Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)
HPA Controller: Check for 0-sum request value
In certain conditions in which the set of metrics returned by Heapster
is completely disjoint from the set of pods returned by the API server,
we can have a request sum of zero, which can cause a panic (due to
division by zero). This checks for that condition.
Fixes#39680
**Release note**:
```release-note
Fixes an HPA-related panic due to division-by-zero.
```
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
remove API to server library dependency
A client library (which must include api types), should not depend on our server library. This duplicates one constant for conversion to avoid the link.
@smarterclayton @liggitt
The import-boss rule to keep us from forming these dependencies is non-trivial since some of the bits under /apis are server only (validation for instance).
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
kubeadm: updated DNS deployment.
**What this PR does / why we need it**: Updates KubeDNS deployment to match upstream.
**Special notes for your reviewer**: It was tested manually by bootstrapping a new cluster, running a busybox container and making sure one could `nslookup` from within the container to find `kubernetes` and other services.
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
Adding storageclass to resource printers for get pv and pvc
Give ability to see what Storage Class a PV is using, as well as what StorageClass a PVC has requested
```
[root@screeley-sc1 gce]# kubectl get pv
NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE
pv-gce 2Gi RWO Retain Available anything 41m
pvc-774217fd-d440-11e6-9d11-42010af00010 2Gi RWO Delete Bound default/gce-claim-storageclass slow 0s
[root@screeley-sc1 gce]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESSMODES REQUESTEDSTORAGECLASS AGE
gce-claim-class1 Pending 6m
gce-claim-classless Pending 6m
gce-claim-storageclass Bound pvc-774217fd-d440-11e6-9d11-42010af00010 2Gi RWO slow 6m
gce-claim-storageclass-nonexist Pending superfly 4s
```
@kubernetes/sig-storage
Automatic merge from submit-queue (batch tested with PRs 39673, 39536, 39617, 39540, 39686)
Generate stable bindata output
fixes#30621
bindata generation produces spurious diffs when run with different go versions because gzip output is not stable between versions.
It also produces spurious diffs when invoked directly vs via make/go:generate.
This PR:
* adds data to bindata uncompressed (makes translation files human-readable, and the zip files were already compressed... for reference the file was 27.7 KB before, and 20.1 KB with this change)
* runs the generation from KUBE_ROOT, so it doesn't matter whether it is invoked directly or via go:generate
supercedes https://github.com/kubernetes/kubernetes/pull/39631
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Set MemorySwap to zero on Windows
Fixes https://github.com/kubernetes/kubernetes/issues/39003
@dchen1107 @michmike @kubernetes/sig-node-misc
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Updating federated service controller to support cascading deletion
Ref https://github.com/kubernetes/kubernetes/issues/33612
Service controller is special than other federation controllers because it does not use federatedinformer and updater to sync services (it was written before we had those frameworks).
Updating service controller code to instantiate these frameworks and then use deletion helper to perform cascading deletion.
Note that, I havent changed the queuing logic in this PR so we still dont use federated informer to manage the queue. Will do that in the next PR.
cc @kubernetes/sig-federation-misc @mwielgus @quinton-hoole
```release-note
federation: Adding support for DeleteOptions.OrphanDependents for federated services. Setting it to false while deleting a federated service also deletes the corresponding services from all registered clusters.
```
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Allow node-controller to update node status
ref: #39639
* adds required permissions to node-controller
* fixes typo in role name for pod-garbage-collector role
* adds event watching permissions to persistent volume controller
* adds event permissions to node proxier
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)
Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth.
cc @cjcullen
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Add configs that run more advanced density and load tests
Wojtek is on vacation this week - @timothysc can you please take a look? It's rather terrible, but I don't have a better idea on how to make parametric tests.
cc @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Use Dynamic Config in e2e_node inode eviction test
Alternative solution to #39249. Similar to solution proposed by @vishh in #36828.
@Random-Liu @mtaufen
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
fixed error log that would cause two log lines to run into each other…
**What this PR does / why we need it**:
Fixed error log that would cause two log lines to run into each other. Logs running into each other can be reproduced by running local-up-cluster.sh on osx.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
remove repeating const declaration
**What this PR does / why we need it**:
remove repeating const declaration , and avoid const declaration in loop
Thanks.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 39695, 37054, 39627, 39546, 39615)
Always --pull in docker build to ensure recent base images
**What this PR does / why we need it**: By default, Docker will use a locally cached image rather than looking for a newer image. This can be problematic when using a common base image like debian:jessie, since you may end up unintentionally using a very old base image.
I think everything here is only used on release paths, so it shouldn't affect any regular development workflows.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 34488, 39511, 39619, 38342, 39491)
Update FitError as a message component into the PodConditionUpdater.
Fixes#20064 , after a roundabout volley of ideas, we ended up digging into existing Conditions for this, rather then a first class API object. This is just a quick sketch of the skeleton minimal implementation, it should pretty much "just work". I'll test it more later today.
Release Note:
```
Histogram data of predicate failures is contained in pod conditions and thus available to users by kubectl commands.
```
Automatic merge from submit-queue (batch tested with PRs 34488, 39511, 39619, 38342, 39491)
Make StrategicPatch delete all matching maps in a merging list
fixes#38332
```release-note
NONE
```
cc: @lavalamp @pwittrock
Automatic merge from submit-queue (batch tested with PRs 34488, 39511, 39619, 38342, 39491)
use fake clock in lruexpiration cache test
when the system clock is extremely slow(usually see in VMs), this [check](https://github.com/kubernetes/kubernetes/blob/master/pkg/util/cache/lruexpirecache.go#L74) might still return the value.
```go
if c.clock.Now().After(e.(*cacheEntry).expireTime) {
go c.remove(key)
return nil, false
}
```
that means even we set the ttl to be 0 second, the after check might still be false(because the clock is too slow, and thus equals).
the change here helps to reduce flakes.
Automatic merge from submit-queue
certificates: add a signing profile to the internal types
Here is a strawman of a CertificateSigningProfile type which would be used by the certificates controller when configuring cfssl. Side question: what magnitude of change warrants a design proposal?
@liggitt @gtank
Automatic merge from submit-queue (batch tested with PRs 39486, 37288, 39477, 39455, 39542)
Revert "Small improve for GetContainerOOMScoreAdjust"
Reverts kubernetes/kubernetes#39306
This does not help current code healthy, let's revert it to avoid further confusing.
Automatic merge from submit-queue (batch tested with PRs 39486, 37288, 39477, 39455, 39542)
Fix wc zombie goroutine issue in volume util
See [Cadvisor #1558](https://github.com/google/cadvisor/pull/1558). This should solve problems for those using images that do not support "wc".
cc: @timstclair
Automatic merge from submit-queue (batch tested with PRs 39486, 37288, 39477, 39455, 39542)
Update quota scope descriptions
```release-note
release-note-none
```
This patch improves the help text descriptions for quota scopes.
@kubernetes/kubectl
Automatic merge from submit-queue (batch tested with PRs 39486, 37288, 39477, 39455, 39542)
Allow missing keys in templates by default
Switch to allowing missing keys in jsonpath templates by default.
Add support for allowing/disallowing missing keys in go templates
(default=allow).
Add --allow-missing-template-keys flag to control this behavior (default=true /
allow missing keys).
Fixes#37991
@kubernetes/sig-cli-misc @kubernetes/api-reviewers @smarterclayton @fabianofranz @liggitt @pwittrock
In certain conditions in which the set of metrics returned by Heapster
is completely disjoint from the set of pods returned by the API server,
we can have a request sum of zero, which can cause a panic (due to
division by zero). This checks for that condition.
Fixes#39680
Automatic merge from submit-queue (batch tested with PRs 39648, 38167, 39591, 39415, 39612)
Add hack/verify-readonly-packages.sh
Create a `.readonly` file in a package. Any change between `$KUBE_VERIFY_GIT_BRANCH` and `HEAD` will lead to output like:
```shell
$ hack/verify-readonly-packages.sh
Readonly packages changed compared to "master" branch: pkg/generated
```
This is part of https://github.com/kubernetes/kubernetes/issues/39528
Automatic merge from submit-queue (batch tested with PRs 39648, 38167, 39591, 39415, 39612)
Add verbs to thirdparty resources in discovery
The namespace controller ignores thirdparty resources right now because verbs are not set. This PR sets a static list of verbs.
Moreover, integration tests are added for the discovery info of thirdparty resources.
/cc @zhouhaibing089
Automatic merge from submit-queue
Deleting federation-util-14.go that is not being used anywhere
We have the same code in federation-util.go
cc @mwielgus @madhusudancs
The command `docker ps` can take longer time to respond under heavy load or
when encountering some known issues. In these cases, the containers are running
fine, so aggressive health check could cause serious disruption. Bump the
timeout to 60s to be consistent with the debian-based containerVM.
Automatic merge from submit-queue (batch tested with PRs 39628, 39551, 38746, 38352, 39607)
fix e2e kubelet binding
Fixes#39543
This limits scope of the kubelet. It was an oversight before. Hopefully we won't end up chasing permissions again.
Automatic merge from submit-queue (batch tested with PRs 39628, 39551, 38746, 38352, 39607)
Increasing times on reconciling volumes fixing impact to AWS.
#**What this PR does / why we need it**:
We are currently blocked by API timeouts with PV volumes. See https://github.com/kubernetes/kubernetes/issues/39526. This is a workaround, not a fix.
**Special notes for your reviewer**:
A second PR will be dropped with CLI cobra options in it, but we are starting with increasing the reconciliation periods. I am dropping this without major testing and will test on our AWS account. Will be marked WIP until I run smoke tests.
**Release note**:
```release-note
Provide kubernetes-controller-manager flags to control volume attach/detach reconciler sync. The duration of the syncs can be controlled, and the syncs can be shut off as well.
```
Automatic merge from submit-queue (batch tested with PRs 39628, 39551, 38746, 38352, 39607)
fix throttling test
Fixes https://github.com/kubernetes/kubernetes/issues/39285.
The token bucket starts full, so getting 100 tokens doesn't take a full second, right? Getting 101 tokens does take a full second.
@liggitt looks like your test.
Kubernetes Submit Queue