Automatic merge from submit-queue
Fix deletion of Gluster, Ceph and Quobyte volumes
GetClassForVolume should check pv.spec.storageClassName together with beta annotation.
Fixes#43929
@kubernetes/sig-storage-pr-reviews
```release-note
Fix bug with error "Volume has no class annotation" when deleting a PersistentVolume.
```
Automatic merge from submit-queue
Make Constants Public so that They Can Be Used in an Ext. Provisioner
Out-of-tree external provisioners have the same purpose as in-tree provisioners. As external provisioners work with PV and PVC datastructures it's an advantage to import certain Kubernetes packages instead of copy-pasting the Kubernetes code.
That's why the constants are made public so that they can be used in an external provisioner.
@jsafrane @kubernetes/sig-storage-pr-reviews
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42038, 42083)
Validate ConfigMapRef and SecretRef name
fixes#42037
**Release note**:
```release-note
When creating a container using envFrom,
1. validate the name of the ConfigMap in a ConfigMapRef
2. validate the name of the Secret in a SecretRef
```
Automatic merge from submit-queue (batch tested with PRs 42038, 42083)
Add backup-volfile-servers to mount option.
This feature ensures the `backup servers` in the trusted pool is contacted if there is a failure in the connected server.
Mount option becomes:
mount -t glusterfs -o log-level=ERROR,log-file=/var/lib/kubelet/plugins/kubernetes.io/glusterfs/glustermount/glusterpod-glusterfs.log,backup-volfile-servers=192.168.100.0:192.168.200.0:192.168.43.149 ..
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue
kubectl: Adding IPv6 brackets for IPv6 endpoints
This fixes the lack of IPv6 when printing the IP:Port tuple with kubectl
describe command.
Signed-off-by: André Martins <aanm90@gmail.com>
**What this PR does / why we need it**: This adds IPv6 brackets on IPv6 endpoints when using `kubectl describe service`
**Special notes for your reviewer**: Since the IP is a string I think the fastest way to detect if it's an IPv6 was to check for the presence of : in it. Let me know what you think.
Automatic merge from submit-queue
update pkg/controller/volume/OWNER to add appropriate approvers for both volume controllers
Update pkg/controller/volume approvers so that the attach/detach and binding controllers have approvers.
Automatic merge from submit-queue
test/e2e_node: prepull images with CRI
Part of https://github.com/kubernetes/kubernetes/issues/40739
- This PR builds on top of #40525 (and contains one commit from #40525)
- The second commit contains a tiny change in the `Makefile`.
- Third commit is a patch to be able to prepull images using the CRI (as opposed to run `docker` to pull images which doesn't make sense if you're using CRI most of the times)
Marked WIP till #40525 makes its way into master
@Random-Liu @lucab @yujuhong @mrunalp @rhatdan
Automatic merge from submit-queue
Attach/detach controller: fix potential race in constructor
**What this PR does / why we need it**:
There is a potential race condition in the Attach/detach controller: The "constructor" first installs informer event handlers and then creates and initializes the other data structures. However there is no guarantee an event cannot arrive before the data structures required by the event handlers are ready. This may result in nil pointer derefernces and potential crashes (e.g. the nodeAdd method calls adc.actualStateOfWorld.SetNodeStatusUpdateNeeded even though the actualStateOfWorld might be still nil).
It should be enough just to move the event handlers installation at the end of the constructor function.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix Judgment code in cycle
The 'i' can not be equal to updateNodeStatusMaxRetries in
updateNetworkingCondition(), and can not get error.
Let's update it.
Automatic merge from submit-queue (batch tested with PRs 42325, 43882)
Fix bug of not checking error
Fix bug of not checking error
```release-note
None
```
cc: @shiywang
Automatic merge from submit-queue
Remove unused method from operation_generator
This is only a removal of the GerifyVolumeIsSafeToDetach [sic] method from operation_executor. The method is not called from anywhere, moreover there is a private method named verifyVolumeIsSafeToDetach (which is being used). This looks like a cut&paste mistake that deserves to be cleaned.
```release-note
NONE
```
Automatic merge from submit-queue
refactor getPidsForProcess and change error handling
xref https://github.com/openshift/origin/issues/13262
Right now, failure to read the docker pid from the pid file results in some premature nasty logging. There is still a chance we can get the docker pid from `procfs.PidOf()`. If that fails we should just log at `V(4)` rather than `runtime.HanldeError()`.
This PR refactors `getPidsForProcess()` to wait until both methods for determining the pid fail before logging anything.
@smarterclayton @ncdc @derekwaynecarr
Automatic merge from submit-queue
Make RBAC post-start hook conditional on RBAC authorizer being used
Makes the RBAC post-start hook (and reconciliation) conditional on the RBAC authorizer being used
Ensures we don't set up unnecessary objects.
```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
Don't use global rand for nodeport and IP allocs
Seed it at construction.
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
accurate hint
accurate hint
same err hint (Error adding network) in one method,cann't position problem
Automatic merge from submit-queue
Curate owners for pkg/volume/aws_ebs
The previous list was algorithmically generated; applying some curation.
```release-note
NONE
```
Automatic merge from submit-queue
Implement API usage metrics for gce storage
**What this PR does / why we need it**:
This PR implements support for emitting metrics from GCE about storage operations.
**Which issue this PR fixes**
Fixes https://github.com/kubernetes/features/issues/182
**Release note**:
```
Add support for emitting metrics from GCE cloudprovider about storage operations.
```
Automatic merge from submit-queue
Print dereferenced pod status fields when logging status update
Before: "Terminated:0xc421932af0"
After:"Terminated:&ContainerStateTerminated{ExitCode:0,Signal:0,Reason:Completed,Message:,StartedAt:0001-01-01 00:00:00 +0000 UTC,FinishedAt:2017-03-07 14:50:48 -0500 EST,ContainerID:docker://bd453bb969264b3ace2b3934a568af7679a0d51fee543a5f8a82429ff654970e,}"
"Ignoring same status for pod" messages already print status fully, these "Status for pod updated" messages should too IMO
```release-note
NONE
```
Automatic merge from submit-queue
Create subPaths and set their permissions like we do mountPaths
fixes https://github.com/kubernetes/kubernetes/issues/41638
If a subPath does not exist at the time MountVolume.Setup happens, SetVolumeOwnership will not have walked to the subPath and set appropriate permissions on it, leading to the above issue
So later, at makeMounts when we are parsing subPaths, let's create all subPaths and set their permissions according to how the parent mountPath looks.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42617, 43247, 43509, 43644, 43820)
[GCE] Support legacy-https and generic health checks
**What this PR does / why we need it**:
- Adds CRUD functions to manage `compute.HttpsHealthChecks`
The legacy HTTPS healthchecks will be used by the GLBC (GCE Load balancer Controller)
- Adds CRUD functions to manage `compute.HealthChecks`
These are required for the internal load balancer
- Removes the logic that disregards NotFound errors on DeleteHttpHealthChecks as this is useful information for callers. Here are the three known invocations within kubernetes:
[gce/gce_loadbalancer.go#L457](bc6e77d42f/pkg/cloudprovider/providers/gce/gce_loadbalancer.go (L457)): Only prints warning that HC wasn't deleted -> acceptable
[gce/gce_loadbalancer.go#L465](bc6e77d42f/pkg/cloudprovider/providers/gce/gce_loadbalancer.go (L465)): Err is ignored if not nil -> acceptable
[e2e/framework/ingress_utils.go#L530](bc6e77d42f/test/e2e/framework/ingress_utils.go (L530)): Already checks if is NotFound error -> acceptable
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Step one of https://github.com/kubernetes/ingress/issues/494
Step one of #33483
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
validate activeDeadlineSeconds in rs/rc
**What this PR does / why we need it**:
if setting activeDeadlineSeconds, deployment will continuously created new pods after old pod dies.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#38684
**Special notes for your reviewer**:
**Release note**:
```release-note
ActiveDeadlineSeconds is validated in workload controllers now, make sure it's not set anywhere (it shouldn't be set by default and having it set means your controller will restart the Pods at some point)
```
Automatic merge from submit-queue (batch tested with PRs 41135, 43699)
azure: reduce polling delay for all Azure clients
**What this PR does / why we need it**: Reduces the polling delay for all azure clients to 5 seconds. This should speed up some additional operations at the cost of some quota.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a
**Special notes for your reviewer**: This stacks on top of #43697, please only look at latest commit. Alternatively I can rebase this on top of master.
**Release note**:
```release-note
azure: all clients poll duration is now 5 seconds
```
I don't think the StorageClient polls anywhere, and it's a different type of client, so I didn't touch it.
Automatic merge from submit-queue
fix deleted typos
**What this PR does / why we need it**:
**Which issue this PR fixes** :
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
unit test for kubectl config unset
**What this PR does / why we need it**:
unit test for kubectl config unset
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
think you
**Release note**:
```release-note
```
updating with PR changes requested.
latest changes to having short for human readable only, and error cases moved a bit to the end.
rebase fixes
latest pr. changes.
small change moving return nil out of switch.
updated the nil check for the error in the humanreadable case.
more optimization in humanreadable code.
pushed up current test changes, this is purely temporary
finished writing tests
updated test and function names.
changed output extensions from .sh to output.
updated version, version struct now just called Version and not VersionObj.
made a few changes to testing.
fixed testing issues, created better test and cleanup
go format change.
The cloudprovider is being refactored out of kubernetes core. This is being
done by moving all the cloud-specific calls from kube-apiserver, kubelet and
kube-controller-manager into a separately maintained binary(by vendors) called
cloud-controller-manager. The Kubelet relies on the cloudprovider to detect information
about the node that it is running on. Some of the cloudproviders worked by
querying local information to obtain this information. In the new world of things,
local information cannot be relied on, since cloud-controller-manager will not
run on every node. Only one active instance of it will be run in the cluster.
Today, all calls to the cloudprovider are based on the nodename. Nodenames are
unqiue within the kubernetes cluster, but generally not unique within the cloud.
This model of addressing nodes by nodename will not work in the future because
local services cannot be queried to uniquely identify a node in the cloud. Therefore,
I propose that we perform all cloudprovider calls based on ProviderID. This ID is
a unique identifier for identifying a node on an external database (such as
the instanceID in aws cloud).
