We also add "version" to all docker images and containers
This version is to be incremented manually when we change the shape of the build
image (like changing the golang version or the set of volumes in the data
container). This will delete all older versions of images and containers when
the version is different.
Automatic merge from submit-queue
wait for federation informer store to catch up before update
Fixes#33838#33880
There is a flake in the federation-controller code where an update to a resource is done too quickly after the create. Because the resource is not yet in the federated informer store, when the reconcile<Resource>() is called, it can't find the resource and treats the change as a create rather than a update.
This causes a failure (actually a panic) in the test code, which expects an update event, not a create, in response to the resource modification.
@derekwaynecarr @apelisse @mwielgus
Automatic merge from submit-queue
Deregister clusters during federated namespace e2e tear down.
This is causing other tests to leak resources.
cc @mwielgus @kubernetes/sig-cluster-federation
Automatic merge from submit-queue
DeltaFIFO should not report HasSynced until deletes are reported
Deletions identified by knownObjects on the initial sync replace
(immediately after the List from a reflector) should be considered part
of the initial sync since we have the information available at the time
we do the deletion.
An error during Replace() can result in Populated not being set, but it
was incorrect before (population would be wrong) and queueActionLocked
does not error except on "my cache is broken because I gave an incorrect
keyFunc".
@lavalamp @deads2k hit this while trying to use DeltaFIFO to implement an "external" controller (one that uses the knownObjects as provided by a call to a remote system of record).
Not 1.4
Automatic merge from submit-queue
CRI: Fix bug in dockershim to set sandbox id properly.
For https://github.com/kubernetes/kubernetes/issues/33189#issuecomment-249307796.
During debugging `Variable Expansion should allow composing env vars into new env vars`, I found that the root cause is that the sandbox was removed before all containers were deleted, which caused the pod to be started again after succeed.
This happened because the `PodSandboxID` field is not set. This PR fixes the bug.
Some other test flakes are also caused by this
```
Downward API volume should provide node allocatable (cpu) as default cpu limit if the limit is not set
Downward API volume should provide container's memory limit
EmptyDir volumes should support (non-root,0666,tmpfs)
...
```
/cc @yujuhong @feiskyer
Automatic merge from submit-queue
fix loopback authorizer
Fixes the loopback authorizer to properly inspect groups. P0 for security problem.
@liggitt @dims let's get this fixed.
Automatic merge from submit-queue
Fix summary test
Issue was comparing an `unversioned.Time` rather than `time.Time`. I temporarily removed the `[Flaky]` tag so the PR builder will run the test. I will revert that change before submitting.
Automatic merge from submit-queue
Do not probe so aggressively which may lead to unnecessary restarts
@errordeveloper @mikedanese PTAL
I came across a case where etcd restarted about 5-10 times because the load was very high on the machine.
The load seems to have lead to that the `etcd` container occasionally didn't respond to the probe, which caused many restart and made the whole thing even worse.
Maybe we should remove the etcd probe totally? I don't know, what do you think?
This is at least a try to loosen the limits here...
Automatic merge from submit-queue
Replace references to http://releases.k8s.io/HEAD/docs/user-guide/
All of the anchor references are broken right now, so this change fixes that (at least).
I only touched `http://releases.k8s.io/HEAD/docs/user-guide/`, as all files in `docs/user-guide` had been moved, apart `kubectl*` ones (but those aren't referenced anywhere in the code for some reason.
Automatic merge from submit-queue
fix kubectl taint e2e flake: add retries for removing taint
**What this PR does / why we need it**:
Why we need it: recent failures occurred in #29503 are caused by taints removing conflict on nodes, this PR is to fix it. (#33073 fixed taints updating conflict, but not taints removing.)
What this PR does: use `runKubectlRetryOrDie()` instead of `RunKubectlOrDie()` in all the places in "Kubectl taint" e2e tests.
**Which issue this PR fixes** : fixes part of #29503, (would like to keep this issue open for some days more to make sure no other failures occur)
**Special notes for your reviewer**: NONE
**Release note**: NONE
Automatic merge from submit-queue
Provide more detailed error message when pod fails to be success state
Return more detailed error message when it timeouts for waiting for pod to success state.
This PR extends #31895. #31895 is for running and ready state.
It is used for debugging #31561#32980
cc: @lavalamp
Automatic merge from submit-queue
Kubeadm: print information about certificates
Prints basic information about certificates to the user.
Example of `kubeadm init` output:
```
<master/pki> generated Certificate Authority key and certificate:
Issuer: CN=kubernetes | Subject: CN=kubernetes | CA: true
Not before: 2016-09-30 11:19:19 +0000 UTC Not After: 2026-09-28 11:19:19 +0000 UTC
Public: /etc/kubernetes/pki/ca-pub.pem
Private: /etc/kubernetes/pki/ca-key.pem
Cert: /etc/kubernetes/pki/ca.pem
<master/pki> generated API Server key and certificate:
Issuer: CN=kubernetes | Subject: CN=kube-apiserver | CA: false
Not before: 2016-09-30 11:19:19 +0000 UTC Not After: 2017-09-30 11:19:19 +0000 UTC
Alternate Names: [172.18.76.239 10.0.0.1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local]
Public: /etc/kubernetes/pki/apiserver-pub.pem
Private: /etc/kubernetes/pki/apiserver-key.pem
Cert: /etc/kubernetes/pki/apiserver.pem
<master/pki> generated Service Account Signing keys:
Public: /etc/kubernetes/pki/sa-pub.pem
Private: /etc/kubernetes/pki/sa-key.pem
```
Example of `kubeadm join` command:
```
<node/csr> received signed certificate from the API server:
Issuer: CN=kubernetes | Subject: CN=system:node:minion | CA: false
Not before: 2016-09-30 11:28:00 +0000 UTC Not After: 2017-09-30 11:28:00 +0000 UTC
```
Fixes#33642
cc @kubernetes/sig-cluster-lifecycle
Automatic merge from submit-queue
pass loopback config to poststart hooks
Updates post start hooks to take a clientconfig with the new loopback credentials for bootstrapping.
@ericchiang This is a little bit of plumbing, but mainly auth I think.
Automatic merge from submit-queue
Add ECDSA support for service account tokens
Fixes#28180
```release-note
ECDSA keys can now be used for signing and verifying service account tokens.
```
Automatic merge from submit-queue
Add test cases to test the default value of HorizontalPodAutoscaler
Add test cases to test the default value of HorizontalPodAutoscaler.
Automatic merge from submit-queue
Run hack/update-codegen.sh in release-1.4 for generating an updated 1.4 clientset
@caesarxuchao doing steps 1 and 2 as described here https://github.com/kubernetes/kubernetes/pull/33851#issuecomment-250851272
adds apps, authentication, certificates, rbac, and storage.
The reason there are substantial deletions (aside from the oneliner "this package is generated by client-gen with arguments...") is because PR https://github.com/kubernetes/kubernetes/pull/32407 added a resource to the 1.4 clientset even though the resource is not present in 1.4 and the PR is targeted to 1.5. So this corrects that, as a bonus.
Automatic merge from submit-queue
Abstraction of endpoints in leaderelection code
**Problem Statement**:
Currently the Leader Election code is hard coded against the endpoints api. This causes performance issues on large scale clusters due to incessant iptables refreshes, see: https://github.com/kubernetes/kubernetes/issues/26637
The goal of this PR is to:
- Abstract Endpoints out of the leader election code
- Fix a known bug in the event recording
fixes#18386
**Special notes for your reviewer**:
This is a 1st pass at abstracting the details of endpoints out into an interface. Any suggestions around how we we want to refactor this interface is welcome and could be addressed in either this PR or follow on PR.
/cc @ncdc @wojtek-t @rrati
Automatic merge from submit-queue
Apply default image tags for all runtimes
Move the docker-specific logic up to the ImageManager to allow code sharing
among different implementations.
Part of #31459
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Node-ip is not used when cloud provider is used
Currently --node-ip in kubelet is not being used when kubelet is configured with a cloud provider. With this fix, kubelet will get a list of IPs from the provider and parse it to return the one that matches node-ip.
This fixes#23568
Automatic merge from submit-queue
Bump glbc version to 0.8.0
Picks up k8s.io godeps for v1.4 thereby fixing an int overflow bug in the upstream delayed-workqueue pkg. Without this the controller spams logs with retries in the "soft error" case, which is easy to come by when users eg: create ingresses that point to non-exist services.
Should go into 1.4.1, because 1.4.0 is pretty much out at this point.
https://github.com/kubernetes/kubernetes/issues/33279
Automatic merge from submit-queue
add optional env var for allowing version skew in test cmd
If you only make a change to a server component and then re-run `test-cmd` you get a skew error. This is really annoying. I've left the default as it was (force version match), but now also allow `ALLOW_SKEW=true hack/test-cmd.sh` to skip the check.
@eparis worth a quick bash check, but I think I got it.
