Automatic merge from submit-queue
Change rbac roleref to reflect the information we want
@liggitt @ericchiang This is a version of https://github.com/kubernetes/kubernetes/pull/31359 which updates the `RoleRef` to be (I think) the type that we want, with a group, resource, and name.
This is **not** backwards compatible with any existing data. I'm ok with doing this since rbac was considered alpha, but its something to consider.
If we want this instead, I'll close the previous pull (or update it with this content).
Automatic merge from submit-queue
update pkg/cloudprovider OWNERS to spread the review load
This is going to make the mungebot start assigning reviews in your cloudprovider packages.
fyi @runseb @dagnello @imkin @anguslees @dagnello
Automatic merge from submit-queue
print resource kind prefix when `kubectl get all` has single type to display
**Release note**:
```release-note
NONE
```
This patch forces the HumanReadablePrinter to display resource kind
prefixes when there is only one type of resource to show and a specific
resource type has not been specified as an argument to kubectl get
`$ kubectl get all`
```
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 172.30.0.1 <none> 443/TCP,53/UDP,53/TCP 2m
```
`$ kubectl get all`
```
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes 172.30.0.1 <none> 443/TCP,53/UDP,53/TCP 2m
```
Automatic merge from submit-queue
Fixed TODO: move predicate check into a pod admitter
refractoring AdmitPod func to move predicate check into a pod admitter
Automatic merge from submit-queue
Redundant code process for container_mananger start
1. need not sum the total numEnsureStateFuncs
2. numEnsureStateFuncs should > 0, otherwise, calculate numEnsureStateFuncs would be not neccessary
Automatic merge from submit-queue
update `kubectl expose` output to UsageError
**Release note**:
```release-note
NONE
```
This patch updates `kubectl expose` output (with no resources provided)
to a UsageError so that the `kubectl expose -h` suggestion is displayed.
##### Before
`$ kubectl expose`
```
error: You must provide one or more resources by argument or filename.
Example resource specifications include:
'-f rsrc.yaml'
'--filename=rsrc.json'
'pods my-pod'
'services'
```
##### After
```
error: You must provide one or more resources by argument or filename.
Example resource specifications include:
'-f rsrc.yaml'
'--filename=rsrc.json'
'pods my-pod'
'services'
See 'kubectl expose -h' for help and examples.
```
Automatic merge from submit-queue
Rollout dry run
**What this PR does / why we need it**: rollout undo add dry-run implementation
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#28219
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```
rollout undo add dry-run option
```
Automatic merge from submit-queue
Add missing new line after "No events."
**What this PR does / why we need it**: Make `kubectl describe` output pretty again.
**Special notes for your reviewer**: Should probably get rolled into the release branch.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
Automatic merge from submit-queue
add alias svc for create_service.go
add alias 'svc' for service in create_service.go so that alias 'svc' can be used and also can be seen in help message's Aliases like below:
```shell
$ kubectl create svc -h
Create a service using specified subcommand.
Aliases:
service, svc
Available Commands:
clusterip Create a clusterIP service.
loadbalancer Create a LoadBalancer service.
nodeport Create a NodePort service.
Usage:
kubectl create service [options]
```
Automatic merge from submit-queue
Do not allow creation of GCE PDs in unmanaged zones.
Such volumes then couldn't be deleted as `getDiskByNameUnknownZone` goes through managed zones only.
Fixes: #31948
@kubernetes/rh-storage
@saad-ali, PTAL.
Automatic merge from submit-queue
Move CSR helper for nodes out of kubelet
**What this PR does / why we need it**:
Including `cmd/kubelet/app` in kubeadm causes flag leakage.
Namelly, the problem is with `pkg/credentialprovider/gcp`, which
leaks `--google-json-key` and changing the behaviour of `init()`
doesn't sound reasonable, given kubelet is the only one who uses
this packages and obviously the flag is part of the functionality.
The helper is already generic enough, it has already been exported
and works well for kubeadm, so moving it should be fine.
**Special notes for your reviewer**: cc @mikedanese @yifan-gu @gtank
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Improve the get output for completed pods
**What this PR does / why we need it**:
- rename FinishPrint() to AfterPrint()
- add a newline to separate it from the table
- remove the "objects" and ()
- assume plural
**Which issue this PR fixes**
fixes#31160
**Special notes for your reviewer**:
None
**Release note**:
```release-note
Improve the get output for completed pods
```
Automatic merge from submit-queue
Add a check in ConfirmUsable() to validate the contextName
**What this PR does / why we need it**:
When a context name is provided, but can't be found (miss spelling), it currently
uses the defaults. This PR will cause the command to fail, to prevent unexpected side effects
of using the wrong configuration.
**Which issue this PR fixes**
fixes#21062
**Special notes for your reviewer**:
None
**Release note**:
```release-note
Error if a contextName is provided but not found in the kubeconfig.
```
Automatic merge from submit-queue
Set Job's labels from PodTemplateSpec if none are specified
Fixes#31009 and replaces #32033.
@AdoHe I've picked your changes, added the additional ones for 'batch/v2alpha1' and most importantly added tests for job's defaulting. ptal
Automatic merge from submit-queue
Fix: Dynamic provisioning for vSphere
This PR does the following,
1. Fixes an error 'A specified parameter was not correct:' occurs while dynamically provisioning the volumes.
2. Adds VSAN support for dynamic provisioning.
Automatic merge from submit-queue
update taints e2e, restrict taints operation with key, effect
Since taints are now unique by key, effect on a node, this PR is to restrict existing taints adding/removing/updating operations in taints e2e.
Also fixes https://github.com/kubernetes/kubernetes/issues/31066#issuecomment-242870101
Related prior Issue/PR #29362 and #30590
Automatic merge from submit-queue
Use PV shared informer in PV controller
Use the PV shared informer, addressing (partially) https://github.com/kubernetes/kubernetes/issues/26247 . Using the PVC shared informer is not so simple because sometimes the controller wants to `Requeue` and...
Automatic merge from submit-queue
add suggestion to use `describe` to obtain container names
**Release note**:
```release-note
release-note-none
```
Commands with the `--container=` option provide no suggestions to a user
on how to obtain a container's name from a pod.
This patch adds a suggestion on the usage output to use the `describe`
command on a pod to obtain the container value that is passed to the
`--container=` flag.
`$ kubectl exec -h`
```
Execute a command in a container.
Examples:
kubectl exec 123456-7890 date
kubectl exec 123456-7890 -c ruby-container date
kubectl exec 123456-7890 -c ruby-container -i -t -- bash -il
Flags:
-c, --container string Container name. If omitted, the first container in the pod will be chosen. Use the 'describe' command to find the list of containers on a pod.
-p, --pod string Pod name
-i, --stdin Pass stdin to the container
-t, --tty Stdin is a TTY
Automatic merge from submit-queue
Return all the invalid flags for rollingupdate
It had better to return all the invalid flags for the "validateArguments" function, so the user can modify them at once.
Automatic merge from submit-queue
Return all the invalid parameters for set_image
Suggest returning all the invalid parameters for "ImageOptions.Validate()" in set_image.go.
Automatic merge from submit-queue
Optimise the DefaultGenerators function
It needn't define all the generators in the "DefaultGenerators" function, it just return the "cmdName" generator, the others is redundant.
Automatic merge from submit-queue
support storage class in Ceph RBD volume
replace WIP PR #30959, using PV annotation idea from @jsafrane
@kubernetes/sig-storage @johscheuer @elsonrodriguez
Automatic merge from submit-queue
Use scale subresource
Fixes#29698
Use scale subresource for ReplicationController, ReplicaSet and Deployment.
Couldn't do Jobs and PetSet since they live in a different group.
Automatic merge from submit-queue
Example of unversioned pkg uses correct Config struct
Currently this Doc has incorrect example - https://godoc.org/k8s.io/kubernetes/pkg/client/unversioned
So when developers use it they are confused why `client` pkg has no `Config` struct, actually this is a struct from `restclient` pkg.
Also pkg name and variable name should be equal:
`client, err := client.New(config)`
Thanks,
Alex
Automatic merge from submit-queue
Kubelet: add KillPod for new runtime API
This PR adds implements of KillPod for new runtime API.
CC @yujuhong @Random-Liu @kubernetes/sig-node @kubernetes/sig-rktnetes
Automatic merge from submit-queue
add ClientSet to factory to remove non-generated client
We should move to using generated clients in the `kubectl` client. We should really move to generated external clients, but this at least moves away from using manually created clients.
@fabianofranz @mfojtik When I complete this work (move the other commands and eliminate the old API), this will ripple downstream.
Automatic merge from submit-queue
Kubelet: rename CreatePodSandbox to RunPodSandbox in CRI
As @yifan-gu pointed out in #31847, the name `CreatePodSandbox` doesn't reflect that the sandbox is running after the API succeeds. This PR renames it to `RunPodSandbox` to make this clear.
CC @yujuhong @yifan-gu @kubernetes/sig-node
Changes made in #31947 cause kube-proxy to ignore `--kubeconfig`
and `--master` flags and use in-cluster configuration, which is
unusable due to the fact that VIP hasn't been created yet.
Automatic merge from submit-queue
add group prefix matching for kubectl usage
Adds prefix matching for groups so that `kubectl get storageclass.storage` matches `storageclass.storage.k8s.io`.
@kubernetes/kubectl
Automatic merge from submit-queue
add logging for enabled/disabled API Groups
Adds logging to the apiserver to indicate which API groups are enabled and disabled as go through. This will make it easier to identify what's gone wrong in cases where the API server is down during diagnoses and the config is inaccessible, like in GKE tests. For example https://github.com/kubernetes/kubernetes/issues/32185#issuecomment-245255700 .
@wojtek-t This may have made the problem more obvious.
Automatic merge from submit-queue
make swaggerschema agnostic about which version to use
`Factory.SwaggerSchema` was reliant on having a non-generated client bits filled in so that it could get the adapted client it wanted. There's no need since discovery ignores configured GroupVersions. This eliminates the unneeded dependency.
Automatic merge from submit-queue
Add validation rule to prevent adding finalizers if the object is being deleted
To implement the behavior described in comments: https://github.com/kubernetes/kubernetes/blob/master/pkg/api/types.go#L149-L150
This purpose of this behavior is to disallow user manually changes from cascading deletion to orphaning after the deletion starts.
Fix#32339
This is a follow on from the previous commit that fixed ClientConfig.
Namespace can also be defaulted from ICC, and this correctly handles
that logic. Also add two debugging lines to ensure that it is easier in
the future to uncover problems here.
Automatic merge from submit-queue
Make sure finalizers prevent deletion on storage that supports graceful deletion
Fixing bug:
Non-empty Finalizers fails to prevent a pod from being deleted, if deleteOptions.GracefulPeriod=0. See https://github.com/kubernetes/kubernetes/issues/32157#issuecomment-245778483
We didn't hit any issue with orphan finalizer because all our tests set finalizers on RC or RS, whose storage doesn't support graceful deletion.
cc @thockin @lavalamp
Automatic merge from submit-queue
Service behaviour not correct when ESIPP annotation is toggled or deleted
Fixes#31649
GCE controller: Correctly add/remove http health checks based on whether the annotation was added or removed
kube-proxy: Create/Delete XLB local-endpoints balancer chain and change jump actions from KUBE-FW- chain based on the annotation.
Automatic merge from submit-queue
Fix namespace in audit logs
@sttts apparently previous logic was not good enough to read the namespace, which I haven't noticed on time. ptal
Automatic merge from submit-queue
Don't return an error if a file doesn't exist for IsPathDevice(...)
Fixes https://github.com/kubernetes/kubernetes/issues/30455
@saad-ali @thockin fyi, since linux devices and storage.
Automatic merge from submit-queue
Kubelet: implement GetPodContainerID for new runtime API
Add implements of `GetPodContainerID` interface for new runtime API.
CC @yujuhong @kubernetes/sig-node @kubernetes/sig-rktnetes
Automatic merge from submit-queue
correct imagefs inodes value in kubelet summary stats
Fix https://github.com/kubernetes/kubernetes/issues/31501
Correct get imagefs inodes value from imageFsInfo.Inodes in kubelet summary stats api.
@derekwaynecarr
Automatic merge from submit-queue
Avoid unnecessary status update when there is no corresponding mirror pod
Fixes https://github.com/kubernetes/kubernetes/issues/32191.
This PR changes status manager to skip update when there is no mirror pod for a static pod.
We need this because:
1) When static pod terminates and mirror pod is deleted, this will avoid extra `syncPod`.
2) During mirror pod creation and recreation, this will avoid unnecessary `syncPod`.
Mark P1 to match the original issue.
@wojtek-t @yujuhong
/cc @kubernetes/sig-node
Automatic merge from submit-queue
refactor genericapiserver new to combine initialization
Combines `New` and `init` since the two were inseparable before anyway. `New` now has all the code to create the `GenericAPIServer`.
The rest of the change is a move. I want to refactor the flow more, but I figured that doing it separately would simplify the review.
@sttts how do you feel about looking at this one?
Automatic merge from submit-queue
remove cast utilities from rbac
Casting functions like these are a source of pain in OpenShift. We should eliminate them to avoid drift problems like we've had downstream.
@kubernetes/sig-auth
@ericchiang ptal
Automatic merge from submit-queue
Change the eviction metric type and fix rate-limited-timed-queue
People how know better convinced me that aggregate counter is better than a gauge for a number of evictions metric. @Q-Lee
Per discussion with @pwittrock I add a v1.4 label and a cherrypick candidate label. This is a slightly bigger change than I thought, but it fixes a bug in eviction logic, so it's also important.
cc @derekwaynecarr @smarterclayton @timothysc
Automatic merge from submit-queue
FakeWatcher with channel size constructor
Follow up for #32234. Items in the PR:
* Chan size option in watcher to prevent deadlock via buffering.
* WatcherDispatcher refactoring.
Automatic merge from submit-queue
Instruct PLEG to detect pod sandbox state changes
This PR adds a Sandboxes list in `kubecontainer.Pod`, so that PLEG can check
sandbox changes using `GetPods()` . The sandboxes are treated as regular
containers (type `kubecontainer.Container`) for now to avoid additional
changes in PLEG.
/cc @feiskyer @yifan-gu @euank
Automatic merge from submit-queue
kubectl rollout status waits for available pods
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
This changes kubectl rollout status to wait until all updated replicas are available before finishing.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#31130
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Changes 'kubectl rollout status' to wait until all updated replicas are available before finishing.
```
Currently kubectl rollout status finishes when Deployment.Spec.Replicas == Deployment.Status.UpdatedReplicas, but it's less surprising to the user for kubectl rollout status to wait until Deployment.Status.UpdatedReplicas == Deployment.Status.Replics == Deployment.Status.AvailableReplicas
Automatic merge from submit-queue
api storage: Decouple Decorator from Filter
Continue #28249
What?
This PR decouples Decorator from Filter, i.e. remove Decorator in createFilter().
- For List, Decorator is called on returned list object.
- For Watch, we implement a new watcher to pipe through decorator. Error will be returned as a watch event.
Why?
- We want to change filter to SelectionPredicate struct. But Decorator is designed to be coupled with filtering.
- Per the discussion in #28249, decorator shouldn't be coupled to filter and error from Decorator should be returned instead of assuming false filtering.
Automatic merge from submit-queue
privatize, document, and scrub GenericAPIServer
I've gone through more of the `GenericAPIServer` struct, started documenting what the fields do and privatizing ones that aren't used elsewhere or are only used by components that need some refactoring too.
Automatic merge from submit-queue
add selfsubjectaccessreview API
Exposes the REST API for self subject access reviews. This allows a user to see whether or not they can perform a particular action.
@kubernetes/sig-auth
Automatic merge from submit-queue
vSphere Cloud provider null pointer exception
This PR addresses issue #31823.
SelectByType function in govmomi will panic if deviceType is not Array,
Chan, Map, Ptr, or Slice. Also checking if vmDevices or vm are nil,
there is nothing to cleanup.
Including `cmd/kubelet/app` in kubeadm causes flag leakage.
Namelly, the problem is with `pkg/credentialprovider/gcp`, which
leaks `--google-json-key` and changing the behaviour of `init()`
doesn't sound reasonable, given kubelet is the only one who uses
this packages and obviously the flag is part of the functionality.
The helper is already generic enough, it has already been exported
and works well for kubeadm, so moving it should be fine.
Automatic merge from submit-queue
Do not report warning event when an unknown provisioner is requested.
with `StorageClass.Provisioner == <unknown plugin>`, we should wait for
either external provisioner or volume admin to provide a PV for a claim
instead of reporting an error.
Fixes#31723
- Change FinishPrint() to AfterPrint()
(As suggested in #31160)
- add a newline to separate it from the table
- remove the "objects" and ()
- assume plural
Automatic merge from submit-queue
Rename ConnectToDockerOrDie to CreateDockerClientOrDie
This function does not actually attempt to connect to the docker daemon, it just creates a client object that can be used to do so later. The old name was confusing, as it implied that a failure to touch the docker daemon could cause program termination (rather than just a failure to create the client).
Automatic merge from submit-queue
Log an event when container runtime exceeds grace-period during eviction
While debugging flakes in eviction, I encountered scenarios where the container run-time did not evict a pod within the allowed grace period. This could result in situations where a BE pod would not get killed fast enough and therefore a Bu pod was killed next (assuming there were no other BE pods)
/cc @mtaufen @vishh
This patch forces the HumanReadablePrinter to display resource kind
prefixes when there is only one type of resource to show and a specific
resource type has not been specified as an argument to kubectl get
`$ kubectl get all`
```
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 172.30.0.1 <none> 443/TCP,53/UDP,53/TCP 2m
```
`$ kubectl get all`
```
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes 172.30.0.1 <none> 443/TCP,53/UDP,53/TCP 2m
```
Automatic merge from submit-queue
Use a structured error rather than an Aggregate error in discovery
Should provide more information for debugging the root cause of
discovery failures.
Exposes the true cause of #32009
@lavalamp @derekwaynecarr
Automatic merge from submit-queue
Feature gate is not stable sorted - docs change each gen
Also... why are the feature flags defined *in* pkg/util/config which has nothing to do with general Kube? Flags should be defined statically in a subpackage of the kubelet (if they are kubelet feature flags) or in pkg/kubernetes/features or something somewhere else generic.
Automatic merge from submit-queue
Combine the ValidateRunOptions errors
In the "ValidateRunOptions" function, it had better to show all the invalid flags, so the user can modify them at once.
Automatic merge from submit-queue
Split path validation into a separate library
This PR splits path segment validation into it's own package. This cuts off one of the restclient's dependency paths to some docker packages, and completely eliminates its dependency on go-restful swagger validation.
cc @kubernetes/sig-api-machinery
Automatic merge from submit-queue
Kubelet: implement GetPodStatus for new runtime API
Implement `GetPodStatus()` for new runtime API. Part of #28789 .
CC @yujuhong @Random-Liu @dchen1107
Automatic merge from submit-queue
rkt: Update kube-up rkt version to v1.14.0
cc @kubernetes/sig-rktnetes
This should have been included in #31286 (whoops).
This is a bugfix that I propose for v1.4 inclusion.
with StorageClass.Provisioner == <unknown plugin>, we should wait for
either external provisioner or volume admin to provide a PV for a claim
instead of reporting an error.
Fixes#31723
Automatic merge from submit-queue
Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist
Remove `net.ipv4.tcp_max_syn_backlog` from sysctl whitelist. This is not namespaced in today's kernels, but must be set on node-level.
Having this on the whitelist, wouldn't harm because the kernel only offers namespaced `net.*` sysctls in the `/proc/sys` tree. But having a sysctl on the whitelist, which cannot be used, doesn't make sense either.
#### 1.4 justification:
- Risk: the whitelist is a published API. We shouldn't have sysctls on there which do not work.
- Rollback: nothing should depend on this behavior.
- Cost: the cost of this is relatively low, as no pod with this sysctl will launch.
Automatic merge from submit-queue
Move StorageClass to a storage group
We discussed the pros and cons in sig-api-machinery yesterday. Choosing a particular group name means that clients (including our internal code) require less work and re-swizzling to handle promotions between versions. Even if you choose a group you end up not liking, the amount of work remains the same as the incubator work case: you move the affected kind, resource, and storage.
This moves the `StorageClass` type to the `storage.k8s.io` group (named for consistency with authentication, authorization, rbac, and imagepolicy). There are two commits, one for manaul changes and one for generated code.
Automatic merge from submit-queue
Check for EmptyConfig errors when trying to use in-cluster config
By removing the default "localhost:8080" behavior several paths in
client config began returning err == ErrEmptyConfig rather than err ==
nil. The code checking for in cluster config was wrong - the logic
should be:
1. If loading the underlying config returns a non-empty error, fail
2. If the underlying config is not equal to the default config,
return that config (it has user input)
3. If it is possible to use in-cluster config, do so
4. Otherwise return the default config (and or default EmptyConfig
error).
Fixes#31910 @thockin @lavalamp @deads2k. We introduced EmptyConfig a very long time ago, but until I removed the "localhost:8080" Kubernetes was not actually exposing it (OpenShift relies on it since we don't set an insecure default). This properly falls through to in-cluster config in the described conditions.
```release-note
Some components like kube-dns and kube-proxy could fail to load the service account token when started within a pod. Properly handle empty configurations to try loading the service account config.
```
By removing the default "localhost:8080" behavior several paths in
client config began returning err == ErrEmptyConfig rather than err ==
nil. The code checking for in cluster config was wrong - the logic
should be:
1. If loading the underlying config returns a non-empty error, fail
2. If the underlying config is not equal to the default config,
return that config (it's got user input)
3. If it is possible to use in cluster config, do so
4. Otherwise return the default config (and or default EmptyConfig
error).
Automatic merge from submit-queue
Add e2e tests for eviction subresource.
This branch includes changes pending in both #31638 and #31721. I will rebase
once those merge.
Automatic merge from submit-queue
fix log message to include ds name
The pod name is never set because newPod is created a couple lines up without a name. Instead log the name and namespace of the ds which the pod is created from.
also bump the log level because reasons loop get's hit fairly often and does not indicate a bug.
Automatic merge from submit-queue
Sleep between NodeStatus update retries
Just a thing I found when looking into other problems.
This is pretty much no-risk change fixing wrong behavior. Do you think it should go in 1.4? @pwittrock
Automatic merge from submit-queue
Fix errors.NewAggregate nil pointer panic
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
Consider the following code block,
```
err := myfunc()
agg := errors.NewAggregate([]error{err})
fmt.Println("aggregate error is %v", agg)
```
If the `err` is **nil**, then it will cause a panic:
```
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x20 pc=0x481a61]
goroutine 6 [running]:
panic(0x5769c0, 0xc082002090)
C:/Go/src/runtime/panic.go:464 +0x3f4
testing.tRunner.func1(0xc082074090)
C:/Go/src/testing/testing.go:467 +0x199
panic(0x5769c0, 0xc082002090)
C:/Go/src/runtime/panic.go:426 +0x4f7
k8s.io/kubernetes/pkg/util/errors.aggregate.Error(0xc082002590, 0x1, 0x1, 0x0, 0x0)
D:/goproject/community/src/k8s.io/kubernetes/pkg/util/errors/errors.go:71 +0x91
k8s.io/kubernetes/pkg/util/errors.(*aggregate).Error(0xc08200c7e0, 0x0, 0x0)
<autogenerated>:1 +0xb4
k8s.io/kubernetes/pkg/util/errors.TestAggregateWithNil(0xc082074090)
D:/goproject/community/src/k8s.io/kubernetes/pkg/util/errors/errors_test.go:70 +0x402
testing.tRunner(0xc082074090, 0x67cdb8)
C:/Go/src/testing/testing.go:473 +0x9f
created by testing.RunTests
C:/Go/src/testing/testing.go:582 +0x899
exit status 2
```
The root cause is that [aggregate.Error()](https://github.com/kubernetes/kubernetes/blob/master/pkg/util/errors/errors.go#L47) doesn't check if error list contains nil.
We can blame the user didn't check if `err` is nil before passing it to
```
errors.NewAggregate([]error{err})
```
but I think we can check again inside in case of user forget to check outside.
Node controller's internalPodInformer will block main thread
if it is not started as a go routine. This patch fixed this
by runing internalPodInformer as a go routine.
Automatic merge from submit-queue
add deploy for deployment in kubectl set image help text
add shorthand deploy for deployment in kubectl set image help text
Automatic merge from submit-queue
change annotate_resources to valid_resources
annotate_resources missing some resources such as deployment, namespace.
i think using valid_resources to replace annotate_resources more suitable.
Automatic merge from submit-queue
kubectl edit: Do not add warning header if ftype is json.
This PR blocks adding warning header if `kubectl edit` is used with `-o json` option.
Fixed header contains comment (what is not supported by json standard) what can break utilities which are using libraries that conforms with http://www.ietf.org/rfc/rfc7159.txtfixes#29524
/cc @pwittrock
```release-note
Removed comments in json config when using kubectl edit with -o json
```
Automatic merge from submit-queue
Make a vSphere cluster the failure_zone
vSphere cloud provider returns the FailureZone as Cluster, if the VM belongs to a ResourcePool under a Cluster.
fixes: #30933
* Currently the vSphere cloud provider treats Datacenter as the failure
Zone. This doesn't necessarily work since in the current implemention
Kubernetes nodes cannot span Datacenters.
* This change introduces Clusters as the failure zone, while treating
Datacenters as Regions
* Also updated tests for Zones
Automatic merge from submit-queue
Fix named pipe in kubectl zsh completion
This PR fixes#28049
Though my zsh version > 5.0, I still got the problem. So, I think we need this fix.
---
### Env
```
OS: Ubuntu 14.04
$ zsh --version
zsh 5.0.2 (x86_64-pc-linux-gnu)
```
### A simple DEMO to show the root cause
In zsh and bash, a multi-line named pipe, who is wrapped by parenthesis, is possible to mismatch the "right parenthesis", even that parenthesis is in a here-document.
The following script was going to use `sed` to print the text in the 'BASH_COMPLETION_EOF' here-document.
> * I made the `sed` simpler. As you can see, `sed` actually does nothing here. It just prints what it gets from `<<`). In real [`pkg/kubectl/cmd/completion.go`](https://github.com/kubernetes/kubernetes/blob/v1.3.5/pkg/kubectl/cmd/completion.go#L246-L258), `sed` will do some text replacement, changing bash functions to zsh functions. But that is not the point of the problem.
> * I use `cat <(...)` to replace the `source <(...)`.
> In this way, we can see how named pipe works.
run-bad.zsh:
```bash
#!/usr/bin/zsh
cat <(sed -e 's/foo/bar/g' <<'BASH_COMPLETION_EOF'
aaa='aaa'
case aaa in
'aaa') # <- This ')' is in a here-document, but it is handled by named pipe by mistake.
echo 'yes'
;;
esac
BASH_COMPLETION_EOF
)
```
> Output:
> ```
> ./run-bad.zsh
> aaa='aaa'
> case aaa in
> 'aaa'yes <- You can see the here-document `echo yes` has been executed!!!
> ./run-bad.zsh:8: parse error near `;;'
> ```
The named pipe `<(sed ...` "eats" the `)`, which should belong to `case aaa in 'aaa')`. So that the named pipe ends earlier than expectation. The left zsh code is broken, it fails.
### Here's the fix
Move the code into a function, and use an inline named pipe.
run.zsh:
```bash
#!/usr/bin/zsh
print_sed_result() {
sed -e 's/foo/bar/g' <<'BASH_COMPLETION_EOF'
aaa='aaa'
case aaa in
'aaa')
echo 'yes'
;;
esac
BASH_COMPLETION_EOF
}
cat <(print_sed_result) # <- Use an inline named pipe
```
> Output:
> ```
> ./run.zsh > stack@docker-dev01
> aaa='aaa'
> case aaa in
> 'aaa')
> echo 'yes'
> ;;
> esac
> ```
Now, the here-document and named pipe work correctly.
Automatic merge from submit-queue
Make @rootfs the assignee for various volumes
This, combined with the '/lgtm' capability of reviewers means you can approve
PRs. @rootfs - I assume you're OK with this?
Automatic merge from submit-queue
Typos and englishify pkg/cloudprovider + pkg/dns + pkg/kubectl
**What this PR does / why we need it**: Just fixed some typos + "englishify" in pkg/cloudprovider + pkg/dns + pkg/kubectl
**Which issue this PR fixes** : None
**Special notes for your reviewer**: It's just fixes typos
**Release note**: `NONE`
We should be following the same rules for Stream() as the normal body
request flow.
Also add slightly more output on a server error - in the future we may
want to clean this up but it's potentially hiding bad responses.
Automatic merge from submit-queue
kubelet_test.go: use assertions
Switch most of the tests in this file to using the assert library
(`github.com/stretchr/testify/assert`) in the tests for better readability and
less code in general.
Automatic merge from submit-queue
retry oauth token fetch in gce cloudprovider
Fixes https://github.com/kubernetes/kubernetes/issues/31560
The oauth client fetches a token on the initial request of that client. Let's warm the cache.
cc @goltermann @lavalamp
Automatic merge from submit-queue
Fix PSP update validation
Issues fixed:
- apparmor annotations were not being validated
- sysctl annotations were not being validated
- `ValidateObjectMetaUpdate` parameters were reversed
/cc @sttts
---
1.4 justification:
- Risk: If I did something wrong, valid updates could be rejected or invalid updates accepted.
- Rollback: Nothing should depend on this behavior
- Cost: As it stands, the PSP can be updated to an invalid state. The cost of this is relatively low, but a bad user experience.
Automatic merge from submit-queue
Fix PSP volumes error message
Was:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.containers[0].securityContext.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Now:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Also, only perform the validation once (by moving it from `ValidateContainerSecurityContext` to `ValidatePodSecurityContext`).
---
1.4 Justification:
- Risk: low, this is just altering an error message
- Rollback: nothing should depend on this functionality
- Cost: the old error message didn't make any sense (there are no volumes on a container SecurityContext). This is fixing a bug.
Automatic merge from submit-queue
Added printing of clarification for `object creation` request in case of object is in the process of graceful deletion
## **Output example:**
### # kubectl create -f ./pod.yaml
`pod "test-pod" created`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": pods "test-pod" already exists`
### # kubectl delete pods/test-pod
`pod "test-pod" deleted`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": object is being deleted: pods "test-pod" already exists`
Automatic merge from submit-queue
[GarbageCollector] GC retries failed garbage collection
The code was buried in #30483, which we decided to put off to 1.5.
Automatic merge from submit-queue
Update node status instead of node in kubelet
#31730 added code for the Kubelet to reconcile the existing and new nodes in order to annotate existing nodes with the annotation for controller-managed attach-detach. However, it used `Update` instead of `UpdateStatus`, which changes the operations the node's token needs to be permitted to use. Using `UpdateStatus` is functionally equivalent and maintains the same set of permissions nodes need to have today.
I'm adding this with the 1.4 milestone because it is a follow-on to a 1.4 PR and fixes a downstream bug (which won't surface to Kube).
Automatic merge from submit-queue
Namespace certificates API group
New API groups should follow best-practices for naming, including using DNS names within the k8s.io namespace
```release-note
The certificates API group has been renamed to certificates.k8s.io
```
SelectByType function in govmomi will panic if deviceType is not Array,
Chan, Map, Ptr, or Slice. Also checking if vmDevices or vm are nil,
there is nothing to cleanup.
Automatic merge from submit-queue
Namespace controller deletes pods last
I think this fixes https://github.com/kubernetes/kubernetes/issues/29308 or at least helps further reduce the incidence.
This PR changes the order in which namespace controller prioritizes resources for deletion. It deletes all resources before deleting pods. The rationale for this change is to broadcast deletion of controllers that spawn pods first rather than trip those controllers up into thinking they should spawn more pods which would increase the risk of causing races with the `NamespaceLifecycle` admission plug-in. Many of those controllers also are not rate-limited in the face of rejection, so rather than promote a situation where they are rejected, we promote a situation that removes those things first.
Automatic merge from submit-queue
Post event message for volume attachment
This PR is to add event message when attaching volume fails to help
users to debug. For detach failure, may address in a different PR since
it requires more data structure change.
Automatic merge from submit-queue
Revert "daemonset controller should respect taints"
Reverts kubernetes/kubernetes#31020
We will be unreverting with some modifications after v1.4.
cc @pwittrock @davidopp
Switch most of the tests in this file to using the assert/require library
(in `github.com/stretchr/testify`) in the tests for better readability and
less code in general.
Automatic merge from submit-queue
Ignore v1 bindings in namespace controller deletion
Fixes https://github.com/kubernetes/kubernetes/issues/31735
Ideally, in the long run, we can let clients built from discovery (and not requiring all of swagger) to know the verbs.
/cc @lavalamp
This PR is to add event message when attaching volume fails to help
users to debug. For detach failure, may address in a different PR since
it requires more data structure change.
Automatic merge from submit-queue
Generate versioned client for pvc
I noticed while trying to use client-go that there is no way to get PVC with versioned clientset. I don't know why it is excluded, I cannot find any discussion about this, so I am creating this assuming it is just an oversight...
Automatic merge from submit-queue
Print a message if metrics are not yet available.
**What this PR does / why we need it**:
It takes about 80s to gather first metrics for the newly created pod. We would like to indicate this to the user, so that they don't mistake it for the command failure.
In case no metrics are found, we check whether there should be any, and if yes, print the appropriate message to the user.
**Which issue this PR fixes**
#30826
```release-note
NONE
```
Automatic merge from submit-queue
Make it possible to enable controller-managed attach-detach on existing nodes
Fixes#31673. Now, if a node already exists with the given name on Kubelet startup, the Kubelet will reconcile the value of the controller-managed-attach-detach annotation so that existing nodes can have this feature turned on and off by changing the Kubelet configuration.
cc @kubernetes/sig-storage @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
Adding clusters to the list of valid resources printed by kubectl help
Ref https://github.com/kubernetes/kubernetes/issues/25592
Adding clusters to the list of valid resources printed by kubectl help with a clear message that it only works when talking to federation apiserver.
In future, we should replace the hard coded list with a dynamic list generated using APIServer's discovery API.
```release-note
Adding clusters to the list of valid resources printed by kubectl help
```
cc @kubernetes/kubectl @kubernetes/sig-cluster-federation
Chao Xu