Commit Graph

52986 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
58c85e278b Merge pull request #49698 from m1093782566/validate-tokenreview
Automatic merge from submit-queue

Validate token length of TokenReview

**What this PR does / why we need it**:

I find API Resource TokenReview has no validation yet. Without validation, client may post unexpected data to API Server. I think we need to validate it before processing it.

This PR Validate TokenReview Resource.

Fixes #50588

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-08-13 23:59:11 -07:00
Cao Shufeng
ef3f1b933a some small fix in verify-flags-underscore
1. exceptions.txt and known-flags.txt are deleted, remove them from
code too.
2. remove some duplicated flags from excluded-flags.txt
2017-08-14 14:55:42 +08:00
xiangpengzhao
0cbee3e3ad Add image e2e-net-amd64 to CommonImageWhiteList 2017-08-14 14:31:31 +08:00
Shiyang Wang
b5737ff08d fix apply_set_last_applied dry-run output issue 2017-08-14 12:29:10 +08:00
Kubernetes Submit Queue
b32639f9e7 Merge pull request #49178 from feiskyer/seccomp-impl
Automatic merge from submit-queue

Support seccomp profile from container's security context

**What this PR does / why we need it**:

Support seccomp profile from container's security context, followup of #46332.

**Which issue this PR fixes** 

fixes #46332.

**Special notes for your reviewer**:

~~Depends on #49179. (already merged)~~

**Release note**:

```release-note
NONE
```
2017-08-13 20:21:00 -07:00
Pengfei Ni
ea4a3417e7 run hack/update-bazel.sh 2017-08-13 15:43:42 +08:00
Pengfei Ni
c242432a3b Rename runtime/default to docker default 2017-08-13 15:42:15 +08:00
Pengfei Ni
bf01fa2f00 Use seccomp from security context 2017-08-13 15:42:15 +08:00
Pengfei Ni
f3150c9c8c Support seccomp profile from container's security context 2017-08-13 15:42:15 +08:00
Davanum Srinivas
827af63e72 Avoid rsync of .git directory
We don't really need the .git directory to be transferred. This
problem was introduced in the PR:
"Run the update-staging-godeps script inside a docker container"

Fixes #50272
2017-08-12 20:52:49 -04:00
Kubernetes Submit Queue
2820b45caa Merge pull request #50362 from k82cn/k8s_50360
Automatic merge from submit-queue

Moved node condition filter into a predicates.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #50360 

**Release note**:
```release-note
A new predicates, named 'CheckNodeCondition', was added to replace node condition filter. 'NetworkUnavailable', 'OutOfDisk' and 'NotReady' maybe reported as a reason when failed to schedule pods.
```
2017-08-12 15:10:31 -07:00
Serguei Bezverkhi
f41457c151 Adding support for internal IP for e2e tests
Currently IssueSSHComand in util.go only checks for External IP address
to shh, this PR adds check for internal IP too.
2017-08-12 13:43:45 -04:00
m1093782566
f2ea31fd92 add validation for fed-apiserver 2017-08-12 20:04:14 +08:00
Kubernetes Submit Queue
cf80b91a9e Merge pull request #50479 from yguo0905/node-perf-m60
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)

Add node benchmark tests for cos-m60 with docker 1.12.6

Ref: https://github.com/kubernetes/kubernetes/issues/42926

This PR adds a benchmark tests against cos-m60 with docker 1.12.6 on http://node-perf-dash.k8s.io. This test is useful for docker validation -- we can compare the performance of different dockers on the same OS.

cos-m60 comes with docker 1.13.1 by default, so we need to use cloud-init to downgrade the version to 1.12.6.

**Release note**:
```
None
```

/assign @dchen1107
2017-08-12 02:36:01 -07:00
Kubernetes Submit Queue
a1933f8efb Merge pull request #50225 from tcharding/kubectl-run-log
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)

Remove duplicate logging code

**What this PR does / why we need it**:

Currently function `handleAttachPod` contains duplicate code which copies the AttachOptions output writer to the pod logging writer. This code can be refactored into a separate function. 

**Special notes for your reviewer**:

Refactor only, does not change program logic.

**Release note**:
```release-note
NONE
```

/sig cli
/kind cleanup
2017-08-12 02:35:59 -07:00
Kubernetes Submit Queue
6d91ad2d27 Merge pull request #49853 from duan-yue/capabilities
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)

refactor capabilities to a singleton struct

**What this PR does / why we need it**:
refactor
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
refactor
**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-08-12 02:35:57 -07:00
Kubernetes Submit Queue
1f2185fbfb Merge pull request #49743 from euank/hostname
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)

cloudprovider/photon: remove unneeded bash exec

**Release note**:
```release-note
NONE
```
2017-08-12 02:35:54 -07:00
Kubernetes Submit Queue
2d4c609a1d Merge pull request #49847 from m1093782566/fix-win-proxy
Automatic merge from submit-queue

Fix winspace proxier wrong comment message

**What this PR does / why we need it**:

Since winspace proxier has nothing to do with iptables, this PR remove the wrong comment message on iptables.

**Which issue this PR fixes**: 

Fixes #50524
2017-08-12 01:51:07 -07:00
Kubernetes Submit Queue
527c44881a Merge pull request #50353 from zhangxiaoyu-zidif/Delete-redundant-expectError-for-controller-ref-test
Automatic merge from submit-queue

Delete redundant test para. for controller_ref_manager_test

**What this PR does / why we need it**:
The test does not use para. expectError.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-08-12 00:00:55 -07:00
Kubernetes Submit Queue
c1da492ad2 Merge pull request #49719 from dixudx/fix_apps_deploymentspec_conversion
Automatic merge from submit-queue

fix apps DeploymentSpec conversion issue

**What this PR does / why we need it**:

When working on #49645, I found current conversion for `v1.PodTemplateSpec` to `api.PodTemplateSpec` did not work properly. It should function as [L244-L246](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/apps/v1beta1/conversion.go#L244-L246).

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:
/cc @janetkuo 

**Release note**:

```release-note
fix apps DeploymentSpec conversion issue
```
2017-08-11 22:20:10 -07:00
Kubernetes Submit Queue
00145732f5 Merge pull request #50520 from shyamjvs/allow-kubemark-test-args
Automatic merge from submit-queue

Add variables for passing test args to kubemark master components

cc @msau42 - This change will enable us to turn on extender in the scheduler in kubemark-scale job
2017-08-11 21:29:03 -07:00
Kubernetes Submit Queue
276bfb8cf1 Merge pull request #50506 from bskiba/external_config
Automatic merge from submit-queue (batch tested with PRs 50485, 49951, 50508, 50511, 50506)

Pass config to external Kubemark cluster in e2e tests

When cluster autoscaler is used in kubemark tests,
pass default kubeconfig as external cluster config.

@shyamjvs @gmarek 

**Release note**:
```
NONE
```
2017-08-11 20:38:01 -07:00
Kubernetes Submit Queue
b0e066eed2 Merge pull request #50511 from crassirostris/fix-event-exporter
Automatic merge from submit-queue (batch tested with PRs 50485, 49951, 50508, 50511, 50506)

Update Stackdriver event exporter version

Fixes https://github.com/kubernetes/kubernetes/issues/50510
2017-08-11 20:37:58 -07:00
Kubernetes Submit Queue
9f7ddb6409 Merge pull request #50508 from YuxiJin-tobeyjin/kubectltypo
Automatic merge from submit-queue (batch tested with PRs 50485, 49951, 50508, 50511, 50506)

fix a typo

**What this PR does / why we need it**:
fix a small typo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
verions->versions
**Special notes for your reviewer**:

**Release note**:
NONE
```release-note
```NONE
2017-08-11 20:37:56 -07:00
Kubernetes Submit Queue
bbc74a3478 Merge pull request #49951 from mkumatag/multiarch_nonewprivs
Automatic merge from submit-queue (batch tested with PRs 50485, 49951, 50508, 50511, 50506)

Multiarch nonewprivs test image

**What this PR does / why we need it**:
This PR is for converting nonewprivs image which pushed very recently part of https://github.com/kubernetes/kubernetes/pull/47019.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes #50498 
**Special notes for your reviewer**:

**Release note**:

```NONE```
2017-08-11 20:37:54 -07:00
Kubernetes Submit Queue
369d5357f1 Merge pull request #50485 from jianglingxia/jlx081110
Automatic merge from submit-queue

get_test.go fix error format and info

**What this PR does / why we need it**:
there left the only one need modify,thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #49481 

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-08-11 20:31:48 -07:00
m1093782566
7b8372db99 move UDP conntrack operations together to pkg/proxy/util/conntrack.go 2017-08-12 11:10:04 +08:00
Kubernetes Submit Queue
577fdf91c2 Merge pull request #50205 from dixudx/fix_kubectl_edit_panic_nil_list
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)

not allowing "kubectl edit <resource>" when you got an empty list

**What this PR does / why we need it**:
`kubectl edit` will panic when adding an empty list.

> panic: runtime error: index out of range

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #50147

**Special notes for your reviewer**:
/assign @errordeveloper @mengqiy @janetkuo @fabianofranz
/cc @rootfs @soltysh @sttts

**Release note**:

```release-note
not allowing "kubectl edit <resource>" when you got an empty list
```
2017-08-11 19:44:04 -07:00
Kubernetes Submit Queue
b91f19180d Merge pull request #49025 from danwinship/non-cloud-node-ip
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)

When not using a CloudProvider, set both InternalIP and ExternalIP on Nodes

#36095 changed all of the cloudproviders to set both InternalIP and ExternalIP on Nodes, but the non-cloudprovider fallback code now only sets InternalIP.

This causes the test "should be able to create a functioning NodePort service" in test/e2e/service.go to fail on cloud-provider-less clusters, because (with LegacyHostIP gone), it now will only try to work with ExternalIPs, and will fail if the node has only an InternalIP.

There isn't much other code that assumes that ExternalIP will always be set (there's something in pkg/master/master.go, but I don't know what it's doing, so maybe it's only useful in the case where InternalIP != ExternalIP anyway). But given that several of the cloudproviders (mesos, ovirt, rackspace) now explicitly set both InternalIP and ExternalIP to the same value always, it seemed right to do that in the fallback case too.

@deads2k FYI

**Release note**:
```release-note
NONE
```
2017-08-11 19:44:02 -07:00
Kubernetes Submit Queue
937fc0d113 Merge pull request #50160 from apelisse/openapi-validation
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)

openapi: Add validation logic

This allows validation of a yaml/json object against an openapi schema.
A lot more testing would be needed to validate the logic, and also this
is not plumbed in, so it can't be used by kubectl yet.

**What this PR does / why we need it**: This is implementing validation against the openapi swagger spec rather than the old swagger spec.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubectl/issues/49

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
2017-08-11 19:43:59 -07:00
Kubernetes Submit Queue
be1f14391c Merge pull request #49699 from xingzhou/kube-49384-bug
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)

AddOrUpdateTaint should ignore duplicate Taint.

The parameter of AddOrUpdateTaint is Taint pointer, so should use
Taint object itself to compare with the node's taint list to ignore
duplicate taint.

While doing #49384, found this issue and fixed.

Fixed part of #49384, other test cases will be added in the following patch

**Release note**:
```
None
```
2017-08-11 19:43:57 -07:00
Kubernetes Submit Queue
c207dd5a90 Merge pull request #50537 from liggitt/kubefed-rbac
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)

select an RBAC version for kubefed it knows how to speak

kubefed tries to speak whatever version of RBAC the server has, regardless of whether it knows about that version or not. the version discovery it does has to select a version both it and the server speak.

related to https://github.com/kubernetes/kubernetes/issues/50534

```release-note
fixes kubefed's ability to create RBAC roles in version-skewed clusters
```
2017-08-11 19:43:54 -07:00
Kubernetes Submit Queue
bb67819ed1 Merge pull request #49618 from pavolloffay/cassandra-preStop-drain
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)

Cassandra example, use nodetool drain in preStop

Related to https://github.com/kubernetes/kubernetes/pull/39199#discussion_r129506191
2017-08-11 18:47:24 -07:00
Kubernetes Submit Queue
b354c6f8f5 Merge pull request #49803 from caesarxuchao/remove-unused-tags
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)

Remove useless conversion-gen tags

To generate cross group conversions, `+k8s:conversion-gen` should be added in the way https://github.com/kubernetes/kubernetes/pull/49751 did. This PR removes the useless tags in pkg/apis/extensions/v1beta1/doc.go
2017-08-11 18:47:22 -07:00
Kubernetes Submit Queue
a7ce691311 Merge pull request #49785 from FengyunPan/fix-getPortByIP
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)

Fix conflict about getPortByIp

**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix #43909

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
2017-08-11 18:47:19 -07:00
Kubernetes Submit Queue
366b69916e Merge pull request #49984 from alexandercampbell/global-variables-are-an-antipattern
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)

cmd/explain: make 'recursive' local var (not global)

**What this PR does / why we need it**:
Use a parameter instead of a global variable.
Spotted this while I was looking for our recursive directory walker.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: no-issue

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-08-11 18:47:17 -07:00
Kubernetes Submit Queue
03ea3eeff2 Merge pull request #47724 from FengyunPan/update-admission-control-arg
Automatic merge from submit-queue

Update admission control args in imagepolicy comment

Use '--admission-control-config-file' rather than
'--admission-controller-config-file'

**Release note**:
```release-note
NONE
```
2017-08-11 18:26:57 -07:00
Kubernetes Submit Queue
9c508f12fb Merge pull request #49596 from jingxu97/July/checkVolumeSpecNil
Automatic merge from submit-queue

Check volumespec is nil in FindPluginBySpec
2017-08-11 17:36:22 -07:00
Antoine Pelisse
ba11c7370f openapi: Add validation logic
This allows validation of a yaml/json object against an openapi schema.
A lot more testing would be needed to validate the logic, and also this
is not plumbed in, so it can't be used by kubectl yet.
2017-08-11 17:02:31 -07:00
Jordan Liggitt
7f1a617496
select an RBAC version for kubefed it knows how to speak 2017-08-11 19:48:21 -04:00
Klaus Ma
78e078390f Renamed to RegisterMandatoryFitPredicate. 2017-08-12 07:28:40 +08:00
Kubernetes Submit Queue
92d9e44269 Merge pull request #50535 from jdumars/azure-owners
Automatic merge from submit-queue

Added jdumars to OWNERS file for Azure cloud provider

**What this PR does / why we need it**:

This PR adds GitHub user jdumars as an approver to pkg/cloudprovider/providers/azure 

Jaice Singer DuMars (me) is the program manager at Microsoft tasked with shepherding all upstream contributions from Microsoft into Kubernetes.  With the volume of work, and the impending breakout of cloud provider code, this helps distribute the review and approval load more evenly.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

N/A

**Special notes for your reviewer**:

This was discussed with Brendan Burns prior to submitting the pre-approval.

**Release note**:
none
2017-08-11 15:52:55 -07:00
Kubernetes Submit Queue
1bdf691f6c Merge pull request #50429 from houjun41544/20170810
Automatic merge from submit-queue

Remove repeated reviewer's names

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-08-11 15:52:47 -07:00
Kubernetes Submit Queue
cd4f6edf33 Merge pull request #47017 from zhangxiaoyu-zidif/fix-name-print-type
Automatic merge from submit-queue

Fix print type of podname

**What this PR does / why we need it**:
It is better to change it to %s. According to context and other prints of this file, pod name's print type are all %s, except this one.
Although it does not affect the result.

**Release note**:

```release-note
NONE
```
2017-08-11 15:52:35 -07:00
Antoine Pelisse
eb735bfeb0 openapi: Move Fakes to testing package 2017-08-11 15:28:04 -07:00
Kubernetes Submit Queue
4e3d37c076 Merge pull request #49406 from castrojo/new-support-template
Automatic merge from submit-queue

Add a SUPPORT.md file for github

**What this PR does / why we need it**:

Github has recently added the ability to support a SUPPORT.md file that allows a project to point to support resources, similar to CONTRIBUTING.md

They support having SUPPORT.md in docs/ and .github but I figured it should be in root alongside CONTRIBUTING.md, but we can put it in one of those places if we want to keep the root clean. 

See also: 

https://help.github.com/articles/adding-support-resources-to-your-project/
https://github.com/blog/2400-support-file-support

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Fixes https://github.com/kubernetes/community/issues/830
2017-08-11 15:04:02 -07:00
Kubernetes Submit Queue
8c63333fd0 Merge pull request #50525 from mwielgus/ca-0.7.0-alpha1
Automatic merge from submit-queue

Bump Cluster Autoscaler to 0.7.0-alpha1

To use more recent CA built from HEAD.
2017-08-11 15:03:47 -07:00
Kubernetes Submit Queue
bbe93bb202 Merge pull request #50470 from nicksardo/gce-annotation-fixes
Automatic merge from submit-queue

GCE: Fix lowercase value and alpha-missing annotation for ILB

**What this PR does / why we need it**:
Fixes #50426
Also explicitly sets an annotation as 'alpha'.

/assign @freehan @bowei 

**Release note**:
```release-note
NONE
```
2017-08-11 15:03:28 -07:00
Kubernetes Submit Queue
42adb9ef25 Merge pull request #50258 from liggitt/token-cache
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)

Enable caching successful token authentication

Resolves #50472

To support revocation of service account tokens, an etcd lookup of the token and service account is done by the token authenticator. Controllers that make dozens or hundreds of API calls per second (like the endpoints controller) cause this lookup to be done very frequently on the same objects.

This PR:
* Implements a cached token authenticator that conforms to the authenticator.Token interface
* Implements a union token authenticator (same approach as the union request authenticator, conforming to the authenticator.Token interface)
* Cleans up the auth chain construction to group all token authenticators (means we only do bearer and websocket header parsing once)
* Adds a 10-second TTL cache to successful token authentication

```release-note
API server authentication now caches successful bearer token authentication results for a few seconds.
```
2017-08-11 14:14:06 -07:00
Kubernetes Submit Queue
d8070bd4a0 Merge pull request #50456 from liggitt/extra-steps
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)

Detect missing steps in edit testcases

If a testcase specifies extra steps that are not exercised, that should be a test failure
2017-08-11 14:14:02 -07:00