diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
index bf997f2a671..27c1222f175 100644
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -77377,11 +77377,11 @@
"x-kubernetes-patch-strategy": "merge"
},
"dnsConfig": {
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.",
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.",
"$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig"
},
"dnsPolicy": {
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.",
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.",
"type": "string"
},
"hostAliases": {
@@ -79780,7 +79780,7 @@
}
},
"io.k8s.api.extensions.v1beta1.IPBlock": {
- "description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
+ "description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
@@ -79942,7 +79942,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicy": {
- "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
@@ -79970,7 +79970,7 @@
]
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyEgressRule": {
- "description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"properties": {
"ports": {
"description": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
@@ -79989,7 +79989,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyIngressRule": {
- "description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"properties": {
"from": {
"description": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.",
@@ -80008,7 +80008,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyList": {
- "description": "Network Policy List is a list of NetworkPolicy objects.",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"required": [
"items"
],
@@ -80042,6 +80042,7 @@
]
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": {
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"properties": {
"ipBlock": {
"description": "IPBlock defines policy on a particular IPBlock",
@@ -80058,6 +80059,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyPort": {
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"properties": {
"port": {
"description": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.",
@@ -80070,6 +80072,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicySpec": {
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"required": [
"podSelector"
],
diff --git a/api/swagger-spec/apps_v1.json b/api/swagger-spec/apps_v1.json
index 4fff9f1831e..7956e22ea58 100644
--- a/api/swagger-spec/apps_v1.json
+++ b/api/swagger-spec/apps_v1.json
@@ -6652,7 +6652,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -6738,7 +6738,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/apps_v1beta1.json b/api/swagger-spec/apps_v1beta1.json
index 0a9f4ce5c83..8a004fb748f 100644
--- a/api/swagger-spec/apps_v1beta1.json
+++ b/api/swagger-spec/apps_v1beta1.json
@@ -4286,7 +4286,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -4372,7 +4372,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/apps_v1beta2.json b/api/swagger-spec/apps_v1beta2.json
index ce3a45788ab..8dfb5baf53b 100644
--- a/api/swagger-spec/apps_v1beta2.json
+++ b/api/swagger-spec/apps_v1beta2.json
@@ -6652,7 +6652,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -6738,7 +6738,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/batch_v1.json b/api/swagger-spec/batch_v1.json
index fd7f780ba2b..4d154abb9ad 100644
--- a/api/swagger-spec/batch_v1.json
+++ b/api/swagger-spec/batch_v1.json
@@ -1626,7 +1626,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -1712,7 +1712,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/batch_v1beta1.json b/api/swagger-spec/batch_v1beta1.json
index de28cd79b11..c84dd3cde5f 100644
--- a/api/swagger-spec/batch_v1beta1.json
+++ b/api/swagger-spec/batch_v1beta1.json
@@ -1681,7 +1681,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -1767,7 +1767,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/batch_v2alpha1.json b/api/swagger-spec/batch_v2alpha1.json
index 9c393fe9e84..fbaaa4ee818 100644
--- a/api/swagger-spec/batch_v2alpha1.json
+++ b/api/swagger-spec/batch_v2alpha1.json
@@ -1681,7 +1681,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -1767,7 +1767,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/api/swagger-spec/extensions_v1beta1.json b/api/swagger-spec/extensions_v1beta1.json
index c947a65449c..56f79527b51 100644
--- a/api/swagger-spec/extensions_v1beta1.json
+++ b/api/swagger-spec/extensions_v1beta1.json
@@ -7294,7 +7294,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -7380,7 +7380,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
@@ -9990,7 +9990,7 @@
},
"v1beta1.NetworkPolicyList": {
"id": "v1beta1.NetworkPolicyList",
- "description": "Network Policy List is a list of NetworkPolicy objects.",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"required": [
"items"
],
@@ -10018,7 +10018,7 @@
},
"v1beta1.NetworkPolicy": {
"id": "v1beta1.NetworkPolicy",
- "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"properties": {
"kind": {
"type": "string",
@@ -10040,6 +10040,7 @@
},
"v1beta1.NetworkPolicySpec": {
"id": "v1beta1.NetworkPolicySpec",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"required": [
"podSelector"
],
@@ -10073,7 +10074,7 @@
},
"v1beta1.NetworkPolicyIngressRule": {
"id": "v1beta1.NetworkPolicyIngressRule",
- "description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"properties": {
"ports": {
"type": "array",
@@ -10093,6 +10094,7 @@
},
"v1beta1.NetworkPolicyPort": {
"id": "v1beta1.NetworkPolicyPort",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"properties": {
"protocol": {
"$ref": "v1.Protocol",
@@ -10110,6 +10112,7 @@
},
"v1beta1.NetworkPolicyPeer": {
"id": "v1beta1.NetworkPolicyPeer",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"properties": {
"podSelector": {
"$ref": "v1.LabelSelector",
@@ -10127,7 +10130,7 @@
},
"v1beta1.IPBlock": {
"id": "v1beta1.IPBlock",
- "description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
+ "description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
@@ -10147,7 +10150,7 @@
},
"v1beta1.NetworkPolicyEgressRule": {
"id": "v1beta1.NetworkPolicyEgressRule",
- "description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
+ "description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"properties": {
"ports": {
"type": "array",
diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json
index e102f99bd59..e988dfc85a5 100644
--- a/api/swagger-spec/v1.json
+++ b/api/swagger-spec/v1.json
@@ -21449,7 +21449,7 @@
},
"dnsPolicy": {
"type": "string",
- "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'."
+ "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
},
"nodeSelector": {
"type": "object",
@@ -21535,7 +21535,7 @@
},
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
- "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
+ "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it."
}
}
},
diff --git a/build/debian-hyperkube-base/Dockerfile b/build/debian-hyperkube-base/Dockerfile
index 52f609ff220..aeb62ce5683 100644
--- a/build/debian-hyperkube-base/Dockerfile
+++ b/build/debian-hyperkube-base/Dockerfile
@@ -14,10 +14,13 @@
FROM BASEIMAGE
+RUN echo CACHEBUST>/dev/null && clean-install \
+ bash
+
# The samba-common, cifs-utils, and nfs-common packages depend on
-# ucf, which itself depends on /bin/bash existing.
-# It doesn't seem to actually need bash, however.
-RUN ln -s /bin/sh /bin/bash
+# ucf, which itself depends on /bin/bash.
+RUN echo "dash dash/sh boolean false" | debconf-set-selections
+RUN DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash
RUN echo CACHEBUST>/dev/null && clean-install \
ca-certificates \
diff --git a/build/debian-hyperkube-base/Makefile b/build/debian-hyperkube-base/Makefile
index 19e468a8fe5..54ca29f7e9a 100644
--- a/build/debian-hyperkube-base/Makefile
+++ b/build/debian-hyperkube-base/Makefile
@@ -19,7 +19,7 @@
REGISTRY?=gcr.io/google-containers
IMAGE?=debian-hyperkube-base
-TAG=0.7
+TAG=0.8
ARCH?=amd64
CACHEBUST?=1
diff --git a/build/root/WORKSPACE b/build/root/WORKSPACE
index 242e38f13ca..7de0ffaf334 100644
--- a/build/root/WORKSPACE
+++ b/build/root/WORKSPACE
@@ -88,10 +88,10 @@ docker_pull(
docker_pull(
name = "debian-hyperkube-base-amd64",
- digest = "sha256:1a05a58432254268c31ef5c8d9c21f3d01a40611b14707de6ac2772c0793bd13",
+ digest = "sha256:fc1b461367730660ac5a40c1eb2d1b23221829acf8a892981c12361383b3742b",
registry = "gcr.io",
repository = "google-containers/debian-hyperkube-base-amd64",
- tag = "0.7", # ignored, but kept here for documentation
+ tag = "0.8", # ignored, but kept here for documentation
)
docker_pull(
diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 9d13187bb4a..10eb0cd64f8 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1807,8 +1807,10 @@ function start-kube-controller-manager {
if [[ -n "${CLUSTER_SIGNING_DURATION:-}" ]]; then
params+=" --experimental-cluster-signing-duration=$CLUSTER_SIGNING_DURATION"
fi
- # disable using HPA metrics REST clients if metrics-server isn't enabled
- if [[ "${ENABLE_METRICS_SERVER:-}" != "true" ]]; then
+ # Disable using HPA metrics REST clients if metrics-server isn't enabled,
+ # or if we want to explicitly disable it by setting HPA_USE_REST_CLIENT.
+ if [[ "${ENABLE_METRICS_SERVER:-}" != "true" ]] ||
+ [[ "${HPA_USE_REST_CLIENTS:-}" == "false" ]]; then
params+=" --horizontal-pod-autoscaler-use-rest-clients=false"
fi
diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile
index 803c1a0c58d..d7a8c7d936b 100644
--- a/cluster/images/hyperkube/Makefile
+++ b/cluster/images/hyperkube/Makefile
@@ -21,7 +21,7 @@ REGISTRY?=gcr.io/google-containers
ARCH?=amd64
HYPERKUBE_BIN?=_output/dockerized/bin/linux/$(ARCH)/hyperkube
-BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.7
+BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.8
TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX)
all: build
diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
index f7b9ab21072..3220b41aab4 100644
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@@ -315,7 +315,7 @@ func ValidateMixedArguments(flag *pflag.FlagSet) error {
mixedInvalidFlags := []string{}
flag.Visit(func(f *pflag.Flag) {
- if f.Name == "config" || strings.HasPrefix(f.Name, "ignore-checks-") || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" {
+ if f.Name == "config" || f.Name == "ignore-preflight-errors" || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" {
// "--skip-*" flags or other whitelisted flags can be set with --config
return
}
diff --git a/cmd/kubeadm/app/cmd/upgrade/apply.go b/cmd/kubeadm/app/cmd/upgrade/apply.go
index fdb4f4f240b..b4ea162c14e 100644
--- a/cmd/kubeadm/app/cmd/upgrade/apply.go
+++ b/cmd/kubeadm/app/cmd/upgrade/apply.go
@@ -64,7 +64,7 @@ func NewCmdApply(parentFlags *cmdUpgradeFlags) *cobra.Command {
flags := &applyFlags{
parent: parentFlags,
imagePullTimeout: 15 * time.Minute,
- etcdUpgrade: false,
+ etcdUpgrade: true,
}
cmd := &cobra.Command{
diff --git a/cmd/kubeadm/app/phases/addons/dns/dns.go b/cmd/kubeadm/app/phases/addons/dns/dns.go
index b1866e584fa..072359a8e5b 100644
--- a/cmd/kubeadm/app/phases/addons/dns/dns.go
+++ b/cmd/kubeadm/app/phases/addons/dns/dns.go
@@ -63,22 +63,25 @@ func kubeDNSAddon(cfg *kubeadmapi.MasterConfiguration, client clientset.Interfac
return err
}
- var dnsBindAddr string
+ var dnsBindAddr, dnsProbeAddr string
if dnsip.To4() == nil {
dnsBindAddr = "::1"
+ dnsProbeAddr = "[" + dnsBindAddr + "]"
} else {
dnsBindAddr = "127.0.0.1"
+ dnsProbeAddr = dnsBindAddr
}
// Get the YAML manifest conditionally based on the k8s version
kubeDNSDeploymentBytes := GetKubeDNSManifest(k8sVersion)
dnsDeploymentBytes, err := kubeadmutil.ParseTemplate(kubeDNSDeploymentBytes,
- struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{
+ struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSProbeAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{
ImageRepository: cfg.ImageRepository,
Arch: runtime.GOARCH,
// Get the kube-dns version conditionally based on the k8s version
Version: GetDNSVersion(k8sVersion, kubeadmconstants.KubeDNS),
DNSBindAddr: dnsBindAddr,
+ DNSProbeAddr: dnsProbeAddr,
DNSDomain: cfg.Networking.DNSDomain,
DNSProbeType: GetKubeDNSProbeType(k8sVersion),
MasterTaintKey: kubeadmconstants.LabelNodeRoleMaster,
diff --git a/cmd/kubeadm/app/phases/addons/dns/dns_test.go b/cmd/kubeadm/app/phases/addons/dns/dns_test.go
index 40c0043436e..55967aae3d7 100644
--- a/cmd/kubeadm/app/phases/addons/dns/dns_test.go
+++ b/cmd/kubeadm/app/phases/addons/dns/dns_test.go
@@ -92,11 +92,12 @@ func TestCompileManifests(t *testing.T) {
}{
{
manifest: v180AndAboveKubeDNSDeployment,
- data: struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{
+ data: struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSProbeAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{
ImageRepository: "foo",
Arch: "foo",
Version: "foo",
DNSBindAddr: "foo",
+ DNSProbeAddr: "foo",
DNSDomain: "foo",
DNSProbeType: "foo",
MasterTaintKey: "foo",
diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go
index 4875ddb9003..cbf434706da 100644
--- a/cmd/kubeadm/app/phases/addons/dns/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go
@@ -156,8 +156,8 @@ spec:
args:
- --v=2
- --logtostderr
- - --probe=kubedns,{{ .DNSBindAddr }}:10053,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }}
- - --probe=dnsmasq,{{ .DNSBindAddr }}:53,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }}
+ - --probe=kubedns,{{ .DNSProbeAddr }}:10053,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }}
+ - --probe=dnsmasq,{{ .DNSProbeAddr }}:53,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }}
ports:
- containerPort: 10054
name: metrics
diff --git a/cmd/kubeadm/app/phases/controlplane/volumes.go b/cmd/kubeadm/app/phases/controlplane/volumes.go
index 35edc211187..a3b5ce7fefc 100644
--- a/cmd/kubeadm/app/phases/controlplane/volumes.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes.go
@@ -34,6 +34,7 @@ const (
caCertsVolumePath = "/etc/ssl/certs"
caCertsPkiVolumeName = "ca-certs-etc-pki"
flexvolumeDirVolumeName = "flexvolume-dir"
+ cloudConfigVolumeName = "cloud-config"
flexvolumeDirVolumePath = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec"
)
@@ -70,6 +71,13 @@ func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.MasterConfiguration) c
// Read-only mount for the controller manager kubeconfig file
controllerManagerKubeConfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName)
mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeConfigVolumeName, controllerManagerKubeConfigFile, controllerManagerKubeConfigFile, true, &hostPathFileOrCreate)
+ // Read-only mount of the cloud config file if present
+ if cfg.CloudProvider != "" {
+ if _, err := os.Stat(DefaultCloudConfigPath); err == nil {
+ mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, cloudConfigVolumeName, DefaultCloudConfigPath, DefaultCloudConfigPath, true, &hostPathFileOrCreate)
+ mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, cloudConfigVolumeName, DefaultCloudConfigPath, DefaultCloudConfigPath, true, &hostPathFileOrCreate)
+ }
+ }
// Mount for the flexvolume directory (/usr/libexec/kubernetes/kubelet-plugins/volume/exec) directory
// Flexvolume dir must NOT be readonly as it is used for third-party plugins to integrate with their storage backends via unix domain socket.
if stat, err := os.Stat(flexvolumeDirVolumePath); err == nil && stat.IsDir() {
diff --git a/cmd/kubeadm/app/phases/controlplane/volumes_test.go b/cmd/kubeadm/app/phases/controlplane/volumes_test.go
index daa824062c2..a5fde3cf035 100644
--- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go
@@ -521,7 +521,9 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
if _, ok := mounts.volumeMounts[kubeadmconstants.KubeControllerManager][flexvolumeDirVolumeName]; ok {
delete(mounts.volumeMounts[kubeadmconstants.KubeControllerManager], flexvolumeDirVolumeName)
}
-
+ if _, ok := mounts.volumeMounts[kubeadmconstants.KubeControllerManager][cloudConfigVolumeName]; ok {
+ delete(mounts.volumeMounts[kubeadmconstants.KubeControllerManager], cloudConfigVolumeName)
+ }
if !reflect.DeepEqual(mounts.volumes, rt.vol) {
t.Errorf(
"failed getHostPathVolumesForTheControlPlane:\n\texpected: %v\n\t actual: %v",
diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go
index 716b39e7a36..258f0dba91a 100644
--- a/cmd/kubeadm/app/phases/upgrade/staticpods.go
+++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go
@@ -127,6 +127,12 @@ func (spm *KubeStaticPodPathManager) BackupEtcdDir() string {
}
func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticPodPathManager, cfg *kubeadmapi.MasterConfiguration, beforePodHash string, recoverManifests map[string]string) error {
+ // Special treatment is required for etcd case, when rollbackOldManifests should roll back etcd
+ // manifests only for the case when component is Etcd
+ recoverEtcd := false
+ if component == constants.Etcd {
+ recoverEtcd = true
+ }
// The old manifest is here; in the /etc/kubernetes/manifests/
currentManifestPath := pathMgr.RealManifestPath(component)
// The new, upgraded manifest will be written here
@@ -140,12 +146,12 @@ func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticP
// Move the old manifest into the old-manifests directory
if err := pathMgr.MoveFile(currentManifestPath, backupManifestPath); err != nil {
- return rollbackOldManifests(recoverManifests, err, pathMgr)
+ return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd)
}
// Move the new manifest into the manifests directory
if err := pathMgr.MoveFile(newManifestPath, currentManifestPath); err != nil {
- return rollbackOldManifests(recoverManifests, err, pathMgr)
+ return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd)
}
fmt.Printf("[upgrade/staticpods] Moved upgraded manifest to %q and backed up old manifest to %q\n", currentManifestPath, backupManifestPath)
@@ -156,12 +162,12 @@ func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticP
// If we don't do this, there is a case where we remove the Static Pod manifest, kubelet is slow to react, kubeadm checks the
// API endpoint below of the OLD Static Pod component and proceeds quickly enough, which might lead to unexpected results.
if err := waiter.WaitForStaticPodControlPlaneHashChange(cfg.NodeName, component, beforePodHash); err != nil {
- return rollbackOldManifests(recoverManifests, err, pathMgr)
+ return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd)
}
// Wait for the static pod component to come up and register itself as a mirror pod
if err := waiter.WaitForPodsWithLabel("component=" + component); err != nil {
- return rollbackOldManifests(recoverManifests, err, pathMgr)
+ return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd)
}
fmt.Printf("[upgrade/staticpods] Component %q upgraded successfully!\n", component)
@@ -212,20 +218,59 @@ func performEtcdStaticPodUpgrade(waiter apiclient.Waiter, pathMgr StaticPodPathM
return true, fmt.Errorf("fail to get etcd pod's hash: %v", err)
}
- // Write the updated etcd static Pod manifest into the temporary directory
+ // Write the updated etcd static Pod manifest into the temporary directory, at this point no etcd change
+ // has occured in any aspects.
if err := etcdphase.CreateLocalEtcdStaticPodManifestFile(pathMgr.TempManifestDir(), cfg); err != nil {
- return true, rollbackEtcdData(cfg, fmt.Errorf("error creating local etcd static pod manifest file: %v", err), pathMgr)
+ return true, fmt.Errorf("error creating local etcd static pod manifest file: %v", err)
}
// Perform etcd upgrade using common to all control plane components function
if err := upgradeComponent(constants.Etcd, waiter, pathMgr, cfg, beforeEtcdPodHash, recoverManifests); err != nil {
- return true, rollbackEtcdData(cfg, err, pathMgr)
+ // Since etcd upgrade component failed, the old manifest has been restored
+ // now we need to check the heatlth of etcd cluster if it came back up with old manifest
+ if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil {
+ // At this point we know that etcd cluster is dead and it is safe to copy backup datastore and to rollback old etcd manifest
+ if err := rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr); err != nil {
+ // Even copying back datastore failed, no options for recovery left, bailing out
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+ // Old datastore has been copied, rolling back old manifests
+ if err := rollbackOldManifests(recoverManifests, err, pathMgr, true); err != nil {
+ // Rolling back to old manifests failed, no options for recovery left, bailing out
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+ // Since rollback of the old etcd manifest was successful, checking again the status of etcd cluster
+ if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil {
+ // Nothing else left to try to recover etcd cluster
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, rolled the state back to pre-upgrade state", err)
+ }
+ // Since etcd cluster came back up with the old manifest
+ return true, fmt.Errorf("fatal error when trying to upgrade the etcd cluster: %v, rolled the state back to pre-upgrade state", err)
}
// Checking health state of etcd after the upgrade
- etcdStatus, err = etcdCluster.GetEtcdClusterStatus()
- if err != nil {
- return true, rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr)
+ if _, err = etcdCluster.GetEtcdClusterStatus(); err != nil {
+ // Despite the fact that upgradeComponent was sucessfull, there is something wrong with etcd cluster
+ // First step is to restore back up of datastore
+ if err := rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr); err != nil {
+ // Even copying back datastore failed, no options for recovery left, bailing out
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+ // Old datastore has been copied, rolling back old manifests
+ if err := rollbackOldManifests(recoverManifests, err, pathMgr, true); err != nil {
+ // Rolling back to old manifests failed, no options for recovery left, bailing out
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+ // Since rollback of the old etcd manifest was successful, checking again the status of etcd cluster
+ if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil {
+ // Nothing else left to try to recover etcd cluster
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir)
+ }
+
+ return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, rolled the state back to pre-upgrade state", err)
}
return false, nil
@@ -276,9 +321,13 @@ func StaticPodControlPlane(waiter apiclient.Waiter, pathMgr StaticPodPathManager
}
// rollbackOldManifests rolls back the backuped manifests if something went wrong
-func rollbackOldManifests(oldManifests map[string]string, origErr error, pathMgr StaticPodPathManager) error {
+func rollbackOldManifests(oldManifests map[string]string, origErr error, pathMgr StaticPodPathManager, restoreEtcd bool) error {
errs := []error{origErr}
for component, backupPath := range oldManifests {
+ // Will restore etcd manifest only if it was explicitely requested by setting restoreEtcd to True
+ if component == constants.Etcd && !restoreEtcd {
+ continue
+ }
// Where we should put back the backed up manifest
realManifestPath := pathMgr.RealManifestPath(component)
diff --git a/docs/api-reference/apps/v1/definitions.html b/docs/api-reference/apps/v1/definitions.html
index 887585f5562..a8a675a8e85 100755
--- a/docs/api-reference/apps/v1/definitions.html
+++ b/docs/api-reference/apps/v1/definitions.html
@@ -3804,7 +3804,7 @@ When an object is created, the system will populate this list with the current s
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -3937,7 +3937,7 @@ When an object is created, the system will populate this list with the current s
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/apps/v1beta1/definitions.html b/docs/api-reference/apps/v1beta1/definitions.html
index f90176654d7..3b522ed1981 100755
--- a/docs/api-reference/apps/v1beta1/definitions.html
+++ b/docs/api-reference/apps/v1beta1/definitions.html
@@ -3857,7 +3857,7 @@ The StatefulSet guarantees that a given network identity will always map to the
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -3990,7 +3990,7 @@ The StatefulSet guarantees that a given network identity will always map to the
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/apps/v1beta2/definitions.html b/docs/api-reference/apps/v1beta2/definitions.html
index 157fa46b329..abc65818398 100755
--- a/docs/api-reference/apps/v1beta2/definitions.html
+++ b/docs/api-reference/apps/v1beta2/definitions.html
@@ -4473,7 +4473,7 @@ The StatefulSet guarantees that a given network identity will always map to the
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -4606,7 +4606,7 @@ The StatefulSet guarantees that a given network identity will always map to the
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/batch/v1/definitions.html b/docs/api-reference/batch/v1/definitions.html
index bcf76e5b222..9cec3b5687f 100755
--- a/docs/api-reference/batch/v1/definitions.html
+++ b/docs/api-reference/batch/v1/definitions.html
@@ -3137,7 +3137,7 @@ When an object is created, the system will populate this list with the current s
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -3270,7 +3270,7 @@ When an object is created, the system will populate this list with the current s
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/batch/v1beta1/definitions.html b/docs/api-reference/batch/v1beta1/definitions.html
index 798d8d6b21e..e1466c71b4d 100755
--- a/docs/api-reference/batch/v1beta1/definitions.html
+++ b/docs/api-reference/batch/v1beta1/definitions.html
@@ -3171,7 +3171,7 @@ When an object is created, the system will populate this list with the current s
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -3304,7 +3304,7 @@ When an object is created, the system will populate this list with the current s
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/batch/v2alpha1/definitions.html b/docs/api-reference/batch/v2alpha1/definitions.html
index d319cb99dd0..9ed32f89dfd 100755
--- a/docs/api-reference/batch/v2alpha1/definitions.html
+++ b/docs/api-reference/batch/v2alpha1/definitions.html
@@ -3144,7 +3144,7 @@ When an object is created, the system will populate this list with the current s
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -3277,7 +3277,7 @@ When an object is created, the system will populate this list with the current s
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/docs/api-reference/extensions/v1beta1/definitions.html b/docs/api-reference/extensions/v1beta1/definitions.html
index 2776574ca6d..547557f250c 100755
--- a/docs/api-reference/extensions/v1beta1/definitions.html
+++ b/docs/api-reference/extensions/v1beta1/definitions.html
@@ -1395,7 +1395,7 @@ Examples: /foo would allow /foo, /foo/ an
v1beta1.NetworkPolicyList
-
Network Policy List is a list of NetworkPolicy objects.
+
DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.
@@ -3280,7 +3280,7 @@ When an object is created, the system will populate this list with the current s
v1beta1.IPBlock
-
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.
+
DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.
@@ -4496,7 +4496,7 @@ When an object is created, the system will populate this list with the current s
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -4629,7 +4629,7 @@ When an object is created, the system will populate this list with the current s
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
@@ -5329,7 +5329,7 @@ Examples:
v1beta1.NetworkPolicy
-
NetworkPolicy describes what network traffic is allowed for a set of Pods
+
DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods
@@ -5611,6 +5611,9 @@ Examples:
v1beta1.NetworkPolicySpec
+
+
DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
+
@@ -6104,6 +6107,9 @@ Both these may change in the future. Incoming requests are matched against the h
v1beta1.NetworkPolicyPeer
+
+
DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
+
@@ -6553,7 +6559,7 @@ Both these may change in the future. Incoming requests are matched against the h
v1beta1.NetworkPolicyIngressRule
-
This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
+
DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
@@ -7007,7 +7013,7 @@ Both these may change in the future. Incoming requests are matched against the h
v1beta1.NetworkPolicyEgressRule
-
NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec’s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
+
DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec’s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
@@ -7822,6 +7828,9 @@ Both these may change in the future. Incoming requests are matched against the h
v1beta1.NetworkPolicyPort
+
+
DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
+
diff --git a/docs/api-reference/v1/definitions.html b/docs/api-reference/v1/definitions.html
index 08c3b84c8ce..78489b60724 100755
--- a/docs/api-reference/v1/definitions.html
+++ b/docs/api-reference/v1/definitions.html
@@ -9082,7 +9082,7 @@ Examples:
dnsPolicy |
-Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. |
+Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
string |
|
@@ -9215,7 +9215,7 @@ Examples:
dnsConfig |
-Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. |
+Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. |
false |
v1.PodDNSConfig |
|
diff --git a/pkg/cloudprovider/providers/azure/OWNERS b/pkg/cloudprovider/providers/azure/OWNERS
index 9e1337493fe..1109bcea346 100644
--- a/pkg/cloudprovider/providers/azure/OWNERS
+++ b/pkg/cloudprovider/providers/azure/OWNERS
@@ -2,3 +2,5 @@ approvers:
- brendandburns
- colemickens
- jdumars
+reviewers:
+- andyzhangx
diff --git a/pkg/volume/azure_dd/OWNERS b/pkg/volume/azure_dd/OWNERS
index d0a8a5db58e..dbe4f0a2053 100755
--- a/pkg/volume/azure_dd/OWNERS
+++ b/pkg/volume/azure_dd/OWNERS
@@ -8,3 +8,4 @@ reviewers:
- jsafrane
- jingxu97
- msau42
+- andyzhangx
diff --git a/pkg/volume/azure_file/OWNERS b/pkg/volume/azure_file/OWNERS
index d0a8a5db58e..dbe4f0a2053 100644
--- a/pkg/volume/azure_file/OWNERS
+++ b/pkg/volume/azure_file/OWNERS
@@ -8,3 +8,4 @@ reviewers:
- jsafrane
- jingxu97
- msau42
+- andyzhangx
diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go
index fc682fd607d..2ff4b668f00 100644
--- a/pkg/volume/util/operationexecutor/operation_generator.go
+++ b/pkg/volume/util/operationexecutor/operation_generator.go
@@ -544,6 +544,7 @@ func (og *operationGenerator) resizeFileSystem(volumeToMount VolumeToMount, devi
glog.V(6).Infof("Resizing is not enabled for this volume %s", volumeToMount.VolumeName)
return nil
}
+
mounter := og.volumePluginMgr.Host.GetMounter(pluginName)
// Get expander, if possible
expandableVolumePlugin, _ :=
@@ -565,6 +566,13 @@ func (og *operationGenerator) resizeFileSystem(volumeToMount VolumeToMount, devi
// File system resize was requested, proceed
glog.V(4).Infof(volumeToMount.GenerateMsgDetailed("MountVolume.resizeFileSystem entering", fmt.Sprintf("DevicePath %q", volumeToMount.DevicePath)))
+ if volumeToMount.VolumeSpec.ReadOnly {
+ simpleMsg, detailedMsg := volumeToMount.GenerateMsg("MountVolume.resizeFileSystem failed", "requested read-only file system")
+ glog.Warningf(detailedMsg)
+ og.recorder.Eventf(volumeToMount.Pod, v1.EventTypeWarning, kevents.FileSystemResizeFailed, simpleMsg)
+ return nil
+ }
+
diskFormatter := &mount.SafeFormatAndMount{
Interface: mounter,
Exec: og.volumePluginMgr.Host.GetExec(expandableVolumePlugin.GetPluginName()),
@@ -1272,6 +1280,7 @@ func updatePVCStatusCapacity(pvcName string, pvc *v1.PersistentVolumeClaim, capa
}
pvcCopy.Status.Capacity = capacity
+ pvcCopy.Status.Conditions = []v1.PersistentVolumeClaimCondition{}
newData, err := json.Marshal(pvcCopy)
if err != nil {
diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto
index 4f00a69e077..096d5240725 100644
--- a/staging/src/k8s.io/api/core/v1/generated.proto
+++ b/staging/src/k8s.io/api/core/v1/generated.proto
@@ -2979,6 +2979,7 @@ message PodSpec {
// DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
// To have DNS options set along with hostNetwork, you have to specify DNS policy
// explicitly to 'ClusterFirstWithHostNet'.
+ // Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.
// +optional
optional string dnsPolicy = 6;
@@ -3091,6 +3092,7 @@ message PodSpec {
// Specifies the DNS parameters of a pod.
// Parameters specified here will be merged to the generated DNS
// configuration based on DNSPolicy.
+ // This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.
// +optional
optional PodDNSConfig dnsConfig = 26;
}
diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go
index bb5a5a104f4..6ab6911600a 100644
--- a/staging/src/k8s.io/api/core/v1/types.go
+++ b/staging/src/k8s.io/api/core/v1/types.go
@@ -2771,6 +2771,7 @@ type PodSpec struct {
// DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
// To have DNS options set along with hostNetwork, you have to specify DNS policy
// explicitly to 'ClusterFirstWithHostNet'.
+ // Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.
// +optional
DNSPolicy DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
// NodeSelector is a selector which must be true for the pod to fit on a node.
@@ -2866,6 +2867,7 @@ type PodSpec struct {
// Specifies the DNS parameters of a pod.
// Parameters specified here will be merged to the generated DNS
// configuration based on DNSPolicy.
+ // This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.
// +optional
DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
}
diff --git a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go
index bf08a786be5..0f141b41050 100644
--- a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -1481,7 +1481,7 @@ var map_PodSpec = map[string]string{
"restartPolicy": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy",
"terminationGracePeriodSeconds": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.",
"activeDeadlineSeconds": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.",
- "dnsPolicy": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.",
+ "dnsPolicy": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.",
"nodeSelector": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/",
"serviceAccountName": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/",
"serviceAccount": "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.",
@@ -1500,7 +1500,7 @@ var map_PodSpec = map[string]string{
"hostAliases": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.",
"priorityClassName": "If specified, indicates the pod's priority. \"SYSTEM\" is a special keyword which indicates the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.",
"priority": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.",
- "dnsConfig": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.",
+ "dnsConfig": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.",
}
func (PodSpec) SwaggerDoc() map[string]string {
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
index 99d034373dd..7a3e70290d9 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
@@ -467,6 +467,7 @@ message IDRange {
optional int64 max = 2;
}
+// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
@@ -608,6 +609,7 @@ message IngressTLS {
optional string secretName = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
// NetworkPolicy describes what network traffic is allowed for a set of Pods
message NetworkPolicy {
// Standard object's metadata.
@@ -620,6 +622,7 @@ message NetworkPolicy {
optional NetworkPolicySpec spec = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
@@ -641,6 +644,7 @@ message NetworkPolicyEgressRule {
repeated NetworkPolicyPeer to = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
message NetworkPolicyIngressRule {
// List of ports which should be made accessible on the pods selected for this rule.
@@ -660,6 +664,7 @@ message NetworkPolicyIngressRule {
repeated NetworkPolicyPeer from = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
// Network Policy List is a list of NetworkPolicy objects.
message NetworkPolicyList {
// Standard list metadata.
@@ -671,6 +676,7 @@ message NetworkPolicyList {
repeated NetworkPolicy items = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
@@ -690,6 +696,7 @@ message NetworkPolicyPeer {
optional IPBlock ipBlock = 3;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
message NetworkPolicyPort {
// Optional. The protocol (TCP or UDP) which traffic must match.
// If not specified, this field defaults to TCP.
@@ -705,6 +712,7 @@ message NetworkPolicyPort {
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
}
+// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
message NetworkPolicySpec {
// Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
// is applied to any pods selected by this field. Multiple network policies can select the
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go
index 9be564ed88e..c3d9f72d734 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go
@@ -1112,6 +1112,7 @@ type PodSecurityPolicyList struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
// NetworkPolicy describes what network traffic is allowed for a set of Pods
type NetworkPolicy struct {
metav1.TypeMeta `json:",inline"`
@@ -1125,6 +1126,7 @@ type NetworkPolicy struct {
Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
+// DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType.
// Policy Type string describes the NetworkPolicy type
// This type is beta-level in 1.8
type PolicyType string
@@ -1136,6 +1138,7 @@ const (
PolicyTypeEgress PolicyType = "Egress"
)
+// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
type NetworkPolicySpec struct {
// Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
// is applied to any pods selected by this field. Multiple network policies can select the
@@ -1178,6 +1181,7 @@ type NetworkPolicySpec struct {
PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule.
@@ -1197,6 +1201,7 @@ type NetworkPolicyIngressRule struct {
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
@@ -1218,6 +1223,7 @@ type NetworkPolicyEgressRule struct {
To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"`
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
type NetworkPolicyPort struct {
// Optional. The protocol (TCP or UDP) which traffic must match.
// If not specified, this field defaults to TCP.
@@ -1233,6 +1239,7 @@ type NetworkPolicyPort struct {
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
}
+// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
@@ -1247,6 +1254,7 @@ type IPBlock struct {
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
}
+// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
type NetworkPolicyPeer struct {
// Exactly one of the following must be specified.
@@ -1270,6 +1278,7 @@ type NetworkPolicyPeer struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
// Network Policy List is a list of NetworkPolicy objects.
type NetworkPolicyList struct {
metav1.TypeMeta `json:",inline"`
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
index c9eb79477cf..236d934fa24 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
@@ -278,7 +278,7 @@ func (IDRange) SwaggerDoc() map[string]string {
}
var map_IPBlock = map[string]string{
- "": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
+ "": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
}
@@ -366,7 +366,7 @@ func (IngressTLS) SwaggerDoc() map[string]string {
}
var map_NetworkPolicy = map[string]string{
- "": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"spec": "Specification of the desired behavior for this NetworkPolicy.",
}
@@ -376,7 +376,7 @@ func (NetworkPolicy) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyEgressRule = map[string]string{
- "": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"ports": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
"to": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.",
}
@@ -386,7 +386,7 @@ func (NetworkPolicyEgressRule) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyIngressRule = map[string]string{
- "": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
"from": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.",
}
@@ -396,7 +396,7 @@ func (NetworkPolicyIngressRule) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyList = map[string]string{
- "": "Network Policy List is a list of NetworkPolicy objects.",
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"items": "Items is a list of schema objects.",
}
@@ -406,6 +406,7 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyPeer = map[string]string{
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
@@ -416,6 +417,7 @@ func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyPort = map[string]string{
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"protocol": "Optional. The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP.",
"port": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.",
}
@@ -425,6 +427,7 @@ func (NetworkPolicyPort) SwaggerDoc() map[string]string {
}
var map_NetworkPolicySpec = map[string]string{
+ "": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"podSelector": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.",
"ingress": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).",
"egress": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8",
diff --git a/test/e2e_node/eviction_test.go b/test/e2e_node/eviction_test.go
index d8760db6b45..0d2cf113bac 100644
--- a/test/e2e_node/eviction_test.go
+++ b/test/e2e_node/eviction_test.go
@@ -628,7 +628,7 @@ func inodeConsumingPod(name string, volumeSource *v1.VolumeSource) *v1.Pod {
func diskConsumingPod(name string, diskConsumedMB int, volumeSource *v1.VolumeSource, resources v1.ResourceRequirements) *v1.Pod {
// Each iteration writes 1 Mb, so do diskConsumedMB iterations.
- return podWithCommand(volumeSource, resources, name, fmt.Sprintf("i=0; while [ $i -lt %d ];", diskConsumedMB)+" do dd if=/dev/urandom of=%s${i} bs=1048576 count=1; i=$(($i+1)); done; while true; do sleep 5; done")
+ return podWithCommand(volumeSource, resources, name, fmt.Sprintf("i=0; while [ $i -lt %d ];", diskConsumedMB)+" do dd if=/dev/urandom of=%s${i} bs=1048576 count=1 2>/dev/null ; i=$(($i+1)); done; while true; do sleep 5; done")
}
// podWithCommand returns a pod with the provided volumeSource and resourceRequirements.