Automatic merge from submit-queue
Update https-nginx example
Update how to edit the configmap. Since we are not going to support `kubeectl replace configmap cmName --from-file=filename` in `v1.5`.
And update the `inotifywait` command.
Fixes: #36489
Automatic merge from submit-queue
Rename PetSet to StatefulSet in docs and examples.
**What this PR does / why we need it**: Addresses some of the pre-code-freeze changes for implementing the PetSet --> StatefulSet rename. (#35534)
**Special notes for your reviewer**: This PR only changes docs and examples, as #35731 hasn't been merged yet and I don't want to create merge conflicts. I'll open another PR for any remaining code changes needed after that PR is merged. /cc @erictune @janetkuo @chrislovecnm
Automatic merge from submit-queue
Update Secret.type examples used for provisioning.
Kubernetes now checks that secrets used for provisioning of volumes
have correct type (PR #35675), all examples should reflect it.
Automatic merge from submit-queue
Move Statefulset (previously PetSet) to v1beta1
**What this PR does / why we need it**: #28718
**Which issue this PR fixes** _(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)_: fixes #
**Special notes for your reviewer**: depends on #35663 (PetSet rename)
cc @erictune @foxish @kubernetes/sig-apps
**Release note**:
``` release-note
v1beta1/StatefulSet replaces v1alpha1/PetSet.
```
* Use an init container to eliminate potential edge case where losing
the first pet's could cause it to start a second logical cluster
* Exec the cockroach binary so that it runs as PID 1 in the container
* Make some small improvements to the README
Automatic merge from submit-queue
Clean up typos in links in README
**What this PR does / why we need it**:
Clean up the link in README for mysql-wordpress-pd and nfs
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
@elsonrodriguez, @hunter, and @leseb have gotten Ceph to run almost entirely within Kubernetes. Also, the official Ceph Docker image is more likely to be kept updated.
Automatic merge from submit-queue
Corrected title of example "Java Web Application with Tomcat and Side…
**What this PR does / why we need it**: Corrects spelling error in title of example "Java Web Application with Tomcat and Sidercar Container".
**Which issue this PR fixes**: NONE
**Special notes for your reviewer**: NONE
**Release note**: NONE
Automatic merge from submit-queue
Update `gcloud docker` commands to use `gcloud docker -- ARGS`
We can then avoid the following warning:
```
WARNING: The '--' argument must be specified between gcloud specific args on the left and DOCKER_ARGS on the right. IMPORTANT: previously, commands allowed the omission of the --, and unparsed arguments were treated as implementation args. This usage is being deprecated and will be removed in March 2017.
This will be strictly enforced in March 2017. Use 'gcloud beta docker' to see new behavior.
```
Automatic merge from submit-queue
Updating Spark Example.
Few usability improvements:
- Added a proxy to enable viewing worker logs
- Removed seperate webui service
- Modified Zeppelin and spark-ui services to be Loadbalancers
- Changed pyspark example to be platform agnostic
- Minor grammar/flow fixes
We can then avoid the following warning:
```
WARNING: The '--' argument must be specified between gcloud specific args on the left and DOCKER_ARGS on the right. IMPORTANT: previously, commands allowed the omission of the --, and unparsed arguments were treated as implementation args. This usage is being deprecated and will be removed in March 2017.
This will be strictly enforced in March 2017. Use 'gcloud beta docker' to see new behavior.
```
Signed-off-by: Jess Frazelle <acidburn@google.com>
Few usability improvements:
- Added a proxy to enable viewing worker logs
- Removed seperate webui service
- Modified Zeppelin and spark-ui services to be Loadbalancers
- Changed pyspark example to be platform agnostic
- Improved kubectl context setup
- Minor grammar/flow fixes
Automatic merge from submit-queue
Don't tolerate unready endpoints in cockroachdb example
That annotation was only included in the initial config due to cargo-culting, and
has the potential to break node startup if it resolves its own address
to gossip to.
@bprashanth @tschottdorf
Automatic merge from submit-queue
Document selinux considerations in wordpress-mysql example
Fixes#31269.
Even though host path is unsuitable for production environments, it is an option in the wordpress-mysql example. When I followed this example on a RHEL 7.2 system I had issues with selinux.
That was only included in the initial config due to cargo-culting, and
has the potential to break node startup if it resolves its own address
to gossip to.
Contination of #1111
I tried to keep this PR down to just a simple search-n-replace to keep
things simple. I may have gone too far in some spots but its easy to
roll those back if needed.
I avoided renaming `contrib/mesos/pkg/minion` because there's already
a `contrib/mesos/pkg/node` dir and fixing that will require a bit of work
due to a circular import chain that pops up. So I'm saving that for a
follow-on PR.
I rolled back some of this from a previous commit because it just got
to big/messy. Will follow up with additional PRs
Signed-off-by: Doug Davis <dug@us.ibm.com>
Automatic merge from submit-queue
Use secrets for glusterfs provisioning passwords
- no plain password in StorageClass!
- fix the style along the way
- use PV annotations to pass the configuration from provisioners to deleters, inspired by Ceph RBD provisioning.
~~Proposing 1.4:~~
~~- GlusterFS provisioning is a new 1.4 feature~~
~~- if we release GlusterFS provisioner as it is now, we need to support it's API (i.e. plaintext passwords) until 2.0~~
~~- it can break only GlusterFS provisioning, nothing else~~
~~- it's easy to revert~~
@kubernetes/sig-storage
fixes#31871
Automatic merge from submit-queue
remove storage related fields from genericapiserver
Removes `StorageFactory` and `StorageDecorator` from from `genericapiserver` since both constructs are related to building a `RESTStorage`, which should be provided fully formed (or via factory func) to a truly generic API server.
I found this while trying to move the creation API routes earlier.
Automatic merge from submit-queue
Minor refactor of Ceph RBD provisioning docs.
Improves clarity of Ceph RBD provisioner documentation, expanded on how to translate Ceph settings into secrets.
Automatic merge from submit-queue
move registry packages for all API groups
This continues the pattern of `registry/<group>/resource` for our backing storage. This entire pull is nothing but moves. I'll reswizzle the actual storage next, but these are cargo-culted everywhere, so I want to lay this down early.
@sttts @ncdc
* Allow options.InsecurePort to be set to 0 to switch off insecure access
* In NewSelfClient, Set the TLSClientConfig to the cert and key files
if InsecurePort is switched off
* Mint a bearer token that allows the client(s) created in NewSelfClient
to talk to the api server
* Add a new authenticator that checks for this specific bearer token
Fixes#13598
Automatic merge from submit-queue
Support Quobyte as StorageClass
This PR allows Users to use Quobyte as StorageClass for dynamic volume provisioning and implements the Provisioner/Deleter Interface.
@quolix @kubernetes/sig-storage @rootfs
Automatic merge from submit-queue
Support for storage class for vSphere volume plugin. Custom disk format for dynamic provisioning.
This PR does following,
1. Add support for storage class for vSphere volume plugin.
2. Add option for user to provision disk with different disk formats. Format choices are
"thin" (default), "zeroedthick", "eagerzeroedthick".
Sample storageclass (yaml):
```
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: kubernetes.io/vsphere-volume
parameters:
diskformat: thin
```
Automatic merge from submit-queue
Pet Set Example for Cassandra
- updating cassandra to 3.7
- added pet set example
- adding pet set for Cassandra e2e tests
- changed service as we do not want a lb service, as we are running C*
- updated docs
cc @bgrant0607
cc @kubernetes/examples
We can probably close a couple of other open PR, since I did some other stuff.
Automatic merge from submit-queue
support storage class in Ceph RBD volume
replace WIP PR #30959, using PV annotation idea from @jsafrane
@kubernetes/sig-storage @johscheuer @elsonrodriguez
Automatic merge from submit-queue
Productionize the cockroachdb example a little more
Includes:
* A service for clients to use
* Readiness/liveness probes
* An extended graceful termination period
* Automatic prometheus monitoring (when prometheus is configured to watch for annotations on services, as in [CoreOS's recent blog post](https://coreos.com/blog/prometheus-and-kubernetes-up-and-running.html), for example)
I'm leaving the management of certs to future work, but if anyone that sees this needs help with them in the meantime, don't hesitate to reach out.
Successor to #28446
@bprashanth - if you're still interested in / open to an e2e test (as mentioned in https://github.com/cockroachdb/cockroach/issues/5967#issuecomment-230188807), let me know and I'll put one together. If so, I assume you'd want it as part of the `petset` test group rather than the `examples` tests?
cc @tschottdorf
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
add logging for enabled/disabled API Groups
Adds logging to the apiserver to indicate which API groups are enabled and disabled as go through. This will make it easier to identify what's gone wrong in cases where the API server is down during diagnoses and the config is inaccessible, like in GKE tests. For example https://github.com/kubernetes/kubernetes/issues/32185#issuecomment-245255700 .
@wojtek-t This may have made the problem more obvious.
- updating java to 3.7
- added pet set example
- adding pet set for Cassandra e2e tests
- changed service as we do not want a lb service, as we are running C*
- updated docs
fixing headers and adding exception for run.sh
adding documentation, thank god for reflog
Did not mean to commit that as the README ... fixing
fixing problems in README
fixing more problems in README
more README tweaks
munge updates
updating examples_test for PetSet in Cassandra examples
updating petset to no use better security context
Automatic merge from submit-queue
fixes invalid null selector issue in sysdig example yaml
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
Using the file DaemonSet yaml found in the example repo you get the following error upon import:
```
$ kubectl create -f sysdig.yml
The DaemonSet "sysdig-agent" is invalid.
spec.template.metadata.labels: Invalid value: null: `selector` does not match template `labels`
```
This PR fixes this issue.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
* Corrected name label metadata for Sysdig example.
Automatic merge from submit-queue
Delete the broken Celery+RabbitMQ example
The celery container used in the example is broken and does not come up
on most distros. The e2e test that was validating this example was not
detecting the fact the celery pod was crash looping.
I attempted to fix the celery container, but it proved to be tedious.
The proposed fix is to update the glibc version to >= 2.23. In this case
it requires updating the python docker image and the celery base image.
https://github.com/kubernetes/kubernetes/issues/31456
has more details.
I'm deleting the example instead of marking it as broken because a user
might overlook the broken warning and it should be trivial to revert
this PR if someone can fix the celery container.
Most of the contents of docs/ has moved to kubernetes.github.io.
Development of the docs and accompanying files has continued there, making
the copies in this repo stale. I've removed everything but the .md files
which remain to redirect old links. The .yaml config files in the docs
were used by some tests, these have been moved to test/fixtures/doc-yaml,
and can remain there to be used by tests or other purposes.
Before this change this example would result in:
$ kubectl create -f sysdig.yml
The DaemonSet "sysdig-agent" is invalid.
spec.template.metadata.labels: Invalid value: null: `selector` does not match template `labels`
Includes:
* A service for clients to use
* Readiness/liveness probes
* An extended graceful termination period
* Easy clean-up of all created resources
Automatic merge from submit-queue
Add encryption to EBS dynamic provisioner
Resolves https://github.com/kubernetes/kubernetes/issues/30792
Adds encryption to the EBS cloud provider and provisioner.
Follow up to #29006 (all commits but the one in this PR will drop out).
@kubernetes/sig-storage
```release-note
```
Automatic merge from submit-queue
change all PredicateFunc to use SelectionPredicate
What?
- This PR changes all PredicateFunc in registry to return SelectionPredicate instead of Matcher interface.
Why?
- We want to pass SelectionPredicate to storage layer. Matcher interface did not expose enough information for indexing.
Automatic merge from submit-queue
Add a CockroachDB PetSet example
The example starts a simple five-node cluster with otherwise
default settings (in particular, 3x replication).
cc @bprashanth
Automatic merge from submit-queue
Quobyte Volume plugin
@quofelix and myself developed a volume plugin for [Quobyte](http://www.quobyte.com) which is a software-defined storage solution. This PR allows Kubernetes users to mount a Quobyte Volume inside their containers over Kubernetes.
Here are some further informations about [Quobyte and Storage for containers](http://www.quobyte.com/containers)
Automatic merge from submit-queue
Fix resource requests in cassandra-daemonset.yaml
The current file fails validation because the resource request syntax is incorrect.
1. Use --client since -c is deprecated now
2. The command (./kubectl version --client | grep -o 'GitVersion:"[^"]*"')
now returns:
GitVersion:"v1.4.0-alpha.1.784+ed3a29bd6aeb98-dirty"
so parse out the version better using sed
Related to #23708
The README for persistent volume provisioning had information about the
hostpath provisioner for testing purposes, but lacked instructions on
how to enable it.
Automatic merge from submit-queue
Remove id field from rbd examples
Currently the RBD examples fail with the following error:
```
kubectl create -f examples/volumes/rbd/rbd-with-secret.json
error validating "examples/volumes/rbd/rbd-with-secret.json": error validating data: found invalid field id for v1.Pod; if you choose to ignore these errors, turn validation off with --validate=false
```
fixes#28831
HostPath volumes are not automatically provisioned unless we pass in `--enable-hostpath-provisioner` to the controller manager. This was not mentioned in the docs previously.
Automatic merge from submit-queue
Implement first version of indexing in cacher
This PR adds a first version of indexing in cacher.
It has a really significant impact on performance - __in empty 2000-node cluster, apiserver cpu usage drops by ~75%.__
Not for 1.3, but we need this soon after 1.3 is done.
@lavalamp @mqliang @davidopp @gmarek @kubernetes/sig-scalability
This allows us to start building real dependencies into Makefile.
Leave old hack/* scripts in place but advise to use 'make'. There are a few
rules that call things like 'go run' or 'build/*' that I left as-is for now.
id isn't a valid field in a Pod object so kubectl fails with:
error validating "glusterfs-pod.json": error validating data: found invalid field id for v1.Pod; if you choose to ignore these errors, turn validation off with --validate=false
Search and replace for references to moved examples
Reverted find and replace paths on auto gen docs
Reverting changes to changelog
Fix bugs in test-cmd.sh
Fixed path in examples README
ran update-all successfully
Updated verify-flags exceptions to include renamed files
Automatic merge from submit-queue
Fixed an error in lvm bash script
The space in this script is an obvious typo and caused an error
(trying to call volume_id as command).
Unified skydns templates using a simple underscore based template and
added transform sed scripts to transform into salt and sed yaml
templates
Moved all content out of cluster/addons/dns into build/kube-dns and
saltbase/salt/kube-dns
Automatic merge from submit-queue
fixing docker file, and bumping cassandra version
- had issue with current v9 build. `cassandra.yaml` was not editable by the cassandra user, chown and chmod is now correct
- rebuild jar against 3.5 cassandra version and bumped C* version
Automatic merge from submit-queue
Use pause image depending on the server's platform when testing
Removed all pause image constant strings, now the pause image is chosen by arch. Part of the effort of making e2e arch-agnostic.
The pause image name and version is also now only in two places, and it's documented to bump both
Also removed "amd64" constants in the code. Such constants should be replaced by `runtime.GOARCH` or by looking up the server platform
Fixes: #22876 and #15140
Makes it easier for: #25730
Related: #17981
This is for `v1.3`
@ixdy @thockin @vishh @kubernetes/sig-testing @andyzheng0831 @pensu
Automatic merge from submit-queue
Cassandra examples updating images to v9
- this is a version bump for the C* image
- I also increased the cpu to .5 because .1 is slow like warm death
Who can actually run the build to get the container to the examples repo?
Automatic merge from submit-queue
kube-apiserver options should be decoupled from impls
A few months ago we refactored options to keep it independent of the
implementations, so that it could be used in CLI tools to validate
config or to generate config, without pulling in the full dependency
tree of the master. This change restores that by separating
server_run_options.go back to its own package.
Also, options structs should never contain non-serializable types, which
storagebackend.Config was doing with runtime.Codec. Split the codec out.
Fix a typo on the name of the etcd2.go storage backend.
Finally, move DefaultStorageMediaType to server_run_options.
@nikhiljindal as per my comment in #24454, @liggitt because you and I
discussed this last time
A few months ago we refactored options to keep it independent of the
implementations, so that it could be used in CLI tools to validate
config or to generate config, without pulling in the full dependency
tree of the master. This change restores that by separating
server_run_options.go back to its own package.
Also, options structs should never contain non-serializable types, which
storagebackend.Config was doing with runtime.Codec. Split the codec out.
Fix a typo on the name of the etcd2.go storage backend.
Finally, move DefaultStorageMediaType to server_run_options.
Automatic merge from submit-queue
Newrelic daemonset
1. base64 on Mac does not support the **wrap** option. Easy to support on both Mac and Linux by using **tr** to remove the newline.
2. DaemonSet definition does not conform to latest schema:
> $ kubectl create -f ./newrelic-daemonset.yaml
error validating "./newrelic-daemonset.yaml": error validating data: found invalid field privileged for v1.PodSecurityContext; if you choose to ignore these errors, turn validation off with --validate=false
<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/24564)
<!-- Reviewable:end -->
Automatic merge from submit-queue
Fixed namespace name to spark-cluster
Just changed the namespace from **default** to **spark-cluster** in the spark example docs.
The guestbook-go example is broken because the latest tag of redis has
moved to redis 3.0 which speaks a new protocol. This means that the
slaves, which have fixed 2.0 versions, will error out on the protocol:
```
[7] 15 May 23:37:44.403 # Can't handle RDB format version 7
[7] 15 May 23:37:44.403 # Failed trying to load the MASTER synchronization DB from disk
[7] 15 May 23:37:45.333 * Connecting to MASTER redis-master:6379
[7] 15 May 23:37:45.427 * MASTER <-> SLAVE sync started
```
In this case the app simply never persists data.
cc @luebken @Gurpartap
The codec factory should support two distinct interfaces - negotiating
for a serializer with a client, vs reading or writing data to a storage
form (etcd, disk, etc). Make the EncodeForVersion and DecodeToVersion
methods only take Encoder and Decoder, and slight refactoring elsewhere.
In the storage factory, use a content type to control what serializer to
pick, and use the universal deserializer. This ensures that storage can
read JSON (which might be from older objects) while only writing
protobuf. Add exceptions for those resources that may not be able to
write to protobuf (specifically third party resources, but potentially
others in the future).
Automatic merge from submit-queue
Deleting duplicate code from federated-apiserver.Run()
This removes most of duplicate code from federated-apiserver.Run().
The code remaining is related to storage or authz and authn.
https://github.com/kubernetes/kubernetes/pull/24787 refactors the storage related code.
I am still figuring out authz and authn.
cc @jianhuiz
Automatic merge from submit-queue
Refactored SeedProvider and Updated Docker
This is a redo of the last PR that I munged 😄
- fixed maven build folder structure
- updated build to C* 3.4
- refactored Seed Provider - improved error handling, updated default SeedProvider code
- added start of unit tests. Not as comprehensive as I would like
- updated docker image to debian:jessie
- installed openjdk 8
- added some docker fu to make the image smaller
- updated docker to C* 3.4 and update yaml
- updated README content. Added a section about the docker, and the SeedProvider
Have not had a chance to test the docker on k8s, because I do not have a local docker repo.
NOTE: someone needs to push the docker image into the google repo. Not sure what the process is ... I will submit another PR request with changes to the yaml files.
Automatic merge from submit-queue
Move internal types of job from pkg/apis/extensions to pkg/apis/batch
This addressed the job part of #23216, this is still WIP. Will notify once finished. I'd like to have it in before starting working on ScheduledJob.
@lavalamp @erictune fyi
Automatic merge from submit-queue
Intial draft on SeedProvider docs
Alsa more documentation. We need to reference the config section in the example docs. There are multiple PRs open in those docs, so at this point I do not want to make a mess.
Let me know if there are docs standard template that will make this more pretty.
Automatic merge from submit-queue
update gb-frontend image. New image includes the change in PR # 23381.
Update to use the gcr.io/google-samples/gb-frontend:v4 image. New image includes the change in https://github.com/kubernetes/kubernetes/pull/23381.
Add tests to watch behavior in both protocols (http and websocket)
against all 3 media types. Adopt the
`application/vnd.kubernetes.protobuf;stream=watch` media type for the
content that comes back from a watch call so that it can be
distinguished from a Status result.
Automatic merge from submit-queue
Add mpio support for iscsi
This allows the iscsi volume to check if a iscsi device belongs to a mpio device
If it does belong to the device then we make sure we mount the mpio device instead of
the raw device.
The code is based on the current FibreChannel volume support for mpio
example
/dev/disk/by-path/iqn-example.com.2999 -> /dev/sde
Then we check
/sys/block/[dm-X]/slaves/xx
until we find the [dm-X] containing /dev/sde and mount it
Additional work that can be done in future
1. Add multiple portal support to iscsi
2. Move the FibreChannel volume provider to use the code that has been extracted
If it does belong to the device then we make sure we mount the mpio device instead of
the raw device.
Heuristics
Login into /dev/disk/by-path/iqn-example.com.2999 -> /dev/sde
Check if sde existsin in /sys/block/[dm-X]/slaves/xx
If it does mount /dev/[dm-x] which will look like /dev/mapper/mpiodevicename in mount
examples/iscsi has more details
Automatic merge from submit-queue
Flexvolume: Add support for multiple secrets
This PR adds support to pass multiple secrets for flexvolume plugins.
To allow multiple secrets, secrets are now passed as:
"kubernetes.io/secret/id-rsa":"value-2\r\n\r\n","kubernetes.io/secret/id-rsa.pub":"value-1\r\n"
Automatic merge from submit-queue
phase 2 of cassandra example overhaul
Here's the next iteration in overhauling this example, towards https://github.com/kubernetes/kubernetes/issues/20961. This removes the pod adoption part, but doesn't (yet) otherwise change any of the resources used.
It also includes some README cleanup, and removes some explicit specification of labels in the rc yaml.
This PR doesn't yet add any commentary on how we're using the seed provider (re: https://github.com/kubernetes/kubernetes/issues/20961#issuecomment-190405959 etc.). Maybe we should add that.
Also: LMK if this PR should include any changes to the links out to the docs.
cc @bgrant0607 @johndmulhausen
Automatic merge from submit-queue
Implement a streaming serializer for watch
Changeover watch to use streaming serialization. Properly version the
watch objects. Implement simple framing for JSON and Protobuf (but not
YAML).
@wojtek-t @lavalamp
Automatic merge from submit-queue
examples/guestbook/php-redis: don't reopen stdio fds
/etc/apache2/apache2.conf was configured to log in this way:
> ErrorLog /proc/self/fd/2
> CustomLog /proc/self/fd/1 combined
This causes apache to reopen the already-opened fds. It works fine when
the file descriptors are pipes or ttys but it fails when they are Unix
sockets because sockets cannot be opened with the open() syscall. The
issue happens when apache is connected to systemd-journald, like in the
rkt container run-time.
This patch uses "cat" to directly write to the stdio fds without
reopening them. apache2.conf now looks like:
> ErrorLog "|$/bin/cat 1>&2"
> CustomLog "|/bin/cat" combined
It works both with Docker and rkt (tested with and without
--interactive).
Symptoms:
> [ 2673.478868] apache2-foreground[4]: (6)No such device or address:
> AH00091: apache2: could not open error log file /proc/self/fd/2.
See also: https://github.com/coreos/rkt/issues/2300
-----
/cc @sjpotter @yifan-gu @jonboulle
foxish
