Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
IPv6 support for getting IP from default route
This is another part of the effort to update ChoseHostInterface() to support
IPv6. In particular, this focuses on the call path, starting from
chooseHostInterfaceFromRoute(), which attempts to find the node IP by
using default route information.
In the original code, routes are collected, and examined to find default
routes. For a default route, the IPs for the associated interface are
checked to see if there is one that is a V4 address, and is not a
loopback, link local, or multicast address. If found, that IP will be
used for the node IP.
With this PR, there are some slight changes to prepare for allowing IPs
from IPv6 default routes. The routes (IPv4 at this time - a subsequent
PR will handle IPv6) are collected as before. If the route is a default
route AND it's GW address is a global unicast address, then the IPs
for the associated interface are checked. This time though, we just pick
the IP that is on the same subnet as the gateway IP.
This ensures it is not a link local, loopback, or multicast address. It
saves time, by nt checking IPs for interfaces that don't have a "global"
default route. It also will ensure the right IP is used, when using both
IPv4 and IPv6 addresses.
For example, if we have eth0 with global IPv4 and IPv6 addresses, and
an IPv6 default route, we want to select the IPv6 address, as it is
associated with the default route.
Another case is that same interface, along with eth1 containing an IPv4
address with a default route. We want to select eth1's IPv4 address,
and not the IPv4 on eth0.
This change adds more UT coverage to several methods, and removes UTs
that are redundantly testing at a higher level. Coverage is slightly
improved.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44848
**Special notes for your reviewer**:
This goes along with PR 46044, and will have another PR to the next part.
**Release note**:
```release-noteNONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
fix parse resource in setting selector
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#47718
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
kubeadm: Allows to use versions like 1.6.4 instead v1.6.4
**What this PR does / why we need it**:
As part of issue kubernetes/kubeadm#292 discussion, it
turned out that for users it is not always obvious that
version specification parameter must be in form "vX.Y.Z".
This patch allows to specify it in form "X.Y.Z" and
converts it internally to normal semantic version which
expected in the rest of the code.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm now can accept versions like "1.6.4" where previously it strictly required "v1.6.4"
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
add extra args validate
`ExtraArgsCheck` return warnings not errors. because kubeadm may create the newer version control plane, there are new arguments that kubeadm doesn't know.
Automatic merge from submit-queue
kubeadm: Implementing the certificates phase fully
**What this PR does / why we need it:**
This contains implementation of certs phases in kubeadm, which is part of the wider effort of implementing phases in kubeadm, previously in alpha stage.
The original proposal for this activity can be found [here](https://github.com/kubernetes/kubeadm/pull/156/files) and related comments.
Kubeadm phase implementation checklist is defined [here](https://github.com/kubernetes/kubeadm/issues/267)
Common implementation guidelines and principles for all phases are defined [here](https://docs.google.com/document/d/1VQMyFIVMfRGQPP3oCUpfjiWtOr3pLxp4g7cP-hXQFXc/edit?usp=sharing)
This PR implements:
- [x] kubeadm phase certs
- [x] kubeadm phase certs all
- [x] kubeadm phase certs ca
- [x] kubeadm phase certs apiserver
- [x] kubeadm phase certs apiserver-kubelet-client
- [x] kubeadm phase certs sa
- [x] kubeadm phase certs front-proxy-ca
- [x] kubeadm phase certs front-proxy-client
**Which issue this PR fixes:**
none
**Special notes for your reviewer:**
This PR resubmits the work of #45617, and already includes @luxas reviews.
Please note that:
- the API - phase\certs.go - is now totally free by any UX concerns, and implements only the core logic for cert generation.
- the UX - cmd\phase\certs.go - now takes charge of UX commands and kubeadm own's rules for placing certs in the certificate dir (e.g. create only if exists)
Automatic merge from submit-queue
Update labels.yaml
```release-note
NONE
```
Reminder that at some point we need to stop allowing humans to add
labels via github's UI, and instead drive changes through this file.
We'll need to get mungegithub's check-labels munger activated and
a documented policy for all that, so here's a bump in the meantime.
ref: kubernetes/test-infra#2504 (this PR doesn't fix the issue but that's the closest prior art I can find)
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
Added case on 'terminated-but-not-yet-deleted' for Admit.
**What this PR does / why we need it**:
Added case on 'terminated-but-not-yet-deleted' for Admit.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47867
**Release note**:
```release-note-none
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
HTTPExtender: should close resp.Body even when StatusCode not ok
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
close resp.Body even when StatusCode isn't ok
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
fix kubectl run --env flag
fixes: kubernetes/kubectl#19
cc: @ddcprg
```release-note
`kubectl run --env` no longer supports CSV parsing. To provide multiple env vars, use the `--env` flag multiple times instead of having env vars separated by commas. E.g. `--env ONE=1 --env TWO=2` instead of `--env ONE=1,TWO=2`.
```
Automatic merge from submit-queue
Local storage teardown fix
**What this PR does / why we need it**: Local storage uses bindmounts and the method IsLikelyNotMountPoint does not detect these as mountpoints. Therefore, local PVs are not properly unmounted when they are deleted.
**Which issue this PR fixes**: fixes#48331
**Special notes for your reviewer**:
You can use these e2e tests to reproduce the issue and validate the fix works appropriately https://github.com/kubernetes/kubernetes/pull/47999
The existing method IsLikelyNotMountPoint purposely does not check mountpoints reliability (4c5b22d4c6/pkg/util/mount/mount_linux.go (L161)), since the number of mountpoints can be large. 4c5b22d4c6/pkg/util/mount/mount.go (L46)
This implementation changes the behavior for local storage to detect mountpoints reliably, and avoids changing the behavior for any other callers to a UnmountPath.
**Release note**:
```
Fixes bind-mount teardown failure with non-mount point Local volumes (issue https://github.com/kubernetes/kubernetes/issues/48331).
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
federation: Cleanup cluster scripts of older federation bring up method
**What this PR does / why we need it**:
Remove older method of bringing up federation via scripts. Currently `kubefed` is the only supported mechanism and is well established and stable.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
Return clusterErr rather than err
The updateClusterIngressUIDToMasters() should return clusterErr, not err.
If the 'err' of 'masterCluster, masterUID, err := ic.getMasterCluster()' is nil and the 'clusterErr' of 'clusterObj, clusterErr := api.Scheme.DeepCopy(cluster)' is not nil, updateClusterIngressUIDToMasters() will return ("", nil).
And do not log fallbackUID when fallbackUID is nil.
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
recheck pod volumes before marking pod as processed
This PR allows a pod's volumes to be re-checked until all are added correctly. There's a limited amount of time when a persistent volume claim is still in the Pending phase, and if a pod is created in that time, the volume will not be added. The issue is not uncommon with helm charts that create all objects in close succession, particularly when using aws-ebs volumes.
fixes#28962
Added IsNotMountPoint method to mount utils (pkg/util/mount/mount.go)
Added UnmountMountPoint method to volume utils (pkg/volume/util/util.go)
Call UnmountMountPoint method from local storage (pkg/volume/local/local.go)
IsLikelyNotMountPoint behavior was not modified, so the logic/behavior for UnmountPath is not modified
fix issue where binaries not being removed. Add new client packages to lint
put new linted packages in correct location. remove flag from variables
Add all pkgs that should be linted and run sort
Add output from hack/update-bazel.sh
remove genclient=true from FischerList and regenerate client
re update bazel build files
fix missing resource method in register.go
Only relying on the NewAttacher/Detacher call counts is not enough as they
happen in parallel to the testing/verification code and thus the actual
attaching/detaching may not be done yet, resulting in flaky test results.
Fixes#46244
In Container manager, we set up the capacity by retrieving information
from cadvisor. However unlike machineinfo, filesystem information is
available at a later unknown time. This PR uses a go routine to keep
retriving the information until it is avaialble or timeout.
In jsonpath, when filtering a list, if allowMissingKeys is true, skip
over any items that are missing an intermediate key in the filter,
instead of returning a confusing error.
For example, if the filter is
{.items[?(@.metadata.annotations.foo=="bar")].metadata.name}
we should return all items where metadata.annotations.foo == bar, but if
an item in the list does not have metadata, metadata.annotations, or
metadata.annotations.foo, skip it instead of erroring.
GlusterFS volume plugin should not blindly retry all failed mounts without
auto_unmount, it should retry them only when we are sure that auto_unmount
was the reason the first attempt failed.
