Automatic merge from submit-queue (batch tested with PRs 37328, 38102, 37261, 31321, 38146)
Make thirdparty codec able to decode DeleteOptions
Fix#37278.
Without this PR, the gvk sent to the delegated codec will be the thirdparty one, which is not recognized by the delegated codec (usually api.Codecs).
Automatic merge from submit-queue (batch tested with PRs 38076, 38137, 36882, 37634, 37558)
[scheduler] Use V(10) for anything which may be O(N*P) logging
Fixes#37014
This PR makes sure that logging statements which are capable of being called on a perNode / perPod basis (i.e. non essential ones that will just clog up logs at large scale) are at V(10) level.
I dreamt of a levenstein filter that built a weak map of word frequencies and alerted once log throughput increased w/o varying information content.... but then I woke up and realized this is probably all we really need for now :)
Automatic merge from submit-queue (batch tested with PRs 38076, 38137, 36882, 37634, 37558)
Make logging for gcl e2e test more verbose
To help debug https://github.com/kubernetes/kubernetes/issues/37241
CC @piosz
Automatic merge from submit-queue (batch tested with PRs 38076, 38137, 36882, 37634, 37558)
Allow backendpools in Azure Load Balancers which are not owned by cloud provider
**What this PR does / why we need it**: It fixes#36880
**Which issue this PR fixes**: fixes#36880
**Special notes for your reviewer**:
**Release note**:
```release-note
Allow backendpools in Azure Load Balancers which are not owned by cloud provider
```
Instead of bailing out when we find another backend pool, we just ignore
other backend pools and add ours to the list of existing.
Fixes#36880
Automatic merge from submit-queue (batch tested with PRs 38076, 38137, 36882, 37634, 37558)
glusterfs: Fix all gid types to int to prevent failures on 32bit systems
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
The glusterfs dynamic provisioner with GID security has an issue on 32 bit systems.
This fixes that issue by forcing all gid types to int internally.
<!--
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
-->
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Fix the glusterfs dynamic provisioner for 32bit systems by limiting the gids to type int internally, and allowing 2147483647 as the highest GID.
```
This makes all types int until we hand the GID to heketi/gluster,
at which point it's converted to int64.
It also limits the maximum usable GID ti math.MaxInt32 = 2147483647.
Signed-off-by: Michael Adam <obnox@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 38111, 38121)
remove rbac super user
Cleaning up cruft and duplicated capabilities as we transition from RBAC alpha to beta. In 1.5, we added a secured loopback connection based on the `system:masters` group name. `system:masters` have full power in the API, so the RBAC super user is superfluous.
The flag will stay in place so that the process can still launch, but it will be disconnected.
@kubernetes/sig-auth
Automatic merge from submit-queue (batch tested with PRs 38111, 38121)
Prevent SIGPIPE errors causing the version check line to fail
The way we use pipe in hack/lib/etcd.sh when processing the version command can lead to
141 failues on some systems. Using a prefix of tail can prevent this.
Fixes#38109
This makes all types int until we hand the GID to heketi/gluster,
at which point it's converted to int64.
It also limits the maximum usable GID ti math.MaxInt32 = 2147483647.
Signed-off-by: Michael Adam <obnox@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 36352, 36538, 37976, 36374)
etcd3: have prefix always prepended
ref: #36290
Previously, the prefix behavior is "sometimes prefixing". If the prefix already exists for the resource path, it will ignore.
With this PR, we make sure that prefix is always prepended in etcd3 storage backend. See the discussion in #36290
Automatic merge from submit-queue (batch tested with PRs 36352, 36538, 37976, 36374)
demonstrate separation of controller intializers
Currently, controllers are all initialized in a monster method that make it difficult to individually pick out whether there are side-effects, difficult to group related controllers for selective enablement, and impossible to determine if there are hidden dependencies.
This pull demonstrates how we can break apart the monolith and start start the process of grouping and naming controllers for selective enablement. In addition, the use of a map will help expose dependency ordering amongst these controllers and the separate methods will make it a lot harder to have side effects.
This also moves us closer to being able to author reflective unit tests that help ensure that basic RBAC bootstrap roles are at least present, even if they aren't correct.
@nikhiljindal since you were looking at the federation controller manager
@sttts since we're looking at trying out RBAC on these.
Automatic merge from submit-queue (batch tested with PRs 36352, 36538, 37976, 36374)
Check in YAML versions of bootstrap roles/rolebindings
Allows auditing changes to bootstrap roles over time, preventing accidental changes, and gives a place for people to pull bootstrap roles to load directly
Automatic merge from submit-queue (batch tested with PRs 36352, 36538, 37976, 36374)
test: update deployment helper to return better error messages
@kubernetes/deployment the problem with https://github.com/kubernetes/kubernetes/issues/36270 is that the selector key is never added in the deployment but this change would make it clearer.
Automatic merge from submit-queue (batch tested with PRs 37366, 36373)
kubeadm: Let apiserver and controller-manager host-mount /etc/pki when required
#<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
This PR checks if /etc/pki is present on the host machine and adds a host-mount to the apiserver and controller-manager manifest if required.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#36150
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Fix incompatible host mounts for SSL certificates when deploying on CentOS with kubeadm
```
Automatic merge from submit-queue (batch tested with PRs 37370, 37003, 36909)
add auth proxy roundtripper
Adds a round tripper which adds auth proxy fields based on user.Info you can pull from a context. It clears existing headers first to be sure that these aren't accidentally set ahead of time.
@nikhiljindal per our conversation. This is what I'm using downstream.
This removes all dependencies on Config during cert generation, only operating
on ServerRunOptions. This way we get rid of the repeated call of Config.Complete
and cleanly stratify the GenericApiServer bootstrapping.
Automatic merge from submit-queue (batch tested with PRs 37307, 29606, 37986)
Allow glusterfs dp volume creation for empty clusterid parameter in sc.
Why this patch is needed?
The `strings.split()` (https://github.com/kubernetes/kubernetes/pull/37986/files#diff-e97253dd603331ffca81131a4b67264fR700) returns a slice of `single element("empty") ` when the split is attempted on a string. This is expected according to `https://golang.org/pkg/strings/#Split` and `https://github.com/golang/go/issues/13075`. This make the provisioner to fail, if `clusterid` is not defined in the SCs. This patch make sure the split is attempted only when clusterid is mentioned in the sc parameter.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue
Enable update tests for federated secret controller
Enable update tests in secret controller + add option to execute multiple iterations in the same run.
cc: @nikhiljindal @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 37208, 37446, 37420)
Kubelet log modification
Keep in line with the other error logs in the function.
After return, the caller records the error log.Delete redundant logs
Automatic merge from submit-queue (batch tested with PRs 37208, 37446, 37420)
Move "-short" to KUBE_TEST_ARGS
fixes#37445
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
"-short" is a argument of "go test", it should be moved to
"KUBE_TEST_ARGS".
Automatic merge from submit-queue (batch tested with PRs 37208, 37446, 37420)
Change 'controller.go' filenames to more meaningfull ones
Controller logic should sit in uniquely named file, not `controller.go`, as the latter makes it very hard to understand controller-manager logs.
@deads2k @bgrant0607 @soltysh @gtank
Automatic merge from submit-queue
Create GetOptions to allow passing "ResourceVersion" to GET requests.
Ref #37473
@kubernetes/sig-api-machinery @smarterclayton
