Automatic merge from submit-queue
Stop treating in-cluster-config namespace as an override
Fixes#44835
The namespace of an in-cluster config should behave like the namespace specified in a kubeconfig file... it should be used as the default namespace, but be able to be overridden by namespaces specified in yaml files passed to `kubectl create -f`.
```release-note
Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in.
```
This commit adds tests for pkg/util/webhooks. The purpose of this was
not only for better code coverage but also to alleviate the need for
consumers to write their own tests for core functionality.
Automatic merge from submit-queue
PATCH: Fix erroneous meaningful conflict for numeric values.
The wrong json package was used, resulting in patches being unmarshaled with numbers as float64 rather than int64. This in turn confused `HasConflicts()` which expects numeric types to match.
The end result was false positives of meaningful conflicts, such as:
```
there is a meaningful conflict (firstResourceVersion: "8517", currentResourceVersion: "8519"):
diff1={"metadata":{"resourceVersion":"8519"},"spec":{"replicas":0},"status":"conditions":null,"fullyLabeledReplicas":null,"replicas":0}}
, diff2={"spec":{"replicas":0}}
```
This is branched from a discussion on https://github.com/kubernetes/kubernetes/pull/43469.
```release-note
Fix false positive "meaningful conflict" detection for strategic merge patch with integer values.
```
Automatic merge from submit-queue (batch tested with PRs 44837, 44779, 44492)
remove duplicate code from restful namer
The deleted codes have the same logic with function ObjectName.
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 44837, 44779, 44492)
Default ObjectNameFunc for all REST Stores
All `Store`s in Kubernetes follow the same logic for determining the name of an object. This change makes it so that `CompleteWithOptions` defaults the `ObjectNameFunc` if it is not specified. Thus a user does not need to remember to use `ObjectMeta.Name`. Using the wrong field as the name can lead to an object which has a name that bypasses normal object name validation.
Signed-off-by: Monis Khan <mkhan@redhat.com>
cc @liggitt @soltysh for review
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Fix Content-Type error of apis
**What this PR does / why we need it**:
Response's Content-type of `/apis` is `text/plain`, not `application/json`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#44646
**Special notes for your reviewer**:
We could use `responsewriters.WriteObjectNegotiated()` to write Content-type correctly.
**Release note**:
```release-note
```
Automatic merge from submit-queue
etcd component status check should include credentials
- [x] Add TLS credentials into `pkg/genericapiserver.Backend`.
- [x] Add TLS credentials into `pkg/registry/core/componentstatus.Server`.
- [x] `pkg/probe/http.httpProber` should accept the TLS credentials.
Now it is working.
```console
$ kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
```
Fixes https://github.com/kubernetes/kubernetes/issues/27343.
The wrong json package was used, resulting in patches being unmarshaled
with numbers as float64 rather than int64.
This in turn confused HasConflicts() which expects numeric types to match.
The end result was false positives of meaningful conflicts, such as:
```
there is a meaningful conflict (firstResourceVersion: "8517",
currentResourceVersion: "8519"):
diff1={"metadata":{"resourceVersion":"8519"},"spec":{"replicas":0},"status":{"conditions":null,"fullyLabeledReplicas":null,"replicas":0}}
, diff2={"spec":{"replicas":0}}
```
This fixes some false negatives:
* If a map had multiple entries, only the first was checked.
* If a list had multiple entries, only the first was checked.
Automatic merge from submit-queue
Explicit namespace from kubeconfig should override in-cluster config
Fixes#43662
If an explicitly specified namespace is read from a kubeconfig file, we should not fall back to in-cluster config
```release-note
kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback.
```
All Stores in Kubernetes follow the same logic for determining the name
of an object. This change makes it so that CompleteWithOptions defaults
the ObjectNameFunc if it is not specified. Thus a user does not need to
remember to use ObjectMeta.Name. Using the wrong field as the name can
lead to an object which has a name that bypasses normal object name
validation.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 42202, 40784, 44642, 44623, 44761)
Split out AdmissionOptions
**What this PR does / why we need it**: The changes in this PR split out AdmissionOptions from ServerRunOptions. In the long term AdmissionOptions will accepts various dependencies
and spit out AdmissionControl
**Release note**:
NONE
Automatic merge from submit-queue
Include system:authenticated group when impersonating
Fixes#43227
An authorized impersonation request solely for a specific username previously resulted in a `user.Info` that did not include either the `system:authenticated` or `system:unauthenticated` groups. That meant that permissions intended to be granted to all users, like discovery, would be denied the impersonated user.
This allows `kubectl get pods --as=<username>` to work as expected
```release-note
API requests using impersonation now include the `system:authenticated` group in the impersonated user automatically.
```
Automatic merge from submit-queue
client-go PortForwarder: don't log an error if net.Listen fails
**What this PR does / why we need it**:
If ipv6 is disabled the client-go PortForwarder logs an error:
```
E0406 17:26:06.983609 29625 portforward.go:209] Unable to create listener: Error listen tcp6 [::1]:30143: socket: address family not supported by protocol
```
This pull request removes this error log. Reasons:
* Tunnel creation might still succeed on ipv4 and the error just confuses the user (see https://github.com/kubernetes/helm/issues/2223).
* If the tunnel can't be created the error gets also loggen in `listenOnPort`.
* runtime.HandleError should only be used on errors "_when a non-user facing piece of code cannot return an error"_ which isn't the case here.
**Which issue this PR fixes**
Fixes https://github.com/kubernetes/helm/issues/2223
Automatic merge from submit-queue
Minor cleanups
Minor improvements:
- `ValidateNoNewFinalizers`: remove unused const
- Mention that mutation of `spec.initContainers[*].image` field is allowed
- Improve godoc comments
Automatic merge from submit-queue (batch tested with PRs 44594, 44651)
remove strings.compare(), use string native operation
I notice we use strings.Compare() in some code, we can remove it and use native operation.
Automatic merge from submit-queue (batch tested with PRs 42177, 42176, 44721)
Job: Respect ControllerRef
**What this PR does / why we need it**:
This is part of the completion of the [ControllerRef](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/controller-ref.md) proposal. It brings Job into full compliance with ControllerRef. See the individual commit messages for details.
**Which issue this PR fixes**:
This ensures that Job does not fight with other controllers over control of Pods.
Ref: #24433
**Special notes for your reviewer**:
**Release note**:
```release-note
Job controller now respects ControllerRef to avoid fighting over Pods.
```
cc @erictune @kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue
apiserver: Update genericapiserver to panic on listener error
Previously runServer would try to listen again if a listener error occurred. This commit changes the response to a panic to allow a process manager (systemd/kubelet/etc) to react to the failure.
**Release note**:
```release-note
The Kubernetes API server now exits if it encounters a networking failure (e.g. the networking interface hosting its address goes away) to allow a process manager (systemd/kubelet/etc) to react to the problem. Previously the server would log the failure and try again to bind to its configured address:port.
```
cc: @liggitt @sttts @deads2k @derekwaynecarr
Reading directly from a hijacked connection isn't safe because some
data may have already been read by the server before Hijack was called.
To ensure all data will be received it's safer to read from the returned
bufio.Reader.
The Job Listers still use selectors, because this is the
behavior expected by callers. This clarifies the meaning of the
returned list. Some callers may need to switch to using
GetControllerOf() instead, but that is a separate, case-by-case issue.
Previously runServer would try to listen again if a listener error
occurred. This commit changes the response to a panic to allow a
process manager (systemd/kubelet/etc) to react to the failure.
Automatic merge from submit-queue (batch tested with PRs 40055, 42085, 44509, 44568, 43956)
revert BUILD changes at the end of DRY_RUN=n copy.sh
Fixes https://github.com/kubernetes/kubernetes/issues/44567
cc @caesarxuchao @ixdy @spxtr
Automatic merge from submit-queue (batch tested with PRs 40055, 42085, 44509, 44568, 43956)
Fix gofmt errors
**What this PR does / why we need it**:
There were some gofmt errors on master. Ran the following to fix:
```
hack/verify-gofmt.sh | grep ^diff | awk '{ print $2 }' | xargs gofmt -w -s
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: none
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
error word
dummyController Struct comment "disonnected " is error word
WaitForCacheSync method comment "contoller" is error word
Automatic merge from submit-queue (batch tested with PRs 44569, 44398)
Move v1/refs and v1/resource
This PR moves pkg/api/v1/ref.go and pkg/api/v1/resource_helper.go to their own sub packages, it's very similar to 44299 and 44302.
The PR is mostly mechanical, except that
* i moved some utility function from resource.go to pkg/api/v1/pod and pkg/api/v1/node, as they are more appropriate
* i updated the staging/copy.sh to copy the new subpackages, so that helper functions are copied. We can get rid of this copy after client-go stops copying API types.
Automatic merge from submit-queue (batch tested with PRs 44519, 43194, 44513)
Use regexp instead of substring to do search and replace.
enisoc pointed out how ToLower can change (lengthen even!) the length of
a string given arbitrary input.
Follow-up to #44421 for #44419
etcd has support for client-cert-auth, which can be configured via the flag `--ca-file`,
when that is enabled, all the client requests must present with a client certificate,
however, the current component status check uses a single transport for all of the checks,
this is wrong, the checks should be different for each of different component, and make
each of them use different transport(tls configurations).
Automatic merge from submit-queue
vendor: Update elazarl/goproxy to fix e2e test with go1.8
**What this PR does / why we need it**:
This updates the dependency `github.com/elazarl/goproxy` to include this fix c4fc26588b which makes kubernetes e2e tests build with go1.8. It was crashing before as described in https://github.com/elazarl/goproxy/issues/188#issuecomment-281092250 and #38228
**Which issue this PR fixes**
This is part of the fix for #38228
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Use OS-specific libs when computing client User-Agent in kubectl, etc.
**What this PR does / why we need it**:
The User-Agent reported by clients (e.g. kubectl) in request
headers should include the name of the client executable
but not the full path to that executable.
This PR changes how this name is determined by using the
operating-system specific package "path/filepath" (meant for
working with file system paths) instead of the "path" package
(meant for URL paths).
This fixes a problem on the Windows OS in the case where, if the
user has not set their PATH to point to the location of their
client executable, the User-Agent includes the full path - which
is unnecessary.
Fixes: #44419
```release-note
Use OS-specific libs when computing client User-Agent in kubectl, etc.
```
**What this PR does / why we need it**:
The User-Agent reported by clients (e.g. kubectl) in request
headers should include the name of the client executable
but not the full path to that executable.
This PR changes how this name is determined by using the
operating-system specific package "path/filepath" (meant for
working with file system paths) instead of the "path" package
(meant for URL paths).
This fixes a problem on the Windows OS in the case where, if the
user has not set their PATH to point to the location of their
client executable, the User-Agent unnecessarily includes the
full path.
Fixes: #44419
Automatic merge from submit-queue (batch tested with PRs 44362, 44421, 44468, 43878, 44480)
Drop leading path of KUBECTL.EXE if it shows up in User-Agent.
Partial fix for #44419
Release note: kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it.
Automatic merge from submit-queue (batch tested with PRs 44440, 44038, 44302, 44316, 43876)
Move pkg/api/ref.go and pkg/api/resource_helpers.go to subpackages
First two commits are #44296#44299. (unfortunately, removing these commits results in conflicts)
This PR moves resource_helpers.go to a subpackage. It's mostly a mechanic move, except that:
* i kept the methods of ResourceName and ResourceList in pkg/api/method.go
I'll send one more PR to separate api.Scheme etc. to their own package.
Automatic merge from submit-queue (batch tested with PRs 44424, 44026, 43939, 44386, 42914)
remove defaulting from conversion path
follow up for #42764
* remove call to defaulting from conversion path (defaulting is a separate step from conversion)
* remove non-top-level-object defaulting registration (unused after conversion call is removed)
* generate missing top-level defaults for some api groups:
* autoscaling/v2alpha1
* policy/v1alpha1
* policy/v1beta1
* register top-level defaults for some api groups that were missing them:
* autoscaling/v2alpha1
* settings/v1alpha1
Automatic merge from submit-queue (batch tested with PRs 44424, 44026, 43939, 44386, 42914)
`failure-domain` is no longer used in command line arg.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 44406, 41543, 44071, 44374, 44299)
Move pkg/api/ref.go to a subpackage
First commit is #44296. (unfortunately, removing that commit results in conflicts)
This PR moves the pkg/api/ref.go to its own subpackage. It's mostly a mechanic move.
I'll send a few more PRs to make the k8s.io/kubernetes/pkg/api package only contains the code we want in the k8s.io/api repo, then we can run a [script](a0015fd1be (diff-7a2fbb4371972350ee414c6b88aee1c8)) to cut the new repo.
Automatic merge from submit-queue (batch tested with PRs 44406, 41543, 44071, 44374, 44299)
Decouple remotecommand
Refactored unversioned/remotecommand to decouple it from undesirable dependencies:
- term package now is not required, and functionality required to resize terminal size can be plugged in directly in kubectl
- in order to remove dependency on kubelet package - constants from kubelet/server/remotecommand were moved to separate util package (pkg/util/remotecommand)
- remotecommand_test.go moved to pkg/client/tests module
Automatic merge from submit-queue
add deregistration for paths
Aggregation and TPRs require the ability to de-register endpoints. This adds the capability and makes it threadsafe.
Automatic merge from submit-queue
Non global admission plugin registry
For testing the global state is a problem. This PR turns the actual registry into a struct that must be instantiated. For the beginning, we do this in `pkg/kubeapiserver/admission`. In some follow-up (where we hunt down all globals some day), we will move this into the genericapiserver.
Automatic merge from submit-queue
Conversionlint
**What this PR does / why we need it**:
This PR adds a comment placeholder for the exported or public functions in conversion generator files. Such functions without a comment results into golint failure in various generated files. The changes in this patch takes care of about 36 related lint failures.
Given below is an example lint error,
zz_generated.conversion.go:91:1: exported function Convert_v1alpha1_Binding_To_servicecatalog_Binding should have comment or be unexported
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Considering minor changes no issue is created.
**Special notes for your reviewer**:
Hello, I am trying to fix golint failures as we see them in the kubernetes-incubator/service-catalog project. I have separate PRs opened for lint issues related to other generator code which are in separate libraries like gengo. Thanks!
**Release note**:
```release-note
```
Automatic merge from submit-queue
delete rolebinding from correct namespace
Fixes#44212
The rolebinding needs to be deleted from the namespace we create it in.
@mdshuai
Automatic merge from submit-queue
Move api helpers.go to a subpackage
Part of https://github.com/kubernetes/kubernetes/issues/44065.
This PR moves the pkg/api/helpers.go to its own subpackage. It's mostly a mechanic move, except that
* I removed ConversionError in helpers.go, it's not used by anyone
* I moved the 3 methods of Taint and Toleration to pkg/api/methods.go, and left a TODO saying refactoring these methods to functions.
I'll send a few more PRs to make the k8s.io/kubernetes/pkg/api package only contains the code we want in the k8s.io/api repo, then we can run a [script](a0015fd1be (diff-7a2fbb4371972350ee414c6b88aee1c8)) to cut the new repo.
Automatic merge from submit-queue
Bugfix: OpenAPI generator should pass generate type extensions
OpenAPI spec generator does not pass generated type extensions (using `x-kubernetes-` tags on types). This is already working for field extensions but not for types.
Automatic merge from submit-queue
Remove alphaProvisioner in PVController and AlphaStorageClassAnnotation
remove alpha annotation and alphaProvisioner
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Update etcd-client godep to 3.1.5
This transitively level sets the godeps to yank in the 3.1.5 client.
Currently WIP, b/c it required some regen and I had some weird local permissions issue.
xref: #41143
/cc @xiang90 @mml
The exported or public functions requires a doc comment to pass golint.
This commit has changes of conversion generated code. The actual doc
changes are added into a separate commit for a clean review.
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
validateClusterInfo: use clientcmdapi.NewCluster()
Change validateClusterInfo to use clientcmdapi.NewCluster() instead of
clientcmdapi.Cluster{} when comparing against the passed in clusterInfo.
clusterInfo most likely will be a combination of
clientcmdapi.NewCluster() merged with potential overrides. This is
necessary because otherwise, the DeepEqual between what is supposed to
be an empty Cluster and clusterInfo will fail, resulting in an error
that doesn't allow fall-through to checking for in-cluster
configuration.
https://github.com/kubernetes/kubernetes/pull/40508 changed `DirectClientConfig.getContext()` to start with a `clientcmdapi.NewCluster()` instead of the zero value for `clientcmdapi.Cluster`. This means that the `Extensions` map in the `Cluster` is initialized instead of `nil`, which breaks the `DeepEqual` test unless you compare `clusterInfo` against an initialized `clientcmdapi.NewCluster()`.
cc @smarterclayton @sttts @vjsamuel @liggitt @deads2k @soltysh @fabianofranz @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
make unstructured items correspond to other items for storage
"normal" `Items` elements include the struct itself, not a pointer to the struct. Some of the deeper bits of storage rely on this behavior in reflective paths.
This updates the `UnstructuredList` to be "normal".
@kubernetes/sig-api-machinery-pr-reviews
Kubernetes Submit Queue