github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

9736 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
1385280afc
Merge pull request #91775 from cofyc/fix91755 
VolumeBinding: Skip/fail fast in PreFilter phase and improve error reporting
 2020-06-12 10:47:56 -07:00
Kubernetes Prow Robot
bc9c5afaf0
Merge pull request #90853 from kumarvin123/feature/IPv6DualStackProxy 
KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows
 2020-06-11 19:07:55 -07:00
Yecheng Fu
c4138361e4 Fail fast in PreFilter phase and return UnschedulableAndUnresolvable if immediate PVCs are not bound 2020-06-12 10:00:19 +08:00
Jordan Liggitt
df6608dc99 Generated files 2020-06-11 16:04:19 -04:00
Jordan Liggitt
0d674c4edb cmd: silence warnings in kube-controller-manager/kube-apiserver, dedupe/color warnings in kubectl 2020-06-11 16:04:19 -04:00
Jayasekhar Konduru
2a89577659 CSI: Modify VolumeAttachment check to use Informer/Cache 
Change-Id: Ie70c8b6657c67eefbf13042f36d56ca84a2e42bb
 2020-06-11 10:34:09 -07:00
Kubernetes Prow Robot
a8e43038a4
Merge pull request #92018 from liggitt/csr-controller-v1 
Check for v1 CSR API in kube-controller-manager
 2020-06-11 00:53:19 -07:00
Kubernetes Prow Robot
0a5d70617f
Merge pull request #91952 from xlgao-zju/add-retries-for-updatestautes 
kubeadm: Add retries for kubeadm join / UpdateStatus
 2020-06-10 22:43:34 -07:00
Kubernetes Prow Robot
9ccf6f7de7
Merge pull request #91818 from wojtek-t/remove_cachesize 
Remove heuristic watchcache sizes
 2020-06-10 22:43:24 -07:00
Kubernetes Prow Robot
1f299e7b99
Merge pull request #91574 from cofyc/fix91436 
share a common pod indexer among volume controllers
 2020-06-10 22:42:56 -07:00
Jordan Liggitt
6183bcff6b Check for v1 CSR API in kube-controller-manager 2020-06-10 22:46:30 -04:00
Kubernetes Prow Robot
3918393e04
Merge pull request #91578 from knabben/kubelet-node-allocate 
Deprecating --experimental-allocatable-ignore-eviction flag
 2020-06-10 19:14:56 -07:00
Lubomir I. Ivanov
7ddd966ed2 kubeadm: mark --experimental-kustomize as deprecated 2020-06-11 04:57:13 +03:00
Kubernetes Prow Robot
64d254508f
Merge pull request #91816 from p0lyn0mial/gc-discovery 
GC: doesn't create monitors in the constructor
 2020-06-10 17:13:48 -07:00
Kubernetes Prow Robot
17630c34cf
Merge pull request #91793 from alculquicondor/new-default-spread 
Use PodTopologySpread for default spreading
 2020-06-10 17:13:38 -07:00
Kubernetes Prow Robot
9089568465
Merge pull request #91780 from liggitt/csr-v1-rotate-kubelet-client 
CSR v1 - promote RotateKubeletClientCertificate to GA
 2020-06-10 17:13:24 -07:00
Vinod K L Swamy
ac3f87346f
KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows 
Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>
 2020-06-10 15:36:48 -07:00
Xianglin Gao
04ef3628e3 refact CreateOrMutateConfigMap and MutateConfigMap with PollImmediate 
Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>
 2020-06-11 00:31:22 +08:00
Lukasz Szaszkiewicz
50db32cf8c GC doesn't have to create monitors in the constructor 2020-06-10 14:59:45 +02:00
Rostislav M. Georgiev
5d0127493c kubeadm upgrade plan: don't load component configs 
Component configs are used by kubeadm upgrade plan at the moment. However, they
can prevent kubeadm upgrade plan from functioning if loading of an unsupported
version of a component config is attempted. For that matter it's best to just
stop loading component configs as part of the kubeadm config load process.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-06-10 14:23:53 +03:00
Jordan Liggitt
a298c14f18 Switch cert manager to v1 CSR API by default, falling back to v1beta1 2020-06-10 02:30:54 -04:00
Kubernetes Prow Robot
11fe6e815f
Merge pull request #91713 from liggitt/csr-v1-manager 
CSR v1 - switch controllers
 2020-06-09 14:49:30 -07:00
Amim Knabben
0ed41c3f10 Deprecating --bootstrap-checkpoint-path flag 2020-06-09 15:27:01 -04:00
Aldo Culquicondor
170f81cff3 Use PodTopologySpread for default spreading 
Under the feature gate DefaultPodTopologySpread, which will disable the legacy DefaultPodTopologySpread plugin from the default algorithm providers.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-06-09 14:59:42 -04:00
Xianglin Gao
6d572ea9b7 Add retries for CreateOrUpdateRoleBinding 
Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>
 2020-06-10 00:23:46 +08:00
Xianglin Gao
052eb7d9a5 Add retries for CreateOrUpdateRole 
Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>
 2020-06-10 00:12:25 +08:00
Rostislav M. Georgiev
e7427c66f3 kubeadm: Merge getK8sVersionFromUserInput into enforceRequirements 
`getK8sVersionFromUserInput` would attempt to load the config from a user
specified YAML file (via the `--config` option of `kubeadm upgrade plan` or
`kubeadm upgrade apply`). This is done in order to fetch the `KubernetesVersion`
field of the `ClusterConfiguration`. The complete config is then immediately
discarded. The actual config that is used during the upgrade process is fetched
from within `enforceRequirements`.

This, along with the fact that `getK8sVersionFromUserInput` is always called
immediately after `enforceRequirements` makes it possible to merge the two.
Merging them would help us simplify things and avoid future problems in
component config related patches.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-06-09 14:46:56 +03:00
Divyen Patel
148ef06a3d vSphere in-tree volumes migration to vSphere CSI driver 2020-06-08 16:17:02 -07:00
Andrew Sy Kim
41dc075a85 move pkg/controller/cloud/node_lifecycle_controller.go to k8s.io/cloud-provider/controllers/nodelifecycle for easier external consumption 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-06-08 17:34:01 -04:00
Andrew Sy Kim
6d4a19b31c move pkg/controller/cloud/node_controller.go to k8s.io/cloud-provider/controllers/node for easier external consumption 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-06-08 17:34:01 -04:00
Andrew Sy Kim
99d9dda5a7 move pkg/controller/route to k8s.io/cloud-provider/controllers/route for easier external consumption 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-06-08 17:34:01 -04:00
Andrew Sy Kim
d06cd7ee4f move pkg/controller/service to k8s.io/cloud-provider/controllers/service for easier external consumption 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-06-08 17:34:01 -04:00
wojtekt
5ceb53987b Remove heuristic watchcache sizes 2020-06-08 13:32:52 +02:00
Amim Knabben
df3998c98e Deprecating --experimental-allocatable-ignore-eviction flag 2020-06-06 11:27:55 -04:00
Jordan Liggitt
db4ca87d9d Switch CSR approver/signer/cleaner controllers to v1 2020-06-05 18:45:34 -04:00
Jordan Liggitt
71d77b54fd Promote RotateKubeletClientCertificate to GA 2020-06-05 18:45:01 -04:00
Kubernetes Prow Robot
3f8bb1bf50
Merge pull request #91685 from liggitt/csr-v1 
CertificateSigningRequest v1 API
 2020-06-05 15:30:14 -07:00
Kubernetes Prow Robot
b8b4186a14
Merge pull request #90143 from neolit123/1.19-remove-cert-renew-api 
kubeadm: remove usage of the "certificates" API for cert renewal
 2020-06-05 11:35:43 -07:00
Kubernetes Prow Robot
4e3dea81c1
Merge pull request #91580 from cofyc/fix90958 
Remove KubeSchedulerConfiguration.BindTimeoutSeconds
 2020-06-05 08:45:45 -07:00
Jordan Liggitt
e0f5cca410 Copy CSR v1beta1 to v1 
* Remove prerelease tags
* Update copyright, package, imports to v1
* Remove signerName, usages, and condition status defaulting
 2020-06-05 00:47:24 -04:00
Kubernetes Prow Robot
c0455a1853
Merge pull request #91154 from liggitt/signer-duration 
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
 2020-06-04 17:59:45 -07:00
Kubernetes Prow Robot
ef1bc416b8
Merge pull request #90408 from knabben/kubelet-cloud-provider 
Mark Kubelet --cloud-provider and --cloud-config deprecated
 2020-06-04 13:51:44 -07:00
Kubernetes Prow Robot
2dc7b68b83
Merge pull request #91598 from Huang-Wei/podtopologyspread-ga 
Remove `EvenPodsSpread` featuregate and related logic
 2020-06-04 07:05:28 -07:00
Kubernetes Prow Robot
b607c7cd52
Merge pull request #86070 from rosti/kubeadm-cc-user-configs-checksum-a 
kubeadm: distinguish between generated and user supplied component configs
 2020-06-03 05:44:18 -07:00
Yecheng Fu
8422044f17 sharing a common pod pvc indexer among volume controllers 2020-06-03 14:51:21 +08:00
Yecheng Fu
1ff09c0934 Remove BindTimeoutSeconds from KubeSchedulerConfiguration 2020-06-03 09:54:06 +08:00
Amim Knabben
222cae36ec Moving Kubelet --cloud-provider and --cloud-config to configuration 2020-06-02 21:35:36 -04:00
Kubernetes Prow Robot
c00cd246dc
Merge pull request #91373 from knabben/kubelet-experimental-mount 
Deprecating Kubelet mount related flags
 2020-06-02 18:11:00 -07:00
Kubernetes Prow Robot
dcbdf1a7e1
Merge pull request #91275 from knabben/kubelet-node-status-image 
Moving Kubelet --node-status-max-images flag to configuration
 2020-06-02 18:10:45 -07:00
Kubernetes Prow Robot
40076c856e
Merge pull request #91179 from SataQiu/startup-probe-20200517 
kubeadm: add startup probes for static Pods to protect slow starting containers
 2020-06-02 18:10:31 -07:00
Kubernetes Prow Robot
4f78660cdf
Merge pull request #90734 from cici37/ports 
Move CloudControllerManagerPort to k8s.io/cloud_provider
 2020-06-02 18:10:17 -07:00
Wei Huang
133dde6358
Remove EvenPodsSpread featuregate and related logic 2020-06-02 11:24:12 -07:00
Kubernetes Prow Robot
7bd4c53b27
Merge pull request #91630 from liggitt/kube-apiserver-kubelet-https 
Mark --kubelet-https deprecated, unconditionally use https for apiserver->kubelet connections
 2020-06-02 02:02:14 -07:00
Jordan Liggitt
2e8461a5bc Mark --kubelet-https deprecated, unconditionally use https for apiserver->kubelet connections 2020-06-01 20:54:49 -04:00
Rostislav M. Georgiev
5d6cf8ecd4 kubeadm: Distinguish between user supplied and generated component configs 
Until now, users were always asked to manually convert a component config to a
version supported by kubeadm, if kubeadm is not supporting its version.
This is true even for configs generated with older kubeadm versions, hence
getting users to make manual conversions on kubeadm generated configs.
This is not appropriate and user friendly, although, it tends to be the most
common case. Hence, we sign kubeadm generated component configs stored in
config maps with a SHA256 checksum. If a configs is loaded by kubeadm from a
config map and has a valid signature it's considered "kubeadm generated" and if
a version migration is required, this config is automatically discarded and a
new one is generated.
If there is no checksum or the checksum is not matching, the config is
considered as "user supplied" and, if a version migration is required, kubeadm
will bail out with an error, requiring manual config migration (as it's today).
The behavior when supplying component configs on the kubeadm command line
does not change. Kubeadm would still bail out with an error requiring migration
if it can recognize their groups but not versions.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-06-01 17:57:53 +03:00
Kubernetes Prow Robot
774c9a6db6
Merge pull request #91349 from neolit123/1.19-fail-on-unrecognized-args 
cmd/*: fail on unrecognized flags/arguments for component CLI
 2020-05-30 00:27:53 -07:00
Kubernetes Prow Robot
d1586ea3f9
Merge pull request #91502 from deads2k/dyn-audit-removal-00 
remove --feature-gates=DynamicAuditing
 2020-05-29 11:56:20 -07:00
Kubernetes Prow Robot
2572066ac0
Merge pull request #91424 from prasadkatti/add_validate_etcd_tests 
Add tests for ValidateEtcd
 2020-05-28 16:37:53 -07:00
Kubernetes Prow Robot
c682b313d9
Merge pull request #91420 from pancernik/scheduler-config-v1beta1 
Promote kubescheduler.config.k8s.io to v1betav1
 2020-05-28 12:24:39 -07:00
Monis Khan
fc4f91f10b cmd/*: fail on unrecognized flags/arguments for component CLI 
In case a malformed flag is passed to k8s components
such as "–foo", where "–" is not an ASCII dash character,
the components currently silently ignore the flag
and treat it as a positional argument.

Make k8s components/commands exit with an error if a positional argument
that is not empty is found. Include a custom error message for all
components except kubeadm, as cobra.NoArgs is used in a lot of
places already (can be fixed in a followup).

The kubelet already handles this properly - e.g.:
'unknown command: "–foo"'

This change affects:
- cloud-controller-manager
- kube-apiserver
- kube-controller-manager
- kube-proxy
- kubeadm {alpha|config|token|version}
- kubemark

Signed-off-by: Monis Khan <mok@vmware.com>
Signed-off-by: Lubomir I. Ivanov <lubomirivanov@vmware.com>
 2020-05-28 22:06:01 +03:00
Andrew Sy Kim
ed3feac74d only log cloud provider deprecation warning for in-tree components 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-28 11:55:56 -04:00
SataQiu
17f3cd48a5 add '--logging-format' flag to kube-controller-manager 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-05-28 16:54:23 +08:00
tahsinrahman
201f869c66 Add --logging-format flag for kube-apiserver 2020-05-28 11:39:04 +08:00
Kubernetes Prow Robot
02637bb250
Merge pull request #91145 from tnqn/kubeadm-reset-error 
kubeadm: skip removing last etcd member in reset phase
 2020-05-27 15:04:01 -07:00
David Eads
e857adbdfd remove-api 2020-05-27 16:58:05 -04:00
Kubernetes Prow Robot
d680e053f1
Merge pull request #91409 from johscheuer/update-api-server-flag-help 
Update kube-apiserver flag comments
 2020-05-27 13:11:52 -07:00
David Eads
ed4e6f1026 remove dynamic audit 2020-05-27 15:18:53 -04:00
Prasad Katti
c253ccca00 Add tests for ValidateEtcd 2020-05-27 10:40:13 -07:00
Amim Knabben
896cc4c0c4 Deprecating Kubelet mount related flags 2020-05-27 09:33:27 -04:00
Prasad Katti
a85fc1038c Add tests for ValidateURLs (kubeadm validation) 2020-05-26 20:31:04 -07:00
Kubernetes Prow Robot
eff6105a33
Merge pull request #91397 from prasadkatti/add_cri_socket_path_tests 
Add cri socket path tests
 2020-05-26 19:13:09 -07:00
Kubernetes Prow Robot
03cd30b9d7
Merge pull request #90494 from knabben/kubelet-provider 
Migrating Kubelet --enable-server and --provider-id flags to config
 2020-05-26 19:12:42 -07:00
Kubernetes Prow Robot
dee4a7cd84
Merge pull request #91182 from knabben/kubelet-cfg-seccomp 
Migrating Kubelet flag --seccomp-profile-root to configuration file
 2020-05-26 13:37:33 -07:00
Amim Knabben
ee3c1aeac6 Copying --seccomp-profile-root to Kubelet config file 2020-05-26 10:19:41 -04:00
Prasad Katti
b5c08caa34 Add tests for ValidateSocketPath 2020-05-25 17:28:58 -07:00
Kubernetes Prow Robot
6d3edbcbed
Merge pull request #91411 from Hsiny/master 
Fix 404 link in kube-scheduler command usage description
 2020-05-25 14:59:11 -07:00
Rafal Wicha
852442c0ff Promote kubescheduler.config.k8s.io to v1betav1 2020-05-25 22:25:57 +01:00
Rafal Wicha
85be9c1673 Move Scheduler plugin args validation to apis/config/validation 2020-05-25 16:27:21 +01:00
Hsiny
9c7be05b60 fix,404 link in kube-scheduler command usage description 2020-05-25 23:07:00 +08:00
Johannes M. Scheuermann
bd42094d90 Update kube-apiserver flag comments 2020-05-25 15:43:56 +02:00
Prasad Katti
a1ac30db40 Add a kubeadm ValidateNodeRegistrationOptions test 2020-05-24 14:18:41 -07:00
Rostislav M. Georgiev
def0db6a16 kubeadm: Remove unused constants 
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-05-22 17:10:27 +03:00
Amim Knabben
f6246aba6e Moving Kubelet --node-status-max-images flag to configuration 2020-05-21 22:37:01 -04:00
Jiajie Yang
ebbd455b24 Restrict service account token metrics to kube-apiserver only. 2020-05-21 15:34:57 -07:00
SataQiu
e04a2b3b26 kubeadm: add startup probes for static Pods to protect slow starting containers 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-05-21 11:12:36 +08:00
Kubernetes Prow Robot
e41876666f
Merge pull request #91280 from prasadkatti/fix_markcontrolplane 
Update kubeadm test TestMarkControlPlane
 2020-05-20 19:41:50 -07:00
Kubernetes Prow Robot
12088aa76d
Merge pull request #90649 from cici37/leaderelectionconfig 
Moving leaderelectionconfig to k8s.io/component-base
 2020-05-20 19:40:47 -07:00
Prasad Katti
d7f769be3e Update kubeadm test TestMarkControlPlane 
- Use a dummy nodename instead of OS hostname
- Inline toString() function
- Use backticks to wrap expected patch
- Remove redundant test name from error logs
 2020-05-20 12:43:18 -07:00
Quan Tian
9cc416e7df kubeadm: do not remove the only remaining etcd member during reset 
If this is the only remaining stacked etcd member in the cluster,
calling RemoveMember() is not needed.
 2020-05-21 02:12:36 +08:00
Davanum Srinivas
0608e8be25
update bazel BUILD files 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:47 -04:00
Davanum Srinivas
5692926914
Move packages for slightly better UX for consumers 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:46 -04:00
Kubernetes Prow Robot
7ba332a839
Merge pull request #91258 from alculquicondor/double_spread_weight 
Set weight of PodTopologySpread Score to 2
 2020-05-19 23:40:42 -07:00
Kubernetes Prow Robot
bb4a21161f
Merge pull request #90892 from xphoniex/fix-kubeadm-getting-stuck-alpine 
kubeadm: move the "kubelet-start" phase after "kubeconfig" for "init"
 2020-05-19 16:32:19 -07:00
Aldo Culquicondor
9819b25a44 Set weight of PodTopologySpread Score to 2 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-05-19 12:08:38 -04:00
Rostislav M. Georgiev
543f29be4e kubeadm: Reduce kubelet.DownloadConfig usage 
kubelet.DownloadConfig is an old utility function which takes a client set and
a kubelet version, uses them to fetch the kubelet component config from a
config map, and places it in a local file. This function is simple to use, but
it is dangerous and unnecessary. Practically, in all cases the kubelet
configuration is present locally and does not need to be fetched from a config
map on the cluster (it just needs to be stored in a file).
Furthermore, kubelet.DownloadConfig does not use the kubeadm component configs
module in any way. Hence, a kubelet configuration fetched using it may not be
patched, validated, or otherwise, processed in any way by kubeadm other than
piping it to a file.

This patch replaces all but a single kubelet.DownloadConfig invocation with
equivalents that get the local copy of the kubelet component config and just
store it in a file. The sole remaining invocation covers the
`kubeadm upgrade node --kubelet-version` case.

In addition to that, a possible panic is fixed in kubelet.DownloadConfig and
it now takes the kubelet version parameter as string.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-05-19 13:30:45 +03:00
Kubernetes Prow Robot
c8ecfc328d
Merge pull request #91158 from prasadkatti/master 
[kubeadm] add tests for package `patchnode`
 2020-05-18 13:33:58 -07:00
Kubernetes Prow Robot
7dafbe3ff3
Merge pull request #90391 from johscheuer/improve-error-message-svc-cidr 
Improve the error message for the service cidr check
 2020-05-18 11:05:37 -07:00
Prasad Katti
21a1d1d179 [kubeadm] add tests for patchnode 2020-05-18 10:06:06 -07:00
Paulo Gomes
550a67869a
Warn when insecure TLS ciphers are selected. 2020-05-18 13:16:32 +01:00
Kubernetes Prow Robot
ec23b612b8
Merge pull request #91176 from prasadkatti/add_tests_validation 
Update kubeadm test TestValidateToken
 2020-05-17 18:35:35 -07:00
Kubernetes Prow Robot
c6147e3231
Merge pull request #91170 from prasadkatti/fix_ident 
Fix identation in kubeadm api docs
 2020-05-17 16:09:36 -07:00
Prasad Katti
124386eaa0 Fix identation in kubeadm api docs 2020-05-17 14:05:34 -07:00
Prasad Katti
89fa53f064 Update kubeadm test TestValidateToken 
- Remove some duplicate testcases
- Add token to error message
 2020-05-16 23:46:18 -07:00
Kubernetes Prow Robot
5bace30840
Merge pull request #91148 from liggitt/kubelet-client-metric 
Add kubelet_certificate_manager_client_ttl_seconds gauge
 2020-05-16 19:00:24 -07:00
Kubernetes Prow Robot
b170451caa
Merge pull request #90183 from dims/update-kubernetes-to-klog-v2 
Update kubernetes to klog v2
 2020-05-16 18:59:51 -07:00
Amim Knabben
8459c9b6f4 Moving enable-server and provider-id 2020-05-16 21:34:13 -04:00
Kubernetes Prow Robot
694a9c242e
Merge pull request #90970 from johscheuer/add-readiness-to-controlplane 
kubeadm: use two separate checks on /livez and /readyz for the kube-apiserver
 2020-05-16 07:36:49 -07:00
Kubernetes Prow Robot
45bfd14ee3
Merge pull request #90174 from tnqn/certdir-default-value 
Delete the wrong comment about CertDirectory of kubelet
 2020-05-16 07:36:03 -07:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Jordan Liggitt
950ed38996 Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration 2020-05-15 14:09:58 -04:00
Jordan Liggitt
2408d8101f Fix kubelet client certificate gauge 2020-05-15 12:57:34 -04:00
cici37
f52636330a Moving leaderelectionconfig to k8s.io/component-base 2020-05-15 09:08:20 -07:00
xphoniex
64cca18f4f move KubeletStartPhase past config writing phase(s) 2020-05-15 11:06:52 +00:00
Kubernetes Prow Robot
9e88546f30
Merge pull request #91065 from SataQiu/fix-kubeadm-20200513 
kubeadm: log more information when missing the necessary config element
 2020-05-15 02:49:17 -07:00
Kubernetes Prow Robot
c096a37226
Merge pull request #89158 from alena1108/mar16 
Kubelet doc: clarification for api-qps/burst flags
 2020-05-14 17:04:58 -07:00
Kubernetes Prow Robot
5bda0c1b3b
Merge pull request #83726 from cofyc/fix56180 
scheduler: Move all volume binding code into VolumeBinding plugin
 2020-05-14 10:08:23 -07:00
Johannes M. Scheuermann
9a1cbc2711 Use livez and readyz endpoint for API server probes 2020-05-14 17:41:05 +02:00
SataQiu
281f44628f kubeadm: log more information when missing the necessary config element 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-05-14 10:07:03 +08:00
Kubernetes Prow Robot
40b0f4f6cb
Merge pull request #90565 from alculquicondor/cleanup-sched-config 
Remove wrapper around base LeaderElectionConfiguration
 2020-05-13 15:59:05 -07:00
Kubernetes Prow Robot
2ca3347dc0
Merge pull request #90499 from knabben/kubelet-testing-flags 
Deprecating Kubelet not used testing flags
 2020-05-13 15:58:37 -07:00
Kubernetes Prow Robot
3b024339bd
Merge pull request #90645 from neolit123/1.19-fix-retry-etcd-member-add 
kubeadm: fix flakes when performing etcd MemberAdd on slower setups
 2020-05-13 06:04:26 -07:00
Paulo Gomes
e7ced21235
Invert error validation 2020-05-13 09:19:17 +01:00
Kubernetes Prow Robot
977aeab3e5
Merge pull request #90987 from andrewsykim/service-controller-fixup 
service controller: clean up unit tests
 2020-05-13 00:19:13 -07:00
Kubernetes Prow Robot
2f381e06e5
Merge pull request #90872 from mikedanese/integ 
fix some fixture path calculations
 2020-05-13 00:18:54 -07:00
Mike Danese
bd290e924f fix some fixture path calculations 
Current calculations assume that -trimpath is not passed to go tool
compile, which is not the case for test binaries built with bazel. This
causes issues for integration tests right now but is generally not
correct.

The approach taken here is a bit of a hack but it works on the
assumption that if and only if trimpath is passed, we are running under
bazel. I didn't see a good spot for pkgPath(), so I just copied it
around.
 2020-05-12 15:34:55 -07:00
Kubernetes Prow Robot
89ba90573f
Merge pull request #90788 from xlgao-zju/delete-prepull-ds 
kubeadm: delete pre-pull ds and add pull images check in upgrade apply and upgrade node
 2020-05-12 12:08:22 -07:00
Andrew Sy Kim
758c25de2f service controller: store feature gate in local fields for better testability 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-12 13:40:54 -04:00
cici37
fd694fa947 Remove CloudControllerManagerPort to k8s.io/cloud_provider 2020-05-12 01:15:16 -07:00
Yecheng Fu
c14b749521 scheduler/volumebinding: move all volume binding logic into VolumeBinding plugin 2020-05-12 10:13:05 +08:00
Kubernetes Prow Robot
b5f67110ed
Merge pull request #87746 from mattjmcnaughton/mattjmcnaughton/poc-compiling-kubelet-wo-docker 
Support compiling Kubelet w/o docker/docker
 2020-05-09 12:01:51 -07:00
Kubernetes Prow Robot
c0dab07d7e
Merge pull request #90680 from andrewsykim/update-owners 
move inactive SIG Cloud Provider approvers to emeritus_approvers
 2020-05-09 07:24:04 -07:00
Kubernetes Prow Robot
b8dd18380f
Merge pull request #90733 from cici37/legacyschema 
Remove //pkg/api/legacyscheme from CCM and CM
 2020-05-09 00:44:19 -07:00
Kubernetes Prow Robot
8d718b1ef5
Merge pull request #90731 from deads2k/csr-separate-signer-flags 
refactor the CSR controller into distinct controllers to allow easy
 2020-05-09 00:44:05 -07:00
cici37
50ea7a0435 Remove pkg/api/legacyscheme from cmd/controller-manager 2020-05-08 09:49:22 -07:00
Kubernetes Prow Robot
2e4bab8065
Merge pull request #90840 from rosti/kubeadm-move-kubelet-featuregates 
kubeadm: Move IPv6DualStack feature gate to component config
 2020-05-08 05:24:09 -07:00
Kubernetes Prow Robot
90f7ae54ac
Merge pull request #90657 from alculquicondor/default-plugin-args 
Move Plugin Args defaults to versioned packages
 2020-05-08 02:03:42 -07:00
Johannes M. Scheuermann
4c5b46d2ae Move validation in own function with tests 2020-05-08 08:52:34 +02:00
Xianglin Gao
a169305207 kubeadm: add pull images check in upgrade apply and upgrade node 
Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>
 2020-05-08 12:42:54 +08:00
Kubernetes Prow Robot
87e5d4e4de
Merge pull request #90630 from nilo19/cleanup/add-import-restrictions-to-ccm 
Add .import-restrictions file to cmd/cloud-controller-manager
 2020-05-07 17:19:42 -07:00
cici37
399b6b50f0 Remove //pkg/api/legacyscheme from CCM 2020-05-07 16:36:14 -07:00
mattjmcnaughton
34c8f51dcb
Remove all uses of dockershim from cmd/kubelet 
We can remove all uses of `dockershim` from `cmd/kubelet`, by just
passing the docker options to the kubelet in their pure form, instead of
using them to create a `dockerClientConfig` (which is defined in
dockershim). We can then construct the `dockerClientConfig` only when we
actually need it.
 2020-05-07 17:18:49 -04:00
mattjmcnaughton
53adde65ce
Remove ExperimentalDockershim from kubelet 
Remove one of two uses of Dockershim in `cmd/kubelet`. The other is for
creating a docker client which we pass to the Kubelet... we will handle
that refactor in a separate diff.

I'm fairly confident, though need to double check, that no one is
actually using this experimental dockershim behavior. If they are, I
think we will want to find a new way to support it (that doesn't require
using the Kubelet only to launch Dockershim).
 2020-05-07 17:18:48 -04:00
Rostislav M. Georgiev
b46259b7af kubeadm: Move IPv6DualStack feature gate to component config 
kubeadm is setting the IPv6DualStack feature gate in the command line of the kubelet.
However, the kubelet is gradually moving away from command line flags towards component config use.
Hence, we should set the IPv6DualStack feature gate in the component config instead.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-05-07 14:28:07 +03:00
Aldo Culquicondor
2935480cc8 Move Plugin Args defaults to versioned packages 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-05-06 18:00:23 -04:00
Xianglin Gao
6c6a702a99 kubeadm: delete prepull ds 
Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>
 2020-05-06 15:52:19 +08:00
David Eads
83035890ad refactor the CSR controller into distinct controllers to allow easy configuration of multiple signing keys 2020-05-05 10:18:04 -04:00
Kubernetes Prow Robot
dc6c640a12
Merge pull request #90375 from cici37/removeConfigz 
move pkg/util/configz to k8s.io/component-base
 2020-05-04 13:46:09 -07:00
Brian Pursley
f8cd4a06ef Fixed bug that caused TestKubeletDefault to fail when run on systems that have systemd-resolved active 2020-05-04 11:55:54 -04:00
Andrew Sy Kim
4117d79e7c move inactive SIG Cloud Provider approvers to emeritus_approvers 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-01 17:31:17 -04:00
Kubernetes Prow Robot
8caddda753
Merge pull request #90513 from SataQiu/fix-kubeadm-20200427 
kubeadm: do not set deprecated '--cgroup-driver' flag in kubeadm-flags.env, it will be set in config.yaml
 2020-05-01 00:40:32 -07:00
Amim Knabben
fe9eb1ba46 Migrating Kubelet testing flags to configuration 2020-04-30 22:12:39 -04:00
Lubomir I. Ivanov
1c430ff30f kubeadm: fix flakes when performing etcd MemberAdd on slower setups 
In slower setups it can take more time for the existing cluster
to be in a healthy state, so the existing backoff of ~50 seconds
is apparently not sufficient.

The client dial can also fail for similar reasons.

Improve kubeadm's join toleration of adding new etcd members.
Wrap both the client dial and member add in a longer backoff
(up to ~200 seconds).

This particular change should be backported to the support skew.
In a future change for master, all etcd client operations should be
make consistent so that the etcd logic is in a sane state.
 2020-04-30 18:53:29 +03:00
Kubernetes Prow Robot
8dd93ca94c
Merge pull request #90309 from alculquicondor/plugin-args-decoding 
Use internal config types in scheduling plugin args
 2020-04-30 05:32:18 -07:00
Kubernetes Prow Robot
8876563700
Merge pull request #90360 from tnozicka/fix-client-ca-reload 
Fix client-ca dynamic reload in apiserver
 2020-04-30 01:10:18 -07:00
t-qini
a0a6a7e28c Add .import-restrictions file to cmd/cloud-controller-manager 2020-04-30 15:49:58 +08:00
Aldo Culquicondor
98d1e241f1 Use internal config types in scheduling plugin args 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-04-29 17:07:10 -04:00
cici37
7f4d19167e Move pkg/util/configz to k8s.io/component-base 2020-04-29 12:17:25 -07:00
Kubernetes Prow Robot
a26c34e470
Merge pull request #90381 from cici37/features 
Remove CCM's dependency: pkg/features
 2020-04-29 11:42:24 -07:00
cici37
722ab792b4 Use IPv6DualStack as const to avoid extra dep. 2020-04-29 09:06:10 -07:00
Tomas Nozicka
b22a170d46 Fix client-ca dynamic reload in apiserver 2020-04-29 16:03:09 +02:00
Kubernetes Prow Robot
0c3c2cd6ac
Merge pull request #89660 from pjferrell/kubectl-jsonpath-nonprimitive-types 
client-go/util/jsonpath: resolve #16707 by outputting json for non-primitive types
 2020-04-28 22:56:25 -07:00
Aldo Culquicondor
29f5adee7f Remove wrapper around base LeaderElectionConfiguration 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-04-28 15:44:35 -04:00
Aaron Crickenberger
81881e4a12 prune .import-restrictions 
specifically:

- cmd/kubeadm/.import-restrictions
  - we don't need to explicitly allow k8s.io repos (external or published)
- rm pkg/controller/.import-restrictions
  - pkg/client/unversioned was removed in 59042
- pkg/kubectl/.import-restrictions
  - pkg/printers is no longer used
  - pkg/api was masking all of the pkg/apis prefixes
- rm staging/src/k8s.io/code-generator/cmd/lister-gen/.import-restrictions
  - noop / empty file
- test/e2e/framework/.import-restrictions
  - we don't need to explicitly allow k8s.io repos (external or published)
 2020-04-28 08:41:36 -07:00
Aaron Crickenberger
f306a0dbb4 convert .import-restrictions to yaml 
yaml has comments, so we can explain why we have certain rules or
certain prefixes

for those files that weren't already commented yaml, I converted them to
yaml and took a best guess at comments based on the PRs that introduced
or updated them
 2020-04-28 08:41:36 -07:00
SataQiu
afb1ea44b9 kubeadm: do not set deprecated '--cgroup-driver' flag in kubeadm-flags.env, this value will be set in config.yaml 2020-04-27 15:32:10 +08:00
Kubernetes Prow Robot
f8297af392
Merge pull request #90284 from wawa0210/kubelet-nodename-clean 
Remove duplicate calculation nodename、hostname、hostnameOverridden when kubelet is initialized
 2020-04-24 12:15:34 -07:00
Kubernetes Prow Robot
9706b70213
Merge pull request #90411 from johscheuer/improve-error-message 
Improve error message when service cidr is to small
 2020-04-24 03:16:21 -07:00
Kubernetes Prow Robot
340ac700e5
Merge pull request #90424 from prasadkatti/master 
kubeadm: update service check log to include service name
 2020-04-23 23:30:44 -07:00
Johannes M. Scheuermann
889648d6e5 Improve the error message for the service cidr check 2020-04-24 07:46:31 +02:00
Kubernetes Prow Robot
30cefca5a6
Merge pull request #89128 from vincent178/move-runonce-kubeletconfiguration 
move runonce from flag to config
 2020-04-23 17:20:07 -07:00
Prasad Katti
b4e026a1ea kubeadm: update service check log to include service name 2020-04-23 16:51:39 -07:00
wawa0210
40da2c521a
Remove duplicate calculation nodename 、hostname 、hostnameOverridden 2020-04-24 07:49:33 +08:00
Kubernetes Prow Robot
0acf2f0983
Merge pull request #90320 from neolit123/1.19-kubeadm-dont-use-sleep-on-upgrade 
kubeadm: do not use /bin/sleep during upgrade pre-pull
 2020-04-23 12:32:21 -07:00
Kubernetes Prow Robot
613cd04d8c
Merge pull request #90064 from neolit123/1.19-fix-authz-warning 
kubeadm: fix misleading warning for authz modes
 2020-04-23 12:32:06 -07:00
Johannes M. Scheuermann
4211c2dccc Improve error message when service cidr is to small 2020-04-23 20:18:13 +02:00
Kubernetes Prow Robot
52243decf1
Merge pull request #90394 from SataQiu/fix-kubeadm-20200422 
kubeadm: fix the bug that kubeadm does not really respect resolvConf value set by user if systemd-resolved is active
 2020-04-23 08:51:25 -07:00
Kubernetes Prow Robot
95a81f2776
Merge pull request #90328 from SataQiu/fix-kubeadm-20200421 
kubeadm: ensure image-pull-timeout flag is respected during upgrade phase
 2020-04-23 08:51:11 -07:00
SataQiu
28b9a4e0d6 kubeadm: set resolv-conf via the kubelet config file rather than cli flag 2020-04-23 15:07:48 +08:00
Kubernetes Prow Robot
15ed3b36d1
Merge pull request #90235 from cici37/addflag 
Remove CCM dependency pkg/util/flag
 2020-04-22 19:22:14 -07:00
Lubomir I. Ivanov
425552f2c9 kubeadm: do not use /bin/sleep during upgrade pre-pull 
Use an init container that performs the pre-pull of a component
and then start an instance of "pause" as a regular container to
get the DaemonSet Pod in a Running state.

More details on this change in the code comments.
 2020-04-23 04:17:49 +03:00
Kubernetes Prow Robot
43cd2ff239
Merge pull request #89549 from happinesstaker/sa-rotate 
Monitoring safe rollout of time-bound service account token.
 2020-04-22 17:01:58 -07:00
Kubernetes Prow Robot
791b4bbeea
Merge pull request #85266 from serathius/refactor-show-hidden-metric 
Refactor show-hidden-metric-for-version flag
 2020-04-22 17:01:44 -07:00
Jiajie Yang
ae0e52d28c Monitoring safe rollout of time-bound service account token. 2020-04-22 11:59:16 -07:00
cici37
15c844031f Remove CCM dependency pkg/util/flag 2020-04-22 10:06:11 -07:00
Jie Shen
363bb39142
Use utils.net to parse ports instead of atoi (#89120) 2020-04-21 20:55:52 -07:00
SataQiu
449b39a450 kubeadm: ensure image-pull-timeout flag is respected during upgrade phase 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-04-21 16:35:04 +08:00
tangcong
90481a9596 fix kubeadm staticcheck err 2020-04-21 06:54:42 +08:00
Kubernetes Prow Robot
8b0a7dea1d
Merge pull request #90297 from deads2k/silence-usage 
stop printing usage help when the server commands exit
 2020-04-20 14:05:49 -07:00
David Eads
871d6dd8bb stop printing usage help when the server commands exit 2020-04-20 08:29:52 -04:00
Kubernetes Prow Robot
b2689edfdd
Merge pull request #88371 from dharmab/scheduler-synopsis 
Improve scheduler CLI description
 2020-04-17 13:15:36 -07:00
Quan Tian
23e54301ab Delete the wrong comment about CertDirectory of kubelet 
The default value of CertDirectory was changed to /var/lib/kubelet/pki.
 2020-04-18 00:37:27 +08:00
renzheng.wang
ff888f3a43 make kubectl/kubeadm completion script support busybox 2020-04-16 21:50:22 +08:00
Kubernetes Prow Robot
b35fdbc037
Merge pull request #89904 from alculquicondor/raw-extension-plugin-args 
Use RawExtension and Object for external and internal, respectively, scheduling plugin args
 2020-04-15 15:22:59 -07:00
Kubernetes Prow Robot
1df63e7dc7
Merge pull request #88510 from steveazz/steveazz/68026-rlimit 
Fix golint issues for `pkg/util/rlimit`
 2020-04-15 15:22:45 -07:00
Phil Ferrell
ba386aba4f client-go: change jsonpath output of non-primitive types from Go-syntax to JSON 
kubectl: add --output jsonpath-as-json to print a json array of results
kubeadm: fix test case using jsonpath result of non-primitive type
 2020-04-15 14:58:20 -07:00
Dharma Bellamkonda
49bcf18cc5 Improve scheduler CLI description 2020-04-15 14:14:45 -06:00
Kubernetes Prow Robot
b30bfa6f76
Merge pull request #90163 from SataQiu/fix-kubeadm-20200415 
kubeadm: fix some mistakes about log output
 2020-04-15 11:36:33 -07:00
Kubernetes Prow Robot
7f1d09f439
Merge pull request #89593 from neolit123/1.19-skip-kube-proxy-on-upgrade 
kubeadm: skip kube-proxy/dns upgrades on missing ConfigMaps
 2020-04-15 11:36:00 -07:00
SataQiu
004a61a46c kubeadm: fix some mistakes about log output 2020-04-15 14:32:46 +08:00
Lubomir I. Ivanov
83644dda30 kubeadm: update versions for 1.19 2020-04-14 23:27:35 +03:00
Kubernetes Prow Robot
ea2d784545
Merge pull request #89895 from jingyih/update_etcd_server_3p4p7 
Update default etcd server to 3.4.7 in k8s v1.19
 2020-04-14 12:34:06 -07:00
Kubernetes Prow Robot
6c499314cd
Merge pull request #88480 from savitharaghunathan/kubelet_flag_migration_1 
Kubelet flag migration - Part 1
 2020-04-14 12:33:39 -07:00
Steve Azzopardi
4936cd476b
Fix golint issues for pkg/util/rlimit 
pkg/util/rlimit/rlimit_linux.go:25:1: exported function RlimitNumFiles should have comment or be unexported
pkg/util/rlimit/rlimit_linux.go:25:6: func name will be used as rlimit.RlimitNumFiles by other packages, and that stutters; consider calling this NumFiles
pkg/util/rlimit/rlimit_unsupported.go:25:1: exported function RlimitNumFiles should have comment or be unexported
pkg/util/rlimit/rlimit_unsupported.go:25:6: func name will be used as rlimit.RlimitNumFiles by other packages, and that stutters; consider calling this NumFiles

Ref: https://github.com/kubernetes/kubernetes/issues/68026
 2020-04-14 21:00:41 +02:00
Lubomir I. Ivanov
44638a10e8 kubeadm: remove usage of the "certificates" API for cert renewal 
The flag "--use-api" for "alpha certs renew" was deprecated in 1.18.
Remove the flag and related logic that executes certificate renewal
using "api/certificates/v1beta1". kubeadm continues to be able
to create CSR files and renew using the local CA on disk.
 2020-04-14 21:57:37 +03:00
Kubernetes Prow Robot
105c0c6951
Merge pull request #88970 from mysunshine92/correct-NodeAllocatableRoot 
fix function NodeAllocatableRoot
 2020-04-14 11:04:13 -07:00
Aldo Culquicondor
ce05382b58 Use RawExtension and Object for external and internal scheduling plugin args, respectively 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-04-14 13:44:42 -04:00
Kubernetes Prow Robot
250884c9c1
Merge pull request #90127 from needkane/pr 
[cmd/kube-apiserver]  "return []error{} -> return nil" and "update annotation"
 2020-04-14 07:44:12 -07:00
needkane
97d6f2cfd3 (return []error{} -> return nil) and (update annotation) 2020-04-14 00:05:35 -04:00
vincent178
745b742de5 move runonce from flag to config 2020-04-14 06:00:43 +08:00
jingyih
394df132bd Update default etcd server to 3.4.7 2020-04-13 14:37:56 -07:00
Kubernetes Prow Robot
2624a4ad46
Merge pull request #80943 from obitech/yaml_meta 
Add a YAML MetaFactory
 2020-04-13 02:05:47 -07:00
Kubernetes Prow Robot
b17ddac4df
Merge pull request #78944 from avorima/golint_fix_job 
Fix golint errors in pkg/controller/job
 2020-04-12 21:57:47 -07:00
Kubernetes Prow Robot
3641d40a98
Merge pull request #90078 from SataQiu/staging-kubeadm-20200411 
kubeadm: remove the dependence on /pkg/features
 2020-04-12 12:09:47 -07:00
SataQiu
35f3f82029 kubeadm: remove the dependence on /pkg/features 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-04-12 15:05:44 +08:00
Kubernetes Prow Robot
ee6b88ddf9
Merge pull request #90000 from SataQiu/staging-scheduler-20200409 
scheduler: remove direct import to pkg/master/ports
 2020-04-11 10:46:01 -07:00
Kubernetes Prow Robot
eece89a253
Merge pull request #90031 from thockin/proxy-cleanup 
kube-proxy: Startup and updates logging
 2020-04-11 06:23:47 -07:00
SataQiu
41d3e44a2f scheduler: remove direct import to pkg/master/ports 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-04-11 13:56:53 +08:00
Tim Hockin
9551ecb7c3 Cleanup: Change "Ip" to "IP" in func and var names 2020-04-10 15:29:50 -07:00
Tim Hockin
efb24d44c6 Rename iptables IsIpv6 to IsIPv6 2020-04-10 15:29:50 -07:00
Lubomir I. Ivanov
6cfd772401 kubeadm: fix misleading warning for authz modes 
kubeadm init prints:
  W0410 23:02:10.119723   13040 manifests.go:225] the default kube-apiserver
  authorization-mode is "Node,RBAC"; using "Node,RBAC"

Add a new function compareAuthzModes() and a unit test for it.
Make sure the warning is printed only if the user modes don't match
the defaults.
 2020-04-10 23:45:40 +03:00
Lubomir I. Ivanov
83a59c02f9 kubeadm: switch control-plane static Pods to "system-node-critical" 
Use the priority class "system-node-critical" to ensure
the control-plane static Pods have the highest possible priority.
 2020-04-10 23:05:33 +03:00
Kubernetes Prow Robot
2da163bcf5
Merge pull request #89588 from rosti/kubeadm-etcd-upgrade 
kubeadm: Use image tag as version of stacked etcd
 2020-04-09 18:08:03 -07:00
Kubernetes Prow Robot
e322da5ddc
Merge pull request #88585 from pancernik/plugin-args-api-config 
Add types for Scheduler plugin args to kube-scheduler.config.k8s.io
 2020-04-09 09:19:44 -07:00
Kubernetes Prow Robot
1634d9c120
Merge pull request #89982 from neolit123/1.19-fix-kubeadm-integration-tests 
cleanup the kubeadm integration tests and related scripts
 2020-04-09 04:55:44 -07:00
Kubernetes Prow Robot
d58224e4bc
Merge pull request #89929 from deads2k/flag-check 
add flag check to ensure that flowcontrol API is present
 2020-04-08 22:13:43 -07:00
Kubernetes Prow Robot
9d74a1e3db
Merge pull request #89724 from zhouya0/add_missing_build_info_metric 
Add missing kube build version info metrics
 2020-04-08 20:11:44 -07:00
Lubomir I. Ivanov
a18502615e kubeadm-init: allow overriding the dry-run temp directory 
Allow overriding the dry-run temporary directory with
an env. variable (KUBEADM_INIT_DRYRUN_DIR).

Use the same variable in test/cmd/init_test.go.
This allows running integration tests as non-root.
 2020-04-09 01:20:24 +03:00
Lubomir I. Ivanov
04933f3a94 cmd/kubeadm/test/cmd: refactor _test.go files 
Make getKubeadmPath() fetch the KUBEADM_PATH env. variable.
Panic if it's missing. Don't handle the "--kubeadm-path"
flag. Remove the same flag from the BUILD bazel test rule.

Don't handle "--kubeadm-cmd-skip" usage of this flag is missing
from the code base.

Remove usage of "kubeadmCmdSkip" as the flag "--kubeadm-cmd-skip"
is never passed.
 2020-04-09 00:47:16 +03:00
Marek Siarkowicz
24321b2d4e Refactor show-hidden-metric-for-version flag 2020-04-08 22:42:14 +02:00
Lubomir I. Ivanov
d4de1a571a kubeadm: skip kube-proxy and DNS upgrades on missing ConfigMaps 
If the kube-proxy/dns ConfigMap are missing, show warnings and assume
that these addons were skipped during "kubeadm init",
and that their redeployment on upgrade is not desired.

TODO: remove this once "kubeadm upgrade apply" phases are supported:
https://github.com/kubernetes/kubeadm/issues/1318
 2020-04-08 22:58:42 +03:00
Rafał Wicha
c4d20ca8a8 Add types for Scheduler plugin args to kube-scheduler.config.k8s.io 2020-04-08 20:23:56 +01:00
Kubernetes Prow Robot
5123c3a018
Merge pull request #89867 from gongguan/ipvs-check 
remove duplicate ipvs check
 2020-04-07 16:45:57 -07:00
David Eads
45c2f4534c add flag check to ensure that flowcontrol API is present 2020-04-07 15:08:50 -04:00
louisgong
d6ea9d7c4c remove duplicate ipvs check 2020-04-07 23:12:09 +08:00
Kubernetes Prow Robot
cf144eb485
Merge pull request #89656 from dashpole/json_flag 
specify in the flag help text that --enable-cadvisor-json-endpoints d…
 2020-04-06 17:47:48 -07:00
Kubernetes Prow Robot
cabf5d1cdc
Merge pull request #89350 from SataQiu/fix-kube-proxy-20200323 
kube-proxy: treat failure to bind to a port as fatal
 2020-04-06 17:47:20 -07:00
Kubernetes Prow Robot
b984f59fa3
Merge pull request #89735 from rosti/kubeadm-fix-bootstrap-wait 
kubeadm join: Properly wait for TLS bootstrapping
 2020-04-06 11:19:48 -07:00
Kubernetes Prow Robot
4f90253b58
Merge pull request #89596 from neolit123/1.19-fix-misleading-warning-on-jcp 
kubeadm: remove misleading warning on kubeadm join
 2020-04-03 04:27:45 -07:00
Kubernetes Prow Robot
dd35908c7f
Merge pull request #89298 from gavinfish/scheuler-config-alph1 
Remove kubescheduler.config.k8s.io/v1alpha1
 2020-04-02 21:39:59 -07:00
Kubernetes Prow Robot
3c4017c2d0
Merge pull request #89785 from andrewsykim/log-ipvs-err 
ipvs: log err from CanUseIPVSProxier
 2020-04-02 17:24:00 -07:00
Kubernetes Prow Robot
b7aaa59b49
Merge pull request #89585 from cwdsuzhou/March/proxy_kernel 
add `kernelspace` to flag description of kube-proxy
 2020-04-02 12:43:02 -07:00
Andrew Sy Kim
e3656db5bc ipvs: log err from CanUseIPVSProxier 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-02 13:48:15 -04:00
Rostislav M. Georgiev
d2c4426e97 kubeadm join: Wait longer for TLS bootstrapping 
The TLS bootstrapping timeout is increased to 5 minutes with a retry
once every 5 seconds. Failing fast if the kubelet is not healthy is also
preserved.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-04-02 16:44:39 +03:00
Kubernetes Prow Robot
ad4bd386eb
Merge pull request #86752 from SataQiu/fix-kubelet-20191231 
Add error handler for rlimit.RlimitNumFiles
 2020-04-01 22:14:38 -07:00
SataQiu
871b90ba23 kube-proxy: add '--bind-address-hard-fail' flag to treat failure to bind to a port as fatal 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-04-02 13:13:10 +08:00
Tim Hockin
c27ceb6449
Edit log string 2020-04-01 15:34:29 -07:00
zhouya0
4d3d722ebc Add missing kube build info metric 2020-04-01 17:04:45 +08:00
Kubernetes Prow Robot
0804667ff1
Merge pull request #89151 from jingyih/add_metric_etcd_db_size 
apiserver: add a metric exposing etcd database size
 2020-03-31 12:37:00 -07:00
jingyih
922ec728de Add a metric exposing etcd database size 2020-03-31 09:02:38 -07:00
Tim Hockin
15632b10cb Clean up kube-proxy metrics startup 2020-03-30 10:29:14 -07:00
Tim Hockin
8747ba9370 Clean up kube-proxy healthz startup 
Make the healthz package simpler, move retries back to caller.
 2020-03-30 10:29:14 -07:00
David Ashpole
3ec1043f83 specify in the flag help text that --enable-cadvisor-json-endpoints defaults to false 2020-03-30 09:32:33 -07:00
Rostislav M. Georgiev
c8b7e5739c kubeadm: Use image tag as version of stacked etcd 
kubeadm uses image tags (such as `v3.4.3-0`) to specify the version of
etcd. However, the upgrade code in kubeadm uses the etcd client API to
fetch the currently deployed version. The result contains only the etcd
version without the additional information (such as image revision) that
is normally found in the tag. As a result it would refuse an upgrade
where the etcd versions match and the only difference is the image
revision number (`v3.4.3-0` to `v3.4.3-1`).

To fix the above issue, the following changes are done:
- Replace the existing etcd version querying code, that uses the etcd
  client library, with code that returns the etcd image tag from the
  local static pod manifest file.
- If an etcd `imageTag` is specified in the ClusterConfiguration during
  upgrade, use that tag instead. This is done regardless if the tag was
  specified in the configuration stored in the cluster or with a new
  configuration supplied by the `--config` command line parameter.
  If no custom tag is specified, kubeadm will select one depending on
  the desired Kubernetes version.
- `kubeadm upgrade plan` no longer prints upgrade information about
  external etcd. It's the user's responsibility to manage it in that
  case.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-03-30 16:28:45 +03:00
Kubernetes Prow Robot
9cbb46e39f
Merge pull request #89602 from kvaps/fix-rejoin 
Kubeadm: fix Ready condition check
 2020-03-28 00:11:52 -07:00
caiweidong
986a7431ce Add 'kernel' to the comments of proxy-mode 2020-03-28 11:55:37 +08:00
kvaps
68dcc17155 Kubeadm: fix Ready condition check 2020-03-27 23:55:18 +01:00
Lubomir I. Ivanov
63b3bd1826 kubeadm: fix unit test requiring admin.conf and root 2020-03-28 00:43:39 +02:00
Lubomir I. Ivanov
e56b4c3172 kubeadm: remove misleading warning on kubeadm join 
If the user does not provide --config or --control-plane
but provides some other flags such as --certificate-key
kubeadm is supposed to print a warning.

The logic around printing the warning is bogus. Implement
proper checks of when to print the warning.
 2020-03-27 23:09:59 +02:00
Kubernetes Prow Robot
c1fc466cdd
Merge pull request #88854 from bart0sh/PR0088-kubeadm-redesign-printAvailableUpgrades 
kubeadm: redesign printAvailableUpgrades function
 2020-03-27 05:14:23 -07:00
Kubernetes Prow Robot
903f1e63f9
Merge pull request #89537 from neolit123/1.19-kubeadm-add-get-node-rbac 
kubeadm: add missing RBAC for getting nodes on "upgrade apply"
 2020-03-26 20:06:23 -07:00
Lubomir I. Ivanov
6f99791021 kubeadm: add missing RBAC for getting nodes on "upgrade apply" 
b117a928 added a new check during "join" whether a Node with
the same name exists in the cluster.

When upgrading from 1.17 to 1.18 make sure the required RBAC
by this check is added. Otherwise "kubeadm join" will complain that
it lacks permissions to GET a Node.
 2020-03-26 22:02:55 +02:00
Rostislav M. Georgiev
fbfd44f337 kubeadm: Fix panic in isCoreDNSVersionSupported 
A narrow assumption of what is contained in the `imageID` fields for the
CoreDNS pods causes a panic upon upgrade.
Fix this by using a proper regex to match a trailing SHA256 image digest
in `imageID` or return an error if it cannot find it.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2020-03-26 20:26:32 +02:00
yameiwang
6783f991c3 fix function NodeAllocatableRoot 2020-03-26 18:48:05 +08:00
Kubernetes Prow Robot
295b53f7b4
Merge pull request #89214 from jingyih/update_etcd_server_3p4p4 
Update default etcd server to 3.4.4 in k8s v1.19
 2020-03-26 01:14:24 -07:00
notpad
52ad3d95f7 Add test for algorithm provider and policy config file 2020-03-24 23:18:32 +08:00
Ed Bartosh
0eac66d647 kubeadm: refactor printAvailableUpgrades 
Split printAvailableUpgrades into 2 functions:

- genUpgradePlan that handles business logic
- printUpgradePlan that outputs upgrade plan
 2020-03-24 12:47:52 +02:00
Ed Bartosh
e5d6536ade add UpgradePlan to the kubeadm.output API group 2020-03-24 12:47:42 +02:00
Kubernetes Prow Robot
907d4c1bb9
Merge pull request #89381 from dashpole/comment_disable_readonly 
Add comment explaining when to remove cadvisor json endpoints
 2020-03-23 20:31:19 -07:00
David Ashpole
b4ed7273da add comment explaining when to remove the --enable-cadvisor-json-endpoints 2020-03-23 12:52:00 -07:00
gavinfish
1865a104a9 Remove kubescheduler.config.k8s.io/v1alpha1 2020-03-21 15:11:48 +08:00
Kubernetes Prow Robot
72102c04c7
Merge pull request #88728 from notpad/feature/scheduler_e2e_test 
Add test for kube-scheduler command setup
 2020-03-19 20:30:36 -07:00
notpad
16015a691c Add test for kube-scheduler command setup 2020-03-20 07:36:47 +08:00
Davanum Srinivas
1d057da2f7
Move k8s.io/apiserver/pkg/util/term to k8s.io/component-base/term 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-03-19 07:18:09 -04:00
Kubernetes Prow Robot
f899ad704a
Merge pull request #89069 from enj/enj/i/drop_password_file 
Remove support for basic authentication
 2020-03-18 22:24:20 -07:00
jingyih
f9e0e4c6b4 Update default etcd server to 3.4.4 2020-03-18 00:27:46 -07:00
Kubernetes Prow Robot
d45fa525e7
Merge pull request #88945 from sandyleo26/kubeadm-check-windows-wrap-error-properly 
fix: #2056 check_windows wrap error properly
 2020-03-17 19:28:29 -07:00
Kubernetes Prow Robot
ed4c2dbf92
Merge pull request #88893 from kinvolk/invidian/kube-apiserver-so-reuseport 
kube-apiserver: use SO_REUSEPORT when creating listener
 2020-03-17 19:28:11 -07:00
Kubernetes Prow Robot
be2f9e74bf
Merge pull request #88811 from rajansandeep/invalidmigrationfail 
Ensure CoreDNS running when Corefile migration doesn't support current version
 2020-03-17 19:27:18 -07:00
Kubernetes Prow Robot
42c94f35a7
Merge pull request #88541 from cmluciano/cml/41ipvsfix 
ipvs: only attempt setting of sysctlconnreuse on supported kernels
 2020-03-17 16:21:28 -07:00
Kubernetes Prow Robot
393bb44ea9
Merge pull request #88515 from SataQiu/fix-kubelet-20200225 
kubelet: fix wrong flag types
 2020-03-17 16:21:10 -07:00
Alena Prokharchyk
2c6b149bf0 Kubelet doc: clarification for api-qps/burst flags 
Note that the flags don't rate limit the events and node heartbeat apis controlled by the diff set of flags
 2020-03-16 13:27:57 -07:00
Mateusz Gozdek
dfe1f968ac
kube-apiserver: use SO_REUSEPORT when creating listener on Unix systems 
So multiple instances of kube-apiserver can bind on the same address and
port, to provide seamless upgrades.

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>
 2020-03-13 23:55:57 +01:00
Christopher M. Luciano
d22e18ad4f
ipvs: only attempt setting of sysctlconnreuse on supported kernels 
This builds on previous work but only sets the sysctlConnReuse value
if the kernel is known to be above 4.19. To avoid calling GetKernelVersion
twice, I store the value from the CanUseIPVS method and then check the version
constraint at time of expected sysctl call.

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-03-12 13:16:00 -04:00
Monis Khan
df292749c9
Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
Sandeep Rajan
fcd229e4bd ensure coredns running when migration fails 
add an additional check for coredns image sha

add a check to see if migration is required
 2020-03-11 11:32:32 -04:00
Ted Yu
ced2948fde Remove wait.Until for running Kubelet Bootstrap 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-03-11 08:30:00 -07:00
Savitha Raghunathan
3234d34714 moving volume plugin dir to kubelet config - part 1 2020-03-10 16:22:29 -04:00
changyaowei
b8278e99b8 Made containerd-namespace flag can be used when kubelet config start cmd 2020-03-10 14:26:28 +08:00
Satyadeep Musuvathy
e053fdd08a Add NodeCIDR for detect-local-mode 2020-03-09 13:44:34 -07:00
Sha Liu
12750ac64f kubeadm: wrap error properly in check_windows.go 2020-03-09 22:29:15 +11:00
skilxn-go
6b8fc8dc5e Move TaintBasedEvictions feature gates to GA 2020-03-09 10:49:00 +08:00
Jordan Liggitt
b7c2faf26c client-go dynamic client: add context to callers 2020-03-06 10:56:23 -05:00
Christian Huffman
c6fd25d100 Updated CSIDriver references 2020-03-06 08:21:26 -05:00
Kubernetes Prow Robot
5708511499
Merge pull request #88708 from mikedanese/deleteopts 
Migrate clientset metav1.DeleteOpts to pass-by-value
 2020-03-05 23:09:23 -08:00
Kubernetes Prow Robot
8b8dd79d53
Merge pull request #88768 from damemi/extenders-cc 
Add Extenders to v1alpha2 Component Config
 2020-03-05 20:04:28 -08:00
Mike Danese
76f8594378 more artisanal fixes 
Most of these could have been refactored automatically but it wouldn't
have been uglier. The unsophisticated tooling left lots of unnecessary
struct -> pointer -> struct transitions.
 2020-03-05 14:59:47 -08:00
Mike Danese
c58e69ec79 automated refactor 2020-03-05 14:59:46 -08:00
Mike Dame
1d7006c38d Add Extenders to scheduler v1alpha2 component config 2020-03-05 16:42:15 -05:00
Lubomir I. Ivanov
8943e443e8 kubeadm: deprecate the flag --use-api for cert renewal 
The KCM is moving to means of only singing apiserver (kubelet) client
and kubelet serving certificates. See:
  https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/20190607-certificates-api.md#signers
Up until now the experimental kubeadm functionality '--use-api'
under "kubeadm alpha certs renew" was using the KCM to sign *any*
certficate as long as the KCM has the root CA cert/key.

Post discussions with the kubeadm maintainers, it was decided that
this functionality should be removed from kubeadm due to the
requirement to have external signers for renewing the common
control-plane certificates that kubeadm manages.
 2020-03-05 03:37:00 +02:00
Kubernetes Prow Robot
5c5faed39b
Merge pull request #88287 from gab-satchi/master 
Windows specific kubelet flags in kubeadm-flags.env
 2020-03-04 13:18:52 -08:00
Gab Satch
9fabafdbb1 Windows specific kubelet flags in kubeadm-flags.env 
- Uses correct pause image for Windows
- Omits systemd specific flags
- Common build flags function to be used by Linux and Windows
- Uses user configured image repository for Windows pause image
 2020-03-04 11:05:53 -05:00
Kubernetes Prow Robot
c86aec0564
Merge pull request #88745 from mborsz/slice3 
Implement simple endpoint slice batching
 2020-03-03 03:03:38 -08:00
Maciej Borsz
49b11b5431 Implement simple endpoint slice batching 2020-03-03 08:16:42 +01:00
Kubernetes Prow Robot
90a622bbdb
Merge pull request #88512 from SataQiu/fix-kubeproxy-20200225 
kube-proxy: fix confusing default value for healthz and metrics bind address, deprecate healthz-port and metrics-port flag
 2020-03-02 14:49:53 -08:00
Kubernetes Prow Robot
e9d502e4fc
Merge pull request #88663 from deads2k/enable-profiling-by-default 
update kube-controller-manager and kube-scheduler to match kube-apiserver defaults
 2020-03-02 07:24:43 -08:00
Kubernetes Prow Robot
56987164f8
Merge pull request #88626 from yuzhiquan/patch-clean1 
(cleanup/scheduler): remove unused function
 2020-02-29 07:54:40 -08:00
yuzhiquanlong
3eec87cd91 update WithPlugin comment, in case remove function 2020-02-29 19:53:04 +08:00
Kubernetes Prow Robot
03b7f272c8
Merge pull request #88246 from munnerz/csr-signername-controllers 
Update CSR controllers & kubelet to respect signerName field
 2020-02-28 23:38:39 -08:00
Kubernetes Prow Robot
268d0a1d3a
Merge pull request #85870 from Jefftree/authn-netproxy 
Use Network Proxy with Authentication & Authorizer Webhooks
 2020-02-28 18:44:39 -08:00
David Eads
aa07992a44 update kube-controller-manager and kube-scheduler to match kube-apiserver defaults 2020-02-28 11:18:00 -05:00
Jefftree
1b38199ea8 pass Dialer instead of egressselector to webhooks 2020-02-27 17:47:23 -08:00
Jefftree
d318e52ffe authentication webhook via network proxy 2020-02-27 17:47:23 -08:00
Jonathan Tomer
711c1e1720 Rename --enable-inflight-quota-handler to --enable-priority-and-fairness. 
The old flag name doesn't make sense with the renamed API Priority and
Fairness feature, and it's still safe to change the flag since it hasn't done
anything useful in a released k8s version yet.
 2020-02-27 14:04:37 -08:00
Sandeep Rajan
da8453af6e fix unsupported bug 2020-02-27 10:39:47 -05:00
James Munnelly
a983356caa Add signerName field to CSR resource spec 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2020-02-27 10:17:55 +00:00
Kubernetes Prow Robot
e61a878e6d
Merge pull request #88482 from rajansandeep/fixunsupported 
[kubeadm]: Fix the CoreDNS preflight check for unsupported plugins
 2020-02-26 19:39:33 -08:00
Sandeep Rajan
ca5d394f6a fix the coredns preflight check for unsupported plugins 2020-02-26 15:08:05 -05:00
Aldo Culquicondor
07c4982245 Add unit and integration tests for multiple profiles support 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-26 10:14:03 -05:00
Kubernetes Prow Robot
6ec3ea855d
Merge pull request #85282 from serathius/flag-kubelet 
Add show-hidden-metrics-for-version to kubelet
 2020-02-26 03:54:26 -08:00
Kubernetes Prow Robot
5704bff0de
Merge pull request #84913 from serathius/metrics-scheduler 
Add show-hidden-metrics-for-version to scheduler
 2020-02-25 21:02:26 -08:00
Marek Siarkowicz
d44d5b35f3 Add show-hidden-metrics-for-version to kubelet 2020-02-25 20:46:34 +01:00
Aldo Culquicondor
c048858471 Support multiple scheduling profiles in a single scheduler 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-25 11:31:20 -05:00
SataQiu
a7d927f1e7 kubelet: fix wrong flag types 2020-02-25 18:04:44 +08:00
SataQiu
c261d12bbf kube-proxy: fix confusing default value for healthz and metrics bind address, deprecate healthz-port and metrics-port flag 2020-02-25 16:59:11 +08:00
Kubernetes Prow Robot
95504c32fe
Merge pull request #86260 from rajansandeep/corednsto1.6.6-kubeadm 
[kubeadm]: Bump CoreDNS version to 1.6.7
 2020-02-24 23:10:49 -08:00
Kubernetes Prow Robot
59870dad01
Merge pull request #87748 from satyasm/kep-local-cidr 
Refactor handling of local traffic detection.
 2020-02-24 19:06:48 -08:00
Kubernetes Prow Robot
f6525dbc81
Merge pull request #88087 from alculquicondor/mutiprofiles-api 
Add Schedulings Profiles to kubescheduler.config.k8s.io/v1alpha2
 2020-02-24 14:43:35 -08:00
Kubernetes Prow Robot
b68f869f43
Merge pull request #88434 from SataQiu/fix-kubeadm-20200223 
kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster
 2020-02-24 13:11:59 -08:00
Sandeep Rajan
a980cb7ead update coredns to 1.6.7 2020-02-24 15:00:55 -05:00
Kubernetes Prow Robot
4e79344501
Merge pull request #88467 from neolit123/1.18-print-volume-verbosity 
kubeadm: modify how component volumes are printed
 2020-02-24 11:03:15 -08:00
Kubernetes Prow Robot
116e27fc19
Merge pull request #86953 from rojkov/ecdsa 
kubeadm: allow creating a cluster with ECDSA keys
 2020-02-24 11:02:50 -08:00
Aldo Culquicondor
9e71741d06 Add Profiles to kubescheduler.config.k8s.io/v1alpha2 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-24 09:45:46 -05:00
Lubomir I. Ivanov
1b710a4c56 kubeadm: modify how component volumes are printed 
After the shift for init phases, GetStaticPodSpecs() from
app/phases/controlplane/manifests.go gets called on each control-plane
component sub-phase. This ends up calling the Printf from
AddExtraHostPathMounts() in app/phases/controlplane/volumes.go
multiple times printing the same volumes for different components.

- Remove the Printf call from AddExtraHostPathMounts().
- Print all volumes for a component in CreateStaticPodFiles() using klog
V(2).

Perhaps in the future a bigger refactor is needed here were a
single control-plane component spec can be requested instead of a
map[string]v1.Pod.
 2020-02-24 16:41:03 +02:00
Kubernetes Prow Robot
20e3288277
Merge pull request #88373 from SataQiu/fix-kubeadm-20200220 
kubeadm: fallback to a known etcd version if an unknown k8s version is passed
 2020-02-24 05:14:47 -08:00
Dmitry Rozhkov
109f5db5a3 kubeadm: allow creating a cluster with ECDSA keys 
The selected key type is defined by kubeadm's --feature-gates option:
if it contains PublicKeysECDSA=true then ECDSA keys will be generated
and used.

By default RSA keys are used still.

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
 2020-02-24 11:20:07 +02:00
SataQiu
2e23f84745 kubeadm: fallback to a known etcd version if an unknown k8s version is passed 2020-02-24 10:46:39 +08:00
Kubernetes Prow Robot
ac25069a05
Merge pull request #88436 from andrewsykim/ccm-client-builder-cleanup 
use ControllerClientBuilder from k8s.io/cloud-provider in cloud-controller-manager
 2020-02-23 15:04:46 -08:00
Kubernetes Prow Robot
b513f359a0
Merge pull request #88429 from taesunny/master 
Fix: cmd/kubeadm Typos in some error messages, comments
 2020-02-23 11:14:47 -08:00
andrewsykim
ed9492ad69 use ControllerClientBuilder from k8s.io/cloud-provider in cloud-controller-manager 
Signed-off-by: andrewsykim <kim.andrewsy@gmail.com>
 2020-02-23 06:40:20 -05:00
SataQiu
8067dd8470 kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster 2020-02-23 18:57:32 +08:00
Kubernetes Prow Robot
31b8c0d23d
Merge pull request #87656 from ereslibre/do-not-depend-on-cluster-status 
kubeadm: deprecate the `ClusterStatus` dependency
 2020-02-22 22:30:47 -08:00
Kubernetes Prow Robot
b893aa707e
Merge pull request #88052 from neolit123/1.18-renew-use-ca-in-kubeconfig 
kubeadm: update embedded CA in kubeconfig files on renewal
 2020-02-22 20:50:47 -08:00
Taesun Lee
d10e3da92d Fix typos in some error messages, comments 
- cmd/kubeadm
- RemoveContnainers -> RemoveContainers
- iterface -> interface
- stategicMergeSlice -> strategicMergeSlice
 2020-02-23 00:44:47 +09:00
Satyadeep Musuvathy
8c6956e5bb Refactor handling of local traffic detection. 2020-02-21 17:57:34 -08:00
Kubernetes Prow Robot
58fcca211f
Merge pull request #88359 from taesunny/master 
Fix: Typos in apiclient util.
 2020-02-20 19:50:46 -08:00
Kubernetes Prow Robot
58596b2bf5
Merge pull request #88347 from neolit123/1.18-kubeadm-update-constants 
kubeadm: update constants for 1.18
 2020-02-20 04:29:43 -08:00
Kubernetes Prow Robot
79b674d827
Merge pull request #84381 from Sh4d1/egress_selector_proxy_v2 
Use network proxy for proxy subresources
 2020-02-20 04:29:03 -08:00
Rafael Fernández López
3e59a0651f
kubeadm: optimize the upgrade path from ClusterStatus to annotations 
When doing the very first upgrade from a cluster that contains the
source of truth in the ClusterStatus struct, the new kubeadm logic
will try to retrieve this information from annotations.

This changeset adds to both etcd and apiserver endpoint retrieval the
special case in which they won't retry if we are in such cases. The
logic will retry if we find any unknown error, but will not retry in
the following cases:

- etcd annotations do not contain etcd endpoints, but the overall list
  of etcd pods is greater than 0. This means that we listed at least
  one etcd pod, but they are missing the annotation.

- API server annotation is not found on the api server pod for a given
  node name, but no errors aside from that one were found. This means
  that the API server pod is present, but is missing the annotation.

In both cases there is no point in retrying, and so, this speeds up the
upgrade path when coming from a previous existing cluster.
 2020-02-20 12:19:05 +01:00
Rafael Fernández López
b140c5d64b
kubeadm: remove ClusterStatus dependency 
While `ClusterStatus` will be maintained and uploaded, it won't be
used by the internal `kubeadm` logic in order to determine the etcd
endpoints anymore.

The only exception is during the first upgrade cycle (`kubeadm upgrade
apply`, `kubeadm upgrade node`), in which we will fallback to the
ClusterStatus to let the upgrade path add the required annotations to
the newly created static pods.
 2020-02-20 12:18:56 +01:00
Taesun Lee
97fc3e6139
Fix typos in apiclient util 
fix initalTimeout to initialTimeout
 2020-02-20 15:20:04 +09:00
Lubomir I. Ivanov
ad8bf3c139 kubeadm: do not pin unit tests to a version 2020-02-19 22:20:33 +02:00
Lubomir I. Ivanov
22319019ab kubeadm: update constants for 1.18 
- Include 1.19 as a supported etcd mapping.
- Update minimum and current versions.
 2020-02-19 21:40:46 +02:00
Kubernetes Prow Robot
5bd719b6a6
Merge pull request #86810 from bart0sh/PR0087-kubeadm-output-images 
kubeadm config images list: implement structured output
 2020-02-17 17:07:28 -08:00
Kubernetes Prow Robot
ea5cef1c65
Merge pull request #87870 from tedyu/restore-proxier-updater 
Use ProxierHealthUpdater directly to avoid panic
 2020-02-17 10:13:29 -08:00
Ed Bartosh
a31ccc7b99 kubeadm config images list: test structured output 
Implemented tests for 'kubeadm config images list' structured output.
 2020-02-17 17:26:17 +02:00
Ed Bartosh
23e4d05083 kubeadm config images list: implement structured output 
Used cli-runtime API to print image info in 5 formats:

  - TEXT (identical to the current output)
  - YAML
  - JSON
  - JSONPATH
  - Go template
 2020-02-17 17:23:08 +02:00
Ed Bartosh
be7e5b47fe kubeadm config images list: update output API 2020-02-17 17:23:08 +02:00
Benjamin Elder
d827f2634a update stale pause image comment 2020-02-14 14:03:19 -08:00
Benjamin Elder
1631825e44 bump pause to 3.2 in kubelet 2020-02-14 11:40:15 -08:00
Benjamin Elder
a00a1e39ef bump pause to 3.2 in kubeadm 2020-02-14 11:40:15 -08:00
Marek Siarkowicz
8b825d1511 Add show-hidden-metrics-for-version to scheduler 2020-02-14 10:14:31 +01:00
Kubernetes Prow Robot
029e1a06d7
Merge pull request #87967 from zhan849/harry/controller-queue-metrics 
register queue metrics in controller manager
 2020-02-13 16:55:11 -08:00
Kubernetes Prow Robot
77e8c75f32
Merge pull request #87754 from MikeSpreitzer/apf-filter5 
Add twice refactored filter and config consumer for API Priority and Fairness
 2020-02-13 16:54:46 -08:00
Kubernetes Prow Robot
35bb71d855
Merge pull request #88092 from yujuhong/rm-beta-labels 
Replace Beta OS/arch labels with the GA ones
 2020-02-13 14:14:02 -08:00
Yu-Ju Hong
bcd975aa65 Replace Beta OS/arch labels with the GA ones 
Beta OS/arch labels have been deprecated since 1.14.
This change replaces these labels with the GA ones.
 2020-02-13 09:38:51 -08:00
Aldo Culquicondor
99bda6fac0 Remove HardPodAffinityWeight from v1alpha2 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-13 11:59:56 -05:00
Patrik Cyvoct
6729bfd648
use network proxy for proxy subresources 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-02-13 14:42:34 +01:00
Kubernetes Prow Robot
8ca96f3e07
Merge pull request #80724 from cceckman/provider-info-e2e 
Provide OIDC discovery for service account token issuer
 2020-02-13 01:38:35 -08:00
skilxn-go
f5b7e3cca3 Rename PostFilter plugin to PreScore 2020-02-12 23:25:08 +08:00
Lubomir I. Ivanov
0ba5891519 kubeadm: update embedded CA in kubeconfig files on renewal 
While kubeadm does not support CA rotation,
the users might still attempt to perform this manually.
For kubeconfig files, updating to a new CA is not reflected
and users need to embed new CA PEM manually.

On kubeconfig cert renewal, always keep the embedded CA
in sync with the one on disk.

Includes a couple of typo fixes.
 2020-02-12 05:03:20 +02:00
Charles Eckman
5a176ac772 Provide OIDC discovery endpoints 
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>
 2020-02-11 16:23:31 -08:00
Mike Spreitzer
73614ddd4e Added API Priority and Fairness filter and config consumer 2020-02-10 22:54:40 -05:00
Ted Yu
7a0690cd59 Use ProxierHealthUpdater directly to avoid panic 2020-02-10 09:41:09 -08:00
SataQiu
f2150587f3 kubeadm: remove 'kubeadm upgrade node config' 2020-02-10 18:28:41 +08:00
Harry Zhang
63f0078ccc register queue metrics in controller manager 2020-02-09 14:41:17 -08:00
Kubernetes Prow Robot
abe6321296 Merge pull request #87952 from mikedanese/opts 
add *Options to Create, Update, and Patch in generated clientsets
 2020-02-08 20:43:53 -08:00
Kubernetes Prow Robot
415b3ed950 Merge pull request #87944 from SataQiu/kubeadm-2020020802 
kubeadm: remove 'kubeadm alpha kubelet config download'
 2020-02-08 14:46:57 -08:00
Kubernetes Prow Robot
887ccc483c Merge pull request #87942 from SataQiu/kubeadm-2020020801 
kubeadm: deprecate --kubelet-version command line option
 2020-02-08 14:46:44 -08:00
Kubernetes Prow Robot
a280a967a5 Merge pull request #87853 from alculquicondor/fix/options_test 
Do lenient decoding only for kubescheduler.config.k8s.io/v1alpha1
 2020-02-08 14:46:21 -08:00
Kubernetes Prow Robot
20dca67a8a Merge pull request #87453 from aojea/kubeadm_dual 
kubeadm: dual-stack validation allow single stack
 2020-02-08 14:46:06 -08:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Kubernetes Prow Robot
334d788f08 Merge pull request #87299 from mikedanese/ctx 
context in client-go
 2020-02-08 06:43:52 -08:00
Kubernetes Prow Robot
25501f8425
Merge pull request #87886 from RA489/rmbasheg 
remove bash examples/comments from the v1beta1 and v1beta2 APIs
 2020-02-08 00:21:52 -08:00
SataQiu
0714f814fe kubeadm: remove 'kubeadm alpha kubelet config download' 2020-02-08 14:52:33 +08:00
SataQiu
e167b44c17 kubeadm: deprecate --kubelet-version command line option 2020-02-08 12:56:25 +08:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Aldo Culquicondor
2ffb13e822 Do lenient decoding only for kubescheduler config v1alpha1 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-07 15:41:00 -05:00
RA489
ad9d2d71c0 remove bash examples/comments from the v1beta1 and v1beta2 APIs 2020-02-07 11:27:02 +05:30
Antonio Ojea
6dda7adaf5
kubeadm: dual-stack validation allow single stack 
It turns out that the dual-stack feature enabled doesn't mean that
the cluster MUST be dual-stack, it only indicates that it MAY be
dual-stack but CAN be single-stack.

We should relax the validation to allow single-stack clusters
with dual-stack enabled.
 2020-02-05 12:23:10 +01:00
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Kubernetes Prow Robot
f81242916d
Merge pull request #81056 from neolit123/1.16-kubeadm-node-names 
kubeadm: prevent bootstrap of nodes with known names
 2020-02-01 03:35:20 -08:00
Kubernetes Prow Robot
5ced53c0c4
Merge pull request #87628 from alculquicondor/cc-v1alpha2 
Add kubescheduler.config.k8s.io/v1alpha2
 2020-01-30 16:59:33 -08:00
Aldo Culquicondor
3d83ef2e8e Autogenerated and build files for kubescheduler.config.k8s.io/v1alpha2 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-01-29 17:18:48 -05:00
Aldo Culquicondor
11c4bcd9dd Copy kubescheduler.config.k8s.io/v1alpha1 files onto v1alpha2 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-01-29 17:18:41 -05:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
Elijah Oyekunle
07e3cca6d0 update existing import-restrictions files 2020-01-28 10:51:45 +01:00
Kubernetes Prow Robot
236eee1eba
Merge pull request #87505 from neolit123/1.18-handle-etcd-members-without-names 
kubeadm: improvements to the concurrent etcd member join support
 2020-01-26 08:51:02 -08:00
Lubomir I. Ivanov
b117a928a6 kubeadm: prevent bootstrap of nodes with known names 
If a Node name in the cluster is already taken and this Node is Ready,
prevent TLS bootsrap on "kubeadm join" and exit early.

This change requires that a new ClusterRole is granted to the
"system:bootstrappers:kubeadm:default-node-token" group to be
able get Nodes in the cluster. The same group already has access
to obtain objects such as the KubeletConfiguration and kubeadm's
ClusterConfiguration.

The motivation of this change is to prevent undefined behavior
and the potential control-plane breakdown if such a cluster
is racing to have two nodes with the same name for long periods
of time.

The following values are validated in the following precedence
from lower to higher:
- actual hostname
- NodeRegistration.Name (or "--node-name") from JoinConfiguration
- "--hostname-override" passed via kubeletExtraArgs

If the user decides to not let kubeadm know about a custom node name
and to instead override the hostname from a kubelet systemd unit file,
kubeadm will not be able to detect the problem.
 2020-01-26 18:50:54 +02:00
Lubomir I. Ivanov
a027c379f7 kubeadm: increase timeouts in the etcd client 
- Extend the exponential backoff for add/remove/... retry to
11 steps ~=106 seconds. From experiments for 3 and more members
the race can take more that ~=26 seconds.
- Increase the dialTimeout for client creation to 40 seconds.
20 seconds seems racy for 3 and more members.
 2020-01-25 00:48:05 +02:00