Automatic merge from submit-queue
Validate numberReady in DaemonSet status
In #32781 numberReady was introduced but it wasn't validated.
@kargakis @mikedanese it's a very small change. Please take a look.
Automatic merge from submit-queue
Fixing 'systemd restart docker' command in kubemark master
We try to restart docker after assembling it's flags in kubemark master using `systemd`, while it doesn't exist on the gci image. Changed it to `systemctl` instead.
This means that docker wasn't getting restarted in gci after changing DOCKER_OPTS all this while and hence not flushing the nat iptable didn't really matter.
But now, since we have the flag `--ip-masq=false` in DOCKER_OPTS taking effect, flushing the nat table makes sense, in order to make both of them consistent wrt masquerading.
Also, do you think that this might have anything to do with the failing kubemark tests (if there were some containers that did not want to allow iptable modification / masquerading)?
@kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue
register batch/jobs to federation-apiserver
register batch/jobs api objects to federation-apiserver
**Release note**:
```release-note
Federation: Add `batch/jobs` API objects to federation-apiserver
```
@quinton-hoole @nikhiljindal @deepak-vij
#34261
Automatic merge from submit-queue
Added 'hollow'-node-problem-detector to hollow-nodes in kubemark
Added node-problem-detector container in kubemark hollow-nodes, which takes in a 'hollow' (having an empty list of rules and conditions) kernel monitor config.
cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue (batch tested with PRs 36751, 38968)
Convert * users/groups to system:authenticated group in ABAC
Part of enabling anonymous auth by default in 1.6 means protecting earlier policies that did not intend to grant access to anonymous users.
This modifies ABAC policies that match `user` or `group` `*` to only match authenticated users.
Docs PR to update examples to use `system:authenticated` or `system:unauthenticated` groups explicitly: https://github.com/kubernetes/kubernetes.github.io/pull/1992
```release-note
ABAC policies using "user":"*" or "group":"*" to match all users or groups will only match authenticated requests. To match unauthenticated requests, ABAC policies must explicitly specify "group":"system:unauthenticated"
```
Automatic merge from submit-queue
To add local registry to libvirt_coreos
`libvirt_coreos` is quick way to have a multi-node cluster on a linux laptop for development purpouse.
This PR adds local registry to libvirt_coreos cluster. Mind have a look?
@roberthbailey since you reviewed my last PR on dns for libvirt_coreos
Automatic merge from submit-queue (batch tested with PRs 36888, 38180, 38855, 38590)
dnsprovider: Expose route53 constructor
This enables testing when the dnsprovider is used externally (with a
mock Route53 API, as we do in kops), and also might be useful for
constructing with a particular client instance with extra options.
Automatic merge from submit-queue (batch tested with PRs 36888, 38180, 38855, 38590)
Fix variable shadowing in exponential backoff when deleting volumes
While https://github.com/kubernetes/kubernetes/pull/38339 implemented exponential backoff on
volume deletion, that PR suffers from a minor bug when error thrown on volume deletion is anything other than `VolumeInUse` errors - in which case exponential backoff will not work.
This PR fixes that. This PR also makes unit tests more deterministic because exponential backoff changed the way operations are permitted.
CC @jsafrane @childsb @wongma7
Automatic merge from submit-queue (batch tested with PRs 36888, 38180, 38855, 38590)
wrong pod reference in error message for volume attach timeout
**What this PR does / why we need it**:
when a disk mount times out you get the following error:
```
Warning FailedSync Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "nginx"/"default". list of unattached/unmounted volumes=[data]
```
where the pod is referenced by "podname"/"namespace", but should be "namespace"/"podname".
**Which issue this PR fixes**
no issue number
**Special notes for your reviewer**:
untested :(
Automatic merge from submit-queue
Add a link to the kubeadm changelog from the main k8s changelog
@spiffxp @idvoretskyi @mikedanese @saad-ali A small addition to the changelog
Automatic merge from submit-queue
Update reference to dns sidecar (was dnsmasq-metrics); remove exec-healthz
-The image path is wrong -- I am waiting for the CI to pass here before pushing to google_containers-
This enables testing when the dnsprovider is used externally (with a
mock Route53 API, as we do in kops), and also might be useful for
constructing with a particular client instance with extra options.
Automatic merge from submit-queue (batch tested with PRs 35805, 36972, 39045)
Add e2e test to detach a pd whose node api object was deleted
**What this PR does / why we need it**:
`E2E Test for:`
If API object representing a node is deleted with a GCE PD still attached to that node, subsequent attempts by the attach/detach controller to detach it should not fail
Automatic merge from submit-queue
Implement kubeadm bootstrap token management
Creates bootstrap tokens as secrets per the specification in #30707
_WARNING_: These are not currently hooked up to the discovery service or the token it creates.
Still TODO:
- [x] delete tokens
- [x] merge with #35144 and adopt it's testing approach
- [x] determine if we want wholesale json output & templating like kubectl (we do not have an API object with the data we want here) may require a bit of plumbing.
- [x] allow specifying a token duration on the CLI
- [x] allow configuring the default token duration
- [x] hook up the initial token created during init
Sample output:
```
(root@centos1 ~) $ kubeadm token create
Running pre-flight checks
<cmd/token> Token secret created: f6dc69.c43e491752c4a0fd
(root@centos1 ~) $ kubeadm token create
Running pre-flight checks
<cmd/token> Token secret created: 8fad2f.e7b78c8a5f7c7b9a
(root@centos1 ~) $ kubeadm token list
Running pre-flight checks
ID TOKEN EXPIRATION
44d805 44d805.a4e78b6cf6435e33 23h
4f65bb 4f65bb.d006a3c7a0e428c9 23h
6a086e 6a086e.2ff99f0823236b5b 23h
8fad2f 8fad2f.e7b78c8a5f7c7b9a 23h
f6dc69 f6dc69.c43e491752c4a0fd 23h
f81653 f81653.9ab82a2926c7e985 23h
```
Automatic merge from submit-queue
Add test for CronJob generator
Per @janetkuo request this was split from #38614, it adds test for `CronJob` generator, and additionally copy labels to `JobTemplate`, to be consistent with how `Job` generator works.
Automatic merge from submit-queue
fix typo on federation/pkg/dnsprovider/plugins.go
**What this PR does / why we need it**: Increase code readability
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**: just fix one minor mistake as first contribution
**Release note**:
```release-note
```
Adds kubeadm subcommands to create, list, and delete bootstrap tokens.
Tokens can be created with a TTL duration, or 0 for tokens that will not
expire. The create command can also be used to specify your own token
(for use when bootstrapping masters and nodes in parallel), or update an
existing token's secret or ttl.
Marked "ex" for experimental for now as the boostrap controllers are not
yet hooked up in core.
Automatic merge from submit-queue
create kuberentes-discovery image
Creates an image for `kubernetes-discovery` since this is the API registration, aggregation, and proxy image.
Automatic merge from submit-queue
fix incorrect parameter pass to metrics.Monitor method call in ServeHTTP
**What this PR does / why we need it**:
before this PR:
1. `httpCode` is evaluated when defer statement executes, so all later assignments to `httpCode` is actually ineffectual. this obviously is not the design purpose.
2. `w.Header().Get("Content-Type")` is evaluated when defer statement executes, so all later `w.Header().Set("Content-Type",xxx)` ( in `writeNegotiated` ) is ineffectual to `metrics.Monitor`, i think this also is not the design purpose.
after this PR:
1. `httpCode` and `w.Header().Get("Content-Type")` is evaluated when the defered anonymous function executes, so `metrics.Monitor` will get correct `httpCode` and `Content-Type` field value.
2. in `ServeHTTP` method there is not any modification to `req` parameter, so it's safe to defer its evaluation.
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue
Coreos kube-up now with less cloud init
This update includes significant refactoring. It moves almost all of the
logic into bash scripts, modeled after the `gci` cluster scripts.
The reason to do this is:
1. Avoid duplicating the saltbase manifests by reusing gci's parsing logic (easier maintenance)
2. Take an incremental step towards sharing more code between gci/trusty/coreos, again for better maintenance
3. Pave the way for making future changes (e.g. improved rkt support, kubelet support) easier to share
The primary differences from the gci scripts are the following:
1. Use of the `/opt/kubernetes` directory over `/home/kubernetes`
2. Support for rkt as a runtime
3. No use of logrotate
4. No use of `/etc/default/`
5. No logic related to noexec mounts or gci-specific firewall-stuff
It will make sense to move 2 over to gci, as well as perhaps a few other small improvements. That will be a separate PR for ease of review.
Ref #29720, this is a part of that because it removes a copy of them.
Fixes#24165
cc @yifan-gu
Since this logic largely duplicates logic from the gci folder, it would be nice if someone closely familiar with that gave an OK or made sure I didn't fall into any gotchas related to that, so cc @andyzheng0831
deads2k