Commit Graph

62195 Commits

Author SHA1 Message Date
Clayton Coleman
110b064d63
Make Service storage a wrapper around other storages
The registry abstraction is unnecessary and adds direct coupling to the
core types. By using a wrapper, we carry through the default
implementations of the non-mutating operations. The DeleteCollection
method is explicitly patched out since it cannot be correctly
implemented on the storage currently.

As a result, TableConvertor is now exposed.

A few other minor refactorings

* Corrected the case of some variables
* Used functions instead of methods for several helper methods
* Removed the legacy Deleter - service was the only remaining consumer
2018-02-22 23:26:25 -05:00
m1093782566
181930794c fix proxy mode comment message 2018-02-23 11:50:42 +08:00
m1093782566
c44399f31e fix proxy mode comment message in v1alpha1 2018-02-23 11:50:39 +08:00
Mike Danese
fc8ff61eb9 kms: rename KMSService to KeyManagmentService
KMSService is redundent.
2018-02-22 19:37:04 -08:00
Kubernetes Submit Queue
da564ef4fb
Merge pull request #57962 from xiangpengzhao/proxy-feature-gates
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

 Migrate FeatureGates type of kube-proxy from string to map[string]bool

**What this PR does / why we need it**:
Migration of FeatureGates type. This is a follow-up of #53025.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: #53025
https://github.com/kubernetes/kubernetes/pull/57754#discussion_r160023416

**Special notes for your reviewer**:
/cc @luxas @mtaufen @ncdc 

**Release note**:

```release-note
action required: kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs.
```
2018-02-22 19:32:41 -08:00
Kubernetes Submit Queue
f0ca996274
Merge pull request #56164 from danwinship/proxier-chain-split
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Split KUBE-SERVICES chain to re-shrink the INPUT chain

**What this PR does / why we need it**:
#43972 added an iptables rule "`-A INPUT -j KUBE-SERVICES`" to make NodePort ICMP rejection work. (Previously the KUBE-SERVICES chain was only run from OUTPUT, not INPUT.) #44547 extended that patch for ExternalIP rejection as well.

However, the KUBE-SERVICES chain may potentially have a very large number of ICMP reject rules for plain ClusterIP services (the ones that get run from OUTPUT), and it seems that for some reason the kernel is much more sensitive to the length of the INPUT chain than it is to the length of the OUTPUT chain. So a node that worked fine with kube 1.6 (when KUBE-SERVICES was only run from OUTPUT) might fall over with kube 1.7 (with KUBE-SERVICES being run from both INPUT and OUTPUT).

(Specifically, a node with about 5000 ClusterIP reject rules that ran fine with OpenShift 3.6 [kube 1.6] slowed almost to a complete halt with OpenShift 3.7 [kube 1.7].)

This PR fixes things by splitting out the "new" part of KUBE-SERVICES (NodePort and ExternalIP reject rules) into a separate KUBE-EXTERNAL-SERVICES chain run from INPUT, and moves KUBE-SERVICES back to being only run from OUTPUT. (So, yes, this assumes that you don't have 5000 NodePort/ExternalIP services, but, if you do, there's not much we can do, since those rules *have* to be run on the INPUT side.)

Oh, and I left in the code to clean up the "`-A INPUT -j KUBE-SERVICES`" rule even though we don't generate it any more, so it gets fixed on upgrade.

**Release note**:
```release-note
Reorganized iptables rules to fix a performance regression on clusters with thousands of services.
```

@kubernetes/sig-network-bugs @kubernetes/rh-networking
2018-02-22 18:52:53 -08:00
Kubernetes Submit Queue
9a75b4d7a9
Merge pull request #58816 from croomes/storageos_containerized_kubelet
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

StorageOS configurable device directory and mount options

**What this PR does / why we need it**:
This allows StorageOS volumes to be mounted when the kubelet is running in a container and we are unable to use the default device location (/var/lib/storageos/volumes).  With this PR, the node's device location is requested via the StorageOS api, falling back to the current behaviour if not configured.  The node's device location can be supplied as an environment variable (DEVICE_DIR) to the StorageOS container.  This is backwards-compatible and no changes are needed to existing deployments.

The PR also allows Mount options to be set for StorageOS volumes in the same way they're enabled for other volume plugins.

The StorageOS API dependency was updated to the latest version, but no functionality changes besides adding the DeviceDir property to the Controller object.

There is also a small refactor of the loopback device handling code in storageos_utils.go to capture stderr output.

**Release note**:
```release-note
StorageOS volume plugin updated to support mount options and environments where the kubelet runs in a container and the device location should be specified.
```

Not sure why godep changed the comments of unrelated packages in Godeps.json...

/sig storage
2018-02-22 18:11:34 -08:00
Lantao Liu
faa581c5cb Add node e2e test for log rotation. 2018-02-23 01:42:35 +00:00
Lantao Liu
313e8717f6 Generated code 2018-02-23 01:42:35 +00:00
Lantao Liu
d7b21a3358 Use container log manager in kubelet 2018-02-23 01:42:35 +00:00
Lantao Liu
ebb4865479 Add kubelet container log manager 2018-02-23 01:41:34 +00:00
Di Xu
271ae45901 fix new typos when rebasing 2018-02-23 09:33:14 +08:00
Di Xu
16a807aaef add spelling checking script 2018-02-23 09:33:14 +08:00
Di Xu
48434b44c4 vendor misspell 2018-02-23 09:33:14 +08:00
Kubernetes Submit Queue
948f28a74c
Merge pull request #60149 from aveshagarwal/master-kubectl-priority-issue
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix kubectl describe output for priority class objects.

**What this PR does / why we need it**:

Fixes `kubectl describe priorityclass`  (try https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#example-priorityclass)  

```
Name:           high-priority
Value:          %!s(int32=1000000)
GlobalDefault:  %!s(bool=false)
Description:    This priority class should be used for XYZ service pods only.
Annotations:    <none>
Events:         <none>

```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
None
```

@bsalamat @kubernetes/sig-scheduling-bugs  @kubernetes/sig-cli-bugs 
/king bug
/sig scheduling
/sig cli
2018-02-22 17:18:29 -08:00
Kubernetes Submit Queue
4ebaddb6b7
Merge pull request #60226 from php-coder/psp_examples_owners
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

examples/podsecuritypolicy: add owners

When we modify something PSP-related, we need to update examples as well but unfortunately they wasn't belong to us.
2018-02-22 16:33:06 -08:00
Kubernetes Submit Queue
6c53367810
Merge pull request #59973 from kawych/e2e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Introduce e2e test for Stackdriver Metadata Agent

**What this PR does / why we need it**:
Introduce e2e test for Stackdriver Metadata Agent

**Release note**:
```release-note
None
```
2018-02-22 16:32:49 -08:00
Kubernetes Submit Queue
a195a76151
Merge pull request #59952 from resouer/consts-handler
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use consts as predicate key names in handlers

**What this PR does / why we need it**:

Per discussion in: https://github.com/kubernetes/kubernetes/pull/59335/files#r168351460

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #59951

**Special notes for your reviewer**:

**Release note**:

```release-note
Use consts as predicate name in handlers
```
2018-02-22 15:45:16 -08:00
Michael Taufen
1d59190d3e clean up KubeletConfigOk condition construction
This PR cleans up the construction of the node condition and also fixes
a small bug where the last transition time could be updated incorrectly
when the sync failure overlay was present.
2018-02-22 14:43:19 -08:00
Mike Danese
f82fa4dc9a gce: allow extra addons to be sourced form a url 2018-02-22 14:33:52 -08:00
Michelle Au
103f0144fa generated files 2018-02-22 14:28:25 -08:00
Rohit Ramkumar
938dcfd1b8
Remove k8s prefix from gcr.io/k8s-ingress-gce-image-push repo
See title
2018-02-22 14:19:40 -08:00
Mike Danese
1e90823c3b godeps: bump go-openapi 2018-02-22 13:43:02 -08:00
Kubernetes Submit Queue
6e856480c0
Merge pull request #55168 from nikhita/customresources-subresources
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

apiextensions: add subresources for custom resources

Fixes #38113
Fixes #58778

**Related**:
- Proposal: https://github.com/kubernetes/community/pull/913
- For custom resources to work with `kubectl scale`: https://github.com/kubernetes/kubernetes/pull/58283

**Add types**:

- Add `CustomResourceSubResources` type to CRD.
    - Fix proto generation for `CustomResourceSubResourceStatus`: https://github.com/kubernetes/kubernetes/pull/55970.
- Add feature gate for `CustomResourceSubResources`.
    - Update CRD strategy: if feature gate is disabled, this feature is dropped (i.e. set to `nil`).
- Add validation for `CustomResourceSubResources`:
    - `SpecReplicasPath` should not be empty and should be a valid json path under `.spec`. If there is no value under the given path in the CustomResource, the `/scale` subresource will return an error on GET.
    - `StatusReplicasPath` should not be empty and should be a valid json path under `.status`. If there is no value under the given path in the CustomResource, the status replica value in the /scale subresource will default to 0.
    - If present, `LabelSelectorPath` should be a valid json path. If there is no value under `LabelSelectorPath` in the CustomResource, the status label selector value in the `/scale` subresource will default to the empty string.
    - `ScaleGroupVersion` should be `autoscaling/v1`.
    - If `CustomResourceSubResources` is enabled, only `properties` is allowed under the root schema for CRD validation.

**Add status and scale subresources**:

- Use helper functions from `apimachinery/pkg/apis/meta/v1/unstructured/helpers.go`.
    - Improve error handling: https://github.com/kubernetes/kubernetes/pull/56563, https://github.com/kubernetes/kubernetes/pull/58215.
- Introduce Registry interface for storage.
- Update storage:
    - Introduce `CustomResourceStorage` which acts as storage for the custom resource and its status and scale subresources. Note: storage for status and scale is only enabled when the feature gate is enabled _and_ the respective fields are enabled in the CRD.
    - Introduce `StatusREST` and its `New()`, `Get()` and `Update()` methods.
    - Introduce `ScaleREST` and its `New()`, `Get()` and `Update()` methods.
        - Get and Update use the json paths from the CRD and use it to return an `autoscaling/v1.Scale` object.
- Update strategy:
    - In `PrepareForCreate`,
         - Clear `.status`.
         - Set `.metadata.generation` = 1
    - In `PrepareForUpdate`,
         - Do not update `.status`.
             - If both the old and new objects have `.status` and it is changed, set it back to its old value.
             - If the old object has a `.status` but the new object doesn't, set it to the old value.
             - If old object did not have a `.status` but the new object does, delete it.
         - Increment generation if spec changes i.e. in the following cases:
             - If both the old and new objects had `.spec` and it changed.
             - If the old object did not have `.spec` but the new object does.
             - If the old object had a `.spec` but the new object doesn't.
     - In `Validate` and `ValidateUpdate`,
        - ensure that values at `specReplicasPath` and `statusReplicasPath` are >=0 and < maxInt32.
        - make sure there are no errors in getting the value at all the paths.
    - Introduce `statusStrategy` with its methods.
        - In `PrepareForUpdate`:
            - Do not update `.spec`.
                - If both the old and new objects have `.spec` and it is changed, set it back to its old value.
                - If the old object has a `.spec` but the new object doesn't, set it to the old value.
                - If old object did not have a `.spec` but the new object does, delete it.
             - Do not update `.metadata`.
        - In `ValidateStatusUpdate`:
            - For CRD validation, validate only under `.status`.
            - Validate value at `statusReplicasPath` as above. If `labelSelectorPath` is a path under `.status`, then validate it as well.
- Plug into the custom resource handler:
    - Store all three storage - customResource, status and scale in `crdInfo`.
    - Use the storage as per the subresource in the request.
    - Use the validator as per the subresource (for status, only use the schema for `status`, if present).
    - Serve the endpoint as per the subresource - see `serveResource`, `serveStatus` and `serveScale`.
- Update discovery by adding the `/status` and `/scale` resources, if enabled.

**Add tests**:

- Add unit tests in `etcd_test.go`.
- Add integration tests.
    - In `subresources_test.go`, use the [polymporphic scale client](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/client-go/scale) to get and update `Scale`.
    -  Add a test to check everything works fine with yaml in `yaml_test.go`.

**Release note**:

```release-note
`/status` and `/scale` subresources are added for custom resources.
```
2018-02-22 13:37:35 -08:00
Slava Semushin
e69e879969 examples/podsecuritypolicy: add owners. 2018-02-22 21:46:15 +01:00
Michelle Au
2e80059ac0 Update description for valid reclaim policies 2018-02-22 11:56:23 -08:00
Robert Pothier
ad16986cd8 Remove subnet size restriction for IPv6
RangeSize was restricting IPv6 subnets to a /66 due to the
logic using a uint64. This is not practical for IPv6.
This change removes the /64 restriction, but also sets a limit
on the range that can be allocated, so that the bitmap will not grow too large.
2018-02-22 14:21:14 -05:00
Kubernetes Submit Queue
fd1527a977
Merge pull request #60131 from soltysh/integration_fixes_followup
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Return information about which int tests failed in the summary - followup

@stevekuznetsov you asked about it in https://github.com/kubernetes/kubernetes/pull/59486#discussion_r169351176

/assign @stevekuznetsov 


**Release note**:
```release-note
NONE
```
2018-02-22 10:35:47 -08:00
Slava Semushin
88ae9479d9 Run hack/update-bazel.sh 2018-02-22 19:23:02 +01:00
Slava Semushin
3d4fa8a189 Modify PodSecurityPolicy admission plugin to additionally allow authorizing via "use" verb in policy API group. 2018-02-22 19:23:02 +01:00
Nikhita Raghunath
55ce3dedaa update generated files 2018-02-22 23:26:17 +05:30
Nikhita Raghunath
6fbe8157e3 add subresources for custom resources 2018-02-22 23:26:09 +05:30
David Ashpole
65394fe18c update cadvisor godeps and ignore per-cpu metrics 2018-02-22 09:17:02 -08:00
Kubernetes Submit Queue
a4222bd8c3
Merge pull request #60186 from feiskyer/vmss-check
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Cleanup node type checking for azure nodes

**What this PR does / why we need it**:

This PR cleanup node type checking for azure nodes. It also fixes a problem of `instance not found` error for VMAS nodes in vmss cluster (vmType set to vmss):

```
ss.GetPrimaryInterface(k8s-master), ss.getCachedVirtualMachine(k8s-master), err=instance not found
```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #60185

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2018-02-22 08:30:02 -08:00
Kubernetes Submit Queue
aded0d9225
Merge pull request #59264 from atlassian/set-gvk-on-conversion-to-unstructured
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Conversion from typed to unstructured should set GVK

**What this PR does / why we need it**:
By convention typed objects do not have `TypeMeta` information filled. When the scheme converts a typed object into Unstructured it should set type meta information explicitly otherwise Unstructured object is not recognizable.

**Special notes for your reviewer**:
Bug was not visible to tests because tests were working with a typed object with `TypeMeta` information filled. It was filled by previous tests. I have refactored tests for better isolation. Also fixed some other issues in tests.

Add `?w=1` to the PR's URL to see the diff with whitespace changes ignored.

**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
/cc @smarterclayton @deads2k
2018-02-22 07:36:52 -08:00
Dr. Stefan Schimanski
061a451273 Fix nsenter on Mac 2018-02-22 16:32:06 +01:00
Maciej Pytel
602aaaf03d Validation for HPA external metrics 2018-02-22 15:53:03 +01:00
Kubernetes Submit Queue
839adb86f0
Merge pull request #60095 from MrHohn/addon-manager-bump-istio
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Bump addon-manager to v8.6

**What this PR does / why we need it**:
Follow up of https://github.com/kubernetes/kubernetes/pull/59378, build & push a new addon-manager image to pick up the namespace change to support istio addon.

Pushed images for {amd64, arm, arm64, ppc64le, s390x}.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE 

**Special notes for your reviewer**:
/assign @mikedanese @ostromart 

**Release note**:

```release-note
NONE
```
2018-02-22 06:50:47 -08:00
Maciej Szulik
999273fbd7
Remove ClientSetForVersion & ClientConfigForVersion from factory 2018-02-22 15:50:27 +01:00
Kubernetes Submit Queue
99d08010f8
Merge pull request #60199 from aleksandra-malinowska/autoscaling-fix-15
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix passing gcloud command output to error check

Fix passing gcloud command output to error check. Underlying function from testing library expects interface{} and then type asserts that it's a string, so passing []byte results in errors:

```interface conversion: interface {} is []uint8, not string```

```release-note
NONE
```
2018-02-22 06:09:13 -08:00
Kubernetes Submit Queue
c85ede510b
Merge pull request #60040 from PhilipGough/keys-from-cm
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Allow env to be updated via specific key in resource

**What this PR does / why we need it**:

This change allows users of the `oc` client to specify a list of comma-separated keys when running `oc set env` which should be imported from a resource i.e configmap or secret

This can be useful when a number of applications want to share a configuration object but don't want to pollute a resource with unused environment 



**Release note**:

```release-note
Allow kubectl env to specify which keys to import from a config map
```
2018-02-22 06:08:55 -08:00
Maciej Pytel
079f3f1829 Autogenerated code for HPA external metrics 2018-02-22 14:45:06 +01:00
Maciej Pytel
8a002d855f Add external metric type to HPA API 2018-02-22 14:44:21 +01:00
Maciej Szulik
4d7d153a12
Remove unnecessary return parameter from NewCmdTopPod 2018-02-22 14:33:14 +01:00
Maciej Szulik
8bf4cfcf60
Add kubectl create job --from=cronjob/<name> 2018-02-22 14:30:37 +01:00
Edmund Rhudy
5b57c2db00
Fixes #47538: Add functionality for manually creating a Job instance from a CronJob
This changeset adds the command `kubectl create job` with the flag `--from-cronjob`, which allows a user to create a Job from a CronJob via the CLI.
2018-02-22 14:30:37 +01:00
Kubernetes Submit Queue
270148d7d9
Merge pull request #58684 from hzxuzhonghu/default-enabled-admission
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

set default enabled admission plugins by official document

**What this PR does / why we need it**:

https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use

recommend  running the following set of admission controllers 
```
If you previously had not set the `--admission-control` flag, your cluster behavior may change (to be more standard).  See [https://kubernetes.io/docs/admin/admission-controllers/] for explanation of admission control.
```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
Set default enabled admission plugins `NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota`
```
2018-02-22 05:24:44 -08:00
David Eads
c9cb705816 deprecate --show-all 2018-02-22 08:19:12 -05:00
David Eads
f084311326 remove metrics client factory method 2018-02-22 07:45:04 -05:00
Kubernetes Submit Queue
064597a8e0
Merge pull request #59857 from feiskyer/metadata
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix instanceID for vmss nodes

**What this PR does / why we need it**:

When useInstanceMetadata is set to true for vmss nodes, their providerID is wrong.

Their providerID should be in format `azure:///subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.Compute/virtualMachineScaleSets/<scaleset-name>/virtualMachines/<instance-id>`.


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #59855

**Special notes for your reviewer**:

**Release note**:

```release-note
Fix instanceID for vmss nodes.
```
2018-02-22 04:39:14 -08:00