Automatic merge from submit-queue
Curating Owners: pkg/admission/
cc @lavalamp @davidopp @erictune @liggitt @derekwaynecarr
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. Use the following commit as a suggestion: 7f6469fc41
3. The pull-request is made editable, please edit the `OWNERS` file to
add the names of people that should be reviewing code in the future in
the **reviewers** section. You probably do NOT need to modify the **approvers**
section.
4. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
5. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
Automatic merge from submit-queue (batch tested with PRs 38419, 38457, 38607)
Fix pod level QoS does not works on CRI dockershim
Fixes: https://github.com/kubernetes/kubernetes/issues/38458
We did set `CgroupParent ` in `CreateContainer`, but the `HostConfig.Resources` which `CgroupParent` belongs to is override by the following code:
```
hc.CgroupParent = lc.GetCgroupParent()
...
hc.Resources = dockercontainer.Resources{
Memory: rOpts.GetMemoryLimitInBytes(),
...
}
```
That's why `HostConfig.CgroupParent` is always empty and pod level QoS does not work.
Automatic merge from submit-queue
bump log level on service status update
ref: https://github.com/kubernetes/kubernetes/issues/38349
I tried to reproduce the problem in #38349 and failed. Not sure why service status update failed and service controller skip status update in the next round. What I have observed is that if service status update failed due to conflict, the next round of processServiceUpdate will correct it.
Bumping log level to get a better signal when it occurs.
Automatic merge from submit-queue (batch tested with PRs 38453, 36672, 38629, 34966, 38630)
Fix threshold notifier build tags
Fix threshold notifier build tags so the linux version is only built if cgo is
enabled, and the unsupported version is built if it's either not linux or not
cgo.
Automatic merge from submit-queue (batch tested with PRs 38453, 36672, 38629, 34966, 38630)
Warn user if they try to apply on an object without the annotation
Give user a warning when using `kubectl apply` on a resource lacking the `LastAppliedConfig` annotation
fixes#36620
Ref: #35134 and #36509.
**Release note**:
```release-note
Issue a warning when using `kubectl apply` on a resource lacking the `LastAppliedConfig` annotation
```
Automatic merge from submit-queue
remove incorrect groupName comment for apps.k8s.io
The group name is "apps", not "apps.k8s.io"
The comment didn't actually affect client generation because there was an extra space between it and the package declaration, but removing it to avoid confusion
Automatic merge from submit-queue
Increase GCE operation timeout
It seems 30 minutes is too small for creating some routes in large clusters.
@thockin - FYI
Automatic merge from submit-queue
error in setNodeStatus func should not abort node status update
`setNodeStatus()` currently errors out if any of the functions in the `kl.setNodeStatusFuncs` returns an error, resulting in the node not reporting status and eventually being marked as `NotReady`.
`setNodeAddress()` is currently the only function in `defaultNodeStatusFuncs()` that can return an error and it does if the cloud provider can't be contacted for any number of reasons like token expiration, API outage, ratelimit block, etc.
This PR changes `setNodeStatus()` to log, rather than return, when an error is returned by one of the `setNodeStatusFuncs` so that the node status update can proceed.
Fixes#34455
xref https://bugzilla.redhat.com/show_bug.cgi?id=1400574
@eparis @derekwaynecarr @mikedanese @anguslees
Fix threshold notifier build tags so the linux version is only built if cgo is
enabled, and the unsupported version is built if it's either not linux or not
cgo.
Automatic merge from submit-queue
fix client cert handling for delegate authn
Builds on https://github.com/kubernetes/kubernetes/pull/38409.
The client cert wasn't presented by the API server, so tools didn't send it. These will start getting caught as we add usage into e2e. Once we split genericapiserver out, we can have a different style integration test that hits these too.
Automatic merge from submit-queue (batch tested with PRs 38608, 38299)
controller: set unavailableReplicas correctly when scaling down
```
deployment_controller.go:299] Error syncing deployment
e2e-tests-kubectl-2l7xx/e2e-test-nginx-deployment:
Deployment.extensions "e2e-test-nginx-deployment" is invalid:
status.unavailableReplicas: Invalid value: -1:
must be greater than or equal to 0
```
The validation error above occurs usually when a Deployment is
scaled down. In such a case we should default unavailableReplicas
to 0 instead of making an invalid api call.
@kubernetes/deployment
Automatic merge from submit-queue (batch tested with PRs 38597, 38570)
Logging request / response body should not allocate
Putting string(data) in the critical path causes an allocation which can
be very large, and happens regardless of whether logging is enabled.
Also, use the more sophisticated logging of body output that avoids
causing quoting of JSON output (current behavior is "{\"key\":...}" and
should be {"key":...} for readability).
@wojtek-t reduces large heap allocations on updates
Putting string(data) in the critical path causes an allocation which can
be very large, and happens regardless of whether logging is enabled.
Also, use the more sophisticated logging of body output that avoids
causing quoting of JSON output (current behavior is "{\"key\":...}" and
should be {"key":...} for readability).
Automatic merge from submit-queue
fix duplicate validation/field/errors
**Release note**:
``` release-note
release-note-none
```
Related PR: https://github.com/kubernetes/kubernetes/pull/30313
PR #30313 fixed duplicate errors for invalid aggregate errors in
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/util/helpers.go
However, duplicate aggregate errors that went through
https://github.com/kubernetes/kubernetes/blob/master/pkg/util/validation/field/errors.go
were not affected by that patch.
This patch adds duplicate aggregate error checking to
`pkg/util/validation/field/errors.go`
##### Before
`$ kubectl set env rc/idling-echo-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName", spec.template.spec.containers[0].env[0].name:
Invalid value: "test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
`$ kubectl set env rc/node-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
##### After
`$ kubectl set env rc/idling-echo-1 test-abc=1234`
```
error: ReplicationController "idling-echo-1" is invalid:
[spec.template.spec.containers[0].env[0].name: Invalid value:
"test-abc": must be a C identifier (matching regex
[A-Za-z_][A-Za-z0-9_]*): e.g. "my_name" or "MyName",
spec.template.spec.containers[1].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"]
```
`$ kubectl set env rc/node-1 test-abc=1234`
```
error: ReplicationController "node-1" is invalid:
spec.template.spec.containers[0].env[0].name: Invalid value: "test-abc":
must be a C identifier (matching regex [A-Za-z_][A-Za-z0-9_]*): e.g.
"my_name" or "MyName"
```
Automatic merge from submit-queue
Remove json serialization annotations from internal types
fixes#3933
Internal types should never be serialized, and including json serialization tags on them makes it possible to accidentally do that without realizing it.
fixes in this PR:
* types
* [x] remove json tags from internal types
* [x] fix references from serialized types to internal ObjectMeta
* generation
* [x] remove generated json codecs for internal types (they should never be used)
* kubectl
* [x] fix `apply` to operate on versioned object
* [x] fix sorting by field to operate on versioned object
* [x] fix `--record` to build annotation patch using versioned object
* hpa
* [x] fix unmarshaling to internal CustomMetricTargetList in validation
* thirdpartyresources
* [x] fix encoding API responses using internal ObjectMeta
* tests
* [x] fix tests to use versioned objects when checking encoded content
* [x] fix tests passing internal objects to generic printers
follow ups (will open tracking issues or additional PRs):
- [ ] remove json tags from internal kubeconfig types (`kubectl config set` pathfinding needs to work against external type)
- [ ] HPA should version CustomMetricTargetList serialization in annotations
- [ ] revisit how TPR resthandlers encoding objects
- [ ] audit and add tests for printer use (human-readable printer requires internal versions, generic printers require external versions)
- [ ] add static analysis tests preventing new internal types from adding tags
- [ ] add static analysis tests requiring json tags on external types (and enforcing lower-case first letter)
- [ ] add more tests for `kubectl get` exercising known and unknown types with all output options
This method has been unused by k8s for some time, and yet is the last
piece of the cloud provider API that encourages provider names to be
human-friendly strings (this method applies a regex to instance names).
Actually removing this deprecated method is part of a long effort to
migrate from instance names to instance IDs in at least the OpenStack
provider plugin.
Automatic merge from submit-queue (batch tested with PRs 34002, 38535, 37330, 38522, 38423)
Fix panic in vSphere cloud provider
Currently vSphere Cloud Provider triggers panic in controller-manager pod kubernetes. This is because it queries for the cluster name from the VC. We have eliminated that code from the vSphere cloud provider.
Fixes#36295
Automatic merge from submit-queue (batch tested with PRs 37677, 38519)
Better deal with failures under golang 1.8beta1
If there is any error in the initial parsing then we should just
try adding the scheme.
url.Parse(base) has changed in 1.8. Please see the following change
c5ccbdd22bFixes#38380
Automatic merge from submit-queue (batch tested with PRs 37270, 38309, 37568, 34554)
Remove duplicate get errs
old:
```shell
$ kubectl get ns
NAME STATUS AGE
default Active 2m
kube-system Active 2m
$ kubectl get ns --all-namespaces
NAMESPACE NAME STATUS AGE
error: namespace is not namespaced
error: namespace is not namespaced
```
new:
```shell
$ kubectl get ns --all-namespaces
NAMESPACE NAME STATUS AGE
error: namespace is not namespaced
```
