If CIDRAllocatorType is set to `CloudCIDRAllocator`, then allocation
of CIDR allocation instead is done by the external cloud provider and
the node controller is only responsible for reflecting the allocation
into the node spec.
- Splits off the rangeAllocator from the cidr_allocator.go file.
- Adds cloudCIDRAllocator, which is used when the cloud provider allocates
the CIDR ranges externally. (GCE support only)
- Updates RBAC permission for node controller to include PATCH
KUBE_GCE_ENABLE_IP_ALIASES=true will enable allocation of PodCIDR ips
using the ip alias mechanism rather than using routes.
NODE_IP_RANGE will control the node instance IP cidr
KUBE_GCE_IP_ALIAS_SIZE controls the size of each podCIDR
IP_ALIAS_SUBNETWORK controls the name of the subnet created for the cluster
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Fix etcd semver validation by using 'sort -V'
The old check would erroneously say e.g. v3.0.6 is greater than v3.0.17 which is obviously false. So hack/local-up-cluster.sh would be allowed to run and things would break because etcd does not meet the minimum. sort -V validates it correctly.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Supplement unit tests to `kubectl create rolebinding` command.
Supplement unit tests to `kubectl create rolebinding` command,
including:
1. Unit tests for pkg/kubectl/role.go
2. Unit tests for pkg/kubectl/cmd/create_role.go
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Update etcd-client godep to 3.1.5
This transitively level sets the godeps to yank in the 3.1.5 client.
Currently WIP, b/c it required some regen and I had some weird local permissions issue.
xref: #41143
/cc @xiang90 @mml
Automatic merge from submit-queue (batch tested with PRs 43304, 41427, 43490, 44352)
Node failure tests for cluster autoscaler
E2e tests checking whether CA is still working with a single broken node.
cc: @MaciekPytel @jszczepkowski @fgrzadkowski
The exported or public functions requires a doc comment to pass golint.
This commit has changes of conversion generated code. The actual doc
changes are added into a separate commit for a clean review.
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
Avoid nil user special-casing in unsecured endpoint
The unsecured handler currently adds no `user.Info` to the request context. That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions.
This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer
I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
validateClusterInfo: use clientcmdapi.NewCluster()
Change validateClusterInfo to use clientcmdapi.NewCluster() instead of
clientcmdapi.Cluster{} when comparing against the passed in clusterInfo.
clusterInfo most likely will be a combination of
clientcmdapi.NewCluster() merged with potential overrides. This is
necessary because otherwise, the DeepEqual between what is supposed to
be an empty Cluster and clusterInfo will fail, resulting in an error
that doesn't allow fall-through to checking for in-cluster
configuration.
https://github.com/kubernetes/kubernetes/pull/40508 changed `DirectClientConfig.getContext()` to start with a `clientcmdapi.NewCluster()` instead of the zero value for `clientcmdapi.Cluster`. This means that the `Extensions` map in the `Cluster` is initialized instead of `nil`, which breaks the `DeepEqual` test unless you compare `clusterInfo` against an initialized `clientcmdapi.NewCluster()`.
cc @smarterclayton @sttts @vjsamuel @liggitt @deads2k @soltysh @fabianofranz @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
make unstructured items correspond to other items for storage
"normal" `Items` elements include the struct itself, not a pointer to the struct. Some of the deeper bits of storage rely on this behavior in reflective paths.
This updates the `UnstructuredList` to be "normal".
@kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
Remove credentials on worker nodes for vSphere cloud provider.
**What this PR does / why we need it**:
Remove the dependency of login information on worker nodes for vsphere cloud provider:
1. VM Name is required to be set in the cloud provider configuration file.
2. Remove the requirement of login for Instance functions when querying local node information.
**Which issue this PR fixes** : fixes #https://github.com/kubernetes/kubernetes/issues/35339
**Release note**:
The exported or public functions without a comment results into golint failure
in various generated files. The changes in this patch takes care of about 36
related lint failures.
Given below is an example lint error,
zz_generated.conversion.go:91:1: exported function
Convert_v1alpha1_Binding_To_servicecatalog_Binding should have comment or be
unexported
Automatic merge from submit-queue
remove dependency on gorestful for rest handling
There's no reason for us to rely upon go-restful for our REST handling. This separates the layers so that gorestful route functions are built on top of native `http.HandlerFuncs`.
@DirectXMan12 I think this is the sort of handling you wanted to be able to add and remove at will, right? I have other commits that demonstrate how to wire these into "normal" `http.Handlers` if its useful to you.
@kubernetes/sig-api-machinery-pr-reviews @smarterclayton @sttts @lavalamp
Automatic merge from submit-queue
add "/apis/" to kube-aggregator apisHandler
This makes the following two urls have the same result.
https://ip:443/apishttps://ip:443/apis/
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
make deployment unit tests need to respect subresources
Fixes#42569
I check all the unit test code related to `Matches` method, seems there's only one line we could change to not break previous testing logic
@kargakis ptal, thanks
/assign @kargakis
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
Fix: check "ok" first to avoid panic
Check "ok" and then check if "currState.pod.Spec.NodeName != pod.Spec.NodeName", here if currState is nil, it will panic.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
fix return value of "kubectl auth cani --quiet"
Before this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
0
After this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
1
@deads2k
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 43844, 44284)
Add a retry to cluster-autoscaler e2e
This should fix https://github.com/kubernetes/kubernetes/issues/44268.
The flake was caused by following sequence of events:
1. Cluster was at minimum size (3), some node was unneeded for a while.
2. Setup for some test (scale-down, failure) would increase node group size (to 5) and wait for new nodes to come up.
3. As soon as new node come up (cluster size 4) CA would scale-down the old unneeded node (setting node group size to 4).
4. Node group would not reach size 5 (as the target was now 4) and the test would timeout and fail.
This PR makes the setup monitor re-set the target node group size if the above scenario happens.
Automatic merge from submit-queue
add Stringer interface for eventType
**What this PR does / why we need it**:
fix invalid log outputs like
"graph_builder.go:429] GraphBuilder process object: v1/Endpoints, namespace kube-system, name kube-controller-manager, event type %!s(garbagecollector.eventType=1)"
Automatic merge from submit-queue (batch tested with PRs 43887, 41914, 44170)
Make NetworkPolicy docs reflect reality
spinoff of #39164; this just updates the docs to reflect the way the v1beta1 API has actually been implemented
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
proxy/iptables: precompute svcPortName strings
With many services, the calls to svcPortName.String() show up as a
somewhat significant CPU user under syncProxyRules().
For whatever reason github repeatedly fails to upload the pprof with Firefox, so here's an example:
http://people.redhat.com/dcbw/kube-proxy-svcPortName-String.pdf
Automatic merge from submit-queue
[Federation][kubefed] Annotate all Federation API objects with the federation name and (if applicable) the cluster name.
Address part of #42324.
```release-note
Adds annotations to all Federation objects created by kubefed.
```
Automatic merge from submit-queue (batch tested with PRs 44286, 44209)
[Federation][Kubefed] Bug fix to enable disabling federation controllers through override args
Targets https://github.com/kubernetes/kubernetes/issues/42761
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/42761
**Special notes for your reviewer**:
@marun @perotinus @nikhiljindal
**Release note**:
```
NONE
```
Mike Danese