Commit Graph

82824 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
ca5babc1da
Merge pull request #81534 from logicalhan/kubelet-migration
migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework
2019-08-28 18:26:45 -07:00
Kubernetes Prow Robot
30f2545364
Merge pull request #81509 from RainbowMango/pr_add_authentication_metrics
Add authentication metrics: failure, error count
2019-08-28 18:26:32 -07:00
Kubernetes Prow Robot
4ba225a541
Merge pull request #81486 from wongma7/aws-testdriver
Re-implement AWS test driver interfaces
2019-08-28 18:26:23 -07:00
Kubernetes Prow Robot
bd8a8db515
Merge pull request #81477 from paulsubrata55/kube-proxy-sctp-ipset-fix
Fix in kube-proxy for sctp ipset entries
2019-08-28 18:26:09 -07:00
Kubernetes Prow Robot
c4ccb623e8
Merge pull request #80247 from jsafrane/e2e-volume-limits
Add e2e test for CSI volume limits
2019-08-28 18:25:56 -07:00
Haowei Cai
f3c793512b fix semantics of the rejected label in webhook metrics
when error calling webhook is ignored, do not log the request as
rejected
2019-08-28 17:54:11 -07:00
misakazhou
f0323a2030 Fix broken link to api-conventions doc.
Signed-off-by: misakazhou <misakazhou@tencent.com>
2019-08-29 08:35:16 +08:00
Lubomir I. Ivanov
c9b11980ff kubeadm: fix a bug where the kubelet cert rotation was turned off
A recent commit added warnings for KubeletConfiguration and
KubeProxyConfiguration fields that kubeadm cares about and
does not recommend the user modifying them. Kubelet's
"rotateCertificates" cannot be handled using this function
as there is not way to figure out if the user has set it explicitly to
"false". Hardcode the value to "true" and add a comment about that.

Also apply the following changes to warnDefaultComponentConfigValue()
calls:
- use a local "kind" variable that defines the Kind we are warning about.
- fix wrong paths to fields.
2019-08-29 02:43:44 +03:00
Antoine Pelisse
39697519f4 Regenerate openapi-spec
Adds apply-patch content-type to openapi
2019-08-28 16:09:52 -07:00
Kevin Klues
ddfd9ac0ca Fix bug in CPUManager with setting topology for policies
Also add a check in the unit tests to avoid regressions
2019-08-28 17:32:25 -05:00
Antoine Pelisse
66f24a7308 Make ServerSideApply beta, and enable by default (on the server) 2019-08-28 15:03:42 -07:00
Antoine Pelisse
a3f4e6e933 Rename --experimental-* flags to --* for server-side apply 2019-08-28 15:03:41 -07:00
Kubernetes Prow Robot
41049fdf4b
Merge pull request #81977 from abursavich/const
Add types to StatefulSetUpdateStrategyType constants
2019-08-28 14:45:08 -07:00
Kubernetes Prow Robot
f3828b776b
Merge pull request #81965 from roycaihw/crd-feature-gates-to-ga
Bump the CRD feature gates to GA
2019-08-28 14:44:44 -07:00
Kubernetes Prow Robot
af54eae69a
Merge pull request #81612 from rikatz/issue81060
Remove watching Endpoints of Headless Services
2019-08-28 14:44:25 -07:00
Kubernetes Prow Robot
6c9f26ca3a
Merge pull request #80766 from robscott/discovery-api
Adding Discovery API for EndpointSlice
2019-08-28 14:44:09 -07:00
Kubernetes Prow Robot
b9c6f559bd
Merge pull request #80726 from wangzhen127/npd-0.7
Bump NPD version to v0.7.1 for GCI
2019-08-28 14:43:55 -07:00
Taahir Ahmed
b4e99584ce serviceaccounts: Add JWT KeyIDs to tokens
This commit fills out the JWT "kid" (KeyID) field on most
serviceaccount tokens we create.  The KeyID value we use is derived
from the public key of keypair that backs the cluster's OIDC issuer.

OIDC verifiers use the KeyID to smoothly cope with key rotations:

  * During a rotation, the verifier will have multiple keys cached
    from the issuer, any of which could have signed the token being
    verified.  KeyIDs let the verifier pick the appropriate key
    without having to try each one.

  * Seeing a new KeyID is a trigger for the verifier to invalidate its
    cached keys and fetch the new set of valid keys from the identity
    provider.

The value we use for the KeyID is derived from the identity provider's
public key by serializing it in DER format, taking the SHA256 hash,
and then urlsafe base64-encoding it.  This gives a value that is
strongly bound to the key, but can't be reversed to obtain the public
key, which keeps people from being tempted to derive the key from the
key ID and using that for verification.

Tokens based on jose OpaqueSigners are omitted for now --- I don't see
any way to actually run the API server that results in an OpaqueSigner
being used.
2019-08-28 14:18:23 -07:00
Jordan Liggitt
ddc697866a Use http/1.1 in apiserver->webhook clients 2019-08-28 16:51:57 -04:00
Jordan Liggitt
aef05c8dca Plumb NextProtos to TLS client config, honor http/2 client preference 2019-08-28 16:51:56 -04:00
Tim Allclair
a4f8ee17ee Enable the RuntimeClass admission controller on GCE & CI 2019-08-28 13:23:55 -07:00
Claudiu Belu
cafbfbea9a api: Loosens RunAsUserName validation
Currently, the character limit for the usernames set in the RunAsUserName is 20,
which is too low, considering that "ContainerAdministrator" is a valid username and
it is longer than 20 characters. A user should be able to run containers as
Administrator, if needed.

According to [1], Logon names can be up to 104 characters. The previous limit
only applies to local user accounts for the local system.

[1] https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
2019-08-28 13:03:44 -07:00
Sandeep Rajan
3b6b7f99b0 add checksum 2019-08-28 16:03:28 -04:00
Han Kang
e1bf0b4918 group imports properly 2019-08-28 12:49:54 -07:00
Han Kang
0895ac212d migrate kube-proxy metrics to stability framework 2019-08-28 12:49:54 -07:00
Han Kang
59db3ac27e migrate controller-manager metrics to stability framework 2019-08-28 12:26:57 -07:00
Jordan Liggitt
601b7d33a9 Make webhook benchmarks parallel 2019-08-28 15:20:31 -04:00
Kubernetes Prow Robot
8b4fd4104d
Merge pull request #81960 from pohly/ephemeral-tests
ephemeral volume tests
2019-08-28 12:02:07 -07:00
Kubernetes Prow Robot
f0c600d15a
Merge pull request #81958 from apelisse/ssa-improve-conflict-error
Improve error message on server-side apply conflicts
2019-08-28 12:01:54 -07:00
Kubernetes Prow Robot
b3b4305be5
Merge pull request #81903 from jfbai/fix-kubeadm-kubelet-default
fix: make kubeadm set defaults to kubelet configuration only when no values are set.
2019-08-28 12:01:41 -07:00
Kubernetes Prow Robot
92a320aeb6
Merge pull request #80238 from smarterclayton/disable_node_role
Clarify use of node-role labels within Kubernetes
2019-08-28 12:01:27 -07:00
Kubernetes Prow Robot
c6a506bb8c
Merge pull request #78174 from gaorong/oom-event
enrich kubelet system oom event message info
2019-08-28 12:01:13 -07:00
Han Kang
6f70f781df add some documentation around the metrics stability migration changes for clarity 2019-08-28 11:17:33 -07:00
Han Kang
3a50917795 migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework 2019-08-28 11:16:38 -07:00
RainbowMango
a7ac3b9bbe Add authentication metrics: overall failure and error count 2019-08-29 01:59:55 +08:00
Kenichi Omichi
9aae71fa4a Use log functions of core framework on sub [p-s]
This makes sub packages of e2e test framework to use log functions
of core framework instead for avoiding circular dependencies.

NOTE: test/e2e/framework/ssh will make circular dependencies if
      updating it. It is necessary to solve the issue in advance
      before this work.
2019-08-28 17:05:28 +00:00
Khaled Henidak(Kal)
c27e0b029d phase 2: generated items 2019-08-28 16:11:46 +00:00
Kevin Klues
df1b54fc09 Fail fast with TopologyManager on machines with more than 8 NUMA Nodes 2019-08-28 11:04:52 -05:00
Kevin Klues
5660cd3cfb Add NUMA Node awareness to the TopologyManager 2019-08-28 11:04:52 -05:00
Khaled Henidak(Kal)
313a5c5734 phase 2: ipam filter secondary service cidr 2019-08-28 15:59:43 +00:00
Khaled Henidak(Kal)
93c06821e6 Phase 2: service and endpoint processing 2019-08-28 15:59:43 +00:00
Khaled Henidak(Kal)
5e8ccda71c phase 2: api types + defaulting + validation + disabled fields handling 2019-08-28 15:59:43 +00:00
Kubernetes Prow Robot
d7ecc85239
Merge pull request #81955 from danwinship/add-hairpin-test
e2e/network: add service hairpin test
2019-08-28 08:56:16 -07:00
Kubernetes Prow Robot
6e684875ab
Merge pull request #81954 from SataQiu/fix-schedule-20190826
schedule code clean: using string prefix instead of MarkDeprecated
2019-08-28 08:55:59 -07:00
Kubernetes Prow Robot
35867b160a
Merge pull request #81951 from klueska/upstream-update-cpu-amanger-numa-mapping
Update the CPUManager to include NUMANodeID in its topology information
2019-08-28 08:55:40 -07:00
Kubernetes Prow Robot
20bd60cb9b
Merge pull request #81935 from k-toyoda-pi/use_log_e2e_apps
Use log functions of core framework on test/e2e/apps
2019-08-28 08:55:26 -07:00
Kubernetes Prow Robot
a927ed454c
Merge pull request #81576 from logicalhan/scheduler-migration
migrate scheduler metrics to stability framework
2019-08-28 08:55:12 -07:00
Antoine Pelisse
353b1ee084 Tombstone the former Fields field by commenting the old entry 2019-08-28 08:54:17 -07:00
Clayton Coleman
a49a554211
Move the IsMasterNode function to tests and mark it Deprecated
A future change will stop using this signal and instead use a
label selector passed on creation.
2019-08-28 11:17:27 -04:00
RainbowMango
c8c055b316 Cleanup staticcheck issues for package in client-go. 2019-08-28 23:08:17 +08:00