Automatic merge from submit-queue
remove cast utilities from rbac
Casting functions like these are a source of pain in OpenShift. We should eliminate them to avoid drift problems like we've had downstream.
@kubernetes/sig-auth
@ericchiang ptal
Automatic merge from submit-queue
Change the eviction metric type and fix rate-limited-timed-queue
People how know better convinced me that aggregate counter is better than a gauge for a number of evictions metric. @Q-Lee
Per discussion with @pwittrock I add a v1.4 label and a cherrypick candidate label. This is a slightly bigger change than I thought, but it fixes a bug in eviction logic, so it's also important.
cc @derekwaynecarr @smarterclayton @timothysc
Automatic merge from submit-queue
FakeWatcher with channel size constructor
Follow up for #32234. Items in the PR:
* Chan size option in watcher to prevent deadlock via buffering.
* WatcherDispatcher refactoring.
Automatic merge from submit-queue
Instruct PLEG to detect pod sandbox state changes
This PR adds a Sandboxes list in `kubecontainer.Pod`, so that PLEG can check
sandbox changes using `GetPods()` . The sandboxes are treated as regular
containers (type `kubecontainer.Container`) for now to avoid additional
changes in PLEG.
/cc @feiskyer @yifan-gu @euank
Automatic merge from submit-queue
kubectl rollout status waits for available pods
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
This changes kubectl rollout status to wait until all updated replicas are available before finishing.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#31130
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Changes 'kubectl rollout status' to wait until all updated replicas are available before finishing.
```
Currently kubectl rollout status finishes when Deployment.Spec.Replicas == Deployment.Status.UpdatedReplicas, but it's less surprising to the user for kubectl rollout status to wait until Deployment.Status.UpdatedReplicas == Deployment.Status.Replics == Deployment.Status.AvailableReplicas
Automatic merge from submit-queue
api storage: Decouple Decorator from Filter
Continue #28249
What?
This PR decouples Decorator from Filter, i.e. remove Decorator in createFilter().
- For List, Decorator is called on returned list object.
- For Watch, we implement a new watcher to pipe through decorator. Error will be returned as a watch event.
Why?
- We want to change filter to SelectionPredicate struct. But Decorator is designed to be coupled with filtering.
- Per the discussion in #28249, decorator shouldn't be coupled to filter and error from Decorator should be returned instead of assuming false filtering.
Automatic merge from submit-queue
privatize, document, and scrub GenericAPIServer
I've gone through more of the `GenericAPIServer` struct, started documenting what the fields do and privatizing ones that aren't used elsewhere or are only used by components that need some refactoring too.
Automatic merge from submit-queue
add selfsubjectaccessreview API
Exposes the REST API for self subject access reviews. This allows a user to see whether or not they can perform a particular action.
@kubernetes/sig-auth
Automatic merge from submit-queue
vSphere Cloud provider null pointer exception
This PR addresses issue #31823.
SelectByType function in govmomi will panic if deviceType is not Array,
Chan, Map, Ptr, or Slice. Also checking if vmDevices or vm are nil,
there is nothing to cleanup.
Automatic merge from submit-queue
Do not report warning event when an unknown provisioner is requested.
with `StorageClass.Provisioner == <unknown plugin>`, we should wait for
either external provisioner or volume admin to provide a PV for a claim
instead of reporting an error.
Fixes#31723
Automatic merge from submit-queue
choose a particular directory test-integration
Enables `make test-integration WHAT=auth` or whatever particular integration test director you want to run.
Automatic merge from submit-queue
tag scheduledjob e2e as [Feature:ScheduledJob]
[Feature:...] tag is recognized by most e2e suites and will prevent test from being run in suites where it should not. This pattern is used by other alpha feature tests. This change will allow #31957 to be reapplied without breaking gke tests.
Side note, I'm collecting all alpha feature e2e tests to run in the [kubernetes-e2e-gce-alpha](http://kubekins.dls.corp.google.com/job/kubernetes-e2e-gce-alpha-features/) suite. This will be run there, alongside [Feature:ExternalTrafficLocalOnly] and [Feature:PetSet].
cc @timstclair @erictune
Automatic merge from submit-queue
WatcherDispatcher for federated controller tests
This PR fixes a problem when 2 informers create a watch for the same resource using the same client. Previously only one informer would receive updates.
cc: @quinton-hoole @wojtek-t @kubernetes/sig-cluster-federation
quinton-hoole: To provide some more context to those doing cherrypicking, the bug that this PR fixes makes federated unit tests fail intermittently, and generally behave very poorly.
Automatic merge from submit-queue
Rename ConnectToDockerOrDie to CreateDockerClientOrDie
This function does not actually attempt to connect to the docker daemon, it just creates a client object that can be used to do so later. The old name was confusing, as it implied that a failure to touch the docker daemon could cause program termination (rather than just a failure to create the client).
[Feature:...] tag is recognized by most e2e suites and will prevent
test from being run in suites where it should not. This pattern is
used by other alpha feature tests.
Automatic merge from submit-queue
Log an event when container runtime exceeds grace-period during eviction
While debugging flakes in eviction, I encountered scenarios where the container run-time did not evict a pod within the allowed grace period. This could result in situations where a BE pod would not get killed fast enough and therefore a Bu pod was killed next (assuming there were no other BE pods)
/cc @mtaufen @vishh
Automatic merge from submit-queue
Delete resources in federated namespce
The more generic namespace cleanup will be done in 1.5. Issue to track:
https://github.com/kubernetes/kubernetes/issues/31975
cc: @quinton-hoole @wojtek-t @kubernetes/sig-cluster-federation
Automatic merge from submit-queue
Enable kubelet eviction whenever inodes free is < 5% on GCE
This is a pre-req for enabling inodes based evictions in GKE.
Automatic merge from submit-queue
Use a structured error rather than an Aggregate error in discovery
Should provide more information for debugging the root cause of
discovery failures.
Exposes the true cause of #32009
@lavalamp @derekwaynecarr
Automatic merge from submit-queue
Feature gate is not stable sorted - docs change each gen
Also... why are the feature flags defined *in* pkg/util/config which has nothing to do with general Kube? Flags should be defined statically in a subpackage of the kubelet (if they are kubelet feature flags) or in pkg/kubernetes/features or something somewhere else generic.
Kubernetes Submit Queue