Commit Graph

57340 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
6fe3a4d82a
Merge pull request #55000 from deads2k/admission-10-split
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

make easy validation admission plugins into validators

This switches "easy" admission plugins that need to be validators to be validators.  I also did one simple plugin to do both mutation and validation for practice.

@kubernetes/sig-api-machinery-pr-reviews @caesarxuchao
2017-11-03 06:33:17 -07:00
David Eads
75c448dbc7 make easy validation admission plugins into validators 2017-11-03 07:54:39 -04:00
Krzysztof Jastrzebski
7a5e9582bc Add scale down to 1 e2e test. 2017-11-03 11:48:37 +01:00
Kubernetes Submit Queue
aa66d8cb98
Merge pull request #54991 from krzysztof-jastrzebski/master
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Node autoprovisioning e2e test.

This PR adds test scenario for cluster-autoscaler in GKE  for node autoprovisioning.
2017-11-03 03:19:17 -07:00
Kubernetes Submit Queue
6af21e8eb4
Merge pull request #54956 from vladimirvivien/scaleio-remove-drv_cfg-dep
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Remove dependency on drv_cfg binary for querying ScaleIO devices

**What this PR does / why we need it**:
This PR fixes the issue where a ScleIO kubernetes plugin required additional binary `drv_cfg` to be present on the local node to work properly, making it harder for the kubelet binary to be containerized without providing access to local paths inside the container.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #54954 

**Special notes for your reviewer**:

**Release note**:

```release-note
ScaleIO driver completely removes dependency on drv_cfg binary so a Kubernetes cluster can easily run a containerized kubelet.
```
2017-11-03 03:18:56 -07:00
xiangpengzhao
026197fb04 Auto generated BUILD file 2017-11-03 16:55:36 +08:00
xiangpengzhao
c7ce2f6a37 Don't need to check version for auth e2e test 2017-11-03 16:53:52 +08:00
hzxuzhonghu
ac7ca5bd0a refactor admission handler and add UT 2017-11-03 16:47:19 +08:00
xiangpengzhao
0242de0c5d Remove version check in kubectl e2e test. 2017-11-03 15:28:37 +08:00
Kubernetes Submit Queue
676e28ff7a
Merge pull request #54848 from xiangpengzhao/add-ipvsscheduler-testcase
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Improve unit test coverage for kube-proxy configuration.

**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
/cc @ncdc 

**Release note**:

```release-note
NONE
```
2017-11-02 23:02:18 -07:00
Kubernetes Submit Queue
eacca001eb
Merge pull request #54915 from xiangpengzhao/np-ut-cov
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Improve unit test coverage for network policy validation.

**What this PR does / why we need it**:
`ok  	k8s.io/kubernetes/pkg/apis/networking/validation	0.074s	coverage: 87.8% of statements`

to 

`ok  	k8s.io/kubernetes/pkg/apis/networking/validation	0.082s	coverage: 100.0% of statements`

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-02 23:02:16 -07:00
Kubernetes Submit Queue
9ca2bda520
Merge pull request #54934 from akosiaris/master
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Only parse ClusterCIDR, ServiceCIDR if AllocateNodeCIDRs

**What this PR does / why we need it**:

Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false. Add clarification in kube-controller-manager help about that.

**Release note**
```release-note
Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false.
```
2017-11-02 23:02:13 -07:00
Kubernetes Submit Queue
b006bc5d04
Merge pull request #54120 from m1093782566/fix-proxy-mode
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix kube-proxy fall back to iptables firstly when unable to load kernel modules

**What this PR does / why we need it**:

Fix kube-proxy fall back to iptables firstly when unable to load kernel modules

**Which issue this PR fixes**: 

fixes #54121

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

/kind bug
/sig network
/area kube-proxy
2017-11-02 23:02:10 -07:00
Kubernetes Submit Queue
63cc600626
Merge pull request #54906 from xiangpengzhao/sc-beta-v1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update storageclass version to v1 in examples

**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
/cc @jsafrane 

**Release note**:

```release-note
NONE
```
2017-11-02 22:38:04 -07:00
Kubernetes Submit Queue
e19dbba8a2
Merge pull request #54972 from m1093782566/ipvs-ipv6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

clean up legacy ipv4/32 in ipvs proxy

**What this PR does / why we need it**:

clean up legacy ipv4/32 in ipvs proxy

**Which issue(s) this PR fixes**: closes #51866

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
/sig network

/area ipv6

/assign @thockin 

cc @danehans
2017-11-02 21:52:38 -07:00
Kubernetes Submit Queue
1fc64162d3
Merge pull request #54976 from m1093782566/ipvs-kubeadm
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add kubeadm way in ipvs proxy README

**What this PR does / why we need it**:

As #53962 which support specify proxy mode for kubeadm is already in, we should add ipvs proxy kubeadm way in README.md.

**Which issue(s) this PR fixes**:
Fixes #54978

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-02 21:03:07 -07:00
xiangpengzhao
bcdff4f174 Fix wrong format and output. 2017-11-03 11:54:43 +08:00
wackxu
22a706ed50 remove duplicate healthz check register 2017-11-03 11:27:30 +08:00
wackxu
25354c73c3 Update deletionTimestamp with information about finalizer effect 2017-11-03 10:48:48 +08:00
Kubernetes Submit Queue
0575f72832
Merge pull request #55020 from derekwaynecarr/fix-spam
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

StopPodSandbox should not log when container is already removed

**What this PR does / why we need it**:
StopPodSandbox should not log when a container is already gone.  It should only log if it could not stop and the container was still present.

Fixes https://github.com/kubernetes/kubernetes/issues/55021

**Special notes for your reviewer**:
This was seen in our production logs, need to eliminate spam.

**Release note**:
```release-note
NONE
```
2017-11-02 19:48:31 -07:00
Solly Ross
2c9fc43294 [client-go] Add apps.Scale support to Scale client
apps/v1betaX inadventertently contains its own variant of Scale.  In
order to support scaling Deployments, ReplicaSets, etc, we need to support
these versions of Scale as well.
2017-11-02 22:20:39 -04:00
m1093782566
ea930dbe5c fix kube-proxy mode 2017-11-03 09:41:54 +08:00
Kubernetes Submit Queue
63c409727c
Merge pull request #54996 from mwielgus/metadata-proxy
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Reduce metadata-proxy cpu requests to 30m

After the recent change enabling metadata-proxy in tests (https://github.com/kubernetes/kubernetes/pull/54150) we started seeing problems with scheduling cluster autoscaler on master. Metadata-proxy eats all of the available space leaving nothing for CA to run on. 

This PR reduces the cpu requests for metadata-proxy allowing other components to fit in.

cc: @kubernetes/sig-autoscaling-bugs
2017-11-02 18:08:10 -07:00
Kubernetes Submit Queue
7a28aaffa7
Merge pull request #54964 from Random-Liu/add-containerd-e2e
Automatic merge from submit-queue (batch tested with PRs 54488, 54838, 54964). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add support to for alternative container runtime in `kube-up.sh`

For https://github.com/kubernetes/features/issues/286.

This PR added 4 new environment variables in `kube-up.sh` to support alternative container runtime:
1) `KUBE_MASTER_EXTRA_METADATA` and `KUBE_NODE_EXTRA_METADATA`. Add extra metadata on master and node instance. With this we could specify different cloud-init for a different container runtime, and also add extra metadata for the new cloud-init, e.g. [master.yaml](7d73966214/test/e2e/master.yaml)
2) `KUBE_CONTAINER_RUNTIME_ENDPOINT`. Specify different sock for different container runtime. It's only used when it's not empty.
3) `KUBE_LOAD_IMAGE_COMMAND`. Specify different load image command for different container runtime.

An example for cri-containerd:
```
export KUBE_MASTER_EXTRA_METADATA="user-data=${GOPATH}/src/github.com/kubernetes-incubator/cri-containerd/test/e2e/master.yaml,cri-containerd-configure-sh=${GOPATH}/src/github.com/kubernetes-incubator/cri-containerd/test/configure.sh"
export KUBE_NODE_EXTRA_METADATA="user-data=${GOPATH}/src/github.com/kubernetes-incubator/cri-containerd/test/e2e/node.yaml,cri-containerd-configure-sh=${GOPATH}/src/github.com/kubernetes-incubator/cri-containerd/test/configure.sh"
export KUBE_CONTAINER_RUNTIME="remote"
export KUBE_CONTAINER_RUNTIME_ENDPOINT="/var/run/cri-containerd.sock"
export KUBE_LOAD_IMAGE_COMMAND="/home/cri-containerd/usr/local/bin/cri-containerd load"
export NETWORK_POLICY_PROVIDER="calico"
```

Signed-off-by: Lantao Liu <lantaol@google.com>

```release-note
none
```
/cc @yujuhong @dchen1107 @feiskyer @mikebrow @abhi @mrunalp @runcom 
/cc @kubernetes/sig-node-pr-reviews
2017-11-02 18:01:19 -07:00
Kubernetes Submit Queue
52ec6f425b
Merge pull request #54838 from Random-Liu/fix-calico-network-policy
Automatic merge from submit-queue (batch tested with PRs 54488, 54838, 54964). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix calico network policy for opensource.

For https://github.com/kubernetes/features/issues/286

This PR:
1) Add `NON_MASTER_NODE_LABELS` env, and only apply calico node label on non-master nodes.
2) Set ip masq rules in cloud init, so that we don't need the ip masq agent. @dchen1107 @dnardo As we discussed.
3) Let master use `${NETWORK_PROVIDER}` instead of fixed cni, because we won't run calico node agent on master. The master network should be configured separately (kubenet by default).

With this PR, I could bring up a cluster with `NETWORK_POLICY_PROVIDER=calico` on GCE now.
```console
$ cluster/kubectl.sh get pods --all-namespaces
NAMESPACE     NAME                                                  READY     STATUS    RESTARTS   AGE
kube-system   calico-node-9bxbv                                     2/2       Running   0          13m
kube-system   calico-node-kjxtw                                     2/2       Running   0          13m
kube-system   calico-node-vertical-autoscaler-67fb4f45bd-hcjmw      1/1       Running   0          16m
kube-system   calico-node-xs2s2                                     2/2       Running   0          13m
kube-system   calico-typha-7c4d876ddf-d4dtx                         1/1       Running   0          15m
kube-system   calico-typha-horizontal-autoscaler-5f477cdc66-qwwph   1/1       Running   0          16m
kube-system   calico-typha-vertical-autoscaler-58f7d686f7-pn72s     1/1       Running   0          16m
kube-system   etcd-empty-dir-cleanup-e2e-test-lantaol-master        1/1       Running   0          16m
kube-system   etcd-server-e2e-test-lantaol-master                   1/1       Running   0          16m
kube-system   etcd-server-events-e2e-test-lantaol-master            1/1       Running   0          16m
kube-system   event-exporter-v0.1.7-9d4dbb69c-m76v5                 2/2       Running   0          16m
kube-system   fluentd-gcp-v2.0.10-25dmf                             2/2       Running   0          16m
kube-system   fluentd-gcp-v2.0.10-kgxsk                             2/2       Running   0          16m
kube-system   fluentd-gcp-v2.0.10-p75xg                             2/2       Running   0          16m
kube-system   fluentd-gcp-v2.0.10-xzh77                             2/2       Running   0          16m
kube-system   heapster-v1.5.0-beta.0-5cf4d9dff7-dmvm7               4/4       Running   0          13m
kube-system   kube-addon-manager-e2e-test-lantaol-master            1/1       Running   0          15m
kube-system   kube-apiserver-e2e-test-lantaol-master                1/1       Running   0          16m
kube-system   kube-controller-manager-e2e-test-lantaol-master       1/1       Running   0          16m
kube-system   kube-dns-79bdcb6c9f-2bpc8                             3/3       Running   0          15m
kube-system   kube-dns-79bdcb6c9f-gr686                             3/3       Running   0          16m
kube-system   kube-dns-autoscaler-996dcfc9d-pfs4s                   1/1       Running   0          16m
kube-system   kube-proxy-e2e-test-lantaol-minion-group-3khw         1/1       Running   0          16m
kube-system   kube-proxy-e2e-test-lantaol-minion-group-6878         1/1       Running   0          16m
kube-system   kube-proxy-e2e-test-lantaol-minion-group-j9rq         1/1       Running   0          16m
kube-system   kube-scheduler-e2e-test-lantaol-master                1/1       Running   0          16m
kube-system   kubernetes-dashboard-765c6f47bd-lsw5r                 1/1       Running   0          16m
kube-system   l7-default-backend-6d477bf555-x54zf                   1/1       Running   0          16m
kube-system   l7-lb-controller-v0.9.7-e2e-test-lantaol-master       1/1       Running   0          16m
kube-system   metrics-server-v0.2.0-9c4f8c48d-gkl79                 2/2       Running   0          13m
kube-system   monitoring-influxdb-grafana-v4-54df94856c-krkvb       2/2       Running   0          16m
kube-system   rescheduler-v0.3.1-e2e-test-lantaol-master            1/1       Running   0          16m
```

**Note that with this PR, master node will be using kubenet by default. And network policy will not apply on master node.**

**We need this to unblock `cri-containerd` integration with `kube-up.sh`.**
/cc @dchen1107 @dnardo Please take a look.
@kubernetes/sig-network-misc @kubernetes/sig-cluster-lifecycle-misc 

Signed-off-by: Lantao Liu <lantaol@google.com>

```release-note
None
```
2017-11-02 18:01:16 -07:00
Madhan Raj Mookkandy
d7f9e22815 Sandbox Support for Windows + CNI
Following are part of this commit
+++++++++++++++++++++++++++++++++

* Windows CNI Support
	(1) Support to use --network-plugin=cni
	(2) Handled platform requirement of calling CNI ADD for all the containers.
	(2.1) For POD Infra container, netNs has to be empty
	(2.2) For all other containers, sharing the network namespace of POD container,
	      should pass netNS name as "container:<Pod Infra Container Id>", same as the
              NetworkMode of the current container
	(2.3) The Windows CNI plugin has to handle this to call into Platform.
              Sample Windows CNI Plugin code to be shared soon.
* Sandbox support for Windows
	(1) Sandbox support for Windows. Works only with Docker runtime.
	(2) Retained CONTAINER_NETWORK as a backward compatibilty flag,
	    to not break existing deployments using it.
	(3) Works only with CNI plugin enabled.

(*) Changes to reinvoke CNI ADD for every new container created. This is hooked up with PodStatus,
    but would be ideal to move it outside of this, once we have CNI GET support
2017-11-02 17:40:20 -07:00
Kubernetes Submit Queue
2084f7f4f3
Merge pull request #54488 from lichuqiang/plugin_base
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add admission handler for device resources allocation

**What this PR does / why we need it**:
Add admission handler for device resources allocation to fail fast during pod creation

**Which issue this PR fixes** 
fixes #51592

**Special notes for your reviewer**:
@jiayingz Sorry, there is something wrong with my branch in #51895. And I think the existing comments in the PR might be too long for others to view. So I closed it and opened the new one, as we have basically reach an agreement on the implement :)
I have covered the functionality and unit test part here, and would set about the e2e part ASAP

/cc @jiayingz @vishh @RenaudWasTaken 

**Release note**:

```release-note
NONE
```
2017-11-02 17:24:06 -07:00
Kubernetes Submit Queue
b3fa2aebe5
Merge pull request #55029 from mengqiy/discovery_client
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

discovery client not depend on pkg/api/legacyscheme

Switch kubectl's cached discovery client to use kubect's scheme (pkg/kubectl/scheme) which only registered with external version types.

The encoding and decoding here uses only `k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList` and `k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList` which are not internal version. So it should be safe.

```release-note
NONE
```

/assign @monopole
2017-11-02 16:44:12 -07:00
Ivan Towlson
70d496e829 Fix go-autorest dependency in client-go staging 2017-11-02 22:48:48 +00:00
Kubernetes Submit Queue
9c41f9baf1
Merge pull request #50887 from netroby/patch-1
Automatic merge from submit-queue (batch tested with PRs 55016, 50887). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

If command.Execute() return err, print to stdErr

The current kube-proxy not print error if (execute() failed) . not so good and not so friendly to user.
If print err to stdError, will show us why it failed.
2017-11-02 15:40:15 -07:00
Kubernetes Submit Queue
fb67f84ed1
Merge pull request #55016 from mengqiy/cleanup_resouce_test
Automatic merge from submit-queue (batch tested with PRs 55016, 50887). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Cleanup resouce test

- Make client-go testing support decoding to external version
- Cleanup bad dependency of `pkg/kubectl/resource` pkg

```release-note
NONE
```

/assign @monopole @caesarxuchao
2017-11-02 15:40:12 -07:00
Seth Jennings
9f66666a30 kubelet: dockershim: remove orphaned checkpoint files 2017-11-02 16:59:39 -05:00
ymqytw
5557f2e444 discovery client not depend on pkg/api/legacyscheme 2017-11-02 14:59:21 -07:00
Lantao Liu
8279916c65 Fix calico network policy for opensource.
Signed-off-by: Lantao Liu <lantaol@google.com>
2017-11-02 21:56:46 +00:00
Kenneth Owens
26bf978c07 Promotes the StatefulSet, ControllerRevision, Deployment, and ReplicaSet kinds to the apps/v1 group version. 2017-11-02 14:19:04 -07:00
Solly Ross
32b47a36f6 [e2e] make sure to specify APIVersion in HPA tests
Previously, the HPA controller ignored APIVersion when resolving the
scale subresource for a kind, meaning if it was set incorrectly in the
HPA's scaleTargetRef, it would not matter.  This was the case for
several of the HPA e2e tests.

Since the polymorphic scale client merged, APIVersion now matters.  This
updates the HPA e2es to care about APIVersion, by passing kind as a full
GroupVersionKind, and not just a string.
2017-11-02 17:14:46 -04:00
Kubernetes Submit Queue
dc35709eee
Merge pull request #54085 from yujuhong/checkpoint-pkg
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add a file store utility package in kubelet

More and more components checkpoints (i.e., persist their states) in
kubelet. Refurbish and move the implementation in dockershim to a
utility package to improve code reusability.
2017-11-02 13:50:16 -07:00
ymqytw
2872e53c03 cleanup kubectl/resource tests dependency 2017-11-02 13:06:07 -07:00
Kubernetes Submit Queue
3a15fdbe7e
Merge pull request #54643 from mtaufen/structure-manifest-url-header
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Lift embedded structure out of ManifestURLHeader field

Related: #53833

```release-note
It is now possible to set multiple manifest url headers via the Kubelet's --manifest-url-header flag. Multiple headers for the same key will be added in the order provided. The ManifestURLHeader field in KubeletConfiguration object (kubeletconfig/v1alpha1) is now a map[string][]string, which facilitates writing JSON and YAML files.
```
2017-11-02 12:59:24 -07:00
Kubernetes Submit Queue
4e19b0fd22
Merge pull request #54872 from pwittrock/apply
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Support retainkeys strategy for new merge code

- Some prefactoring for retainkeys
- Add retainkeys strategy


```release-note
NONE
```
2017-11-02 12:59:21 -07:00
Kubernetes Submit Queue
5f73021e25
Merge pull request #54989 from wackxu/reterr
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

should check and return err when visit failure

**What this PR does / why we need it**:

should check and return err when visit failure

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-02 12:59:18 -07:00
Kubernetes Submit Queue
113ab743b8
Merge pull request #53363 from tcharding/genutils
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

cmd: genutils: remove entry from .golint_failures

**What this PR does / why we need it**:

`golint` emits warnings

```
exported function OutDir should have comment or be unexported
strings should not be capitalized or end with punctuation or a newline
```

- Add documentation comment to exported function OutDir.
- Remove newline from error string.
- Remove `hack\.golint_failures` entry for `cmd/genutils`

**Special notes for your reviewer**:
   
Don't know which sig to use?

**Release note**:

```release-note
NONE
```

/kind cleanup
2017-11-02 12:59:16 -07:00
Kubernetes Submit Queue
96d81fe688
Merge pull request #52367 from tallclair/psp-config
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Basic GCE PodSecurityPolicy Config

**What this PR does / why we need it**:

This PR lays the foundation for enabling PodSecurityPolicy in GCE and other default deployments. The 3 commits are:

1. Add policies, roles & bindings for the default addons on GCE.
2. Enable the PSP admission controller & load the addon policies when the`ENABLE_POD_SECURITY_POLICY=true` environment variable is set.
3. Support the PodSecurityPolicy in the E2E environment & add PSP tests.

NOTES:

- ~~Depends on https://github.com/kubernetes/kubernetes/pull/52301 for privileged capabilities~~
- ~~Depends on https://github.com/kubernetes/kubernetes/pull/52849 for sane mutations~~
- ~~Depends on https://github.com/kubernetes/kubernetes/pull/53479 for aggregator tests to pass~~
- ~~Depends on https://github.com/kubernetes/kubernetes/pull/54175 for dedicated fluentd service~~ account
- This PR is a fork of https://github.com/kubernetes/kubernetes/pull/46064, credit to @Q-Lee

**Which issue this PR fixes**: #43538

**Release note**:
```release-note
Add support for PodSecurityPolicy on GCE: `ENABLE_POD_SECURITY_POLICY=true` enables the admission controller, and installs policies for default addons.
```
2017-11-02 12:59:13 -07:00
Derek Carr
79a08a1c90 StopPodSandbox should not log when container is already removed 2017-11-02 15:12:25 -04:00
Kubernetes Submit Queue
55e216f56e
Merge pull request #54957 from apelisse/update-kube-openapi
Automatic merge from submit-queue (batch tested with PRs 55004, 54957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update kube-openapi to use validation

**What this PR does / why we need it**: Moves openapi validation code to kube-openapi, so that we can move the rest of the code to apimachinery repository, so that later we can use it from both the client and the server.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #Nothing

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
2017-11-02 11:17:33 -07:00
Kubernetes Submit Queue
6232f365ff
Merge pull request #55004 from ihmccreery/master-sysctl
Automatic merge from submit-queue (batch tested with PRs 55004, 54957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Explicitly set route_localnet on nodes & masters.

Allow for loopback addresses to be used for routing, specifically to
enable metadata proxy on master nodes.



**What this PR does / why we need it**: Enables metadata proxy (#8867) to work on the master.  This is already being done on the nodes by kube-proxy, but this makes it explicit, and sets it on the master where kube-proxy doesn't run.  Thanks to @dnardo for figuring this out!

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: fixes #54736
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-11-02 11:17:30 -07:00
juanvallejo
2008750398
remove empty creationTimestamp field 2017-11-02 14:07:56 -04:00
Hemant Kumar
c00b136c74 Check for available volume before attach/delete in EBS
We should check for available volume before performing
attach or delete of EBS volume. This will make sure that
we do not blow up API quota of mutable operations in AWS and stay a
good citizen.
2017-11-02 13:36:21 -04:00
Krzysztof Jastrzebski
9c1e6d7de8 Node autoprovisioning e2e test. 2017-11-02 18:33:45 +01:00
Shaun Crampton
0cddb6b097 Disable the grace termination period for the calico/node pod
The grace period is unneccessary for calico/node and it delays restart of
a new calico/node pod to take over routing and policy updates.

Setting the grace period to 0 has the special meaning of doing a force deletion,
which avoids a slow round-trip through the kubelet and API server.

Fixes #55013
2017-11-02 17:31:35 +00:00