Automatic merge from submit-queue (batch tested with PRs 38818, 38813, 38820)
update for controller RBAC roles
Role and binding updates from running e2e using RBAC during the tests in https://github.com/kubernetes/kubernetes/pull/38626
@sttts should be quick. No obvious typos. Nothing that looks off.
Automatic merge from submit-queue (batch tested with PRs 38818, 38813, 38820)
AWS: Add sequential allocator for device names.
On AWS, we should not reuse device names as long as possible, see https://aws.amazon.com/premiumsupport/knowledge-center/ebs-stuck-attaching/
> "If you specify a device name that is not in use by EC2, but is being used by the block device driver within the EC2 instance, the attachment of the EBS volume does not succeed and the EBS volume is stuck in the attaching state."
This patch adds a device name allocator that tries to find a name that's next to the last used device name instead of using the first available one. This way we will loop through all device names ("xvdba" .. "xvdzz") before a device name is reused.
Fixes: #31891
@wongma7, @gnufied, @childsb PTAL
On AWS, we should not reuse device names as long as possible, see
https://aws.amazon.com/premiumsupport/knowledge-center/ebs-stuck-attaching/
"If you specify a device name that is not in use by EC2, but is being used by
the block device driver within the EC2 instance, the attachment of the EBS
volume does not succeed and the EBS volume is stuck in the attaching state."
This patch adds a device name allocator that tries to find a name that's next
to the last used device name instead of using the first available one.
This way we will loop through all device names ("xvdba" .. "xvdzz") before
a device name is reused.
Automatic merge from submit-queue (batch tested with PRs 38783, 36396)
Display pod node selectors with kubectl describe.
**What this PR does / why we need it**:
This PR fixes kubectl describe so that it now shows associated node selectors with pods.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
@kubernetes/rh-cluster-infra @kubernetes/kubectl
Automatic merge from submit-queue
Rename root BUILD to BUILD.bazel, and rename build-tools/ back to build/
**What this PR does / why we need it**: undoes #35453. `build-tools/` was intended to be a temporary workaround until https://github.com/bazelbuild/bazel/issues/552 was fixed, which is has been, as of bazel 0.4.1.
**Which issue this PR fixes**: fixes#38126
FYI @thockin
since this is likely to be rebase hell, my list of actions:
```console
$ git mv BUILD BUILD.bazel
$ git commit -a
$ git mv build-tools/ build/
$ sift -l 'build-tools' | xargs sed -i -e 's:build-tools/:build/:g'
$ git checkout HEAD docs/
$ git commit -a
```
Automatic merge from submit-queue (batch tested with PRs 37708, 34410)
Fix some logs and commend information for healthz
Fix some logs which should be a lower case letter for the first letter and modify some commend information which is consistent in context.
Signed-off-by: yuexiao-wang wang.yuexiao@zte.com.cn
Automatic merge from submit-queue (batch tested with PRs 37708, 34410)
Add restclientconfig helper fn for parsing timeout
Related downstream PR: https://github.com/openshift/origin/pull/12062 (example of use-case for this patch)
**Release note**:
```release-note
release-note-none
```
This patch adds a package `pkg/client/unversioned/clientcmd/util` and
defines a `ParseTimeout` helper function for parsing time from a
user-defined string. This allows code re-use in other packages that
require the creation of a new restclient (and therefore must set the
`--global-timeout` flag value manually).
@fabianofranz @kubernetes/cli-review
Automatic merge from submit-queue (batch tested with PRs 38154, 38502)
Wrong comment to describe docker version
The original comment about minimal docker version fo `room_score_adj` is wrong (though the code is right).
Really sorry for misleading :/
Automatic merge from submit-queue (batch tested with PRs 38154, 38502)
Rename "release_1_5" clientset to just "clientset"
We used to keep multiple releases in the main repo. Now that [client-go](https://github.com/kubernetes/client-go) does the versioning, there is no need to keep releases in the main repo. This PR renames the "release_1_5" clientset to just "clientset", clientset development will be done in this directory.
@kubernetes/sig-api-machinery @deads2k
```release-note
The main repository does not keep multiple releases of clientsets anymore. Please find previous releases at https://github.com/kubernetes/client-go
```
Automatic merge from submit-queue
genericapiserver: unify swagger and openapi in config
- make swagger config customizable
- remove superfluous `Config.Enable*` flags for OpenAPI and Swagger.
This is necessary for downstream projects to tweak the swagger spec.
Automatic merge from submit-queue (batch tested with PRs 38724, 38699)
improve the forbidden message
Improves the forbidden message to include more details about what was denied.
`User "foo" cannot list replicasets.extensions in the namespace "default". `
`User "foo" cannot list replicasets.extensions at the cluster scope. `
@xilabao looks like you looking in a similar area, but focused on errors.
@sttts a lot of usual reviewers are out.
Automatic merge from submit-queue
fix connection upgrades through kuberentes-discovery
The initial upgrade through the proxy doesn't use the passed transport to handle the communication to the remote side. Since we need auth proxy headers, this broke the upgrade for exec.
This sets those headers once if its an upgrade request (the transport stomps them if called anyway, so it won't shadow.).
@sttts I think this is the last required piece. Then we start wiring in for e2e.
Automatic merge from submit-queue (batch tested with PRs 38720, 38533)
Priority REST Mapper: Actually honor user choice
```release-note
Fixes bug in resolving client-requested API versions
```
RESTMapping takes a desired GroupKind, and a set of versions, and
returns a rest mapper for the first matching version. It also has a
list of built-in discovered prioritized versions, to which it appends
the user versions.
However, when it goes to parse the versions, it parses them as
GroupVersions. Since only a version was passed, the group will be the
empty group (""), which will only match rest mappings for the empty
group, ergo, none of the user's versions will match if they are
attempting a match for a non-emtpy-group GroupKind.
This fixes that by taking the parsed GroupVersion, and overriding the
Group with the Group from the passed-in GroupKind.
Automatic merge from submit-queue
Fake clientset propagates namespace to objects on create/update
**What this PR does / why we need it**:
Unlike the real Clientset, the fake Clientset requires creates and updates of namespaced objects to have the namespace specified in the target runtime object metadata. This difference forces API clients using the fake Clientset for test to propagate the namespaces to the runtime objects in the production code. This propagation is unnecessary and should be handled by the fake implementation.
**Which issue this PR fixes**: fixeskubernetes/client-go#48
**Special notes for your reviewer**:
**Release note**:
NONE
Automatic merge from submit-queue (batch tested with PRs 38638, 38334)
Remove Azure Subnet RouteTable check
**What this PR does / why we need it**:
PR Removes the subnet configuration check for Azure cloudprovider. The subnet check ensures that the subnet is associated with the Route Table. However if the VNET is in a different Azure Resource Group then the check fails, even if the subnet is already valid. This a stop gap fix, to allow Kubernetes to be deployed to Custom VNETs in Azure, that may reside in a different resource group to the cluster.
fixes#38134
@colemickens
Automatic merge from submit-queue (batch tested with PRs 38689, 38743, 38734, 38430)
apply sandbox network mode based on network plugin
This allows CRI to use docker's network bridge. Can be combined with noop network plugin. This allows to use docker0 with no further configuration. Good for tools like minikube/hyperkube.
Automatic merge from submit-queue
Refactor remotecommand options parsing
Prerequisite to https://github.com/kubernetes/kubernetes/issues/36187 - This separates the options from the request, so they can be pulled from elsewhere.
/cc @liggitt
Automatic merge from submit-queue (batch tested with PRs 38727, 38726, 38347, 38348)
Add 'privileged' to sandbox to indicate if any container might be privileged in it, document privileged
Right now, the privileged flag is this magic thing which does "whatever Docker does". This documents it to make it a little less magic.
In addition, due to how rkt uses `systemd-nspawn` as an outer layer of isolation in creating the sandbox, it's helpful to know beforehand whether the pod will be privileged so additional security options can be applied earlier / applied at all.
I suspect the same indication will be useful for userns since userns should also occur at the pod layer, but it's possible that will be a separate/additional field.
cc @lucab @jonboulle @yujuhong @feiskyer @kubernetes/sig-node
```release-note
NONE
```
Automatic merge from submit-queue
Curating Owners: pkg/runtime
cc @lavalamp @smarterclayton @deads2k @caesarxuchao
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
Also, see https://github.com/kubernetes/contrib/issues/1389.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.
3. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
