Automatic merge from submit-queue (batch tested with PRs 45110, 45148)
write HostAliases to hosts file
**What this PR does / why we need it**: using the PodSpec's `HostAliases`, we write entries into the Kubernetes-managed hosts file.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43632
**Special notes for your reviewer**:
Previous PRs in this series:
- https://github.com/kubernetes/kubernetes/pull/44572 isolates the logic of creating the file and writing the file
- https://github.com/kubernetes/kubernetes/pull/44641 introduces the `HostAliases` field in PodSpec along with validations
**Release note**:
```release-note
PodSpec's `HostAliases` now write entries into the Kubernetes-managed hosts file.
```
@thockin @yujuhong
Thanks for reviewing!
Automatic merge from submit-queue (batch tested with PRs 45110, 45148)
Make timeouts in the Kubelet slightly offset to aid debugging
Several of these loops overlap, and when they are the reason a failure
is happening it is difficult to sort them out. Slighly misalign these
loops to make their impact obvious.
We are seeing exactly 2 minute pod worker timeouts in a wide range of test flake scenarios, and I want to be confident we know exactly which one is the culprit.
Automatic merge from submit-queue
Add HostAliases to PodSpec to support adding entires to a Pod's hosts file
**What this PR does / why we need it**:
Adds a new field to PodSpec `HostAliases ` to support adding entries to a Pod's hosts file. A PR to incorporate this logic into [`ensureHostsFile`](2899f47bc8/pkg/kubelet/kubelet_pods.go (L208-L227)) in kubelet will be next in order to isolate the discussion on the API.
**Which issue this PR fixes**:
A step into fixing #43632
**Special notes for your reviewer**:
- The API was suggested in https://github.com/kubernetes/kubernetes/issues/43632#issuecomment-293471293
- Concerns with compatible with `hostNetwork: true` Pods are addressed with an validation. https://github.com/kubernetes/kubernetes/issues/43632#issuecomment-293750410
**Release note**:
```release-note
A new field `hostAliases` has been added to `pod.spec` to support adding entries to a Pod's /etc/hosts file.
```
**Testing done**:
- Unit tests pass for validations
- Ran all automated updates, and compared against another PR which added a field in PodSpec to make sure the PR contains all the updated generated code
Automatic merge from submit-queue
stateful_pod_control.go: format the code
**What this PR does / why we need it**:
1.Improve the quality of the code.
2.Reduce reduandant parameters
3.add one comma
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Delete "hard-coded" default value in flags usage.
**What this PR does / why we need it**:
Some flags of kubernetes components have "hard-coded" default values in their usage info. In fact, [pflag pkg](https://github.com/kubernetes/kubernetes/blob/master/vendor/github.com/spf13/pflag/flag.go#L602-L608) has already added a string `(default value)` automatically in the usage info if the flag is initialized. Then we don't need to hard-code the default value in usage info. After this PR, if we want to update the default value of a flag, we only need to update the flag where it is initialized. `pflag` will update the usage info for us. This will avoid inconsistency.
For example:
Before
```
kubelet -h
...
--node-status-update-frequency duration Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s (default 10s)
...
```
After
```
kubelet -h
...
--node-status-update-frequency duration Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. (default 10s)
...
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
This PR doesn't delete some "hard-coded" default values because they are not explicitly initialized. We still need to hard-code them to give users friendly info.
```
--allow-privileged If true, allow containers to request privileged mode. [default=false]
```
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 41583, 45117, 45123)
Implement shared PID namespace in the dockershim
**What this PR does / why we need it**: Defaults the Docker CRI to using a shared PID namespace for pods. Implements proposal in https://github.com/kubernetes/community/pull/207 tracked by #1615.
//cc @dchen1107 @vishh @timstclair
**Special notes for your reviewer**: none
**Release note**:
```release-note
Some container runtimes share a process (PID) namespace for all containers in a pod. This will become the default for Docker in a future release of Kubernetes. You can preview this functionality if running with the CRI and Docker 1.13.1 by enabling the --experimental-docker-enable-shared-pid kubelet flag.
```
Automatic merge from submit-queue (batch tested with PRs 44044, 44766, 44930, 45109, 43301)
add APIService conditions
Adds conditions to the APIServiceStatus struct and fixes up generators that appear to have slipped.
The first condition is "ServiceAvailable" which will provide the status currently derived in the discovery handler that decides about whether to expose the version in discovery.
@kubernetes/sig-api-machinery-pr-reviews @liggitt @ncdc
Automatic merge from submit-queue (batch tested with PRs 44044, 44766, 44930, 45109, 43301)
Fixes get -oname for unstructured objects
Fixes https://github.com/kubernetes/kubernetes/issues/44832
Make sure we display kind in `kubectl get -o name` for unknown resource types.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Log warning when invalid dir passed to kubectl proxy --www
**Release note**:
```
Log warning when invalid directory is passed to `kubectl proxy --www`
```
Automatic merge from submit-queue (batch tested with PRs 45033, 44961, 45021, 45097, 44938)
Cleanup orphan logging that goes on in the sync loop.
**What this PR does / why we need it**:
Fixes#44937
**Before this PR** The older logs were like this:
```
E0426 00:06:33.763347 21247 kubelet_volumes.go:114] Orphaned pod "35c4a858-2a12-11e7-910c-42010af00003" found, but volume paths are still present on disk.
E0426 00:06:33.763400 21247 kubelet_volumes.go:114] Orphaned pod "e7676365-1580-11e7-8c27-42010af00003" found, but volume paths are still present on disk.
```
The problem being that, all the volumes were spammed w/ no summary info.
**After this PR** the logs look like this:
```
E0426 01:32:27.295568 22261 kubelet_volumes.go:129] Orphaned pod "408b060e-2a1d-11e7-90e8-42010af00003" found, but volume paths are still present on disk. : There were a total of 2 errors similar to this. Turn up verbosity to see them.
E0426 01:32:29.295515 22261 kubelet_volumes.go:129] Orphaned pod "408b060e-2a1d-11e7-90e8-42010af00003" found, but volume paths are still present on disk. : There were a total of 2 errors similar to this. Turn up verbosity to see them.
E0426 01:32:31.293180 22261 kubelet_volumes.go:129] Orphaned pod "408b060e-2a1d-11e7-90e8-42010af00003" found, but volume paths are still present on disk. : There were a total of 2 errors similar to this. Turn up verbosity to see them.
```
And with logging turned up, the extra info logs are shown with details:
```
E0426 01:34:21.933983 26010 kubelet_volumes.go:129] Orphaned pod "1c565800-2a20-11e7-bbc2-42010af00003" found, but volume paths are still present on disk. : There were a total of 3 errors similar to this. Turn up verbosity to see them.
I0426 01:34:21.934010 26010 kubelet_volumes.go:131] Orphan pod: Orphaned pod "1c565800-2a20-11e7-bbc2-42010af00003" found, but volume paths are still present on disk.
I0426 01:34:21.934015 26010 kubelet_volumes.go:131] Orphan pod: Orphaned pod "408b060e-2a1d-11e7-90e8-42010af00003" found, but volume paths are still present on disk.
I0426 01:34:21.934019 26010 kubelet_volumes.go:131] Orphan pod: Orphaned pod "e7676365-1580-11e7-8c27-42010af00003" found, but volume paths are still present on disk.
```
**Release note**
```release-note
Roll up volume error messages in the kubelet sync loop.
```
Automatic merge from submit-queue
kubectl binary plugins
**What this PR does / why we need it**:
Introduces the ability to extend `kubectl` by adding third-party plugins that will be exposed through `kubectl`.
Plugins are executable commands written in any language. To be included as a plugin, a binary or script file has to
1. be located under one of the supported plugin path locations:
1.1 `~/.kubectl/plugins` dir
1.2. one or more directory set in the `KUBECTL_PLUGINS_PATH` env var
1.3. the `kubectl/plugins` dir under one or more directory set in the `XDG_DATA_DIRS` env var, which defaults to `/usr/local/share:/usr/share`
2. in any of the plugin path above, have a subfolder with the plugin file(s)
3. in the subfolder, contain at least a `plugin.yaml` file that describes the plugin
Example:
```
$ cat ~/.kube/plugins/myplugin/plugin.yaml
name: "myplugin"
shortDesc: "My plugin's short description"
command: "echo Hello plugins!"
$ kubectl myplugin
Hello plugins!
```
~~In case the plugin declares `tunnel: true`, the plugin engine will pass the `KUBECTL_PLUGIN_API_HOST` env var when calling the plugin binary. Plugins can then access the Kube REST API in "http://$KUBECTL_PLUGIN_API_HOST/api" using the same context currently in use by `kubectl`.~~
Test plugins are provided in `pkg/kubectl/plugins/examples`. Just copy (or symlink) the files to `~/.kube/plugins` to test.
**Which issue this PR fixes**:
Related to the discussions in the proposal document: https://github.com/kubernetes/kubernetes/pull/30086 and https://github.com/kubernetes/community/pull/122.
**Release note**:
```release-note
Introduces the ability to extend kubectl by adding third-party plugins. Developer preview, please refer to the documentation for instructions about how to use it.
```
Automatic merge from submit-queue
rename variables to make sure that they conform to golang variable name conventions
rename variables to make sure that they conform to golang variable name conventions
**What this PR does / why we need it**:
there are lots of package level unexported variables in package `cmd` not conforming golang variable name conventions, such as `version_example`, in this PR i rename all of them to make sure that they conform to golang variable name conventions
Several of these loops overlap, and when they are the reason a failure
is happening it is difficult to sort them out. Slighly misalign these
loops to make their impact obvious.
Automatic merge from submit-queue
Start recording cloud provider metrics for AWS
**What this PR does / why we need it**:
This PR implements support for emitting metrics from AWS about storage operations.
**Which issue this PR fixes**
Fixes https://github.com/kubernetes/features/issues/182
**Release note**:
```
Add support for emitting metrics from AWS cloudprovider about storage operations.
```
Automatic merge from submit-queue
Log node name when error attaching volume
Helps with debugging to know immediately which node the volume failed to atach to. Went through all plugins, added this to 3. @gnufied
```release-note
NONE
```
Automatic merge from submit-queue
don't HandleError on container start failure
Failing to start containers is a common error case if there is something wrong with the container image or environment like missing mounts/configs/permissions/etc. Not only is it common; it is reoccurring as backoff happens and new attempts to start the container are made. `HandleError` it too verbose for this very common situation.
Replace `HandleError` with `glog.V(3).Infof`
xref https://github.com/openshift/origin/issues/13889
@smarterclayton @derekwaynecarr @eparis
Automatic merge from submit-queue
Prepare for move zz_generated_deepcopy.go to k8s.io/api
This is in preparation to move deep copies to with the types to the types repo (see https://github.com/kubernetes/gengo/pull/47#issuecomment-296855818). The init() function is referring the `SchemeBuilder` defined in the register.go in the same packge, so we need to revert the dependency.
This PR depends on https://github.com/kubernetes/gengo/pull/49, otherwise verification will fail.
Automatic merge from submit-queue (batch tested with PRs 45052, 44983, 41254)
Non-controversial part of #44523
For easier review of #44523, i extracted the non-controversial part out to this PR.
Automatic merge from submit-queue (batch tested with PRs 44124, 44510)
Add metrics to all major gce operations (latency, errors)
```release-note
Add metrics to all major gce operations {latency, errors}
The new metrics are:
cloudprovider_gce_api_request_duration_seconds{request, region, zone}
cloudprovider_gce_api_request_errors{request, region, zone}
`request` is the specific function that is used.
`region` is the target region (Will be "<n/a>" if not applicable)
`zone` is the target zone (Will be "<n/a>" if not applicable)
Note: this fixes some issues with the previous implementation of
metrics for disks:
- Time duration tracked was of the initial API call, not the entire
operation.
- Metrics label tuple would have resulted in many independent
histograms stored, one for each disk. (Did not aggregate well).
```
Automatic merge from submit-queue (batch tested with PRs 44124, 44510)
Optimize the time taken to create Persistent volumes with VSAN storage capabilities at scale and handle VPXD crashes
Currently creating persistent volumes with VSAN storage capabilities at scale is taking very large amount of time. We have tested at the scale of 500-600 PVC's and its more time for all the PVC requests to go from Pending state to Bound state.
- In our current design we use a single systemVM - "kubernetes-helper-vm" as a means to create a persistent volume with the VSAN policy configured.
- Since all the operations are on a single system VM, all requests on scale get queued and executed serially on this system VM. Because of this creating a high number of PVC's is taking very large time.
- Since its a single system VM, all parallel PVC requests most of the time tend to take the same SCSI adapter on the system VM and also same unit number on the SCSI adapter. Therefore the error rate is high.
Inorder to overcome these issues and to optimize the time taken to create persistent volumes with VSAN storage capabilities at scale we have slightly modified the design which is described below:
- In this model, we create a VM on the fly for every persistent volume that is being created. Since all the reconfigure operations to create a disk with the VSAN policy configured are on their individual VM's, all of these PVC's request execute in parallel independent one other.
- With this new design, there will no error rate at all.
Also, we have overcome the problem of vpxd crashes and any other intermediate problems by checking type of the errors.
Fixes https://github.com/vmware/kubernetes/issues/122, https://github.com/vmware/kubernetes/issues/124
@kerneltime @tusharnt @divyenpatel @pdhamdhere
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 42740, 44980, 45039, 41627, 45044)
Improved code coverage for /pkg/kubelet/types
**What this PR does / why we need it**:
The test coverage for /pkg/kubelet/types was increased from 50% to 87.5%
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
The new metrics is:
cloudprovider_gce_api_request_duration_seconds{request, region, zone}
cloudprovider_gce_api_request_errors{request, region, zone}
`request` is the specific function that is used.
`region` is the target region (Will be "<n/a>" if not applicable)
`zone` is the target zone (Will be "<n/a>" if not applicable)
Note: this fixes some issues with the previous implementation of
metrics for disks:
- Time duration tracked was of the initial API call, not the entire
operation.
- Metrics label tuple would have resulted in many independent
histograms stored, one for each disk. (Did not aggregate well).
Automatic merge from submit-queue (batch tested with PRs 41106, 44346, 44929, 44979, 45027)
Add PATCH to supported list of proxy subresource verbs
Follow up to #41421 for the proxy subresources
```release-note
The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method.
```
Automatic merge from submit-queue
Don't check in zz_generated.openapi.go.
`zz_generated.openapi.go` is the file that causes the most merge conflicts of all. In #33440, @thockin updated the makefile to support generating these files on demand, but that didn't play well with bazel/gazel.
In this PR, I add a new build macro that will generate this file with a `go_genrule`. I added support for keeping the BUILD file up to date in mikedanese/gazel#34.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Update token controller test to test async retry
Fixes#44819https://github.com/kubernetes/kubernetes/pull/44625 changed the token controller to queue a retry if the live service account's resourceVersion did not match our cache.
This updates the unit test that was testing that condition to test async queue behavior (which this condition now drives)
Automatic merge from submit-queue (batch tested with PRs 44970, 43618)
CRI: Fix StopContainer timeout
Fixes https://github.com/kubernetes/kubernetes/issues/44956.
I verified this PR with the example provided in https://github.com/kubernetes/kubernetes/issues/44956, and now pod deletion will respect grace period timeout:
```
NAME READY STATUS RESTARTS AGE
gracefully-terminating-pod 1/1 Terminating 0 6m
```
@dchen1107 @yujuhong @feiskyer /cc @kubernetes/sig-node-bugs
Automatic merge from submit-queue
Allow Partial Success for ImageGC
Fixes#44951. When the eviction manager is under disk pressure, it first attempts to reclaim disk space by deleting images. However, if there are any errors during the image deletion process, the eviction manager treats that as a failed attempt delete images--even if some were successfully deleted.
This change essentially makes the eviction manager ignore errors during image garbage collection, and instead rely solely on the quantity of resources reclaimed. If image deletion completely fails, for example, then this should still work as it would return 0 bytes freed. This allows for partial success, because any resources freed are counted, regardless of if some images fail to be deleted, for example.
This does not require any changes to the image manager, as the current behavior is already to return the disk space freed along with any errors.
```release-note
Fixes a bug where pods were evicted even after images are successfully deleted.
```
cc @dchen1107 @vishh @kubernetes/kubernetes-release-managers
note to reviewers: this is mostly whitespace changes, so it will make more sense in reviewable
Automatic merge from submit-queue (batch tested with PRs 44940, 44974, 44935)
Remove import of internal api package in generated external-versioned listers
Follow up of https://github.com/kubernetes/kubernetes/pull/44523
One line change in cmd/libs/go2idl/lister-gen/generators/lister.go, and simple changes in pkg/apis/autoscaling/v2alpha1/register.go, other changes are generated.
The internal api package will be eliminated from client-go, so these imports should be removed. Also, it's more correct to report the versioned resource in the error.
Automatic merge from submit-queue
OpenAPI support for kubectl
Support for openapi spec in kubectl.
Includes:
- downloading and caching openapi spec to a local file
- parsing openapi spec into binary serializable datastructures (10x faster load times 600ms -> 40ms)
- caching parsed openapi spec in memory for each command
```release-note
NONE
```
Automatic merge from submit-queue
Add redirect support to SpdyRoundTripper
Add support for following redirects to the SpdyRoundTripper. This is
necessary for clients using it directly (e.g. the apiserver talking
directly to the kubelet) because the CRI streaming server issues a
redirect for streaming requests.
We need this in OpenShift because we have code that executes inside our apiserver that talks directly to the node to perform an attach request, and we need to be able to follow that redirect.
This code was adapted from the upgrade-aware proxy handler.
cc @smarterclayton @sttts @liggitt @timstclair @kubernetes/sig-api-machinery-pr-reviews
Add support for following redirects to the SpdyRoundTripper. This is
necessary for clients using it directly (e.g. the apiserver talking
directly to the kubelet) because the CRI streaming server issues a
redirect for streaming requests.
Also extract common logic for following redirects.
Automatic merge from submit-queue (batch tested with PRs 44931, 44808)
Update to use Semantic.DeepEqual in regsitry
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/43402
**Release note**:
```
NONE
```
/assign @janetkuo
Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826)
Bump to go1.8 and remove the edge GOROOT
**What this PR does / why we need it**:
Bumps to go1.8; we get:
- performance improvements
- build time improvements
- the possibility to remove the hacky edge-GOROOT for arm and ppc64le that must use go1.8
- all other awesome features that are included in go1.8: https://golang.org/doc/go1.8
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/38228
**Special notes for your reviewer**:
@ixdy Please push the image ASAP so we can see if this passes all tests
**Release note**:
```release-note
Upgrade go version to v1.8
```
cc @ixdy @bradfitz @jessfraz @wojtek-t @timothysc @spxtr @thockin @smarterclayton @bprashanth @gmarek
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482)
Used Pods interface for binding.
Used Pods interface for binding in scheduler.
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482)
update kubectl apply doc for required resource name
**What this PR does / why we need it**:
Update kubectl apply doc to illustrate that the resource name is required.
**Which issue this PR fixes** : fixes#44501
**Special notes for your reviewer**:
@liggitt @adohe @jayunit100
**Release note**:
```release-note
```
Automatic merge from submit-queue
bump bazel build to go1.8.1 and remove invalid unit tests
part of https://github.com/kubernetes/kubernetes/issues/38228
I firmly believe that unit tests that check error strings are incorrect unit tests. If we care about what type of error is returned, we need to use public error types. Anywhere we are using generic errors, we don't care other then that we saw an error.
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)
Define const annotation variable once
We do not need to define the const annotation var twice in pkg/volume and pkg/volume/validation
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)
secret.go: add initial symbol and format err
secret.go: add initial symbol and format err
line 198: add initialization symbol
other lines: format err.
Automatic merge from submit-queue (batch tested with PRs 42477, 44462)
Use storage.v1 instead of v1beta1
storage.v1beta1 was used to work around GKE which did not expose v1. Now that GKE is updated, we can switch everything to v1.
This is simple sed v1beta1 -> v1 + enabled a new test + changed preference of exposed interfaces in `storage/install/install.go`.
@msau42, PTAL and let me know when GKE is updated with storage v1 API and this PR can be actually merged.
@kubernetes/sig-storage-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue
Fixed a tiny issue for ShortHumanDuration printer.
Fixed a tiny issue for ShortHumanDuration printer
to avoid "0y" message.
Fixed#44599
Automatic merge from submit-queue
remove resourcename validation in create role
@liggitt Since #44659 is not correct. I think we should fix the validation in create role command.
Automatic merge from submit-queue (batch tested with PRs 44741, 44853, 44572, 44797, 44439)
controller: fix saturation check in Deployments
Fixes https://github.com/kubernetes/kubernetes/issues/44436
@kubernetes/sig-apps-bugs
I'll cherry-pick this back to 1.6 and 1.5
Automatic merge from submit-queue (batch tested with PRs 44741, 44853, 44572, 44797, 44439)
add tests for managed hosts file content
**What this PR does / why we need it**: a tiny refactor to separate concerns host file content from the logic ensuring that the file exists, and also adds unit test.
This is to prepare extending the host file logic to include customized entries described in https://github.com/kubernetes/kubernetes/issues/43632. I'm wary of changing that logic in absence of any unit tests.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Refine ESIPP validation logic in validation.go
Separated from #41162.
The previous ESIPP validation logic in validation.go has a huge overlap with [function healthCheckNodePortUpdate in service/rest.go](870585e8e1/pkg/registry/core/service/rest.go (L283-L373)), in which we reject any invalid modifications on ESIPP annotations.
This PR removes the overlap, and make validation.go only check if values are legal and whether user mixes different API versions (alpha & beta).
We are indeed removing the alpha annotation support, but it is kept in the codes for the ease of transiting the same logic onto beta/GA.
/assign @thockin @freehan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40060, 44860, 44865, 44825, 44162)
Remove unused chmod/chown abstractions
**What this PR does / why we need it**: Simplifies the code
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40060, 44860, 44865, 44825, 44162)
servicecontroller: remove unused zone field
The zone field was unused, and this complicated e.g. #39996
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44862, 42241, 42101, 43181, 44147)
Feature/hpa upscale downscale delay configurable
**What this PR does / why we need it**:
Makes "upscale forbidden window" and "downscale forbidden window" duration configurable in arguments of kube-controller-manager. Those are options of horizontal pod autoscaler.
**Special notes for your reviewer**:
Please have a look @DirectXMan12 , the PR as discussed in Slack.
**Release note**:
```
Make "upscale forbidden window" and "downscale forbidden window" duration configurable in arguments of kube-controller-manager. Those are options of horizontal pod autoscaler. Right now are hardcoded 3 minutes for upscale, and 5 minutes to downscale. But sometimes cluster administrator might want to change this for his own needs.
```
Automatic merge from submit-queue (batch tested with PRs 44862, 42241, 42101, 43181, 44147)
Add short name "netpol" for networkpolicies
**What this PR does / why we need it**:
Add short name for `networkpolicies` in kubectl command for good user experience.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
None
**Special notes for your reviewer**:
None
**Release note**:
```release-note
Add short name "netpol" for networkpolicies
```
Automatic merge from submit-queue
add EditOptions to make edit reusable
FYI. Added `EditOptions` to decouple edit implementation from cobra command, thus make edit reusable. Once this get merged, we can refactor `create` commands to put them in their own package. @kubernetes/sig-cli-misc please give a quick review, and I would like to get this merged asap.
Automatic merge from submit-queue (batch tested with PRs 43575, 44672)
Update deployment and daemonset completeness checks
maxUnavailable being taken into account for deployment completeness has caused a lot of confusion (https://github.com/kubernetes/kubernetes/issues/44395, https://github.com/kubernetes/kubernetes/issues/44657, https://github.com/kubernetes/kubernetes/issues/40496, others as well I am sure) so I am willing to just stop using it and require all of the new Pods for a Deployment to be available for the Deployment to be considered complete (hence both `rollout status` and ProgressDeadlineSeconds will not be successful in cases where a 1-pod Deployment never becomes successful because its Pod never transitions to ready).
@kubernetes/sig-apps-api-reviews thoughts?
```release-note
Deployments and DaemonSets are now considered complete once all of the new pods are up and running - affects `kubectl rollout status` (and ProgressDeadlineSeconds for Deployments)
```
Fixes https://github.com/kubernetes/kubernetes/issues/44395
Automatic merge from submit-queue (batch tested with PRs 43575, 44672)
util/iptables: check for and use new iptables-restore 'wait' argument
iptables-restore did not previously perform any locking, meaning that
when callers (like kube-proxy) asked iptables-restore to write large
numbers of rules, the iptables-restore process might run in parallel
with other 'iptables' invocations in kubelet (hostports), docker,
and other software. This causes errors like:
"CNI request failed with status 400: 'Failed to ensure that nat chain
POSTROUTING jumps to MASQUERADE: error checking rule: exit status 4:
iptables: Resource temporarily unavailable."
or from Docker:
"Failed to allocate and map port 1095-1095: iptables failed:
iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 1095
-j DNAT --to-destination 10.1.0.2:1095 ! -i lbr0: iptables:
Resource temporarily unavailable.\n (exit status 4)"
iptables-restore "wait" functionality was added in iptables git
commit 999eaa241212d3952ddff39a99d0d55a74e3639e which
is not yet in a release.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1417234
@eparis @knobunc @kubernetes/rh-networking @kubernetes/sig-network-misc @freehan @thockin @brendandburns
Automatic merge from submit-queue (batch tested with PRs 44837, 44779, 44492)
Default ObjectNameFunc for all REST Stores
All `Store`s in Kubernetes follow the same logic for determining the name of an object. This change makes it so that `CompleteWithOptions` defaults the `ObjectNameFunc` if it is not specified. Thus a user does not need to remember to use `ObjectMeta.Name`. Using the wrong field as the name can lead to an object which has a name that bypasses normal object name validation.
Signed-off-by: Monis Khan <mkhan@redhat.com>
cc @liggitt @soltysh for review
**Release note**:
```
NONE
```
Automatic merge from submit-queue
unit test for kubectl config set
**What this PR does / why we need it**:
unit test for kubectl config set
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
think you
**Release note**:
```release-note
```
Automatic merge from submit-queue
support subresource when running kubectl create role
```
#kubect create role foo --verb=get,list,watch --resource=pods/status
the server doesn't have a resource type "pods/status"
```
Automatic merge from submit-queue
Exclude master from LoadBalancer / NodePort
The servicecontroller documents that the master is excluded from the
LoadBalancer / NodePort, but this is broken for clusters where we are
using taints for the master (as introduced in 1.6), instead of marking
the master as unschedulable.
This restores the desired documented behaviour, by excluding nodes that
are labeled as masters with the new 1.6 labels, even if they use the new
1.6 taints.
Fix#33884
```release-note
Exclude nodes labeled as master from LoadBalancer / NodePort; restores documented behaviour
```
Automatic merge from submit-queue
Use provided VipPortID for OpenStack LB
**What this PR does / why we need it**:
When creating an OpenStack LoadBalancer, Kubernetes will search through the tenant trying to match the LB's VIP with a port. This is problematic because multiple ports may have the same fixed IP, therefore leading to routing inconsistencies. We should use the port ID provided by the LB's response body instead.
**Which issue this PR fixes**:
https://github.com/kubernetes/kubernetes/issues/43909
**Special notes for your reviewer**:
Since this involves non-deterministic testing, it'd be best if we can run this in a staging environment for a few days before merging (say until early next week).
**Release note**:
```release-note
Fixes issue during LB creation where ports where incorrectly assigned to a floating IP
```
Automatic merge from submit-queue
Improve Service controller's code coverage a little bit
**What this PR does / why we need it**:
Improves the code coverage for Service Controller
Before
```
go test --cover ./pkg/controller/service
ok k8s.io/kubernetes/pkg/controller/service 0.101s coverage: 23.4% of statements
```
After
```
go test --cover ./pkg/controller/service/
ok k8s.io/kubernetes/pkg/controller/service 0.094s coverage: 62.0% of statements
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
More unit testing
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Reorganize the output of "kubectl get -o json"
"resourceVersion" and "selfLink" are members of "metadata" rather than
the list. This change reorganize the struct to provide consistency with
other places.
Before this change:
```json
"kind": "List",
"metadata": {},
"resourceVersion": "",
"selfLink": ""
```
After this change:
```json
"kind": "List",
"metadata": {
"resourceVersion": "",
"selfLink": ""
}
```
Reference:
https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go#L57
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
etcd component status check should include credentials
- [x] Add TLS credentials into `pkg/genericapiserver.Backend`.
- [x] Add TLS credentials into `pkg/registry/core/componentstatus.Server`.
- [x] `pkg/probe/http.httpProber` should accept the TLS credentials.
Now it is working.
```console
$ kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
```
Fixes https://github.com/kubernetes/kubernetes/issues/27343.
Automatic merge from submit-queue
Reject Rules for ExternalIP and svc port if no ep
- Install ICMP Reject Rules for externalIP and svc port
if no endpoints are present
- Includes Unit Test case
- Fixes#44516
**What this PR does / why we need it**:
Explained in issue #44516
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
`Fixes #44516`
**Special notes for your reviewer**:
Similar to #43415
Feedback welcome. Will be happy to improve the patch.
Unit Test done and passing.
**Release note**:
```release-note
```
Automatic merge from submit-queue
Add bootstrap support to certificate manager.
Adds configuration options to certificate manager for using bootstrap cert/key
pairs to handle the scenario where new nodes are initialized using a generic
cert/key pair. Bootstrap cert/key pairs are quickly rotated, independent of
duration remaining, so that each kubelet has a unique cert/key pair.
Automatic merge from submit-queue (batch tested with PRs 44625, 43594, 44756, 44730)
Check for terminating Pod prior to launching successor in StatefulSet
Modifies sync loop for StatefulSet controller to check if a Pod is terminating before launching its successor. Fixes#44229. Should be cherry picked into 1.6 branch.
**Which issue this PR fixes**
fixes#44229
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44625, 43594, 44756, 44730)
Don't rebuild service map in iptables kube-proxy all the time
A sibling PR to https://github.com/kubernetes/kubernetes/pull/44494 (doing pretty much the same for services that we did for endpoints).
Automatic merge from submit-queue (batch tested with PRs 44625, 43594, 44756, 44730)
Retry secret reference addition on conflict
* Tolerates leading or trailing etcd reads when fetching liveServiceAccount - fixes#25416
* Tolerates conflicts when updating the service account with the secret reference (does RetryOnConflict before deleting token and completely restarting the flow) - fixes#44054
All Stores in Kubernetes follow the same logic for determining the name
of an object. This change makes it so that CompleteWithOptions defaults
the ObjectNameFunc if it is not specified. Thus a user does not need to
remember to use ObjectMeta.Name. Using the wrong field as the name can
lead to an object which has a name that bypasses normal object name
validation.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 42202, 40784, 44642, 44623, 44761)
fix comment error for network plugin
**What this PR does / why we need it**:
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42202, 40784, 44642, 44623, 44761)
make kubectl clientcache thread safe
**What this PR does / why we need it**:
Prevent panics when accessing kubectl client cache concurrently.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/helm/issues/1879
Automatic merge from submit-queue (batch tested with PRs 42202, 40784, 44642, 44623, 44761)
Update CNI plugin to newest version; support ConfigLists
**What this PR does / why we need it**: Updates the CNI network plugin to use the newest version of CNI. This brings with it plugin chaining and support for multiple versions.
**Special notes for your reviewer**: This libcni change is backwards-compatible - older plugins will work without any changes needed.
**Release note**:
```release-note
This adds support for CNI ConfigLists, which permit plugin chaining.
```
Automatic merge from submit-queue
remove warning infomation when using '*'
```
#kubectl auth can-i "*" "*"
Warning: the server doesn't have a resource type '*'
yes
```
Automatic merge from submit-queue
More RC/RS controller logging updates
We were comparing the address of the old and new RC.spec.replicas and we
have to compare the values. This only affects logging.
Update RS controller to match RC controller to log when spec.replicas
changes, not status.replicas.
@kargakis @janetkuo @sttts @liggitt
Andy Goldstein
