Commit Graph

38270 Commits

Author SHA1 Message Date
Ray Tsang
846cd2d66a Append newline to the "deleted context ... " and "deleted cluster ..." message 2016-11-17 12:30:45 -05:00
Kubernetes Submit Queue
44b684ad53 Merge pull request #33663 from pmorie/selinux-fixes
Automatic merge from submit-queue

SELinux Overhaul

Overhauls handling of SELinux in Kubernetes.  TLDR: Kubelet dir no longer has to be labeled `svirt_sandbox_file_t`.

Fixes #33351 and #33510.  Implements #33951.
2016-11-01 05:04:17 -07:00
Kubernetes Submit Queue
6babfb6ccc Merge pull request #35109 from sttts/sttts-sni
Automatic merge from submit-queue

Add SNI support to the apiserver

This PR adds the `--tls-sni-key-cert` flag to the apiserver. It can be passed multiple times in the following ways:

``` shell
$ apiserver \
    --tls-sni-cert-key '*.example.com,example.com: example.key,example.crt' \
    --tls-sni-cert-key 'foo.key,foo.crt'
```

The first variant explicitly sets the accepted domain names, the second variant reads the common names and DNS names from the certificate itself.

If no domain name matches, the existing certificate (`--tls-cert-file`) is used.

``` golang
    fs.Var(config.NewNamedCertKeyArray(&s.SNICertKeys), "tls-sni-cert-key", ""+
        "A pair of x509 certificate and private key file paths, optionally prefixed with a list of "+
        "domain patterns which are fully qualified domain names, possibly with prefixed wildcard "+
        "segments. If no domain patterns are provided, the names of the certificate are "+
        "extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns "+
        "trump over extracted names. For multiple key/certificate pairs, use the "+
        "--tls-sni-key-cert multiple times. "+
        "Examples: \"example.key,example.crt\" or \"*.foo.com,foo.com:foo.key,foo.crt\".")
```

``` release-note
Add SNI support to the apiserver

Pass multiple certificates and domain name patterns with `--tls-sni-cert-key` and the right certificate will be chosen depending on the url the client is using.
```
2016-11-01 04:25:54 -07:00
Dr. Stefan Schimanski
7c5e354e82 Update bazel 2016-11-01 09:50:56 +01:00
Dr. Stefan Schimanski
5dc31d35a0 Add --tls-sni-cert-key to the apiserver for SNI support 2016-11-01 09:50:56 +01:00
Dr. Stefan Schimanski
d0b3981f07 Make GenericApiServer.Run interruptable and fail on first listen 2016-11-01 09:50:56 +01:00
Kubernetes Submit Queue
cc84673ebe Merge pull request #35928 from caesarxuchao/remove-clientset-archive
Automatic merge from submit-queue

Remove archived clientset

We have [client-go](https://github.com/kubernetes/client-go) now, no need to keep archived clientset in master of k8s.io/kubernetes.

Also updated the client-gen README.

Fix https://github.com/kubernetes/kubernetes/issues/35803.

cc @mikedanese 

```release-note
The main kubernetes repository stops hosting archived version of released clients. Please use [client-go](https://github.com/kubernetes/client-go).
```
2016-11-01 00:41:46 -07:00
Kubernetes Submit Queue
030c74623d Merge pull request #35764 from xilabao/break-endless-loop
Automatic merge from submit-queue

break endless loop in vagrant cluster

reference to [vagrant.md](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/local-cluster/vagrant.md) troubleshooting ,  I guess we could set a time to return from endless loop to register with cloud provider.
2016-10-31 23:54:09 -07:00
Kubernetes Submit Queue
a9b183db7f Merge pull request #32557 from asalkeld/an-ingress-docs
Automatic merge from submit-queue

Correct the article in generated documents

**What this PR does / why we need it**:
Fix the article in generated docs for "create/delete [article] [kind]"

**Which issue this PR fixes**
fixes #32305

**Special notes for your reviewer**:
None

**Release note**:

``` release-note
Correct the article in generated documents
```

For example:
  "a Ingress" > "an Ingress"
2016-10-31 23:16:46 -07:00
Kubernetes Submit Queue
38a2c94f31 Merge pull request #35670 from smarterclayton/expose_unsafe_2
Automatic merge from submit-queue

Alternative unsafe copy

Have run this for 2 hours in the stresser without an error (no guarantee).

@wojtek-t can we do a 500 kubemark run with this prior to merge?
2016-10-31 22:42:55 -07:00
Kubernetes Submit Queue
3a2ae34ea9 Merge pull request #35608 from soltysh/pdb_admission
Automatic merge from submit-queue

Update PodAntiAffinity to ignore calls to subresources

@smarterclayton I hit this when I was trying to evict a pod, apparently k8s does not have this particular admission plugin on by default. ptal

@mml @davidopp fyi
2016-10-31 20:58:33 -07:00
Kubernetes Submit Queue
d461262bf8 Merge pull request #35497 from liggitt/node-address
Automatic merge from submit-queue

Allow apiserver to choose preferred kubelet address type

Follow up to #33718 to stay compatible with clusters using DNS names for master->node communications. Adds the `--kubelet-preferred-address-types` apiserver flag for clusters that prefer a different node address type.

```release-note
The apiserver can now select which type of kubelet-reported address to use for master->node communications, using the --kubelet-preferred-address-types flag.
```
2016-10-31 18:33:27 -07:00
Kubernetes Submit Queue
482475e378 Merge pull request #35813 from mtaufen/bump-rkt-stage1-fly
Automatic merge from submit-queue

Bump rkt stage1-fly to 1.18.0

Bumps stage1-fly version.
2016-10-31 16:14:44 -07:00
Kubernetes Submit Queue
4bae0f3a96 Merge pull request #35927 from timstclair/summary-test
Automatic merge from submit-queue

Bump Kubelet workingset upper bound

For https://github.com/kubernetes/kubernetes/issues/34990

Follow up to https://github.com/kubernetes/kubernetes/pull/35828, because working memory is too high now too.
2016-10-31 15:34:18 -07:00
Kubernetes Submit Queue
079630a522 Merge pull request #35922 from a-robinson/crdb
Automatic merge from submit-queue

Improve CockroachDB example

This is primarily about pulling in the init container to make the config more production-ready, but I've pulled in a few other small improvements that have been made since this was first contributed.

* Use an init container to eliminate potential edge case where losing
  the first pet's data could cause it to start a second logical cluster
* Exec the cockroach binary so that it runs as PID 1 in the container
* Make some small improvements to the README

@bprashanth 

```release-note
```
2016-10-31 15:34:09 -07:00
Fabio Yeon
d06408e441 Update CHANGELOG.md for v1.3.10. 2016-10-31 15:15:41 -07:00
Chao Xu
4cf7adf937 remove release_1_4
remove archived federation clientsets
update README
2016-10-31 15:05:26 -07:00
Michael Taufen
7a6d26bab7 Bump rkt stage1-fly to 1.18.0 2016-10-31 14:54:39 -07:00
Kubernetes Submit Queue
8b3db0bc98 Merge pull request #35915 from caesarxuchao/stop-update-client-go
Automatic merge from submit-queue

Disable update-staging-client-go until code freeze

I don't want to cause developer friction until code freeze. I'll babysit the script for the moment to keep the client-go up-to-date.

Should had done this in #34489.
2016-10-31 14:35:04 -07:00
Kubernetes Submit Queue
cbabb03acc Merge pull request #34841 from derekwaynecarr/quota-shared-informer
Automatic merge from submit-queue

quota controller uses informers if available for pod calculation

This PR does the following:
1. plumb informer factory into quota registry and evaluators
2. pod quota evaluator uses informers for determining aggregrate usage instead of making direct calls
3. admission code path does not use informers because
   1. we do not want to add new watches in apiserver
   2. admission code path does not require aggregate usage calculation

As a result, quota controller is much faster in re-calculating quota usage when it observes a pod deletion.

Follow-on PRs will make similar changes for other informer backed resources (pvcs next).

/cc @deads2k @mfojtik @smarterclayton @kubernetes/rh-cluster-infra
2016-10-31 14:34:57 -07:00
Tim St. Clair
8330b081bc
Bump Kubelet workingset upper bound 2016-10-31 13:51:07 -07:00
Jordan Liggitt
1a7f7c5399
Allow apiserver to choose preferred kubelet address type 2016-10-31 16:02:38 -04:00
Alex Robinson
6b98de39a5 Improve CockroachDB example
* Use an init container to eliminate potential edge case where losing
  the first pet's could cause it to start a second logical cluster
* Exec the cockroach binary so that it runs as PID 1 in the container
* Make some small improvements to the README
2016-10-31 15:48:41 -04:00
Chao Xu
04f291e5b4 disable update-staging-client-go until code freeze 2016-10-31 10:57:14 -07:00
Tim Hockin
e6b2517feb Merge pull request #32931 from philips/delete-kube-dns-docs-in-build
build: kube-dns: remove out of date docs
2016-10-31 18:10:35 +01:00
Kubernetes Submit Queue
dad0445bcb Merge pull request #35894 from gmarek/race
Automatic merge from submit-queue

Initialize CIDR allocator before registering handle functions

Currently we start shared informers after everything is already created, but this change make it future-proof.

cc @davidopp @kevin-wangzefeng @foxish
2016-10-31 09:28:38 -07:00
Kubernetes Submit Queue
24899597b9 Merge pull request #32687 from jouve/resource_type
Automatic merge from submit-queue

update list of vailable resources

Hi,

kubectl get --help produce a list of resource types and aliases :

```
Valid resource types include:
   * clusters (valid only for federation apiservers)
   * componentstatuses (aka 'cs')
   ...
```

``` release-note
Update the list of resources in kubectl get --help
```

The list is currently outdated (for exemple missing networkpolicy).

http://kubernetes.io/docs/user-guide/kubectl-overview/#resource-types has the same data and is also outdated.

The patch updates these 2 lists.
2016-10-31 09:28:29 -07:00
Kubernetes Submit Queue
3e3ff447d2 Merge pull request #30285 from jsafrane/external-provisioner-proposal
Automatic merge from submit-queue

Proposal for external dynamic provisioners

@kubernetes/sig-storage
2016-10-31 08:45:08 -07:00
Kubernetes Submit Queue
9ecc131c05 Merge pull request #31220 from mfojtik/pause-patch
Automatic merge from submit-queue

Use PATCH to resume/pause deployment

Alternative version of: https://github.com/kubernetes/kubernetes/pull/30919
Fixes: https://github.com/kubernetes/kubernetes/issues/20437
2016-10-31 08:44:58 -07:00
derekwaynecarr
1bcb057636 quota controller uses informers if available for pod calculation 2016-10-31 11:38:22 -04:00
gmarek
8d766462e7 Initialize CIDR allocator before registering handle functions 2016-10-31 16:21:37 +01:00
Kubernetes Submit Queue
35bdb1ee46 Merge pull request #35892 from kargakis/fix-test-panic
Automatic merge from submit-queue

test: check for desired Deployment status prior to listing RSs

Fixes the panic in https://github.com/kubernetes/kubernetes/issues/35337

@mfojtik
2016-10-31 08:08:03 -07:00
Clayton Coleman
ab673bbc9a
generated: alternative unsafe conversions 2016-10-31 11:00:29 -04:00
Clayton Coleman
96f8a14e35
Explore alternative unsafe copy 2016-10-31 10:59:01 -04:00
Kubernetes Submit Queue
a52ad987d2 Merge pull request #35520 from humblec/gluster-gid-prov-3
Automatic merge from submit-queue

Update heketi dependency to release3.

commit hash#28b5cc4cc6d2b9bdfa91ed1b93efaab4931aa697

Signed-off-by: Humble Chirammal hchiramm@redhat.com
2016-10-31 07:33:36 -07:00
Kubernetes Submit Queue
f67ecd73f7 Merge pull request #35800 from deads2k/rbac-18-fix-local-up
Automatic merge from submit-queue

make localupcluster work with RBAC enabled

When `ENABLE_RBAC=true` is set to true, `local-up-cluster` fails because it can't reach the endpoint (get a 403).  This changes to an endpoint that the default policy allows anyone to see.
2016-10-31 05:28:54 -07:00
Kubernetes Submit Queue
09664dd26f Merge pull request #35501 from sttts/sttts-misc-master-cleanups
Automatic merge from submit-queue

Misc master and federation cleanups

- misc small cleanups
- make ServerRunOption embeddings explicit in order to make the technical debt in our plumbing code visible.
2016-10-31 05:28:46 -07:00
Michal Fojtik
0faa27e62d Use PATCH when pausing/resuming objects and CalculatePatches to get the patch 2016-10-31 13:13:59 +01:00
Kubernetes Submit Queue
cda55a7847 Merge pull request #35783 from wojtek-t/support_rollback
Automatic merge from submit-queue

Better logging and support for running non-default version from etcd image

Ref #20504
2016-10-31 04:06:52 -07:00
Kubernetes Submit Queue
106492708a Merge pull request #35285 from humblec/glusterfs-stale-volumes
Automatic merge from submit-queue

Remove stale volumes if endpoint/svc creation fails.

Remove stale volumes if endpoint/svc creation fails.

Signed-off-by: Humble Chirammal hchiramm@redhat.com
2016-10-31 04:06:43 -07:00
Kubernetes Submit Queue
ddce7c305a Merge pull request #35889 from wojtek-t/increase_etcd3_compation_frequency
Automatic merge from submit-queue

Increase etcd3 compaction frequency

@xiang90 @hongchaodeng - we already talked about it
2016-10-31 03:31:43 -07:00
Kubernetes Submit Queue
b7fef610cd Merge pull request #35888 from wojtek-t/fix_kubemark_quota_bytes
Automatic merge from submit-queue

Fix conflict in kubemark
2016-10-31 03:31:35 -07:00
Dr. Stefan Schimanski
ab3ce27f01 Make master+federation ServerRunOptions embeddings explicit 2016-10-31 11:04:58 +01:00
Dr. Stefan Schimanski
b798527793 Rename master/options/{APIServer -> ServerRunOptions} 2016-10-31 10:55:19 +01:00
Dr. Stefan Schimanski
d6dc0e561f Apiserver cleanups
- remove unused genericapiserver Config.MasterServiceNamespace
- move init code into ApplyOptions
- initialize genericapiserver Config.MaxRequestsInFlight
- move ServiceReadWritePort to master
2016-10-31 10:55:19 +01:00
Wojciech Tyczynski
62299921b5 Correctly support custom etcd migration 2016-10-31 09:03:39 +01:00
Wojciech Tyczynski
1f09d79584 Increase etcd3 compaction frequency 2016-10-31 08:40:13 +01:00
Wojciech Tyczynski
42d8a13229 Fix conflict in kubemark 2016-10-31 08:34:33 +01:00
Kubernetes Submit Queue
e4b41dd292 Merge pull request #35777 from redhatlinux10/fix-inconsistent-util-package-import
Automatic merge from submit-queue

make kubeadm version use kubeadmutil

What this PR does / why we need it:

this PR makes sure `kubeadmutil.CheckErr()` other than `cmdutil.CheckErr()` is called in `kubeadm version` subcommand. 
in `version.go`, `RunVersion()` function only returns `nil`, `kubeadmutil.CheckErr()` is enough for this

Signed-off-by: redhatlinux10 <ouyang.qinhua@zte.com.cn>
2016-10-30 18:08:27 -07:00
Angus Salkeld
3a08cf0619 Correct the article in generated documents
For example:

  "a Ingress" > "an Ingress"
2016-10-31 09:46:29 +10:00