Commit Graph

54737 Commits (f503755e5369ba191ee49e506636d09f51db2841)

Author SHA1 Message Date
Madhan Raj Mookkandy f503755e53 Add Windows Kernel Proxy support
Windows Kernel now exposes "Internal Load Balancing"
	using VFP (Virtual Filtering Platform) part of Virtual Switch. An inbuild
	windows service HNS (Host Networking Service) acts as interface to program
	the VFP. VFP is synonymous to iptables in functionality. HNS uses json based
	data as input.

	With the help of the interface available in github.com/Microsoft/hcsshim,
	these APIs are exposed to the world in github to program HNS and use
	the feature.

	*** More info about the changes in this PR ***
	(1) For every endpoint available in the system, an HNS Endpoint is added
	    (1.a) for local endpoints, a local HNS Endpoint would already exist, as part of
            container creation.
	    (1.b) For all remote endpoints, a remote HNS Endpoint is created via HNS

	(2) For every Service, a HNS ILB LoadBalancer is added referring the endpoints
	    created in (1)
		Sample Input to HNS:
		{
 	       "Policies":  [
        	                 {
                	             "ExternalPort":  80,
                        	     "InternalPort":  80,
	                             "Protocol":  6,
        	                     "Type":  "ELB",
                	             "VIPs":  [
                        	                  "11.0.98.129"
                                	      ]
	                         }
        	             ],
	        "References":  [
                           "/endpoints/ca8b877b-ab90-499a-bc0e-7d736c425632",
                           "/endpoints/ee0ef08b-8434-4f8b-b748-393884e77465"
        		]
    		}

	(2-a) This is done for Cluster IP, LoadBalancer Ingress IP, NodePort, External IP

	Following the regular service and endpoint updates,
	the HNS is notified of the updates and the system is kept in sync.
2017-09-14 15:50:47 -07:00
Kubernetes Submit Queue 5d995e3f7b Merge pull request #52372 from caesarxuchao/remove-config-copy
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)

Remove the conversion of client config

It was needed because the clientset code in client-go was a copy of the clientset code in Kubernetes.. client-go is authoritative now, so we can remove the nasty copy.
2017-09-14 15:27:17 -07:00
Kubernetes Submit Queue afdbfa251f Merge pull request #52358 from crassirostris/audit-policy-groups
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)

Add new api groups to the GCE advanced audit policy

Fixes https://github.com/kubernetes/kubernetes/issues/52265

It introduces the missing api groups, that were introduced in 1.8 release.

@piosz there's also the 'metrics' api group, should we audit it?
2017-09-14 15:27:05 -07:00
Kubernetes Submit Queue 8db782cc54 Merge pull request #52382 from spiffxp/test-apps-go-junit-repot
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)

Workaround go-junit-report bug for TestApps

**What this PR does / why we need it**: Fix output from pkg/kubectl/apps/TestApps unit test

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #51253

**Special notes for your reviewer**: Literally copy-pasta of the approach taken in #45320.  Maybe a sign that this should be extracted into something shared. I'm just trying to see if we can make https://k8s-testgrid.appspot.com/kubernetes-presubmits and https://k8s-testgrid.appspot.com/release-master-blocking a little more green for now.

```release-note
NONE
```
2017-09-14 15:27:02 -07:00
Kubernetes Submit Queue 5135b5acf8 Merge pull request #52439 from piosz/hea-1.5-beta
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)

Bumped Heapster to v1.5.0-beta.0
2017-09-14 15:27:00 -07:00
Kubernetes Submit Queue d9615b2fd1 Merge pull request #52376 from nicksardo/fix-cloudprovider-initialization
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)

Pass correct clientbuilder to cloudproviders

Fixes https://github.com/kubernetes/kubeadm/issues/425 by moving the Initialize call to after the start of the token controller and passing `clientBuilder` instead of `rootClientBuilder` to the cloudproviders.

/assign @bowei 

**Release note**:
```release-note
NONE
```

Should fix in 1.8 and cherrypick to 1.7
2017-09-14 15:26:57 -07:00
Kubernetes Submit Queue 3c8fb4b90f Merge pull request #52426 from shyamjvs/dont-crash-on-missing-data
Automatic merge from submit-queue

Don't crash density test on missing a single measurement

We failed our last run due to this (https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-scale-performance/33) and didn't have pod-startup latency recorded at all.
2017-09-14 05:09:46 -07:00
Wojciech Tyczynski e6209113e4 Update CHANGELOG.md for v1.7.6. 2017-09-14 12:34:41 +02:00
Anthony Yeh 1bdcfa59e8
Update CHANGELOG.md for v1.6.10. 2017-09-13 13:57:24 -07:00
Kubernetes Submit Queue 1a29ef1360 Merge pull request #52422 from mwielgus/ca-0.7.0-beta1
Automatic merge from submit-queue

Bump Cluster Autoscaler to 0.7.0-beta1

This is a part of the CA release process for 1.8.
2017-09-13 12:15:12 -07:00
Piotr Szczesniak ff7dd62205 Bumped Heapster to v1.5.0-beta.0 2017-09-13 21:12:52 +02:00
Kubernetes Submit Queue 6f242f6878 Merge pull request #52174 from xiangpengzhao/remove-1.2-release-notes
Automatic merge from submit-queue

Remove 1.2.* release notes in CHANGELOG.md

**What this PR does / why we need it**:
Remove 1.2.* release notes in CHANGELOG.md to make the file smaller so its content can be shown.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: https://github.com/kubernetes/kubernetes/issues/48985#issuecomment-328076817

**Special notes for your reviewer**:
This is just a quick fix before we have an ideal solution of #48985 
/cc @jdumars 
/priority important-soon
/sig release

**Release note**:

```release-note
NONE
```
2017-09-13 11:10:49 -07:00
Kubernetes Submit Queue 56e461fdcf Merge pull request #52431 from shyamjvs/bump-lb-controller-resource-check
Automatic merge from submit-queue

Make CPU constraint for l7-lb-controller in density test scale with #nodes

Just noticed that we changed the memory last time, but didn't change cpu. From the last run:

```
Sep 13 04:25:03.360: INFO: Unexpected error occurred: Container l7-lb-controller-v0.9.6-gce-scale-cluster-master/l7-lb-controller is using 0.642709233/0.15 CPU
```
2017-09-13 11:10:33 -07:00
Kubernetes Submit Queue 1c55faf0bb Merge pull request #51387 from alrs/fix-storageos-swallowed-err
Automatic merge from submit-queue

Fix swallowed errors in various volume packages

**What this PR does / why we need it**: Fixes swallowed errors in various volume packages.

**Release note**:
```release-note NONE
```
2017-09-13 11:10:24 -07:00
Nick Sardo e73dfce32f Move cloudprovider initialization to after token controller and use
clientBuilder
2017-09-13 10:57:35 -07:00
Kubernetes Submit Queue cd343fd806 Merge pull request #52342 from crassirostris/audit-policy-gcp-variable
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)

Make advanced audit policy on GCP configurable

Related to https://github.com/kubernetes/kubernetes/issues/52265

Make GCP audit policy configurable

/cc @tallclair
2017-09-13 09:30:19 -07:00
Kubernetes Submit Queue e1b446f873 Merge pull request #52362 from fabriziopandini/kubeadm436
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)

fix kubeadm token create error

**What this PR does / why we need it**:
fix kubeadm token create error

**Which issue this PR fixes** 
[#436](https://github.com/kubernetes/kubeadm/issues/436) 

**Special notes for your reviewer**:
CC @luxas
2017-09-13 09:30:15 -07:00
Kubernetes Submit Queue e36b4fdaa8 Merge pull request #52364 from fabriziopandini/kubeadm437
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)

fix Kubeadm phase addon error

What this PR does / why we need it:
fix Kubeadm phase addon error

Which issue this PR fixes
[#437](https://github.com/kubernetes/kubeadm/issues/437)

Special notes for your reviewer:
CC @luxas @andrewrynhard
2017-09-13 09:30:11 -07:00
Kubernetes Submit Queue 2ed6e53183 Merge pull request #52153 from lukemarsden/tweak-kubeadm-intro-text
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)

Improve kubeadm help text

* Replace 'misc' with more specific at-mentions bugs and feature-requests.
* Replace ReplicaSets with Deployments as example, because ReplicaSets are dated.
* Generalize join example.

Before:

```
    ┌──────────────────────────────────────────────────────────┐
    │ KUBEADM IS BETA, DO NOT USE IT FOR PRODUCTION CLUSTERS!  │
    │                                                          │
    │ But, please try it out! Give us feedback at:             │
    │ https://github.com/kubernetes/kubeadm/issues             │
    │ and at-mention @kubernetes/sig-cluster-lifecycle-misc    │
    └──────────────────────────────────────────────────────────┘

Example usage:

    Create a two-machine cluster with one master (which controls the cluster),
    and one node (where your workloads, like Pods and ReplicaSets run).

    ┌──────────────────────────────────────────────────────────┐
    │ On the first machine                                     │
    ├──────────────────────────────────────────────────────────┤
    │ master# kubeadm init                                     │
    └──────────────────────────────────────────────────────────┘

    ┌──────────────────────────────────────────────────────────┐
    │ On the second machine                                    │
    ├──────────────────────────────────────────────────────────┤
    │ node# kubeadm join --token=<token> <ip-of-master>:<port> │
    └──────────────────────────────────────────────────────────┘

    You can then repeat the second step on as many other machines as you like.
```

After (changes highlighted with `<--`):

```
    ┌──────────────────────────────────────────────────────────┐
    │ KUBEADM IS BETA, DO NOT USE IT FOR PRODUCTION CLUSTERS!  │
    │                                                          │
    │ But, please try it out! Give us feedback at:             │
    │ https://github.com/kubernetes/kubeadm/issues             │
    │ and at-mention @kubernetes/sig-cluster-lifecycle-bugs    │ <--
    │ or @kubernetes/sig-cluster-lifecycle-feature-requests    │ <--
    └──────────────────────────────────────────────────────────┘

Example usage:

    Create a two-machine cluster with one master (which controls the cluster),
    and one node (where your workloads, like Pods and Deployments run).  <--

    ┌──────────────────────────────────────────────────────────┐
    │ On the first machine                                     │
    ├──────────────────────────────────────────────────────────┤
    │ master# kubeadm init                                     │
    └──────────────────────────────────────────────────────────┘

    ┌──────────────────────────────────────────────────────────┐
    │ On the second machine                                    │
    ├──────────────────────────────────────────────────────────┤
    │ node# kubeadm join <arguments-returned-from-init>        │ <--
    └──────────────────────────────────────────────────────────┘

    You can then repeat the second step on as many other machines as you like.

```

cc @luxas
2017-09-13 09:30:06 -07:00
Kubernetes Submit Queue a91c8939b7 Merge pull request #51601 from caesarxuchao/minor-test-fix
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)

Minor fixes to validation test

Some test cases confuse the new object with the old object. This PR fixed that. Also added a test to verify that deletionTimestamp cannot be added (via the REST endpoints).
2017-09-13 09:30:01 -07:00
Shyam Jeedigunta fad26a71c8 Make CPU constraint for l7-lb-controller in density test scale with #nodes 2017-09-13 18:21:35 +02:00
Kubernetes Submit Queue 830ae51fc7 Merge pull request #52420 from shyamjvs/add-debug-statements
Automatic merge from submit-queue

Fix bug with gke in logdump
2017-09-13 08:11:52 -07:00
Aaron Crickenberger eb08dffcb6 Workaround go-junit-report bug for TestApps
Blatant copy-pasta of 83ff8f2
2017-09-13 07:28:36 -07:00
Shyam Jeedigunta 4f3e3c6278 Don't crash density test on missing a single measurement 2017-09-13 16:11:53 +02:00
Kubernetes Submit Queue 5af069b727 Merge pull request #52413 from aleksandra-malinowska/autoscaling-tests-extra-logs-2
Automatic merge from submit-queue

Add logging gcloud command error in e2e tests

This adds extra log line to help with debugging GKE tests.
2017-09-13 06:58:52 -07:00
Kubernetes Submit Queue 35b38a342b Merge pull request #52078 from sttts/sttts-codegen-owners
Automatic merge from submit-queue

code-generator: add myself to OWNERS
2017-09-13 06:58:39 -07:00
Mik Vyatskov ccf40abd50 Make advanced audit policy on GCP configurable 2017-09-13 14:36:26 +02:00
Marcin Wielgus 6ae3abd606 Bump Cluster Autoscaler to 0.7.0-beta1 2017-09-13 14:06:59 +02:00
Shyam Jeedigunta 6ae0eb8806 Fix bug with gke in logdump 2017-09-13 14:03:03 +02:00
Kubernetes Submit Queue 991afb2436 Merge pull request #52375 from jiayingz/deviceplugin-e2e
Automatic merge from submit-queue (batch tested with PRs 52316, 52289, 52375)

Extends GPUDevicePlugin e2e test to exercise device plugin restarts.

**What this PR does / why we need it**:
This is part of issue #52189 but does not fix it.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-09-13 04:04:55 -07:00
Kubernetes Submit Queue c9759ae318 Merge pull request #52289 from crassirostris/sd-logging-trim-long-lines
Automatic merge from submit-queue (batch tested with PRs 52316, 52289, 52375)

[fluentd-gcp addon] Trim too long log entries due to Stackdriver limitations

Stackdriver doesn't support log entries bigger than 100KB, so by default fluentd plugin just drops such entries. To avoid that and increase the visibility of this problem it's suggested to trim long lines instead.

/cc @igorpeshansky

```release-note
[fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them.
```
2017-09-13 04:04:52 -07:00
Kubernetes Submit Queue a789fc777f Merge pull request #52316 from jpbetz/salt-request-timeout-quickfix
Automatic merge from submit-queue (batch tested with PRs 52316, 52289, 52375)

Small fix in salt manifest for kube-apiserver for request-timeout flag

**What this PR does / why we need it**:

Fixes a minor bug in salt manifest (typo from #51480)

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes
**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

xref: #51355
2017-09-13 04:04:50 -07:00
Mik Vyatskov a9fb3c8efb Add new api groups to the GCE advanced audit policy 2017-09-13 12:07:48 +02:00
Aleksandra Malinowska c173296632 log gcloud command error 2017-09-13 11:56:55 +02:00
Mik Vyatskov d8525f8bd1 [fluentd-gcp addon] Trim too long log entries due to Stackdriver limitation 2017-09-13 10:27:17 +02:00
Kubernetes Submit Queue be78d113b1 Merge pull request #52201 from timothysc/ephemeral_gate
Automatic merge from submit-queue

Version gates the ephemeral storage e2e test

Version gates the ephemeral storage e2e test.

**Release note**:
```
NONE
```

@kubernetes/sig-testing-pr-reviews
2017-09-12 23:24:42 -07:00
Kubernetes Submit Queue dc02dfe560 Merge pull request #52301 from tallclair/psp-seccomp
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)

'*' is valid for allowed seccomp profiles

**What this PR does / why we need it**:
This should be valid on a PodSecurityPolicy, but is currently rejected:
```
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
```

**Which issue this PR fixes**: fixes #52300

```release-note
NONE
```
2017-09-12 21:46:02 -07:00
Kubernetes Submit Queue 83c2f358c9 Merge pull request #52360 from shyamjvs/add-debug-statements
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)

Make log-dump use 'gcloud ssh' for GKE also

Fixes https://github.com/kubernetes/test-infra/issues/4323

I tested it locally (with some hacking for mimicking gke's DumpClusterLogs function in kubetest) and it worked.

cc @ericchiang
2017-09-12 21:45:59 -07:00
Kubernetes Submit Queue c6a9b1e198 Merge pull request #52125 from yujuhong/fix-file-sync
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)

dockershim: check if f.Sync() returns an error and surface it

```release-note
dockershim: check the error when syncing the checkpoint.
```
2017-09-12 21:45:56 -07:00
Kubernetes Submit Queue e81aeb59aa Merge pull request #52343 from crassirostris/audit-policy-switch-to-beta
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)

Switch default audit policy to beta and omit RequestReceived stage

Related to https://github.com/kubernetes/kubernetes/issues/52265

```release-note
By default, clusters on GCE no longer sends RequestReceived audit event, if advanced audit is configured.
```
2017-09-12 21:45:54 -07:00
Kubernetes Submit Queue 5bc9d7b412 Merge pull request #52339 from liggitt/alpha-test
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)

Prevent enabling alpha APIs by default

related to #47691
This is a follow up to #51839 to add a check that we do not enable alpha APIs by default
2017-09-12 21:45:52 -07:00
Kubernetes Submit Queue 9636522137 Merge pull request #52352 from enisoc/sts-deflake
Automatic merge from submit-queue (batch tested with PRs 48226, 52046, 52231, 52344, 52352)

StatefulSet: Deflake e2e RunHostCmd more.

It turns out that at some points while the Node is recovering from a reboot, we get a different kind of error ("unable to upgrade connection"). Since we can't distinguish these transient errors from an error encountered after successfully executing the remote command, let's just retry all errors for 5min. If this doesn't work, I'm gonna blame it on sig-node.

ref #48031
2017-09-12 19:40:06 -07:00
Kubernetes Submit Queue b04f81d342 Merge pull request #52344 from smarterclayton/no_log_pull
Automatic merge from submit-queue (batch tested with PRs 48226, 52046, 52231, 52344, 52352)

Log at higher verbosity levels some common SyncPod errors

This log message was 90% of all glog.Errorf level statements reported on a production cluster, hiding other more impactful errors. We already log it in start container, but for extra caution we continue to log it at v(3) here (the downside of not logging a start container error is worse than some log spam at higher levels).

HandleError() is intended only for unknown and unexpected errors.

```release-note
NONE
```

@derekwaynecarr @sjenning
2017-09-12 19:40:03 -07:00
Kubernetes Submit Queue 434fffb6e0 Merge pull request #52231 from mkumatag/guestbook_multiarch
Automatic merge from submit-queue (batch tested with PRs 48226, 52046, 52231, 52344, 52352)

Port Guestbook tests to mutiarch

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #52232 

**Special notes for your reviewer**:

**Release note**:

```NONE
NONE
```
2017-09-12 19:39:59 -07:00
Kubernetes Submit Queue 32f1521cc2 Merge pull request #52046 from dashpole/soft_eviction
Automatic merge from submit-queue (batch tested with PRs 48226, 52046, 52231, 52344, 52352)

[BugFix] Soft Eviction timer works correctly

fixes #51516

thresholdsMet should not exclude previously met thresholds when we do not have new stats for a threshold.

/assign @vishh @derekwaynecarr 
cc @kubernetes/sig-node-bugs
2017-09-12 19:39:55 -07:00
Kubernetes Submit Queue 83b4c0ac84 Merge pull request #48226 from wongma7/pd-predicate-log
Automatic merge from submit-queue (batch tested with PRs 48226, 52046, 52231, 52344, 52352)

Log get PVC/PV errors in MaxPD predicate only at high verbosity

The error is effectively ignored since even if a PVC/PV doesn't exist it gets counted, and it's rarely actionable either so let's reduce the verbosity.

Basically a user somewhere on the cluster will have to have done something "wrong" for this error to occur, e.g. if *,while the pod is running, pod's PVC is deleted or pods' PVC's PV is deleted. And from that point forward the logs will be spammed every time the predicate is evaluated on a node where that "wrong" pod exists

**Release note**:

```release-note
NONE
```
2017-09-12 19:39:52 -07:00
Kubernetes Submit Queue 58b126d98b Merge pull request #52248 from zjj2wry/set-env-list
Automatic merge from submit-queue

fix kubectl set env --list description

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
none
```
2017-09-12 17:43:28 -07:00
Kubernetes Submit Queue 39659ac1dd Merge pull request #51252 from andyzhangx/azuredisk-windows
Automatic merge from submit-queue

Azuredisk mount on windows node

**What this PR does / why we need it**:
This PR will enable azure disk on windows node, customer could create a pod mounted with azure disk on windows node. 
There are a few pending items still left:
1) Current fstype would be forced as NTFS, will change if there is such requirement
2) GetDeviceNameFromMount function is not implemented(empty) because in Linux, we could use "cat /proc/mounts" to read all mounting points in OS easily, but in Windows, there is no such place, I am still figuring out. The empty function would cause a few warning logging, but it will not affect the main logic now.

**Special notes for your reviewer**:
1. This PR depends on https://github.com/kubernetes/kubernetes/pull/51240, which allow windows mount path in config validation
2. There is a bug in docker on windows(https://github.com/moby/moby/issues/34729), the ContainerPath could only be a drive letter now(e.g. D:), dir path would fail in the end.

The example pod with mount path is like below:

```
kind: Pod
apiVersion: v1
metadata:
  name: pod-uses-shared-hdd-5g
  labels:
    name: storage
spec:
  containers:
  - image: microsoft/iis
    name: az-c-01
    volumeMounts:
    - name: blobdisk01
      mountPath: 'F:'
  nodeSelector:
    beta.kubernetes.io/os: windows
  volumes:
  - name: blobdisk01
    persistentVolumeClaim:
      claimName: pv-dd-shared-hdd-5
```

**Release note**:

```release-note
2017-09-12 17:43:13 -07:00
Jiaying Zhang 06b31849e1 Extends GPUDevicePlugin e2e test to exercise device plugin restarts. 2017-09-12 16:58:19 -07:00
Chao Xu 6c5a8d5db9 Remove the conversion of client config, because client-go is authoratative now 2017-09-12 16:02:17 -07:00