For LoadBalancer type service:
- Verifies corresponding firewall rule has correct sourceRanges, ports
& protocols, target tags.
- Verifies requests can reach all expected instances.
- Verifies requests can not reach instances that are not included.
For Ingress resrouce:
- Verifies the ingress firewall rule has correct sourceRanges, target
tags and tcp ports.
For general e2e cluster:
- Verifies all required firewall rules has correct sourceRange, ports
& protocols, source tags and target tags.
- Verifies well know ports on master and nodes are not
exposed externally
Automatic merge from submit-queue
Use daemonset in docker registry add on
When using registry add on with kubernetes cluster it will be right to use `daemonset` to bring up a pod on each node of cluster, right now the docs suggests to bring up a pod on each node manually by dropping the pod manifests into directory `/etc/kubernetes/manifests`.
Automatic merge from submit-queue
use in-cluster kubeconfig for genericapiserver
Allow the use of the in-cluster config to communicate with the core API server for delegated authn/authz for an addon API server.
@kubernetes/sig-api-machinery @sttts
Automatic merge from submit-queue
Don't check nodeport for nginx ingress
Services behind a standard nginx ingress don't need nodeport, so don't check that.
Automatic merge from submit-queue (batch tested with PRs 38730, 37299)
[scheduling] Moved node affinity from annotations to api fields. #35518
Converted node affinity from annotations to api fields
Fixes: #35518
Related: #25319
Related: #34508
**Release note**:
```release-note
Node affinity has moved from annotations to api fields in the pod spec. Node affinity that is defined in the annotations will be ignored.
```
Automatic merge from submit-queue
Automatically download missing kube binaries in kube-up/kube-down.
**What this PR does / why we need it**: some users extract `kubernetes.tar.gz` and then immediately call `cluster/kube-up.sh` without first calling the new `cluster/get-kube-binaries.sh` script. As a result, the cluster fails to start, but it's not immediately clear why binaries are missing.
This PR streamlines this workflow by detecting this condition and prompting the user to download necessary binaries (using `cluster/get-kube-binaries.sh`).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#38725
cc @arun-gupta @christian-posta
Automatic merge from submit-queue
Remove dead code in `pkg/registry/generic/registry/store.go`
Fixes#38822
Depending on the intent of the original code, the correct fix may instead be:
```go
if name, ok := p.MatchesSingle(); ok {
key, err := e.KeyFunc(ctx, name)
if err != nil {
return nil, err
}
w, err := e.Storage.Watch(ctx, key, resourceVersion, p)
if err != nil {
return nil, err
}
if e.Decorator != nil {
return newDecoratedWatcher(w, e.Decorator), nil
}
return w, nil
// if we cannot extract a key based on the current context, the optimization is skipped
}
```
Signed-off-by: Monis Khan <mkhan@redhat.com>
cc @deads2k
Automatic merge from submit-queue
genericapiserver: turn APIContainer.SecretRoutes into a real ServeMux
The secret routes `Mux` is actually a `http.ServeMux` and we are type-casting to it. For downstream we want to wrap it into a restful container which also needs a real `http.ServeMux`.
Automatic merge from submit-queue
Fix Recreate for Deployments and stop using events in e2e tests
Fixes https://github.com/kubernetes/kubernetes/issues/36453 by removing events from the deployment tests. The test about events during a Rolling deployment is redundant so I just removed it (we already have another test specifically for Rolling deployments).
Closes https://github.com/kubernetes/kubernetes/issues/32567 (preferred to use pod LISTs instead of a new status API field for replica sets that would add many more writes to replica sets).
@kubernetes/deployment
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)
[Federation] Stop cleaning federation namespace in e2e tests
when --clean-start=true flag is provided to e2e tests it would cleanup all the leftover namespaces except `default` and `kube-system` and because of this when we run e2e tests in federation soak test job, the federation control plane is destroyed before it runs the tests and all tests start to fail.
So adding federation-system to the list of namespace to be left intact and also changed the default federation namespace name from `federation` to `federation-system` to be consistent with the newer method of deploying federation using kubefed.
@madhusudancs @nikhiljindal
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)
Remove the ReadyReplica version guard
**What this PR does / why we need it**: Removes outlived version guards.
**Which issue this PR fixes**: fixes#37310
Automatic merge from submit-queue
[Federation][init-11.2] use USE_KUBEFED env var to choose bw old and new federation deployment
This is continuation of #35961
USE_KUBEFED variable is used for deploying federation control plane. if not defined, federation will be brought up using old method i.e scripts.
Have verified that federation comes up using the old method, using following steps
```
$ export FEDERATION=true
$ export E2E_ZONES="asia-east1-c"
$ export FEDERATION_PUSH_REPO_BASE=gcr.io/<my-project>
$ KUBE_RELEASE_RUN_TESTS=n KUBE_FASTBUILD=true go run hack/e2e.go -v -build
$ build-tools/push-federation-images.sh
$ go run hack/e2e.go -v --up
```
Should merge #35961 before this PR
@madhusudancs
Automatic merge from submit-queue
Migrated fluentd addon to daemon set
fix#23224
supersedes #23306
``` release-note
Migrated fluentd addon to daemon set
```
Automatic merge from submit-queue
Node Conformance Test: Fix report prefix for node conformance test.
The node conformance CI is running now.
The only problem is that junit files overwrite each other because of the lack of junit prefix. http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-conformance/42/artifacts/
This PR fixes this. I've verified in my environment, it works well.
@timstclair
Automatic merge from submit-queue
daemonset: bail out after we enqueue once
This isn't terrible because we dedup in the queue but it's a waste of
cycles.
Automatic merge from submit-queue
kubeadm: refactor discovery behind an interface
This adds support for alternative discovery methods using discovery urls. It is a breaking change. This is a WIP.
Example usage:
```
$ kubeadm init --discovery token://
$ kubeadm join --discovery token://c05de9:ab224260fb3cd718@192.168.0.1:6555,191.168.0.2:6443
$ kubeadm join --discovery file:///etc/kubernetes/cluster.json
$ kubeadm join --discovery https://storage.google.apis.com/kube-discovery/98ea6e4/kubeconfig.json
```
@kubernetes/sig-cluster-lifecycle
Automatic merge from submit-queue
make kubectl factory composeable
Alternate resolution of https://github.com/kubernetes/kubernetes/pull/38524.
Currently, the kubectl factory cannot be cleanly composed because without polymorphism, any calls which delegate to other factory methods cannot injected. We cannot reasonably predict everything a composer would want to override, so enumeration of individual "we think this field is important" function is untenable. On the other hand, having a method registry func and attaching methods to it resulted in chaos before 1.5 and the cleaner interface.
This pull takes the approach of building the factory in "rings" of subfactories. RingN relies on RingN-1 and the overall factory is a set of nested factories. No function in a "ring" is allowed to reference a peer function, but it may reference a parent ring's function. This allows us to easily compose one chain for raw kube, but an extender can simply wrap a particular ring with his custom handling of particular functions and then continue the chain as normal. This allows customization of each individual function.
It turns out that we have three rings.
1. discovery, negotiation, and no-dep functions
1. object typing and type mapping
1. stuff that relies on type mapping (builder)
This pull does nothing split apart the dependencies. No behavior changes. There's more cleanup that could be done (particularly in naming), but I'd like to defer that to a later step.
@kubernetes/sig-cli @fabianofranz @AdoHe this is going to be a pain to rebase, so quick reviews are appreciated.
@ncdc @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 38788, 38821, 38829)
Rename build-tools/debs to build/debs
**What this PR does / why we need it**: PR #36129 merged after #38736, and thus created a few files under `build-tools/debs`, which then confused the test and release infra.
cc @madhusudancs @nikhiljindal
Automatic merge from submit-queue (batch tested with PRs 38788, 38821, 38829)
hack/dev-build-*: Run dev build instead of release build
The current dev-build-*.sh scripts do a full release build which means
running tests and also doing cross-platform builds. This is unnecessary
and after discussing this in Slack it was suggested to either blow away
these files or fix them. This should fix them.
/cc @ixdy, @mml, @thockin
Automatic merge from submit-queue (batch tested with PRs 38788, 38821, 38829)
Node Conformance Test: Fix node conformance test.
The test suite could build on my desktop. However it is failing on jenkins.
https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-conformance/1
It turns out that `docker save $IMAGE -o $FILE` only works for docker 1.12. (My desktop is 1.12) For older version docker, we should use `docker save -o $FILE $IMAGE instead`. (Jenkins is using 1.9.1)
@timstclair Could you help me review this short PR? :)
Automatic merge from submit-queue
Add build instructions for the impatient
**What this PR does / why we need it**:
* it adds a small section to build k8s for the impatient.
* it fixes a typo
* it removes the code-of-conduct file which was a redirect to the cncf code.
fixes part of #36655
Automatic merge from submit-queue
Don't eat 403 in service controller
I haven't done a stress run of Services e2es locally yet, but I did verify that this fixes the specific "stuck in pending bug"
Automatic merge from submit-queue (batch tested with PRs 38818, 38813, 38820)
update for controller RBAC roles
Role and binding updates from running e2e using RBAC during the tests in https://github.com/kubernetes/kubernetes/pull/38626
@sttts should be quick. No obvious typos. Nothing that looks off.
Zihong Zheng