladimirvivien/k8s-csi-intree-plugin
Automatic merge from submit-queue (batch tested with PRs 54529, 53765). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Kubernetes CSI - in-tree Plugin Implementation

**What this PR does / why we need it**:
This PR is part of the internal Kubernetes CSI Volume plugin.  It implements the Attach/Detach/Mount/Unmount API.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: https://github.com/kubernetes/features/issues/178

**Special notes for your reviewer**:
- Implements feature https://github.com/kubernetes/features/issues/178
- Designed https://github.com/kubernetes/community/pull/1258

Other CSI Volume plugin PRs
- CSI Persistent Volume Source - https://github.com/kubernetes/kubernetes/pull/55204

**Release note**:
```release-note
NONE
```
2017-11-21 21:38:56 -08:00
Jordan Liggitt ae7dccf2e9
Revert "Kubelet flags take precedence over config from files/ConfigMaps"
This reverts commit cbebb61450.
2017-11-21 23:55:43 -05:00
Kubernetes Submit Queue 1489d19443
Merge pull request #56175 from ericchiang/oidc-fix-prefixing
Automatic merge from submit-queue (batch tested with PRs 51494, 56097, 56072, 56175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

oidc auth: fix prefix flag plumbing

Fixes https://github.com/kubernetes/kubernetes/issues/56169

Tested this with an full API server against Google. It works now.

:(

cc @kubernetes/sig-auth-bugs 

```release-note
kube-apiserver: fixed --oidc-username-prefix and --oidc-group-prefix flags which previously weren't correctly enabled
```

/assign @liggitt @deads2k 

Probably worth a cherry pick.
2017-11-21 19:49:33 -08:00
Kubernetes Submit Queue 947295a760
Merge pull request #56072 from kad/fine-checks
Automatic merge from submit-queue (batch tested with PRs 51494, 56097, 56072, 56175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Implement individual control for kubeadm preflight checks

**What this PR does / why we need it**:
With new flag `--ignore-checks-errors` user is able to
decrease severity of each individual check error to warning.

Old flag `--skip-preflight-checks` now acts as `--ignore-checks-errors=all` and will produce warnings.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#480

**Special notes for your reviewer**:
/area kubeadm 
/sig cluster-lifecycle

cc @luxas 

**Release note**:
```release-note
New kubeadm flag `--ignore-checks-errors` that enables to decrease severity of each individual error to warning.
Old flag `--skip-preflight-checks` is marked as deprecated and acts as `--ignore-checks-errors=all`
```
2017-11-21 19:49:31 -08:00
Kubernetes Submit Queue d7a96d5e88
Merge pull request #56097 from mtaufen/kc-file-e2e-test
Automatic merge from submit-queue (batch tested with PRs 51494, 56097, 56072, 56175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Kubelet flags take precedence over config from files/ConfigMaps

Changes the Kubelet configuration flag precedence order so that flags
take precedence over config from files/ConfigMaps.

See:
https://docs.google.com/document/d/18-MsChpTkrMGCSqAQN9QGgWuuFoK90SznBbwVkfZryo/

Also modifies e2e node test suite to transform all relevant Kubelet flags into
a config file before starting tests when the KubeletConfigFile feature gate is
true, and turns on the KubeletConfigFile gate for all e2e node tests.
This allows the alpha dynamic Kubelet config feature to continue to 
work in tests after the precedence change.

fixes #56171

Related: https://github.com/kubernetes/features/issues/281


```release-note
CLI flags passed to the Kubelet now take precedence over Kubelet config files and dynamic Kubelet config. This helps ensure backwards compatible behavior across Kubelet binary updates.
```
2017-11-21 19:49:27 -08:00
Kubernetes Submit Queue db7bb9e2ed
Merge pull request #51494 from mtanino/pr/BlockVolumesSupport-volumemanager
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Block volumes Support: CRI, volumemanager and operationexecutor changes

**What this PR does / why we need it**:
This PR contains following items to enable block volumes support feature.
- container runtime interface change
- volumemanager changes
- operationexecuto changes


**Which issue this PR fixes**:
Based on this proposal (kubernetes/community#805) and this feature issue: kubernetes/features#351

**Special notes for your reviewer**:

There are another PRs related to this functionality.
(#50457) API Change
(#53385) VolumeMode PV-PVC Binding change
(#51494) Container runtime interface change, volumemanager changes, operationexecutor changes
(#55112) Block volume: Command line printer update
Plugins
(#51493) Block volumes Support: FC plugin update
(#54752) Block volumes Support: iSCSI plugin update

**Release note**:
```
Adds alpha support for block volume, which allows the users to attach raw block volume to their pod without filesystem on top of the volume.
```
/cc @msau42 @liggitt @jsafrane @saad-ali @erinboyd @screeley44
2017-11-21 19:43:27 -08:00
jeff vance 2bd0cd2fd4 fixes issue 56041 2017-11-21 19:35:05 -08:00
Yang Guo 82c9eec164 Expose single annotation/label via downward API 2017-11-21 19:21:10 -08:00
Michelle Au 3d0b510e25 Refactor bindVolumeToClaim() into 1) forming new PV object 2) making API and cache update 2017-11-21 19:11:36 -08:00
Michelle Au 3211b8b0c4 Refactor PV selection into a common call for scheduler and PV controller 2017-11-21 19:11:36 -08:00
Kubernetes Submit Queue 754017bef4
Merge pull request #56105 from balajismaniam/enable-cpuman-only-when-not-skipped
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Enable cpu manager only if the node e2e test is not skipped.

**What this PR does / why we need it**: This PR enables cpu manager in Kubelet only if the node e2e tests are not skipped. This change fixes the failures seen in https://k8s-testgrid.appspot.com/sig-node-kubelet#kubelet-serial-gce-e2e. 

Fixes #56144
2017-11-21 18:56:39 -08:00
Kubernetes Submit Queue 943d37246a
Merge pull request #56170 from rajansandeep/corefileupdate
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update the configmap manifest in CoreDNS

**What this PR does / why we need it**:
This PR updates the corefile to retain the pod requests support like in kube-dns. This helps when upgrading CoreDNS using kubeadm upgrade (#55952).

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-21 18:56:37 -08:00
Kubernetes Submit Queue d5bc9a4164
Merge pull request #56168 from screeley44/fix-toggle-bug
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fixing issue of feature gate not being turned off properly

Fixes #56166 

Adding proper defer and toggle of feature gate for BlockVolume support
2017-11-21 18:56:34 -08:00
Kubernetes Submit Queue 5ac4f172f9
Merge pull request #55329 from kow3ns/sts-name-label
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Sts per Pod Name Label

**What this PR does / why we need it**:
StatefulSet controller will add a label for each Pod in the StatefulSet. The label is of the form 
`statefulset.kubernetes.io/pod-name: <pod.Name>`. This allows a unique service to be created for each Pod in the StatefulSet.

Fixes  #44103, #28660


```release-note
StatefulSet controller will create a label for each Pod in a StatefulSet. The label is named statefulset.kubernetes.io/pod-name and it is equal to the name of the Pod. This allows users to create a Service per Pod to expose a connection to individual Pods.
```
2017-11-21 18:56:31 -08:00
Kubernetes Submit Queue 3bb6eeeb07
Merge pull request #55340 from jiayingz/metrics
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Adds device plugin allocation latency metric.

For #53497


**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note

```
2017-11-21 18:56:29 -08:00
Pengfei Ni b8469e4a25 Update bazel and remove unused data files 2017-11-22 02:50:08 +00:00
Pengfei Ni 7e21146096 Verify seccomp absolute path in dockershim 2017-11-22 02:49:52 +00:00
Pengfei Ni 2a2a875686 Fix incorrect localhost seccomp profile path 2017-11-22 02:49:23 +00:00
Di Xu 344fe56ed3 change DefaultGarbageCollectionPolicy to DeleteDependents for workload controllers 2017-11-22 10:09:44 +08:00
Kubernetes Submit Queue 277d866111
Merge pull request #50984 from timothysc/checkpoint
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Initial basic bootstrap-checkpoint support

**What this PR does / why we need it**:
Adds initial support for Pod checkpointing to allow for controlled recovery of the control plane during self host failure conditions. 

fixes #49236
xref https://github.com/kubernetes/features/issues/378

**Special notes for your reviewer**:

Proposal is here: https://docs.google.com/document/d/1hhrCa_nv0Sg4O_zJYOnelE8a5ClieyewEsQM6c7-5-o/edit?ts=5988fba8#

1. Controlled tests work, but I have not tested the self hosted api-server recovery, that requires validation and logs.  /cc @luxas 
2. In adding hooks for checkpoint manager much of the tests around basicpodmanager appears to be stub'd.  This has become an anti-pattern in the code and should be avoided.  
3. I need a node-e2e to ensure consistency of behavior. 

**Release note**:
```
Add basic bootstrap checkpointing support to the kubelet for control plane recovery
```

/cc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-node-pr-reviews
2017-11-21 17:57:40 -08:00
Kubernetes Submit Queue 8a5cf788b0
Merge pull request #55848 from MrHohn/custom-pod-dns-api
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add Custom Pod DNS to Kubernetes API

**What this PR does / why we need it**:
Ref:
- Feature issue: https://github.com/kubernetes/features/issues/504
- Proposal: https://github.com/kubernetes/community/pull/1276

This PR adds the relevant APIs, validation check and the underlying kubelet changes.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE 

**Special notes for your reviewer**:
/sig network 
@kubernetes/sig-network-api-reviews 
/assign @bowei @thockin 

**Release note**:

```release-note
Add DNSConfig field to PodSpec and support "None" mode for DNSPolicy (Alpha).
```
2017-11-21 17:57:37 -08:00
Kubernetes Submit Queue 94a8d81172
Merge pull request #55447 from jingxu97/Nov/podmetric
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add Pod-level local ephemeral storage metric in Summary API

This PR adds pod-level ephemeral storage metric into Summary API.
Pod-level ephemeral storage usage is the sum of all containers and local
ephemeral volume including EmptyDir (if not backed up by memory or
hugepages), configueMap, and downwardAPI.
Address issue #55978

**Release note**:
```release-note
Add pod-level local ephemeral storage metric in Summary API. Pod-level ephemeral storage reports the total filesystem usage for the containers and emptyDir volumes in the measured Pod.
```
2017-11-21 17:57:34 -08:00
Kubernetes Submit Queue 2f2ab910ef
Merge pull request #55752 from kevinkim9264/fix-azure-loadbalancer
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Azure Load Balancer reconciliation should consider all Kubernetes-controlled properties of a LB NSG

**What this PR does / why we need it**:
This PR refers to issue #55733 
With this PR, Kubernetes will update Azure nsg rules based on not just name, but also based on other properties such as destination port range and destination ip address.
We need it because right now Kubernetes will detect the difference and update only if there is difference in Name of nsg rule. It's been working fine for changing destination port range and source IP address because these two are part of the Name. (which external users should not assume) Basically right now, Kubernetes won't detect the difference if I go ahead and change any part of nsg rule using port UI. 
This PR will let Kubernetes detect the difference and always try to reconcile nsg rules with service definition.

**Which issue(s) this PR fixes** :
Fixes #55733 

**Special notes for your reviewer**: None

**Release note**:

```release-note
Kubernetes update Azure nsg rules based on not just difference in Name, but also in Protocol, SourcePortRange, DestinationPortRange, SourceAddressPrefix, DestinationAddressPrefix, Access, and Direction.
```
2017-11-21 17:57:31 -08:00
Kubernetes Submit Queue 25ebf875b4
Merge pull request #55812 from deads2k/admission-17-external
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make versioned types for webhook admission config

Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.  

@kubernetes/sig-api-machinery-pr-reviews 
@ericchiang as promised.  fyi.

```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
  configuration:
    kind: WebhookAdmission
    apiVersion: apiserver.config.k8s.io/v1alpha1
    kubeConfigFile: /path/to/my/file
```

`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`
2017-11-21 17:57:29 -08:00
Lantao Liu 09b614abbb Do not add new field in fluentd CRI log format. 2017-11-22 01:25:24 +00:00
Vladimir Vivien e489629895 CSI - GoDeps dependency updates 2017-11-21 20:21:04 -05:00
Vladimir Vivien c90a68c133 CSI - Generated source code
This commit tracks all auto-generated sources.
2017-11-21 20:21:04 -05:00
Vladimir Vivien dd08d1b489 CSI - API source code implementation
This commit tracks source code update for the CSI volume plugin implementation.
2017-11-21 20:20:58 -05:00
Kubernetes Submit Queue 630dbedef9
Merge pull request #56042 from stewart-yu/kubeadm#554
Automatic merge from submit-queue (batch tested with PRs 56128, 56004, 56083, 55833, 56042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Automatically opt into dependent feature gates when using kubeadm

**What this PR does / why we need it**:
There will be a dependency chain between  feature gates.  kubeadm needs to automatically opt into dependent feature gates of a chosen one.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # [https://github.com/kubernetes/kubeadm/issues/554](https://github.com/kubernetes/kubeadm/issues/554)

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-21 17:05:02 -08:00
Kubernetes Submit Queue c975b13869
Merge pull request #55833 from feiskyer/azure-vmss
Automatic merge from submit-queue (batch tested with PRs 56128, 56004, 56083, 55833, 56042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add initial Virtual Machine Scale Sets (VMSS) support in Azure

**What this PR does / why we need it**:

This is the first step of adding Virtual Machine Scale Sets (VMSS) support in Azure, it

- Adds  vmType params to support both vmss and standard in Azure
- Adds initial InstanceID/InstanceType/IP/Routes support for vmss instances
- Master nodes may not belong to any scale sets, so it falls back to VirtualMachinesClient for such instances

Have validated that nodes could be registered and pods could be scheduled and run correctly.

Still more work to do to fully support Azure VMSS. And next steps are tracking at #43287.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:

Part of #43287.

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-21 17:04:59 -08:00