Controls the lifecycle of the ServiceCIDRs adding finalizers and
setting the Ready condition in status when they are created, and
removing the finalizers once it is safe to remove (no orphan IPAddresses)
An IPAddress is orphan if there are no ServiceCIDR containing it.
Change-Id: Icbe31e1ed8525fa04df3b741c8a817e5f2a49e80
Introduce networking/v1alpha1 api group.
Add `ClusterCIDR` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type
Introduce networking/v1alpha1 api group.
Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Change ClusterCIDRConfig.NodeSelector type in api
* Fix review comments for API
* Update ClusterCIDRConfig API Spec
Introduce PerNodeHostBits field, remove PerNodeMaskSize
Since external metrics were added, we weren't running the HPA with
metrics REST clients by default, so we had no bootstrap policy to enable
the HPA controller to talk to the external metrics API.
This change adds permissions for the HPA controller to list and get
external.metrics.k8s.io by default as already done for the
custom.metrics.k8s.io API.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Through Job.status.uncountedPodUIDs and a Pod finalizer
An annotation marks if a job should be tracked with new behavior
A separate work queue is used to remove finalizers from orphan pods.
Change-Id: I1862e930257a9d1f7f1b2b0a526ed15bc8c248ad
This is the result of
UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy
Apparently enabling the GenericEphemeralVolume feature by default
affect this test. The policy that it now tests against is indeed
the one needed for the controller.
The controller needs to be able to set a service's finalizers to be
able to create an EndpointSlice resource that is owned by the service
and sets blockOwnerDeletion=true in its ownerRef.
Given the significance this change would have we've decided to hold off
on enabling this by default until we can have better test coverage and
more real world usage of the feature.
At times, for some reason endpoint/service creation can fail in a setup. As we
currently create endpoint/service after volume creation, later we need rollback
of this volume transaction if endpoint/service creation failed. Considering
endpoint/service creation is light weight, this patch promote endpoint/service
creation to an early stage.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
PVCProtection feature was renamed to Storage Protection in:
https://github.com/kubernetes/kubernetes/pull/58743
That's why it's renamed when brought into beta.
In addition, StorageProtection feature is brought into beta in 1.10 release.
Automatic merge from submit-queue (batch tested with PRs 52147, 54309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bootstrap policy with replicaset/daemonset permissions in the apps API group
Resolves#54310
Bootstrap policy was not updated when replicasets and daemonsets got promoted to the apps group
```release-note
Resolves forbidden error when accessing replicasets and daemonsets via the apps API group
```
Since we weren't running the HPA with metrics REST clients by default,
we had no bootstrap policy enabling the HPA controller to talk to the
metrics APIs.
This adds permissions for the HPA controller to talk list
pods.metrics.k8s.io, and list any resource in custom.metrics.k8s.io.
