Automatic merge from submit-queue
CRI: Handle empty container name in dockershim.
Fixes https://github.com/kubernetes/kubernetes/issues/35924.
Dead container may have no name, we should handle this properly.
@yujuhong @bprashanth
Automatic merge from submit-queue
make ./pkg/client/listers compile
currently compilation is broken
```
$ go install ./pkg/client/listers/...
# k8s.io/kubernetes/pkg/client/listers/apps/v1alpha1
pkg/client/listers/apps/v1alpha1/zz_generated.statefulset.go:89: undefined: apps in apps.Resource
# k8s.io/kubernetes/pkg/client/listers/autoscaling/v1
pkg/client/listers/autoscaling/v1/zz_generated.horizontalpodautoscaler.go:89: undefined: autoscaling in autoscaling.Resource
# k8s.io/kubernetes/pkg/client/listers/batch/v2alpha1
pkg/client/listers/batch/v2alpha1/zz_generated.job.go:89: undefined: batch in batch.Resource
pkg/client/listers/batch/v2alpha1/zz_generated.scheduledjob.go:89: undefined: batch in batch.Resource
# k8s.io/kubernetes/pkg/client/listers/authentication/v1beta1
pkg/client/listers/authentication/v1beta1/zz_generated.tokenreview.go:63: undefined: authentication in authentication.Resource
# k8s.io/kubernetes/pkg/client/listers/batch/v1
pkg/client/listers/batch/v1/zz_generated.job.go:89: undefined: batch in batch.Resource
# k8s.io/kubernetes/pkg/client/listers/authorization/v1beta1
pkg/client/listers/authorization/v1beta1/zz_generated.localsubjectaccessreview.go:89: undefined: authorization in authorization.Resource
pkg/client/listers/authorization/v1beta1/zz_generated.selfsubjectaccessreview.go:63: undefined: authorization in authorization.Resource
pkg/client/listers/authorization/v1beta1/zz_generated.subjectaccessreview.go:63: undefined: authorization in authorization.Resource
# k8s.io/kubernetes/pkg/client/listers/certificates/v1alpha1
pkg/client/listers/certificates/v1alpha1/zz_generated.certificatesigningrequest.go:63: undefined: certificates in certificates.Resource
# k8s.io/kubernetes/pkg/client/listers/policy/v1alpha1
pkg/client/listers/policy/v1alpha1/zz_generated.poddisruptionbudget.go:89: undefined: policy in policy.Resource
# k8s.io/kubernetes/pkg/client/listers/core/v1
pkg/client/listers/core/v1/zz_generated.componentstatus.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.configmap.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.endpoints.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.event.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.limitrange.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.namespace.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.node.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.persistentvolume.go:62: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.persistentvolumeclaim.go:89: undefined: api in api.Resource
pkg/client/listers/core/v1/zz_generated.pod.go:89: undefined: api
pkg/client/listers/core/v1/zz_generated.pod.go:89: too many errors
# k8s.io/kubernetes/pkg/client/listers/imagepolicy/v1alpha1
pkg/client/listers/imagepolicy/v1alpha1/zz_generated.imagereview.go:63: undefined: imagepolicy in imagepolicy.Resource
# k8s.io/kubernetes/pkg/client/listers/rbac/v1alpha1
pkg/client/listers/rbac/v1alpha1/zz_generated.clusterrole.go:63: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.clusterrolebinding.go:63: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.role.go:89: undefined: rbac in rbac.Resource
pkg/client/listers/rbac/v1alpha1/zz_generated.rolebinding.go:89: undefined: rbac in rbac.Resource
# k8s.io/kubernetes/pkg/client/listers/storage/v1beta1
pkg/client/listers/storage/v1beta1/zz_generated.storageclass.go:63: undefined: storage in storage.Resource
# k8s.io/kubernetes/pkg/client/listers/extensions/v1beta1
pkg/client/listers/extensions/v1beta1/zz_generated.daemonset.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.deployment.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.ingress.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.job.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.podsecuritypolicy.go:63: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.replicaset.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.scale.go:89: undefined: extensions in extensions.Resource
pkg/client/listers/extensions/v1beta1/zz_generated.thirdpartyresource.go:63: undefined: extensions in extensions.Resource
```
cc @ncdc @caesarxuchao
Automatic merge from submit-queue
CRI: Add kuberuntime container logs
Based on https://github.com/kubernetes/kubernetes/pull/34858.
The first 2 commits are from #34858. And the last 2 commits are new.
This PR added kuberuntime container logs support and add unit test for it.
I've tested all the functions manually, and I'll send another PR to write a node e2e test for container log.
**_Notice: current implementation doesn't support log rotation**_, which means that:
- It will not retrieve logs in rotated log file.
- If log rotation happens when following the log:
- If the rotation is using create mode, we'll still follow the old file.
- If the rotation is using copytruncate, we'll be reading at the original position and get nothing.
To solve these issues, kubelet needs to rotate the log itself, or at least kubelet should be able to control the the behavior of log rotator. These are doable but out of the scope of 1.5 and will be addressed in future release.
@yujuhong @feiskyer @yifan-gu
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Node controller to not force delete pods
Fixes https://github.com/kubernetes/kubernetes/issues/35145
- [x] e2e tests to test Petset, RC, Job.
- [x] Remove and cover other locations where we force-delete pods within the NodeController.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
``` release-note
Node controller no longer force-deletes pods from the api-server.
* For StatefulSet (previously PetSet), this change means creation of replacement pods is blocked until old pods are definitely not running (indicated either by the kubelet returning from partitioned state, or deletion of the Node object, or deletion of the instance in the cloud provider, or force deletion of the pod from the api-server). This has the desirable outcome of "fencing" to prevent "split brain" scenarios.
* For all other existing controllers except StatefulSet , this has no effect on the ability of the controller to replace pods because the controllers do not reuse pod names (they use generate-name).
* User-written controllers that reuse names of pod objects should evaluate this change.
```
Status is exposed as v1 in the current schema (so all groups are
returning v1.Status). However, if you give a codec only "mygroup"
"myversion", it will fail to convert Status to v1. For now, unversioned
types should be allowed to be projected into all group versions, and
when we add the server group we'll rip out the unversioned concept
entirely.
restclient must be able to deal with multiple types of servers. Alter
the behavior of restclient.Result#Raw() to not process the body on
error, but instead to return the generic error (which still matches the
error checking cases in api/error like IsBadRequest). If the caller uses
.Error(), .Into(), or .Get(), try decoding the body as a Status.
For older servers, continue to default apiVersion "v1" when calling
restclient.Result#Error(). This was only for 1.1 servers and the
extensions group, which we have since fixed.
This removes a double decode of very large objects (like LIST).
Calling `internalclientset.New()` with a rest client as an argument simply
copies that rest client to all the API group clients irrespective of the
configured GroupVersion or versionedAPIPath in the client. So only one
API group client gets the client configured correctly for that API
group. All the other API group clients get misconfigured rest clients.
On the other hand, `internalclientset.NewForConfigOrDie()` does the right
thing by reconfiguring the passed configs for each API group and
initializes an appropriate rest client for that group.
Now that we are relying on the `NewForConfigOrDie()` method to
initialize the rest clients, we need to swap the underlying http clients
in each of these rest clients with a fake one for testing.
Automatic merge from submit-queue
CRI: Rename container/sandbox states
The enum constants are not namespaced. The shorter, unspecifc names are likely
to cause naming conflicts in the future.
Also replace "SandBox" with "Sandbox" in the API for consistency.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
Add FeatureGates field to KubeletConfiguration
This threads the `--feature-gates` flag through the `KubeletConfiguration` object and also allows setting feature gates via dynamic Kubelet configuration.
/cc @jlowdermilk
The enum constants are not namespaced. The shorter, unspecifc names are likely
to cause naming conflicts in the future.
Also replace "SandBox" with "Sandbox" in the API.
This change add a container manager inside the dockershim to move docker daemon
and associated processes to a specified cgroup. The original kubelet container
manager will continue checking the name of the cgroup, so that kubelet know how
to report runtime stats.
Automatic merge from submit-queue
Eviction manager evicts based on inode consumption
Fixes: #32526 Integrate Cadvisor per-container inode stats into the summary api. Make the eviction manager act based on inode consumption to evict pods using the most inodes.
This PR is pending on a cadvisor godeps update which will be included in PR #35136
Neutron's API ignores unknown paramaters. When listing pools etc, K8
attempts to filter on "LoadBalancerID", which is not a valid filter.
As such, it is ignored by Neutron, and a list of all pools is
returned. K8 then proceeds to update each of the pools.
Instead, we now double check the resources really belong to the LB
we're trying to update.
Automatic merge from submit-queue
Add tooling to generate listers
Add lister-gen tool to auto-generate listers. So far this PR only demonstrates replacing the manually-written `StoreToLimitRangeLister` with the generated `LimitRangeLister`, as it's a small and easy swap.
cc @deads2k @liggitt @sttts @nikhiljindal @lavalamp @smarterclayton @derekwaynecarr @kubernetes/sig-api-machinery @kubernetes/rh-cluster-infra
Automatic merge from submit-queue
Only set sysctls for infra containers
We did set the sysctls for each container in a pod. This opens up a way to set un-whitelisted sysctls during upgrade from v1.3:
- set annotation in v1.3 with an un-whitelisted sysctl. Set restartPolicy=Always
- upgrade cluster to v1.4
- kill container process
- un-whitelisted sysctl is set on restart of the killed container.
