Commit Graph

104654 Commits

Author SHA1 Message Date
Walter Fender
f7185b0be1 Add mTLS as default HTTPConnect egress configuration for GCP.
We currently have UDS as the configuration with GRPC.
Some users are setting up egress to remote konnectivity servers.
Cannot use UDS for this configuration.
Should have a config setup which validates the mTLS configuration.

Fixed lint errors from shell check.
Fix volumes to not include pki for ANP in grpc mode.
2021-11-05 11:39:39 -07:00
Kubernetes Prow Robot
cb040e5097
Merge pull request #106030 from danwinship/session-affinity-readiness
misc iptables proxy fixes
2021-11-05 11:39:21 -07:00
Kubernetes Prow Robot
cee4aa09b0
Merge pull request #102917 from bysnupy/patch-1
Use "Capacity" instead of "Allocatable" for an accurate node memory total size
2021-11-05 11:39:09 -07:00
Kubernetes Prow Robot
d2aa5fc100
Merge pull request #106177 from aojea/RoundTripperWrapper
client-go token source transport implement RoundTripperWrapper interface
2021-11-05 07:53:53 -07:00
Antonio Ojea
938cc5445d assert RoundTripperWrapper interface 2021-11-05 14:53:22 +01:00
Manu Gupta
79a51090f9
fix: 81134: fix unsafe json for ReleaseControllerRevision (#104049)
* fix: 81134: fix unsafe json for ReleaseControllerRevision

1. Ensures that ReleaseControllerRevision returns a proper json by
marshalling an object into bytes. Otherwise, it returns an error.

2. Also, refactors the code to commonize the merge type
   GenerateDeleteOwnerRefStrategicMergeBytes that returns a byte and is
   used across ReleasePod, ReleaseControllerRevison
   ReleaseReplicaSet.

* Move GeneratePatchBytesForDelete to controller_ref_manager
2021-11-05 06:33:52 -07:00
Kubernetes Prow Robot
47041cd2a2
Merge pull request #105140 from brianpursley/kubectl-1101
Add --override-type flag to kubectl run and kubectl expose
2021-11-05 05:13:52 -07:00
Antonio Ojea
ef190f860a client-go token source transport implement RoundTripperWrapper interface 2021-11-05 12:22:23 +01:00
brianpursley
0e697e19ac Add --override-type flag to kubectl run and kubectl expose to allow the choice of using a JSON Patch or Strategic Merge Patch to apply the override to the generated output. 2021-11-05 07:10:47 -04:00
Kubernetes Prow Robot
aa964e097c
Merge pull request #106150 from pohly/log-runner-kubemark
kubemark: replace deprecated --log-file parameter with runner
2021-11-05 04:01:52 -07:00
Kubernetes Prow Robot
ed42bbd722
Merge pull request #106126 from soltysh/remove_old_cronjob
Remove old cronjob controller
2021-11-04 20:35:53 -07:00
Kubernetes Prow Robot
8ce440c45c
Merge pull request #105949 from robscott/topology-e2e
Initial Topology Hints e2e Tests
2021-11-04 17:12:04 -07:00
Kubernetes Prow Robot
adcd2feb5e
Merge pull request #104153 from cynepco3hahue/e2e_node_provide_static_kubelet_config
e2e node: provide static kubelet config
2021-11-04 17:11:53 -07:00
Kubernetes Prow Robot
27d3a9ec57
Merge pull request #104481 from AlexeyPerevalov/E2eIsKubeletConfiguration
e2e_node: Properly check for DynamicKubeletConfig
2021-11-04 16:11:53 -07:00
Kubernetes Prow Robot
508e67937e
Merge pull request #106038 from NikhilSharmaWe/betterOutputNode
Changed code to improve output for files under test/e2e/node
2021-11-04 14:38:23 -07:00
Kubernetes Prow Robot
451e1addd8
Merge pull request #105960 from ueokande/max-unavailable-pdb-tests
test: Assert max unavailable for PDB test cases
2021-11-04 13:36:22 -07:00
Dan Winship
229ae58520 proxy/iptables: fix all-vs-ready endpoints a bit
Filter the allEndpoints list into readyEndpoints sooner, and set
"hasEndpoints" based (mostly) on readyEndpoints, not allEndpoints (so
that, eg, we correctly generate REJECT rules for services with no
_functioning_ endpoints, even if they have unusable terminating
endpoints).

Also, write out the endpoint chains at the top of the loop when we
iterate the endpoints for the first time, rather than copying some of
the data to another set of variables and then writing them out later.
And don't write out endpoint chains that won't be used

Also, generate affinity rules only for readyEndpoints rather than
allEndpoints, so affinity gets broken correctly when an endpoint
becomes unready.
2021-11-04 16:32:08 -04:00
Dan Winship
3679639cf1 proxy/iptables: Remove a no-op check
There was code to deal with endpoints that have invalid/empty IP
addresses, but EndpointSlice validation already ensures that these
can't exist.
2021-11-04 16:32:08 -04:00
Dan Winship
6ab3dc6875 proxy/iptables: Add more stuff to the unit test
The external traffic policy terminating endpoints test was testing
LoadBalancer functionality against a NodePort service with no
nodePorts (or loadBalancer IPs). It managed to test what it wanted to
test, but it's kind of dubious (and we probably _shouldn't_ have been
generating the rules it was looking for since there was no way to
actually reach the XLB chains). So fix that.

Also make the terminating endpoints test use session affinity, to add
more testing for that. Also, remove the multiple copies of the same
identical Service that is used for all of the test cases in that test.

Also add a "Cluster traffic policy and no source ranges" test to
TestOverallIPTablesRulesWithMultipleServices since we weren't really
testing either of those.

Also add a test of --masquerade-all.
2021-11-04 16:32:08 -04:00
Dan Winship
22a951c096 proxy/iptables: Fix TestOnlyLocalNodePortsNoClusterCIDR
The test got broken to not actually use "no cluster CIDR" when
LocalDetector was implemented (and the old version of the unit test
didn't check enough to actually notice this).
2021-11-04 16:32:08 -04:00
Dan Winship
799c222c84 proxy/iptables: test that we create a consistent set of iptables rules 2021-11-04 16:32:08 -04:00
Dan Winship
9403bfb178 proxy/iptables: Misc improvements to unit test
The original tests here were very shy about looking at the iptables
output, and just relied on checks like "make sure there's a jump to
table X that also includes string Y somewhere in it" and stuff like
that. Whereas the newer tests were just like, "eh, here's a wall of
text, make sure the iptables output is exactly that". Although the
latter looks messier in the code, it's more precise, and it's easier
to update correctly when you change the rules. So just make all of the
tests do a check on the full iptables output.

(Note that I didn't double-check any of the output; I'm just assuming
that the output of the current iptables proxy code is actually
correct...)

Also, don't hardcode the expected number of rules in the metrics
tests, so that there's one less thing to adjust when rules change.

Also, use t.Run() in one place to get more precise errors on failure.
2021-11-04 16:32:06 -04:00
Dan Winship
a1a12ca1da proxy/iptables: Improve the sorting logic in TestOverallIPTablesRulesWithMultipleServices
The test was sorting the iptables output so as to not depend on the
order that services get processed in, but this meant it wasn't
checking the relative ordering of rules (and in fact, the ordering of
the rules in the "expected" string was wrong, in a way that would
break things if the rules had actually been generated in that order).

Add a more complicated sorting function that sorts services
alphabetically while preserving the ordering of rules within each
service.
2021-11-04 16:31:16 -04:00
Dan Winship
08680192fb proxy/iptables: Fix sync_proxy_rules_iptables_total metric
It was counting the number of lines including the "COMMIT" line at the
end, so it was off by one.
2021-11-04 16:30:12 -04:00
Patrick Ohly
c3cd9a3902 kubemark: static binary, replace deprecated --log-file parameter
The --log-file parameter will be deprecated as of Kubernetes 1.23 and should be
avoided. The replacement for distroless images is the image with go-runner, a
tool that handles output redirection.

For kubemark to run in that image it must be built as static binary.
2021-11-04 20:52:56 +01:00
Kubernetes Prow Robot
1d8966f4f9
Merge pull request #106140 from jonyhy96/fix-flake
component-base: npe when renew hiddenCollectors
2021-11-04 12:34:43 -07:00
Kubernetes Prow Robot
dc93951ad0
Merge pull request #106090 from pohly/log-v-flags
component-base: move v/vmodule/log-flush-frequency into LoggingConfiguration
2021-11-04 12:34:34 -07:00
Kubernetes Prow Robot
2af34cf54d
Merge pull request #105940 from dobsonj/kep-1682-ga
Move CSIVolumeFSGroupPolicy feature to GA
2021-11-04 12:34:23 -07:00
Kubernetes Prow Robot
ce1f5af849
Merge pull request #105541 from pohly/component-base-owners
component-base: avoid accumulating default labels
2021-11-04 11:22:23 -07:00
Kubernetes Prow Robot
6d30c96d4a
Merge pull request #106042 from chendave/aggregate
kubeadm: aggregate all the errors when the shared certs are validated
2021-11-04 10:06:15 -07:00
Kubernetes Prow Robot
c2706035f2
Merge pull request #105941 from rezakrimi/issue/105861
Make some scheduler metrics stable
2021-11-04 10:06:03 -07:00
Kubernetes Prow Robot
4c659c5342
Merge pull request #105648 from kkkkun/kkkkun/fix-metric
GET should be transformed to watch in kube-Apiserver
2021-11-04 07:48:04 -07:00
Nikhil Sharma
0316542704 Changed code to improve output for files under test/e2e/node 2021-11-04 20:09:59 +05:30
Shin'ya UEOKA
5c76507c3f test: Assert max unavailable for PDB test cases 2021-11-04 22:49:45 +09:00
Artyom Lukianov
50fdcdfc59 e2e_node: refactor code to use a single method to update the kubelet config
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
2021-11-04 15:44:35 +02:00
kkkkun
5f98d8f798 Fix bug: Specical GET should be transformed to WATCH 2021-11-04 21:33:30 +08:00
Artyom Lukianov
ca35bdb403 e2e_node: remove DynamicKubeletConfig tests from serial lane
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
2021-11-04 15:26:19 +02:00
Artyom Lukianov
b6211657bf e2e_node: drop usage of DynamicKubeletConfig
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
2021-11-04 15:26:19 +02:00
Artyom Lukianov
a5ed6c824a e2e_node: provide methods to update kubelet config via file
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
2021-11-04 15:26:19 +02:00
Maciej Szulik
5254493044
Remove old cronjob controller 2021-11-04 13:24:28 +01:00
Kubernetes Prow Robot
f1b000db7c
Merge pull request #106146 from pohly/json-output-default
component-base: use stderr as default output stream for JSON
2021-11-04 04:22:04 -07:00
Kubernetes Prow Robot
2f21cff49d
Merge pull request #106018 from ahrtr/replace_ioutil_with_io_os_cluster_gce_gci
Replace ioutil with io and os for cluster/gce/gci
2021-11-04 03:08:03 -07:00
Patrick Ohly
b4988a4259 component-base: use stderr as default output stream for JSON
This makes it consistent with klog's text output and avoids polluting the
programs normal output with log messages. This may become relevant for command
line tools like "kubectl".
2021-11-04 10:24:01 +01:00
Kubernetes Prow Robot
3b76c75831
Merge pull request #106108 from bobbypage/graceful-shutdown-test-fixes
Fixes for graceful node shutdown test
2021-11-03 23:04:04 -07:00
Kubernetes Prow Robot
8facd72986
Merge pull request #106020 from ahrtr/replace_ioutil_with_io_os_hack
Replace ioutil with io and os for hack
2021-11-03 20:50:03 -07:00
haoyun
1a21a53f7e fix: npe when renew hiddenCollectors
Signed-off-by: haoyun <yun.hao@daocloud.io>
2021-11-04 11:10:07 +08:00
Dave Chen
c85fb0e6ac Aggregate all the errors when the shared certs are validated
Instead of the individual error and return, it's better to aggregate all
the errors so that we can fix them all at once.

Take the chance to fix some comments, since kubeadm are not checking that
the certs are equal across controlplane.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2021-11-04 10:12:00 +08:00
David Porter
ddd0d8a3da test: fixes for graceful node shutdown test
* Bump the pod status and node status update timeouts to avoid flakes
* Add a small delay after dbus restart to ensure dbus has enough time to
  restart to startup prior to sending shutdown signal
* Change check of pod being terminated by graceful shutdown. Previously,
  the pod phase was checked to see if it was `Failed` and the pod reason
  string matched. This logic needs to change after 1.22 graceful node
  shutdown change introduced in PR #102344 which changed behavior to no
  longer put the pods into a failed phase. Instead, the test now checks
  that containers are not ready, and the pod status message and reason
  are set appropriately.

Signed-off-by: David Porter <david@porter.me>
2021-11-03 18:40:26 -07:00
Kubernetes Prow Robot
662ea77c6a
Merge pull request #105996 from marosset/host-process-volume-mount-e2e
Adding e2e tests to validate volume mounts in HostProcessContainers on Windows
2021-11-03 17:24:05 -07:00
Kubernetes Prow Robot
904e97281f
Merge pull request #94986 from tkashem/audit-drop-managed-fields
drop managed fields from audit entries
2021-11-03 16:24:03 -07:00