Automatic merge from submit-queue
controller-manager support number of garbage collector workers to be configurable
The number of garbage collector workers of controller-manager is a fixed value 5 now, make it configurable should more properly
Automatic merge from submit-queue
Unify logging in generators and avoid annoying logs.
@thockin regarding our discussing in the morning
@lavalamp - FYI
Automatic merge from submit-queue
kube-up: install new Docker pre-requisite (libltdl7) when not in image
Docker now has a dependency on libltdl7; we have to specify it manually
if we are installing docker using dpkg (vs using apt-get or similar,
which would pull it in automatically)
Fixes#28644
Automatic merge from submit-queue
Separate rate limiters for Pod evictions for different zones in NodeController
Ref. #28832
NodeController needs to be able to separately adjust rate-limits for eviction for different zones. This PR splits rate limiters.
cc @davidopp
Automatic merge from submit-queue
Implement first version of indexing in cacher
This PR adds a first version of indexing in cacher.
It has a really significant impact on performance - __in empty 2000-node cluster, apiserver cpu usage drops by ~75%.__
Not for 1.3, but we need this soon after 1.3 is done.
@lavalamp @mqliang @davidopp @gmarek @kubernetes/sig-scalability
Automatic merge from submit-queue
Don't check in generated code, part 1
This PR is a first step towards not commiting generated files, which make up a huge portion of "needs rebase" errors. It only handles deep-copy generation and conversion generation. More will come later, if the model passes muster.
This is a mega-PR. Sorry. It was necessary to do 2 generators to convince myself it worked, and the evolution of the techniques warranted multiple commits. I have tried to keep the commits self-contained and reviewable.
A quick summary of the major points in the series:
- Start by making everything call `make` rather than the various hack/* scripts. The hack scripts still exist, but give a warning to use make instead, and then they do what they did before, so it should be compatible.
- Move deepcopy generation into the Makefile, so it is done automatically
- Move conversion generation into the Makefile, so it is done automatically
- Optimize makefile for faster rebuilds
- Make CI pass
Net result: if you run "make", it will rebuild any deepcopy or conversion files it needs. It takes a few seconds to figure out there's nothing to do, but it should be a net savings. There is more to do, and we can follow this up with other generators being converted, some of which are MUCH slower than these 2.
@wojtek-t @lavalamp @smarterclayton @bgrant0607 @mikedanese @madhusudancs
Automatic merge from submit-queue
check PodAntiAffinity even when pod has no AntiAffinity constraints
Hard inter-pod anti-affinity is designed to be symmetric, in other word, the algorithm should check if AntiAffinity constraints from both the pod to be scheduled and pods already running are satisfied during scheduling.
Current implementation skipped the checking when pod has no AntiAffinity constraints, ignored the anti-affinity constraints of existing pods , which is not correct. This PR is to fix it.
This is sort of gravy. There's no good way to do this for arbitrary
directories because of the way Make works (we'd have to declare them all
PHONY).
If people hate using make directly we could wrap it in another level of
indirection, but I didn't yet. E.g.
build/make-all.sh -> make -> make-rules/all.sh -> go install
This would insulate people from 'make' atthe cost of custom build tools. I
prefer being able to say 'make' and having it just work.
This mostly takes the previously checked in files and removes them, and moves
the generation to be on-demand instead of manual. Manually verified no change
in generated output.
This allows us to start building real dependencies into Makefile.
Leave old hack/* scripts in place but advise to use 'make'. There are a few
rules that call things like 'go run' or 'build/*' that I left as-is for now.
Automatic merge from submit-queue
Deepcopy: avoid struct copies and reflection Call
- make signature of generated deepcopy methods symmetric with `in *type, out *type`, avoiding copies of big structs on the stack
- switch to `in interface{}, out interface{}` which allows us to call them with without `reflect.Call`
The first change reduces runtime of BenchmarkPodCopy-4 from `> 3500ns` to around `2300ns`.
The second change reduces runtime to around `1900ns`.
Automatic merge from submit-queue
controller: wait for synced old replica sets on Recreate
Partially fixes https://github.com/kubernetes/kubernetes/issues/27362
Any other work on it should be handled in the replica set level (and/or kubelet if it's required)
@kubernetes/deployment PTAL
Automatic merge from submit-queue
Fix some errors in the e2e doc and make it more consistent
- "--tests" is not a valid argument
- use --ginko-skip to exclude (not focus)
- add "--check_node_count=false" to test against local cluster
- always use "--" for long args (there was a mix of "-" and "--" and it was a bit confusing)
Automatic merge from submit-queue
node_e2e: configure gce images via config file
This file provides the abiliy to specify image project on a per-image
basis and is more extensible for future changes.
For backwards compatibility and local development convenience, the
existing flags are kept and should work.
The eventual goal is to be able to source some images, such as the CoreOS one (and possibly containervm one) from their upstream projects and do all new configuration changes via a cloud-init key added to the image config.
This PR is a first step there. A following PR will add a config key of `cloud-init` or `user-data` and migrate the CoreOS e2e to use that.
This motivation is driven by the fact that currently the changes needed for the CoreOS image can all be done quickly in cloud-init and this will make it much easier to update the image and ensure that changes are applied consistently.
/cc @timstclair @vishh @yifan-gu @pwittrock
Automatic merge from submit-queue
rbac authorizer: cleanups to rule evaluation for non-resource URLs
An few oversights in the RBAC authorizer. Fixes#28291 and permits non-resource URLs to use stars in the path. E.g. ("/apis/*").
cc @liggitt @kubernetes/sig-auth
