Automatic merge from submit-queue (batch tested with PRs 36310, 37349, 38319, 38402, 38338)
add summarizing discovery controller and handlers
Requires https://github.com/kubernetes/kubernetes/pull/38304 .
This adds discovery support to the new `kubernetes-discovery` that runs based on a controller wired up to the `APIService.apiregistration.k8s.io`. It also adds in plumbing for `local-up-cluster.sh` to register the "normal" kube resources.
@kubernetes/sig-api-machinery
@sttts
Automatic merge from submit-queue
[Federation] Make federation etcd PVC size configurable
This one implements one of the many TODO items pending in the previous set of kubefed PRs.
The design doc PR is at https://github.com/kubernetes/kubernetes/pull/34484
cc @kubernetes/sig-cluster-federation @madhusudancs
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```
[Federation] kubefed init now has a new flag, --etcd-pv-capacity, which can be used to configure the persistent volume capacity for etcd.
```
Automatic merge from submit-queue
kubedns: use initial resource listing as ready signal
Fix#35140.
Set up the ready signal after the first resource listing finished for both endpoints and services instead of listen on kubernetes service.
@bprashanth @bowei @thockin
**Release note**:
```
```
Automatic merge from submit-queue
Fix local-cluster-up on Mac and discovery on all systems
- use cfssl on the host, not from Docker. Solves a number of permission problem with selinux and Mac
- fix discovery startup
Automatic merge from submit-queue (batch tested with PRs 38260, 32811, 28458, 33570, 37096)
Fix support for DNS in local-up-cluster.sh
[]()
The default appears to be gce now, so this tries to spawn a service in
gce... not the desired outcome for a local test setup.
We also need to sync the kubectl config in the script with the instructions for users, since if people don't test with DNS enabled, it bitrots (which this aims to fix).
To test manually, run something like
```
sudo KUBE_ENABLE_CLUSTER_DNS=true API_HOST_IP=0.0.0.0 ./hack/local-up-cluster.sh
```
The API_HOST_IP=0.0.0.0 is required, otherwise the master is not contactable by kubedns, and the dns pod will fail readychecking on the healthz pod.
Automatic merge from submit-queue (batch tested with PRs 38318, 38258)
kernel memcg notification enabled via experimental flag
Kubelet integrates with kernel memcg notification API if and only if enabled via experimental flag.
Automatic merge from submit-queue (batch tested with PRs 36543, 38189, 38289, 38291, 36724)
add authentication/authorization to kubernetes-discovery
Wires authentication and authorization into `kubernetes-discovery` and re-enables the `local-up-cluster.sh` along with proper permission granting for RBAC cases.
@sttts @liggitt
Automatic merge from submit-queue (batch tested with PRs 35101, 38215, 38092)
fix informer generation
Informer generation doesn't work for informers from a different clientset. This updates the generator to generate the internal interfaces required to break the cycle.
@ncdc take a look at the last two commits.
Automatic merge from submit-queue
Disable kubernetes-discovery in local-up-cluster.sh
fix#38257
Fixes local-up-cluster until kubernetes-discovery flags are hooked up
Automatic merge from submit-queue
update local-up-cluster to allow full authentication proxying
Adds group and header information in auth proxy authenticator options for `local-up-cluster.sh`. Must have been missed in the rebase madness.
Automatic merge from submit-queue (batch tested with PRs 38173, 38151, 38197, 38221)
Include resource type headers in diff report
**What this PR does / why we need it**: when checking for leaked resources, we report a failure only if there were additions to the diff - we don't want resources that were deleted during the run to count as a failure.
The logic for this removes the resource type headers from the diff report, however, so it's harder to understand what leaked.
For example, in https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-e2e-gke-alpha-features-release-1.5/196/, the test failure shows
```
Error: 4 leaked resources
+NAME REGION IP_ADDRESS IP_PROTOCOL TARGET
+a66878dbaad1f11e695b342010af0002 us-central1 104.198.182.83 TCP us-central1/targetPools/a66878dbaad1f11e695b342010af0002
+NAME REGION SESSION_AFFINITY BACKUP HEALTH_CHECKS
+a66878dbaad1f11e695b342010af0002 us-central1 a66878dbaad1f11e695b342010af0002
```
but the [actual diff](https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-gke-alpha-features-release-1.5/196/artifacts/gcp-resources-diff.txt) contains more information:
```
--- /workspace/_artifacts/gcp-resources-before.txt 2016-12-01 14:39:14.260049037 -0800
+++ /workspace/_artifacts/gcp-resources-after.txt 2016-12-01 14:39:14.260049037 -0800
@@ -34,8 +34 @@ [ addresses ]
-NAME REGION ADDRESS STATUS
-a03d0e020a6bc11e6855f42010af0001 us-central1 104.197.135.88 RESERVED
-a23f20a47a6a011e6829a42010af0004 us-central1 104.197.147.212 RESERVED
-a32291b51a5e611e6b73342010af0002 us-central1 104.198.171.178 RESERVED
-a3c93cf79a65811e6b7c242010af0001 us-central1 104.198.58.57 RESERVED
-a9ac5bd1ba62811e68d1142010af0004 us-central1 104.154.134.135 RESERVED
-adae4c1a7a69511e6b2df42010af0000 us-central1 104.198.182.83 RESERVED
-adb4a80caa60311e689a942010af0001 us-central1 104.154.116.195 RESERVED
+
@@ -64 +57,2 @@ [ forwarding-rules ]
-
+NAME REGION IP_ADDRESS IP_PROTOCOL TARGET
+a66878dbaad1f11e695b342010af0002 us-central1 104.198.182.83 TCP us-central1/targetPools/a66878dbaad1f11e695b342010af0002
@@ -68 +62,2 @@ [ target-pools ]
-
+NAME REGION SESSION_AFFINITY BACKUP HEALTH_CHECKS
+a66878dbaad1f11e695b342010af0002 us-central1 a66878dbaad1f11e695b342010af0002
```
This PR will include the `[ type header ]`s in the report if resources are leaked.
cc @fejta
Automatic merge from submit-queue
add a configuration for kubelet to register as a node with taints
and deprecate --register-schedulable
ref #28687#29178
cc @dchen1107 @davidopp @roberthbailey
Automatic merge from submit-queue (batch tested with PRs 36990, 37494, 38152, 37561, 38136)
join client CA bundles
Last commit grabs client CA bundles from disparate parts of the auth config and makes a pool that contains all of them.
I suspect a rebase broke this because of ordering. I'll keep these separate to make it easier for me to debug.
Automatic merge from submit-queue (batch tested with PRs 36990, 37494, 38152, 37561, 38136)
api federation types
First commit adds types that can back the kubernetes-discovery server with an `kubectl` compatible way of adding federated servers. Second commit is just generated code.
After we have types, I'd like to start splitting `kubernetes-discovery` into a "legacy" mode which will support what we have today and a "normal" mode which will provide an API federation server like this: https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/federated-api-servers.md that includes both discovery and proxy in a single server. Something like this: https://github.com/openshift/kube-aggregator .
@kubernetes/sig-api-machinery @nikhiljindal
Automatic merge from submit-queue
Add "make help" to list all make targets and help info
As discussed in [PR#29320comment](https://github.com/kubernetes/kubernetes/pull/29320#issuecomment-234420145), add a `make help` to make the use of `make` easy. Though it works well on my Ubuntu now (see the output as below, not sure if it still works on other systems), I believe the scripts are somewhat ugly, so, any suggestion for optimization is welcome.
BTW, I intended to list targets by groups, but it's hard to do that automatically. So I just list them in alphabetical order. I think this may be enough.
There are still some TODOs (also mentioned in the Makefile):
1. make EXCLUDE_TARGET auto-generated when there are other files in cmd/
2. should we exclude the target "cmd/libs" but include "cmd/libs/go2idl/*"?
3. should we let `help` be the first/default target? It will show the help when we just type `make`.
1 and 2 are to exclude the invalid targets generated by `$(notdir $(abspath $(wildcard cmd/*/)))`:
- OWNERS is just a file, it can't be a target
- libs itself cannot be built
/cc @thockin @jfrazelle @MHBauer @dims
Output:
```
root@vm:/home/paas/zxp/code/k8s/fork/kubernetes# make help
--------------------------------------------------------------------------------
all
# Build code.
#
# Args:
# WHAT: Directory names to build. If any of these directories has a 'main'
# package, the build will produce executable files under _output/go/bin.
# If not specified, "everything" will be built.
# GOFLAGS: Extra flags to pass to 'go' when building.
# GOLDFLAGS: Extra linking flags passed to 'go' when building.
# GOGCFLAGS: Additional go compile flags passed to 'go' when building.
#
# Example:
# make
# make all
# make all WHAT=cmd/kubelet GOFLAGS=-v
# make all GOGCFLAGS="-N -l"
# Note: Use the -N -l options to disable compiler optimizations an inlining.
# Using these build options allows you to subsequently use source
# debugging tools like delve.
---------------------------------------------------------------------------------
check
# Build and run tests.
#
# Args:
# WHAT: Directory names to test. All *_test.go files under these
# directories will be run. If not specified, "everything" will be tested.
# TESTS: Same as WHAT.
# GOFLAGS: Extra flags to pass to 'go' when building.
# GOLDFLAGS: Extra linking flags to pass to 'go' when building.
# GOGCFLAGS: Additional go compile flags passed to 'go' when building.
#
# Example:
# make check
# make test
# make check WHAT=pkg/kubelet GOFLAGS=-v
---------------------------------------------------------------------------------
clean
# Remove all build artifacts.
#
# Example:
# make clean
#
# TODO(thockin): call clean_generated when we stop committing generated code.
---------------------------------------------------------------------------------
clean_generated
# Remove all auto-generated artifacts.
#
# Example:
# make clean_generated
---------------------------------------------------------------------------------
clean_meta
# Remove make-related metadata files.
#
# Example:
# make clean_meta
---------------------------------------------------------------------------------
cross
# Cross-compile for all platforms
#
# Example:
# make cross
---------------------------------------------------------------------------------
federation-apiserver
federation-controller-manager
genfeddocs
# Add rules for all directories in federation/cmd/
#
# Example:
# make federation-apiserver federation-controller-manager
---------------------------------------------------------------------------------
gendocs
genkubedocs
genman
genswaggertypedocs
genutils
genyaml
hyperkube
kube-apiserver
kube-controller-manager
kubectl
kube-dns
kubelet
kubemark
kube-proxy
kubernetes-discovery
libs
linkcheck
mungedocs
# Add rules for all directories in cmd/
#
# Example:
# make kubectl kube-proxy
---------------------------------------------------------------------------------
generated_files
# Produce auto-generated files needed for the build.
#
# Example:
# make generated_files
---------------------------------------------------------------------------------
ginkgo
# Build ginkgo
#
# Example:
# make ginkgo
---------------------------------------------------------------------------------
help
# Print make targets and help info
#
# Example:
# make help
---------------------------------------------------------------------------------
quick-release
# Build a release, but skip tests
#
# Example:
# make release-skip-tests
---------------------------------------------------------------------------------
release
# Build a release
#
# Example:
# make release
---------------------------------------------------------------------------------
release-skip-tests
# Build a release, but skip tests
#
# Example:
# make release-skip-tests
---------------------------------------------------------------------------------
test
# Build and run tests.
#
# Args:
# WHAT: Directory names to test. All *_test.go files under these
# directories will be run. If not specified, "everything" will be tested.
# TESTS: Same as WHAT.
# GOFLAGS: Extra flags to pass to 'go' when building.
# GOLDFLAGS: Extra linking flags to pass to 'go' when building.
# GOGCFLAGS: Additional go compile flags passed to 'go' when building.
#
# Example:
# make check
# make test
# make check WHAT=pkg/kubelet GOFLAGS=-v
---------------------------------------------------------------------------------
test-cmd
# Build and run cmdline tests.
#
# Example:
# make test-cmd
---------------------------------------------------------------------------------
test-e2e
# Build and run end-to-end tests.
#
# Example:
# make test-e2e
---------------------------------------------------------------------------------
test-e2e-node
# Build and run node end-to-end tests.
#
# Args:
# FOCUS: Regexp that matches the tests to be run. Defaults to "".
# SKIP: Regexp that matches the tests that needs to be skipped. Defaults
# to "".
# RUN_UNTIL_FAILURE: If true, pass --untilItFails to ginkgo so tests are run
# repeatedly until they fail. Defaults to false.
# REMOTE: If true, run the tests on a remote host instance on GCE. Defaults
# to false.
# IMAGES: For REMOTE=true only. Comma delimited list of images for creating
# remote hosts to run tests against. Defaults to a recent image.
# LIST_IMAGES: If true, don't run tests. Just output the list of available
# images for testing. Defaults to false.
# HOSTS: For REMOTE=true only. Comma delimited list of running gce hosts to
# run tests against. Defaults to "".
# DELETE_INSTANCES: For REMOTE=true only. Delete any instances created as
# part of this test run. Defaults to false.
# ARTIFACTS: For REMOTE=true only. Local directory to scp test artifacts into
# from the remote hosts. Defaults to ""/tmp/_artifacts".
# REPORT: For REMOTE=false only. Local directory to write juntil xml results
# to. Defaults to "/tmp/".
# CLEANUP: For REMOTE=true only. If false, do not stop processes or delete
# test files on remote hosts. Defaults to true.
# IMAGE_PROJECT: For REMOTE=true only. Project containing images provided to
# IMAGES. Defaults to "kubernetes-node-e2e-images".
# INSTANCE_PREFIX: For REMOTE=true only. Instances created from images will
# have the name "-". Defaults to "test".
# INSTANCE_METADATA: For REMOTE=true and running on GCE only.
#
# Example:
# make test-e2e-node FOCUS=Kubelet SKIP=container
# make test-e2e-node REMOTE=true DELETE_INSTANCES=true
# make test-e2e-node TEST_ARGS="--cgroups-per-qos=true"
# Build and run tests.
---------------------------------------------------------------------------------
test-integration
# Build and run integration tests.
#
# Example:
# make test-integration
---------------------------------------------------------------------------------
verify
# Runs all the presubmission verifications.
#
# Args:
# BRANCH: Branch to be passed to verify-godeps.sh script.
#
# Example:
# make verify
# make verify BRANCH=branch_x
---------------------------------------------------------------------------------
vet
# Run 'go vet'.
#
# Args:
# WHAT: Directory names to vet. All *.go files under these
# directories will be vetted. If not specified, "everything" will be
# vetted.
#
# Example:
# make vet
# make vet WHAT=pkg/kubelet
---------------------------------------------------------------------------------
```
Automatic merge from submit-queue (batch tested with PRs 38149, 38156, 38150)
Node E2E: Remove setup-node option
This PR removes `setup-node` option, because:
* It is misleading. `setup-node` doesn't really setup the node, test framework will only put current user into docker user group when it is specified.
* It is not necessary anymore. Because we always run node e2e test as root now, we don't need to do this anymore.
This is a minor cleanup preparing for my test framework refactoring work. Will send out the refactor PR later.
/cc @kubernetes/sig-node
Automatic merge from submit-queue (batch tested with PRs 38149, 38156, 38150)
Remove girishkalele from most places
@matchstick you might need to help here. I am doing this because the bot is trying to create an issue assigned to @girishkalele but it cannot be created as he is not a member of the org any longer.
Automatic merge from submit-queue (batch tested with PRs 37328, 38102, 37261, 31321, 38146)
Add federation-openapi-spec to update-all targets
As `make verify` runs all `hack/verify-*` scripts (with some exceptions), `update-all.sh` should be in sync. It is missing all the federation targets right now, but `verify-federation-openapi-spec.sh` exists. Hence, we add that.
@nikhiljindal @mbohlool what about the other federation update scripts?
Automatic merge from submit-queue (batch tested with PRs 38111, 38121)
Prevent SIGPIPE errors causing the version check line to fail
The way we use pipe in hack/lib/etcd.sh when processing the version command can lead to
141 failues on some systems. Using a prefix of tail can prevent this.
Fixes#38109
Automatic merge from submit-queue (batch tested with PRs 37208, 37446, 37420)
Move "-short" to KUBE_TEST_ARGS
fixes#37445
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
"-short" is a argument of "go test", it should be moved to
"KUBE_TEST_ARGS".
Automatic merge from submit-queue
Split inflight requests into read-only and mutating groups
cc @smarterclayton @lavalamp @caesarxuchao
```release-note
API server have two separate limits for read-only and mutating inflight requests.
```
Automatic merge from submit-queue (batch tested with PRs 36816, 37534)
Move pkg/api/unversioned to pkg/apis/meta/v1
This moves code from using pkg/api/unversioned to pkg/apis/meta/v1 with the `metav1` local package name.
Built on top of #37532 (the first three commits related to ExportOptions)
Part of #37530
Automatic merge from submit-queue
plumb in front proxy group header
Builds on https://github.com/kubernetes/kubernetes/pull/36662 and https://github.com/kubernetes/kubernetes/pull/36774, so only the last commit is unique.
This completes the plumbing for front proxy header information and makes it possible to add just the front proxy header authenticator.
WIP because I'm going to assess it in use downstream.
Automatic merge from submit-queue
kubectl top pod|node should handle when Heapster is somewhere else
OpenShift runs Heapster on HTTPS, which means `top node` and `top pod`
are broken because they hardcode 'http' as the scheme. Provide an
options struct allowing users to specify `--heapster-namespace`,
`--heapster-service`, `--heapster-scheme`, and `--heapster-port` to the
commands (leveraging the existing defaults).
@kubernetes/sig-metrics makes top a little more useful in other spots
Jun Gong