github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
51,698 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

51698 Commits (ec9275d6b6dd2f06630ddbe37dfacd0ae15e112e)

Author SHA1 Message Date
Kubernetes Submit Queue c9ab810803 Merge pull request #47620 from mengqiy/addOwner 
Automatic merge from submit-queue

add owners for shell2junit pkg

Per https://github.com/kubernetes/kubernetes/pull/47614#issuecomment-308888690
```release-note
NONE
```
 2017-07-19 12:15:45 -07:00
Kubernetes Submit Queue c96f77a9b1 Merge pull request #49211 from saad-ali/moreLoggingFor49185 
Automatic merge from submit-queue (batch tested with PRs 49143, 49211)

Add more logging to PD node delete test

**What this PR does / why we need it**: Adds more logging to `Pod Disks should be able to detach from a node which was deleted` test which started failing because `gcloud compute instances list` is failing with `exit status 1`.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: https://github.com/kubernetes/kubernetes/issues/49185

**Special notes for your reviewer**:

**Release note**: none
 2017-07-19 12:12:24 -07:00
Kubernetes Submit Queue dd12fcec54 Merge pull request #49143 from mengqiy/updateCliOwners 
Automatic merge from submit-queue (batch tested with PRs 49143, 49211)

update cli owner

Update my GH handle from @ymqytw to @mengqiy
And remove @pwittrock from reviewer list, but he is still in the approver list.

/assign @pwittrock 

```release-note
NONE
```
 2017-07-19 12:12:21 -07:00
Chao Xu c6f09f0c9c Restrict the visibility of two packages in pkg/client/ 
These two packages are deprecated. Please use the client-go copy of these two
packages.
 2017-07-19 11:23:04 -07:00
Kubernetes Submit Queue 8a98983adc Merge pull request #49180 from feiskyer/seccomp 
Automatic merge from submit-queue (batch tested with PRs 48981, 47316, 49180)

Add seccomp profile in sandbox security context

**What this PR does / why we need it**:

PR  #46332 adds seccomp profile to container security context, but not sandbox. This PR adds seccomp profile in sandbox security context. Without this, we couldn't honour "seccomp.security.alpha.kubernetes.io/pod" for sandbox.

**Which issue this PR fixes**

fixes #49179.

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

/cc @yujuhong
 2017-07-19 11:21:28 -07:00
Kubernetes Submit Queue c0287ce420 Merge pull request #47316 from k82cn/k8s_47315 
Automatic merge from submit-queue (batch tested with PRs 48981, 47316, 49180)

Added golint check for pkg/kubelet.

**What this PR does / why we need it**:
Added golint check for pkg/kubelet, and make golint happy.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47315 

**Release note**:
```release-note-none
```
 2017-07-19 11:21:25 -07:00
Kubernetes Submit Queue 9378daba9c Merge pull request #48981 from colemickens/acr 
Automatic merge from submit-queue (batch tested with PRs 48981, 47316, 49180)

azure: acr: support MSI with preview ACR with AAD auth

**What this PR does / why we need it**:

The recently added support for Managed Identity in Azure (#48854) was incompatible with automatic ACR docker credential integration (#48980).

This PR resolves that, by leveraging a feature available in Preview regions, on new managed clusters with support for AAD `access_token` authentication.

Notes:
* This includes code copied from [Azure/acr-docker-credential-helper](https://github.com/Azure/acr-docker-credential-helper). I copied the MIT license from that project and added a copyright line for Microsoft on it. (but one of the hack/verify-* scripts requires the Kubernetes copyright header. So there are two copyright headers in the file now...)
* Eventually this should vendor  [Azure/acr-docker-credential-helper](https://github.com/Azure/acr-docker-credential-helper) when it exposes the right functionality.
* This includes a small, non-function-impacting workaround for a temporary service-side bug.


**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48980

**Special notes for your reviewer**:
Please don't LGTM it without reviewing the `azure_acr_helper.go` file's license header...

**Release note**:
```release-note
azure: acr: support MSI with preview ACR with AAD auth
```
 2017-07-19 11:21:23 -07:00
Kubernetes Submit Queue b78fc209a4 Merge pull request #49045 from ericchiang/remove-anytoken-authenticator-option 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

*: remove --insecure-allow-any-token option

~Since the authenticator is still used in e2e tests, don't remove
the actual package. Maybe a follow up?~

edit: e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

closes #49031

cc @kubernetes/sig-auth-pr-reviews
 2017-07-19 10:27:29 -07:00
Kubernetes Submit Queue 7dc0322b0c Merge pull request #49182 from juju-solutions/feature/increase-cidr 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

Set default CIDR to /16 for Juju deployments

**What this PR does / why we need it**: Increase the number of IPs on a deployment

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/272

**Special notes for your reviewer**:

**Release note**:

```Set default CIDR to /16 for Juju deployments
```
 2017-07-19 10:27:27 -07:00
Kubernetes Submit Queue cb1f42ad18 Merge pull request #49137 from deads2k/proxier-01-really-nil 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

check for nil value in interface for proxier health

golang allows for a non-nil interface to have a nil value (not type).  This results in an NPE at runtime.

@sttts remember that bit about go?  Trivia becomes real :(
 2017-07-19 10:27:25 -07:00
Kubernetes Submit Queue 92d310eddc Merge pull request #49072 from xilabao/wait-rbac-in-local-cluster 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

use https to check healthz in hack/local-up-cluster.sh

**What this PR does / why we need it**:
```
# PSP_ADMISSION=true ALLOW_PRIVILEGED=true ALLOW_SECURITY_CONTEXT=true ALLOW_ANY_TOKEN=true ENABLE_RBAC=true RUNTIME_CONFIG="extensions/v1beta1=true,extensions/v1beta1/podsecuritypolicy=true" hack/local-up-cluster.sh
...
Waiting for apiserver to come up
+++ [0718 09:34:38] On try 5, apiserver: : 
Cluster "local-up-cluster" set.
use 'kubectl --kubeconfig=/var/run/kubernetes/admin-kube-aggregator.kubeconfig' to use the aggregated API server
Creating kube-system namespace
clusterrolebinding "system:kube-dns" created
serviceaccount "kube-dns" created
configmap "kube-dns" created
error: unable to recognize "kubedns-deployment.yaml": no matches for extensions/, Kind=Deployment
service "kube-dns" created
Kube-dns deployment and service successfully deployed.
kubelet ( 10952 ) is running.
Create podsecuritypolicy policies for RBAC.
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
Create default storage class for 
error: unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/cluster/addons/storage-class/local/default.yaml": no matches for storage.k8s.io/, Kind=StorageClass
Local Kubernetes cluster is running. Press Ctrl-C to shut it down.

Logs:
  /tmp/kube-apiserver.log
  /tmp/kube-controller-manager.log
  /tmp/kube-proxy.log
  /tmp/kube-scheduler.log
  /tmp/kubelet.log
...
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47739

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-19 10:27:23 -07:00
Mike Danese 3c39173ee4 fixit: break sig-cluster-lifecycle tests into subpackage 2017-07-19 10:14:51 -07:00
Kubernetes Submit Queue 6af05149aa Merge pull request #49058 from shyamjvs/logexporter-support 
Automatic merge from submit-queue

Pass logexporter config through e2e framework

Ref https://github.com/kubernetes/kubernetes/issues/48513

/cc @wojtek-t @fejta
 2017-07-19 09:57:47 -07:00
Mike Danese 89bf771e51 add some more deprecation warnings to cluster 2017-07-19 09:43:05 -07:00
André Cruz 89012ccb23 Fix test 2017-07-19 17:14:35 +01:00
Karol Wychowaniec 3a5f4c2a78 Bump rescheduler version to v0.3.1 2017-07-19 17:51:20 +02:00
Kubernetes Submit Queue 772c352992 Merge pull request #49197 from malc0lm/master 
Automatic merge from submit-queue

fix leader-elect-resource-lock's description

**What this PR does / why we need it**:
    The leader-elect-resource-lock description miss a space in pkg/client/leaderelectionconfig/config.go. It will effect other component's help document which use leader election.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
    I think it's is needless to open a issue.
**Special notes for your reviewer**:

**Release note**:

```release-note
```
 2017-07-19 08:44:08 -07:00
saadali 4804e320e4 Add more logging to PD node delete test 2017-07-19 08:32:46 -07:00
Kubernetes Submit Queue 575cbdf7d4 Merge pull request #45012 from xiangpengzhao/fix-delete-svc 
Automatic merge from submit-queue

Remove service on termination when exec 'kubectl run' command with flags "--rm" and "--expose"

**What this PR does / why we need it**:
As the title says and issue #40504 mentioned.
cc @tanapoln

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #40504 

**Special notes for your reviewer**:
Related to: #44915

**Release note**:

```release-note
NONE
```
 2017-07-19 07:59:34 -07:00
Mik Vyatskov ccdb97922d Fix too extensive logging in Stackdriver Logging e2e tests 2017-07-19 16:53:34 +02:00
Di Xu 769929ba49 remove redundant param in e2e_node/remote 2017-07-19 22:25:31 +08:00
Kubernetes Submit Queue 7eb53ce85c Merge pull request #48171 from sdkfzv/master 
Automatic merge from submit-queue

Improve the warning message if the rbd command is not found.

**What this PR does / why we need it**:
The previous warning msg is not correct if there is no rbd cmd.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #


**Special notes for your reviewer**:

**Release note**:

```release-note
```
 2017-07-19 07:14:19 -07:00
malcolm lee e02fec7b21 fix leader-elect-resource-lock's description 2017-07-19 22:14:11 +08:00
Jan Pazdziora 1ebd51aa70 If the init fails for whatever reason, plugin is nil and cannot be used. 
Addressing
=== RUN   TestCanSupport
E0719 13:48:19.829849    2289 driver-call.go:232] init command failed, status: Successx, reason:
--- FAIL: TestCanSupport (0.00s)
	flexvolume_test.go:180: Can't find the plugin by name
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x11fc5b5]
 2017-07-19 16:08:45 +02:00
Kubernetes Submit Queue 2e6e314ade Merge pull request #49091 from sttts/sttts-metrics-imports 
Automatic merge from submit-queue

k8s.io/metrics: restrict k8s.io/metrics imports
 2017-07-19 06:11:39 -07:00
Kubernetes Submit Queue c326cb1d94 Merge pull request #49079 from smarterclayton/restore_metrics 
Automatic merge from submit-queue

Restore cAdvisor prometheus metrics to the main port

But under a new path - `/metrics/cadvisor`. This ensures a secure port still exists for metrics while getting the benefit of separating out container metrics from the kubelet's metrics as recommended in the linked issue.

Fixes #48483

```release-note-action-required
Restored cAdvisor prometheus metrics to the main port -- a regression that existed in v1.7.0-v1.7.2
cAdvisor metrics can now be scraped from `/metrics/cadvisor` on the kubelet ports.
Note that you have to update your scraping jobs to get kubelet-only metrics from `/metrics` and `container_*` metrics from `/metrics/cadvisor`
```
 2017-07-19 05:16:56 -07:00
deads2k 6d21f37aee check for nil value in interface for proxier health 2017-07-19 08:13:52 -04:00
Bernhard M. Wiedemann cd0e7b9e17 Allow to override build date 
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
 2017-07-19 13:27:13 +02:00
Kubernetes Submit Queue c0be1671f2 Merge pull request #49095 from sttts/sttts-metrics-godeps 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

update-staging-godeps: do not exclude k8s.io/metrics

Counterpart to https://github.com/kubernetes/test-infra/pull/3560
 2017-07-19 03:21:27 -07:00
Kubernetes Submit Queue 36ade22a5a Merge pull request #49116 from sttts/sttts-authorative-api-v1-ref 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

Move pkg/api/v1/ref -> client-go/tools/reference

`pkg/api/v1/ref` is the only remaining package copied from pkg/api/v1 to client-go via staging/copy.sh.
 2017-07-19 03:21:25 -07:00
Kubernetes Submit Queue defbe45397 Merge pull request #49130 from deads2k/server-30-admission 
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)

expose RegisterAllAdmissionPlugins so that admission chains can be reused

Exposes the admission plugin registration functions so that sets of plugins can be re-used.

@sttts @p0lyn0mial
 2017-07-19 01:57:36 -07:00
Kubernetes Submit Queue 2faf7ff2bc Merge pull request #36238 from resouer/eclass-2-dev 
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)

Implement equivalence cache by caching and re-using predicate result

The last part of #30844, I opened a new PR instead of overwrite the old one because we changed some basic assumption by allowing invalidating equivalence cache item by individual predicate.

The idea of this PR is based on discussion in https://github.com/kubernetes/kubernetes/issues/32024

- [x]  Pods belong to same controllerRef considered to be equivalent
- [x] ` podFitsOnNode` will use cached predicate result if it's available
- [x] Equivalence cache will be updated when if a fresh new predicate is done
- [x] `factory.go` will invalid specific predicate cache(s) based on the object change
- [x] Since `schedule` and `bind` are async, we need to optimistically invalid affected cache(s) before `bind`
- [x] Fully unit test of affected files
- [x] e2e test to verify cache update/invalid workflow
- [x] performance test results

- [x] Some nits fixes related but expected to result in `needs-rebase` so they are split to: #36060 #35968 #37512

cc @wojtek-t @davidopp
 2017-07-19 01:57:32 -07:00
Kubernetes Submit Queue 495f5b261f Merge pull request #49139 from deads2k/cli-15-proxy-defaults 
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)

expose method to allow externally setting defaults on an external type

The options are an exposed type.  This allows you to set the defaults on them.

@derekwaynecarr who normally owns this bit?
 2017-07-19 01:57:30 -07:00
Kubernetes Submit Queue cf9f00bb95 Merge pull request #48200 from irfanurrehman/fed-sched-generic-args 
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)

[Federation] Make arguments to scheduling type adapter methods generic

This is in the process of trying to rebase https://github.com/kubernetes/kubernetes/pull/45993 on latest.
cc @marun @perotinus 
@kubernetes/sig-federation-misc 
Hoping I get some attention to this and later PRs soon.

Associated issue https://github.com/kubernetes/kubernetes/issues/49181

**Release note**:

```NONE
```
 2017-07-19 01:57:27 -07:00
Kubernetes Submit Queue 8293a7d5a2 Merge pull request #48043 from xiangpengzhao/validate-storage-backend 
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)

Validate --storage-backend type.

**What this PR does / why we need it**:
Validate --storage-backend type as early as possible.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47517
This PR is as per https://github.com/kubernetes/kubernetes/pull/47517/files#r121975646

**Special notes for your reviewer**:
/cc @justinsb 

**Release note**:

```release-note
NONE
```
 2017-07-19 01:57:24 -07:00
Cosmin Cojocar 95cf81f833 Remove clientset from azure file test build 2017-07-19 10:18:51 +02:00
Kubernetes Submit Queue d74ac3785e Merge pull request #48950 from alexandercampbell/kubectl-deduplicate-deployment-generators 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

kubectl: deduplicate deployment generators

**What this PR does / why we need it**: See the description on https://github.com/kubernetes/kubectl/issues/44

**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubectl/issues/44

**Special notes for your reviewer**: Yes, the lines added and removed are about the same. This is because I added 20+ lines of docstrings. Check the diff. You'll see I deleted a lot of duplicated logic :)

**Release note**:

```release-note
NONE
```
 2017-07-19 00:06:29 -07:00
Kubernetes Submit Queue c3f4e7e59a Merge pull request #49165 from mikedanese/cleanup2 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

gce: don't print every file in mounter to stdout

This is printing ~3000 lines.
 2017-07-19 00:06:27 -07:00
Kubernetes Submit Queue 5e50097c57 Merge pull request #49157 from mikedanese/cleanup1 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

gce: make some global variables local

/approve no-issue
 2017-07-19 00:06:25 -07:00
Kubernetes Submit Queue 164cae1151 Merge pull request #46755 from CaoShuFeng/cani-test-cmd 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

add cmd test for kubectl auth can-i

**Release note**:

```
NONE
```
 2017-07-19 00:06:23 -07:00
Kubernetes Submit Queue 1bb6b815e2 Merge pull request #49120 from jpeeler/podpreset-nonamespace 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

Modify podpreset lister to use correct namespace

Previously a pod with an empty namespace field submitted to a given namespace
was incorrectly matching preset labels in a different namespace.

Fixes https://github.com/kubernetes/kubernetes/issues/49141

Release note:
```release-note
Fix pod preset to ignore input pod namespace in favor of request namespace
```
 2017-07-19 00:06:20 -07:00
Cosmin Cojocar 7ae381207e Remove unused import after rebase 2017-07-19 08:59:32 +02:00
Cosmin Cojocar 6c3a853149 Add the fake cloud provider to azure file build 2017-07-19 08:56:12 +02:00
Cosmin Cojocar 5c4290d4f2 Add tests for other cloud providers 2017-07-19 08:56:12 +02:00
Cosmin Cojocar 4378c7ae8e Restrict the dir and file permissions of the mounted volume 2017-07-19 08:56:12 +02:00
Cosmin Cojocar 44210092c1 Fix comment to conform to golint 2017-07-19 08:56:12 +02:00
Cosmin Cojocar a3506c8e16 Fall back on Azure public cloud endpoint when no Azure cloud provider is found 2017-07-19 08:56:12 +02:00
Cosmin Cojocar 599ab98f86 Add the azure cloud provider dependency to azure file plugin 2017-07-19 08:56:12 +02:00
Cosmin Cojocar b79a7a12c8 Fix the Azure file to work within different cloud environments 2017-07-19 08:55:24 +02:00
Konstantinos Tsakalozos 280ea7f485 Set default CIDR to /16 2017-07-19 09:34:23 +03:00