For LoadBalancer type service:
- Verifies corresponding firewall rule has correct sourceRanges, ports
& protocols, target tags.
- Verifies requests can reach all expected instances.
- Verifies requests can not reach instances that are not included.
For Ingress resrouce:
- Verifies the ingress firewall rule has correct sourceRanges, target
tags and tcp ports.
For general e2e cluster:
- Verifies all required firewall rules has correct sourceRange, ports
& protocols, source tags and target tags.
- Verifies well know ports on master and nodes are not
exposed externally
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)
InodeEviction Test failing because of docker race condition.
The inode eviciton test was failing because of a bug in docker/docker#21215.
Inode eviction test triggers garbage collection of images, which causes an error if kubernetes tries to "docker images list" at the same time.
This is not relevant to the inode eviction test, so do not cause the test to fail if this race occurs.
@Random-Liu
Automatic merge from submit-queue (batch tested with PRs 38888, 38895)
Bundle federation/develop directory in the test tarball for federation testing.
cc @kubernetes/sig-federation-misc
Automatic merge from submit-queue
Use daemonset in docker registry add on
When using registry add on with kubernetes cluster it will be right to use `daemonset` to bring up a pod on each node of cluster, right now the docs suggests to bring up a pod on each node manually by dropping the pod manifests into directory `/etc/kubernetes/manifests`.
Automatic merge from submit-queue
use in-cluster kubeconfig for genericapiserver
Allow the use of the in-cluster config to communicate with the core API server for delegated authn/authz for an addon API server.
@kubernetes/sig-api-machinery @sttts
Automatic merge from submit-queue
Don't check nodeport for nginx ingress
Services behind a standard nginx ingress don't need nodeport, so don't check that.
Automatic merge from submit-queue (batch tested with PRs 38730, 37299)
[scheduling] Moved node affinity from annotations to api fields. #35518
Converted node affinity from annotations to api fields
Fixes: #35518
Related: #25319
Related: #34508
**Release note**:
```release-note
Node affinity has moved from annotations to api fields in the pod spec. Node affinity that is defined in the annotations will be ignored.
```
Extracted delete operations into functions
wait on pv/pvc bind
removed redundant verification, minor refactors
GCEPD: fixed typo
name verifyDiskAttached to verifyGCEDiskAttached
fix empty log msg
Updated test owners
removed unnecessary api calls
Check for apierr IsNotFound for pod,pv,pvc but ignore result
Disable dynamic provisioning in test PVCs
gofmt'd
Automatic merge from submit-queue
Automatically download missing kube binaries in kube-up/kube-down.
**What this PR does / why we need it**: some users extract `kubernetes.tar.gz` and then immediately call `cluster/kube-up.sh` without first calling the new `cluster/get-kube-binaries.sh` script. As a result, the cluster fails to start, but it's not immediately clear why binaries are missing.
This PR streamlines this workflow by detecting this condition and prompting the user to download necessary binaries (using `cluster/get-kube-binaries.sh`).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#38725
cc @arun-gupta @christian-posta
from etcd.sh split the start process into validate fucntion + start function so that the validate piece can be reused elsewhere. the up-cluster script has been changed to remove duplicate docker logic to the one used in buid-tools/common.sh and the validate etcd function is now used here.
moved docker daemon check function to util.sh and made function name changes and upstream changes.
Automatic merge from submit-queue
Remove dead code in `pkg/registry/generic/registry/store.go`
Fixes#38822
Depending on the intent of the original code, the correct fix may instead be:
```go
if name, ok := p.MatchesSingle(); ok {
key, err := e.KeyFunc(ctx, name)
if err != nil {
return nil, err
}
w, err := e.Storage.Watch(ctx, key, resourceVersion, p)
if err != nil {
return nil, err
}
if e.Decorator != nil {
return newDecoratedWatcher(w, e.Decorator), nil
}
return w, nil
// if we cannot extract a key based on the current context, the optimization is skipped
}
```
Signed-off-by: Monis Khan <mkhan@redhat.com>
cc @deads2k
Automatic merge from submit-queue
genericapiserver: turn APIContainer.SecretRoutes into a real ServeMux
The secret routes `Mux` is actually a `http.ServeMux` and we are type-casting to it. For downstream we want to wrap it into a restful container which also needs a real `http.ServeMux`.
Automatic merge from submit-queue
Fix Recreate for Deployments and stop using events in e2e tests
Fixes https://github.com/kubernetes/kubernetes/issues/36453 by removing events from the deployment tests. The test about events during a Rolling deployment is redundant so I just removed it (we already have another test specifically for Rolling deployments).
Closes https://github.com/kubernetes/kubernetes/issues/32567 (preferred to use pod LISTs instead of a new status API field for replica sets that would add many more writes to replica sets).
@kubernetes/deployment
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)
[Federation] Stop cleaning federation namespace in e2e tests
when --clean-start=true flag is provided to e2e tests it would cleanup all the leftover namespaces except `default` and `kube-system` and because of this when we run e2e tests in federation soak test job, the federation control plane is destroyed before it runs the tests and all tests start to fail.
So adding federation-system to the list of namespace to be left intact and also changed the default federation namespace name from `federation` to `federation-system` to be consistent with the newer method of deploying federation using kubefed.
@madhusudancs @nikhiljindal
Automatic merge from submit-queue (batch tested with PRs 38830, 38750)
Remove the ReadyReplica version guard
**What this PR does / why we need it**: Removes outlived version guards.
**Which issue this PR fixes**: fixes#37310
Automatic merge from submit-queue
[Federation][init-11.2] use USE_KUBEFED env var to choose bw old and new federation deployment
This is continuation of #35961
USE_KUBEFED variable is used for deploying federation control plane. if not defined, federation will be brought up using old method i.e scripts.
Have verified that federation comes up using the old method, using following steps
```
$ export FEDERATION=true
$ export E2E_ZONES="asia-east1-c"
$ export FEDERATION_PUSH_REPO_BASE=gcr.io/<my-project>
$ KUBE_RELEASE_RUN_TESTS=n KUBE_FASTBUILD=true go run hack/e2e.go -v -build
$ build-tools/push-federation-images.sh
$ go run hack/e2e.go -v --up
```
Should merge #35961 before this PR
@madhusudancs
Automatic merge from submit-queue
Migrated fluentd addon to daemon set
fix#23224
supersedes #23306
``` release-note
Migrated fluentd addon to daemon set
```
Automatic merge from submit-queue
Node Conformance Test: Fix report prefix for node conformance test.
The node conformance CI is running now.
The only problem is that junit files overwrite each other because of the lack of junit prefix. http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-conformance/42/artifacts/
This PR fixes this. I've verified in my environment, it works well.
@timstclair