Automatic merge from submit-queue
rkt: Update kube-up rkt version to v1.14.0
cc @kubernetes/sig-rktnetes
This should have been included in #31286 (whoops).
This is a bugfix that I propose for v1.4 inclusion.
Automatic merge from submit-queue
Use federated namespace instead of the bootstrap cluster's namespace in Ingress e2e tests.
This should fix#31825.
cc @kubernetes/sig-cluster-federation @quinton-hoole
Automatic merge from submit-queue
Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist
Remove `net.ipv4.tcp_max_syn_backlog` from sysctl whitelist. This is not namespaced in today's kernels, but must be set on node-level.
Having this on the whitelist, wouldn't harm because the kernel only offers namespaced `net.*` sysctls in the `/proc/sys` tree. But having a sysctl on the whitelist, which cannot be used, doesn't make sense either.
#### 1.4 justification:
- Risk: the whitelist is a published API. We shouldn't have sysctls on there which do not work.
- Rollback: nothing should depend on this behavior.
- Cost: the cost of this is relatively low, as no pod with this sysctl will launch.
Automatic merge from submit-queue
Move StorageClass to a storage group
We discussed the pros and cons in sig-api-machinery yesterday. Choosing a particular group name means that clients (including our internal code) require less work and re-swizzling to handle promotions between versions. Even if you choose a group you end up not liking, the amount of work remains the same as the incubator work case: you move the affected kind, resource, and storage.
This moves the `StorageClass` type to the `storage.k8s.io` group (named for consistency with authentication, authorization, rbac, and imagepolicy). There are two commits, one for manaul changes and one for generated code.
Automatic merge from submit-queue
Check for EmptyConfig errors when trying to use in-cluster config
By removing the default "localhost:8080" behavior several paths in
client config began returning err == ErrEmptyConfig rather than err ==
nil. The code checking for in cluster config was wrong - the logic
should be:
1. If loading the underlying config returns a non-empty error, fail
2. If the underlying config is not equal to the default config,
return that config (it has user input)
3. If it is possible to use in-cluster config, do so
4. Otherwise return the default config (and or default EmptyConfig
error).
Fixes#31910 @thockin @lavalamp @deads2k. We introduced EmptyConfig a very long time ago, but until I removed the "localhost:8080" Kubernetes was not actually exposing it (OpenShift relies on it since we don't set an insecure default). This properly falls through to in-cluster config in the described conditions.
```release-note
Some components like kube-dns and kube-proxy could fail to load the service account token when started within a pod. Properly handle empty configurations to try loading the service account config.
```
Automatic merge from submit-queue
e2e tests for Federated Secrets
e2e test to confirm that underlying secrets are always created correctly in underlying clusters
This is to address Issue #29337
Automatic merge from submit-queue
move '(master)' to end of message for uniformity
**What this PR does / why we need it**: This is a small polish operation on the kubernetes charm wrt juju status output.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
This changes the status output from:
```
kubernetes/0 active idle 3 172.27.24.54 8088/tcp
Kubernetes running.
kubernetes/1 active idle 4 172.27.24.55 6443/tcp
(master) Kubernetes services started
```
to this:
```
kubernetes/0 active idle 3 172.27.24.54 8088/tcp
Kubernetes running.
kubernetes/1 active idle 4 172.27.24.55 6443/tcp
Kubernetes services started (master)
```
By removing the default "localhost:8080" behavior several paths in
client config began returning err == ErrEmptyConfig rather than err ==
nil. The code checking for in cluster config was wrong - the logic
should be:
1. If loading the underlying config returns a non-empty error, fail
2. If the underlying config is not equal to the default config,
return that config (it's got user input)
3. If it is possible to use in cluster config, do so
4. Otherwise return the default config (and or default EmptyConfig
error).
Automatic merge from submit-queue
Add e2e tests for eviction subresource.
This branch includes changes pending in both #31638 and #31721. I will rebase
once those merge.
Automatic merge from submit-queue
Fix the race check after an overlapping deployment is deleted
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**: When deleting deployments in the "overlapping deployment" e2e test, we check that the deployment's RSes & Pods are deleted as well. However, other RSes and Pods (that matches this deployment's selector) may be created by overlapping deployments right after this one is deleted. So when we check that, we should ignore those created by overlapping deployments.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#31502
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
cc @kubernetes/deployment @pwittrock @kargakis
Automatic merge from submit-queue
Do not go into standalone mode when `--require-kubeconfig` is passed
**What this PR does / why we need it**:
We have change how missing `--api-servers` is treated with introduction of `--require-kubeconfig` (#30798), however we haven't introduced explicit `--standalone` flag for backwards-compatibility reasons. Right now, setting `--kubeconfig` and`--require-kubeconfig` still gets kubelet into standalone mode. In practice this means that it doesn't get to update `nodeInfo` and thereby may refuse to admit pods which had been assigned to it by the scheduler. For example, if you update labels for that given node, and try to use affinity or `NodeLabels` on a pod, it won't get to run.
**Which issue this PR fixes**: fixes#32085
**Special notes for your reviewer**: This fix is only until we introduce `--standalone` flag.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
Automatic merge from submit-queue
Set eviction-hard for vagrant cluster
In order to test eviction related functionality it will be convenient to have reasonable eviction defaults.
At this moment exactly same flags are used by GCE environment
kubelet will have a following flag:
--eviction-hard=memory.available<100Mi,nodefs.available<10%
In order to test eviction related functionality it will be convenient
to have reasonable eviction defaults.
At this moment exactly same flags are used by GCE environment
kubelet will have a following flag:
--eviction-hard=memory.available<100Mi,nodefs.available<10%
Change-Id: I56ca03bc3c5467c8450150e292f7a346fa7772a9
Automatic merge from submit-queue
fix log message to include ds name
The pod name is never set because newPod is created a couple lines up without a name. Instead log the name and namespace of the ds which the pod is created from.
also bump the log level because reasons loop get's hit fairly often and does not indicate a bug.
Automatic merge from submit-queue
Sleep between NodeStatus update retries
Just a thing I found when looking into other problems.
This is pretty much no-risk change fixing wrong behavior. Do you think it should go in 1.4? @pwittrock
Automatic merge from submit-queue
generated DeepCopy without a function on a struct pointer is wrong
in and out are both pointers to pointers, so *in has to be cast to
*Type, not Type.
@sttts hit this while debugging something else (most everything should be generated, but in this case the type is wrong)
Automatic merge from submit-queue
Fix errors.NewAggregate nil pointer panic
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
Consider the following code block,
```
err := myfunc()
agg := errors.NewAggregate([]error{err})
fmt.Println("aggregate error is %v", agg)
```
If the `err` is **nil**, then it will cause a panic:
```
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x20 pc=0x481a61]
goroutine 6 [running]:
panic(0x5769c0, 0xc082002090)
C:/Go/src/runtime/panic.go:464 +0x3f4
testing.tRunner.func1(0xc082074090)
C:/Go/src/testing/testing.go:467 +0x199
panic(0x5769c0, 0xc082002090)
C:/Go/src/runtime/panic.go:426 +0x4f7
k8s.io/kubernetes/pkg/util/errors.aggregate.Error(0xc082002590, 0x1, 0x1, 0x0, 0x0)
D:/goproject/community/src/k8s.io/kubernetes/pkg/util/errors/errors.go:71 +0x91
k8s.io/kubernetes/pkg/util/errors.(*aggregate).Error(0xc08200c7e0, 0x0, 0x0)
<autogenerated>:1 +0xb4
k8s.io/kubernetes/pkg/util/errors.TestAggregateWithNil(0xc082074090)
D:/goproject/community/src/k8s.io/kubernetes/pkg/util/errors/errors_test.go:70 +0x402
testing.tRunner(0xc082074090, 0x67cdb8)
C:/Go/src/testing/testing.go:473 +0x9f
created by testing.RunTests
C:/Go/src/testing/testing.go:582 +0x899
exit status 2
```
The root cause is that [aggregate.Error()](https://github.com/kubernetes/kubernetes/blob/master/pkg/util/errors/errors.go#L47) doesn't check if error list contains nil.
We can blame the user didn't check if `err` is nil before passing it to
```
errors.NewAggregate([]error{err})
```
but I think we can check again inside in case of user forget to check outside.
Automatic merge from submit-queue
Node E2E: Fix wrong permission bit for log file.
When creating log for logs from journald, we use `0755` which is weird to me.
This PR changes it to `0666`.
Node controller's internalPodInformer will block main thread
if it is not started as a go routine. This patch fixed this
by runing internalPodInformer as a go routine.
Kubernetes Submit Queue