github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
46,781 Commits 1 Branch 31 Tags
c20e63bfb98fecef7461dbaf8ed52e31fe12cd11
Commit Graph

3984 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
ef075a441f Merge pull request #44105 from krousey/kubeadm 
Automatic merge from submit-queue

Adding krousey as a kubeadm reviewer and owner

I would like to join the illustrious ranks of kubeadm owners. I plan to spend a considerable amount of time integrating this tool into our GCE and GKE deployments. If approver is too much, I would still like to be a reviewer.

I will mark this as "Do not merge" until I see approval from all current owners.
 2017-04-06 12:46:05 -07:00
Kubernetes Submit Queue
a30339ba49 Merge pull request #44143 from ivan4th/fix-panic-in-kubeadm-master-node-setup 
Automatic merge from submit-queue (batch tested with PRs 44143, 44133)

Fix panic in kubeadm master node setup

The problem was [caught](https://travis-ci.org/Mirantis/kubeadm-dind-cluster/jobs/218999640#L3249) by kubeadm-dind-cluster CI.
```
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.1
[init] Using Authorization mode: RBAC
[preflight] Skipping pre-flight checks
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [kube-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.192.0.2]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 19.017839 seconds
panic: assignment to entry in nil map

goroutine 1 [running]:
panic(0x1b62140, 0xc4203f0380)
	/usr/local/go/src/runtime/panic.go:500 +0x1a1
k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig.attemptToUpdateMasterRoleLabelsAndTaints(0xc420b18be0, 0x4e, 0x0)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig/setupmaster.go:57 +0x15b
k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig.UpdateMasterRoleLabelsAndTaints(0xc420b18be0, 0x1a, 0xc420b18be0)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig/setupmaster.go:86 +0x2f
k8s.io/kubernetes/cmd/kubeadm/app/cmd.(*Init).Run(0xc4201a4040, 0x29886e0, 0xc420022010, 0x1c73d01, 0xc4201a4040)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/init.go:220 +0x29c
k8s.io/kubernetes/cmd/kubeadm/app/cmd.NewCmdInit.func1(0xc4203a46c0, 0xc420660680, 0x0, 0x2)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/init.go:86 +0x197
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc4203a46c0, 0xc420660560, 0x2, 0x2, 0xc4203a46c0, 0xc420660560)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:603 +0x439
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc4203b1d40, 0xc4203a4b40, 0xc4203a46c0, 0xc4203a4000)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:689 +0x367
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(0xc4203b1d40, 0xc42046c420, 0x29886a0)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:648 +0x2b
k8s.io/kubernetes/cmd/kubeadm/app.Run(0xc420627f70, 0xc4200001a0)
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/kubeadm.go:35 +0xe8
main.main()
	/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/kubeadm.go:26 +0x22
```
 2017-04-06 11:19:22 -07:00
Kubernetes Submit Queue
2d66f7bd28 Merge pull request #42557 from xilabao/use-authorizationModes 
Automatic merge from submit-queue

Allow multiple providers for authorizationMode

fixes https://github.com/kubernetes/kubeadm/issues/177
 2017-04-06 08:03:04 -07:00
Ivan Shvedunov
24b8ed5d84 Fix panic in kubeadm master node setup 2017-04-06 14:50:13 +03:00
Kubernetes Submit Queue
b41e415ebd Merge pull request #43137 from shashidharatd/federation-domain 
Automatic merge from submit-queue

[Federation] Remove FEDERATIONS_DOMAIN_MAP references

Remove all references to FEDERATIONS_DOMAIN_MAP as this method is no longer is used and is replaced by adding federation domain map to kube-dns configmap.

cc @madhusudancs @kubernetes/sig-federation-pr-reviews 

**Release note**:
```
[Federation] Mechanism of adding `federation domain maps` to kube-dns deployment via `--federations` flag is superseded by adding/updating `federations` key in `kube-system/kube-dns` configmap. If user is using kubefed tool to join cluster federation, adding federation domain maps to kube-dns is already taken care by `kubefed join` and does not need further action.
```
 2017-04-06 02:05:42 -07:00
xilabao
68f69b2c73 Allow multiple providers for authorizationMode 2017-04-06 10:31:59 +08:00
Kubernetes Submit Queue
8ecb60c86d Merge pull request #44031 from jellonek/fix_kubeadm_regression 
Automatic merge from submit-queue (batch tested with PRs 44097, 42772, 43880, 44031, 44066)

kubeadm: Wait for node before updating labels and taints

**What this PR does / why we need it**:
Adds again (removed in #43881) waiting for at last single node appearance during kubeadm attempt to update master role labels and taints.

**Which issue this PR fixes**:
fixes kubernetes/kubeadm#221

**Release note**:
```NONE
```
 2017-04-05 16:41:23 -07:00
Mike Danese
ba5c2855b3 bazel: implement git build stamping 2017-04-05 11:47:39 -07:00
Piotr Skamruk
b30855acba kubeadm: Wait for node before updating labels and taints 
fixes kubernetes/kubeadm#221
 2017-04-05 20:40:22 +02:00
Kubernetes Submit Queue
577a0e82c1 Merge pull request #44101 from mikedanese/kubeadm-default 
Automatic merge from submit-queue

make kubeadm default to stable-1.6
 2017-04-05 11:14:40 -07:00
Kris
7dca432706 Adding krousey as a kubeadm reviewer and owner 2017-04-05 11:13:58 -07:00
Mike Danese
142f7c98c0 make kubeadm default to stable-1.6 2017-04-05 09:40:12 -07:00
Andy Goldstein
d2bc4d0b2e Use shared informers for proxy endpoints and service configs 
Use shared informers instead of creating local controllers/reflectors
for the proxy's endpoints and service configs. This allows downstream
integrators to pass in preexisting shared informers to save on memory &
cpu usage.

This also enables the cache mutation detector for kube-proxy for those
presubmit jobs that already turn it on.
 2017-04-04 12:51:41 -04:00
Tim Hockin
adf30aa2e1 kube-proxy: OnServiceUpdate takes pointers 
This signature is more consistent with OnEndpointsUpdate and removes a
copy loop.  This is part on ongoing cleanup to rate-limit iptables
calls.
 2017-04-03 17:19:39 -07:00
Kubernetes Submit Queue
83249d3765 Merge pull request #43999 from mikedanese/vers-fail 
Automatic merge from submit-queue

kubeadm: fail explicitly when using (stable,latest) in airgapped env

This is unintuitive and unnecessary behavior
 2017-04-03 16:40:06 -07:00
Mike Danese
3c77465a23 kubeadm: fail explicitly when using (stable,latest) in airgapped env 2017-04-03 14:08:32 -07:00
Michael Taufen
f5eed7e91d Add a separate flags struct for Kubelet flags 
Kubelet flags are not necessarily appropriate for the KubeletConfiguration
object. For example, this PR also removes HostnameOverride and NodeIP
from KubeletConfiguration. This is a preleminary step to enabling Nodes
to share configurations, as part of the dynamic Kubelet configuration
feature (#29459). Fields that must be unique for each node inhibit
sharing, because their values, by definition, cannot be shared.
 2017-04-03 13:28:29 -07:00
Kubernetes Submit Queue
6f3e5bade6 Merge pull request #40432 from sjenning/imagegc-default 
Automatic merge from submit-queue

kubelet: change image-gc-high-threshold below docker dm.min_free_space

docker dm.min_free_space defaults to 10%, which "specifies the min free space percent in a thin pool require for new device creation to succeed....Whenever a new a thin pool device is created (during docker pull or during container creation), the Engine checks if the minimum free space is available. If sufficient space is unavailable, then device creation fails and any relevant docker operation fails." [1]

This setting is preventing the storage usage to cross the 90% limit. However, image GC is expected to kick in only beyond image-gc-high-threshold. The image-gc-high-threshold has a default value of 90%, and hence GC never triggers. If image-gc-high-threshold is set to a value lower than (100 - dm.min_free_space)%, GC triggers.

xref https://bugzilla.redhat.com/show_bug.cgi?id=1408309

```release-note
changed kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage.
```

@derekwaynecarr @sdodson @rhvgoyal
 2017-04-03 10:51:32 -07:00
Kubernetes Submit Queue
756539f4fc Merge pull request #43684 from xilabao/patch-10 
Automatic merge from submit-queue

fix typo in kubeadm join -h

```
Flags:
      --config string                Path to kubeadm config file
      --discovery-file string        A file or url from which to load cluster information
      --discovery-token string       A token used to validate cluster information fetched from the master
      --skip-preflight-checks        skip preflight checks normally run before modifying the system
      --tls-bootstrap-token string   A token used for TLS bootstrapping
      --token string                 Use this token for both discovery-token and tls-bootstrap-token
```
 2017-04-01 07:02:42 -07:00
Kubernetes Submit Queue
63872a09f6 Merge pull request #43881 from mikedanese/kubeadm-validate 
Automatic merge from submit-queue

move end to end validation to a dedicated phase

mostly reshuffling
 2017-03-31 08:01:42 -07:00
Kubernetes Submit Queue
91c03b0e8f Merge pull request #43813 from liggitt/conditional-post-start-hook 
Automatic merge from submit-queue

Make RBAC post-start hook conditional on RBAC authorizer being used

Makes the RBAC post-start hook (and reconciliation) conditional on the RBAC authorizer being used

Ensures we don't set up unnecessary objects.

```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
 2017-03-31 05:51:49 -07:00
Kubernetes Submit Queue
bf1428f637 Merge pull request #43109 from apprenda/kubeadm_completion_test-cmds 
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)

kubeadm: test-cmds for kubeadm completion

**What this PR does / why we need it**: Adding test-cmds for kubeadm completion. 

Adding tests is a WIP from #34136

**Special notes for your reviewer**: /cc @luxas

**Release note**:
```release-note
NONE
```
 2017-03-31 00:34:24 -07:00
Jordan Liggitt
890894ac4f Disable RBAC post-start hook if not using the RBAC authorizer 2017-03-30 23:30:04 -04:00
Mike Danese
01984a9f98 move end to end validation to a dedicated phase 2017-03-30 18:06:09 -07:00
Kubernetes Submit Queue
57b7c75be9 Merge pull request #43835 from mikedanese/kubeadm-fix 
Automatic merge from submit-queue

don't wait for first kubelet to be ready and drop dummy deploy

Per https://github.com/kubernetes/kubernetes/issues/43815#issuecomment-290270198, I suggest that we drop both the node ready and the dummy deployment check altogether for 1.6 and move them to a validation phase for 1.7.

I really think we should drop these checks altogether. CreateClientAndWaitForAPI should create a client and wait for the API, not create dummy deployments and wait for nodes to register and be healthy. These are end to end validations and this is the wrong place to do this stuff. We need an explicit final validation phase for this.

```release-note
Fix a deadlock in kubeadm master initialization.
```

Fixes #43815
 2017-03-30 16:57:24 -07:00
Mike Danese
89557110ed don't wait for first kubelet to be ready 
and skip dummy deployment
 2017-03-30 09:24:54 -07:00
Kubernetes Submit Queue
58d2d9ade1 Merge pull request #43836 from yujuhong/kubeadm-cleanup 
Automatic merge from submit-queue (batch tested with PRs 43508, 43836)

kubeadm: clean up exited containers and network checkpoints
 2017-03-29 21:01:20 -07:00
Yu-Ju Hong
434fba9e46 kubeadm: clean up exited containers and network checkpoints 2017-03-29 18:23:24 -07:00
Kubernetes Submit Queue
fa98c5fed4 Merge pull request #43247 from mbohlool/extensions_fix 
Automatic merge from submit-queue (batch tested with PRs 42617, 43247, 43509, 43644, 43820)

Bugfix: OpenAPI-gen was not generating extensions correctly

Fixes a bug in openapi-gen that generated invalid code if x-kubernetes extensions defined in types.go. The location of VendorExtensions was wrong.
 2017-03-29 16:05:21 -07:00
Christoph Blecker
6681835b0c Fix gofmt errors 2017-03-28 17:12:04 -07:00
Kubernetes Submit Queue
4159cb57b6 Merge pull request #42835 from deads2k/server-01-remove-insecure 
Automatic merge from submit-queue (batch tested with PRs 42835, 42974)

remove legacy insecure port options from genericapiserver

The insecure port has been a source of problems and it will prevent proper aggregation into a cluster, so the genericapiserver has no need for it.  In addition, there's no reason for it to be in the main kube-apiserver flow either.  This pull removes it from genericapiserver and removes it from the shared kube-apiserver code.  It's still wired up in the command, but its no longer possible for someone to mess up and start using in mainline code.

@kubernetes/sig-api-machinery-misc @ncdc
 2017-03-27 17:00:21 -07:00
wlan0
38988fec78 add rancher credential provider 2017-03-27 16:22:53 -07:00
Kubernetes Submit Queue
dfbbb115dd Merge pull request #43383 from deads2k/server-10-safe-proxy 
Automatic merge from submit-queue

proxy to IP instead of name, but still use host verification

I think I found a setting that lets us proxy to an IP and still do hostname verification on the certificate.  

@liggitt @sttts  Can you see if you agree that this knob does what I think it does?  Last commit only, still needs tests.
 2017-03-27 16:01:06 -07:00
deads2k
cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00
deads2k
c2f8ef1b1a move insecure options to kubeapiserver 2017-03-27 13:55:45 -04:00
deads2k
d8be13fee8 add proxy client-certs to kube-apiserver to allow it to proxy aggregated api servers 2017-03-27 13:31:31 -04:00
deads2k
3414231672 proxy to IP instead of name, but still use host verification 2017-03-27 12:33:03 -04:00
Kubernetes Submit Queue
b705835bae Merge pull request #42911 from deads2k/server-04-combined 
Automatic merge from submit-queue (batch tested with PRs 43694, 41262, 42911)

combine kube-apiserver and kube-aggregator

This combines several pulls currently in progress and wires them together.  The aggregator sits in front of the normal kube-apiserver and allows local fallthrough instead of proxying.

@kubernetes/sig-api-machinery-misc 
@DirectXMan12 since you seem invested, your life will get easier
@luxas FYI since you've started trying to wire something together.  



Dependent Pulls LGTM:
- [x] https://github.com/kubernetes/kubernetes/pull/42801
- [x] https://github.com/kubernetes/kubernetes/pull/42886
- [x] https://github.com/kubernetes/kubernetes/pull/42900
- [x] https://github.com/kubernetes/kubernetes/pull/42732
- [x] https://github.com/kubernetes/kubernetes/pull/42672
- [x] https://github.com/kubernetes/kubernetes/pull/43141
- [x] https://github.com/kubernetes/kubernetes/pull/43076
- [x] https://github.com/kubernetes/kubernetes/pull/43149
- [x] https://github.com/kubernetes/kubernetes/pull/43226
- [x] https://github.com/kubernetes/kubernetes/pull/43144
 2017-03-27 09:30:24 -07:00
Kubernetes Submit Queue
efa5322766 Merge pull request #42896 from deads2k/server-03-codec 
Automatic merge from submit-queue (batch tested with PRs 42900, 43044, 42896, 43308, 43621)

require codecfactory

The genericapiserver requires a codec to start.  Help new comers to the API by forcing them to set it when they create a new config.
 2017-03-27 08:32:27 -07:00
deads2k
8e26fa25da wire in aggregation 2017-03-27 09:44:10 -04:00
deads2k
087a030221 require codecfactory 2017-03-27 08:19:08 -04:00
deads2k
f31eb0a77f force callers to specify the cert dns names 2017-03-27 07:49:01 -04:00
Charlie R.C
71aeea22a9 fix typo in kubeadm join -h 2017-03-27 01:44:07 -05:00
Wojciech Tyczynski
7ce368ccd2 Simplify proxy config for Services by removing Mux. 2017-03-26 11:07:36 +02:00
Wojciech Tyczynski
596527dafa Simplify proxy config for Endpoints by removing Mux. 2017-03-26 11:07:36 +02:00
Kubernetes Submit Queue
417a88b82a Merge pull request #43154 from apprenda/kubeadm_test-cmd_logging 
Automatic merge from submit-queue (batch tested with PRs 43149, 41399, 43154, 43569, 42507)

kubeadm: only print stderr/stdout if failed test

**What this PR does / why we need it**: This PR changes when stdout/stderr will be logged during a kubeadm test-cmd test. It's useful when a real failure occurs to only see the failure rather than output that looks like it might be a failure

**Special notes for your reviewer**: /cc @luxas @marun 

**Release note**:
```release-note
NONE
```
 2017-03-26 00:55:21 -07:00
Kubernetes Submit Queue
b8fc6a093a Merge pull request #43149 from deads2k/server-07-clean-kube-start 
Automatic merge from submit-queue

break kube-apiserver start into stages

This is a code shuffle which breaks the kube-apiserver start into
 1. set defaults on the options
 1. create the generic config from the options
 1. create the master config from the generic config and the options

This makes apiserver composition easy/possible later on.
 2017-03-25 23:55:50 -07:00
Kubernetes Submit Queue
8ff822b764 Merge pull request #43226 from deads2k/controller-01-health 
Automatic merge from submit-queue (batch tested with PRs 43144, 42671, 43226, 43314, 43361)

don't start controllers against unhealthy master

Operating against an unhealthy apiserver is unpredictable.  Some clients like `kubectl` need to be best effort in this regard so that you can debug broken apiservers.  Controllers shouldn't run against unhealthy masters.
 2017-03-25 19:10:25 -07:00
Kubernetes Submit Queue
59728a09de Merge pull request #43144 from deads2k/server-06-informer-start 
Automatic merge from submit-queue (batch tested with PRs 43144, 42671, 43226, 43314, 43361)

start informers as a post-start-hook

Switches the shared informer start to a post start hook to make future API server composition easier.  PostStartHooks will have to be unioned for server composition and this ensures that we don't accidentally skip starting them.
 2017-03-25 19:10:22 -07:00
Kubernetes Submit Queue
a5ddb8284e Merge pull request #41000 from NickrenREN/cloud-controller-manager 
Automatic merge from submit-queue

remove NewCloudNodeController() second return value
 2017-03-25 11:55:21 -07:00