github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52,400 Commits 1 Branch 31 Tags
a69697e6071c356d080b76aa3e8402271f2f056c
Commit Graph

5687 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
b78fc209a4 Merge pull request #49045 from ericchiang/remove-anytoken-authenticator-option 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

*: remove --insecure-allow-any-token option

~Since the authenticator is still used in e2e tests, don't remove
the actual package. Maybe a follow up?~

edit: e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

closes #49031

cc @kubernetes/sig-auth-pr-reviews
 2017-07-19 10:27:29 -07:00
Kubernetes Submit Queue
92d310eddc Merge pull request #49072 from xilabao/wait-rbac-in-local-cluster 
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)

use https to check healthz in hack/local-up-cluster.sh

**What this PR does / why we need it**:
```
# PSP_ADMISSION=true ALLOW_PRIVILEGED=true ALLOW_SECURITY_CONTEXT=true ALLOW_ANY_TOKEN=true ENABLE_RBAC=true RUNTIME_CONFIG="extensions/v1beta1=true,extensions/v1beta1/podsecuritypolicy=true" hack/local-up-cluster.sh
...
Waiting for apiserver to come up
+++ [0718 09:34:38] On try 5, apiserver: : 
Cluster "local-up-cluster" set.
use 'kubectl --kubeconfig=/var/run/kubernetes/admin-kube-aggregator.kubeconfig' to use the aggregated API server
Creating kube-system namespace
clusterrolebinding "system:kube-dns" created
serviceaccount "kube-dns" created
configmap "kube-dns" created
error: unable to recognize "kubedns-deployment.yaml": no matches for extensions/, Kind=Deployment
service "kube-dns" created
Kube-dns deployment and service successfully deployed.
kubelet ( 10952 ) is running.
Create podsecuritypolicy policies for RBAC.
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/policies.yaml": no matches for extensions/, Kind=PodSecurityPolicy
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/roles.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRole
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/examples/podsecuritypolicy/rbac/bindings.yaml": no matches for rbac.authorization.k8s.io/, Kind=ClusterRoleBinding
Create default storage class for 
error: unable to recognize "/home/nfs/mygo/src/k8s.io/kubernetes/cluster/addons/storage-class/local/default.yaml": no matches for storage.k8s.io/, Kind=StorageClass
Local Kubernetes cluster is running. Press Ctrl-C to shut it down.

Logs:
  /tmp/kube-apiserver.log
  /tmp/kube-controller-manager.log
  /tmp/kube-proxy.log
  /tmp/kube-scheduler.log
  /tmp/kubelet.log
...
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47739

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-07-19 10:27:23 -07:00
Mike Danese
3c39173ee4 fixit: break sig-cluster-lifecycle tests into subpackage 2017-07-19 10:14:51 -07:00
Kubernetes Submit Queue
6af05149aa Merge pull request #49058 from shyamjvs/logexporter-support 
Automatic merge from submit-queue

Pass logexporter config through e2e framework

Ref https://github.com/kubernetes/kubernetes/issues/48513

/cc @wojtek-t @fejta
 2017-07-19 09:57:47 -07:00
Kubernetes Submit Queue
2e6e314ade Merge pull request #49091 from sttts/sttts-metrics-imports 
Automatic merge from submit-queue

k8s.io/metrics: restrict k8s.io/metrics imports
 2017-07-19 06:11:39 -07:00
Bernhard M. Wiedemann
cd0e7b9e17 Allow to override build date 
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
 2017-07-19 13:27:13 +02:00
Kubernetes Submit Queue
c0be1671f2 Merge pull request #49095 from sttts/sttts-metrics-godeps 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

update-staging-godeps: do not exclude k8s.io/metrics

Counterpart to https://github.com/kubernetes/test-infra/pull/3560
 2017-07-19 03:21:27 -07:00
Kubernetes Submit Queue
36ade22a5a Merge pull request #49116 from sttts/sttts-authorative-api-v1-ref 
Automatic merge from submit-queue (batch tested with PRs 49116, 49095)

Move pkg/api/v1/ref -> client-go/tools/reference

`pkg/api/v1/ref` is the only remaining package copied from pkg/api/v1 to client-go via staging/copy.sh.
 2017-07-19 03:21:25 -07:00
Kubernetes Submit Queue
164cae1151 Merge pull request #46755 from CaoShuFeng/cani-test-cmd 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

add cmd test for kubectl auth can-i

**Release note**:

```
NONE
```
 2017-07-19 00:06:23 -07:00
Kubernetes Submit Queue
ccaaf5cad5 Merge pull request #48232 from caesarxuchao/move-admission-v1alph1 
Automatic merge from submit-queue (batch tested with PRs 48702, 48965, 48740, 48974, 48232)

Move admission/v1alpha1 to k8s.io/api

Fix https://github.com/kubernetes/kubernetes/issues/47972
 2017-07-18 20:06:21 -07:00
Kubernetes Submit Queue
fc1d2b3be7 Merge pull request #48256 from xiangpengzhao/move-pkg-util 
Automatic merge from submit-queue (batch tested with PRs 48481, 48256)

Refactor: pkg/util into sub-pkgs

**What this PR does / why we need it**:
- move code in pkg/util into sub-pkgs
- delete some unused funcs

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #15634

**Special notes for your reviewer**:
This is the final work of #15634. It will close that issue.
/cc @thockin 

**Release note**:

```release-note
NONE
```
 2017-07-18 18:19:19 -07:00
Bobby Salamat
33e6a476ba Add PriorityClass API 
Add PriorityClass to pkg/registry

Add PriorityClass to pkg/master/master.go

Add PriorityClass to import_know_versions.go

Update linted packages

minor fix
 2017-07-18 17:47:57 -07:00
Eric Chiang
e2f2ab67f2 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
 2017-07-18 16:03:15 -07:00
Chao Xu
590793f9a7 generated 2017-07-18 15:20:05 -07:00
Shyam Jeedigunta
5cdedd22cf Pass logexporter config through e2e framework 2017-07-18 23:28:06 +02:00
Dr. Stefan Schimanski
5925a0a1df Move pkg/api/v1/ref -> client-go/tools/reference 2017-07-18 22:45:43 +02:00
Jeff Grafton
64b0c9ec47 Switch from gazel to kazel, and move kazelcfg into build/root 2017-07-18 12:48:51 -07:00
Jeff Grafton
9ac0950166 Add utility function to install go package at a particular commit 2017-07-18 12:48:02 -07:00
Fabiano Franz
71cbad7cbb Flag support in kubectl plugins 2017-07-18 15:35:40 -03:00
Dr. Stefan Schimanski
1d1ec2c016 update-staging-godeps: do not exclude k8s.io/metrics 2017-07-18 10:22:54 +02:00
Dr. Stefan Schimanski
4677b1776e k8s.io/metrics: restrict k8s.io/metrics imports 2017-07-18 10:11:45 +02:00
Dr. Stefan Schimanski
78ce38b926 deepcopy: run deepcopy-gen in client-go 2017-07-18 09:28:48 +02:00
Dr. Stefan Schimanski
39d95b9b06 deepcopy: add interface deepcopy funcs 
- add DeepCopyObject() to runtime.Object interface
- add DeepCopyObject() via deepcopy-gen
- add DeepCopyObject() manually
- add DeepCopySelector() to selector interfaces
- add custom DeepCopy func for TableRow.Cells
 2017-07-18 09:28:47 +02:00
xiangpengzhao
01daf707c5 Refactor: pkg/util into sub-pkgs 2017-07-18 14:34:08 +08:00
sakeven
e6d2d726ed update golang version to go1.8 
Signed-off-by: sakeven <jc5930@sina.cn>
 2017-07-18 14:11:28 +08:00
Kubernetes Submit Queue
0d88afa131 Merge pull request #48102 from liggitt/optional-doc-generation 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

Make doc generation on cherry-picks optional

Follow up of https://github.com/kubernetes/kubernetes/pull/46993, xref #44533

Most cherry-picks don't require doc changes, and doing it unconditionally actually breaks picking to the release-1.6 branch
 2017-07-17 22:21:23 -07:00
Kubernetes Submit Queue
6507a94d8e Merge pull request #49001 from fejta/ginkgo 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

Explicitly set --cluster-ip-range --clean-start --minStartupPods

ref https://github.com/kubernetes/test-infra/pull/3535 https://github.com/kubernetes/test-infra/pull/3375

Also remove unused `GINKGO_PARALLELISM`

/assign @krzyzacy @ixdy
 2017-07-17 22:21:15 -07:00
Kubernetes Submit Queue
c8fb186391 Merge pull request #49043 from zmerlynn/allow-external-node-instance-group 
Automatic merge from submit-queue (batch tested with PRs 49043, 49001, 49057, 49066, 48102)

cluster/gke: If NODE_INSTANCE_GROUP is set, don't execute any bash

Transitional part of kubernetes/test-infra#3307, should be eliminated by kubernetes/test-infra#3330: 
Allow NODE_INSTANCE_GROUP to be set externally from `hack/ginkgo-e2e.sh`, which eliminates any cluster/gke use if KUBERNETES_CONFORMANCE_PROVIDER is set to `gke`.

```release-note
NONE
```
 2017-07-17 22:21:13 -07:00
Chen Rong
413ab26df9 use https to check healthz in hack/local-up-cluster.sh 2017-07-18 12:17:47 +08:00
xiangpengzhao
a6be3b64f8 Make "kubectl version" json output more readable. 2017-07-18 11:21:35 +08:00
Joe Finney
ab5e285197 Invert .linted_packages into .golint_failures. 2017-07-17 14:37:40 -07:00
Zach Loafman
3a2e9d51bb cluster/gke: If NODE_INSTANCE_GROUP is set, don't execute any bash 
Transitional part of kubernetes/test-infra#3307, should be eliminated
by kubernetes/test-infra#3330: Allow NODE_INSTANCE_GROUP to be set
before we get here, which eliminates any cluster/gke use if
KUBERNETES_CONFORMANCE_PROVIDER is set to "gke".
 2017-07-17 14:26:10 -07:00
Kubernetes Submit Queue
8b39fa9cd1 Merge pull request #48494 from mkumatag/webserver 
Automatic merge from submit-queue (batch tested with PRs 48494, 48733)

Move test-webserver from contrib/for-demos to kubernetes/test/images

**What this PR does / why we need it**:
This PR is for
- Moving the https://github.com/kubernetes/contrib/tree/master/for-demos/test-webserver to kubernetes/test/images - Refer https://github.com/kubernetes/contrib/pull/2544 for more information
- Multi architecture support for test-webserver image

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
 2017-07-17 08:43:37 -07:00
Erick Fejta
46bcc330b7 Explicitly set --cluster-ip-range --clean-start --minStartupPods 2017-07-16 18:18:43 -07:00
Kubernetes Submit Queue
8ce6378512 Merge pull request #46091 from xilabao/new-output-in-edit 
Automatic merge from submit-queue (batch tested with PRs 46091, 48280)

allow output patch string in edit command

**What this PR does / why we need it**:
allow user to get the patch from edit command if user is not familiar with the patch format.

```
# ./cluster/kubectl.sh create role a --verb=get,list --resource=no
role "a" created

# ./cluster/kubectl.sh edit role a --output-patch=true
Patch: {"rules":[{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","delete"]}]}
role "a" edited

# ./cluster/kubectl.sh create role b --verb=get,list --resource=no
role "b" created

# ./cluster/kubectl.sh patch role b -p '{"rules":[{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","delete"]}]}'
role "b" patched
```
**Which issue this PR fixes**: fixes #47173

**Special notes for your reviewer**:

**Release note**:

```release-note
Could get the patch from kubectl edit command
```
 2017-07-16 18:04:42 -07:00
Kubernetes Submit Queue
3448d2fa86 Merge pull request #48906 from caesarxuchao/fix-import-cycle 
Automatic merge from submit-queue (batch tested with PRs 44129, 48030, 48906)

Fix import cycle

Removed apimahcinery's dependency on k8s.io/api, introduced in https://github.com/kubernetes/kubernetes/pull/48497#discussion_r127312690.

Fixed hack/verify-staging-imports.sh to prevent future occurrences.
 2017-07-15 17:13:41 -07:00
Kubernetes Submit Queue
cab07f3af0 Merge pull request #46893 from yguo0905/image-spec 
Automatic merge from submit-queue (batch tested with PRs 48890, 46893, 48872, 48896)

Support customized system spec in the node conformance test and create the GKE system spec

ref: https://github.com/kubernetes/kubernetes/issues/46891

- System specs are located in `test/e2e_node/system/specs`. Created one for validating GKE images in `test/e2e_node/system/specs/gke.yaml`.
- `--image-spec-name` can be used to specify a system spec in node e2e and conformance tests. This option maps to `SYSTEM_SPEC_NAME` in a test properties file, which is the user facing configuration. So, users can specify `SYSTEM_SPEC_NAME=gke` to run the image validation using the GKE system spec.
- If `SYSTEM_SPEC_NAME` is unspecified, the default spec (`system.DefaultSysSpec`) will be used.
- We can also use `make test-e2e-node SYSTEM_SPEC_NAME=gke` to run tests using GKE image spec.

**Release note**:
`None`
 2017-07-14 16:49:52 -07:00
Kubernetes Submit Queue
048b0600f9 Merge pull request #48842 from enisoc/quick-verify 
Automatic merge from submit-queue

Add quick-verify make rule.

This is useful for humans to run to catch obvious problems before
pushing commits and waiting for CI to run verify checks.

Quick mode only runs a whitelist of verify scripts that are reasonably fast.
I set the initial bar arbitrarily at <10s each on my workstation.

The whole set runs in <30s for me, assuming I had already run `make` and
`hack/godep-restore.sh`. This is compared to the full `make verify`
which takes [I don't know how long because I gave up after 45min].
 2017-07-14 14:38:28 -07:00
Kubernetes Submit Queue
df47592d5a Merge pull request #48854 from colemickens/msi 
Automatic merge from submit-queue (batch tested with PRs 47066, 48892, 48933, 48854, 48894)

azure: msi: add managed identity field, logic

**What this PR does / why we need it**: Enables managed service identity support for the Azure cloudprovider. "Managed Service Identity" allows us to ask the Azure Compute infra to provision an identity for the VM. Users can then retrieve the identity and assign it RBAC permissions to talk to Azure ARM APIs for the purpose of the cloudprovider needs.

Per the commit text:
```
The azure cloudprovider will now use the Managed Service Identity
to retrieve access tokens for the Azure ARM APIs, rather than
requiring hard-coded, user-specified credentials.
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a 

**Special notes for your reviewer**: none

**Release note**:

```release-note
azure: support retrieving access tokens via managed identity extension
```

cc: @brendandburns @jdumars @anhowe
 2017-07-14 12:50:55 -07:00
Kubernetes Submit Queue
9e97b5249b Merge pull request #46360 from khenidak/azure-pd-final 
Automatic merge from submit-queue

Azure PD (Managed/Blob)

This is exactly the same code as this [PR](https://github.com/kubernetes/kubernetes/pull/41950). It has a clean set of generated items. We created a separate PR to accelerate the accept/merge the PR

CC @colemickens 
CC @brendandburns 

**What this PR does / why we need it**:

1. Adds K8S support for Azure Managed Disks. 
2. Adds support for dedicated blob disks (1:1 to storage account) in addition to shared blob disks (n:1 to storage account). 
3. Automatically manages the underlying storage accounts. New storage accounts are created at 50% utilization. Max is 100 disks, 60 disks per storage account.    
2. Addresses the current issues with Blob Disks:
..* Significantly faster attach process. Disks are now usually available for pods on nodes under 30 sec if formatted, under a min if not formatted. 
..* Adds support to move disks between nodes.
..* Adds consistent attach/detach behavior, checks if the disk is leased/attached on a different node before attempting to attach to target nodes.
..* Fixes a random hang behavior on Azure VMs during mount/format (for both blob + managed disks).
..* Fixes a potential conflict by avoiding the use of disk names for mount paths. The new plugin uses hashed disk uri for mount path.  

The existing AzureDisk is used as is. Additional "kind" property was added  allowing the user to decide if the pd will be shared, dedicated or managed (Azure Managed Disks are used).

Due to the change in mounting paths, existing PDs need to be recreated as PV or PVCs on the new plugin.
 2017-07-14 09:57:51 -07:00
Yang Guo
22c9e23202 Supports customized system spec in the node conformance test and creates the GKE system spec 2017-07-14 09:39:19 -07:00
Kubernetes Submit Queue
ca0a868823 Merge pull request #48651 from shyamjvs/logexporter-supporter 
Automatic merge from submit-queue (batch tested with PRs 48864, 48651, 47703)

Enable logexporter mechanism to dump logs from k8s nodes to GCS directly

Ref https://github.com/kubernetes/kubernetes/issues/48513

This adds support for logexporter from k8s side. Next I'll send a PR adding support from test-infra side.

/cc @kubernetes/sig-scalability-misc @kubernetes/test-infra-maintainers @fejta @wojtek-t @gmarek
 2017-07-14 03:10:45 -07:00
Khaled Henidak & Andy Zhang
677e593d86 Add Azure managed disk support 2017-07-14 14:09:44 +08:00
Kubernetes Submit Queue
a14abaabab Merge pull request #48824 from yguo0905/docker-validation 
Automatic merge from submit-queue (batch tested with PRs 48082, 48815, 48901, 48824)

Add test image name to the OS image field of the perf metrics

I'd like to add the resource usage benchmarks for COS m60 (docker 1.13.1) but don't want to remove the existing m59 (docker 1.11.2) [ones](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/benchmark/benchmark-config.yaml#L51-L71), in order to compare the results between the two docker versions.

The `image` reported in the metrics is from `Node.Status.NodeInfo.OSImage`, which is always "Container-Optimized OS from Google" (from `/etc/os-releases`) for COS. So there's no way to differentiate two milestones in the metrics.

This PR attaches the [image name](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/benchmark/benchmark-config.yaml#L52) to the `image` field of the metrics. So it will become "Container-Optimized OS from Google (cos-stable-59-9460-64-0)".

See the results of the test run:

[performance-memory-containervm-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-containervm-resource1-resource_0.json)
[performance-memory-coreos-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-coreos-resource1-resource_0.json)
[performance-memory-gci-resource1-resource_0.json](https://storage.googleapis.com/ygg-gke-dev-bucket/e2e-node-test/ci-kubernetes-node-kubelet-benchmark/13/artifacts/performance-memory-gci-resource1-resource_0.json)

**Release note**:
```
None
```

Ref: https://github.com/kubernetes/kubernetes/issues/42926

/sig node
/area node-e2e
/assign @dchen1107
 2017-07-13 22:44:00 -07:00
Kubernetes Submit Queue
8ad1be7833 Merge pull request #44475 from freehan/checkpoint-test 
Automatic merge from submit-queue

add dockershim checkpoint node e2e test

Add a bunch of disruptive cases to test kubelet/dockershim's checkpoint work flow.

Some steps are quite hacky. Not sure if there is better ways to do things.
 2017-07-13 18:50:10 -07:00
Cole Mickens
cd177dcd11 add pkg/credentailprovider/azure to hack/.linted_packages 2017-07-13 14:29:11 -07:00
Chao Xu
40be152c95 update verify-staging-imports.sh 2017-07-13 13:01:35 -07:00
Anthony Yeh
db869a6b0b Add quick-verify make rule. 
This is useful for humans to run to catch obvious problems before
pushing commits and waiting for CI to run verify checks.

Quick mode only runs a whitelist of verify scripts that are reasonably fast.
I set the initial bar arbitrarily at <10s each on my workstation.

The whole set runs in <30s for me, assuming I had already run `make` and
`hack/godep-restore.sh`. This is compared to the full `make verify`
which takes [I don't know how long because I gave up after 45min].
 2017-07-12 16:29:31 -07:00
Anthony Yeh
e3fed1ce6d Allow verify-sh to run in SILENT mode. 
Because of nounset, it was impossible to run without -v.
 2017-07-12 15:02:52 -07:00
Yang Guo
b17c6a1769 Add test image name to the OS image field of the perf metrics 2017-07-12 14:51:45 -07:00