From d93f48adb97dbea07197d983aee49229400bb4f7 Mon Sep 17 00:00:00 2001 From: andyzhangx Date: Sat, 18 Nov 2017 04:56:39 +0000 Subject: [PATCH 01/15] add andyzhangx as reviewer --- pkg/cloudprovider/providers/azure/OWNERS | 2 ++ pkg/volume/azure_dd/OWNERS | 1 + pkg/volume/azure_file/OWNERS | 1 + 3 files changed, 4 insertions(+) diff --git a/pkg/cloudprovider/providers/azure/OWNERS b/pkg/cloudprovider/providers/azure/OWNERS index 9e1337493fe..1109bcea346 100644 --- a/pkg/cloudprovider/providers/azure/OWNERS +++ b/pkg/cloudprovider/providers/azure/OWNERS @@ -2,3 +2,5 @@ approvers: - brendandburns - colemickens - jdumars +reviewers: +- andyzhangx diff --git a/pkg/volume/azure_dd/OWNERS b/pkg/volume/azure_dd/OWNERS index d0a8a5db58e..dbe4f0a2053 100755 --- a/pkg/volume/azure_dd/OWNERS +++ b/pkg/volume/azure_dd/OWNERS @@ -8,3 +8,4 @@ reviewers: - jsafrane - jingxu97 - msau42 +- andyzhangx diff --git a/pkg/volume/azure_file/OWNERS b/pkg/volume/azure_file/OWNERS index d0a8a5db58e..dbe4f0a2053 100644 --- a/pkg/volume/azure_file/OWNERS +++ b/pkg/volume/azure_file/OWNERS @@ -8,3 +8,4 @@ reviewers: - jsafrane - jingxu97 - msau42 +- andyzhangx From 4778cad7c42f33321ae398ec445b38df3061f8e5 Mon Sep 17 00:00:00 2001 From: "Christopher M. Luciano" Date: Mon, 27 Nov 2017 10:23:40 -0500 Subject: [PATCH 02/15] Mark v1beta1 NetworkPolicy types as deprecated --- staging/src/k8s.io/api/extensions/v1beta1/types.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go index d3cff2aba23..80942f7417e 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/types.go +++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go @@ -1144,6 +1144,7 @@ type PodSecurityPolicyList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. // NetworkPolicy describes what network traffic is allowed for a set of Pods type NetworkPolicy struct { metav1.TypeMeta `json:",inline"` @@ -1157,6 +1158,7 @@ type NetworkPolicy struct { Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` } +// DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType. // Policy Type string describes the NetworkPolicy type // This type is beta-level in 1.8 type PolicyType string @@ -1168,6 +1170,7 @@ const ( PolicyTypeEgress PolicyType = "Egress" ) +// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec. type NetworkPolicySpec struct { // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules // is applied to any pods selected by this field. Multiple network policies can select the @@ -1210,6 +1213,7 @@ type NetworkPolicySpec struct { PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"` } +// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. // This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from. type NetworkPolicyIngressRule struct { // List of ports which should be made accessible on the pods selected for this rule. @@ -1229,6 +1233,7 @@ type NetworkPolicyIngressRule struct { From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"` } +// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods // matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. // This type is beta-level in 1.8 @@ -1250,6 +1255,7 @@ type NetworkPolicyEgressRule struct { To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"` } +// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort. type NetworkPolicyPort struct { // Optional. The protocol (TCP or UDP) which traffic must match. // If not specified, this field defaults to TCP. @@ -1265,6 +1271,7 @@ type NetworkPolicyPort struct { Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"` } +// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. // IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods // matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should // not be included within this rule. @@ -1279,6 +1286,7 @@ type IPBlock struct { Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"` } +// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer. type NetworkPolicyPeer struct { // Exactly one of the following must be specified. @@ -1302,6 +1310,7 @@ type NetworkPolicyPeer struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. // Network Policy List is a list of NetworkPolicy objects. type NetworkPolicyList struct { metav1.TypeMeta `json:",inline"` From 6dc9eeb3dd7cdf227f1750ee9c2518ffe3af491e Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Tue, 28 Nov 2017 02:03:23 +0000 Subject: [PATCH 03/15] Document CustomPodDNS feature gates for DNSConfig and None dnsPolicy --- staging/src/k8s.io/api/core/v1/types.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go index bb5a5a104f4..6ab6911600a 100644 --- a/staging/src/k8s.io/api/core/v1/types.go +++ b/staging/src/k8s.io/api/core/v1/types.go @@ -2771,6 +2771,7 @@ type PodSpec struct { // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. // To have DNS options set along with hostNetwork, you have to specify DNS policy // explicitly to 'ClusterFirstWithHostNet'. + // Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. // +optional DNSPolicy DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"` // NodeSelector is a selector which must be true for the pod to fit on a node. @@ -2866,6 +2867,7 @@ type PodSpec struct { // Specifies the DNS parameters of a pod. // Parameters specified here will be merged to the generated DNS // configuration based on DNSPolicy. + // This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. // +optional DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"` } From 491a4815251ed7b86995d01b362b298087d5c081 Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Tue, 28 Nov 2017 02:03:39 +0000 Subject: [PATCH 04/15] Add generated files --- api/openapi-spec/swagger.json | 4 ++-- api/swagger-spec/apps_v1.json | 4 ++-- api/swagger-spec/apps_v1beta1.json | 4 ++-- api/swagger-spec/apps_v1beta2.json | 4 ++-- api/swagger-spec/batch_v1.json | 4 ++-- api/swagger-spec/batch_v1beta1.json | 4 ++-- api/swagger-spec/batch_v2alpha1.json | 4 ++-- api/swagger-spec/extensions_v1beta1.json | 4 ++-- api/swagger-spec/v1.json | 4 ++-- docs/api-reference/apps/v1/definitions.html | 4 ++-- docs/api-reference/apps/v1beta1/definitions.html | 4 ++-- docs/api-reference/apps/v1beta2/definitions.html | 4 ++-- docs/api-reference/batch/v1/definitions.html | 4 ++-- docs/api-reference/batch/v1beta1/definitions.html | 4 ++-- docs/api-reference/batch/v2alpha1/definitions.html | 4 ++-- docs/api-reference/extensions/v1beta1/definitions.html | 4 ++-- docs/api-reference/v1/definitions.html | 4 ++-- staging/src/k8s.io/api/core/v1/generated.proto | 2 ++ staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go | 4 ++-- 19 files changed, 38 insertions(+), 36 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index bf997f2a671..af30f43e274 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -77377,11 +77377,11 @@ "x-kubernetes-patch-strategy": "merge" }, "dnsConfig": { - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.", "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig" }, "dnsPolicy": { - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.", "type": "string" }, "hostAliases": { diff --git a/api/swagger-spec/apps_v1.json b/api/swagger-spec/apps_v1.json index 4fff9f1831e..7956e22ea58 100644 --- a/api/swagger-spec/apps_v1.json +++ b/api/swagger-spec/apps_v1.json @@ -6652,7 +6652,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -6738,7 +6738,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/apps_v1beta1.json b/api/swagger-spec/apps_v1beta1.json index 0a9f4ce5c83..8a004fb748f 100644 --- a/api/swagger-spec/apps_v1beta1.json +++ b/api/swagger-spec/apps_v1beta1.json @@ -4286,7 +4286,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -4372,7 +4372,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/apps_v1beta2.json b/api/swagger-spec/apps_v1beta2.json index ce3a45788ab..8dfb5baf53b 100644 --- a/api/swagger-spec/apps_v1beta2.json +++ b/api/swagger-spec/apps_v1beta2.json @@ -6652,7 +6652,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -6738,7 +6738,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/batch_v1.json b/api/swagger-spec/batch_v1.json index fd7f780ba2b..4d154abb9ad 100644 --- a/api/swagger-spec/batch_v1.json +++ b/api/swagger-spec/batch_v1.json @@ -1626,7 +1626,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -1712,7 +1712,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/batch_v1beta1.json b/api/swagger-spec/batch_v1beta1.json index de28cd79b11..c84dd3cde5f 100644 --- a/api/swagger-spec/batch_v1beta1.json +++ b/api/swagger-spec/batch_v1beta1.json @@ -1681,7 +1681,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -1767,7 +1767,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/batch_v2alpha1.json b/api/swagger-spec/batch_v2alpha1.json index 9c393fe9e84..fbaaa4ee818 100644 --- a/api/swagger-spec/batch_v2alpha1.json +++ b/api/swagger-spec/batch_v2alpha1.json @@ -1681,7 +1681,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -1767,7 +1767,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/extensions_v1beta1.json b/api/swagger-spec/extensions_v1beta1.json index c947a65449c..d05c75045f1 100644 --- a/api/swagger-spec/extensions_v1beta1.json +++ b/api/swagger-spec/extensions_v1beta1.json @@ -7294,7 +7294,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -7380,7 +7380,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json index e102f99bd59..e988dfc85a5 100644 --- a/api/swagger-spec/v1.json +++ b/api/swagger-spec/v1.json @@ -21449,7 +21449,7 @@ }, "dnsPolicy": { "type": "string", - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." }, "nodeSelector": { "type": "object", @@ -21535,7 +21535,7 @@ }, "dnsConfig": { "$ref": "v1.PodDNSConfig", - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it." } } }, diff --git a/docs/api-reference/apps/v1/definitions.html b/docs/api-reference/apps/v1/definitions.html index 887585f5562..a8a675a8e85 100755 --- a/docs/api-reference/apps/v1/definitions.html +++ b/docs/api-reference/apps/v1/definitions.html @@ -3804,7 +3804,7 @@ When an object is created, the system will populate this list with the current s

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -3937,7 +3937,7 @@ When an object is created, the system will populate this list with the current s

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/apps/v1beta1/definitions.html b/docs/api-reference/apps/v1beta1/definitions.html index f90176654d7..3b522ed1981 100755 --- a/docs/api-reference/apps/v1beta1/definitions.html +++ b/docs/api-reference/apps/v1beta1/definitions.html @@ -3857,7 +3857,7 @@ The StatefulSet guarantees that a given network identity will always map to the

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -3990,7 +3990,7 @@ The StatefulSet guarantees that a given network identity will always map to the

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/apps/v1beta2/definitions.html b/docs/api-reference/apps/v1beta2/definitions.html index 157fa46b329..abc65818398 100755 --- a/docs/api-reference/apps/v1beta2/definitions.html +++ b/docs/api-reference/apps/v1beta2/definitions.html @@ -4473,7 +4473,7 @@ The StatefulSet guarantees that a given network identity will always map to the

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -4606,7 +4606,7 @@ The StatefulSet guarantees that a given network identity will always map to the

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/batch/v1/definitions.html b/docs/api-reference/batch/v1/definitions.html index bcf76e5b222..9cec3b5687f 100755 --- a/docs/api-reference/batch/v1/definitions.html +++ b/docs/api-reference/batch/v1/definitions.html @@ -3137,7 +3137,7 @@ When an object is created, the system will populate this list with the current s

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -3270,7 +3270,7 @@ When an object is created, the system will populate this list with the current s

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/batch/v1beta1/definitions.html b/docs/api-reference/batch/v1beta1/definitions.html index 798d8d6b21e..e1466c71b4d 100755 --- a/docs/api-reference/batch/v1beta1/definitions.html +++ b/docs/api-reference/batch/v1beta1/definitions.html @@ -3171,7 +3171,7 @@ When an object is created, the system will populate this list with the current s

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -3304,7 +3304,7 @@ When an object is created, the system will populate this list with the current s

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/batch/v2alpha1/definitions.html b/docs/api-reference/batch/v2alpha1/definitions.html index d319cb99dd0..9ed32f89dfd 100755 --- a/docs/api-reference/batch/v2alpha1/definitions.html +++ b/docs/api-reference/batch/v2alpha1/definitions.html @@ -3144,7 +3144,7 @@ When an object is created, the system will populate this list with the current s

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -3277,7 +3277,7 @@ When an object is created, the system will populate this list with the current s

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/extensions/v1beta1/definitions.html b/docs/api-reference/extensions/v1beta1/definitions.html index 2776574ca6d..718c88e5f84 100755 --- a/docs/api-reference/extensions/v1beta1/definitions.html +++ b/docs/api-reference/extensions/v1beta1/definitions.html @@ -4496,7 +4496,7 @@ When an object is created, the system will populate this list with the current s

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -4629,7 +4629,7 @@ When an object is created, the system will populate this list with the current s

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/docs/api-reference/v1/definitions.html b/docs/api-reference/v1/definitions.html index 08c3b84c8ce..78489b60724 100755 --- a/docs/api-reference/v1/definitions.html +++ b/docs/api-reference/v1/definitions.html @@ -9082,7 +9082,7 @@ Examples:

dnsPolicy

-

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet.

+

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ClusterFirstWithHostNet. Note that None policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

string

@@ -9215,7 +9215,7 @@ Examples:

dnsConfig

-

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

+

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.

false

v1.PodDNSConfig

diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto index 4f00a69e077..096d5240725 100644 --- a/staging/src/k8s.io/api/core/v1/generated.proto +++ b/staging/src/k8s.io/api/core/v1/generated.proto @@ -2979,6 +2979,7 @@ message PodSpec { // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. // To have DNS options set along with hostNetwork, you have to specify DNS policy // explicitly to 'ClusterFirstWithHostNet'. + // Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. // +optional optional string dnsPolicy = 6; @@ -3091,6 +3092,7 @@ message PodSpec { // Specifies the DNS parameters of a pod. // Parameters specified here will be merged to the generated DNS // configuration based on DNSPolicy. + // This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it. // +optional optional PodDNSConfig dnsConfig = 26; } diff --git a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go index bf08a786be5..0f141b41050 100644 --- a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -1481,7 +1481,7 @@ var map_PodSpec = map[string]string{ "restartPolicy": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", "terminationGracePeriodSeconds": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", "activeDeadlineSeconds": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", - "dnsPolicy": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", + "dnsPolicy": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Note that 'None' policy is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.", "nodeSelector": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "serviceAccountName": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "serviceAccount": "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", @@ -1500,7 +1500,7 @@ var map_PodSpec = map[string]string{ "hostAliases": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.", "priorityClassName": "If specified, indicates the pod's priority. \"SYSTEM\" is a special keyword which indicates the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", "priority": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", - "dnsConfig": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "dnsConfig": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. This is an alpha feature introduced in v1.9 and CustomPodDNS feature gate must be enabled to use it.", } func (PodSpec) SwaggerDoc() map[string]string { From fa9ff6991e3a833a35c80dbf506b77b36cd97513 Mon Sep 17 00:00:00 2001 From: Aleksandra Malinowska Date: Tue, 28 Nov 2017 11:03:44 +0100 Subject: [PATCH 05/15] Add checking HPA_USE_REST_CLIENTS in addition to ENABLE_METRICS_SERVER when disabling REST clients use for HPA --- cluster/gce/gci/configure-helper.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index cc0b3d20452..5af388c4d8e 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1807,8 +1807,10 @@ function start-kube-controller-manager { if [[ -n "${CLUSTER_SIGNING_DURATION:-}" ]]; then params+=" --experimental-cluster-signing-duration=$CLUSTER_SIGNING_DURATION" fi - # disable using HPA metrics REST clients if metrics-server isn't enabled - if [[ "${ENABLE_METRICS_SERVER:-}" != "true" ]]; then + # Disable using HPA metrics REST clients if metrics-server isn't enabled, + # or if we want to explicitly disable it by setting HPA_USE_REST_CLIENT. + if [[ "${ENABLE_METRICS_SERVER:-}" != "true" ]] || + [[ "${HPA_USE_REST_CLIENTS:-}" == "false" ]]; then params+=" --horizontal-pod-autoscaler-use-rest-clients=false" fi From 769b9eed3534390ea339d238fdb9a57284afe463 Mon Sep 17 00:00:00 2001 From: Ryan Phillips Date: Mon, 27 Nov 2017 22:35:00 -0600 Subject: [PATCH 06/15] e2e: eviction test redirect dd stderr * redirect stderr to /dev/null Fixes #56234 --- test/e2e_node/eviction_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e_node/eviction_test.go b/test/e2e_node/eviction_test.go index d8760db6b45..0d2cf113bac 100644 --- a/test/e2e_node/eviction_test.go +++ b/test/e2e_node/eviction_test.go @@ -628,7 +628,7 @@ func inodeConsumingPod(name string, volumeSource *v1.VolumeSource) *v1.Pod { func diskConsumingPod(name string, diskConsumedMB int, volumeSource *v1.VolumeSource, resources v1.ResourceRequirements) *v1.Pod { // Each iteration writes 1 Mb, so do diskConsumedMB iterations. - return podWithCommand(volumeSource, resources, name, fmt.Sprintf("i=0; while [ $i -lt %d ];", diskConsumedMB)+" do dd if=/dev/urandom of=%s${i} bs=1048576 count=1; i=$(($i+1)); done; while true; do sleep 5; done") + return podWithCommand(volumeSource, resources, name, fmt.Sprintf("i=0; while [ $i -lt %d ];", diskConsumedMB)+" do dd if=/dev/urandom of=%s${i} bs=1048576 count=1 2>/dev/null ; i=$(($i+1)); done; while true; do sleep 5; done") } // podWithCommand returns a pod with the provided volumeSource and resourceRequirements. From e378a2a6c3a51b2b016165e0c10a3dd01ce99cb0 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Thu, 2 Nov 2017 14:10:22 -0400 Subject: [PATCH 07/15] Do not fake /bin/bash, just use the real bash Looks like 0.6, we ended up with dash as the default shell, with /bin/sh as well as /bin/dash ending up invoking dash. We should not change the contract by faking a link to /bin/bash. Let's install the actual bash package and make sure /bin/sh is linked to /bin/bash as well. --- build/debian-hyperkube-base/Dockerfile | 9 ++++++--- build/debian-hyperkube-base/Makefile | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/build/debian-hyperkube-base/Dockerfile b/build/debian-hyperkube-base/Dockerfile index 52f609ff220..aeb62ce5683 100644 --- a/build/debian-hyperkube-base/Dockerfile +++ b/build/debian-hyperkube-base/Dockerfile @@ -14,10 +14,13 @@ FROM BASEIMAGE +RUN echo CACHEBUST>/dev/null && clean-install \ + bash + # The samba-common, cifs-utils, and nfs-common packages depend on -# ucf, which itself depends on /bin/bash existing. -# It doesn't seem to actually need bash, however. -RUN ln -s /bin/sh /bin/bash +# ucf, which itself depends on /bin/bash. +RUN echo "dash dash/sh boolean false" | debconf-set-selections +RUN DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash RUN echo CACHEBUST>/dev/null && clean-install \ ca-certificates \ diff --git a/build/debian-hyperkube-base/Makefile b/build/debian-hyperkube-base/Makefile index 19e468a8fe5..54ca29f7e9a 100644 --- a/build/debian-hyperkube-base/Makefile +++ b/build/debian-hyperkube-base/Makefile @@ -19,7 +19,7 @@ REGISTRY?=gcr.io/google-containers IMAGE?=debian-hyperkube-base -TAG=0.7 +TAG=0.8 ARCH?=amd64 CACHEBUST?=1 From 6ec2bdf9db9172ef563ca62a0cc7fcab45d635df Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 28 Nov 2017 21:22:16 -0500 Subject: [PATCH 08/15] Allow config and ignore-preflight to be specified together In commit 3a0aa06fc9cb78738ba542db6154f71f5d1b92ea, the flag was changed from `ignore-checks-errors` to `ignore-preflight-errors`, but the condition check in ValidateMixedArguments was not updated. So specifying say `--config kubeadm.conf --ignore-preflight-errors all` would fail. --- cmd/kubeadm/app/apis/kubeadm/validation/validation.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go index f7b9ab21072..3220b41aab4 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go @@ -315,7 +315,7 @@ func ValidateMixedArguments(flag *pflag.FlagSet) error { mixedInvalidFlags := []string{} flag.Visit(func(f *pflag.Flag) { - if f.Name == "config" || strings.HasPrefix(f.Name, "ignore-checks-") || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" { + if f.Name == "config" || f.Name == "ignore-preflight-errors" || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" { // "--skip-*" flags or other whitelisted flags can be set with --config return } From d626de113f91da2ae82cafc894e1f33e133b2808 Mon Sep 17 00:00:00 2001 From: Dane LeBlanc Date: Tue, 28 Nov 2017 22:52:42 -0500 Subject: [PATCH 09/15] Add brackets around IPv6 kube-dns liveness probe addrs When a Kubernetes cluster is instantiated in IPv6-only mode via 'kubeadm init ...', the liveness probes that are configured by kubeadm for kube-dns currently use IP:port strings of "::1:53" and "::1:10053". These IP:port strings should instead include brackets around the ::1 IPv6 loopback address, e.g. "[::1]:53" and "[::1]:10053". This change adds the necessary brackets around the ::1 IPv6 loopback address. Without this change, the kube-dns sidecar container interprets the bracket-less strings as IPv4 IP:port strings that have too many colons, and the kube-dns pod is restarted about once every 2 minutes. fixes #56543 /area ipv6 /sig network --- cmd/kubeadm/app/phases/addons/dns/dns.go | 7 +++++-- cmd/kubeadm/app/phases/addons/dns/dns_test.go | 3 ++- cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/cmd/kubeadm/app/phases/addons/dns/dns.go b/cmd/kubeadm/app/phases/addons/dns/dns.go index b1866e584fa..072359a8e5b 100644 --- a/cmd/kubeadm/app/phases/addons/dns/dns.go +++ b/cmd/kubeadm/app/phases/addons/dns/dns.go @@ -63,22 +63,25 @@ func kubeDNSAddon(cfg *kubeadmapi.MasterConfiguration, client clientset.Interfac return err } - var dnsBindAddr string + var dnsBindAddr, dnsProbeAddr string if dnsip.To4() == nil { dnsBindAddr = "::1" + dnsProbeAddr = "[" + dnsBindAddr + "]" } else { dnsBindAddr = "127.0.0.1" + dnsProbeAddr = dnsBindAddr } // Get the YAML manifest conditionally based on the k8s version kubeDNSDeploymentBytes := GetKubeDNSManifest(k8sVersion) dnsDeploymentBytes, err := kubeadmutil.ParseTemplate(kubeDNSDeploymentBytes, - struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{ + struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSProbeAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{ ImageRepository: cfg.ImageRepository, Arch: runtime.GOARCH, // Get the kube-dns version conditionally based on the k8s version Version: GetDNSVersion(k8sVersion, kubeadmconstants.KubeDNS), DNSBindAddr: dnsBindAddr, + DNSProbeAddr: dnsProbeAddr, DNSDomain: cfg.Networking.DNSDomain, DNSProbeType: GetKubeDNSProbeType(k8sVersion), MasterTaintKey: kubeadmconstants.LabelNodeRoleMaster, diff --git a/cmd/kubeadm/app/phases/addons/dns/dns_test.go b/cmd/kubeadm/app/phases/addons/dns/dns_test.go index 40c0043436e..55967aae3d7 100644 --- a/cmd/kubeadm/app/phases/addons/dns/dns_test.go +++ b/cmd/kubeadm/app/phases/addons/dns/dns_test.go @@ -92,11 +92,12 @@ func TestCompileManifests(t *testing.T) { }{ { manifest: v180AndAboveKubeDNSDeployment, - data: struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{ + data: struct{ ImageRepository, Arch, Version, DNSBindAddr, DNSProbeAddr, DNSDomain, DNSProbeType, MasterTaintKey string }{ ImageRepository: "foo", Arch: "foo", Version: "foo", DNSBindAddr: "foo", + DNSProbeAddr: "foo", DNSDomain: "foo", DNSProbeType: "foo", MasterTaintKey: "foo", diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go index 4875ddb9003..cbf434706da 100644 --- a/cmd/kubeadm/app/phases/addons/dns/manifests.go +++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go @@ -156,8 +156,8 @@ spec: args: - --v=2 - --logtostderr - - --probe=kubedns,{{ .DNSBindAddr }}:10053,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }} - - --probe=dnsmasq,{{ .DNSBindAddr }}:53,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }} + - --probe=kubedns,{{ .DNSProbeAddr }}:10053,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }} + - --probe=dnsmasq,{{ .DNSProbeAddr }}:53,kubernetes.default.svc.{{ .DNSDomain }},5,{{ .DNSProbeType }} ports: - containerPort: 10054 name: metrics From 0b72a20e0fae8596cdc07e90064bd10deaabc781 Mon Sep 17 00:00:00 2001 From: "Christopher M. Luciano" Date: Wed, 29 Nov 2017 10:08:44 -0500 Subject: [PATCH 10/15] Generated code NP v1beta1 --- api/openapi-spec/swagger.json | 13 ++++++++----- api/swagger-spec/extensions_v1beta1.json | 13 ++++++++----- .../extensions/v1beta1/definitions.html | 19 ++++++++++++++----- .../api/extensions/v1beta1/generated.proto | 8 ++++++++ .../v1beta1/types_swagger_doc_generated.go | 13 ++++++++----- 5 files changed, 46 insertions(+), 20 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index b6f08c8888d..f06e9c6d939 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -71243,7 +71243,7 @@ } }, "io.k8s.api.extensions.v1beta1.IPBlock": { - "description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", + "description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", "required": [ "cidr" ], @@ -71405,7 +71405,7 @@ } }, "io.k8s.api.extensions.v1beta1.NetworkPolicy": { - "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", @@ -71433,7 +71433,7 @@ ] }, "io.k8s.api.extensions.v1beta1.NetworkPolicyEgressRule": { - "description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", "properties": { "ports": { "description": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", @@ -71452,7 +71452,7 @@ } }, "io.k8s.api.extensions.v1beta1.NetworkPolicyIngressRule": { - "description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", "properties": { "from": { "description": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.", @@ -71471,7 +71471,7 @@ } }, "io.k8s.api.extensions.v1beta1.NetworkPolicyList": { - "description": "Network Policy List is a list of NetworkPolicy objects.", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.", "required": [ "items" ], @@ -71505,6 +71505,7 @@ ] }, "io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": { + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.", "properties": { "ipBlock": { "description": "IPBlock defines policy on a particular IPBlock", @@ -71521,6 +71522,7 @@ } }, "io.k8s.api.extensions.v1beta1.NetworkPolicyPort": { + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.", "properties": { "port": { "description": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", @@ -71533,6 +71535,7 @@ } }, "io.k8s.api.extensions.v1beta1.NetworkPolicySpec": { + "description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.", "required": [ "podSelector" ], diff --git a/api/swagger-spec/extensions_v1beta1.json b/api/swagger-spec/extensions_v1beta1.json index 7758f317117..efa2931c695 100644 --- a/api/swagger-spec/extensions_v1beta1.json +++ b/api/swagger-spec/extensions_v1beta1.json @@ -9881,7 +9881,7 @@ }, "v1beta1.NetworkPolicyList": { "id": "v1beta1.NetworkPolicyList", - "description": "Network Policy List is a list of NetworkPolicy objects.", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.", "required": [ "items" ], @@ -9909,7 +9909,7 @@ }, "v1beta1.NetworkPolicy": { "id": "v1beta1.NetworkPolicy", - "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods", "properties": { "kind": { "type": "string", @@ -9931,6 +9931,7 @@ }, "v1beta1.NetworkPolicySpec": { "id": "v1beta1.NetworkPolicySpec", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.", "required": [ "podSelector" ], @@ -9964,7 +9965,7 @@ }, "v1beta1.NetworkPolicyIngressRule": { "id": "v1beta1.NetworkPolicyIngressRule", - "description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", "properties": { "ports": { "type": "array", @@ -9984,6 +9985,7 @@ }, "v1beta1.NetworkPolicyPort": { "id": "v1beta1.NetworkPolicyPort", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.", "properties": { "protocol": { "$ref": "v1.Protocol", @@ -10001,6 +10003,7 @@ }, "v1beta1.NetworkPolicyPeer": { "id": "v1beta1.NetworkPolicyPeer", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.", "properties": { "podSelector": { "$ref": "v1.LabelSelector", @@ -10018,7 +10021,7 @@ }, "v1beta1.IPBlock": { "id": "v1beta1.IPBlock", - "description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", + "description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", "required": [ "cidr" ], @@ -10038,7 +10041,7 @@ }, "v1beta1.NetworkPolicyEgressRule": { "id": "v1beta1.NetworkPolicyEgressRule", - "description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", + "description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", "properties": { "ports": { "type": "array", diff --git a/docs/api-reference/extensions/v1beta1/definitions.html b/docs/api-reference/extensions/v1beta1/definitions.html index 1a1af8bd0c1..130c3785412 100755 --- a/docs/api-reference/extensions/v1beta1/definitions.html +++ b/docs/api-reference/extensions/v1beta1/definitions.html @@ -1388,7 +1388,7 @@ Examples: /foo would allow /foo, /foo/ an

v1beta1.NetworkPolicyList

-

Network Policy List is a list of NetworkPolicy objects.

+

DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.

@@ -3273,7 +3273,7 @@ When an object is created, the system will populate this list with the current s

v1beta1.IPBlock

-

IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.

+

DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.

@@ -5315,7 +5315,7 @@ Examples:

v1beta1.NetworkPolicy

-

NetworkPolicy describes what network traffic is allowed for a set of Pods

+

DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods

@@ -5549,6 +5549,9 @@ Examples:

v1beta1.NetworkPolicySpec

+
+

DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.

+
@@ -6042,6 +6045,9 @@ Both these may change in the future. Incoming requests are matched against the h

v1beta1.NetworkPolicyPeer

+
+

DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.

+
@@ -6484,7 +6490,7 @@ Both these may change in the future. Incoming requests are matched against the h

v1beta1.NetworkPolicyIngressRule

-

This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.

+

DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.

@@ -6863,7 +6869,7 @@ Both these may change in the future. Incoming requests are matched against the h

v1beta1.NetworkPolicyEgressRule

-

NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec’s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8

+

DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec’s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8

@@ -7637,6 +7643,9 @@ Both these may change in the future. Incoming requests are matched against the h

v1beta1.NetworkPolicyPort

+
+

DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.

+
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto index 3398108107c..f2efbdfcdad 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto @@ -441,6 +441,7 @@ message IDRange { optional int64 max = 2; } +// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. // IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods // matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should // not be included within this rule. @@ -582,6 +583,7 @@ message IngressTLS { optional string secretName = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. // NetworkPolicy describes what network traffic is allowed for a set of Pods message NetworkPolicy { // Standard object's metadata. @@ -594,6 +596,7 @@ message NetworkPolicy { optional NetworkPolicySpec spec = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods // matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. // This type is beta-level in 1.8 @@ -615,6 +618,7 @@ message NetworkPolicyEgressRule { repeated NetworkPolicyPeer to = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. // This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from. message NetworkPolicyIngressRule { // List of ports which should be made accessible on the pods selected for this rule. @@ -634,6 +638,7 @@ message NetworkPolicyIngressRule { repeated NetworkPolicyPeer from = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. // Network Policy List is a list of NetworkPolicy objects. message NetworkPolicyList { // Standard list metadata. @@ -645,6 +650,7 @@ message NetworkPolicyList { repeated NetworkPolicy items = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer. message NetworkPolicyPeer { // This is a label selector which selects Pods in this namespace. // This field follows standard label selector semantics. @@ -664,6 +670,7 @@ message NetworkPolicyPeer { optional IPBlock ipBlock = 3; } +// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort. message NetworkPolicyPort { // Optional. The protocol (TCP or UDP) which traffic must match. // If not specified, this field defaults to TCP. @@ -679,6 +686,7 @@ message NetworkPolicyPort { optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2; } +// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec. message NetworkPolicySpec { // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules // is applied to any pods selected by this field. Multiple network policies can select the diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go index f65f895e1df..2e65650d665 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go @@ -264,7 +264,7 @@ func (IDRange) SwaggerDoc() map[string]string { } var map_IPBlock = map[string]string{ - "": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", + "": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", "cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"", "except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range", } @@ -352,7 +352,7 @@ func (IngressTLS) SwaggerDoc() map[string]string { } var map_NetworkPolicy = map[string]string{ - "": "NetworkPolicy describes what network traffic is allowed for a set of Pods", + "": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods", "metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata", "spec": "Specification of the desired behavior for this NetworkPolicy.", } @@ -362,7 +362,7 @@ func (NetworkPolicy) SwaggerDoc() map[string]string { } var map_NetworkPolicyEgressRule = map[string]string{ - "": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", + "": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", "ports": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", "to": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", } @@ -372,7 +372,7 @@ func (NetworkPolicyEgressRule) SwaggerDoc() map[string]string { } var map_NetworkPolicyIngressRule = map[string]string{ - "": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", + "": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", "ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", "from": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.", } @@ -382,7 +382,7 @@ func (NetworkPolicyIngressRule) SwaggerDoc() map[string]string { } var map_NetworkPolicyList = map[string]string{ - "": "Network Policy List is a list of NetworkPolicy objects.", + "": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.", "metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata", "items": "Items is a list of schema objects.", } @@ -392,6 +392,7 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string { } var map_NetworkPolicyPeer = map[string]string{ + "": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.", "podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.", "namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.", "ipBlock": "IPBlock defines policy on a particular IPBlock", @@ -402,6 +403,7 @@ func (NetworkPolicyPeer) SwaggerDoc() map[string]string { } var map_NetworkPolicyPort = map[string]string{ + "": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.", "protocol": "Optional. The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP.", "port": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", } @@ -411,6 +413,7 @@ func (NetworkPolicyPort) SwaggerDoc() map[string]string { } var map_NetworkPolicySpec = map[string]string{ + "": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.", "podSelector": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.", "ingress": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).", "egress": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", From c0353ca20c97fe4bd2f51a4df5118687a5b3e6b1 Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Wed, 29 Nov 2017 10:10:32 -0500 Subject: [PATCH 11/15] Remove conditions from PVC after successful resize --- pkg/volume/util/operationexecutor/operation_generator.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go index fc682fd607d..c02c25ac58d 100644 --- a/pkg/volume/util/operationexecutor/operation_generator.go +++ b/pkg/volume/util/operationexecutor/operation_generator.go @@ -1272,6 +1272,7 @@ func updatePVCStatusCapacity(pvcName string, pvc *v1.PersistentVolumeClaim, capa } pvcCopy.Status.Capacity = capacity + pvcCopy.Status.Conditions = []v1.PersistentVolumeClaimCondition{} newData, err := json.Marshal(pvcCopy) if err != nil { From c82d412993d3c4ebb929cb1ce82fc26e77e0964e Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Wed, 29 Nov 2017 11:56:30 -0500 Subject: [PATCH 12/15] Do not resize file system on a read-only mount --- pkg/volume/util/operationexecutor/operation_generator.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go index c02c25ac58d..2ff4b668f00 100644 --- a/pkg/volume/util/operationexecutor/operation_generator.go +++ b/pkg/volume/util/operationexecutor/operation_generator.go @@ -544,6 +544,7 @@ func (og *operationGenerator) resizeFileSystem(volumeToMount VolumeToMount, devi glog.V(6).Infof("Resizing is not enabled for this volume %s", volumeToMount.VolumeName) return nil } + mounter := og.volumePluginMgr.Host.GetMounter(pluginName) // Get expander, if possible expandableVolumePlugin, _ := @@ -565,6 +566,13 @@ func (og *operationGenerator) resizeFileSystem(volumeToMount VolumeToMount, devi // File system resize was requested, proceed glog.V(4).Infof(volumeToMount.GenerateMsgDetailed("MountVolume.resizeFileSystem entering", fmt.Sprintf("DevicePath %q", volumeToMount.DevicePath))) + if volumeToMount.VolumeSpec.ReadOnly { + simpleMsg, detailedMsg := volumeToMount.GenerateMsg("MountVolume.resizeFileSystem failed", "requested read-only file system") + glog.Warningf(detailedMsg) + og.recorder.Eventf(volumeToMount.Pod, v1.EventTypeWarning, kevents.FileSystemResizeFailed, simpleMsg) + return nil + } + diskFormatter := &mount.SafeFormatAndMount{ Interface: mounter, Exec: og.volumePluginMgr.Host.GetExec(expandableVolumePlugin.GetPluginName()), From f16b00b32131c64a8731ff132bd5163c2301b2f6 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 28 Nov 2017 17:31:00 -0500 Subject: [PATCH 13/15] update build/root/WORKSPACE and cluster/images/hyperkube/Makefile for the new tag --- build/root/WORKSPACE | 4 ++-- cluster/images/hyperkube/Makefile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/root/WORKSPACE b/build/root/WORKSPACE index 242e38f13ca..7de0ffaf334 100644 --- a/build/root/WORKSPACE +++ b/build/root/WORKSPACE @@ -88,10 +88,10 @@ docker_pull( docker_pull( name = "debian-hyperkube-base-amd64", - digest = "sha256:1a05a58432254268c31ef5c8d9c21f3d01a40611b14707de6ac2772c0793bd13", + digest = "sha256:fc1b461367730660ac5a40c1eb2d1b23221829acf8a892981c12361383b3742b", registry = "gcr.io", repository = "google-containers/debian-hyperkube-base-amd64", - tag = "0.7", # ignored, but kept here for documentation + tag = "0.8", # ignored, but kept here for documentation ) docker_pull( diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile index 803c1a0c58d..d7a8c7d936b 100644 --- a/cluster/images/hyperkube/Makefile +++ b/cluster/images/hyperkube/Makefile @@ -21,7 +21,7 @@ REGISTRY?=gcr.io/google-containers ARCH?=amd64 HYPERKUBE_BIN?=_output/dockerized/bin/linux/$(ARCH)/hyperkube -BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.7 +BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.8 TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX) all: build From a11f984356582d4878f9554557d228e7a27bc83e Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 28 Nov 2017 21:31:28 -0500 Subject: [PATCH 14/15] Create volumeMount and hostPath for cloud config file We have a way to specify the cloudProvider in kubeadm.conf. We also add `--cloud-config /etc/kubernetes/cloud-config` to both the kubernetes api server and controller manager yaml files if one exists on the box. However we fail to make that file available to the process running in the container. We need to make this `cloud-config` file available to both processes similar to how controller-manager.conf is passed to controller manager. --- cmd/kubeadm/app/phases/controlplane/volumes.go | 8 ++++++++ cmd/kubeadm/app/phases/controlplane/volumes_test.go | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/phases/controlplane/volumes.go b/cmd/kubeadm/app/phases/controlplane/volumes.go index 35edc211187..a3b5ce7fefc 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes.go @@ -34,6 +34,7 @@ const ( caCertsVolumePath = "/etc/ssl/certs" caCertsPkiVolumeName = "ca-certs-etc-pki" flexvolumeDirVolumeName = "flexvolume-dir" + cloudConfigVolumeName = "cloud-config" flexvolumeDirVolumePath = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec" ) @@ -70,6 +71,13 @@ func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.MasterConfiguration) c // Read-only mount for the controller manager kubeconfig file controllerManagerKubeConfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName) mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeConfigVolumeName, controllerManagerKubeConfigFile, controllerManagerKubeConfigFile, true, &hostPathFileOrCreate) + // Read-only mount of the cloud config file if present + if cfg.CloudProvider != "" { + if _, err := os.Stat(DefaultCloudConfigPath); err == nil { + mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, cloudConfigVolumeName, DefaultCloudConfigPath, DefaultCloudConfigPath, true, &hostPathFileOrCreate) + mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, cloudConfigVolumeName, DefaultCloudConfigPath, DefaultCloudConfigPath, true, &hostPathFileOrCreate) + } + } // Mount for the flexvolume directory (/usr/libexec/kubernetes/kubelet-plugins/volume/exec) directory // Flexvolume dir must NOT be readonly as it is used for third-party plugins to integrate with their storage backends via unix domain socket. if stat, err := os.Stat(flexvolumeDirVolumePath); err == nil && stat.IsDir() { diff --git a/cmd/kubeadm/app/phases/controlplane/volumes_test.go b/cmd/kubeadm/app/phases/controlplane/volumes_test.go index daa824062c2..a5fde3cf035 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go @@ -521,7 +521,9 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { if _, ok := mounts.volumeMounts[kubeadmconstants.KubeControllerManager][flexvolumeDirVolumeName]; ok { delete(mounts.volumeMounts[kubeadmconstants.KubeControllerManager], flexvolumeDirVolumeName) } - + if _, ok := mounts.volumeMounts[kubeadmconstants.KubeControllerManager][cloudConfigVolumeName]; ok { + delete(mounts.volumeMounts[kubeadmconstants.KubeControllerManager], cloudConfigVolumeName) + } if !reflect.DeepEqual(mounts.volumes, rt.vol) { t.Errorf( "failed getHostPathVolumesForTheControlPlane:\n\texpected: %v\n\t actual: %v", From 294114a219c1807971d723d3d37301b4549fb094 Mon Sep 17 00:00:00 2001 From: Serguei Bezverkhi Date: Tue, 28 Nov 2017 09:54:18 -0500 Subject: [PATCH 15/15] kubeadm etcd modifying recover steps --- cmd/kubeadm/app/cmd/upgrade/apply.go | 2 +- cmd/kubeadm/app/phases/upgrade/staticpods.go | 71 +++++++++++++++++--- 2 files changed, 61 insertions(+), 12 deletions(-) diff --git a/cmd/kubeadm/app/cmd/upgrade/apply.go b/cmd/kubeadm/app/cmd/upgrade/apply.go index fdb4f4f240b..b4ea162c14e 100644 --- a/cmd/kubeadm/app/cmd/upgrade/apply.go +++ b/cmd/kubeadm/app/cmd/upgrade/apply.go @@ -64,7 +64,7 @@ func NewCmdApply(parentFlags *cmdUpgradeFlags) *cobra.Command { flags := &applyFlags{ parent: parentFlags, imagePullTimeout: 15 * time.Minute, - etcdUpgrade: false, + etcdUpgrade: true, } cmd := &cobra.Command{ diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go index 716b39e7a36..258f0dba91a 100644 --- a/cmd/kubeadm/app/phases/upgrade/staticpods.go +++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go @@ -127,6 +127,12 @@ func (spm *KubeStaticPodPathManager) BackupEtcdDir() string { } func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticPodPathManager, cfg *kubeadmapi.MasterConfiguration, beforePodHash string, recoverManifests map[string]string) error { + // Special treatment is required for etcd case, when rollbackOldManifests should roll back etcd + // manifests only for the case when component is Etcd + recoverEtcd := false + if component == constants.Etcd { + recoverEtcd = true + } // The old manifest is here; in the /etc/kubernetes/manifests/ currentManifestPath := pathMgr.RealManifestPath(component) // The new, upgraded manifest will be written here @@ -140,12 +146,12 @@ func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticP // Move the old manifest into the old-manifests directory if err := pathMgr.MoveFile(currentManifestPath, backupManifestPath); err != nil { - return rollbackOldManifests(recoverManifests, err, pathMgr) + return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd) } // Move the new manifest into the manifests directory if err := pathMgr.MoveFile(newManifestPath, currentManifestPath); err != nil { - return rollbackOldManifests(recoverManifests, err, pathMgr) + return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd) } fmt.Printf("[upgrade/staticpods] Moved upgraded manifest to %q and backed up old manifest to %q\n", currentManifestPath, backupManifestPath) @@ -156,12 +162,12 @@ func upgradeComponent(component string, waiter apiclient.Waiter, pathMgr StaticP // If we don't do this, there is a case where we remove the Static Pod manifest, kubelet is slow to react, kubeadm checks the // API endpoint below of the OLD Static Pod component and proceeds quickly enough, which might lead to unexpected results. if err := waiter.WaitForStaticPodControlPlaneHashChange(cfg.NodeName, component, beforePodHash); err != nil { - return rollbackOldManifests(recoverManifests, err, pathMgr) + return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd) } // Wait for the static pod component to come up and register itself as a mirror pod if err := waiter.WaitForPodsWithLabel("component=" + component); err != nil { - return rollbackOldManifests(recoverManifests, err, pathMgr) + return rollbackOldManifests(recoverManifests, err, pathMgr, recoverEtcd) } fmt.Printf("[upgrade/staticpods] Component %q upgraded successfully!\n", component) @@ -212,20 +218,59 @@ func performEtcdStaticPodUpgrade(waiter apiclient.Waiter, pathMgr StaticPodPathM return true, fmt.Errorf("fail to get etcd pod's hash: %v", err) } - // Write the updated etcd static Pod manifest into the temporary directory + // Write the updated etcd static Pod manifest into the temporary directory, at this point no etcd change + // has occured in any aspects. if err := etcdphase.CreateLocalEtcdStaticPodManifestFile(pathMgr.TempManifestDir(), cfg); err != nil { - return true, rollbackEtcdData(cfg, fmt.Errorf("error creating local etcd static pod manifest file: %v", err), pathMgr) + return true, fmt.Errorf("error creating local etcd static pod manifest file: %v", err) } // Perform etcd upgrade using common to all control plane components function if err := upgradeComponent(constants.Etcd, waiter, pathMgr, cfg, beforeEtcdPodHash, recoverManifests); err != nil { - return true, rollbackEtcdData(cfg, err, pathMgr) + // Since etcd upgrade component failed, the old manifest has been restored + // now we need to check the heatlth of etcd cluster if it came back up with old manifest + if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil { + // At this point we know that etcd cluster is dead and it is safe to copy backup datastore and to rollback old etcd manifest + if err := rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr); err != nil { + // Even copying back datastore failed, no options for recovery left, bailing out + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + // Old datastore has been copied, rolling back old manifests + if err := rollbackOldManifests(recoverManifests, err, pathMgr, true); err != nil { + // Rolling back to old manifests failed, no options for recovery left, bailing out + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + // Since rollback of the old etcd manifest was successful, checking again the status of etcd cluster + if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil { + // Nothing else left to try to recover etcd cluster + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, rolled the state back to pre-upgrade state", err) + } + // Since etcd cluster came back up with the old manifest + return true, fmt.Errorf("fatal error when trying to upgrade the etcd cluster: %v, rolled the state back to pre-upgrade state", err) } // Checking health state of etcd after the upgrade - etcdStatus, err = etcdCluster.GetEtcdClusterStatus() - if err != nil { - return true, rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr) + if _, err = etcdCluster.GetEtcdClusterStatus(); err != nil { + // Despite the fact that upgradeComponent was sucessfull, there is something wrong with etcd cluster + // First step is to restore back up of datastore + if err := rollbackEtcdData(cfg, fmt.Errorf("etcd cluster is not healthy after upgrade: %v rolling back", err), pathMgr); err != nil { + // Even copying back datastore failed, no options for recovery left, bailing out + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + // Old datastore has been copied, rolling back old manifests + if err := rollbackOldManifests(recoverManifests, err, pathMgr, true); err != nil { + // Rolling back to old manifests failed, no options for recovery left, bailing out + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + // Since rollback of the old etcd manifest was successful, checking again the status of etcd cluster + if _, err := etcdCluster.GetEtcdClusterStatus(); err != nil { + // Nothing else left to try to recover etcd cluster + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, the backup of etcd database is stored here:(%s)", err, backupEtcdDir) + } + + return true, fmt.Errorf("fatal error upgrading local etcd cluster: %v, rolled the state back to pre-upgrade state", err) } return false, nil @@ -276,9 +321,13 @@ func StaticPodControlPlane(waiter apiclient.Waiter, pathMgr StaticPodPathManager } // rollbackOldManifests rolls back the backuped manifests if something went wrong -func rollbackOldManifests(oldManifests map[string]string, origErr error, pathMgr StaticPodPathManager) error { +func rollbackOldManifests(oldManifests map[string]string, origErr error, pathMgr StaticPodPathManager, restoreEtcd bool) error { errs := []error{origErr} for component, backupPath := range oldManifests { + // Will restore etcd manifest only if it was explicitely requested by setting restoreEtcd to True + if component == constants.Etcd && !restoreEtcd { + continue + } // Where we should put back the backed up manifest realManifestPath := pathMgr.RealManifestPath(component)