Commit Graph

1270 Commits

Author SHA1 Message Date
AdoHe
eef143ba39 scheduler remove init method 2016-12-05 06:22:50 -05:00
Kubernetes Submit Queue
81d788dd6e Merge pull request #37534 from smarterclayton/move_unversion
Automatic merge from submit-queue (batch tested with PRs 36816, 37534)

Move pkg/api/unversioned to pkg/apis/meta/v1

This moves code from using pkg/api/unversioned to pkg/apis/meta/v1 with the `metav1` local package name.

Built on top of #37532 (the first three commits related to ExportOptions)

Part of #37530
2016-12-03 18:30:48 -08:00
Kubernetes Submit Queue
71182d826d Merge pull request #36816 from deads2k/api-43-front-proxy
Automatic merge from submit-queue

plumb in front proxy group header

Builds on https://github.com/kubernetes/kubernetes/pull/36662 and https://github.com/kubernetes/kubernetes/pull/36774, so only the last commit is unique.

This completes the plumbing for front proxy header information and makes it possible to add just the front proxy header authenticator.

WIP because I'm going to assess it in use downstream.
2016-12-03 18:01:42 -08:00
Clayton Coleman
3454a8d52c
refactor: update bazel, codec, and gofmt 2016-12-03 19:10:53 -05:00
Clayton Coleman
5df8cc39c9
refactor: generated 2016-12-03 19:10:46 -05:00
Kubernetes Submit Queue
b1a3f3794a Merge pull request #35300 from deads2k/rbac-17-subjectlocator
Automatic merge from submit-queue (batch tested with PRs 35300, 36709, 37643, 37813, 37697)

add rbac action to subjects type

This adds the ability to go from an authorization action to the list subjects who have the power to perform the action.  This will be used to either back an RBAC specific endpoint or generic authorization endpoint.  Because of the way authorization works today, the set of subjects returned will always be a subset of those with access since any authorizer can say yes.

@kubernetes/sig-auth
2016-12-03 08:55:54 -08:00
Kubernetes Submit Queue
f91966e634 Merge pull request #37391 from deads2k/controller-03-roles
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)

add controller roles

Upstream controller roles that have downstream.

@sttts this is a start at roles for controllers.  I've made names match for now, but they could use some love in both the controller manager and here.  I'd recommend using this as a starting point.
2016-12-02 20:32:46 -08:00
Kubernetes Submit Queue
4bc6e717ed Merge pull request #37357 from gmarek/profilinig
Automatic merge from submit-queue (batch tested with PRs 36263, 36755, 37357, 37222, 37524)

Add flag to enable contention profiling in scheduler.

```release-note
Add flag to enable contention profiling in scheduler.
```
2016-12-02 16:26:47 -08:00
Kubernetes Submit Queue
4c50486735 Merge pull request #37020 from deads2k/rbac-20-delegated-role
Automatic merge from submit-queue

auth delegation role

Add a bootstrap role for authentication and authorization delegation.  Useful for extension API servers.

@kubernetes/sig-auth
2016-12-01 06:31:31 -08:00
deads2k
c4e2e19e51 allow auth proxy to set groups and extra 2016-12-01 09:00:30 -05:00
gmarek
cd2cceb364 Minor scheduler cleanup 2016-11-30 09:35:25 +01:00
Kubernetes Submit Queue
a894bde225 Merge pull request #37379 from wojtek-t/safe_schedulercache
Automatic merge from submit-queue

Try self-repair scheduler cache or panic

Fix #37232
2016-11-29 08:15:03 -08:00
Wojciech Tyczynski
f5ced35887 Log when pod expires in scheduler 2016-11-29 12:03:29 +01:00
deads2k
a786892d77 add controller roles 2016-11-28 08:38:24 -05:00
Wojciech Tyczynski
8f1d240f73 Try self-repair scheduler cache or panic 2016-11-24 08:36:34 +01:00
Clayton Coleman
35a6bfbcee
generated: refactor 2016-11-23 22:30:47 -06:00
Chao Xu
bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu
b9e3ffb515 misc 2016-11-23 15:53:09 -08:00
Chao Xu
1044aa4500 plugin/admission; including resourcequota admission 2016-11-23 15:53:09 -08:00
Chao Xu
f782aba56e plugin/scheduler 2016-11-23 15:53:09 -08:00
gmarek
d8a040fee5 Add flag to enable contention profiling in scheduler. 2016-11-23 09:24:27 +01:00
Wojciech Tyczynski
e4d215d508 Reduce impact of scheduler bug 2016-11-22 17:19:45 +01:00
Kubernetes Submit Queue
959ba7c992 Merge pull request #37046 from jlowdermilk/auth-comment
Automatic merge from submit-queue

Document config options for gcp auth provider plugin.

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Adds source documentation for the gcp auth provider plugin config options. Shouldn't have to read through the code to understand what the options and their defaults are.


**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
none
2016-11-21 19:00:54 -08:00
Kubernetes Submit Queue
a85d352de9 Merge pull request #37234 from liggitt/revert-flex_node_conditions
Automatic merge from submit-queue

Revert "Avoid hard-coding list of Node Conditions"

* we don't know how other API consumers are using node conditions (there was no prior expectation that the scheduler would block on custom conditions)
* not all conditions map directly to schedulability (e.g. `MemoryPressure`/`DiskPressure`)
* not all conditions use True to mean "unschedulable" (e.g. `Ready`)

This reverts commit 511b2ecaa8 to avoid breaking existing API users and to avoid constraining future uses of the node conditions API
2016-11-21 17:41:59 -08:00
Jordan Liggitt
c214abb5ff
Revert "Avoid hard-coding list of Node Conditions"
This reverts commit 511b2ecaa8.
2016-11-21 14:55:11 -05:00
Jeff Lowdermilk
3766787458 Document config options for gcp auth provider plugin. 2016-11-21 10:56:39 -08:00
Harry Zhang
5554dbf907 Fix invalid predicates describe 2016-11-19 22:30:15 +08:00
deads2k
18a909edf8 auth delegation role 2016-11-17 14:42:21 -05:00
Kubernetes Submit Queue
05d067d6bb Merge pull request #36210 from justinsb/flex_node_conditions
Automatic merge from submit-queue

Avoid hard-coding list of Node Conditions
2016-11-15 01:02:01 -08:00
Kubernetes Submit Queue
c9d0969d25 Merge pull request #36713 from brendandburns/lint
Automatic merge from submit-queue

Fix some lint errors.

`golint` for some reason doesn't like `make([]foo, 0)` so switch to explicit instantiation.
2016-11-14 11:41:46 -08:00
Justin Santa Barbara
511b2ecaa8 Avoid hard-coding list of Node Conditions
We assume that if a Condition isn't well-known, that it blocks
scheduling of pods, and that the "unhealthy" value is api.ConditionTrue
2016-11-14 14:25:45 -05:00
Brendan Burns
860748c08f Fix some lint errors. 2016-11-12 21:25:09 -08:00
Jeff Lowdermilk
5a6cd558c2 Fix race condition in gcp auth provider plugin 2016-11-11 16:27:36 -08:00
Kubernetes Submit Queue
526746288a Merge pull request #33080 from pweil-/psp-authorizer
Automatic merge from submit-queue

Add authz to psp admission

Add authz integration to PSP admission to enable granting access to use specific PSPs on a per-user and per-service account basis.  This allows an administrator to use multiple policies in a cluster that grant different levels of access for different types of users.

Builds on https://github.com/kubernetes/kubernetes/pull/32555.  Second commit adds authz check to matching policy function in psp admission.

@deads2k @sttts @timstclair
2016-11-09 20:39:31 -08:00
Kubernetes Submit Queue
6ea9ff68c8 Merge pull request #36155 from deads2k/rbac-20-node-role
Automatic merge from submit-queue

add nodes role to RBAC bootstrap policy

Add a nodes role.  

@sttts @pweil-
2016-11-09 14:10:20 -08:00
Kubernetes Submit Queue
860cae0933 Merge pull request #35488 from dixudx/keystone-ca-cert
Automatic merge from submit-queue

specify custom ca file to verify the keystone server

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Sometimes the keystone server's certificate is self-signed, mainly used for internal development, testing and etc.

For this kind of ca, we need a way to verify the keystone server.

Otherwise, below error will occur.

> x509: certificate signed by unknown authority

This patch provide a way to pass in a ca file to verify the keystone server when starting `kube-apiserver`.

**Which issue this PR fixes** : fixes #22695, #24984

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```
2016-11-08 13:13:00 -08:00
pweil-
bbe9c8f96d add authz checks to allowed policies admission 2016-11-08 08:36:27 -05:00
deads2k
252d8b7066 add rbac action to subjects type 2016-11-08 07:47:11 -05:00
Kubernetes Submit Queue
402f1fa33e Merge pull request #35487 from miaoyq/remove-two-redundant-funcs
Automatic merge from submit-queue

'Max' and 'MIn' don't seem to used anywhere, so I would suggest removing them

Signed-off-by: Yanqiang Miao miao.yanqiang@zte.com.cn
2016-11-08 02:52:46 -08:00
Kubernetes Submit Queue
1866e1862e Merge pull request #36021 from soltysh/cronjobs
Automatic merge from submit-queue

Rename ScheduledJobs to CronJobs

I went with @smarterclayton idea of registering named types in schema. This way we can support both the new (CronJobs) and old (ScheduledJobs) resource name. Fixes #32150.

fyi @erictune @caesarxuchao @janetkuo 

Not ready yet, but getting close there...

**Release note**:
```release-note
Rename ScheduledJobs to CronJobs.
```
2016-11-07 07:12:17 -08:00
Kubernetes Submit Queue
5dd346ab75 Merge pull request #34693 from yarntime/add_pod_affinity_test_cases
Automatic merge from submit-queue

add podAntiAffinity test cases

add podAntiAffinity test cases.
2016-11-07 01:37:22 -08:00
Maciej Szulik
0b5ef16008 Support ScheduledJob name 2016-11-07 10:14:12 +01:00
Maciej Szulik
41d88d30dd Rename ScheduledJob to CronJob 2016-11-07 10:14:12 +01:00
Kubernetes Submit Queue
f715b26d9c Merge pull request #35932 from jayunit100/sched_events_spam_reduce
Automatic merge from submit-queue

Reduce spam in Events from scheduler by counter aggregation of failure

Fixes #35842
Part of overall #35555
2016-11-06 17:48:31 -08:00
Kubernetes Submit Queue
4b1e36f970 Merge pull request #36190 from dashpole/revert_node_inode_pressure_split
Automatic merge from submit-queue

We only report diskpressure to users, and no longer report inodepressure

See #36180 for more information on why #33218 was reverted.
2016-11-06 03:00:34 -08:00
Kubernetes Submit Queue
741ef71fa9 Merge pull request #36012 from jlowdermilk/cmd-auth-provider
Automatic merge from submit-queue

Add cmd support to gcp auth provider plugin

**What this PR does / why we need it**:

Adds ability for gcp auth provider plugin to get access token by shelling out to an external command. We need this because for GKE, kubectl should be using gcloud credentials. It currently uses google application default credentials, which causes confusion if user has configured both with different permissions (previously the two were almost always identical).

**Which issue this PR fixes**:
Addresses #35530 with gcp-only solution, as generic cmd plugin was deemed not useful for other providers.

**Special notes for your reviewer**:

Configuration options are to support whatever future command gcloud provides for printing access token of active user. Also works with existing command (`gcloud auth print-access-token`)

```release-note
```
2016-11-06 01:45:48 -08:00
Kubernetes Submit Queue
f4738ff575 Merge pull request #35883 from justinsb/aws_strong_volumetype
Automatic merge from submit-queue

AWS: strong-typing for k8s vs aws volume ids
2016-11-05 02:29:17 -07:00
David Ashpole
9aca40dee6 revert #33218. dont need #36180. We only use diskpressure 2016-11-04 08:29:27 -07:00
Di Xu
dd6c980949 specify custom ca file to verify the keystone server 2016-11-04 15:11:41 +08:00
jayunit100
5d5bc6759e Reduce spam in Events from scheduler by counter aggregation of failure
reasons.
2016-11-03 13:53:35 -04:00