Commit Graph

1293 Commits

Author SHA1 Message Date
saadali
0dd17fff22 Reorganize volume controllers and manager 2016-07-01 18:50:25 -07:00
k8s-merge-robot
536622fd07 Merge pull request #27923 from kevinjkj/kevinjkj-patch-2-1
Automatic merge from submit-queue

fix return value
2016-06-30 21:14:15 -07:00
k8s-merge-robot
ab37fbf4c2 Merge pull request #28258 from vishh/28231
Automatic merge from submit-queue

[kubelet] Allow opting out of automatic cloud provider detection in kubelet. By default kubelet will auto-detect cloud providers

fixes #28231
2016-06-30 12:27:26 -07:00
Vishnu Kannan
ea789e8612 Allow opting out of automatic cloud provider detection in kubelet
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-06-29 18:04:29 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
k8s-merge-robot
c6fa861688 Merge pull request #28160 from saad-ali/waitForGracefulTerm
Automatic merge from submit-queue

Volume manager must verify containers terminated before deleting for ungracefully terminated pods

A pod is removed from volume manager (triggering unmount) when it is deleted from the kubelet pod manager. Kubelet deletes the pod from pod manager as soon as it receives a delete pod request. As long as the graceful termination period is non-zero, this happens after kubelet has terminated all containers for the pod. However, when graceful termination period for a pod is set to zero, the volume is deleted from pod manager *before* its containers are terminated.

This  can result in volumes getting unmounted from a pod before all containers have exited when graceful termination is set to zero.

This PR prevents that from happening by only deleting a volume from volume manager once it is deleted from the pod manager AND the kubelet containerRuntime status indicates all containers for the pod have exited. Because we do not want to call containerRuntime too frequently, we introduce a delay in the `findAndRemoveDeletedPods()` method to prevent it from executing more frequently than every two seconds.

Fixes https://github.com/kubernetes/kubernetes/issues/27691

Running test in tight loop to verify fix.
2016-06-29 01:33:31 -07:00
Saad Ali
c723d9e5c4 Volume manager verify containers terminated before deleting 2016-06-28 21:38:59 -07:00
saadali
e06b32b1ef Mark VolumeInUse before checking if it is Attached
Ensure that kublet marks VolumeInUse before checking if it is Attached.
Also ensures that the attach/detach controller always fetches a fresh
copy of the node object before detach (instead ofKubelet relying on node
informer cache).
2016-06-28 14:05:59 -07:00
k8s-merge-robot
a43aa608a1 Merge pull request #27508 from aaronlevy/dapi-hostip
Automatic merge from submit-queue

Kubelet can retrieve host IP even when apiserver has not been contacted

fixes https://github.com/kubernetes/kubernetes/issues/26590, fixes https://github.com/kubernetes/kubernetes/issues/6558

Right now the kubelet expects to get the hostIP from the kubelet's local nodeInfo cache. However, this will be empty if there is no api-server (or the apiServer has not yet been contacted).

In the case of static pods, this change means the downward api can now be used to populate hostIP.
2016-06-25 23:29:05 -07:00
Kanghua Wang
b694fc0688 fix return value
// matchesNodeSelector returns true if pod matches node's labels.
Whether this return value should be false?
2016-06-23 16:14:55 +08:00
k8s-merge-robot
a8fecd0cc6 Merge pull request #27639 from pmorie/goodbye-pod-mutation
Automatic merge from submit-queue

Remove pod mutation for volumes annotated with supplemental groups

Removes the pod mutation added in #20490 -- partially resolves #27197 from the standpoint of making the feature inactive in 1.3.  Our plan is to make this work correctly in 1.4.

@kubernetes/sig-storage
2016-06-21 03:18:45 -07:00
k8s-merge-robot
ee35555cb6 Merge pull request #27570 from Random-Liu/add-runtime-request-timeout-flag
Automatic merge from submit-queue

Add runtime-request-timeout kubelet flag.

XRef #23563.

Addresses https://github.com/kubernetes/kubernetes/issues/27388#issuecomment-226570083.

Add a new kubelet flag `runtime-request-timeout`, and set to 2 minutes by default.
Now the flag only affects dockertools, rkt may also want to set request timeout according to the flag. @yifan-gu 

This PR also removed the timeout for all long running operations to avoid issues like #27588 and #26122.

@yujuhong @rrati 
/cc @kubernetes/sig-node 

[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()
2016-06-21 01:26:54 -07:00
Aaron Levy
8c04af7b73 Retrieve host IP in isolation from apiserver 2016-06-20 11:47:32 -07:00
k8s-merge-robot
8f5d081194 Merge pull request #27209 from ronnielai/disk-check
Automatic merge from submit-queue

Logging for OutOfDisk when file system info is not available

#26566
1. Adding logs for file system info being not available.
2. Reporting outOfDisk when file system info is not available.
2016-06-19 00:02:59 -07:00
k8s-merge-robot
77cf11f4d7 Merge pull request #27441 from derekwaynecarr/downward_api_node_defaults
Automatic merge from submit-queue

Revert revert of downward api node defaults

Reverts the revert of https://github.com/kubernetes/kubernetes/pull/27439

Fixes #27062

@dchen1107 - who at Google can help debug why this caused issues with GKE infrastructure but not GCE merge queue?

/cc @wojtek-t @piosz @fgrzadkowski @eparis @pmorie
2016-06-18 12:12:24 -07:00
Random-Liu
3cc9ca3988 Add timeout for rkt requests. 2016-06-17 18:18:41 -07:00
Daniel Smith
22d3267188 Merge pull request #27387 from yujuhong/sources_ready
kubelet: don't GC containers of deleted pods until all sources are ready
2016-06-17 16:01:31 -07:00
Paul Morie
a573a0eda3 Remove pod mutation for volumes annotated with supplemental groups 2016-06-17 15:36:56 -04:00
derekwaynecarr
18a206ad56 Downward API defaults resource limits to node capacity/allocatable 2016-06-17 14:18:18 -04:00
k8s-merge-robot
1444cbf594 Merge pull request #27525 from wojtek-t/network_unavailable_only_in_gce
Automatic merge from submit-queue

Don't set NetworkUnavailable condition in non-GCE/GKE clouds

Ref #27347

@davidopp @erictune @justinsb @simonswine
2016-06-17 09:08:50 -07:00
k8s-merge-robot
983b478ff4 Merge pull request #27042 from lukaszo/logs
Automatic merge from submit-queue

Fix kubectl logs for init containers
2016-06-17 05:01:04 -07:00
Yu-Ju Hong
f279e36292 Don't remove all containers of deleted pods until sources are ready
Without this fix, kubelet may assume a pod from a not-ready source has already
been deleted, and GC all its dead containers.
2016-06-16 10:47:12 -07:00
Wojciech Tyczynski
f24f6102a9 Don't set NetworkUnavailable condition in non-GCE/GKE clouds 2016-06-16 09:40:49 +02:00
saadali
542f2dc708 Introduce new kubelet volume manager
This commit adds a new volume manager in kubelet that synchronizes
volume mount/unmount (and attach/detach, if attach/detach controller
is not enabled).

This eliminates the race conditions between the pod creation loop
and the orphaned volumes loops. It also removes the unmount/detach
from the `syncPod()` path so volume clean up never blocks the
`syncPod` loop.
2016-06-15 09:34:08 -07:00
saadali
9b6a505f8a Rename UniqueDeviceName to UniqueVolumeName
Rename UniqueDeviceName to UniqueVolumeName and move helper functions
from attacherdetacher to volumehelper package.
Introduce UniquePodName alias
2016-06-15 09:32:12 -07:00
Piotr Szczesniak
51af487b5f Revert "Downward api node defaults" 2016-06-15 15:47:49 +02:00
derekwaynecarr
712860d55f Fix downward API for resource limits 2016-06-14 12:49:00 -04:00
Vishnu kannan
afdd9ea262 When limits are not set, use capacity as limits in downward API for resources.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-06-14 11:29:39 -04:00
Ron Lai
8d6cdd5d1b Adding logs for file system info being not available. 2016-06-13 11:10:38 -07:00
Łukasz Oleś
07d13c1fb4 Fix kubectl logs for init containers
Related issues: #25818 #27040
2016-06-13 15:12:40 +02:00
k8s-merge-robot
d935a02c64 Merge pull request #27101 from caesarxuchao/add-deletiontimestamp-log
Automatic merge from submit-queue

Let kubelet log the DeletionTimestamp if it's not nil in update

This helps to debug if it's the kubelet to blame when a pod is not deleted. 

Example output:
```
SyncLoop (UPDATE, "api"): "redis-master_default(c6782276-2dd4-11e6-b874-64510650ab1c):DeletionTimestamp=2016-06-08T23:58:12Z"
```

ref #26290
cc @Random-Liu
2016-06-12 22:56:43 -07:00
k8s-merge-robot
e54ebe5ebd Merge pull request #27132 from freehan/kubenetmasq
Automatic merge from submit-queue

turn off cni masqurade and manage it in kubenet

fixes #27110
2016-06-09 20:44:13 -07:00
k8s-merge-robot
7c4c19f623 Merge pull request #26936 from yifan-gu/fix_selinux
Automatic merge from submit-queue

rkt: Fix incomplete selinux context string when the option is partial.

Fix "EmptyDir" e2e tests failures caused by #https://github.com/kubernetes/kubernetes/pull/24901

As mentioned in https://github.com/kubernetes/kubernetes/pull/24901#discussion_r61372312
We should apply the selinux context of the rkt data directory (/var/lib/rkt) when users do not specify all the selinux options.

Due to my fault, the change was missed during rebase, thus caused the regression.

After applying this PR, the e2e tests passed.
```
$ go run hack/e2e.go -v -test --test_args="--ginkgo.dryRun=false --ginkgo.focus=EmptyDir"
...
Ran 19 of 313 Specs in 199.319 seconds
SUCCESS! -- 19 Passed | 0 Failed | 0 Pending | 294 Skipped PASS
```

BTW, the test is removed because the `--no-overlay=true` flag will only be there on non-coreos distro.

cc @euank @kubernetes/sig-node
2016-06-09 19:14:08 -07:00
Minhan Xia
1276a91638 kubenet masqurade for outbound traffic 2016-06-09 18:43:34 -07:00
Chao Xu
ccecc59ff2 In kubelet's handler of pod update, prints out deletiontimestamp if it's not nil 2016-06-08 23:48:40 -07:00
Łukasz Oleś
2b46aea495 Custom sort function for InitContainersStatuses
Order in init container statuses should be the same as defined in pod.
Statues shoudln't be sorted by name.
2016-06-07 23:57:23 +02:00
Yifan Gu
8596d25ad5 rkt: Fix incomplete selinux context string when the option is partial.
Add Getfilecon() into the selinux interface.
2016-06-07 14:43:35 -07:00
Saad Ali
9dbe943491 Attach/Detach Controller Kubelet Changes
This PR contains Kubelet changes to enable attach/detach controller control.
* It introduces a new "enable-controller-attach-detach" kubelet flag to
  enable control by controller. Default enabled.
* It removes all references "SafeToDetach" annoation from controller.
* It adds the new VolumesInUse field to the Node Status API object.
* It modifies the controller to use VolumesInUse instead of SafeToDetach
  annotation to gate detachment.
* There is a bug in node-problem-detector that causes VolumesInUse to
  get reset every 30 seconds. Issue https://github.com/kubernetes/node-problem-detector/issues/9
  opened to fix that.
2016-06-02 16:47:11 -07:00
k8s-merge-robot
32da727ca1 Merge pull request #26264 from luxas/remove_flannel_default
Automatic merge from submit-queue

Do not call NewFlannelServer() unless flannel overlay is enabled

Ref: #26093 

This makes so kubelet does not warn the user that iptables isn't in PATH, although the user didn't enable the flannel overlay.

@vishh @freehan @bprashanth
2016-05-29 15:49:00 -07:00
k8s-merge-robot
577cdf937d Merge pull request #26415 from wojtek-t/network_not_ready
Automatic merge from submit-queue

Add a NodeCondition "NetworkUnavaiable" to prevent scheduling onto a node until the routes have been created 

This is new version of #26267 (based on top of that one).

The new workflow is:
- we have an "NetworkNotReady" condition
- Kubelet when it creates a node, it sets it to "true"
- RouteController will set it to "false" when the route is created
- Scheduler is scheduling only on nodes that doesn't have "NetworkNotReady ==true" condition

@gmarek @bgrant0607 @zmerlynn @cjcullen @derekwaynecarr @danwinship @dcbw @lavalamp @vishh
2016-05-29 03:06:59 -07:00
k8s-merge-robot
e7a13ac2ad Merge pull request #25902 from euank/changeVolumeMounts
Automatic merge from submit-queue

rkt: Use volumes from RunContainerOptions

This replaces the previous creation of mounts from the `volumeGetter`
with mounts provided via RunContainerOptions.

This is motivated by the fact that the latter has a more complete set of
mounts (e.g. the `/etc/hosts` one created in kubelet.go in the case an IP is available).

This does not induce further e2e failures as far as I can tell.

cc @yifan-gu
2016-05-28 03:58:14 -07:00
k8s-merge-robot
74b20cccc6 Merge pull request #25813 from rrati/kubelet-pods-per-core
Automatic merge from submit-queue

Added pods-per-core to kubelet. #25762

Added --pods-per-core to kubelet

#25762
2016-05-28 03:08:28 -07:00
Alex Robinson
91f8c784a0 Merge pull request #21373 from enoodle/read_cadvisor_cloudinfo_in_kubelet
kubelet: reading cloudinfo from cadvisor
2016-05-27 16:14:24 -07:00
Euan Kemp
abbd0321b2 rkt: Use volumes from RunContainerOptions
This replaces the previous creation of mounts from the `volumeGetter`
with mounts provided via RunContainerOptions.

This is motivated by the fact that the latter has a more complete set of
mounts (e.g. the `/etc/hosts` one created in kubelet.go).
2016-05-27 13:11:47 -07:00
Alex Robinson
bd0b94efe2 Merge pull request #26029 from luxas/mkdir_all
kubelet: Use MkdirAll instead of Mkdir
2016-05-27 11:40:01 -07:00
Wojciech Tyczynski
be1b57100d Change to NotReadyNetworking and use in scheduler 2016-05-27 19:32:49 +02:00
gmarek
7bdf480340 Node is NotReady until the Route is created 2016-05-27 19:29:51 +02:00
Robert Rati
2d487f7c06 Added pods-per-core to kubelet. #25762 2016-05-27 07:10:13 -04:00
Alex Mohr
4357b8a0a6 Merge pull request #25324 from jfrazelle/add-seccomp
Add Seccomp to Annotations
2016-05-26 10:50:06 -07:00
Lucas Käldström
fdff659ced Do not call NewFlannelServer() unless flannel overlay is enabled 2016-05-25 16:09:39 +03:00