Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue
Add metric for remaining lifetime of certificates authenticating requests
fixes#50778
When incoming requests to the API server are authenticated by a certificate, the expiration of the certificate can affect the validity of the authentication. With auto rotation of certificates, which is starting with kubelet certificates, the goal is to use shorter lifetimes and let the kubelet renew the certificate as desired. Monitoring certificates which are approaching expiration and not renewing would be an early warning sign that nodes are about to stop participating in the cluster.
**Release note**:
```release-note
Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server.
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Support autoprobing subnet-id for openstack cloud provider
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Make removing nodes public for Kubemark controller
The ability to remove a specific node is needed by Cluster Autoscaler to work.
**Release note**:
```
NONE
```
This change refactors various RBAC authorizer functions to be more
flexible in their inputs. This makes it easier to reuse the various
components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 50758, 48057)
continue fix the typo in staging file
**What this PR does / why we need it**:
in kubernetes has left two place to modify the word of explicit,thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50680
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Adds IPv6 test cases for kubeadm certs.
**What this PR does / why we need it**:
Adds IPv6 test cases in support of kubeadm certificate and validation functionality. It's needed to ensure test cases cover IPv6 related networking scenarios.
**Which issue this PR fixes**
This PR is in support of Issue #1443
**Special notes for your reviewer**:
Additional PR's will follow to ensure kubeadm supports IPv6.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Automatic merge from submit-queue (batch tested with PRs 50692, 50727)
remove leaked socket file after unit test
Before this change:
```
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
```
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
Remove packages which aren't relied on by heapster anymore.
**What this PR does / why we need it**:
Do the TODO:
```
// TODO apimachinery remove this empty package. Godep fails without this because heapster relies
// on this package. This will allow us to start splitting packages, but will force
// heapster to update on their next kube rebase.
```
These packages aren't relied on by heapster anymore. This PR removes them. This is a followup of #48410.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #48386#48410
**Special notes for your reviewer**:
/cc @deads2k
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
remove useless comments
**What this PR does / why we need it**:
remove useless comments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49103
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Move List (the type) into metav1 but preserve the exposed type
Make a list something that other components can use without depending on the core API. This does not change the public API exposure of `List` (it is still in `v1`) but makes the interface common across both.
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
fix panic in e2e
**What this PR does / why we need it**:
fix#50660
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
no
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Fix comment of limitranges
**What this PR does / why we need it**:
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Automatic merge from submit-queue (batch tested with PRs 50670, 50332)
e2e test for local storage mount point
**What this PR does / why we need it**:
We discovered that kubernetes can treat local directories and actual mountpoints differently. For example, https://github.com/kubernetes/kubernetes/issues/48331. The current local storage e2e tests use directories.
This PR introduces a test that creates a tmpfs and mounts it, and runs one of the local storage e2e tests.
**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubernetes/issues/49126
**Special notes for your reviewer**:
I cherrypicked PR https://github.com/kubernetes/kubernetes/pull/50177, since local storage e2e tests are broken in master on 2017-08-08 due to "no such host" error. This PR replaces NodeExec with SSH commands.
You can run the tests using the following commands:
```
$ NUM_NODES=1 KUBE_FEATURE_GATES="PersistentLocalVolumes=true" go run hack/e2e.go -- -v --up
$ go run hack/e2e.go -- -v --test --test_args="--ginkgo.focus=\[Feature:LocalPersistentVolumes\]"
```
Here are the summary of results from my test run:
```
Ran 9 of 651 Specs in 387.905 seconds
SUCCESS! -- 9 Passed | 0 Failed | 0 Pending | 642 Skipped PASS
Ginkgo ran 1 suite in 6m29.369318483s
Test Suite Passed
2017/08/08 11:54:01 util.go:133: Step './hack/ginkgo-e2e.sh --ginkgo.focus=\[Feature:LocalPersistentVolumes\]' finished in 6m32.077462612s
```
**Release note**:
`NONE`
Automatic merge from submit-queue
Make kube::util::ensure_clean_working_dir more verbose in log files
Makes it easier to understand why files seem to be changed during CI build, especially
autogenerated files like conversions.
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
Automatic merge from submit-queue
Use nodePortOp for allocating healthCheck nodePort
**What this PR does / why we need it**: Allocate healthCheck nodePort via nodePortOp so that we won't leak port on failure.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49999
**Special notes for your reviewer**:
/assign @xiangpengzhao @thockin
**Release note**:
```release-note
NONE
```
Before this change:
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
vSphere has limitation of 80 characters for vmName.
with vsphere-k8s prefix and "vmdisk.volumeOptions.Name" vmName can become easily bigger than 80 chars.
Used hash funciton just of the "vmdisk.volumeOptions.Name" part as cleanup dummyVm logic depends on prefix "vsphere-k8s"
Automatic merge from submit-queue
Bump Cluster Autoscaler to 0.6.1
Couple minor bugfixes and godep refresh.
Do not merge until I complete the tests.
```release-note
Cluster Autoscaler - fixes issues with taints and updates kube-proxy cpu request.
```
Automatic merge from submit-queue
Fix error message of statefulset test
**What this PR does / why we need it**:
Fix error message of statefulset test
It should be 0 replocas in the error message.
And fix typo from Falied to Failed
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50592
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50694, 50702)
Allow injection of policy in RBAC post start hook
This change allows the RBAC PostStartHook logic to be reused with different policy data when bootstrapping the cluster. Thus any changes to the bootstrap logic are separated from the policy data.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
@kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 50694, 50702)
Fix make cross build failure
**What this PR does / why we need it**:
had to fix the method getSecurityOpts in helpers_windows.go to
match the implementation in helpers_linux.go from commit:
bf01fa2f00
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#50675
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Automatic merge from submit-queue
Adds IPv6 test case to kubeadm bootstrap
**What this PR does / why we need it**:
Adds IPv6 test cases in support of kubeadm bootstrap functionality. It's needed to ensure test cases cover IPv6 related networking scenarios.
**Which issue this PR fixes**
This PR is in support of Issue #1443 and Issue #47666
**Special notes for your reviewer**:
Additional PR's will follow to ensure kubeadm fully supports IPv6.
**Release note**:
```NONE
```
/area ipv6
Automatic merge from submit-queue (batch tested with PRs 50198, 49051, 48432)
New kubectl command: `kubectl set service-account`
**What this PR does / why we need it**:
Adds a command to update serviceaccount of resources with pod template
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes#45147
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50198, 49051, 48432)
move KubeletConfiguration out of componentconfig API group
I'm splitting #44252 into more manageable steps. This step moves the types and updates references.
To reviewers: the most important changes are the removals from pkg/apis/componentconfig and additions to pkg/kubelet/apis/kubeletconfig. Almost everything else is an import or name update.
I have one unanswered question: Should I create a whole new api scheme for Kubelet APIs rather than register e.g. a kubeletconfig group with the default runtime.Scheme instance? This feels like the right thing, as the Kubelet should be exposing its own API, but there's a big fat warning not to do this in `pkg/api/register.go`. Can anyone answer this?
