Automatic merge from submit-queue
Remove [Flaky] from presistent volume NFS tests.
**What this PR does / why we need it**:
PV e2e test flaked because of a lack of isolation of test objects (PVs, claims). The common symptoms being volume-mounting pods timing out or an unexpected number of unbound claims being detected.
PR #43645 Introduced the selector labels to test objects that restricted binds to within each "testspace". To accomplish this the test namespace was set as a label for all PVs and selector for all Claims. This allows each test to act as if it's isolated while still creating and binding PVs in parallel w/ other tests.
This has been tested in parallel on both 3-node gci and debian clusters as
`--ginkgo.focus="\[Volume\]" --ginkgo.skip="\[Disruptive\]|\[Feature.*\]|\[Serial\]"`
with out signs of flakiness.
cc @jeffvance
```release-note
NONE
```
Automatic merge from submit-queue
Add tests for semantically equal DaemonSet updates
Tests for #43337, depends on #43337. The last commit is already reviewed in #43337.
@liggitt @kargakis @lukaszo @kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Fix etcd semver validation by using 'sort -V'
The old check would erroneously say e.g. v3.0.6 is greater than v3.0.17 which is obviously false. So hack/local-up-cluster.sh would be allowed to run and things would break because etcd does not meet the minimum. sort -V validates it correctly.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Supplement unit tests to `kubectl create rolebinding` command.
Supplement unit tests to `kubectl create rolebinding` command,
including:
1. Unit tests for pkg/kubectl/role.go
2. Unit tests for pkg/kubectl/cmd/create_role.go
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Update etcd-client godep to 3.1.5
This transitively level sets the godeps to yank in the 3.1.5 client.
Currently WIP, b/c it required some regen and I had some weird local permissions issue.
xref: #41143
/cc @xiang90 @mml
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Node failure tests for cluster autoscaler
E2e tests checking whether CA is still working with a single broken node.
cc: @MaciekPytel @jszczepkowski @fgrzadkowski
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
Avoid nil user special-casing in unsecured endpoint
The unsecured handler currently adds no `user.Info` to the request context. That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions.
This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer
I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
validateClusterInfo: use clientcmdapi.NewCluster()
Change validateClusterInfo to use clientcmdapi.NewCluster() instead of
clientcmdapi.Cluster{} when comparing against the passed in clusterInfo.
clusterInfo most likely will be a combination of
clientcmdapi.NewCluster() merged with potential overrides. This is
necessary because otherwise, the DeepEqual between what is supposed to
be an empty Cluster and clusterInfo will fail, resulting in an error
that doesn't allow fall-through to checking for in-cluster
configuration.
https://github.com/kubernetes/kubernetes/pull/40508 changed `DirectClientConfig.getContext()` to start with a `clientcmdapi.NewCluster()` instead of the zero value for `clientcmdapi.Cluster`. This means that the `Extensions` map in the `Cluster` is initialized instead of `nil`, which breaks the `DeepEqual` test unless you compare `clusterInfo` against an initialized `clientcmdapi.NewCluster()`.
cc @smarterclayton @sttts @vjsamuel @liggitt @deads2k @soltysh @fabianofranz @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
make unstructured items correspond to other items for storage
"normal" `Items` elements include the struct itself, not a pointer to the struct. Some of the deeper bits of storage rely on this behavior in reflective paths.
This updates the `UnstructuredList` to be "normal".
@kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
Remove credentials on worker nodes for vSphere cloud provider.
**What this PR does / why we need it**:
Remove the dependency of login information on worker nodes for vsphere cloud provider:
1. VM Name is required to be set in the cloud provider configuration file.
2. Remove the requirement of login for Instance functions when querying local node information.
**Which issue this PR fixes** : fixes #https://github.com/kubernetes/kubernetes/issues/35339
**Release note**:
Automatic merge from submit-queue
remove dependency on gorestful for rest handling
There's no reason for us to rely upon go-restful for our REST handling. This separates the layers so that gorestful route functions are built on top of native `http.HandlerFuncs`.
@DirectXMan12 I think this is the sort of handling you wanted to be able to add and remove at will, right? I have other commits that demonstrate how to wire these into "normal" `http.Handlers` if its useful to you.
@kubernetes/sig-api-machinery-pr-reviews @smarterclayton @sttts @lavalamp
Automatic merge from submit-queue
add "/apis/" to kube-aggregator apisHandler
This makes the following two urls have the same result.
https://ip:443/apishttps://ip:443/apis/
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
make deployment unit tests need to respect subresources
Fixes#42569
I check all the unit test code related to `Matches` method, seems there's only one line we could change to not break previous testing logic
@kargakis ptal, thanks
/assign @kargakis
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
Fix: check "ok" first to avoid panic
Check "ok" and then check if "currState.pod.Spec.NodeName != pod.Spec.NodeName", here if currState is nil, it will panic.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
fix return value of "kubectl auth cani --quiet"
Before this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
0
After this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
1
@deads2k
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 43844, 44284)
Add a retry to cluster-autoscaler e2e
This should fix https://github.com/kubernetes/kubernetes/issues/44268.
The flake was caused by following sequence of events:
1. Cluster was at minimum size (3), some node was unneeded for a while.
2. Setup for some test (scale-down, failure) would increase node group size (to 5) and wait for new nodes to come up.
3. As soon as new node come up (cluster size 4) CA would scale-down the old unneeded node (setting node group size to 4).
4. Node group would not reach size 5 (as the target was now 4) and the test would timeout and fail.
This PR makes the setup monitor re-set the target node group size if the above scenario happens.
Automatic merge from submit-queue
add Stringer interface for eventType
**What this PR does / why we need it**:
fix invalid log outputs like
"graph_builder.go:429] GraphBuilder process object: v1/Endpoints, namespace kube-system, name kube-controller-manager, event type %!s(garbagecollector.eventType=1)"
Automatic merge from submit-queue (batch tested with PRs 43887, 41914, 44170)
Make NetworkPolicy docs reflect reality
spinoff of #39164; this just updates the docs to reflect the way the v1beta1 API has actually been implemented
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
proxy/iptables: precompute svcPortName strings
With many services, the calls to svcPortName.String() show up as a
somewhat significant CPU user under syncProxyRules().
For whatever reason github repeatedly fails to upload the pprof with Firefox, so here's an example:
http://people.redhat.com/dcbw/kube-proxy-svcPortName-String.pdf
Automatic merge from submit-queue
[Federation][kubefed] Annotate all Federation API objects with the federation name and (if applicable) the cluster name.
Address part of #42324.
```release-note
Adds annotations to all Federation objects created by kubefed.
```
Automatic merge from submit-queue (batch tested with PRs 44286, 44209)
[Federation][Kubefed] Bug fix to enable disabling federation controllers through override args
Targets https://github.com/kubernetes/kubernetes/issues/42761
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/42761
**Special notes for your reviewer**:
@marun @perotinus @nikhiljindal
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44286, 44209)
Refactor leader election package test code to remove redundant code
**What this PR does / why we need it**:
leader election object supports locking on 2 objects currently endpoints and configmap. The test code for both is almost identical. This pr attempts to remove redundancy in test code for easier maintenance and extension.
**Special notes for your reviewer**:
I am trying to add leader election feature to federation controller manager and this pr is one of sub-task of the overall work documented in #44283
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
Remove ObjectMetaFor
Builds on https://github.com/kubernetes/kubernetes/pull/43767
The second commit removes `ObjectMetaFor`. This was debt we left around after we created the interfaces. Fixing this makes it possible to start running `Unstructured` through generic storage.
@kubernetes/sig-api-machinery-pr-reviews @smarterclayton @lavalamp
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
[Federation] Remove deprecated federation-apiserver-kubeconfig secret
federation-apiserver-kubeconfig was deprecated and was supposed to be removed in 1.6.
Removing all references to it as we no longer use it.
**Release note**:
```
[Federation] Deprecated `federation-apiserver-kubeconfig` is not supported anymore. Should use `--kubeconfig` flag to specify Federation API server kubeconfig.
```
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
bump(github.com/onsi/ginkgo):v1.2.0-94-g5ca1211
Picks up parallel execution improvements in Ginkgo that distribute jobs more evenly with parallel runs. Opened after observing long tail runs in OpenShift - testing there showed a much more compact run in terms of CPU https://github.com/onsi/ginkgo/issues/333
We'll need some soak time to be sure this has no issues.
Automatic merge from submit-queue (batch tested with PRs 43866, 42748)
hack/cluster: download cfssl if not present
hack/local-up-cluster.sh uses cfssl to generate certificates and
will exit it cfssl is not already installed. But other cluster-up
mechanisms (GCE) that generate certs just download cfssl if not
present. Make local-up-cluster.sh do that too so users don't have
to bother installing it from somewhere.
Automatic merge from submit-queue
Update owners to include kerneltime
**What this PR does / why we need it**: Update owners to include kerneltime to help with PRs
Automatic merge from submit-queue (batch tested with PRs 43870, 30302, 42722, 43736)
federation: avoid double core group registration
The federation apiserver installed its custom core group into the global `pkg/api` registry, leading to double registration. Luckily (or maybe unfortunately) we did not fail hard in this case, but the init funcs just ignored the error.
This PR creates an extra apigroup registry based on the already existing federation `core.Scheme`. This decouples the two core groups (which happen to co-exist in hyperkube).
Kubernetes Submit Queue