Automatic merge from submit-queue
add enhanced volume and mount logging for block devices
Fixes#24568
Adding better logging and debugging for block device volumes and the shared SafeFormatAndMount (aws, gce, flex, rbd, cinder, etc...)
Automatic merge from submit-queue
Flannel doc description cidr modify
File "docs\proposals\flannel-integration.md", line 123, "node controller backs off cidr allocation", here cidr is not easy to understand, can be modified to CIDR.
Automatic merge from submit-queue
use regular client instead of kubectl in scheduler predicate tests when checking/setting/cleanning taints/labels
The existing implementation in scheduler predicate tests uses kubectl to check/set/clean taints/labels on node, which makes the test very related to kubectl.
This PR is to use regular client instead.
Automatic merge from submit-queue
two optimization for StartControllers in controllermanager.go
The PR changed two places to optimise StartControllers function in controllermanager.go.
Automatic merge from submit-queue
Add "federation" API group to the known versions list of federation API clients.
PR #29302 did not to add a list of known API groups to the release_1_4 client and that broke our tests. This PR should fix it (hopefully).
cc @quinton-hoole @nikhiljindal @kubernetes/sig-cluster-federation
Ref: #28615.
Automatic merge from submit-queue
controller/service: minor cleanup
1. always handle short case first for if statement
2. do not capitalize error message
3. put the mutex before the fields it protects
4. prefer switch over if elseif.
Automatic merge from submit-queue
Fix incorrect if conditions
When the current conditions `if inspect == nil && inspect.Config == nil && inspect.Config.Labels == nil` is true, the func containerAndPodFromLabels will return. else will not. Suppose `inspect != nil` but `inspect.Config == nil`, the current conditions will be false and the func won't return, then the below `labels := inspect.Config.Labels` will lead to panic.
Automatic merge from submit-queue
append an abac rule for $KUBE_USER.
Allows the specified basic-auth credentials to be authorized against all resources.
Fixes#28869.
Automatic merge from submit-queue
Updating federation controllers to use release_1_4 clientset instead of release_1_3 clientset
release_1_4 client was introduced in https://github.com/kubernetes/kubernetes/pull/26588.
Motivation for this change: All changes are now being done to release_1_4 clientset. Namespaces for ex is included in federation_release_1_4 clientset but not in federation_release_1_3.
cc @caesarxuchao @kubernetes/sig-cluster-federation
Automatic merge from submit-queue
Add load balancer in front of apiserver in HA master setup
The first commit is just https://github.com/kubernetes/kubernetes/pull/29201 and has been already LGTMed.
Second commit has some small fixes:
1. Precompute REGION variable in config
2. Add timeout for waiting for loadbalancer
3. Fix kube-down so that it doesn't delete some resources if there are still masters/nodes in other zones
Second commit also fixes bug in https://github.com/kubernetes/kubernetes/pull/29201 where variable `REGION` was unset in `kube-down` when deleting master IP. The bug caused leaking of IP addresses.
https://github.com/kubernetes/kubernetes/issues/21124
@davidopp @jszczepkowski @wojtek-t @mikedanese
Automatic merge from submit-queue
Revert "Drop support for --gce-service-account, require activated creds"
Reverts kubernetes/kubernetes#28802
This appears to break the soak tests with "invalid grant" errors -- see the recent batch of errors in #27920.
Automatic merge from submit-queue
Fix Windows terminal handling
Fix some issues with Windows terminal handling with respect to TTYs that came up as part of the
code that adds support for terminal resizing.
cc @smarterclayton @sttts @csrwng
Automatic merge from submit-queue
Allow for overriding throughput in load test
We seem to be already supporting higher throughput that what the default is.
I'm going to increase the throughput in our tests:
- speed up scalability tests
- ensure that what I'm seeing locally is really the repeatable case
This PR is a short preparation for those experiments.
[Ideally, I would like to have kubemark-500 to be finishing within 30 minutes. And I think this should be doable pretty soon.]
@gmarek
Automatic merge from submit-queue
rkt: Don't return if the service file doesn't exist when killing the pod
Remove an unused logic. Also this prevents the KillPod() from failing
when the service file doesn't exist. E.g., it can be removed by garbage
collection in a rare case:
1, There are already more than `gcPolicy.MaxContainers` containers running
on the host.
2, The new pod(A) starts to run but doesn't enter 'RUNNING' state yet.
3, GC is triggered, and it sees the pod(A) is in an inactive state (not running),
and the it needs to remove the pod to force the `gcPolicy.MaxContainers`.
4, GC fails to remove the pod because `rkt rm` fails when the pod is running,
but it removes the service file anyway.
5, Follow up KillPod() call will fail because it cannot find the service file
on disk.
Also this is possible only when the pod has been in prepared state for longer
than 1 min, which sounds like another issue.
cc @kubernetes/sig-rktnetes
Automatic merge from submit-queue
use a separate queue for initial quota calculation
When the quota controller gets backed up on resyncs, it can take a long time to observe the first usage stats which are needed by the admission plugin. This creates a second queue to prioritize the initial calculation.
Automatic merge from submit-queue
Improve scheduler throughput
Ref #28590
This improves scheduler throughput by another 10-15%.
@davidopp @kubernetes/sig-scheduling
Automatic merge from submit-queue
Change some node e2e test to use the prepull image framework.
Fix https://github.com/kubernetes/kubernetes/issues/28868.
Node e2e test framework pre-pulls all images in [image_list.go](bc2f223f5a/test/e2e_node/image_list.go)
All node e2e test should use image from the "image_list". If a test needs new image, we should update the image_list to include the new image.
/cc @kubernetes/sig-node to notice people to use `image_list` when adding test. :)
Automatic merge from submit-queue
Optimise getAPIGroupVersion function in genericapiserver.go
About the newAPIGroupVersion and the getAPIGroupVersion function in genericapiserver.go, I think they can optimise.
Automatic merge from submit-queue
Fix init container update validation for pods
Partial fix#26840
The remaining issues with `kubectl apply` on pods with init containers
are caused by temporary annotation-based representation and
will resolve themselves once init containers leave alpha state.
Also, this PR makes sure internal and external objects don't get mixed up by the
PATCH handler (see related issue #25106).
This PR is an alternative for #28557 which met criticism from @smarterclayton
and @liggitt for working around the temporary issue with annotations.
#28557 is a full fix for #26840 and contains an e2e test that cannot pass
without the `VolumeMounts` workaround. As there appears to be no
good way to include an e2e test that's known to be failing in k8s source,
I've removed it from this PR.
Either this PR or #28557 should be applied, but not both.
Automatic merge from submit-queue
add tokenreviews endpoint to implement webhook
Wires up an API resource under `apis/authentication.k8s.io/v1beta1` to expose the webhook token authentication API as an API resource. This allows one API server to use another for authentication and uses existing policy engines for the "authoritative" API server to controller access to the endpoint.
@cjcullen you wrote the initial type
Automatic merge from submit-queue
adds source debug build options
See issue & discussion here: #28227
Enables source debugging the Kubernetes binaries with tools like delve by providing the user with the ability to provide debug build options to the glang compiler.
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
Automatic merge from submit-queue
Fix "PVC Volume not detached if pod deleted via namespace deletion" issue
Fixes#29051: "PVC Volume not detached if pod deleted via namespace deletion"
This PR:
* Fixes a bug in `desired_state_of_the_world_populator.go` to check the value of `exists` returned by the `podInformer` so that it can delete pods even if the delete event is missed (or fails).
* Reduces the desired state of the world populators sleep period from 5 min to 1 min (reducing the amount of time a volume would remain attached if a volume delete event is missed or fails).
Automatic merge from submit-queue
AWS kube-up: Fix unbound KUBE_MANIFESTS_TAR_URL variable in Salt config
It shouldn't be necessary for all distros to define this env variable (broken in 97f3f80833).
This should get our e2es back creating AWS clusters, at least.
Automatic merge from submit-queue
Fix 'make test-e2e-node' example to run some tests
This PR fixes the minor problem that if you take the first example given in the Makefile and paste it verbatim,
make test-e2e-node FOCUS=kubelet SKIP=container
it says something like "Will run 0 of 34 specs". Several of the test suite descriptions contain "Kubernetes" with a capital K, but none match with a lower-case k.
The second part of the line is not great either, since some tests use "container" and some use "Container", but fixing that seems to require some standardisation on how you name the tests.
