Automatic merge from submit-queue
Add option to set a service nodeport
**Release note**:
```release-note
Add kubectl --node-port option for specifying the service nodeport
```
This patch adds the option to set a nodeport when creating a NodePort
service. In case of a port allocation error due to a specified port
being out of the valid range, the error now includes the valid
range. If a `--node-port` value is not specified, it defaults to zero, in
which case the allocator will default to its current behavior of
assigning an available port.
This patch also adds a new helper function in `cmd/util/helpers.go` to
retrieve `Int32` cobra flags.
**Example**
```
# create a nodeport service with an invalid port
$ kubectl create service nodeport mynodeport --tcp=8080:7777 --node-port=1
The Service "mynodeport" is invalid: spec.ports[0].nodePort: Invalid
value: 1: provided port is not in the valid range. Valid ports range
from 30000-32767
# create a nodeport service with a valid port
$ kubectl create service nodeport mynodeport --tcp=8080:7777 --node-port=30000
service "mynodeport" created
# create a nodeport service with a port already in use
$ kubectl create service nodeport mynodeport --tcp=8080:7777 --node-port=30000
The Service "mynodeport" is invalid: spec.ports[0].nodePort: Invalid value: 3000: provided port is already allocated
$ kubectl describe service mynodeport
Name: mynodeport
Namespace: default
Labels: app=mynodeport
Selector: app=mynodeport
Type: NodePort
IP: 172.30.81.254
Port: 8080-7777 8080/TCP
NodePort: 8080-7777 30000/TCP
Endpoints: <none>
Session Affinity: None
No events.
```
@fabianofranz
Automatic merge from submit-queue
Allow empty annotation values
Related downstream issue: https://github.com/openshift/origin/issues/11175
**Release note**:
```release-note
release-note-none
```
Annotations with empty values can be used, for example, in diagnostics
logging. This patch removes the client-side check for empty values in
an annotation key-value pair.
**Before**
```
$ kubectl annotate pod zookeeper-1 node-selector="" --overwrite
error: invalid annotation format: node-selector=
```
**After**
```
$ kubectl annotate pod zookeeper-1 node-selector="" --overwrite
pod "zookeper-1" annotated
```
```
$ kubectl get po/zookeeper-1 --template='{{.metadata.annotations}}'
map[... node-selector: test-label:test]
```
@fabianofranz @liggitt
Annotations with empty values can be used, for example, in diagnostics
logging. This patch removes the client-side check for empty values in
an annotation key-value pair.
**Before**
```
$ kubectl annotate pod zookeeper-1 node-selector="" --overwrite
error: invalid annotation format: node-selector=
```
**After**
```
$ kubectl annotate pod zookeeper-1 node-selector="" --overwrite
pod "zookeper-1" annotated
```
```
$ kubectl get po/zookeeper-1 --template='{{.metadata.annotations}}'
map[... node-selector: test-label:test]
```
This patch adds the option to set a nodeport when creating a NodePort
service. In case of a port allocation error due to a specified port
being out of the valid range, the error now includes the valid
range. If a `--node-port` value is not specified, it defaults to zero, in
which case the allocator will default to its current behavior of
assigning an available port.
This patch also adds a new helper function in `cmd/util/helpers.go` to
retrieve `Int32` cobra flags.
**Example**
```
$ kubectl create service nodeport mynodeport --tcp=8080:7777 --node-port=1
The Service "mynodeport" is invalid: spec.ports[0].nodePort: Invalid
value: 1: provided port is not in the valid range. Valid ports range
from 30000-32767
$ kubectl create service nodeport mynodeport --tcp=8080:7777 --node-port=30000
service "mynodeport" created
$ oc describe service mynodeport
Name: mynodeport
Namespace: default
Labels: app=mynodeport
Selector: app=mynodeport
Type: NodePort
IP: 172.30.81.254
Port: 8080-7777 8080/TCP
NodePort: 8080-7777 30000/TCP
Endpoints: <none>
Session Affinity: None
No events.
```
Automatic merge from submit-queue
Update godep for github.com/spf13/pflag and replace StringSlice with String Array in configMap
Update godep for pkg `github.com/spf13/pflag`, because the new flag type `StringArray` within it is needed in issue #27454
Automatic merge from submit-queue
Unwrap aggregates of size 1 when writing errors
Our special error logic was being defeated by aggregates.
Also, only use aggregate in get when we actually are dealing with
multiple errors.
@kubernetes/kubectl
For other kubectl reviewers - no one should use an aggregate unless you are ranging over a list, and even then ask yourself whether you really care about returning all errors.
Automatic merge from submit-queue
Update kubectl create message when using --dry-run
`kubectl create <resource> <name> --dry-run` provides a misleading success
message.
When commands such as `kubectl new-app node` are run with a
`--dry-run` flag, they make this clear by appending a "(DRY RUN)"
string to the final output. `kubectl create <resource> <name> --dry-run`
does not do this, providing a potentially misleading output.
This patch appends a "(DRY RUN)" string to the end of a successful
message of `kubectl create` subcommands that support the `--dry-run` flag.
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created
```
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created (DRY RUN)
```
**Release note**:
```release-note
release-note-none
```
Automatic merge from submit-queue
add resource filter handling before printing
**Release note**:
```release-note
release-note-none
```
Resources are currently filtered (in order to prevent printing) at print
time in their HumanReadablePrinter handlers. This design makes it not
possible to filter objects when they are printed using any other
printer, such as YAML, JSON, or the NamePrinter.
This patch removes any filters previously added at the printer level for
pods and adds a way to define resource-specific filters before they are
sent to a printer handler. A woking filter handler for pods has also been
implemented.
Filters affect resources being printed through the HumanReadablePrinter,
YAML, JSON, and `--template` printers.
cc @smarterclayton
Resources are currently filtered (in order to prevent printing) at print
time in their HumanReadablePrinter handlers. This design makes it not
possible to filter objects when they are printed using any other
printer, such as YAML, JSON, or the NamePrinter.
This patch removes any filters previously added at the printer level for
pods and adds a way to define resource-specific filters before they are
sent to a printer handler. A woking filter handler for pods has also
been
implemented.
Filters affect resources being printed through the HumanReadablePrinter,
YAML, JSON, and `--template` printers.
Automatic merge from submit-queue
Behave gracefully in kubectl if /version returns 404
Fixes https://github.com/kubernetes/kubernetes/issues/32679.
It's only about caching the swagger spec here. So it's safe to fall back to non-caching mode and continue.
This commit moves away from using a global variable for default
configuration checking, and instead exposes a method on LoadingRules to
determine whether a particular restclient.Config should be considered
"default". This allows kubectl to provide its own defaults (the same
as before, KUBERNETES_MASTER and the static localhost:8080 values) while
allowing other clients to avoid defining them.
In-cluster config defaulting is now easier to read.
Automatic merge from submit-queue
Extend all to more resources
Added more things from the list here:
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/cmd.go#L159
Update the devel/kubectl-conventions.md with the rules mentioned by
a few folks on which resources could be added to the special 'all' alias
Automatic merge from submit-queue
make --include-extended-apis deprecated and remove plumbing
Marks a dead CLI parameter as deprecated and removes the plumbing for it.
Automatic merge from submit-queue
Fixes#30562: Refactor kubectl command options to use common struct for common file params
Fixes#30562 : Refactor common go struct options in pkg/kubectl/cmd/*.go.
@pwittrock
Automatic merge from submit-queue
Handle Stream() errors consistently in restclient
We should be following the same rules for Stream() as the normal body
request flow.
Also add slightly more output on a server error - in the future we may
want to clean this up but it's potentially hiding bad responses.
Related to #32009 but isn't the fix (so far)
Automatic merge from submit-queue
Rollout dry run
**What this PR does / why we need it**: rollout undo add dry-run implementation
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#28219
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```
rollout undo add dry-run option
```
Automatic merge from submit-queue
Optimise the DefaultGenerators function
It needn't define all the generators in the "DefaultGenerators" function, it just return the "cmdName" generator, the others is redundant.
Automatic merge from submit-queue
add ClientSet to factory to remove non-generated client
We should move to using generated clients in the `kubectl` client. We should really move to generated external clients, but this at least moves away from using manually created clients.
@fabianofranz @mfojtik When I complete this work (move the other commands and eliminate the old API), this will ripple downstream.
Automatic merge from submit-queue
make swaggerschema agnostic about which version to use
`Factory.SwaggerSchema` was reliant on having a non-generated client bits filled in so that it could get the adapted client it wanted. There's no need since discovery ignores configured GroupVersions. This eliminates the unneeded dependency.
We should be following the same rules for Stream() as the normal body
request flow.
Also add slightly more output on a server error - in the future we may
want to clean this up but it's potentially hiding bad responses.
This changes clientcmd to skip the default cluster, but preserves the
behavior in kubectl. This prevents the possibility of an administrator
misconfiguration in kubelet or other server component from allowing a
third party who can bind to 8080 on that host from potentially
impersonating an API server and gaining root access.
Automatic merge from submit-queue
Optimise the ValidateBytes function
The PR optimise the "ValidateBytes" function in factory.go. Too much "if" branches is poor readability, use "switch" to look better.
Automatic merge from submit-queue
remove duplicate errors from aggregate error outputs
release-label-none
Duplicate error messages are sometimes shown when displaying aggregate errors:
`$ kubectl label pod/database-1-fn0r7 qwer1345%$$#=self`
```
* metadata.labels: Invalid value: "qwer1345%5602#": name part must match the regex ([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9] (e.g. 'MyName' or 'my.name' or '123-abc')
* metadata.labels: Invalid value: "qwer1345%5602#": name part must match the regex ([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9] (e.g. 'MyName' or 'my.name' or '123-abc')
* metadata.labels: Invalid value: "qwer1345%5602#": name part must match the regex ([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9] (e.g. 'MyName' or 'my.name' or '123-abc')
```
This patch removes any duplicate messages (adjacent or not) that appear in the final list of errors.
Automatic merge from submit-queue
Create client from API version passed in config or use default
When creating a client read the `GroupVersion` value passed in the `restclient.Config`. If the passed `GroupVersion` does not match current group or is not enabled fallback to default `GroupVersion` for that group.
This PR should allow accessing `ScheduledJob` properly in `batch/v2alpha1`.
@smarterclayton @deads2k @caesarxuchao @lavalamp ptal
When creating a client read the GroupVersion value passed in the
restclient.Config. If the passed GroupVersion does not match current
group or is not enabled fallback to default GroupVersion for that group.
Automatic merge from submit-queue
Implement a RESTMappings method
With the introduction of batch/v1 and batch/v2alpha1, any
MultiRESTMapper that has per groupversion mappers (as a naive discovery
client would create) would end up being unable to call RESTMapping() on
batch.Jobs. As we finish up discovery we will need to be able to choose
prioritized RESTMappings based on the service discovery doc.
This change implements RESTMappings(groupversion) which returns all
possible RESTMappings for that kind. That allows a higher level call to
prioritize the returned mappings by server or client preferred version.
@deads2k
With the introduction of batch/v1 and batch/v2alpha1, any
MultiRESTMapper that has per groupversion mappers (as a naive discovery
client would create) would end up being unable to call RESTMapping() on
batch.Jobs. As we finish up discovery we will need to be able to choose
prioritized RESTMappings based on the service discovery doc.
This change implements RESTMappings(groupversion) which returns all
possible RESTMappings for that kind. That allows a higher level call to
prioritize the returned mappings by server or client preferred version.
Automatic merge from submit-queue
--no-header available now for custom-column
Change `CustomColumnsPrinter` to have `noHeader` boolean, also changed `GetPrinter` to receive this bool and pass it through.
One test `TestNewColumnPrinterFromSpecWithNoHeaders` added for checking if there is no headers in output for sure
fixes#24133
Automatic merge from submit-queue
TLS bootstrap API group (alpha)
This PR only covers the new types and related client/storage code- the vast majority of the line count is codegen. The implementation differs slightly from the current proposal document based on discussions in design thread (#20439). The controller logic and kubelet support mentioned in the proposal are forthcoming in separate requests.
I submit that #18762 ("Creating a new API group is really hard") is, if anything, understating it. I've tried to structure the commits to illustrate the process.
@mikedanese @erictune @smarterclayton @deads2k
```release-note-experimental
An alpha implementation of the the TLS bootstrap API described in docs/proposals/kubelet-tls-bootstrap.md.
```
[]()
Automatic merge from submit-queue
retry GetThirdPartyGroupVersions
GetThirdPartyGroupVersions() may return a "NotFound" error if a thirdparty group is deleted in the interim between the group-discovery and the resource-discovery. This is causing e2e flakes in all tests that run kubectl, because test/e2e/thirdparty.go is creating/deleting thirdparty groups.
Fix#26425
The e2e flakes will have the following pattern:
1. the test is calling kubectl
2. error message is `Error from server: the server could not find the requested resource`
3. in the apiserver log, you should see `GET /apis/company.com/v1: (518.944µs) 404 [[kubectl/v1.3.0 (linux/amd64) kubernetes/ae28564] 104.154.110.118:46043]`
For detail see [here](https://github.com/kubernetes/kubernetes/issues/26425#issuecomment-222844523)
cc @janetkuo @brendanburns
Automatic merge from submit-queue
kubectl: more sophisticated pod selection for logs and attach
Trying to get the logs or attach to an object other than a pod
will poll forever if that object has no replicas. This commit adds
a 20s timeout for polling.
@kubernetes/kubectl @deads2k @fabianofranz
Automatic merge from submit-queue
Add flag -t as shorthand for --tty
`-t` was deprecated in #12813 (Aug. 2015, about 6+ months ago).
Now remove `--template`'s shorthand `-t` and create a shorthand `-t` for `--tty` in `kubectl run`.
@kubernetes/kubectl
Automatic merge from submit-queue
Additional go vet fixes
Mostly:
- pass lock by value
- bad syntax for struct tag value
- example functions not formatted properly
reqs:
- the kubectl cmd must support the -f | --filename flag
- the kubectl cmd must support visiting a dir one level deep,
or using more than one resource
Currently attach and the editor do not share the same logic for saving
and restoring the terminal, and are not suitable for nesting (when the
caller wants to create something, attach, and then delete something when
the attach is over). This commit moves the interrupt protection logic
to a util package and supports nesting interrupt handlers.
Not being logged in is a common user error, and the message we display
can be more specific to an end user. Provide a friendly message with the
server message in parethesis (in case this is a more complex server
error).
The message as it is framed right now does not make any sense for the
end users of our system. It might even lead to confusion. So this is
attempt to make the error message less confusing.
Update the Deployments' API types, defaulting code, conversions, helpers
and validation to use ReplicaSets instead of ReplicationControllers and
LabelSelector instead of map[string]string for selectors.
Also update the Deployment controller, registry, kubectl subcommands,
client listers package and e2e tests to use ReplicaSets and
LabelSelector for Deployments.
This is needed for the legacy OpenShift API group (oapi) which is also
group: "", version: "v1", but needs to return a different swagger
schema. Will in the future be replaced by group defaulting.
Most of the logic related to type and kind retrieval belongs in the
codec, not in the various classes. Make it explicit that the codec
should handle these details.
Factory now returns a universal Decoder and a JSONEncoder to assist code
in kubectl that needs to specifically deal with JSON serialization
(apply, merge, patch, edit, jsonpath). Add comments to indicate the
serialization is explicit in those places. These methods decode to
internal and encode to the preferred API version as previous, although
in the future they may be changed.
React to removing Codec from version interfaces and RESTMapping by
passing it in to all the places that it is needed.
It cordons (marks unschedulable) the given node, and then deletes every
pod on it, optionally using a grace period. It will not delete pods
managed by neither a ReplicationController nor a DaemonSet without the
use of --force.
Also add cordon/uncordon, which just toggle node schedulability.
I took a hard look at error output and played until I was happier. This now
prints JSON for structs in the error, rather than go's format.
Also made the error message easier to read.
Fixed tests.
This commit moves the generators into separate buckets and creates
separate calls for each one group. This helps in providing just the
necessary generators to each generator command.
Validation of flags against generators is also added so that flags
that are not meant to be used with a specific generator will result
in error.
Before this change we have a mish-mash of ways to pass field names around for
error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes
neither, often wrong names or not indexed when it should be.
Instead of that mess, this is part one of a couple of commits that will make it
more strongly typed and hopefully encourage correct behavior. At least you
will have to think about field names, which is better than nothing.
It turned out to be really hard to do this incrementally.
Contains the following fixes for Windows users of kubectl edit:
* Defaults to notepad as the default Windows editor
* Uses CRLF line endings
* Ensures a file lock is freed
Increase the supported controls on pod logging. Add validaiton to pod
log options. Ensure the Kubelet is using a consistent, structured way to
process pod log arguments.
Add ?sinceSeconds=<durationInSeconds>, &sinceTime=<RFC3339>, ?timestamps=<bool>,
?tailLines=<number>, and ?limitBytes=<number>
Before we tried both groups, first api then experimental. If
experimental failed, the error message would be discarded and the
message for api would be shown. This commit changes this behavior so
that we detect which api group we should be using and only show the
error for that group.
Previously, we would initialize the experimental client at factory creation
time. This is problematic because the clientConfig loader has values populated
from the command-line flag parsing, and these are not populated until after
Factory creation. Introduce an ExperimentalClientCache to create (and reuse)
ExperimentalClients.
This change allows the namespace in kubeconfig to be overridden by
specifying the namespace in the spec file. If namespace is explicitly
provided in the command line flags and the spec file has a different
namespace, this will cause an error.
Started looking at refactoring of the kubectl Factory, which
caused me to experience all 5 stages of grief. There are some options
for improving, but it probably warrants a proposal with some discussion/
feedback. In the meantime this tests `NegotiateVersion` in isolation.
This commit wires together the graceful delete option for pods
on the Kubelet. When a pod is deleted on the API server, a
grace period is calculated that is based on the
Pod.Spec.TerminationGracePeriodInSeconds, the user's provided grace
period, or a default. The grace period can only shrink once set.
The value provided by the user (or the default) is set onto metadata
as DeletionGracePeriod.
When the Kubelet sees a pod with DeletionTimestamp set, it uses the
value of ObjectMeta.GracePeriodSeconds as the grace period
sent to Docker. When updating status, if the pod has DeletionTimestamp
set and all containers are terminated, the Kubelet will update the
status one last time and then invoke Delete(pod, grace: 0) to
clean up the pod immediately.
pkg/service:
There were a couple of references here just as a reminder to change the
behavior of findPort. As of v1beta3, TargetPort was always defaulted, so
we could remove findDefaultPort and related tests.
pkg/apiserver:
The tests were using versioned API codecs for some of their encoding
tests. Necessary API types had to be written and registered with the
fake versioned codecs.
pkg/kubectl:
Some tests were converted to current versions where it made sense.
In resource.Builder ContinueOnError() should actually do so.
Reorganized util.CheckErr() to make it display bulk errors more
effectively and be more reusable. Clarified that CheckErr is not
specific to kubectl in Godoc. Changed the "Error: " prefix to
"error: " to more closely match Unix conventions.
Use custom narrowly scoped interfaces for client access from the
RollingUpdater and Resizer. This allows for more flexible downstream
integration and unit testing without imposing a burden to implement
the entire client.Interface for just a handful of methods.
VersionedPrinter handles fallback when multiple different APIVersions
are present if multiple arguments are passed (for instance, both Kube
resources at v1beta3 and a third party's API objects which are only
at v1). The cmd PrinterForMapping should always include the current
object's "mapping version" as a fallback in the event the preferred
API version does not map to the actual object.
Omit glog prefix when v < 2, show multiline errors for configuration
problems, add new generic messages for server errors that hide some
complexity that is not relevant for users.
Will allow xarg behavior to fetch resources across multiple types.
Changes 'create', 'get', 'update', 'stop', and 'delete' to output
<resourceType>/<name>.
Brendan Burns
