Commit Graph

1297 Commits

Author SHA1 Message Date
熊中谅10171568
c4579165f1 refactor: remove deprecated flags
refactor: remove deprecated deleting-pods-qps deleting-pods-burst register-retry-count flags
2022-04-22 20:28:12 +08:00
SataQiu
9ac1b4b68f remove unused option deployment-controller-sync-period for deployment controller 2022-03-30 20:00:53 +08:00
Kubernetes Prow Robot
5b8dbfbbcf
Merge pull request #108995 from pohly/log-contextual
contextual logging
2022-03-29 17:35:59 -07:00
Patrick Ohly
7de1b05e85 logging: add ContextualLogging feature
InitLogs overrides the klog default and turns contextual logging off. This
ensures that it is only enabled in Kubernetes commands that explicitly enable
it via a feature gate. A feature gate for it gets defined in
k8s.io/component-base/logs and is then used by Options.ValidateAndApply.

The effect of disabling contextual logging is very limited according to
benchmarks with kube-scheduler. The feature gets added anyway to satisfy the
PRR recommendation that features should be controllable.

The following commands have support for contextual logging:
- kube-apiserver
- kube-controller-manager
- kubelet
- kube-scheduler
- component-base/logs example

Supporting a feature gate check in ValidateAndApply and not in InitLogs is a
simplification: changing InitLogs to accept a FeatureGate would have implied
changing also component-base/cli.Run. This didn't seem worthwhile because
ValidateAndApply already covers the relevant commands.
2022-03-29 13:29:57 +02:00
Ross Peoples
98837de446 TimeZone support for CronJobs 2022-03-28 16:33:00 -05:00
Kubernetes Prow Robot
b5f8d9ec16
Merge pull request #107724 from kkkkun/fix-leaderlost
Fixes exited messages when leaderelection lost
2022-03-28 06:44:48 -07:00
Kubernetes Prow Robot
c239b406f0
Merge pull request #108929 from gnufied/move-expansion-feature-gate-ga
Move all volume expansion feature gates to GA
2022-03-25 18:08:16 -07:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Kun Zhang
6f8e9aa05d Fixes exited messages when leaderelection lost 2022-03-24 17:33:16 +08:00
Kubernetes Prow Robot
14e8db067e
Merge pull request #108191 from ravisantoshgudimetla/wire-cert-contexts
Wire cert contexts
2022-03-23 11:20:17 -07:00
Ravi Gudimetla
72a62f47f7 Wire context for cert controllers
All the controllers should use context for signalling termination of communication with API server. Once kcm cancels context all the cert controllers which are started via kcm should cancel the APIServer request in flight instead of hanging around.
2022-03-07 10:19:45 -05:00
ialidzhikov
9c7c7cca24 kube-controller-manager: Cleanup MarkDeprecared call for already removed flag
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2022-03-05 12:53:44 +02:00
Kubernetes Prow Robot
d7d121999d
Merge pull request #108480 from wojtek-t/log_golang_envs
Log main golang runtime env vars
2022-03-04 00:10:51 -08:00
Wojciech Tyczyński
ef2e32ab65 Log main golang runtime env vars 2022-03-04 08:04:02 +01:00
ialidzhikov
a444eb60d7 kube-controller-manager: Remove the deprecated --experimental-cluster-signing-duration flag
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2022-03-03 08:47:49 +02:00
Shihang Zhang
fb6c727fde no auto-generation of secret-based service account token 2022-02-23 14:17:30 -08:00
ravisantoshgudimetla
65ff81757d Wire contexts to Disruption controllers 2022-02-04 10:32:04 -05:00
ahrtr
972dc46a1f replace deprecated io/ioutil with os and io for cmd 2022-02-01 13:59:41 +08:00
Davanum Srinivas
ba1f853b5a
Add mwielgus back
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-01-10 09:02:53 -05:00
Davanum Srinivas
9682b7248f
OWNERS cleanup - Jan 2021 Week 1
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-01-10 08:14:29 -05:00
Kubernetes Prow Robot
28bda67fb2
Merge pull request #105721 from yxxhero/optimize_controllermanger_cobra_param
Optimize Cobra parameters of Controller Manager
2022-01-04 11:26:50 -08:00
Kubernetes Prow Robot
1426587e08
Merge pull request #106436 from dims/cleanup-owners-files-no-activity-in-a-year
Cleanup OWNERS files (No Activity in the last year)
2021-12-15 12:07:51 -08:00
Davanum Srinivas
497e9c1971
Cleanup OWNERS files (No Activity in the last year)
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2021-12-15 10:34:02 -05:00
Kubernetes Prow Robot
90110f71cb
Merge pull request #106256 from ardaguclu/use-serve-with-listener-stopped
Rename ServeWithListenerStopped to Serve in secure_serving
2021-12-13 07:35:58 -08:00
Davanum Srinivas
9405e9b55e
Check in OWNERS modified by update-yamlfmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2021-12-09 21:31:26 -05:00
Jian Zeng
c73d96ac87
refactor: remove the insecure flags in controller-manager
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
2021-12-08 10:50:12 +08:00
Oksana Naumov
3af11fc12d Add support for Portworx to csi-translation lib
Signed-off-by: Oksana Naumov <trierra.dev@gmail.com>
2021-11-16 13:26:09 -08:00
Kubernetes Prow Robot
6d1d8c73ee
Merge pull request #106316 from josephburnett/controller-v2
Watch HPA v2 instead of v1.
2021-11-16 06:41:38 -08:00
Joseph Burnett
711f96e05e Watch HPA v2 instead of v1. 2021-11-16 11:13:21 +01:00
Kubernetes Prow Robot
66c342ba63
Merge pull request #95361 from humblec/rbd-migration
RBD in-tree plugin migration to CSI driver using migration translation lib
2021-11-15 19:53:25 -08:00
Humble Chirammal
7c40eb9ae0 Add support for rbd plugin to csi-translation-lib
In support of csi-migration proposal here:
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/csi-migration.md

Will help with migration of in-tree RBD plugin ( kubernetes.io/rbd)
to RBD CSI driver ( rbd.csi.ceph.com ).

Fixes https://github.com/kubernetes/enhancements/issues/2923

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-11-15 23:46:29 +05:30
Kubernetes Prow Robot
2bd67845d4
Merge pull request #105550 from damemi/wire-contexts-rbac
Wire contexts to RBAC controllers
2021-11-11 15:15:25 -08:00
Mike Dame
80c01707e0
Wire contexts to Batch controllers (#105491)
* Wire contexts to Batch controllers

* (hold) feedback + updates that overlap with Apps controllers

* fixup errors
2021-11-10 14:56:46 -08:00
Arda Güçlü
a8d2b3a792 Rename ServeWithListenerStopped to Serve in secure_serving
This PR removes Serve function and uses all required places
ServeWithListenerStopped which takes place new Serve function.

This function returns ListenerStopped channel can be used to drain
requests before shutting down the server.
2021-11-08 17:20:31 +03:00
Kubernetes Prow Robot
dc93951ad0
Merge pull request #106090 from pohly/log-v-flags
component-base: move v/vmodule/log-flush-frequency into LoggingConfiguration
2021-11-04 12:34:34 -07:00
Kubernetes Prow Robot
5446b89857
Merge pull request #104470 from pacoxu/patch-4
Remove GAed feature gate CronJobControllerV2
2021-11-03 06:40:58 -07:00
Patrick Ohly
4df70dfd41 component-base: initialize logging as soon as possible
In various places log messages where emitted as part of validation or even
before it (for example, cli.PrintFlags). Those log messages did not use the
final logging configuration, for example text output instead of JSON or not the
final verbosity. The last point became more obvious after moving the setup of
verbosity into logs.Options.Apply because PrintFlags never printed anything
anymore.

In order to force applications to deal with logging as soon as possible, the
Options.Validate and Options.Apply methods are now private. Applications should
use the new Options.ValidateAndApply directly after parsing.
2021-11-03 11:55:54 +01:00
Patrick Ohly
3948cb8d1b component-base: move v/vmodule/log-flush-frequency into LoggingConfiguration
These three options are the ones from logs.AddFlags which are not deprecated.
Therefore it makes sense to make them available also via the configuration file
support in the one command which currently supports that (kubelet).

Long-term, all commands should use LoggingConfiguration, either with a
configuration file (as in kubelet) or via flags (kube-scheduler,
kube-apiserver, kube-controller-manager).

Short-term, both approaches have to be supported. As the majority of the
commands only use logs.AddFlags, that function by default continues to register
the flags and only leaves that to Options.AddFlags when explicitly requested.

A drive-by bug fix is done for log flushing: the periodic flushing called
klog.Flush and therefore missed explicit flushing of the newer logr
backend. This bug was never present in any release Kubernetes and therefore the
fix is not submitted in a separate PR.
2021-11-03 07:41:46 +01:00
Kubernetes Prow Robot
aa0ea62489
Merge pull request #104903 from ikeeip/storageobjectinuseprotection_feature_ga_cleanup
Remove StorageObjectInUseProtection feature gate logic
2021-11-02 20:22:57 -07:00
Kubernetes Prow Robot
3fdeb490e0
Merge pull request #105510 from damemi/wire-contexts-bootstrap
Wire contexts to Bootstrap controllers
2021-11-02 14:27:42 -07:00
Konstantin Misyutin
808c8f42d5 Remove StorageObjectInUseProtection feature gate logic
This feature has graduated to GA in v1.11 and will always be
enabled. So no longe need to check if enabled.

Signed-off-by: Konstantin Misyutin <konstantin.misyutin@huawei.com>
2021-11-03 00:13:50 +03:00
Mike Dame
4960d0976a Wire contexts to Core controllers 2021-11-01 10:29:00 -04:00
Kubernetes Prow Robot
c592bd40f2
Merge pull request #105609 from pohly/generic-ephemeral-volume-ga
generic ephemeral volume GA
2021-10-28 17:36:50 -07:00
yxxhero
feaa78380c Optimize Cobra parameters of Controller Manager
Signed-off-by: yxxhero <aiopsclub@163.com>
2021-10-17 18:57:23 +08:00
Kubernetes Prow Robot
3aafe75698
Merge pull request #105461 from damemi/wire-contexts-autoscaling
Wire contexts to Autoscaling controllers
2021-10-14 06:59:33 -07:00
Kubernetes Prow Robot
f27e4714ba
Merge pull request #105377 from damemi/wire-contexts-apps
Wire contexts to Apps controllers
2021-10-14 06:59:19 -07:00
Mike Dame
41fcb95f2f Wire contexts to Apps controllers 2021-10-13 16:32:13 -04:00
Mike Dame
7780024916 Wire contexts to Autoscaling controllers 2021-10-12 14:34:05 -04:00
Patrick Ohly
a8c930ef46 generic ephemeral volume: graduation to GA
The feature gate gets locked to "true", with the goal to remove it in two
releases.

All code now can assume that the feature is enabled. Tests for "feature
disabled" are no longer needed and get removed.

Some code wasn't using the new helper functions yet. That gets changed while
touching those lines.
2021-10-11 20:54:20 +02:00
Sahil Vazirani
3988405c8d
GA TTLAfterFinish 2021-10-07 16:58:50 -07:00
Mike Dame
3f0b6d390c Wire contexts to RBAC controllers 2021-10-07 15:04:49 -04:00
Mike Dame
6ce2924818 Wire contexts to Bootstrap controllers 2021-10-06 10:27:32 -04:00
Kubernetes Prow Robot
82da9bdaab
Merge pull request #105076 from pohly/log-flush-frequency-bug
initialize logging after flag parsing + refactor commands
2021-10-01 14:30:18 -07:00
Patrick Ohly
00e4a599f6 command lines: always show flags with hyphens
All Kubernetes commands should show flags with hyphens in their help text even
when the flag originally was defined with underscore. Converting a command to
this style is not breaking its command line API because the old-style parameter
with underscore is accepted as alias.

The easiest solution to achieve this is to set normalization shortly before
running the command in the new central cli.Run or the few places where that
function isn't used yet.

There may be some texts which depends on normalization at flag definition time,
like the --logging-format usage warning. Those get generated assuming that
hyphens will be used.
2021-09-30 13:46:49 +02:00
Patrick Ohly
21d1bcd6b8 initialize logging after flag parsing
It wasn't documented that InitLogs already uses the log flush frequency, so
some commands have called it before parsing (for example, kubectl in the
original code for logs.go). The flag never had an effect in such commands.

Fixing this turned into a major refactoring of how commands set up flags and
run their Cobra command:

- component-base/logs: implicitely registering flags during package init is an
  anti-pattern that makes it impossible to use the package in commands which
  want full control over their command line. Logging flags must be added
  explicitly now, something that the new cli.Run does automatically.

- component-base/logs: AddFlags would have crashed in kubectl-convert if it
  had been called because it relied on the global pflag.CommandLine. This
  has been fixed and kubectl-convert now has the same --log-flush-frequency
  flag as other commands.

- component-base/logs/testinit: an exception are tests where flag.CommandLine has
  to be used. This new package can be imported to add flags to that
  once per test program.

- Normalization of the klog command line flags was inconsistent. Some commands
  unintentionally didn't normalize to the recommended format with hyphens. This
  gets fixed for sample programs, but not for production programs because
  it would be a breaking change.

This refactoring has the following user-visible effects:

- The validation error for `go run ./cmd/kube-apiserver --logging-format=json
  --add-dir-header` now references `add-dir-header` instead of `add_dir_header`.

- `staging/src/k8s.io/cloud-provider/sample` uses flags with hyphen instead of
  underscore.

- `--log-flush-frequency` is not listed anymore in the --logging-format flag's
  `non-default formats don't honor these flags` usage text because it will also
  work for non-default formats once it is needed.

- `cmd/kubelet`: the description of `--logging-format` uses hyphens instead of
  underscores for the flags, which now matches what the command is using.

- `staging/src/k8s.io/component-base/logs/example/cmd`: added logging flags.

- `apiextensions-apiserver` no longer prints a useless stack trace for `main`
  when command line parsing raises an error.
2021-09-30 13:46:49 +02:00
Paco Xu
444001ed44 Remove GAed feature gate CronJobControllerV2 2021-09-30 13:49:51 +08:00
Mike Dame
bfd7f72e9b Remove Stop from ControllerContext and pass ctx.Done 2021-09-27 09:16:38 -04:00
Mike Dame
80dcf7df1b Update controller initializer funcs to take Context 2021-09-27 09:16:36 -04:00
Khaled Henidak (Kal)
a53e2eaeab
move IPv6DualStack feature to stable. (#104691)
* kube-proxy

* endpoints controller

* app: kube-controller-manager

* app: cloud-controller-manager

* kubelet

* app: api-server

* node utils + registry/strategy

* api: validation (comment removal)

* api:pod strategy (util pkg)

* api: docs

* core: integration testing

* kubeadm: change feature gate to GA

* service registry and rest stack

* move feature to GA

* generated
2021-09-24 16:30:22 -07:00
Kubernetes Prow Robot
5e2ec0c575
Merge pull request #104913 from pohly/generic-ephemeral-pvc-protection
kube-controller-manager: properly check generic ephemeral volume feature
2021-09-14 15:26:59 -07:00
Maciej Borsz
f469358a5f Increase QPS in gc controller. 2021-09-14 15:31:11 +02:00
Patrick Ohly
3af6b94b1c kube-controller-manager: properly check generic ephemeral volume feature
Due to a cut-and-paste error in the original implementation in Kubernetes 1.19,
support for generic ephemeral inline volumes in the PVC protection controller
was incorrectly tied to the "storage object in use" feature gate.
2021-09-10 16:48:32 +02:00
Jiahui Feng
f6028618e2 use controller healthz
in KCM and CCM.
2021-09-01 15:26:37 -07:00
Jiahui Feng
8f5771d243 use common controller interface in KCM. 2021-08-25 13:29:03 -07:00
Stephen Augustus
481cf6fbe7
generated: Run hack/update-gofmt.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2021-08-24 15:47:49 -04:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Kubernetes Prow Robot
7ab3e3c8c3
Merge pull request #102981 from SataQiu/add-ephemeral-config-v1alpha1
Add --concurrent-ephemeralvolume-syncs flag for kube-controller-manager
2021-08-05 20:55:12 -07:00
SataQiu
7fa0b9b6c1 add --concurrent-ephemeralvolume-syncs flag for kube-controller-manager 2021-07-25 21:36:57 +08:00
Pingan2017
bf9f3dc7b3 deprecate unused option deployment-controller-sync-period for deployment controller 2021-07-07 15:40:12 +08:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
883cacde77
Merge pull request #101413 from songxiao-wang87/run-test6
Structured Logging migration: modify policy part logs of kube-controller-manager.
2021-06-28 02:19:25 -07:00
Mengjiao Liu
90df026709 JSON log format registration for kube-controller-manager 2021-06-10 07:30:30 +08:00
Kubernetes Prow Robot
29a8105cec
Merge pull request #101272 from Jiawei0227/deprecateflag
Remove CSIMigrationvSphereComplete flag
2021-06-05 10:40:38 -07:00
Kubernetes Prow Robot
e6a8bc9fbe
Merge pull request #90368 from serathius/remove-legacy-metrics
Remove legacy metrics client from podautoscaler
2021-06-05 08:44:38 -07:00
Marek Siarkowicz
4ebc0c94a4 Remove legacy metrics client from podautoscaler 2021-06-04 23:06:32 +02:00
chenyw1990
ade167e53a Delete AvailableResources judgment for GA features 2021-05-31 11:13:15 +08:00
Kubernetes Prow Robot
2117d85c81
Merge pull request #102200 from sanwishe/simplifyboolexpr
simplify return boolean value expression
2021-05-26 13:46:11 -07:00
Danil-Grigorev
5d57b3794c Add DisableCloudProviders FG
FeatureGate acts as a secondary switch to disable cloud-controller loops
in KCM, Kubelet and KAPI.

Provide comprehensive logging information to users, so they will be
guided in adoption of out-of-tree cloud provider implementation.
2021-05-21 16:09:44 +02:00
sanwishe
e8f69398c3 simplify return boolean value expression in cmd/kube-controller-manager/app/certificates.go 2021-05-21 14:38:31 +08:00
Jiawei Wang
94db1e18ba Remove scaleio from volume plugins 2021-05-19 10:35:21 -07:00
Kubernetes Prow Robot
7563d3092e
Merge pull request #96216 from knight42/refactor/disable-insecure-port-in-ctrler-mgr
refactor: disable insecure serving in controller-manager
2021-05-10 13:49:36 -07:00
Jiawei Wang
fa1a4100c6 Remove CSIMigrationVSphereComplete flag 2021-05-04 21:38:47 -07:00
Jian Zeng
e481d99965
refactor: disable insecure serving in controller-manager
Now the following flags have no effect and would be removed in v1.24:
* `--port`
* `--address`

The insecure port flags `--port` may only be set to 0 now.

Signed-off-by: Jian Zeng <zengjian.zj@bytedance.com>
2021-05-03 00:01:49 +08:00
songxiao-wang87
a3b2e35d70 Making a run test.
Signed-off-by: songxiao-wang87 <wang.xiaosong23@zte.com.cn>
2021-04-23 16:33:08 +08:00
Kubernetes Prow Robot
fe88bdc1ab
Merge pull request #101304 from wangyx1992/capatial-log-controller
cleanup: fix errors in wrapped format and log capitalization in controller
2021-04-22 15:55:52 -07:00
BinacsLee
75dde4dce4 code cleanup: Abstract repetitive codes in cmd as a function 2021-04-22 23:35:04 +08:00
wangyx1992
fd51e654af cleanup: fix errors in wrapped format and log capitalization in controller
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
2021-04-22 15:40:54 +08:00
Kubernetes Prow Robot
24350a922e
Merge pull request #101086 from enj/enj/i/auth_owners_gen
Prune stale entries from OWNERS files
2021-04-15 08:27:50 -07:00
Kubernetes Prow Robot
dc2020eb9d
Merge pull request #100959 from p0lyn0mial/upstream-delegated-authn-timeout
DelegatingAuthenticationOptions: TokenReview request timeout
2021-04-14 18:20:09 -07:00
Lukasz Szaszkiewicz
a7bc51212a Revert "KCM: specifies the upper-bound timeout limit for outgoing requests"
This reverts commit 662cc70c70.
2021-04-14 14:06:01 +02:00
Monis Khan
91241eac9b
Prune stale entries from OWNERS files
Signed-off-by: Monis Khan <mok@vmware.com>
2021-04-13 20:54:50 -04:00
Lukasz Szaszkiewicz
d690d71d27 DelegatingAuthenticationOptions TokenReview request timeout
it turns out that setting a timeout on HTTP client affect watch requests made by the delegated authentication component.
with a 10 second timeout watch requests are being re-established exactly after 10 seconds even though the default request timeout for them is ~5 minutes.

this is because if multiple timeouts were set, the stdlib picks the smaller timeout to be applied, leaving other useless.
for more details see a937729c2c/src/net/http/client.go (L364)

instead of setting a timeout on the HTTP client we should use context for cancellation.
2021-04-13 16:53:59 +02:00
Kubernetes Prow Robot
c94a2f75e6
Merge pull request #99358 from p0lyn0mial/kcm-timeout
KCM: specifies the upper-bound timeout limit for outgoing requests
2021-04-08 14:28:07 -07:00
chenyw1990
e2020f62ac add normalize function to global FlagSet 2021-03-18 09:23:52 +08:00
Indeed
2a73fdf9ea refactor run to use a callback instead. 2021-03-09 14:58:35 -08:00
Indeed
ba47f60e4b change filter to return a FilterResult. 2021-03-09 14:58:35 -08:00
Indeed
e8479414ab extract common code for the main lock. 2021-03-09 14:58:35 -08:00
Indeed
3362918f8f extract electAndRun to a top-level func. 2021-03-09 14:58:35 -08:00
Indeed
721b1822d6 implementation of leader migration. 2021-03-09 14:46:52 -08:00
Indeed
68ebe29529 fix leader migration options not applied
to kube-controller-manager or cloud-controller-manager
2021-03-09 14:46:52 -08:00
Morten Torkildsen
21fba79d45 Promote PDBs to GA 2021-03-09 10:29:11 -05:00
Jan Safranek
219cbc818a Refactor CSI migration plugin manager to get featureGates as a parameter
This allows caller to provide fake ones for testing of various corner cases
(migration on A/D controller disabled while enabled on kubelet).
2021-03-08 13:50:01 +01:00
Swetha Repakula
108fd44f7c Graduate EndpointSlice feature gate to GA 2021-03-06 15:58:47 -08:00
Swetha Repakula
1925d94b18 Graduate EndpointSlice Controllers to GA
- EndpointSlice controller will stop writing to Topology field
 - EndpointSlice controller will only provide NodeName and Zone on
 EndpointSlices
2021-03-06 15:58:47 -08:00
Maciej Szulik
78f51f8fa5
Switch cronjob controller to batch/v1 2021-03-05 14:03:34 +01:00
David Eads
8b55bdc405 increase discovery burst for kube-controller-manager 2021-03-03 10:41:34 -05:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Monis Khan
343a3d1882
csr signers: increase the number of workers
This change updates the number of workers that the CSR signing
controllers use.  If a large number of certificates (especially
short lived ones) are approved at the same time, it can take the
signing controllers a long time to process them serially.  The
NewCSRSigningController logic is already go routine safe.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-24 15:50:52 -05:00
Lukasz Szaszkiewicz
662cc70c70 KCM: specifies the upper-bound timeout limit for outgoing requests
Previously no timeout was set.
Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
2021-02-23 13:08:19 +01:00
Shihang Zhang
cbf6e38bbd move RootCAConfigMap to ga 2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot
186f934e4c
Merge pull request #98346 from mortent/checkForScalePDBs
Check if resources implement scale in disruption controller
2021-02-22 13:58:03 -08:00
Shihang Zhang
1095778dcc remove secret-based sa token client builder 2021-02-21 22:00:40 -08:00
Nikhita Raghunath
6cef3a4e33 *: remove nikhiljindal from OWNERS 2021-02-16 10:59:26 +05:30
Nikhita Raghunath
6b12c96a9b *: remove madhusudancs from reviewers 2021-02-16 10:59:26 +05:30
Nikhita Raghunath
b11516d69f *: move gmarek to emeritus_approvers 2021-02-16 10:59:19 +05:30
Morten Torkildsen
96ea28aa77 Check if resources implement scale in disruption controller 2021-02-03 20:19:35 -08:00
Kubernetes Prow Robot
d2659101bf
Merge pull request #98325 from deads2k/update-default-authorizer
Update delegated authorization options default to eliminate unnecessary SARs
2021-02-02 11:38:28 -08:00
Kubernetes Prow Robot
c04058418f
Merge pull request #98243 from Jiawei0227/unregister-plugin
Disable in-tree plugin without enabling CSI migration
2021-01-29 12:59:48 -08:00
David Eads
62230d3c46 update delegated authz defaults in kube binaries 2021-01-26 12:53:24 -05:00
Jiawei Wang
bda557b4bc Disable in-tree plugin without enabling CSI migration
This commit replaces the CSIMigrationXXXComplete flag
with InTreePluginXXUnregister flag. This new flag will
be a superset of the CSIMigrationXXXComplete. But this
decouple the plugin unregister from CSI migration. So
if a K8s distribution want to go directly with CSI and
do not support in-tree, they can use this flag directly.

Testing:
1. Enable the InTreePluginXXUnregister and not CSIMigrationXXX,
verify that the PVC using old plugin name will have error
saying cannot find the plugin
2. Enable both the InTreePluginXXUnregister and CSIMigrationXXX
verify that the PVC using old plugin name will start to use
the migrated CSI plugin
2021-01-22 16:58:51 -08:00
Jakub Przychodzeń
87924e53f0 [kube-controller-manager] Lower timeout for leaderelection resourcelock
Migrate how resource lock and leader election config is generated to new way, hidding kubeClient. This also halfs kubeClient timeout, making it an useful value.

If timeout is equal to RenewDeadline and we hit client timeout on request, there will be no retry, as RenewDeadline part will cancel the context and lose leader election. So setting a timeout to value at least equal to RenewDeadline is pointless.

Setting it as half of RenewDeadline is a heuristic to resolve this missing retry problem without adding additional parameter.
2021-01-14 10:49:42 +01:00
ialidzhikov
bc432124a2 Remove CSINodeInfo feature gate
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2020-12-10 09:58:22 +02:00
Jordan Liggitt
09bdf76b8a Plumb event recorder to garbage collector controller 2020-11-17 10:42:45 -05:00
Kubernetes Prow Robot
da75c26648
Merge pull request #95978 from roycaihw/storage-version/gc
Storage version garbage collector
2020-11-12 18:36:37 -08:00
Haowei Cai
f675dac440 generated 2020-11-12 16:25:22 -08:00
Haowei Cai
ee9ace14c2 add storage version garbage collector 2020-11-12 16:21:00 -08:00
Kubernetes Prow Robot
e38b1b94f8
Merge pull request #96399 from andrewsykim/service-config
move service controller config to k8s.io/cloud-provider/controllers/service/config
2020-11-12 11:21:57 -08:00
Alay Patel
38bb53555e update violation_exceptions.list and make generated 2020-11-10 17:32:06 -05:00
Alay Patel
8d7dd4415e add cronjob_controllerv2.go 2020-11-10 17:32:06 -05:00
Andrew Sy Kim
b1e0decce1 move service controller config to k8s.io/cloud-provider/controllers/service/config
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-11-10 14:59:44 -05:00
Kubernetes Prow Robot
b1b627072a
Merge pull request #96217 from p0lyn0mial/delegated-authn-webhook-token-timeout
DelegatingAuthenticationOptions TokenReview client timeout
2020-11-06 11:29:16 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Lukasz Szaszkiewicz
7340c3498a DelegatingAuthenticationOptions: allows for setting a timeout for the TokenReview client that is used by for the webhook authenticator
Previously no timeout was set. Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
When no timeout was specified a default one will be applied.
2020-11-04 13:40:33 +01:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
2020-11-01 10:18:25 -05:00
Kubernetes Prow Robot
bf67247124
Merge pull request #93258 from zshihang/token
mv TokenRequest and TokenRequestProjection to GA
2020-10-30 16:36:51 -07:00
Kubernetes Prow Robot
4b65f70652
Merge pull request #95740 from cici37/moveCCM
Move cloud-controller-manager to staging k8s.io/cloud-provider
2020-10-30 13:48:51 -07:00
cici37
9465d95ea6 Move CCM to staging k8s.io/cloud-provider 2020-10-29 20:50:23 -07:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
cici37
a91a2cdad6 Move informer_factory to staging 2020-10-29 12:20:33 -07:00
Kubernetes Prow Robot
4df8d97af0
Merge pull request #95725 from p0lyn0mial/delegated-authz-sar-timeout
sets explicit timeout for SubjectAccessReview client
2020-10-27 03:37:59 -07:00
Khaled Henidak (Kal)
6675eba3ef
dual stack services (#91824)
* api: structure change

* api: defaulting, conversion, and validation

* [FIX] validation: auto remove second ip/family when service changes to SingleStack

* [FIX] api: defaulting, conversion, and validation

* api-server: clusterIPs alloc, printers, storage and strategy

* [FIX] clusterIPs default on read

* alloc: auto remove second ip/family when service changes to SingleStack

* api-server: repair loop handling for clusterIPs

* api-server: force kubernetes default service into single stack

* api-server: tie dualstack feature flag with endpoint feature flag

* controller-manager: feature flag, endpoint, and endpointSlice controllers handling multi family service

* [FIX] controller-manager: feature flag, endpoint, and endpointSlicecontrollers handling multi family service

* kube-proxy: feature-flag, utils, proxier, and meta proxier

* [FIX] kubeproxy: call both proxier at the same time

* kubenet: remove forced pod IP sorting

* kubectl: modify describe to include ClusterIPs, IPFamilies, and IPFamilyPolicy

* e2e: fix tests that depends on IPFamily field AND add dual stack tests

* e2e: fix expected error message for ClusterIP immutability

* add integration tests for dualstack

the third phase of dual stack is a very complex change in the API,
basically it introduces Dual Stack services. Main changes are:

- It pluralizes the Service IPFamily field to IPFamilies,
and removes the singular field.
- It introduces a new field IPFamilyPolicyType that can take
3 values to express the "dual-stack(mad)ness" of the cluster:
SingleStack, PreferDualStack and RequireDualStack
- It pluralizes ClusterIP to ClusterIPs.

The goal is to add coverage to the services API operations,
taking into account the 6 different modes a cluster can have:

- single stack: IP4 or IPv6 (as of today)
- dual stack: IPv4 only, IPv6 only, IPv4 - IPv6, IPv6 - IPv4

* [FIX] add integration tests for dualstack

* generated data

* generated files

Co-authored-by: Antonio Ojea <aojea@redhat.com>
2020-10-26 13:15:59 -07:00
Lukasz Szaszkiewicz
2160cbc53f DelegatingAuthorizationOptions: exposes and sets a default timeout for SubjectAccessReview client
previously no timeout was set. Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
2020-10-26 17:11:59 +01:00
Kubernetes Prow Robot
1257bc5acb
Merge pull request #91474 from cici37/pkgController
Cleanup CCM dependencies
2020-10-22 23:17:45 -07:00
Kubernetes Prow Robot
3175b59ac2
Merge pull request #94489 from ialidzhikov/fix/volume-expand
Do not assume storageclass is still in-tree after csi migration
2020-10-19 15:08:07 -07:00
cici37
95acec5a3b Move client_builder to k8s.io/controller-manager 2020-10-19 14:48:22 -07:00
cici37
ae8ce0d190 Move cmd/controller-manager to k8s.io/controller-manager and cloud specific configs to k8s.io/cloud-provider. 2020-10-08 13:23:16 -07:00
ialidzhikov
3bc560225e Do not assume storageclass is still in-tree after csi migration
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2020-09-19 17:33:19 +03:00
Kubernetes Prow Robot
b86e725694
Merge pull request #91785 from mattcary/filtereddial
Specify a DialContext in storage plugin clients
2020-09-18 15:08:27 -07:00
wfender
bb58d95f0b Add cheftako to KCM owners. 2020-09-18 09:39:07 -07:00
Matthew Cary
f2e23afcf1 Adds filtering of hosts to DialContexts.
The provided DialContext wraps existing clients' DialContext in an attempt to
preserve any existing timeout configuration. In some cases, we may replace
infinite timeouts with golang defaults.

- scaleio: tcp connect/keepalive values changed from 0/15 to 30/30
- storageos: no change
2020-09-18 00:07:32 +00:00