- Add a new type PortworxVolumeSource
- Implement the kubernetes volume plugin for Portworx Volumes under pkg/volume/portworx
- The Portworx Volume Driver uses the libopenstorage/openstorage specifications and apis for volume operations.
Changes for k8s configuration and examples for portworx volumes.
- Add PortworxVolume hooks in kubectl, kube-controller-manager and validation.
- Add a README for PortworxVolume usage as PVs, PVCs and StorageClass.
- Add example spec files
Handle code review comments.
- Modified READMEs to incorporate to suggestions.
- Add a test for ReadWriteMany access mode.
- Use util.UnmountPath in TearDown.
- Add ReadOnly flag to PortworxVolumeSource
- Use hostname:port instead of unix sockets
- Delete the mount dir in TearDown.
- Fix link issue in persistentvolumes README
- In unit test check for mountpath after Setup is done.
- Add PVC Claim Name as a Portworx Volume Label
Generated code and documentation.
- Updated swagger spec
- Updated api-reference docs
- Updated generated code under pkg/api/v1
Godeps update for Portworx Volume Driver
- Adds github.com/libopenstorage/openstorage
- Adds go.pedge.io/pb/go/google/protobuf
- Updates Godep Licenses
Automatic merge from submit-queue
Reserve kubernetes.io and k8s.io namespace for flex volume options
Split from https://github.com/kubernetes/kubernetes/pull/39488.
Flex volume already stuffs system information into the options map, and assumes it is free to do so:
```
optionFSType = "kubernetes.io/fsType"
optionReadWrite = "kubernetes.io/readwrite"
optionKeySecret = "kubernetes.io/secret"
```
this formalizes that by reserving the `kubernetes.io` and `k8s.io` namespaces so that user-specified options are never stomped by the system, and flex plugins can know that options with those namespaces came from the system, not user-options.
```release-note
Parameter keys in a StorageClass `parameters` map may not use the `kubernetes.io` or `k8s.io` namespaces.
```
Automatic merge from submit-queue (batch tested with PRs 41701, 41818, 41897, 41119, 41562)
Allow updates to pod tolerations.
Opening this PR to continue discussion for pod spec tolerations updates when a pod has been scheduled already. This PR is built on top of https://github.com/kubernetes/kubernetes/pull/38957.
@kubernetes/sig-scheduling-pr-reviews @liggitt @davidopp @derekwaynecarr @kubernetes/rh-cluster-infra
Automatic merge from submit-queue (batch tested with PRs 42106, 42094, 42069, 42098, 41852)
Fix availableReplicas validation
An available replica is a ready replica, not the other way around
@kubernetes/sig-apps-bugs caught while testing https://github.com/kubernetes/kubernetes/pull/42097
Automatic merge from submit-queue (batch tested with PRs 40971, 41027, 40709, 40903, 39369)
Validate unique against HostPort/Protocol/HostIP
**What this PR does / why we need it**:
We can bind to specific IPs however validation will fail for different HostIP:HostPort combination. This is a small fix to check combination of HostPort/Protocol/HostIP rather than just HostPort/Protocol.
Sample configuration
...
"ports": [
{
"protocol": "TCP",
"containerPort": 53,
"hostPort": 55,
"hostIP": "127.0.0.1",
"name": "dns-local-tcp"
},
{
"protocol": "TCP",
"containerPort": 53,
"hostPort": 55,
"hostIP": "127.0.0.2",
"name": "dns-local-tcp2"
}
]
Before:
* spec.template.spec.containers[1].ports[2].hostPort: Duplicate value: "55/TCP"
* spec.template.spec.containers[1].ports[3].hostPort: Duplicate value: "55/TCP"
After applying the patch:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:55 0.0.0.0:* LISTEN 3644/docker-proxy
tcp 0 0 127.0.0.2:55 0.0.0.0:* LISTEN 3629/docker-proxy
Thanks
Ashley
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 39469, 40557)
Forgiveness api changes
**What this PR does / why we need it**:
Splited from #34825 , contains api changes that are needed to implement forgiveness:
1. update toleration api types to support forgiveness, added a new field forgivenessSeconds to indicate the duration of time it tolerates a taint.
2. update taint api types, added a new field to indicate the time the taint is added.
**Which issue this PR fixes** :
Related issue: #1574
Related PR: #34825
**Special notes for your reviewer**:
**Release note**:
```release-note
forgiveness alpha version api definition
```
Automatic merge from submit-queue (batch tested with PRs 39394, 38270, 39473, 39516, 36243)
Improve an error message when privileged containers are disallowed on the cluster
**What this PR does / why we need it**:
At present when user creates privileged pod and creation of privileged containers disallowed globally by a system administrator (kubelet and api-server were running with `--allow-privileged=false`), user will get the following error message:
```console
$ kubectl create -f nginx.pod
The Pod "nginx" is invalid: spec.containers[0].securityContext.privileged: Forbidden: disallowed by policy
```
"Disallowed by policy" may give a wrong assumption to a user that creation of privileged containers disallowed by [`PodSecurityPolicy`](http://kubernetes.io/docs/user-guide/pod-security-policy/) while it's not.
This commit improves error message and tries to point user to the right direction:
```console
$ kubectl create -f nginx.pod
The Pod "nginx" is invalid: spec.containers[0].securityContext.privileged: Forbidden: privileged containers are disallowed on this cluster by a system administrator
```
**Release note**:
```release-note
NONE
```
PTAL @pweil-
Automatic merge from submit-queue (batch tested with PRs 38433, 36245)
Allow pods to define multiple environment variables from a whole ConfigMap
Allow environment variables to be populated from ConfigMaps
- ConfigMaps represent an entire set of EnvVars
- EnvVars can override ConfigMaps
fixes#26299
Automatic merge from submit-queue (batch tested with PRs 39284, 39367)
Remove HostRecord annotation (beta feature)
The annotation has made it to GA so this code should be deleted.
**Release note**:
```release-note
The 'endpoints.beta.kubernetes.io/hostnames-map' annotation is no longer supported. Users can use the 'Endpoints.subsets[].addresses[].hostname' field instead.
```
Automatic merge from submit-queue
Make pvc storage class annotation immutable after create
Fixes#34516
Added immutable check in validation.go
```
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
# persistentvolumeclaims "gce-claim-storageclass" was not valid:
# * metadata.annotations.volume.beta.kubernetes.io/storage-class: Invalid value: "slow2": field is immutable
#
```
