Automatic merge from submit-queue
Implement kubeadm bootstrap token management
Creates bootstrap tokens as secrets per the specification in #30707
_WARNING_: These are not currently hooked up to the discovery service or the token it creates.
Still TODO:
- [x] delete tokens
- [x] merge with #35144 and adopt it's testing approach
- [x] determine if we want wholesale json output & templating like kubectl (we do not have an API object with the data we want here) may require a bit of plumbing.
- [x] allow specifying a token duration on the CLI
- [x] allow configuring the default token duration
- [x] hook up the initial token created during init
Sample output:
```
(root@centos1 ~) $ kubeadm token create
Running pre-flight checks
<cmd/token> Token secret created: f6dc69.c43e491752c4a0fd
(root@centos1 ~) $ kubeadm token create
Running pre-flight checks
<cmd/token> Token secret created: 8fad2f.e7b78c8a5f7c7b9a
(root@centos1 ~) $ kubeadm token list
Running pre-flight checks
ID TOKEN EXPIRATION
44d805 44d805.a4e78b6cf6435e33 23h
4f65bb 4f65bb.d006a3c7a0e428c9 23h
6a086e 6a086e.2ff99f0823236b5b 23h
8fad2f 8fad2f.e7b78c8a5f7c7b9a 23h
f6dc69 f6dc69.c43e491752c4a0fd 23h
f81653 f81653.9ab82a2926c7e985 23h
```
Automatic merge from submit-queue
Add test for CronJob generator
Per @janetkuo request this was split from #38614, it adds test for `CronJob` generator, and additionally copy labels to `JobTemplate`, to be consistent with how `Job` generator works.
Adds kubeadm subcommands to create, list, and delete bootstrap tokens.
Tokens can be created with a TTL duration, or 0 for tokens that will not
expire. The create command can also be used to specify your own token
(for use when bootstrapping masters and nodes in parallel), or update an
existing token's secret or ttl.
Marked "ex" for experimental for now as the boostrap controllers are not
yet hooked up in core.
Automatic merge from submit-queue
fix incorrect parameter pass to metrics.Monitor method call in ServeHTTP
**What this PR does / why we need it**:
before this PR:
1. `httpCode` is evaluated when defer statement executes, so all later assignments to `httpCode` is actually ineffectual. this obviously is not the design purpose.
2. `w.Header().Get("Content-Type")` is evaluated when defer statement executes, so all later `w.Header().Set("Content-Type",xxx)` ( in `writeNegotiated` ) is ineffectual to `metrics.Monitor`, i think this also is not the design purpose.
after this PR:
1. `httpCode` and `w.Header().Get("Content-Type")` is evaluated when the defered anonymous function executes, so `metrics.Monitor` will get correct `httpCode` and `Content-Type` field value.
2. in `ServeHTTP` method there is not any modification to `req` parameter, so it's safe to defer its evaluation.
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue
Unmount operation should not fail if volume is already unmounted
**What this PR does / why we need it**:
If the volume is already unmounted from the pod, another unmount operation should not fail.
fixes: https://github.com/kubernetes/kubernetes/issues/37657
Automatic merge from submit-queue (batch tested with PRs 38426, 38917, 38891, 38935)
if statement must be true
**What this PR does / why we need it**:
if len(metrics.Items)==0, the function would been returned. so the statement if len(metrics.Items) > 0 is redudant, it must be true.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Changed default scsi controller type in vSphere Cloud Provider
This PR changes default scsi controller to ```pvscsi``` in vSphere Cloud Provider. Fixes#37527
Automatic merge from submit-queue
Curating Owners: pkg/apiserver
cc @lavalamp @smarterclayton @nikhiljindal
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
Also, see https://github.com/kubernetes/contrib/issues/1389.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.
3. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
Automatic merge from submit-queue
Curating Owners: pkg/registry
cc @lavalamp @smarterclayton @wojtek-t
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
Also, see https://github.com/kubernetes/contrib/issues/1389.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.
3. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
Automatic merge from submit-queue
Curating Owners: pkg/client
cc @lavalamp @caesarxuchao @mikedanese @timothysc @smarterclayton @krousey @deads2k
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
Also, see https://github.com/kubernetes/contrib/issues/1389.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.
3. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
Automatic merge from submit-queue
pkg/apiserver: split up monolithic package
**Based on** https://github.com/kubernetes/kubernetes/pull/38191
This is a first step to integrate pkg/apiserver with pkg/genericapiserver into a common package structure. For this
- pkg/apiserver is cleaned up from code which does not belong there,
- split up into pkg/apiserver, pkg/apiserver/handlers{,/negotation,/helpers,/errors}
Automatic merge from submit-queue
Reduce decode times by changing the kubectl.Filter(runtime.Object, *PrintOptions)'s return values
**What this PR does / why we need it**:
In kubectl/cmd/get.go, we use the function filterFuncs.Filter() to decode data and filter the object. But in the following function printer.PrintObj() decodes the data again.
I made these modifications to reduce the decoding times by changing the filterFuncs.Filter()'s returned values. We can get the decoded object from this function and pass it to the following printer.PrintObj(), so not to waste time to decode again.
- move rest handler into handlers package
- move errors into handlers/errors package
- move negotation code into handlers/negotation package
- move http response writer helpers into handlers/responsewriter package
- split up pkg/apiserver/apiserver.go
Note: this is only an intermediate step towards a proper genericapiserver
package hierarchy.
Automatic merge from submit-queue (batch tested with PRs 38525, 38977)
Prevent json decoder panic on invalid input
Related downstream issue: https://github.com/openshift/origin/issues/12132
```
# Can be replicated on kubectl with:
$ cat panic.json
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "",
"labels": {
"name": ""
},
"generateName": "",
"namespace": "",
"annotations": []
},
"spec": {}
},
$ kubectl create -f panic.json --validate=false
```
**Release note**:
```release-note
release-note-none
```
This patch handles cases where `ioutil.ReadAll` will return a single
character output on an invalid json input, causing the `Decode` method
to panic when it tries to calculate the line number for the syntax
error. The example below would cause a panic due to the trailing comma
at the end:
```
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "",
"labels": {
"name": ""
},
"generateName": "",
"namespace": "",
"annotations": []
},
"spec": {}
},
```
@kubernetes/cli-review @fabianofranz
Automatic merge from submit-queue (batch tested with PRs 38942, 38958)
Refactor port allocation logic a little, deflake tests.
This should fix#38323 for real.
@xiangpengzhao @rmmh @justinsb
Switch to manually cranking over the port filling logic, since there was a race between the allocate logic and the check to see if the port was freed up.
Automatic merge from submit-queue (batch tested with PRs 38080, 38903)
prevent negotation on connections that dont' require it
Not all clientconfigs require negotiation. Before there was a patch (hardcoded to an instance variable) that allowed this. This updates the code to allow the same as before.
@kubernetes/sig-cli @fabianofranz
@ncdc you'll want to pick
Automatic merge from submit-queue (batch tested with PRs 34353, 33837, 38878, 38961)
Reduce amount of allocations in cacher
Currently we are unnecessary copying stuff around in cacher.
This results in __tens of megabytes__ of allocations per __second__ in large clusters. This in turn results in expensive GC. Should help with metrics.
@gmarek
Automatic merge from submit-queue (batch tested with PRs 34353, 33837, 38878)
Revert "daemonset: bail out after we enqueue once"
I get overzealous sometimes.
Reverts kubernetes/kubernetes#38780
Automatic merge from submit-queue
Remove two zany unit tests.
These two tests aren't unit tests in the usual sense. We can consider switching them to run as verify checks, but I'm not convinced that they're even necessary.
They essentially work by searching their code for public functions with signatures that look like `FitPredicate`, then they shell out to grep to see that they're used somewhere in the source tree. This will never work in bazel.
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
Remove extensions/v1beta1 Job
Fixes https://github.com/kubernetes/kubernetes/issues/32763. This endpoint was deprecated in 1.5 and was planned to be removed in 1.6.
**Release note**:
```release-note
Remove extensions/v1beta1 Jobs resource, and job/v1beta1 generator.
```
Automatic merge from submit-queue (batch tested with PRs 37468, 36546, 38713, 38902, 38614)
rename constant MaxPatchConflicts to maxRetryWhenPatchConflicts
**What this PR does / why we need it**:
1. literally `MaxPatchConflicts` means max number of patch conflicts allowed during a patch operation. but actually in codes it is used to indicate max number of patch retry when patch conflicts happened.
2. there is no need to export this constant because it is only used in `resthandler.go` and shouldn't be used in other packages.
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue
Admit critical pods in the kubelet
Haven't verified in a live cluster yet, just unittested, so applying do-not-merge label.
Automatic merge from submit-queue
use in-cluster kubeconfig for genericapiserver
Allow the use of the in-cluster config to communicate with the core API server for delegated authn/authz for an addon API server.
@kubernetes/sig-api-machinery @sttts
