Commit Graph

44855 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
fbe2d15f8c Merge pull request #41234 from vishh/nodeaphase2
Automatic merge from submit-queue

Enforce Node Allocatable via cgroups

This PR enforces node allocatable across all pods using a top level cgroup as described in https://github.com/kubernetes/community/pull/348

This PR also provides an option to enforce `kubeReserved` and `systemReserved` on user specified cgroups. 

This PR will by default make kubelet create top level cgroups even if `kubeReserved` and `systemReserved` is not specified and hence `Allocatable = Capacity`.

```release-note
New Kubelet flag `--enforce-node-allocatable` with a default value of `pods` is added which will make kubelet create a top level cgroup for all pods to enforce Node Allocatable. Optionally, `system-reserved` & `kube-reserved` values can also be specified separated by comma to enforce node allocatable on cgroups specified via `--system-reserved-cgroup` & `--kube-reserved-cgroup` respectively. Note the default value of the latter flags are "".
This feature requires a **Node Drain** prior to upgrade failing which pods will be restarted if possible or terminated if they have a `RestartNever` policy.
```

cc @kubernetes/sig-node-pr-reviews @kubernetes/sig-node-feature-requests 

TODO:

- [x] Adjust effective Node Allocatable to subtract hard eviction thresholds
- [x] Add unit tests
- [x] Complete pending e2e tests
- [x] Manual testing
- [x] Get the proposal merged

@dashpole is working on adding support for evictions for enforcing Node allocatable more gracefully. That work will show up in a subsequent PR for v1.6
2017-02-27 23:55:46 -08:00
Kubernetes Submit Queue
5891fa021b Merge pull request #42193 from mml/etcd-upgrade-test
Automatic merge from submit-queue

Change etcd test image to 3.0.17.

Follow-up from #41540
2017-02-27 23:10:45 -08:00
Matthias Bertschy
336a78aeaf Use natural sorting for strings in sorting_printer
Import new dependency vbom.ml/util/sortorder
Run ./hack/update-bazel.sh
2017-02-28 07:50:44 +01:00
Kubernetes Submit Queue
2681e38d3a Merge pull request #42097 from kargakis/address-mismatched-available-replicas
Automatic merge from submit-queue

Enqueue controllers after minreadyseconds when all pods are ready

@janetkuo this should address https://github.com/kubernetes/kubernetes/issues/41697#issuecomment-281851377. Impossible to unit test this but it should stabilize some of our deployment e2e tests that occasionally fail because of availableReplicas not being updated.

It should also fix https://github.com/kubernetes/kubernetes/issues/41641

Eventually I would like AddAfter to be able to cancel previous invocations of the same key so I opened https://github.com/kubernetes/client-go/issues/131

@kubernetes/sig-apps-bugs
2017-02-27 22:09:46 -08:00
Dr. Stefan Schimanski
63347df079 Add hack/update-staging-* to update-all.sh 2017-02-28 06:46:11 +01:00
Vishnu kannan
9b4a8f7464 fix eviction helper function description
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2017-02-27 21:24:45 -08:00
Derek Carr
a7684569fb Fix get all pods from cgroups logic 2017-02-27 21:24:45 -08:00
Vishnu kannan
b86882955b update flags script
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2017-02-27 21:24:45 -08:00
Vishnu kannan
9a65640789 fix go vet issues
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2017-02-27 21:24:45 -08:00
Vishnu Kannan
cc5f5474d5 add support for node allocatable phase 2 to kubelet
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
2017-02-27 21:24:44 -08:00
Vishnu Kannan
70e340b045 adding kubelet flags for node allocatable phase 2
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
2017-02-27 21:24:44 -08:00
Chun Chen
b605da2522 kubectl describe: show annotations 2017-02-28 13:20:23 +08:00
Kubernetes Submit Queue
9a1f0574a4 Merge pull request #41271 from kow3ns/job-upgrade-test
Automatic merge from submit-queue (batch tested with PRs 41205, 42196, 42068, 41588, 41271)

Implements an upgrade test for Job

**What this PR does / why we need it**:
This PR implements a cluster upgrade test for Job. Some functionality for Job testing has been moved from the e2e package to the framework package to facilitate code reuse between the e2e package and the upgrade package without introducing cyclic dependencies.
We need this PR to help automate the testing of cluster upgrades between versions.
**Release note**
```release-note
NONE
```
2017-02-27 21:09:54 -08:00
Kubernetes Submit Queue
9f9f570984 Merge pull request #41588 from freehan/cri-traffic-shaping
Automatic merge from submit-queue (batch tested with PRs 41205, 42196, 42068, 41588, 41271)

[CRI] enable kubenet traffic shaping

ref: https://github.com/kubernetes/kubernetes/issues/37316

Another way to do this is to expose another interface in network host to allow network plugins to retrieve annotation. But that seems unnecessary and more complicated.
2017-02-27 21:09:52 -08:00
Kubernetes Submit Queue
131167ced9 Merge pull request #42068 from mbohlool/openapigen-bugfix
Automatic merge from submit-queue (batch tested with PRs 41205, 42196, 42068, 41588, 41271)

Openapigen should process types in a consistent order

Types are sorted by name only in openapi-gen. This makes problems like #42051 for types with the same name. This PR adds an identity namer that includes full package name for the types and use that to sort types before processing them.

fixes #42051
2017-02-27 21:09:51 -08:00
Random-Liu
0351629517 Make dockershim better implements CRI. 2017-02-27 20:37:49 -08:00
Jiangtian Li
b9dfb69dd7 Fix DNS suffix search list issue for Windows container and workaround in kube-proxy.
kube-proxy iterates over DNS suffix search list and appends to DNS query for client.
2017-02-27 19:25:46 -08:00
Anthony Howe
7e2c71f698 per Jenkin's test instructions run Run ./hack/update-bazel.sh 2017-02-28 02:56:09 +00:00
Bobby Salamat
ef686716ba Add support for statefulset spreading to the scheduler 2017-02-27 18:04:08 -08:00
Tim St. Clair
3d2d6d84cd
Update defaultbackend image to 1.3 2017-02-27 17:57:35 -08:00
Madhusudan.C.S
8de2f05f63 Move push-federation-images.sh to federation and implement similar functionality in jenkins build directory for presubmits. 2017-02-27 17:54:37 -08:00
Kubernetes Submit Queue
36a5c0091b Merge pull request #42196 from zmerlynn/nuke-kube-up-aws
Automatic merge from submit-queue

AWS: Kill bash deployment

c.f. #38772, #42194 and https://k8s-testgrid.appspot.com/google-aws#aws

cluster/kube-up.sh with KUBERNETES_PROVIDER=aws has been broken on 1.6
for a couple of months now. No one is supporting it. Nuke.

```release-note
Deployment of AWS Kubernetes clusters using the in-tree bash deployment (i.e. cluster/kube-up.sh or get-kube.sh) is obsolete. v1.5.x will be the last release to support cluster/kube-up.sh with AWS. For a list of viable alternatives, see: http://kubernetes.io/docs/getting-started-guides/aws/ 
```
2017-02-27 17:52:06 -08:00
Kubernetes Submit Queue
f18e15b375 Merge pull request #41205 from marun/fed-review-marun
Automatic merge from submit-queue

fed: Add marun as reviewer

cc: @kubernetes/sig-federation-pr-reviews
2017-02-27 17:51:57 -08:00
Mike Danese
34e02c9989 add kube-env variable to block traffic to metadataserver 2017-02-27 16:54:44 -08:00
Steve Kriss
0ae2797992 added DaemonSet before/after upgrade test 2017-02-27 16:16:22 -08:00
Anthony Howe
0e37f0a890 cleanup proxier 2017-02-27 16:00:49 -08:00
Shyam JVS
75e602ca28 Convert hollow-node manifest to yaml and add init container for setting inotify limit 2017-02-28 00:53:36 +01:00
Tim St. Clair
8a5314fb6d
Rebase kube-proxy and debian-iptables on debian-base 2017-02-27 15:48:23 -08:00
Benjamin Bennett
5447db3048 Userspace proxy should remove conntrack entries
This changes the userspace proxy so that it cleans up its conntrack
settings when a service is removed (as the iptables proxy already
does).  This could theoretically cause problems when a UDP service
as deleted and recreated quickly (with the same IP address).  As
long as packets from the same UDP source IP and port were going to
the same destination IP and port, the the conntrack would apply and
the packets would be sent to the old destination.

This is astronomically unlikely if you did not specify the IP address
to use in the service, and even then, only happens with an "established"
UDP connection.  However, in cases where a service could be "switched"
between using the iptables proxy and the userspace proxy, this case
becomes much more frequent.
2017-02-27 18:41:47 -05:00
Solly Ross
655b338256 Userspace Proxy: Keep ref to service being proxied
This commit makes the userspace proxy keep an ObjectReference to the
service being proxied.  This allows the consumers of the `ServiceInfo`
struct, like `ProxySockets` to emit events about or otherwise refer to
the service.
2017-02-27 18:41:47 -05:00
Solly Ross
f5526727fb Userspace Proxy: Expose ProxySocket utility funcs
This commit exposes several utility functions that are valuable for
implementing custom ProxySockets.
2017-02-27 18:41:47 -05:00
Solly Ross
de2285ac7b Userspace Proxy: Allow any ProxySocket in Proxier
This commit adds a new method for constructing userspace proxiers,
`NewCustomProxier`.  `NewCustomProxier` functions identically to
`NewProxier`, except that it allows a custom constructor method to
be passed in to construct instances of ProxySocket.
2017-02-27 18:41:47 -05:00
Solly Ross
43c4d7ae23 Userspace Proxy: Make ProxySocket Implementable
This commit makes it possible for the `ProxySocket` interface to be
implemented by types outside of the `userspace` package.  It mainly just
exposes relevant types and fields as public.
2017-02-27 18:41:46 -05:00
Zach Loafman
f07aee2f2f AWS: Kill bash deployment
c.f. #38772, #42194 and https://k8s-testgrid.appspot.com/google-aws#aws

cluster/kube-up.sh with KUBERNETES_PROVIDER=aws has been broken on 1.6
for a couple of months now. No one is supporting it. Nuke.
2017-02-27 14:39:25 -08:00
Quintin Lee
3adac0dace Adding legacy ABAC for 1.6 2017-02-27 14:38:54 -08:00
Matt Liggett
f37f7d42ba Change etcd test image to 3.0.17. 2017-02-27 14:23:14 -08:00
Clayton Coleman
ec753da074
Make 'docker-email' optional on dockercfg secrets
It is not required for most username/password registries.
2017-02-27 17:13:08 -05:00
mbohlool
5d989ccd09 Update generated files for openapi-gen 2017-02-27 14:10:35 -08:00
mbohlool
8dc91dc0f7 Sort types before processing for openapi-gen 2017-02-27 14:08:43 -08:00
Eric Chiang
6891505db9 apiserver/pkg/server: include scheme in insecure self client config 2017-02-27 14:02:36 -08:00
Justin Santa Barbara
0b5ae5391e AWS: Support shared tag
We recognize an additional cluster tag:

kubernetes.io/cluster/<clusterid>

This now allows us to share resources, in particular subnets.

In addition, the value is used to track ownership/lifecycle.  When we
create objects, we record the value as "owned".

We also refactor out tags into its own file & class, as we are touching
most of these functions anyway.
2017-02-27 16:30:12 -05:00
Dr. Stefan Schimanski
f11d76ae44 Update client 2017-02-27 22:01:57 +01:00
Dr. Stefan Schimanski
395be3b401 apimachinery: handle duplicated and conflicting type registration 2017-02-27 21:58:21 +01:00
Dr. Stefan Schimanski
6050f59b7b apimachinery: merge Scheme.AddKnownTypes and Scheme.AddKnownTypeWithName 2017-02-27 21:58:21 +01:00
Kubernetes Submit Queue
6d9e2afeda Merge pull request #40927 from soltysh/deployment_logs
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)

Allow getting logs directly from deployment, job and statefulset

**Special notes for your reviewer**:
@smarterclayton you asked for it in OpenShift


```release-note
kubectl logs allows getting logs directly from deployment, job and statefulset
```
2017-02-27 12:45:36 -08:00
Kubernetes Submit Queue
0abcd5d51b Merge pull request #41663 from luxas/kubeadm_new_token_cmd
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)

Update kubeadm token to work as expected

**What this PR does / why we need it**:

Follows up: https://github.com/kubernetes/kubernetes/pull/41509

Updates `kubeadm token` to work as discussed in https://docs.google.com/document/d/1deJYPIF4LmhGjDVaqrswErIrV7mtwJgovtLnPCDxP7U/edit#
Promotes the command from the `ex` subcommand which now is named `alpha` for clarity. (This will later become `kubeadm alpha phase`)

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

Example UX:
```console
sudo ./kubeadm token --help
This command will manage Bootstrap Token for you.
  Please note this usage of this command is optional, and mostly for advanced users.

In short, Bootstrap Tokens are used for establishing bidirectional trust between a client and a server.
A Bootstrap Token can be used when a client (for example a node that's about to join the cluster) needs
to trust the server it is talking to. Then a Bootstrap Token with the "signing" usage can be used.
Bootstrap Tokens can also function as a way to allow short-lived authentication to the API Server
(the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

What is a Bootstrap Token more exactly?
 - It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
 - A Bootstrap Token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}"; the former part is the public Token ID,
   and the latter is the Token Secret, which must be kept private at all circumstances.
 - The name of the Secret must be named "bootstrap-token-(token-id)".

You can read more about Bootstrap Tokens in this proposal:

  https://github.com/kubernetes/community/blob/master/contributors/design-proposals/bootstrap-discovery.md

Usage:
  kubeadm token [flags]
  kubeadm token [command]

Available Commands:
  create      Create bootstrap tokens on the server.
  delete      Delete bootstrap tokens on the server.
  generate    Generate and print a bootstrap token, but do not create it on the server.
  list        List bootstrap tokens on the server.

Flags:
      --kubeconfig string   The KubeConfig file to use for talking to the cluster (default "/etc/kubernetes/admin.conf")

Use "kubeadm token [command] --help" for more information about a command.
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token list
TOKEN                     TTL         EXPIRES   USAGES                   DESCRIPTION
70c388.41a07b703aa4bedf   <forever>   <never>   authentication,signing   The default bootstrap token generated by 'kubeadm init'.
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create
c57e6a.abb75fa1debe555f
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token list
TOKEN                     TTL         EXPIRES   USAGES                   DESCRIPTION
70c388.41a07b703aa4bedf   <forever>   <never>   authentication,signing   The default bootstrap token generated by 'kubeadm init'.
c57e6a.abb75fa1debe555f   <forever>   <never>   authentication,signing   <none>
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create s
token ["s"] was not of form ["^([a-z0-9]{6})\\.([a-z0-9]{16})$"]
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create c57e6a.abb75fa1debe555f
a token with id "c57e6a" already exists
lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token delete c57e6a.abb75fa1debe555f
bootstrap token with id "c57e6a" deleted
```

**Release note**:

```release-note
NONE
```
@dmmcquay @jbeda @mikedanese @errordeveloper @pires
2017-02-27 12:45:34 -08:00
Kubernetes Submit Queue
c274e9d715 Merge pull request #42056 from ncdc/shared-informers-16-remove-legacy-code
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)

Fully remove hand-written listers and informers

Note: the first commit is from #41927. Adding do-not-merge for now as we'll want that to go in first, and then I'll rebase this on top.

Update statefulset controller to use a lister for PVCs instead of a client request. Also replace a unit test's dependency on legacylisters with the generated ones. cc @kargakis @kow3ns @foxish @kubernetes/sig-apps-pr-reviews 

Remove all references to pkg/controller/informers and pkg/client/legacylisters, and remove those packages.

@smarterclayton @deads2k this should be it!

cc @gmarek @wojtek-t @derekwaynecarr @kubernetes/sig-scalability-pr-reviews
2017-02-27 12:45:31 -08:00
Kubernetes Submit Queue
b796732ae7 Merge pull request #41282 from krmayankk/garbage
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)

Enable Garbage collection by default for RS and RC

Fixes https://github.com/kubernetes/kubernetes/issues/40898
2017-02-27 12:45:29 -08:00
Kubernetes Submit Queue
ea4156d095 Merge pull request #42053 from sttts/sttts-strict-client-go-verify
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)

Enable strict client-go verification in CI

**Follow-up of https://github.com/kubernetes/kubernetes/pull/41987. Only the two last commits are relevant here.**

This turns on strict client-go verification, i.e. PRs with missing client-go updates will fail in CI.

It also updates the client-go once to have a baseline.

**This should be enabled just after the freeze in order to enforce consistency of client-go.**
2017-02-27 12:45:26 -08:00
Derek Carr
9211e0380f stop spamming logs on restart of api server 2017-02-27 15:14:09 -05:00