Commit Graph

32374 Commits

Author SHA1 Message Date
deads2k
bfa2ff00b9 generated code changes 2016-07-20 15:11:56 -04:00
k8s-merge-robot
c09956e13f Merge pull request #29215 from ericchiang/http-probe-checker-test-dont-sr-compare-errors
Automatic merge from submit-queue

pkg/probe/http: don't compare error strings in tests

TestHTTPProbeChecker fails on the Go1.7 release candidates. The
package's history show that this was the case for Go1.5 and Go1.6
as well.

The test depend on errors holding specific string values, behavior
not guarenteed in the standard library API, and causing new test
failures every minor Go release. Just look for an error rather than
trying to inspect it using string comparison. If we feel this
impacts coverage we can add more test cases.

Fixes #15952
2016-07-20 11:51:52 -07:00
k8s-merge-robot
1ecd4efce6 Merge pull request #29169 from kevinjkj/kevinjkj-patch-4
Automatic merge from submit-queue

Add defer

Add defer?
2016-07-20 11:51:47 -07:00
k8s-merge-robot
8043baf12d Merge pull request #29071 from albatross0/fix_rbac_for_serviceaccounts
Automatic merge from submit-queue

Fix RBAC authorizer of ServiceAccount

RBAC authorizer assigns a role to a wrong service account.

How to reproduce

1.Create role and rolebinding to allow default user in kube-system namespace to read secrets in kube-system namespace.

```
# kubectl create -f role.yaml
# kubectl create -f binding.yaml
```

```yaml
# role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: secret-reader
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "watch", "list"]
    nonResourceURLs: []
```

```yaml
# binding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: read-secrets
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system
roleRef:
  kind: Role
  namespace: kube-system
  name: secret-reader
  apiVersion: rbac.authorization.k8s.io/v1alpha1
```

2.Set a credential of default user

```
$ kubectl config set-credentials default_user --token=<token_of_system:serviceaccount:kube-system:default>
$ kubectl config set-context default_user-context --cluster=test-cluster --user=default_user
$ kubectl config use-context default_user-context
```

3.Try to get secrets as default user in kube-system namespace

```
$ kubectl --namespace=kube-system get secrets
the server does not allow access to the requested resource (get secrets)
```

As shown above, default user could not access to secrets.
But if I have kube-system user in default namespace, it is allowed access to secrets.


4.Create a service account and try to get secrets as kube-system user in default namespace

```
# kubectl --namespace=default create serviceaccount kube-system
serviceaccount "kube-system" created
$ kubectl config set-credentials kube-system_user --token=<token_of_system:serviceaccount:default:kube-system>
$ kubectl config set-context kube-system_user-context --cluster=test-cluster --user=kube-system_user
$ kubectl config use-context kube-system_user-context
$ kubectl --namespace=kube-system get secrets
NAME                  TYPE                                  DATA      AGE
default-token-8pyb3   kubernetes.io/service-account-token   3         4d

```
2016-07-20 11:51:42 -07:00
Vishnu kannan
feb732195f run godeps twice in validation to include recursive dependencies
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-07-20 11:11:56 -07:00
k8s-merge-robot
10211f4df2 Merge pull request #29268 from lixiaobing10051267/masterExpected2
Automatic merge from submit-queue

Information is opposite to real meaning to express

master is not equal to expectedMaster, the meaning should be the master is unexpected:
	master, err := mesosCloud.Master(clusterName)
	if master != expectedMaster {
		t.Fatalf("Master returns the expected value: (expected: %#v, actual: %#v", expectedMaster, master)
2016-07-20 11:11:51 -07:00
k8s-merge-robot
a0da4153b6 Merge pull request #29260 from lixiaobing10051267/masterErr
Automatic merge from submit-queue

Modify err output format from %s to %v

t.Errorf err output format should be %v
2016-07-20 11:11:46 -07:00
k8s-merge-robot
60f9ce8a41 Merge pull request #29253 from lixiaobing10051267/masterLBname
Automatic merge from submit-queue

format number not consistent with real variable number

glog.Infof format number not consistent with real variable number, should add %s for second var because loadBalancerName is string:
func (c *Cloud) ensureLoadBalancer(namespacedName types.NamespacedName, loadBalancerName string, ...
2016-07-20 11:11:42 -07:00
k8s-merge-robot
9cf9f9301d Merge pull request #29167 from lixiaobing10051267/masterServerGo
Automatic merge from submit-queue

"server.go" directory error

In file "docs\devel\profiling.md", line 55:
"In 'pkg/master/server/server.go' more servers are created“
Here server.go directory is wrong, should be :pkg/kubelet/server/server.go
2016-07-20 11:11:37 -07:00
k8s-merge-robot
6df62ff39c Merge pull request #29162 from xiangpengzhao/fix_err_to_cerr
Automatic merge from submit-queue

Fix wrong variable of error

Should not log `err` but `cerr`.
2016-07-20 11:11:33 -07:00
k8s-merge-robot
b7490d5cb6 Merge pull request #25256 from gmarek/proposal
Automatic merge from submit-queue

Proposal for ControllerReference

Proposal for including the reference pointing to the owning "collection" (controller) for objects that can be grouped. The goal is to prevent a situation when two controllers are fighting over some resources.

cc @bgrant0607 @lavalamp @caesarxuchao @davidopp @fgrzadkowski @wojtek-t @kubernetes/sig-api-machinery
2016-07-20 11:11:28 -07:00
k8s-merge-robot
7620ed4b52 Merge pull request #28963 from cdrage/better-warning-kubecontroller
Automatic merge from submit-queue

Warn when missing cloud-provider on kube controller
2016-07-20 11:11:23 -07:00
nikhiljindal
11ba8943fe Updating federation controllers to use release_1_4 clientset instead of release_1_3 clientset 2016-07-20 10:56:57 -07:00
Zach Loafman
0750eaf533 AWS kube-up: Fix unbound KUBE_MANIFESTS_TAR_URL variable in Salt config
It shouldn't be necessary for all distros to define this env variable.
2016-07-20 10:50:34 -07:00
Andy Goldstein
77b0547b3d Fix Windows terminal handling
Fix some issues with Windows terminal handling with respect to TTYs that came up as part of the
code that adds support for terminal resizing.
2016-07-20 13:37:14 -04:00
Avesh Agarwal
f37d8fd60f Fix node e2e (kubelet metrics) by adding GinkgoRecover to a goroutine
to avoid panic
2016-07-20 13:26:56 -04:00
Vishnu kannan
cdeaef2c05 updating cadvisor deps
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-07-20 10:06:38 -07:00
k8s-merge-robot
a0a0760027 Merge pull request #25307 from derekwaynecarr/set_uid_from_context
Automatic merge from submit-queue

Allow handlers earlier in a request flow to inject a UID for an object

This lets admission controllers specify a stable UID for an object prior to its creation.  That lets the admission controller then record a reference to the object on another resource using that stable UID prior to the object being created.  This would be a prerequisite for supporting quota reservations.

/cc @smarterclayton @lavalamp @deads2k
2016-07-20 09:58:51 -07:00
albatross0
d1b14e2fae Fix RBAC authorizer of ServiceAccount
RBAC authorizer assigns a role to a wrong service account.
2016-07-21 01:50:08 +09:00
Ron Lai
367a683273 Wrapping image pullers inside ImageManager 2016-07-20 09:47:11 -07:00
Ron Lai
56b9daf50f Moving image pullers to images directory 2016-07-20 09:47:11 -07:00
k8s-merge-robot
d1fba05a1b Merge pull request #29020 from Random-Liu/add-namespace-controller-in-node-e2e
Automatic merge from submit-queue

Start namespace controller in node e2e

Fix https://github.com/kubernetes/kubernetes/issues/28320.
Based on https://github.com/kubernetes/kubernetes/pull/28807, only the last 2 commits are new.

Before this PR, there was no namespace controller running in node e2e test infrastructure. We can not enable the [`delete-namespace`](f2ddd60eb9/test/e2e/framework/test_context.go (L109)) flag in the test framework.
So after the test running, there will be running pod left on the test node. This seems to be acceptable in our test infrastructure because we create an new instance each time.

However, in 1.4 we may want to provide part of the test as node conformance test to the user, they definitely don't want the test to leave tons of pods on their node after test running.

Currently, there is no easy way to only start namespace controller in kube-controller-manager (confirmed with @mikedanese), so in this PR I started a "uncontainerized" one in the test infrastructure.

This PR:
* Started the namespace controller in the node e2e test infrastructure and enable the automatic namespace deletion.
* Change the privileged test to use framework (@yujuhong), so that all node e2e tests are using the framework and test pods will be cleaned up by namespace controller.

/cc @kubernetes/sig-node
2016-07-20 09:24:26 -07:00
k8s-merge-robot
d600b22e8d Merge pull request #29280 from ApsOps/patch-1
Automatic merge from submit-queue

Make a link in docs clickable
2016-07-20 08:29:28 -07:00
k8s-merge-robot
7a4f4fdc6a Merge pull request #28996 from zefciu/provisioning-docs
Automatic merge from submit-queue

Info about enabling the hostpath provisioner

The README for persistent volume provisioning had information about the
hostpath provisioner for testing purposes, but lacked instructions on
how to enable it.
2016-07-20 08:29:24 -07:00
k8s-merge-robot
70594e8289 Merge pull request #29283 from timothysc/http2_default_disable
Automatic merge from submit-queue

Revert "Follow on for 1.4 to default HTTP2 on by default"

This reverts commit efe25553cd  
in order to address: #29001 #28537
2016-07-20 08:29:19 -07:00
Filip Grzadkowski
e9585fba91 1. Precompute REGION variable in config
2. Add timeout for waiting for loadbalancer
3. Fix kube-down so that it doesn't delete some resources if there are still masters/nodes in other zones
2016-07-20 17:25:25 +02:00
Random-Liu
691d24cc66 Change some node e2e test to use the prepull image framework. 2016-07-20 08:16:40 -07:00
k8s-merge-robot
0f1a3587a2 Merge pull request #29279 from mksalawa/schedulertest
Automatic merge from submit-queue

Fix generic scheduler test
2016-07-20 07:52:28 -07:00
k8s-merge-robot
3af6f472e4 Merge pull request #29250 from aveshagarwal/master-node-e2e-configmap-fixes
Automatic merge from submit-queue

Fix a typo
2016-07-20 07:52:23 -07:00
k8s-merge-robot
a93fbb108a Merge pull request #29235 from luxas/bump_etcd
Automatic merge from submit-queue

Bump the default etcd version in the Makefile to 3.0.3

Fixes: #29132

I haven't had time to manually validate the arm and arm64 version yet, but I think it should be fine.

cc @xiang90 @hongchaodeng @timothysc @lavalamp @wojtek-t @thockin @kubernetes/sig-scalability @Pensu @laboger
2016-07-20 07:52:14 -07:00
k8s-merge-robot
1720b66ddc Merge pull request #29073 from rata/service-external-name
Automatic merge from submit-queue

Add proposal for service externalName

This is a proposal to address: #13748.

@smarterclayton @ncdc @thockin.  Please check this out when you have time, hopefully this is okay :-D

I created the proposal because was unsure if the feature would be able to go in if there isn't a proposal already merged, because of this mail to kubernetes-pm: https://groups.google.com/forum/#!topic/kubernetes-pm/Ki63EztfZMo.

So, IIUC it would be nice to have the proposal merged ASAP (I think the interface looks ok for all, so hopefully this will be easy) so we can have this feature in 1.4 as you guys ( @smarterclayton @ncdc ) need.
2016-07-20 07:52:07 -07:00
Filip Grzadkowski
70bb57a3e1 Revert "Merge pull request #29278 from kubernetes/revert-29201-ha_master"
This reverts commit ecebdb5707, reversing
changes made to 976ca09d71.
2016-07-20 16:37:31 +02:00
Timothy St. Clair
8cb799c789 Revert "Follow on for 1.4 to default HTTP2 on by default"
This reverts commit efe25553cd.
2016-07-20 08:47:15 -05:00
Amanpreet Singh
303b6287ff Make a link in docs clickable
- Github flavored markdown doesn't support links inside codeblocks
2016-07-20 18:21:56 +05:30
mksalawa
fea8d0aebf Fix generic scheduler test 2016-07-20 14:47:44 +02:00
Piotr Szczesniak
ecebdb5707 Merge pull request #29278 from kubernetes/revert-29201-ha_master
Revert "Add and delete load balancer in front of apiserver."
2016-07-20 14:03:57 +02:00
Filip Grzadkowski
194895740c Revert "Add and delete load balancer in front of apiserver." 2016-07-20 14:02:59 +02:00
Wojciech Tyczynski
2794cf538c Use sharedPodInformer in ReplicaSet controller 2016-07-20 12:25:26 +02:00
lixiaobing10051267
025135de6a Information is opposite to real meaning to express 2016-07-20 16:54:19 +08:00
saadali
afd8a58e5c Reduce DSW populator sleep period from 5 min to 1 2016-07-20 01:03:04 -07:00
saadali
d210c2231f Check pod exist in attach controller DSW populator
Fix bug in desired_state_of_the_world_populator.go to check exists so
that it can delete pods even if the delete event is missed (or fails)
2016-07-20 01:03:04 -07:00
Bryan Boreham
b3b30ff01f Make the FOCUS= example do something
Since several of the test suite descriptions spell "Kubernetes" with a
capital K, but none match with a lower-case k.
2016-07-20 09:01:24 +01:00
Piotr Szczesniak
976ca09d71 Merge pull request #29201 from fgrzadkowski/ha_master
Add and delete load balancer in front of apiserver.
2016-07-20 09:38:19 +02:00
lixiaobing10051267
e3bff25dbb Modify err output format from %s to %v 2016-07-20 15:06:47 +08:00
k8s-merge-robot
c305c39bcb Merge pull request #28938 from madhusudancs/fed14-kubeconfig-secret-name
Automatic merge from submit-queue

Change the name of the secret that delivers federation kubeconfig.

```release-note
Federation API server kubeconfig secret consumed by federation-controller-manager has a new name.

If you are upgrading your Cluster Federation components from v1.3.x, please run this command to migrate the federation-apiserver-secret to federation-apiserver-kubeconfig serect;

$ kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -

You might also want to delete the old secret using this command:

$ kubectl delete secret --namespace=federation federation-apiserver-secret
```

The current name, federation-apiserver-secret, is very similar to the
other secret we have, federation-apiserver-secrets, that delivers
somewhat similar data but in a different format. This is extremely
confusing, particularly while debugging.

This change should soothe the pain.

cc @kubernetes/sig-cluster-federation
2016-07-19 23:50:15 -07:00
k8s-merge-robot
ad7ececcd0 Merge pull request #28765 from nhlfr/api-proxy-regex
Automatic merge from submit-queue

Make "attach" and "exec" rejection in proxy more explicit

```release-note
kubectl proxy changed to now allow urls to pods with "attach" or "exec" in the pod name
```

The more explicit regular expression for rejection makes a possibility of accessing pods (or any other resources) which contain "attach" or "exec" in their names via proxy API. It was not possible before.

Also, the reference for "run" resource was removed, because it doesn't exist in any of k8s APIs currently.

Fixes: #21464
2016-07-19 23:06:58 -07:00
k8s-merge-robot
0bd6e2d810 Merge pull request #29245 from kubernetes/revert-28970-sheduler_tests_should_consider_unschedulable
Automatic merge from submit-queue

Revert "Scheduler predicates tests should consider unschedulable"

Reverts kubernetes/kubernetes#28970
See https://github.com/kubernetes/kubernetes/pull/28970#issuecomment-233817280

cc @pskrzyns @rmmh
2016-07-19 22:32:44 -07:00
k8s-merge-robot
8c84fae03e Merge pull request #28701 from pmorie/bandwidth-test
Automatic merge from submit-queue

Move ExtractPodBandwidthResources test into appropriate package

Found during #28511, this test is in the wrong package currently.

cc @kubernetes/sig-network
2016-07-19 21:57:30 -07:00
saadali
88d495026d Allow mounts to run in parallel for non-attachable
Allow mount volume operations to run in parallel for non-attachable
volume plugins.

Allow unmount volume operations to run in parallel for all volume
plugins.
2016-07-19 21:54:26 -07:00
k8s-merge-robot
a3110dcb41 Merge pull request #28417 from kevensen/awszonefix
Automatic merge from submit-queue

AWS: Added experimental option to skip zone check

This pull request resolves #28380.  In the vast majority of cases, it is appropriate to validate the AWS region against a known set of regions.  However, there is the edge case where this is undesirable as Kubernetes may be deployed in an AWS-like environment where the region is not one of the known regions.

By adding the optional **DisableStrictZoneCheck true** to the **[Global]** section in the aws.conf file (e.g. /etc/aws/aws.conf) one can bypass the ragion validation.
2016-07-19 21:03:28 -07:00