Commit Graph

44034 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
b385a94fed Merge pull request #41614 from feiskyer/fix-user
Automatic merge from submit-queue

Defaulting client certs owner to current user if not speicified

**What this PR does / why we need it**:

Defaulting client certs owner to current user if not speicified.

**Which issue this PR fixes** 

Fixes #41560.

**Release note**:

```release-note
NONE
```

cc/ @sttts @liggitt
2017-02-20 05:23:04 -08:00
Kubernetes Submit Queue
ba6dca94bc Merge pull request #41458 from humblec/iscsi-nodisk-conflict
Automatic merge from submit-queue

Adjust nodiskconflict support based on iscsi multipath.

With the multipath support is in place, to declare whether both iscsi disks are same, we need to only depend on IQN.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2017-02-20 03:54:41 -08:00
Kubernetes Submit Queue
777de1952f Merge pull request #41737 from wojtek-t/tunable_kubemark_resources
Automatic merge from submit-queue

More resources for hollowproxy in large kubemarks
2017-02-20 02:41:12 -08:00
Kubernetes Submit Queue
2f0e5ba786 Merge pull request #41272 from DirectXMan12/feature/hpa-v2-controller
Automatic merge from submit-queue

Convert HPA controller to support HPA v2 mechanics

This PR converts the HPA controller to support the mechanics from HPA v2.
The HPA controller continues to make use of the HPA v1 client, but utilizes
the conversion logic to work with autoscaling/v2alpha1 objects internally.

It is the follow-up PR to #36033 and part of kubernetes/features#117.

**Release note**:
```release-note
NONE
```
2017-02-20 01:52:19 -08:00
Wojciech Tyczynski
4426156aa6 More resources for hollowproxy in large kubemarks 2017-02-20 09:26:17 +01:00
Kubernetes Submit Queue
b3d627c2e2 Merge pull request #41387 from gyliu513/most-request
Automatic merge from submit-queue

Improved code coverage for plugin/pkg/scheduler/algorithm/priorities…

…/most_requested.go



**What this PR does / why we need it**:
Part of #39559 , code coverage improved from 70+% to 80+%
2017-02-19 23:04:02 -08:00
Solly Ross
caa78e0b3e Fix HPA v1 Conversion Bug
There was a bug in the HPA v1 conversion logic that would occur when
a custom metric and a metric that was encoded in v1 as
targetCPUUtilizationPercentage were used at the same time.  In this
case, the custom metric could overwrite the CPU metric, or vice versa.

This fixes that bug, and ensures that the fuzzer tests round-tripping
with multiple metrics.
2017-02-20 01:45:49 -05:00
Kubernetes Submit Queue
c577108c06 Merge pull request #39964 from justinsb/route53_logger
Automatic merge from submit-queue (batch tested with PRs 39991, 39964)

route53 dnsprovider: add more logging

In the aws cloudprovider, we have a custom logger.  This adds the same
logger to the route53 dnsprovider.

We copy the (simple) code in anticipation that the providers are likely
to live in separate repos in future.

```release-note
federation aws: add logging of route53 calls
```
2017-02-19 19:47:36 -08:00
Kubernetes Submit Queue
8631aa2eb2 Merge pull request #39991 from justinsb/verbose_changeset_logging
Automatic merge from submit-queue

dnsprovider route53: log changeset details at v(8)

Otherwise it can be hard to know exactly what is changing and whether
the changes could be optimized, or to troubleshoot if someone were
accidentally to have a bug in their calling code.

```release-note
NONE
```
2017-02-19 19:07:17 -08:00
Kubernetes Submit Queue
960efff770 Merge pull request #41599 from madhusudancs/fed-e2e-common-vars-cleanup
Automatic merge from submit-queue

Refactor federation-up.sh script.

Move common variables to common.sh script in preparation for the upcoming changes to federation-down.sh that also depends on these common variables.

```release-note
NONE
```

cc @kubernetes/sig-federation-pr-reviews @shashidharatd
2017-02-19 17:51:12 -08:00
Kubernetes Submit Queue
c2ad28be92 Merge pull request #41500 from luxas/kubeadm_set_orphans
Automatic merge from submit-queue (batch tested with PRs 41420, 41500)

Set OrphanDependents=&falseVar so the GC will (or should) remove the dummy Pod

**What this PR does / why we need it**:

ref: https://github.com/kubernetes/kubeadm/issues/149

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

This doesn't remove the Pod yet, only the ReplicaSet, but once the GC is working as expected, it'll remove the Pod with this configuration

**Release note**:

```release-note
NONE
```
@errordeveloper @mikedanese @pires @caesarxuchao @krmayankk @kargakis
2017-02-19 14:42:33 -08:00
Kubernetes Submit Queue
bd1a222173 Merge pull request #41420 from jbeda/add-public-to-e2e
Automatic merge from submit-queue

Adds kube-public to the whitelist to not be deleted for e2e tests

We added the `kube-public` namespace but didn't add it to a whitelist of namespaces to not delete as part of e2e cleanup.

```release-note
```
2017-02-19 14:38:01 -08:00
Justin Santa Barbara
5db0778823 dnsprovider route53: log changeset details at v(8)
Otherwise it can be hard to know exactly what is changing and whether
the changes could be optimized, or to troubleshoot if someone were
accidentally to have a bug in their calling code.
2017-02-19 17:26:16 -05:00
Justin Santa Barbara
df91e00231 route53 dnsprovider: add more logging
In the aws cloudprovider, we have a custom logger.  This adds the same
logger to the route53 dnsprovider.

We copy the (simple) code in anticipation that the providers are likely
to live in separate repos in future.
2017-02-19 17:25:40 -05:00
Kubernetes Submit Queue
00b02117bc Merge pull request #39958 from justinsb/dnsprovider_parent
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)

dnsprovider: Expose parent objects in interfaces

This will allow us to pass e.g. a ResourceRecordChangeset, rather than a
ResourceRecordChangeset, the parent ResourceRecordSets, and the
grandparent Zone.

Laying the groundwork for simplifying / optimizing the federation logic.

```release-note
NONE
```
2017-02-19 13:50:43 -08:00
Kubernetes Submit Queue
0dc52d7919 Merge pull request #41707 from shashidharatd/federation-service-e2e-2
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)

[Federation][e2e] Remove ns creation in federated clusters

**What this PR does / why we need it**:
In federation e2e, framework creates a namespace for each test case. the same ns is supposed to be created in federated clusters. Due to issues in namespace controller, this was not working earlier. but now it is working.
so currently the namespace is created twice, once by namespace controller and another when we call `getRegisteredClusters`. depending on the timing of these 2 calls, some [test cases fails ](https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-federation/1199#k8sio-federation-secrets-featurefederation-secret-objects-should-not-be-deleted-from-underlying-clusters-when-orphandependents-is-true). So removing the creation of namespace when `getRegisteredClusters` which is unnecessary.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes flakes in federation e2e.

cc @madhusudancs @nikhiljindal @kubernetes/sig-federation-bugs
2017-02-19 13:50:41 -08:00
Kubernetes Submit Queue
4a75c1b2aa Merge pull request #41617 from timothysc/affinity_annotations_flaggate
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)

Feature-Gate affinity in annotations 

**What this PR does / why we need it**:
Adds back basic flaggated support for alpha Affinity annotations

**Special notes for your reviewer**:
Reconcile function is placed in the lowest common denominator, which in this case is schedulercache, because you can't place flag-gated functions in apimachinery. 

**Release note**:

```
NONE
```

/cc @davidopp
2017-02-19 13:50:40 -08:00
Kubernetes Submit Queue
a962f5d2e4 Merge pull request #41585 from pwittrock/owners
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)

Owners file related changes for kubectl and docs contributors

- adding a command to kubectl updates the root .generated_docs file requiring root level approval: move .generated_docs under docs/
- run hack/update-generated-docs.sh so the docs are up to date
- add kubectl contributors to test/OWNERS and test/fixtures/pkg/kubectl/OWNERS so they can approve kubectl e2e test changes


```release-note
NONE
```
2017-02-19 13:50:38 -08:00
Kubernetes Submit Queue
7236af6162 Merge pull request #39373 from apprenda/fix_configmap
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)

Fix ConfigMaps for Windows

**What this PR does / why we need it**: ConfigMaps were broken for Windows as the existing code used linux specific file paths. Updated the code in `kubelet_getters.go` to use `path/filepath` to get the directories. Also reverted back the code in `secret.go` as updating `kubelet_getters.go` to use `path/filepath` also fixes `secrets`

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/39372

```release-note
Fix ConfigMap for Windows Containers.
```

cc: @pires
2017-02-19 13:50:37 -08:00
Anirudh Ramanathan
3a73d23e33 Merge pull request #41716 from Random-Liu/revert-kubemark-npd-change
Revert the npd change in kubemark.
2017-02-19 11:32:15 -07:00
Random-Liu
47fc1d684d Revert the npd change in kubemark. 2017-02-19 04:14:30 -08:00
Kubernetes Submit Queue
070ebfe622 Merge pull request #41414 from kevin-wangzefeng/tolerationseconds-admission-controller
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)

add defaultTolerationSeconds admission controller

**What this PR does / why we need it**:
Splited from #34825, add a new admission-controller that
1. adds toleration (with tolerationSeconds = 300) for taint `notReady:NoExecute` to every pod that does not already have a toleration for that taint, and
2. adds toleration (with tolerationSeconds = 300) for taint `unreachable:NoExecute` to every pod that does not already have a toleration for that taint.

**Which issue this PR fixes**: 
Related issue: #1574
Related PR: #34825

**Special notes for your reviewer**:

**Release note**:

```release-note
add defaultTolerationSeconds admission controller
```
2017-02-19 00:58:47 -08:00
Kubernetes Submit Queue
f69570c92e Merge pull request #41603 from luxas/kubeadm_reorder_kubeconfig
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)

kubeadm: Make a separate util package for kubeconfig logic

**What this PR does / why we need it**:

There are a lot of packages that need to consume kubeconfig logic, so it should be in a central place.
Having it in `kubeadmutil` is suboptimal, because then it get mixed with everything else.

This splits that logic out to a generic place so it then also can be consumed in https://github.com/kubernetes/kubernetes/pull/41417, from where it's broken out.

 - Move {admin,kubelet}.conf out as constants
 - Make a separate util package for kubeconfig logic

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-02-19 00:58:46 -08:00
Kubernetes Submit Queue
eb8e1dd5f1 Merge pull request #41021 from jcbsmpsn/rotate-certificate
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)

Rotate the kubelet certificate when about to expire.

Changes the kubelet so it doesn't use the cert/key files directly for
starting the TLS server. Instead the TLS server reads the cert/key from
the new CertificateManager component, which is responsible for
requesting new certificates from the Certificate Signing Request API on
the API Server.
2017-02-19 00:58:45 -08:00
Kubernetes Submit Queue
55dd8249c1 Merge pull request #39058 from k82cn/add_cscope_git_ignore
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)

Add cscope related files into .gitignore.
2017-02-19 00:58:43 -08:00
Kubernetes Submit Queue
4bae7f18a5 Merge pull request #41043 from soltysh/issue20208
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)

Allow setting replace patchStrategy for structs

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #20208

@liggitt and @ymqytw ptal, you were in the original issue
2017-02-19 00:58:37 -08:00
Justin Santa Barbara
fb9af639d3 dnsprovider: Expose parent objects in interfaces
This will allow us to pass e.g. a ResourceRecordChangeset, rather than a
ResourceRecordChangeset, the parent ResourceRecordSets, and the
grandparent Zone.

Laying the groundwork for simplifying / optimizing the federation logic.
2017-02-19 02:01:30 -05:00
Anirudh Ramanathan
8c8dca052d Merge pull request #41703 from Random-Liu/fix-kubemark-npd
Fix kubemark hollow-npd.
2017-02-18 23:21:02 -07:00
shashidharatd
43cf502275 Remove ns creation in federated cluster when getting registered clusters 2017-02-19 11:46:33 +05:30
Random-Liu
cd194bd9cc Fix kubemark hollow-npd. 2017-02-18 21:01:56 -08:00
Joe Beda
93752947b8
Adds kube-public to the whitelist to not be deleted for e2e tests. 2017-02-18 18:08:12 -08:00
Anirudh Ramanathan
8911e2a377 Merge pull request #41693 from kubernetes/revert-41524-fix-cri-kubemark
Revert "Generate valid container id in fake docker client."
2017-02-18 15:35:58 -07:00
Kevin
83545a65f1 add defaultTolerationSeconds admission controller 2017-02-18 23:48:03 +08:00
Timothy St. Clair
2bcd63c524 Cleanup work to enable feature gating annotations 2017-02-18 09:25:57 -06:00
Robert Rati
32c4683242 Feature-Gate affinity in annotations 2017-02-18 09:08:38 -06:00
Jordan Liggitt
66dec96735 Revert "Generate valid container id in fake docker client." 2017-02-18 10:06:24 -05:00
Kubernetes Submit Queue
ff12e5688c Merge pull request #40206 from Random-Liu/add-standalone-npd
Automatic merge from submit-queue

Add standalone npd on GCI.

This PR added standalone NPD in GCE GCI cluster. I already verified the PR, and it should work.

/cc @dchen1107 @fabioy @andyxning @kubernetes/sig-node-misc
2017-02-18 02:00:20 -08:00
Kubernetes Submit Queue
4d11cbc577 Merge pull request #39364 from zhouhaibing089/nodeports
Automatic merge from submit-queue

nodeports usage should be part of LoadBalancer service type

Since a creation of Service of type LoadBalancer will allocate NodePorts as well, so it makes more sense to account for the NodePort usage in the LoadBalancer switch case.

check here: https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/core/service/rest.go#L553 for the logic on whether it should assign a nodeport for the service.
2017-02-17 20:34:32 -08:00
Kubernetes Submit Queue
4c5b22d4c6 Merge pull request #41651 from shashidharatd/kubefed-3
Automatic merge from submit-queue (batch tested with PRs 41401, 41195, 41664, 41521, 41651)

[Federation][kubefed] Add label selector for etcd pvc

Currently, etcd pvc created for federation etcd does not have a label selector. without a label selector etcd pvc will bind to any pv created statically, this may be problematic in real environments comprising multiple pv's.

Also, verified that we can create a pv statically with labels as below
 ```
  labels:
    "app": "federated-cluster"
    "module": "federation-apiserver"
```
and federation etcd pvc will be bound to the pv matching label.
This is one of the side task, that we discussed in [here](https://github.com/kubernetes/kubernetes/issues/41127#issuecomment-278881319)

cc @madhusudancs @kubernetes/sig-federation-bugs
2017-02-17 19:46:44 -08:00
Kubernetes Submit Queue
112aa327ac Merge pull request #41521 from spiffxp/osx-make-test
Automatic merge from submit-queue (batch tested with PRs 41401, 41195, 41664, 41521, 41651)

Allow `make test` to pass on OSX

**What this PR does / why we need it**: `make test` doesn't pass on my OSX setup (10.11.6, go1.7, docker 1.13.1) on `master`, `release-1.5`, nor `release-1.4`.  Our [docs on unit tests](https://github.com/kubernetes/community/blob/master/contributors/devel/testing.md#unit-tests) say they should always pass on OS X.  This PR allows them to pass.

**Release note**:
```release-note
NONE
```

ref: #24717 for the motivation behind dereferencing mount symlinks

/cc @kubernetes/sig-testing-pr-reviews
2017-02-17 19:46:42 -08:00
Kubernetes Submit Queue
a574c85e60 Merge pull request #41664 from ixdy/make-test-bazel
Automatic merge from submit-queue (batch tested with PRs 41401, 41195, 41664, 41521, 41651)

Ignore bazel-* directories when looking for tests to run

**What this PR does / why we need it**: if you do a Bazel build and then try to run `make test` without `bazel clean`, the test script blows up. cc @cheftako

**Special notes for your reviewer**: there are probably other scripts (e.g. some of `hack/verify-*`) that mishandle the bazel-* convenience symlinks, but I'm not sure if it's worth the effort to fix those unless people complain.

**Release note**:

```release-note
NONE
```
2017-02-17 19:46:41 -08:00
Kubernetes Submit Queue
97921ff38e Merge pull request #41195 from wojtek-t/remove_default_failure_domains
Automatic merge from submit-queue (batch tested with PRs 41401, 41195, 41664, 41521, 41651)

Remove default failure domains from anti-affinity feature

Removing it is necessary to make performance of this feature acceptable at some point.

With default failure domains (or in general when multiple topology keys are possible), we don't have transitivity between node belonging to a topology. And without this, it's pretty much impossible to solve this effectively.

@timothysc
2017-02-17 19:46:40 -08:00
Kubernetes Submit Queue
5edac4f840 Merge pull request #41401 from wojtek-t/detect_bad_unstructured_conversions
Automatic merge from submit-queue (batch tested with PRs 41401, 41195, 41664, 41521, 41651)

Detect bad unstructured conversions

Ref https://github.com/kubernetes/kubernetes/issues/39017

This PR also speed up the conversion:
before:
```
BenchmarkToFromUnstructured-12           	    1000	   1201132 ns/op	   15335 B/op	     268 allocs/op
BenchmarkToFromUnstructuredViaJSON-12    	    1000	   2127384 ns/op	   29669 B/op	     457 allocs/op
```
after:
```
BenchmarkToFromUnstructured-12           	    2000	    911243 ns/op	   10472 B/op	     196 allocs/op
BenchmarkToFromUnstructuredViaJSON-12    	    1000	   2243216 ns/op	   29665 B/op	     457 allocs/op
```
2017-02-17 19:46:38 -08:00
Kubernetes Submit Queue
34bf25fe49 Merge pull request #41524 from Random-Liu/fix-cri-kubemark
Automatic merge from submit-queue

Generate valid container id in fake docker client.

Fixes https://github.com/kubernetes/kubernetes/issues/41488.

This PR generates valid container id by hashing container name. So that dockershim checkpoint won't report `checkpoint key XXX is not valid` error.

This PR also reverts #41460.

@yujuhong @freehan /cc @kubernetes/sig-node-pr-reviews
2017-02-17 17:45:14 -08:00
Jacob Simpson
855627e5cb Rotate the kubelet certificate when about to expire.
Changes the kubelet so it doesn't use the cert/key files directly for
starting the TLS server. Instead the TLS server reads the cert/key from
the new CertificateManager component, which is responsible for
requesting new certificates from the Certificate Signing Request API on
the API Server.
2017-02-17 17:42:35 -08:00
Kubernetes Submit Queue
4b3a097ecd Merge pull request #41525 from yujuhong/fix_output
Automatic merge from submit-queue

Fix the output of health-mointor.sh

The script show prints the errors/response of the health check, but not
show the progress of `curl`.
2017-02-17 16:57:29 -08:00
shashidharatd
a3270b1321 Add label selector for etcd pvc 2017-02-18 06:22:52 +05:30
Kubernetes Submit Queue
7bbafd259c Merge pull request #41626 from derekwaynecarr/improve-kubelet-volume-logging
Automatic merge from submit-queue (batch tested with PRs 41649, 41658, 41266, 41371, 41626)

Understand why kubelet cannot cleanup orphaned pod dirs

**What this PR does / why we need it**:
Understand if we are unable to clean up orphaned pod directories due to a failure to read the directory versus paths still existing to improve ability to debug error situations.
2017-02-17 16:38:41 -08:00
Kubernetes Submit Queue
abcff2dfc1 Merge pull request #41371 from jcbsmpsn/split-request-node-certificate
Automatic merge from submit-queue (batch tested with PRs 41649, 41658, 41266, 41371, 41626)

Split request node certificate

Split the `RequestNodeCertificate` function so the behavior can also be used by non-node callers.
2017-02-17 16:38:40 -08:00
Kubernetes Submit Queue
64fe9e11f4 Merge pull request #41266 from spiffxp/build-run-make-help
Automatic merge from submit-queue (batch tested with PRs 41649, 41658, 41266, 41371, 41626)

Allow `build/run.sh make help` to run

**What this PR does / why we need it**: typo fix; `build/run.sh make help` doesn't work for me on OS X w/ docker 1.13.x, this PR fixes that

**Release note**:

```release-note
NONE
```
 /cc @spxtr
2017-02-17 16:38:38 -08:00