Automatic merge from submit-queue
Mark "RW PD, remove it, then schedule" test flaky
Mark test as flaky while it is being investigated. Tracked by https://github.com/kubernetes/kubernetes/issues/27691
Assigning to @jlowdermilk since he's on call
Automatic merge from submit-queue
Fix initialization of volume controller caches.
Fix `PersistentVolumeController.initializeCaches()` to pass pointers to volume or claim to `storeObjectUpdate()` and add extra functions to enforce that the right types are checked in the future.
Fixes#28076
Automatic merge from submit-queue
Enable setting up Kubernetes cluster in Ubuntu on Azure
Implement basic cloud provider functionality to deploy Kubernetes on
Azure. SaltStack is used to deploy Kubernetes on top of Ubuntu
virtual machines. OpenVpn provides network connectivity. For
kubelet authentication, we use basic authentication (username and
password). The scripts use the legacy Azure Service Management APIs.
We have set up a nightly test job in our Jenkins server for federated
testing to run the e2e test suite on Azure. With the cloud provider
scripts in this commit, 14 e2e test cases pass in this environment.
We plan to implement additional Azure functionality to support more
test cases.
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/21207)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Should verify --secure-port and --insecure-port when starting kube-apiserver
When starting kube-apiserver, if we pass the flag `--secure-port` or `--insecure-port` with an invalid value (i.e. < 1 or > 65535), though there is an error message, the apiserver still runs normally. Actually, it should exit (as when not passing the flag `--etcd-servers` does), or else it's meaningless.
This fix is similar to #27762.
Maybe there is still other flags which have to be verified, if found, I will try to fix them.
Before fix:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1 &
[1] 1500
root@vm:/home/paas/zxp/log/kube# E0623 04:14:15.378332 1500 controller.go:97] Unable to perform initial Kubernetes service initialization: Endpoints "kubernetes" is invalid: [subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive, subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive]
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] listing is available at https://172.16.1.11:-1/swaggerapi/
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] https://172.16.1.11:-1/swaggerui/ is mapped to folder /swagger-ui/
E0623 04:14:15.422742 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube#
root@vm:/home/paas/zxp/log/kube# E0623 04:14:30.425211 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube# ps -ef|grep kube
root 1500 13507 1 04:14 pts/1 00:00:00 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1
```
After:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1 &
[1] 10570
root@vm:/home/paas/zxp/log/kube# F0623 05:37:16.124206 10570 genericapiserver.go:594] --insecure-port -1 must be between 1 and 65535, inclusive
goroutine 1 [running]:
k8s.io/kubernetes/vendor/github.com/golang/glog.stacks(0x4418400, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:766 +0xb8
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).output(0x43f7f60, 0xc800000003, 0xc8200e4600, 0x42b2d5a, 0x13, 0x252, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:717 +0x259
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).printf(0x43f7f60, 0xc800000003, 0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:655 +0x1d4
k8s.io/kubernetes/vendor/github.com/golang/glog.Fatalf(0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:1145 +0x5d
k8s.io/kubernetes/pkg/genericapiserver.verifyInsecurePort(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:594 +0x103
k8s.io/kubernetes/pkg/genericapiserver.ValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:603 +0x59
k8s.io/kubernetes/pkg/genericapiserver.DefaultAndValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:607 +0x4e
k8s.io/kubernetes/cmd/kube-apiserver/app.Run(0xc820468b40, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:83 +0x344
main.main()
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/apiserver.go:50 +0x121
[1]+ Exit 255 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1
root@vm:/home/paas/zxp/log/kube#
```
Fix PersistentVolumeController.initializeCaches() to pass pointers to volume
or claim to storeObjectUpdate() and add extra functions to enforce that the
right types are checked in the future.
Fixes#28076
Automatic merge from submit-queue
Add support for basic QoS and pod level cgroup management
This PR is a WIP and is tied to this upstream issue #27204
It adds support for creation,deletion and updates of cgroups in Kubernetes.
@vishh PTAL
Please note that the first commit is part of this PR: #27749
cc @kubernetes/sig-node
Signed-off-by: Buddha Prakash <buddhap@google.com>
Automatic merge from submit-queue
Hotfix: Fixup the hyperkube dns manifest from a breaking federation PR
This one has to be cherrypicked into v1.3.0, ref: #27986
@girishkalele @madhusudancs @quinton-hoole @eparis @nikhiljindal @mml @roberthbailey @david-mcmahon
Automatic merge from submit-queue
Use preferred group version when discovery fails due to 403
```
kubectl get pods --as bob
```
Returns:
```
error: failed to negotiate an api version; server supports: map[], client supports: map[autoscaling/v1:{} rbac.authorization.k8s.io/v1alpha1:{} federation/v1alpha1:{} batch/v1:{} v1:{} authentication.k8s.io/v1beta1:{} apps/v1alpha1:{} componentconfig/v1alpha1:{} authorization.k8s.io/v1beta1:{} batch/v2alpha1:{} extensions/v1beta1:{} policy/v1alpha1:{}]
```
It should return:
```
User "deads" cannot "impersonate" "users" with name "bob" in project ""
```
`serverVersions` is empty when discovery fails, thus we fallback to the `preferredGV`.
See openshift/origin#9307 and [openshift/origin/pull/9389](https://github.com/openshift/origin/pull/9389) for further details.
Automatic merge from submit-queue
Refactor func canRunPod
After refactoring, we only need to check `if pod.Spec.SecurityContext == nil` once. The logic is a bit clearer.
Automatic merge from submit-queue
e2e: Allow skipping tests for specific runtimes, skip a few tests under rkt
The main benefit of this is that it gives a developer more useful output (more signal to noise) for things that are known broken on that runtime.
cc @kubernetes/rktnetes-maintainers , @ixdy
I'll run this PR through our jenkins and make sure things look happy and compare to the e2e results for this PR.
Automatic merge from submit-queue
Fix pkg/kubelet unit tests fail on OSX
use runtime.GOOS for the OperatingSystem and not hardcode it to linux.
Fixes#27730
Automatic merge from submit-queue
[Refactor] QOS to have QOS Class type for QoS classes
This PR adds a QOSClass type and initializes QOSclass constants for the three QoS classes.
It would be good to use this in all future QOS related features.
This would be good to have for the (Pod level cgroups isolation proposal)[https://github.com/kubernetes/kubernetes/pull/26751] that i am working on aswell.
@vishh PTAL
Signed-off-by: Buddha Prakash <buddhap@google.com>
Automatic merge from submit-queue
Fix attach command for InitContainers
Added InitContainers to the things that GetContainer in attach.go has to look for to find a container to attach. Also test case added.
fixes#27540
Automatic merge from submit-queue
Kubelet can retrieve host IP even when apiserver has not been contacted
fixes https://github.com/kubernetes/kubernetes/issues/26590, fixes https://github.com/kubernetes/kubernetes/issues/6558
Right now the kubelet expects to get the hostIP from the kubelet's local nodeInfo cache. However, this will be empty if there is no api-server (or the apiServer has not yet been contacted).
In the case of static pods, this change means the downward api can now be used to populate hostIP.
Automatic merge from submit-queue
Add not-running check to kubectl-exec
Different cases:
- pod is started, container terminated:
```
error: error executing remote command: error executing command in container: container not found ("sleep1")
```
- pod has terminated:
```
error: cannot exec into a container in a completed pod; current phase is Succeeded
```
- container does not exist in pod spec:
```
Error from server: container foo is not valid for pod multi-container
```
Fixes https://github.com/openshift/origin/issues/8472#event-681794952
Automatic merge from submit-queue
vSphere provider - Getting node data by ip instead of uuid
To get the uuid we need the service to be running as root. This change
allows us to run the controller-manager and api server as non-root.
Automatic merge from submit-queue
kubelt: Remove a couple lines of dead code
Presumably that code was added for debugging reasons and never removed. Hopefully.
If it's actually important and there's a good reason to do what looks like a no-op to get pause-the-world behaviour or whatever, I'd hope there'd be a comment.
cc @pwittrock
Automatic merge from submit-queue
Set network related flags for container gen-swagger-docs
When running `hack/update-api-reference-docs.sh`, I get failure messages as below. This is because:
My env is behind a proxy, I have to input username/password in a page first for authentication before visiting internet. But I have no any way to visit that page in GUI mode in the container gen-swagger-docs. Can we run the container gen-swagger-docs using host network and passing an env variable `https_proxy` to it? I try this way and it works well. This would be helpful for me and other developers who may have this issue.
cc @caesarxuchao Thanks!
```
root@vm:/home/paas/zxp/code/k8s/fork/kubernetes# hack/update-api-reference-docs.sh
Note: This assumes that swagger spec has been updated. Please run hack/update-swagger-spec.sh to ensure that.
Generating api reference docs at /home/paas/zxp/code/k8s/fork/kubernetes/_output/generated_html
Reading swagger spec from: /home/paas/zxp/code/k8s/fork/kubernetes/api/swagger-spec/
--2016-06-09 16:35:26-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
--2016-06-09 16:36:06-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
--2016-06-09 16:36:46-- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/api/v1/register.go
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... failed: Name or service not known.
wget: unable to resolve host address ‘raw.githubusercontent.com’
!!! Error in hack/update-api-reference-docs.sh:71
'docker run ${user_flags} --rm -v "${TMP_IN_HOST}":/output:z -v "${SWAGGER_PATH}":/swagger-source:z gcr.io/google_containers/gen-swagger-docs:v5 "${SWAGGER_JSON_NAME}" "${REGISTER_FILE_URL}"' exited with status 1
Call stack:
1: hack/update-api-reference-docs.sh:71 main(...)
Exiting with status 1
```
Automatic merge from submit-queue
[client-gen]Add Patch to clientset
* add the Patch() method to the clientset.
* I have to rename the existing Patch() method of `Event` to PatchWithEventNamespace() to avoid overriding.
* some minor changes to the fake Patch action.
cc @Random-Liu since he asked for the method
@kubernetes/sig-api-machinery
ref #26580
```release-note
Add the Patch method to the generated clientset.
```
Automatic merge from submit-queue
Dynamically derive AttachOptions.CommandName
This PR sets AttachOptions.CommandName dynamically depending on the corba Command
hierarchy. If the root command is named e.g. "oc" (for the OpenShift cli) this
will result in "oc attach" instead of the static "kubectl attach" before this
patch.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1341450
Automatic merge from submit-queue
Fix startup type error in initializeCaches
The following error was getting logged:
PersistentVolumeController can't initialize caches, expected list of volumes, got:
&{TypeMeta:{Kind: APIVersion:} ListMeta:{SelfLink:/api/v1/persistentvolumes ResourceVersion:11} Items:[]}
The tests make extensive use of NewFakeControllerSource which uses api.List
instead of api.PersistentVolumeList. So use reflect to help iterate over the
items then assert the item type.
fixes#27757
Automatic merge from submit-queue
optimize deleteFromIndices method of thread_safe_store
As all methods of thread_safe_store are threadsafe, so i think, in deleteFromIndices method, if the index is nil, need not run the for structure below
Automatic merge from submit-queue
daemon/controller.go: refactor worker
1. function name is better to be verb or verb+noun
2. remove unnecessary func call
Automatic merge from submit-queue
cacher.go: remove NewCacher func
NewCacher is a wrapper of NewCacherFromConfig. NewCacher understands
how to create a key func from scopeStrategy. However, it is not the
responsibility of cacher. So we should remove this function, and
construct the config in its caller, which should understand scopeStrategy.
Automatic merge from submit-queue
let patch use --local flag like `kubectl set image`
Adds the concept of a `--local` flag to `kubectl patch`. This flag is similar to `kubectl set image -f --local` because it will use the content of the file as the input to the patch operation instead of using the file content to file resource/name tuples.
This pull lets you run something like `kubectl create deployment --dry-run -o yaml | kubectl set volume --local -f - -o yaml | kubectl patch --local -f - --patch {} | kubectl create -f -`
As proof that it works, you can run against a local file just to mess around with it, but `--local -f -` is the most likely case.
```
$kubectl patch --local -f pkg/api/validation/testdata/v1/validPod.yaml --patch='{"spec": {"restartPolicy":"Never"}}'
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
name: redis-master
name: name
spec:
containers:
- args:
- this
- is
- an
- ok
- command
image: gcr.io/fake_project/fake_image:fake_tag
name: master
resources: {}
restartPolicy: Never
status: {}
```
This is useful for setting rarely used, but immutable fields from `kubectl create` or `kubectl convert` without dropping to an interactive editor.
Some discussion here: https://github.com/kubernetes/kubernetes/issues/21648#issuecomment-218579977
@smarterclayton @kubernetes/kubectl
@eparis @soltysh @stevekuznetsov we've talked about this separately
Automatic merge from submit-queue
[fix] allow ALLOW_PRIVILEGED to be passed to kubelet and kube-api
This is something that we need for running docker in docker. Please let me know if you would consider this change. Thanks :)
k8s-merge-robot
