Commit Graph

4316 Commits

Author SHA1 Message Date
k8s-merge-robot
8b0e9c5739 Merge pull request #24947 from hpcloud/hpe/vsphere-volume
Automatic merge from submit-queue

vSphere Volume Plugin Implementation

This PR implements vSphere Volume plugin support in Kubernetes (ref. issue #23932).
2016-05-22 20:40:14 -07:00
k8s-merge-robot
39f0c6ba25 Merge pull request #24719 from bprashanth/kubectl_tls
Automatic merge from submit-queue

Add a kubectl create secret tls command

A somewhat hasty implementation that enables progress along: https://github.com/kubernetes/kubernetes/issues/20176#issuecomment-177409516, https://github.com/kubernetes/kubernetes/issues/24669, https://github.com/kubernetes/kubernetes/issues/20176#issuecomment-198142836 if associated parties have spare cycles. @kubernetes/kubectl

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/24719)
<!-- Reviewable:end -->
2016-05-22 09:40:42 -07:00
k8s-merge-robot
9e8282c586 Merge pull request #25838 from cjcullen/authzcache
Automatic merge from submit-queue

Cache webhook authorization responses

Similar to #25694, but for authorization.
2016-05-21 20:34:34 -07:00
k8s-merge-robot
c17465be03 Merge pull request #25531 from ingvagabund/introduce-memory-pressure-to-scheduler
Automatic merge from submit-queue

Introduce node memory pressure condition to scheduler

Following the work done by @derekwaynecarr at https://github.com/kubernetes/kubernetes/pull/21274, introducing memory pressure predicate for scheduler.

Missing:

* write down unit-test
* test the implementation

At the moment this is a heads up for further discussion how the new node's memory pressure condition should be handled in the generic scheduler.

**Additional info**

* Based on [1], only best effort pods are subject to filtering.
* Based on [2], best effort pods are those pods "iff requests & limits are not specified for any resource across all containers".

[1] 542668cc79/docs/proposals/kubelet-eviction.md (scheduler)
[2] https://github.com/kubernetes/kubernetes/pull/14943
2016-05-21 19:37:15 -07:00
Jan Chaloupka
b95b30bbd7 Scheduler: introduce CheckNodeMemoryPressurePredicate, don't schedule pods for nodes that reports memory pressury.
Introduce unit-test for CheckNodeMemoryPressurePredicate

Following work done in #14943
2016-05-22 00:40:28 +02:00
CJ Cullen
d03dbbcc14 Add LRU Expire cache to webhook authorizer. 2016-05-21 14:50:50 -07:00
Abitha Palaniappan
11397654b6 Adding volume plugin to api/v1 and updating auto-generated files 2016-05-21 12:53:03 -07:00
k8s-merge-robot
682c188fc8 Merge pull request #25738 from wojtek-t/default_protobuf
Automatic merge from submit-queue

Use protobufs by default to communicate with apiserver (still store JSONs in etcd)

@lavalamp @kubernetes/sig-api-machinery
2016-05-21 11:48:25 -07:00
k8s-merge-robot
346f965871 Merge pull request #25694 from cjcullen/authncache
Automatic merge from submit-queue

Cache Webhook Authentication responses

Add a simple LRU cache w/ 2 minute TTL to the webhook authenticator.

Kubectl is a little spammy, w/ >= 4 API requests per command. This also prevents a single unauthenticated user from being able to DOS the remote authenticator.
2016-05-21 10:48:38 -07:00
k8s-merge-robot
eb733cbf45 Merge pull request #25285 from ingvagabund/extend-secrets-volumes-with-path-control
Automatic merge from submit-queue

Extend secrets volumes with path control

As per [1] this PR extends secrets mapped into volume with:

* key-to-path mapping the same way as is for configmap. E.g.

```
{
 "apiVersion": "v1",
 "kind": "Pod",
  "metadata": {
    "name": "mypod",
    "namespace": "default"
  },
  "spec": {
    "containers": [{
      "name": "mypod",
      "image": "redis",
      "volumeMounts": [{
        "name": "foo",
        "mountPath": "/etc/foo",
        "readOnly": true
      }]
    }],
    "volumes": [{
      "name": "foo",
      "secret": {
        "secretName": "mysecret",
        "items": [{
          "key": "username",
          "path": "my-username"
        }]
      }
    }]
  }
}
```

Here the ``spec.volumes[0].secret.items`` added changing original target ``/etc/foo/username`` to ``/etc/foo/my-username``.

* secondly, refactoring ``pkg/volumes/secrets/secrets.go`` volume plugin to use ``AtomicWritter`` to project a secret into file.

[1] https://github.com/kubernetes/kubernetes/blob/master/docs/design/configmap.md#changes-to-secret
2016-05-21 03:55:13 -07:00
Wojciech Tyczynski
0f881d6120 Use protobufs by default to communicate with apiserver 2016-05-21 11:38:32 +02:00
k8s-merge-robot
46504c2042 Merge pull request #14943 from vishh/qos
Automatic merge from submit-queue

Updaing QoS policy to be at the pod level

Quality of Service will be derived from an entire Pod Spec, instead of being derived from resource specifications of individual resources per-container.
A Pod is `Guaranteed` iff all its containers have limits == requests for all the first-class resources (cpu, memory as of now).
A Pod is `BestEffort` iff requests & limits are not specified for any resource across all containers.
A Pod is `Burstable` otherwise. 

Note: Existing pods might be more susceptible to OOM Kills on the node due to this PR! To protect pods from being OOM killed on the node, set `limits` for all resources across all containers in a pod.

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/14943)
<!-- Reviewable:end -->
2016-05-20 22:58:04 -07:00
k8s-merge-robot
12f7b81481 Merge pull request #25237 from vishh/disk-based-eviction-proposal
Automatic merge from submit-queue

Proposal for disk based evictions

cc @dchen1107 @derekwaynecarr
2016-05-20 17:57:18 -07:00
Mike Danese
fbf6bbc49a Merge pull request #25596 from derekparker/inotify
kubelet: Optionally, have kubelet exit if lock file contention is observed, using --exit-on-lock-contention flag
2016-05-20 16:40:10 -07:00
Mike Danese
54dab4c59b Merge pull request #25962 from aveshagarwal/master-downward-api-resources-limits-requests-nit
Fix a nit in the downward api proposal for resources.
2016-05-20 16:33:27 -07:00
Vishnu Kannan
34ebb7e384 Proposal for disk based evictions.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-05-20 15:46:39 -07:00
Vishnu kannan
f48c83600c Updating QoS policy to be per-pod instead of per-resource.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-05-20 11:52:16 -07:00
k8s-merge-robot
9625926852 Merge pull request #25574 from Clarifai/elb
Automatic merge from submit-queue

Update AWS under the hood doc with ELB SSL annotations

Document #23495. No e2e tests or release notes needed (the other PR is already in the release docs).
2016-05-20 09:45:09 -07:00
k8s-merge-robot
f935507235 Merge pull request #19242 from mqliang/node-controller
Automatic merge from submit-queue

add CIDR allocator for NodeController

This PR:

* use pkg/controller/framework to watch nodes and	reduce lists when allocate CIDR for node
* decouple the cidr allocation logic from monitoring status logic

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/19242)
<!-- Reviewable:end -->
2016-05-20 09:45:05 -07:00
k8s-merge-robot
2c471bce4e Merge pull request #25509 from janetkuo/kubectl-set-image
Automatic merge from submit-queue

Add 'kubectl set image'

```release-note
Add "kubectl set image" for easier updating container images (for pods or resources with pod templates). 
```

**Usage:**
```
kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
```
**Example:**
```console 
# Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
$ kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1

# Update all deployments' nginx container's image to 'nginx:1.9.1'
$ kubectl set image deployments nginx=nginx:1.9.1 --all

# Update image of all containers of daemonset abc to 'nginx:1.9.1'
$ kubectl set image daemonset abc *=nginx:1.9.1

# Print result (in yaml format) of updating nginx container image from local file, without hitting the server 
$ kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
```

I abandoned the `--container=xxx --image=xxx` flags in the [deploy proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/deploy.md#kubectl-set) since it's much easier to use with just KEY=VALUE (CONTAINER_NAME=CONTAINER_IMAGE) pairs. 

Ref #21648 
@kubernetes/kubectl @bgrant0607 @kubernetes/sig-config 


[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()
2016-05-20 07:13:45 -07:00
mqliang
552a247639 update auto generation files 2016-05-20 20:44:40 +08:00
Avesh Agarwal
9927b1c3e4 Fix a nit in the downward api proposal for resources. 2016-05-20 08:21:58 -04:00
Avesh Agarwal
0f3a8bd061 Downward API proposal for resources (cpu, memory) limits and requests 2016-05-19 22:57:24 -04:00
k8s-merge-robot
53b5b41abb Merge pull request #17688 from derekwaynecarr/systemd_nodespec
Automatic merge from submit-queue

systemd node spec proposal

The following outlines changes that I want to make to the ```kubelet``` in order to better integrate with ```systemd``` systems, and to better isolate containers in their own ```cgroup``` based on the qos tier.

I think this is a precursor to getting more intelligent low compute resource eviction.

/cc @smarterclayton @ncdc @pmorie @dchen1107 @vishh @bgrant0607

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/17688)
<!-- Reviewable:end -->
2016-05-19 17:13:21 -07:00
Janet Kuo
4332472bde Add 'kubectl set image' 2016-05-18 21:23:17 -07:00
Daniel Smith
28333a0041 Merge pull request #25672 from ihmccreery/fix-link
Fix link to Jenkins
2016-05-18 17:56:08 -07:00
Derek Parker
f307e97f87 kubelet: Add --exit-on-lock-contention flag
This patch adds the --exit-on-lock-contention flag, which must be used
in conjunction with the --lock-file flag. When provided, it causes the
kubelet to wait for inotify events for that lock file. When an 'open'
event is received, the kubelet will exit.
2016-05-18 16:21:47 -07:00
David Oppenheimer
35c9ca853a Merge pull request #24134 from Huawei-PaaS/taints-tolerations
Implement taints and tolerations
2016-05-18 18:18:18 -05:00
CJ Cullen
57f96a932f Add expiration LRU cache for webhook token authenticator. 2016-05-18 11:58:11 -07:00
Casey Davenport
872d2b71c6 NetworkPolicy proposal 2016-05-18 10:14:33 -07:00
Kevin
52fb89ff73 implement taints and tolerations 2016-05-18 15:06:23 +00:00
Jan Chaloupka
e3aa900d52 Regenerate swagger, api, conversion and other code that needs to be regenerated 2016-05-18 16:12:55 +02:00
k8s-merge-robot
bf4f84167f Merge pull request #23567 from smarterclayton/init_containers
Automatic merge from submit-queue

Add init containers to pods

This implements #1589 as per proposal #23666

Incorporates feedback on #1589, creates parallel structure for InitContainers and Containers, adds validation for InitContainers that requires name uniqueness, and comments on a number of implications of init containers.

This is a complete alpha implementation.

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/23567)
<!-- Reviewable:end -->
2016-05-18 00:53:30 -07:00
Paul Morie
e157febfe2 Add notes about endgame for test flakes 2016-05-17 17:34:09 -04:00
k8s-merge-robot
e6ada45793 Merge pull request #25576 from k82/k8s-24411-doc
Automatic merge from submit-queue

Update document for kubectl service output.

Fix for #24411, Update document for kubectl service output
2016-05-17 01:55:59 -07:00
Prashanth Balasubramanian
daa8e29c5b Add a kubectl create secret tls command 2016-05-16 22:38:56 -07:00
Clayton Coleman
6cc6d29339
Generated code for init containers 2016-05-17 00:29:52 -04:00
Rudi Chiarito
54c55fdac3 Update AWS under the hood doc with ELB SSL annotations 2016-05-16 18:19:46 -04:00
Tim Hockin
915655a2eb Document godep updates better
`godep update` doesn't work.  It just says 'nothing to update'.  Drop it, and
use The Big Hammer instead.
2016-05-16 13:15:39 -07:00
Isaac Hollander McCreery
4ef33834d3 Fix link to Jenkins 2016-05-16 07:29:04 -07:00
k8s-merge-robot
b8f1682695 Merge pull request #24090 from AdoHe/expose_rc
Automatic merge from submit-queue

fix expose multi protocols issue

Please refer #23882 for more detail. @bprashanth @bgrant0607 ptal.

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/24090)
<!-- Reviewable:end -->
2016-05-14 07:15:58 -07:00
Klaus Ma
f3556be51d Update kubectl service output. 2016-05-14 11:10:29 +08:00
Jeff Lowdermilk
9a20ca2899 Merge pull request #25163 from derekwaynecarr/pod-eviction-grace-period-flag
Pod eviction grace period flag
2016-05-13 16:17:27 -07:00
k8s-merge-robot
399b086620 Merge pull request #23684 from luxas/auto_label_arch
Automatic merge from submit-queue

Automatically add node labels beta.kubernetes.io/{os,arch}

Proposal: #17981
As discussed in #22623:
> @davidopp: #9044 says cloud provider but can also cover platform stuff.

Adds a label `beta.kubernetes.io/platform` to `kubelet` that informs about the os/arch it's running on.
Makes it easy to specify `nodeSelectors` for different arches in multi-arch clusters.

```console
$ kubectl get no --show-labels
NAME        STATUS    AGE       LABELS
127.0.0.1   Ready     1m        beta.kubernetes.io/platform=linux-amd64,kubernetes.io/hostname=127.0.0.1
$ kubectl describe no
Name:			127.0.0.1
Labels:			beta.kubernetes.io/platform=linux-amd64,kubernetes.io/hostname=127.0.0.1
CreationTimestamp:	Thu, 31 Mar 2016 20:39:15 +0300
```
@davidopp @vishh @fgrzadkowski @thockin @wojtek-t @ixdy @bgrant0607 @dchen1107 @preillyme
2016-05-13 13:25:34 -07:00
derekwaynecarr
12229f3473 Add generated artifacts for new kubelet flag 2016-05-13 11:44:20 -04:00
k8s-merge-robot
17345bf857 Merge pull request #25372 from derekwaynecarr/more-eviction-flags
Automatic merge from submit-queue

Add eviction-pressure-transitition-period flag to kubelet

This PR does the following:
* add the new flag to control how often a node will go out of memory pressure or disk pressure conditions see: https://github.com/kubernetes/kubernetes/pull/25282
* pass an `eviction.Config` into `kubelet` so we can group config

/cc @vishh
2016-05-13 05:46:15 -07:00
Tim Hockin
0114eef83d Update docs re: godep 2016-05-12 22:04:24 -04:00
Eric Paris
ad3e18d60c Stop pinning to version v53 2016-05-12 22:04:24 -04:00
derekwaynecarr
dee976ad79 Add generated artifacts for kubelet flags 2016-05-12 17:54:20 -04:00
derekwaynecarr
eee9a589db node spec for systemd environments 2016-05-12 17:32:08 -04:00