Commit Graph

2411 Commits

Author SHA1 Message Date
Jeff Grafton
46e894bfd3 Switch go binaries from (hacky) static to pure Go 2017-12-23 13:13:09 -08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Kubernetes Submit Queue
1f182ae147
Merge pull request #57513 from deads2k/admission-19-config
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add eventratelimit config to scheme

Fixes https://github.com/kubernetes/kubernetes/issues/57030

Because the config types are decoded, their types have to be registered in the scheme used for admission config decoding.  Looks like we missed one.

@kubernetes/sig-api-machinery-bugs 
/assign jennybuckley
2017-12-22 19:12:19 -08:00
Jonathan Basseri
732e785e0a Performance improvement for affinity term matching.
When a PodAffinityTerm uses TopologyKey=kubernetes.io/hostname, we can
avoid searching the entire cluster for a match by only listing pods on
the given node.
2017-12-21 16:01:22 -08:00
Kubernetes Submit Queue
d7e5bd194a
Merge pull request #57477 from misterikkit/noStrCat
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Avoid string concatenation when comparing pods.

**What this PR does / why we need it**:

Pod comparison in (*NodeInfo).Filter was using GetPodFullName before
comparing pod names. This is a concatenation of pod name and pod
namespace, and it is significantly faster to compare name & namespace
instead.

This is a set of 3 PRs targeting affinity predicate performance. (#57476, #57477, #57478) The key takeaway is approximately 2x speedup in the large affinity benchmark.

The unexpected increase in BenchmarkScheduling/1000Nodes/1000Pods seems to be an outlier, and did not recur on subsequent runs. The benchmarks have a moderate amount of variance to them, and I did not run them enough times to measure mean and standard deviation.

| test | b.N | master | #57476 | #57477 | #57478 | combined |
| ---- | --- | ------ | ------ | ---------- | ---------- | -------- |
| BenchmarkScheduling/100Nodes/0Pods                | 100 |  39629010 ns/op | 36898566 ns/op (-6.89%)   |  38461530 ns/op (-2.95%)  |  36214136 ns/op (-8.62%)  |  43090781 ns/op (+8.74%)  |
| BenchmarkScheduling/100Nodes/1000Pods             | 100 |  85489577 ns/op | 69538016 ns/op (-18.66%)  |  70104254 ns/op (-18.00%) |  75015585 ns/op (-12.25%) |  80986960 ns/op (-5.27%)  |
| BenchmarkScheduling/1000Nodes/0Pods               | 100 | 219356660 ns/op | 200149051 ns/op (-8.76%)  | 192867469 ns/op (-12.08%) | 196896770 ns/op (-10.24%) | 212563662 ns/op (-3.10%)  |
| BenchmarkScheduling/1000Nodes/1000Pods            | 100 | 380368238 ns/op | 381786369 ns/op (+0.37%)  | 387224973 ns/op (+1.80%)  | 417974358 ns/op (+9.89%)  | 411140230 ns/op (+8.09%)  |
| BenchmarkSchedulingAntiAffinity/500Nodes/250Pods  | 250 | 124399176 ns/op | 97568988 ns/op (-21.57%)  | 112027363 ns/op (-9.95%)  | 129134326 ns/op (+3.81%)  |  98607941 ns/op (-20.73%) |
| BenchmarkSchedulingAntiAffinity/500Nodes/5000Pods | 250 | 491677096 ns/op | 441562422 ns/op (-10.19%) | 278127757 ns/op (-43.43%) | 447355609 ns/op (-9.01%)  | 226310721 ns/op (-53.97%) |

Combined performance contains all three patches.
Percentages are relative to master.

Methodology:

I ran the tests on each branch with this command.
```
make test-integration WHAT="./test/integration/scheduler_perf" KUBE_TEST_ARGS="-run=xxxx -bench=."
```

The benchmarks have a fair amount of variance to them, and I did not run them enough times to measure mean and standard deviation.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

The three PRs in this set should collectively fix #54189.

**Special notes for your reviewer**:

**Release note**:

```release-note
Improve scheduler performance of MatchInterPodAffinity predicate.
```
2017-12-21 15:18:55 -08:00
Jonathan Basseri
3909dc1341 Avoid array growth in FilteredList.
The method (*schedulerCache).FilteredList builds an array of *v1.Pod
that contains every pod in the cluster except for those filtered out by
a predicate. Today, it starts with a nil slice and appends to it.

Based on current usage, FilteredList is expected to return every pod in
the cluster or omit some pods from a single node. This change reserves
array capacity equal to the total number of pods in the cluster.
2017-12-21 10:50:04 -08:00
Jonathan Basseri
7b3638ea77 Avoid string concatenation when comparing pods.
Pod comparison in (*NodeInfo).Filter was using GetPodFullName before
comparing pod names. This is a concatenation of pod name and pod
namespace, and it is significantly faster to compare name & namespace
instead.
2017-12-21 09:31:53 -08:00
David Eads
5e966af1d0 add eventratelimit config to scheme 2017-12-21 08:09:55 -05:00
Kubernetes Submit Queue
754bb1350f
Merge pull request #55442 from anfernee/priority_resource
Automatic merge from submit-queue (batch tested with PRs 57257, 55442). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Merge 3 resource allocation priority functions

**What this PR does / why we need it**: those 3 priority functions are closed related, and share a lot of the same logic, put them together.

**Release note**:
```release-note
None
```
2017-12-20 23:56:49 -08:00
Yongkun Anfernee Gui
c65225ee19 Merge 3 resource allocation priority functions 2017-12-20 17:21:22 -08:00
Kubernetes Submit Queue
c13a2abaf3
Merge pull request #57368 from brendandburns/version
Automatic merge from submit-queue (batch tested with PRs 57349, 57368). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add '/version/' to the system:discovery role, since that's what the spec says.

See: https://github.com/kubernetes-client/java/issues/153

```release-note
Add the path '/version/' to the `system:discovery` cluster role.
```
2017-12-20 14:53:38 -08:00
Brendan Burns
20bb9edff4
Update cluster-roles.yaml 2017-12-20 10:44:55 -08:00
Brendan Burns
519d0cde7b
Update policy.go 2017-12-20 10:44:07 -08:00
Kubernetes Submit Queue
51fbd6e637
Merge pull request #57168 from yastij/predicates-ordering
Automatic merge from submit-queue (batch tested with PRs 57252, 57168). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Implementing predicates ordering

**What this PR does / why we need it**: implements predicates ordering for the scheduler

**Which issue(s) this PR fixes** : Fixes #53812 

**Special notes for your reviewer**:


@bsalamat @gmarek @resouer as discussed on slack, to implement ordering we have to choices:

- use a layered approach with a list that indexes the order of the predicates map

- change the underlying data structure used to represent a collection of predicates (a map in our case) into a list of predicates objects. 
Going with this solution might be "cleaner" but it will require a lot of changes and will increase the cost for accessing predicates from O(1) to O(n) (n being the number of predicates used by the scheduler).

we might go with this solution for now. If the number of predicates start growing, we might switch to the second option.
 
**Release note**:

```release-note
adding predicates ordering for the kubernetes scheduler.
```
2017-12-20 07:48:35 -08:00
Yassine TIJANI
e62952d02b using consts to refer to predicate names 2017-12-20 13:21:20 +00:00
Brendan Burns
ec53238901 Add '/version/*' to the system:discovery role, since that's what the open
api spec says.
2017-12-19 21:47:20 -08:00
Kubernetes Submit Queue
60e7727cb8
Merge pull request #57348 from tallclair/psp-owners
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add PodSecurityPolicy OWNERS

Make myself an approver of PodSecurityPolicy, and also add a couple reviewers.

```release-note
NONE
```
2017-12-18 13:29:51 -08:00
Kubernetes Submit Queue
b6b1762a80
Merge pull request #56349 from php-coder/simplify_admission_test
Automatic merge from submit-queue (batch tested with PRs 56947, 56349, 57140, 53686, 57314). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

 admission_test.go(TestAdmitPreferNonmutating): simplify test

**What this PR does / why we need it**:
This PR simplifies `TestAdmitPreferNonmutating` test by inlining members that have a constant values.

**Release note**:
```release-note
NONE
```

PTAL @liggitt @tallclair 
CC @simo5
2017-12-18 12:24:38 -08:00
Tim Allclair
f65b709794
Add PodSecurityPolicy OWNERS 2017-12-18 11:47:05 -08:00
Yassine TIJANI
ecba504974 implementing predicates ordering 2017-12-18 17:44:24 +00:00
Kubernetes Submit Queue
665e8b2d65
Merge pull request #56375 from CaoShuFeng/glogV10
Automatic merge from submit-queue (batch tested with PRs 56375, 56872, 57053, 57165, 57218). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

remove extra level check of glog

**Release note**:
```release-note
NONE
```
2017-12-17 05:33:38 -08:00
Kubernetes Submit Queue
7a23bbb024
Merge pull request #57177 from liggitt/rbac-log
Automatic merge from submit-queue (batch tested with PRs 56386, 57204, 55692, 57107, 57177). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Raise RBAC DENY log level

Fixes #46877 
Fixes https://github.com/kubernetes/kubernetes/issues/55821

Can still be logged verbosely with `--vmodule=rbac*=5` if desired

```release-note
NONE
```
2017-12-17 04:19:47 -08:00
Kubernetes Submit Queue
7f87337b8b
Merge pull request #56650 from danwinship/networkpolicy-rbac
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add RBAC policies for NetworkPolicy

**What this PR does / why we need it**:
When using RBAC, none of the namespace-level roles currently have permission to do anything with NetworkPolicy. (Only cluster-admin does, by virtue of having permission on "*".) This fixes it so "admin" and "edit" have read/write permission, and "view" has read-only permission.

I added permission for both the extensions and networking objects, which I believe is correct as long as both of them exist?

(This would be nice to fix in 1.9, although it's not a regression. It's always been broken.)

**Release note**:
```release-note
When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources.
```
2017-12-16 12:09:11 -08:00
Kubernetes Submit Queue
203078538a
Merge pull request #56792 from denverdino/fix-typo-in-algorithmprovider-defaults
Automatic merge from submit-queue (batch tested with PRs 56250, 56809, 56812, 56792, 56724). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix typo

Signed-off-by: Li Yi <denverdino@gmail.com>

**What this PR does / why we need it**:

Fix the typo in /plugin/pkg/scheduler/algorithmprovider/defaults.go
2017-12-16 07:46:46 -08:00
Kubernetes Submit Queue
54591dd181
Merge pull request #56707 from brunomcustodio/kube-scheduler-config-file-warning
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix wording in kube-scheduler warning

**Release note**:
```release-note
NONE
```
2017-12-16 04:58:24 -08:00
Kubernetes Submit Queue
a99fdfc680
Merge pull request #56480 from CaoShuFeng/schedule_queue
Automatic merge from submit-queue (batch tested with PRs 56480, 56675, 56624, 56648, 56658). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix scheduling queue unit test

This change makes sure the Pop() test finish completely.

**Release note**:
```release-note
NONE
```
2017-12-16 03:24:40 -08:00
Kubernetes Submit Queue
f5fa99cc82
Merge pull request #56549 from CaoShuFeng/thread_safe
Automatic merge from submit-queue (batch tested with PRs 56579, 55236, 56512, 56549, 56538). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Heap is not thread safe in scheduling queue

/cc @bsalamat 

**Release note**:
```release-note
NONE
```
2017-12-15 21:19:42 -08:00
Kubernetes Submit Queue
d9b45d08c0
Merge pull request #56460 from liggitt/flex-pv-secret
Automatic merge from submit-queue (batch tested with PRs 56413, 56322, 56490, 56460, 56487). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Allow FlexVolume PV secret namespaces

Completes the secret namespace PV refactor, so all PV volume sources that specify secrets can reference them outside the PVC namespace.

Finished the secret-related aspect of https://github.com/kubernetes/kubernetes/issues/32131

```release-note
PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace.
```
2017-12-15 16:43:55 -08:00
Kubernetes Submit Queue
40ad5d02f8
Merge pull request #56322 from guangxuli/priority_map_performance
Automatic merge from submit-queue (batch tested with PRs 56413, 56322, 56490, 56460, 56487). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Put process of getting pod controller reference into metadata

**What this PR does / why we need it**:
We should extract our common process/data into metadata just as other map priority functions do, so we could avoid getting same required data repeatedly in every node map process.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
None

**Special notes for your reviewer**:

**Release note**:

```release-note
None
```
2017-12-15 16:43:50 -08:00
Kubernetes Submit Queue
68c857e207
Merge pull request #55957 from jsafrane/protection-predicate
Automatic merge from submit-queue (batch tested with PRs 57211, 56150, 56368, 56271, 55957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Skip pods that refer to PVCs that are being deleted

**What this PR does / why we need it**:

New check was added to `Schedule()` to make sure that a scheduled pod refers to existing PVCs that are not being deleted.

In 1.9 we plan to add a new feature that uses finalizers on PVC to protect PVCs that are used by a running pod from being deleted. This finalizer will be removed when all pods that use a PVC are finished or deleted. See https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/postpone-pvc-deletion-if-used-in-a-pod.md for details.

I needed to pass `pvcLister` to `GenericScheduler`.

UX:

```
$ kubectl describe pod
...
  Type     Reason            Age              From               Message
  ----     ------            ----             ----               -------
  Warning  FailedScheduling  5s (x4 over 8s)  default-scheduler  persistentvolumeclaim "myclaim" is being deleted
  Warning  FailedScheduling  1s (x2 over 1s)  default-scheduler  persistentvolumeclaim "myclaim" not found

```


**Release note**:

```release-note
Scheduler skips pods that use a PVC that either does not exist or is being deleted.
```

/sig scheduling
/kind feature
2017-12-15 14:00:49 -08:00
Kubernetes Submit Queue
588c1e970a
Merge pull request #56271 from tanshanshan/fix-little-scheduler
Automatic merge from submit-queue (batch tested with PRs 57211, 56150, 56368, 56271, 55957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Put variable declared in the front.

**What this PR does / why we need it**:

put variable declared in the front.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note

```
2017-12-15 14:00:47 -08:00
Kubernetes Submit Queue
e2e5f2339b
Merge pull request #55853 from guangxuli/fix_scheduler_test
Automatic merge from submit-queue (batch tested with PRs 56308, 54304, 56364, 56388, 55853). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

httptest server should be close since Close issue has been fixed

**What this PR does / why we need it**:
per https://github.com/kubernetes/kubernetes/issues/19254, the issue seem to be fix for a long time and `server.Close` is no longer a issue in current related golang version, so it's time to uncomment the server.Close(). 

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
None
**Special notes for your reviewer**:

**Release note**:

```release-note
None
```
2017-12-15 02:04:45 -08:00
Kubernetes Submit Queue
59bf6fed73
Merge pull request #56388 from CaoShuFeng/failureDomain
Automatic merge from submit-queue (batch tested with PRs 56308, 54304, 56364, 56388, 55853). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

clean up failure domain from InterPodAffinityPriority

**Release note**:
```release-note
NONE
```
2017-12-15 02:04:42 -08:00
Kubernetes Submit Queue
45f983144f
Merge pull request #55504 from php-coder/cleanup_create_sc
Automatic merge from submit-queue (batch tested with PRs 55557, 55504, 56269, 55604, 56202). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Create{Container,Pod}SecurityContext: modify a pod and don't return the annotations

**What this PR does / why we need it**:
Prior https://github.com/kubernetes/kubernetes/pull/52849 we couldn't modify a pod and had to return annotations from the methods. But now, as we always working with a copy of a pod, we can modify it directly and we don't need to copy&return annotations separately.

This PR simplifies the code by modifying a pod directly. Also it renames these methods and replaces returning of the `SecurityContext` by in-place modification.

In fact it reverts the changes from https://github.com/kubernetes/kubernetes/pull/30257

**Release note**:
```release-note
NONE
```

PTAL @liggitt @timstclair 
CC @simo5
2017-12-14 13:54:40 -08:00
Kubernetes Submit Queue
5e478f072c
Merge pull request #56184 from CaoShuFeng/statefulset
Automatic merge from submit-queue (batch tested with PRs 54410, 56184, 56199, 56191, 56231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

remove useless const

Trivial fix.

**Release note**:

```release-note
NONE
```
2017-12-14 05:33:11 -08:00
Jordan Liggitt
13854c46a7
Raise RBAC DENY log level 2017-12-14 00:06:23 -05:00
Jordan Liggitt
d073c10dbc
Refactor flex pv to allow secret namespace 2017-12-13 23:32:16 -05:00
Kubernetes Submit Queue
7335c41ebe
Merge pull request #56622 from wackxu/nodemiss
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

delete a node from its cache if it gets node not found error

**What this PR does / why we need it**:

delete a node from its cache if it gets node not found error

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubernetes/issues/56261

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-12-12 11:22:12 -08:00
Kubernetes Submit Queue
305d644363
Merge pull request #56577 from resouer/fix-eclass-pvc
Automatic merge from submit-queue (batch tested with PRs 56688, 56577). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add pvc as part of equivalence hash

**What this PR does / why we need it**:

Should add PVC as part of equivalence hash so that `StatefulSe`t and `Operator` will always run the volume predicate, while the `ReplicaSet` can still  re-use cached ones.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #56265

**Special notes for your reviewer**:

**Release note**:

```release-note
Add pvc as part of equivalence hash
```
2017-12-05 14:31:09 -08:00
Kubernetes Submit Queue
3fef902161
Merge pull request #56709 from gnufied/cluster-role-for-cloud-provider
Automatic merge from submit-queue (batch tested with PRs 56785, 56709). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

cloud-provider needs cluster-role to apply taint to the node

When volume is stuck in attaching state on AWS, cloud-provider
needs to taint the node. But the node can not be tainted
without proper access. Without this change https://github.com/kubernetes/kubernetes/pull/55558 will not work.

xref - https://github.com/kubernetes/kubernetes/issues/56819

cc @jsafrane @liggitt 

/sig storage

```release-note
none
```
2017-12-04 17:14:14 -08:00
Hemant Kumar
514f219c22 cloud-provider needs cluster-role to apply taint to the node
When volume is stuck in attaching state on AWS, cloud-provider
needs to taint the node. But the node can not be tainted
without proper access.
2017-12-04 10:57:21 -05:00
Li Yi
44877d87cb Fix typo
Change-Id: Ie8a4e9cf510fe2f7e7445af03476a0e7759a0360
Signed-off-by: Li Yi <denverdino@gmail.com>
2017-12-04 21:16:31 +08:00
Kubernetes Submit Queue
050956b08e
Merge pull request #56533 from vladimirvivien/csi-featuregate-fix
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

CSI - Fix feature gate bug and add bootstrap RBAC rules

**What this PR does / why we need it**:
This PR addresses show-stopper bug https://github.com/kubernetes/kubernetes/issues/56532.  It fixes the faulty feature gate logic and adds RBAC rules for kube-controller-manager and kubelet that allows `VolumeAttachment` API operations against the api-server.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #56532, #56667 

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
2017-12-03 07:54:04 -08:00
Kubernetes Submit Queue
2b98a976fb
Merge pull request #53647 from wenlxie/githubupstream.master.fixinterpodantiaffinity
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix inter-pod anti-affinity issue

This is used to fix:
https://github.com/kubernetes/kubernetes/issues/50813
2017-12-03 07:13:08 -08:00
Harry Zhang
b3bb74e3a3 Update generated bazel 2017-12-02 22:24:17 +08:00
Harry Zhang
e4055c0df2 Add pvc as part of equivalence hash
Use factory to generat get equivalence pod func
2017-12-02 22:24:17 +08:00
Harry Zhang
af243f4824 Fix PV counter predicate in eclass 2017-12-02 22:24:17 +08:00
Vladimir Vivien
179d8e108e CSI - feature gate fix, gated RBAC rules, csi nodeID label
This commit tracks chages to fix blocking bugs such as feature gates, rbac rules, usage
of csi nodeID to derive attachment ID.
2017-12-02 05:54:54 -05:00
wackxu
aac60b6cbb delete a node from its cache if it gets node not found error 2017-12-02 09:34:25 +08:00
Bruno Miguel Custodio
0a5a1f1cb4
fix wording in kube-scheduler warning 2017-12-01 17:00:05 +00:00