Automatic merge from submit-queue
change unconfined_t to spc_t
**What this PR does / why we need it**:
When installing kube via kubeadm on a system w/ selinux enabled, it's necessary to disable selinux in order for the etcd and kube-discovery containers to run.
The kube etcd and discovery pods are currently set to unconfined_t in order to avoid disabling selinux, but the correct type for an unconfined container is spc_t. For more information, see http://danwalsh.livejournal.com/2016/10/03/.
Automatic merge from submit-queue
Add the system verification test to the kubeadm preflight checks
And refactor the system verification test to accept to write to a specific writer in order to customize the output
This PR is targeting v1.5, PTAL
cc @Random-Liu @dchen1107 @kubernetes/sig-cluster-lifecycle
Automatic merge from submit-queue
[kubeadm] use iteration instead of recursion in function
**What this PR does / why we need it**:
before this PR, function `attemptToUpdateMasterRoleLabelsAndTaints` recursively call itself. there are some defeats in it:
1. potential stack overflow.
2. unnecessary extra `json.Marshal` calls.
3. unnecessary extra `client.Nodes().List` calls.
this PR rewrite `attemptToUpdateMasterRoleLabelsAndTaints` function, use iterate instead of recursion.
so these 3 defeats the metioned above are gone.
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
Automatic merge from submit-queue
kubeadm: changed tests to be table driven
Small change to migrate tests in kubeadm/app/util/tokens_test.go to be table driven which should make adding more tests in the future easier and also have them match how other tests are being written.
This PR is part of the ongoing effort to add tests (#35025)
Automatic merge from submit-queue
move parts of the mega generic run struct out
This splits the main `ServerRunOptions` into composeable pieces that are bindable separately and adds easy paths for composing servers to run delegating authentication and authorization.
@sttts @ncdc alright, I think this is as far as I need to go to make the composing servers reasonable to write. I'll try leaving it here
Automatic merge from submit-queue
controller manager refactors
The controller manager needs some significant cleanup. This starts us down the patch by respecting parameters like `stopCh`, simplifying discovery checks, removing unnecessary parameters, preventing unncessary fatals, and using our client builder.
@sttts @ncdc
Automatic merge from submit-queue
support customize repository prefix of image through environment KUBE…
## Problem
kubeadm does not support customize repository prefix of image. this prevent us from using our own image repository to deploy k8s.
## Fix
make ```gcr.io/google_containers/ ``` be configurable.
ADD environment variable KUBE_REPO_PREFIX
Signed-off-by: yaoyao.xyy <yaoyao.xyy@alibaba-inc.com>
Automatic merge from submit-queue
Update kubeadm etcd to 3.0.13 in order to switch to the etcd3 storage format
ref: https://github.com/kubernetes/kubernetes/issues/35723
I think we should switch as soon as possible, but run it in etcd2 mode until the full etcd3 mode is stable
@kubernetes/sig-cluster-lifecycle @wojtek-t @xiang90 @lavalamp
The kube etcd and discovery pods are set to unconfined_t in
order to avoid disabling selinux, but the correct type for
an unconfined container is spc_t. For more information, see
http://danwalsh.livejournal.com/2016/10/03/.
Automatic merge from submit-queue
Check sysfs Type instead of Device
Some distribution uses "none" device to mount "sysfs" type, so kube-proxy needs to list mount points and check "types" instead of "device".
fixes#37183
```release-note
Change sysfs mountpoint tests from Device to Type to be able to find sysfs mountpoint on "none" device
```
Automatic merge from submit-queue
Fields with omitempty tag should still be considered as optional
We've added an "+optional" tag while ago for optional fields. Before that OpenAPI spec generated assumed all fields with "omitempty" in their json tags are optional. This should be still the case (as well as +optional tag) until these two things happen:
- We update all documentation asking developers to use +optional (My bad, I should have added this after the +optional PR)
- We fix swagger 1.2 spec generator to use +optional instead of omitempty.
Fixes#37149
Automatic merge from submit-queue
OpenAPI Bugfix: []byte should be treated as integer array
data field of v1.Secret is a map of string to byte array. Generated spec should generate a map of string to (type="string", format="byte" that means map of base64 string) however current code converts it to an array of integer that is wrong.
fixes#37126
- Adds command line flags --config-map, --config-map-ns.
- Fixes 36194 (https://github.com/kubernetes/kubernetes/issues/36194)
- Update kube-dns yamls
- Update bazel (hack/update-bazel.sh)
- Update known command line flags
- Temporarily reference new kube-dns image (this will be fixed with
a separate commit when the DNS image is created)
Automatic merge from submit-queue
[kubelet] rename --cgroups-per-qos to --experimental-cgroups-per-qos
This reflects the true nature of "cgroups per qos" feature.
```release-note
* Rename `--cgroups-per-qos` to `--experimental-cgroups-per-qos` in Kubelet
```
