Commit Graph

41141 Commits

Author SHA1 Message Date
Zihong Zheng
b43e2134a2 Adds e2e firewall tests.
For LoadBalancer type service:
- Verifies corresponding firewall rule has correct sourceRanges, ports
  & protocols, target tags.
- Verifies requests can reach all expected instances.
- Verifies requests can not reach instances that are not included.

For Ingress resrouce:
- Verifies the ingress firewall rule has correct sourceRanges, target
  tags and tcp ports.

For general e2e cluster:
- Verifies all required firewall rules has correct sourceRange, ports
  & protocols, source tags and target tags.
- Verifies well know ports on master and nodes are not
  exposed externally
2016-12-16 14:31:30 -08:00
Kubernetes Submit Queue
9010d27108 Merge pull request #38900 from bprashanth/ing_feat
Automatic merge from submit-queue

Remove a space in ingress e2e title
2016-12-16 14:15:59 -08:00
Euan Kemp
9a8c6ac41e cluster/gce/coreos: add OWNERS 2016-12-16 14:08:54 -08:00
Kubernetes Submit Queue
d381ff422f Merge pull request #38895 from dashpole/e2e_node_timeout
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)

InodeEviction Test failing because of docker race condition.

The inode eviciton test was failing because of a bug in docker/docker#21215.
Inode eviction test triggers garbage collection of images, which causes an error if kubernetes tries to "docker images list" at the same time.
This is not relevant to the inode eviction test, so do not cause the test to fail if this race occurs.
@Random-Liu
2016-12-16 13:35:28 -08:00
Kubernetes Submit Queue
29e7096b8e Merge pull request #38888 from madhusudancs/fed-newtest-add-develop
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)

Bundle federation/develop directory in the test tarball for federation testing.

cc @kubernetes/sig-federation-misc
2016-12-16 13:35:26 -08:00
deads2k
9b507e8603 prevent negotation on connections that dont' require it 2016-12-16 16:26:55 -05:00
Madhusudan.C.S
5d8885dc72 [Federation] Remove unnecessary functions from develop.sh as part of deploy.sh deprecation.
This is part of a big refactor to deprecate a short-lived deploy.sh
mechanism that nobody really could use due to bugs.
2016-12-16 13:19:24 -08:00
bprashanth
bfdf1855c7 Remove a space in ingress e2e title 2016-12-16 12:42:18 -08:00
Kubernetes Submit Queue
e3c6ab1c8f Merge pull request #35582 from surajssd/use-daemonset-registry-proxy
Automatic merge from submit-queue

Use daemonset in docker registry add on

When using registry add on with kubernetes cluster it will be right to use `daemonset` to bring up a pod on each node of cluster, right now the docs suggests to bring up a pod on each node manually by dropping the pod manifests into directory `/etc/kubernetes/manifests`.
2016-12-16 12:29:46 -08:00
David Ashpole
5d352439d4 test no longer fails when it fails to get the summary 2016-12-16 11:50:43 -08:00
Kubernetes Submit Queue
faf959b522 Merge pull request #38869 from deads2k/api-52-in-cluster
Automatic merge from submit-queue

use in-cluster kubeconfig for genericapiserver

Allow the use of the in-cluster config to communicate with the core API server for delegated authn/authz for an addon API server.

@kubernetes/sig-api-machinery @sttts
2016-12-16 11:30:27 -08:00
Madhusudan.C.S
6560825390 Bundle federation/develop directory in the test tarball for federation testing. 2016-12-16 11:10:16 -08:00
Kubernetes Submit Queue
84d0fbdb2e Merge pull request #38643 from bprashanth/ing_avoid_nodeport
Automatic merge from submit-queue

Don't check nodeport for nginx ingress

Services behind a standard nginx ingress don't need nodeport, so don't check that.
2016-12-16 10:46:56 -08:00
Kubernetes Submit Queue
9bc98e2a38 Merge pull request #37299 from rrati/node-affinity-api-fields
Automatic merge from submit-queue (batch tested with PRs 38730, 37299)

[scheduling] Moved node affinity from annotations to api fields. #35518

Converted node affinity from annotations to api fields

Fixes: #35518 
Related: #25319
Related: #34508

**Release note**:
```release-note
Node affinity has moved from annotations to api fields in the pod spec.  Node affinity that is defined in the annotations will be ignored.
```
2016-12-16 10:46:25 -08:00
Mike Danese
3a6593c9f1 Revert "daemonset: bail out after we enqueue once" 2016-12-16 10:18:06 -08:00
Jon Cope
e095e1120b Add GCE PD persistent volume test: Check that deleting a PV or PVC prior to deleting the client pod does not cause the pod to fail during its deletion.
Extracted delete operations into functions

wait on pv/pvc bind

removed redundant verification, minor refactors

GCEPD: fixed typo

name verifyDiskAttached to verifyGCEDiskAttached

fix empty log msg

Updated test owners

removed unnecessary api calls

Check for apierr IsNotFound for pod,pv,pvc but ignore result

Disable dynamic provisioning in test PVCs

gofmt'd
2016-12-16 12:07:25 -06:00
Kubernetes Submit Queue
46e5f21676 Merge pull request #38730 from ixdy/download-kube-binaries-if-needed
Automatic merge from submit-queue

Automatically download missing kube binaries in kube-up/kube-down.

**What this PR does / why we need it**: some users extract `kubernetes.tar.gz` and then immediately call `cluster/kube-up.sh` without first calling the new `cluster/get-kube-binaries.sh` script. As a result, the cluster fails to start, but it's not immediately clear why binaries are missing.

This PR streamlines this workflow by detecting this condition and prompting the user to download necessary binaries (using `cluster/get-kube-binaries.sh`).

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #38725

cc @arun-gupta @christian-posta
2016-12-16 10:07:22 -08:00
deads2k
bbcbdaffd1 use in-cluster kubeconfig for genericapiserver 2016-12-16 12:40:33 -05:00
Dr. Stefan Schimanski
7adaac79ca Update bazel 2016-12-16 17:49:23 +01:00
Dr. Stefan Schimanski
423db16bd2 Fix federation unit tests as non-root 2016-12-16 17:49:23 +01:00
Dr. Stefan Schimanski
aa81e1d51d pkg/apiserver: move validation.go into pkg/registry 2016-12-16 17:49:22 +01:00
Dr. Stefan Schimanski
3be6b3c045 pkg/apiserver: remove unused code 2016-12-16 17:47:47 +01:00
Robert Rati
11c577f092 [scheduling] Auto-generated file updates from moving node affinity from
annotations to api fields. #35518
2016-12-16 11:42:43 -05:00
Robert Rati
91931c138e [scheduling] Moved node affinity from annotations to api fields. #35518 2016-12-16 11:42:43 -05:00
Dr. Stefan Schimanski
5e8ca29a76 Clean up apiserver and federation defaulting and validation 2016-12-16 17:23:43 +01:00
Dr. Stefan Schimanski
7267299c3c genericapiserver: move MasterCount and service options into master 2016-12-16 17:23:43 +01:00
Kubernetes Submit Queue
1eb9176455 Merge pull request #38814 from jszczepkowski/ha-validation-fix
Automatic merge from submit-queue

Fixed infinite loop in cluster validation.
2016-12-16 08:06:14 -08:00
Alejandro Escobar
7d9c06f82d local-up-cluster changes: added help option, added error message for why docker ps fails and how to recover, added test to check if etcd is in your path to fail fast when not found.
from etcd.sh split the start process into validate fucntion + start function so that the validate piece can be reused elsewhere. the up-cluster script has been changed to remove duplicate docker logic to the one used in buid-tools/common.sh and the validate etcd function is now used here.

moved docker daemon check function to util.sh and made function name changes and upstream changes.
2016-12-16 07:41:35 -08:00
Kubernetes Submit Queue
08342c1f3e Merge pull request #38825 from enj/enj/i/store_dead_code/38822
Automatic merge from submit-queue

Remove dead code in `pkg/registry/generic/registry/store.go`

Fixes #38822

Depending on the intent of the original code, the correct fix may instead be:

```go
if name, ok := p.MatchesSingle(); ok {
	key, err := e.KeyFunc(ctx, name)
	if err != nil {
		return nil, err
	}
	w, err := e.Storage.Watch(ctx, key, resourceVersion, p)
	if err != nil {
		return nil, err
	}
	if e.Decorator != nil {
		return newDecoratedWatcher(w, e.Decorator), nil
	}
	return w, nil
	// if we cannot extract a key based on the current context, the optimization is skipped
}
```

Signed-off-by: Monis Khan <mkhan@redhat.com>

cc @deads2k
2016-12-16 06:31:12 -08:00
Kubernetes Submit Queue
de3b73bd43 Merge pull request #38826 from sttts/sttts-secret-routes-real-mux
Automatic merge from submit-queue

genericapiserver: turn APIContainer.SecretRoutes into a real ServeMux

The secret routes `Mux` is actually a `http.ServeMux` and we are type-casting to it. For downstream we want to wrap it into a restful container which also needs a real `http.ServeMux`.
2016-12-16 05:51:45 -08:00
Kubernetes Submit Queue
0d80ee0b8d Merge pull request #38767 from kargakis/fix-setting-container-name-in-create-deployment
Automatic merge from submit-queue

kubectl: fix 'create deployment' to set container name correctly

@kubernetes/kubectl @kubernetes/sig-cli
2016-12-16 04:38:22 -08:00
Kubernetes Submit Queue
5b240ca897 Merge pull request #36748 from kargakis/remove-events-from-deployment-tests
Automatic merge from submit-queue

Fix Recreate for Deployments and stop using events in e2e tests

Fixes https://github.com/kubernetes/kubernetes/issues/36453 by removing events from the deployment tests. The test about events during a Rolling deployment is redundant so I just removed it (we already have another test specifically for Rolling deployments).

Closes https://github.com/kubernetes/kubernetes/issues/32567 (preferred to use pod LISTs instead of a new status API field for replica sets that would add many more writes to replica sets).

@kubernetes/deployment
2016-12-16 03:57:02 -08:00
Jerzy Szczepkowski
3dbfa94798 Fixed infinite loop in cluster validation.
Fixed infinite loop in cluster validation when getting nodes failed.
2016-12-16 12:07:26 +01:00
Kubernetes Submit Queue
cf2dc3968b Merge pull request #38750 from shashidharatd/federation-ci
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)

[Federation] Stop cleaning federation namespace in e2e tests

when --clean-start=true flag is provided to e2e tests it would cleanup all the leftover namespaces except `default` and `kube-system` and because of this when we run e2e tests in federation soak test job, the federation control plane is destroyed before it runs the tests and all tests start to fail.

So adding federation-system to the list of namespace to be left intact and also changed the default federation namespace name from `federation` to `federation-system` to be consistent with the newer method of deploying federation using kubefed.

@madhusudancs  @nikhiljindal
2016-12-16 02:16:17 -08:00
Kubernetes Submit Queue
2a619d543f Merge pull request #38830 from krousey/e2eutil
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)

Remove the ReadyReplica version guard

**What this PR does / why we need it**: Removes outlived version guards.

**Which issue this PR fixes**: fixes #37310
2016-12-16 02:16:16 -08:00
Dr. Stefan Schimanski
e49fb2f1f4 genericapiserver: rename SecretRoutes -> UnlistedRoutes 2016-12-16 11:04:29 +01:00
shashidharatd
b58216e333 Stop cleaning federation namespace in e2e tests 2016-12-16 14:21:40 +05:30
Kubernetes Submit Queue
aa454ec740 Merge pull request #37215 from shashidharatd/fed-ci
Automatic merge from submit-queue

[Federation][init-11.2] use USE_KUBEFED env var to choose bw old and new federation deployment

This is continuation of #35961
USE_KUBEFED variable is used for deploying federation control plane. if not defined, federation will be brought up using old method i.e scripts.

Have verified that federation comes up using the old method, using following steps
```
$ export FEDERATION=true
$ export E2E_ZONES="asia-east1-c"
$ export FEDERATION_PUSH_REPO_BASE=gcr.io/<my-project>
$ KUBE_RELEASE_RUN_TESTS=n KUBE_FASTBUILD=true go run hack/e2e.go -v -build
$ build-tools/push-federation-images.sh
$ go run hack/e2e.go -v --up
```
Should merge #35961 before this PR

@madhusudancs
2016-12-16 00:33:35 -08:00
Dr. Stefan Schimanski
df7e711c0a genericapiserver: turn APIContainer.SecretRoutes into a real ServeMux 2016-12-16 09:18:18 +01:00
Kubernetes Submit Queue
87444522d0 Merge pull request #32088 from piosz/fluentd-daemon-set
Automatic merge from submit-queue

Migrated fluentd addon to daemon set

fix #23224
supersedes #23306 

``` release-note
Migrated fluentd addon to daemon set
```
2016-12-15 23:04:40 -08:00
shashidharatd
fd01ed8fdb [Federation][init-11.2] use USE_KUBEFED env var to choose bw old and new federation deployment 2016-12-16 11:22:44 +05:30
Madhusudan.C.S
5a7644c502 [Federation][init-11] Switch federation e2e tests to use the new federation control plane bootstrap via the kubefed init command. 2016-12-16 11:22:44 +05:30
Kubernetes Submit Queue
e2a9fc1022 Merge pull request #38841 from mikedanese/fix-tests
Automatic merge from submit-queue

bazel: fix some unit tests
2016-12-15 20:19:46 -08:00
bprashanth
b7409e0038 Sort critical pods before admission 2016-12-15 18:58:13 -08:00
bprashanth
4fff49bb93 Make kube-proxy a critical pod 2016-12-15 18:58:13 -08:00
bprashanth
afd676d94c Kubelet admits critical pods even under memory pressure 2016-12-15 18:58:09 -08:00
Harry Zhang
b36c5cbbec Enable pod qos for systemd in cri
Check kubelet config with docker config
2016-12-16 10:48:36 +08:00
Kubernetes Submit Queue
5ec2fb0bcc Merge pull request #38845 from Random-Liu/fix-node-conformance-report-prefix
Automatic merge from submit-queue

Node Conformance Test: Fix report prefix for node conformance test.

The node conformance CI is running now.

The only problem is that junit files overwrite each other because of the lack of junit prefix. http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-conformance/42/artifacts/

This PR fixes this. I've verified in my environment, it works well.

@timstclair
2016-12-15 18:45:03 -08:00
Mike Danese
8fdec87d19 bazel: fix some unit tests 2016-12-15 18:36:22 -08:00
Kubernetes Submit Queue
15059e6a5b Merge pull request #38839 from janetkuo/remove-GroupMeta-Codec
Automatic merge from submit-queue (batch tested with PRs 38842, 38839)

Remove GroupMeta.Codec

Fixes #21826
2016-12-15 18:08:15 -08:00