Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
make deployment unit tests need to respect subresources
Fixes#42569
I check all the unit test code related to `Matches` method, seems there's only one line we could change to not break previous testing logic
@kargakis ptal, thanks
/assign @kargakis
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
Fix: check "ok" first to avoid panic
Check "ok" and then check if "currState.pod.Spec.NodeName != pod.Spec.NodeName", here if currState is nil, it will panic.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43900, 44152, 44324)
fix return value of "kubectl auth cani --quiet"
Before this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
0
After this change:
$ kubectl auth can-i get pod
no
$ kubectl auth can-i get pod --quiet
$ echo $?
1
@deads2k
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 43844, 44284)
Add a retry to cluster-autoscaler e2e
This should fix https://github.com/kubernetes/kubernetes/issues/44268.
The flake was caused by following sequence of events:
1. Cluster was at minimum size (3), some node was unneeded for a while.
2. Setup for some test (scale-down, failure) would increase node group size (to 5) and wait for new nodes to come up.
3. As soon as new node come up (cluster size 4) CA would scale-down the old unneeded node (setting node group size to 4).
4. Node group would not reach size 5 (as the target was now 4) and the test would timeout and fail.
This PR makes the setup monitor re-set the target node group size if the above scenario happens.
Automatic merge from submit-queue
add Stringer interface for eventType
**What this PR does / why we need it**:
fix invalid log outputs like
"graph_builder.go:429] GraphBuilder process object: v1/Endpoints, namespace kube-system, name kube-controller-manager, event type %!s(garbagecollector.eventType=1)"
Automatic merge from submit-queue (batch tested with PRs 43887, 41914, 44170)
Make NetworkPolicy docs reflect reality
spinoff of #39164; this just updates the docs to reflect the way the v1beta1 API has actually been implemented
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
proxy/iptables: precompute svcPortName strings
With many services, the calls to svcPortName.String() show up as a
somewhat significant CPU user under syncProxyRules().
For whatever reason github repeatedly fails to upload the pprof with Firefox, so here's an example:
http://people.redhat.com/dcbw/kube-proxy-svcPortName-String.pdf
Automatic merge from submit-queue
[Federation][kubefed] Annotate all Federation API objects with the federation name and (if applicable) the cluster name.
Address part of #42324.
```release-note
Adds annotations to all Federation objects created by kubefed.
```
Automatic merge from submit-queue (batch tested with PRs 44286, 44209)
[Federation][Kubefed] Bug fix to enable disabling federation controllers through override args
Targets https://github.com/kubernetes/kubernetes/issues/42761
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/42761
**Special notes for your reviewer**:
@marun @perotinus @nikhiljindal
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44286, 44209)
Refactor leader election package test code to remove redundant code
**What this PR does / why we need it**:
leader election object supports locking on 2 objects currently endpoints and configmap. The test code for both is almost identical. This pr attempts to remove redundancy in test code for easier maintenance and extension.
**Special notes for your reviewer**:
I am trying to add leader election feature to federation controller manager and this pr is one of sub-task of the overall work documented in #44283
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
Remove ObjectMetaFor
Builds on https://github.com/kubernetes/kubernetes/pull/43767
The second commit removes `ObjectMetaFor`. This was debt we left around after we created the interfaces. Fixing this makes it possible to start running `Unstructured` through generic storage.
@kubernetes/sig-api-machinery-pr-reviews @smarterclayton @lavalamp
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
[Federation] Remove deprecated federation-apiserver-kubeconfig secret
federation-apiserver-kubeconfig was deprecated and was supposed to be removed in 1.6.
Removing all references to it as we no longer use it.
**Release note**:
```
[Federation] Deprecated `federation-apiserver-kubeconfig` is not supported anymore. Should use `--kubeconfig` flag to specify Federation API server kubeconfig.
```
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43273, 44287, 44281)
bump(github.com/onsi/ginkgo):v1.2.0-94-g5ca1211
Picks up parallel execution improvements in Ginkgo that distribute jobs more evenly with parallel runs. Opened after observing long tail runs in OpenShift - testing there showed a much more compact run in terms of CPU https://github.com/onsi/ginkgo/issues/333
We'll need some soak time to be sure this has no issues.
Automatic merge from submit-queue (batch tested with PRs 43866, 42748)
hack/cluster: download cfssl if not present
hack/local-up-cluster.sh uses cfssl to generate certificates and
will exit it cfssl is not already installed. But other cluster-up
mechanisms (GCE) that generate certs just download cfssl if not
present. Make local-up-cluster.sh do that too so users don't have
to bother installing it from somewhere.
Automatic merge from submit-queue
Update owners to include kerneltime
**What this PR does / why we need it**: Update owners to include kerneltime to help with PRs
Automatic merge from submit-queue (batch tested with PRs 43870, 30302, 42722, 43736)
federation: avoid double core group registration
The federation apiserver installed its custom core group into the global `pkg/api` registry, leading to double registration. Luckily (or maybe unfortunately) we did not fail hard in this case, but the init funcs just ignored the error.
This PR creates an extra apigroup registry based on the already existing federation `core.Scheme`. This decouples the two core groups (which happen to co-exist in hyperkube).
Automatic merge from submit-queue (batch tested with PRs 43870, 30302, 42722, 43736)
Admission plugin to merge pod and namespace tolerations for restricting pod placement on nodes
```release-note
This admission plugin checks for tolerations on the pod being admitted and its namespace, and verifies if there is any conflict. If there is no conflict, then it merges the pod's namespace tolerations with the the pod's tolerations and it verifies them against its namespace' whitelist of tolerations and returns. If a namespace does not have its default or whitelist tolerations specified, then cluster level default and whitelist is used. An example of its versioned config:
apiVersion: apiserver.k8s.io/v1alpha1
kind: AdmissionConfiguration
plugins:
- name: "PodTolerationRestriction"
configuration:
apiVersion: podtolerationrestriction.admission.k8s.io/v1alpha1
kind: Configuration
default:
- Key: key1
Value: value1
- Key: key2
Value: value2
whitelist:
- Key: key1
Value: value1
- Key: key2
Value: value2
```
Automatic merge from submit-queue
Update link in README after docs migration
Fixing what-is-k8s link in README. This removes an extra hop caused by docs migration.
Automatic merge from submit-queue
remove go-restful from namer for rest handling
Our RESTHandler code is currently tightly coupled to go-restful, but there's no reason for this coupling. It makes integrations that want API handling (decode, sanity check, admission, verb handling), but don't need the REST installer flow impractical. I know of two layers now: metrics and TPR.
This starts the process of unwinding by switching the `ScopeNamer` (used for request identification and selflinks) to use the standard http library along with the `RequestInfo` we place in the context for authorization and any other interested layer.
@kubernetes/sig-api-machinery-misc @smarterclayton @ncdc @sttts
Automatic merge from submit-queue (batch tested with PRs 41758, 44137)
Removed hostname/subdomain annotation.
fixes#44135
```release-note
Remove `pod.beta.kubernetes.io/hostname` and `pod.beta.kubernetes.io/subdomain` annotations.
Users should use `pod.spec.hostname` and `pod.spec.subdomain` instead.
```
Marcin Wielgus