Commit Graph

3769 Commits

Author SHA1 Message Date
Erick Fejta
c28e37a192 Fix path to kubernetes_skew 2016-08-23 16:26:40 -07:00
Kubernetes Submit Queue
0b5547f462 Merge pull request #30183 from timstclair/aa-psp
Automatic merge from submit-queue

AppArmor PodSecurityPolicy support

Implements the AppArmor PodSecurityPolicy support based on the alpha API proposed [here](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/apparmor.md#pod-security-policy)

This implementation deviates from the original proposal in one way: it adds a separate option for specifying a default profile:
```
apparmor.security.alpha.kubernetes.io/defaultProfileName
```
This has several advantages over the original proposal:

- The default is explicit, rather than implicit on the ordering
- The default can be specified without constraining the allowed profiles
- The allowed profiles can be restricted without specifying a default (requires every pod to explicitly set a profile)

The E2E cluster does not currently enable the PodSecurityPolicy, so I will submit E2E tests in a separate PR.

/cc @dchen1107 @pweil- @sttts @jfrazelle @Amey-D
2016-08-23 03:06:05 -07:00
Kubernetes Submit Queue
6e75fa9745 Merge pull request #31103 from mwielgus/scheduling-alg-provider-flag
Automatic merge from submit-queue

Scheduling algorithm provider flag in kube-up.sh

Follow up of:

#30274 #30992

cc: @piosz @wojtek-t @davidopp
2016-08-23 01:44:54 -07:00
Kubernetes Submit Queue
5d25bffffe Merge pull request #30153 from mikedanese/auto-approve
Automatic merge from submit-queue

add an option to controller-manager to auto approve all CSRs

I think we talked about this.

cc @gtank
2016-08-22 22:24:06 -07:00
Kubernetes Submit Queue
a57561b84d Merge pull request #31162 from ixdy/kubekins-docker
Automatic merge from submit-queue

Use kubekins-test:v20160822 everywhere

A step towards fixing #31148. We also need to update the test-infra repo to use the new e2e image. I'll fold that into https://github.com/kubernetes/test-infra/pull/419.

Both gcr.io/google-containers/kubekins-test:v20160822 and gcr.io/google-containers/e2e-test:v20160822 have already been pushed.
2016-08-22 17:40:53 -07:00
Ivan Shvedunov
0ca373d0a4 Fix overlong junit filename prefixes (2nd attempt) 2016-08-23 01:04:34 +03:00
Jeff Grafton
8e168f8d5a Use kubekins-test:v20160822 everywhere 2016-08-22 14:31:45 -07:00
Mike Danese
9f379df76b add an option to controller-manager to auto approve all CSRs 2016-08-22 11:46:01 -07:00
Marcin Wielgus
11fabd7176 Scheduling algorithm provider flag in kube-up.sh 2016-08-22 17:49:00 +02:00
Kubernetes Submit Queue
53e9832ba3 Merge pull request #31087 from gen0cide-/fix-etcd-version-check
Automatic merge from submit-queue

Updating version check for etcd

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Currently, if you `make build`, etcd is not properly version checked because `etcd -version` does multi-line output. This output cannot be version compared. This small change fixes that.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
```
2016-08-22 05:36:47 -07:00
Kubernetes Submit Queue
36f61007ef Merge pull request #30893 from ivan4th/fix-caching-of-go-dirs
Automatic merge from submit-queue

Fix caching of go dirs during build

Sometimes when you press `^C` during `make` the subsequent attempt to run `make` hangs due to zero-sized cache file for `ALL_GO_DIRS` var in Makefile.generated_files:
```
vagrant@devbox:~/work/kubernetes/src/k8s.io/kubernetes (master *%) $ KUBE_JUNIT_REPORT_DIR=/tmp/art KUBE_COVER=y make test
# hangs...
^CMakefile:279: recipe for target 'generated_files' failed
make: *** [generated_files] Interrupt

vagrant@devbox:~/work/kubernetes/src/k8s.io/kubernetes (master *%) $ ls -l .make/all_go_dirs.mk
-rw-rw-r-- 1 vagrant vagrant 0 Aug 18 15:03 .make/all_go_dirs.mk
```

 Corresponding process subtree looks like the following:
```
└─make test
    └─make -f Makefile.generated_files generated_files
        └─bash -c grep --color=never -l '+k8s:deepcopy-gen='  | xargs -n1 dirname | sort -u
            ├─grep --color=never -l +k8s:deepcopy-gen=
            ├─sort -u
            └─xargs -n1 dirname
```

Let's remove the cache file if `cache_go_dirs.sh` gets interrupted.
2016-08-22 00:54:33 -07:00
Kubernetes Submit Queue
e30c0b8dcd Merge pull request #30906 from wonderfly/version-map
Automatic merge from submit-queue

e2e-runner: Get GCI builtin k8s version from GCS

**What this PR does / why we need it**:
The GCI release qualification tests use builtin k8s version to run tests. They used to get the builtin version by parsing descriptions of the test images, but that's unreliable because the description format could change. This PR makes it to read a file checked in GCS that has the exact k8s version number.

@adityakali @spxtr Can you review?

cc/ @kubernetes/goog-image
2016-08-22 00:15:40 -07:00
Tim St. Clair
293770ef31
AppArmor PodSecurityPolicy implementation 2016-08-21 23:10:45 -07:00
gen0cide-
89a63d0863 Updating version check for etcd 2016-08-21 17:13:52 -07:00
Kubernetes Submit Queue
b51d5c3cc0 Merge pull request #30638 from krousey/metrics_registration
Automatic merge from submit-queue

Remove implicit Prometheus metrics from client

**What this PR does / why we need it**: This PR starts to cut away at dependencies that the client has.

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
The implicit registration of Prometheus metrics for request count and latency have been removed, and a plug-able interface was added. If you were using our client libraries in your own binaries and want these metrics, add the following to your imports in the main package: "k8s.io/pkg/client/metrics/prometheus". 
```

cc: @kubernetes/sig-api-machinery @kubernetes/sig-instrumentation @fgrzadkowski  @wojtek-t
2016-08-21 16:47:05 -07:00
Kubernetes Submit Queue
5d54c55710 Merge pull request #30212 from feiskyer/kuberuntime-flag
Automatic merge from submit-queue

Kubelet: add --container-runtime-endpoint and --image-service-endpoint

Flag `--container-runtime-endpoint` (overrides `--container-runtime`) is introduced to identify the unix socket file of the remote runtime service. And flag `--image-service-endpoint` is introduced to identify the unix socket file of the image service.

This PR is part of #28789 Milestone 0. 

CC @yujuhong @Random-Liu
2016-08-21 12:03:10 -07:00
Kubernetes Submit Queue
c39b584ea2 Merge pull request #30583 from colemickens/fix-hack-path-handling
Automatic merge from submit-queue

fix path handling in hack/lib/init.sh

Jenkinsfile pipeline jobs get cloned into "\<project\> (\<branch\>)". As a result, I can't use certain things in `hack/lib/init.sh`.

This is a small fix for that problem.

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
NONE
```
2016-08-21 10:34:32 -07:00
Kubernetes Submit Queue
a41e6e3817 Merge pull request #30922 from yifan-gu/tls_bootstrap_refactor
Automatic merge from submit-queue

Implement TLS bootstrap for kubelet using `--experimental-bootstrap-kubeconfig`  (2nd take)

Ref kubernetes/features#43 (comment)

cc @gtank @philips @mikedanese @aaronlevy @liggitt @deads2k @errordeveloper @justinsb 


Continue on the older PR https://github.com/kubernetes/kubernetes/pull/30094 as there are too many comments on that one and it's not loadable now.
2016-08-21 03:47:07 -07:00
Girish Kalele
282880f549 Code review changes 2016-08-20 19:49:30 -07:00
Kubernetes Submit Queue
ada58f5ff2 Merge pull request #30823 from nikhiljindal/swaggerDocs
Automatic merge from submit-queue

Adding a script to fetch swagger spec from federation apiserver

First step for https://github.com/kubernetes/kubernetes/issues/30541.
Next step is to generate docs like http://kubernetes.io/docs/api-reference/v1/definitions/ from this swagger spec.

cc @kubernetes/sig-cluster-federation @kubernetes/sig-api-machinery
2016-08-20 18:09:58 -07:00
Kubernetes Submit Queue
1de78d5a90 Merge pull request #30631 from ecordell/webhook-admission
Automatic merge from submit-queue

ImagePolicyWebhook Admission Controller

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**: This is an implementation of the [image provenance proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/image-provenance.md). It also includes the API definitions by @Q-Lee from https://github.com/kubernetes/kubernetes/pull/30241

**Special notes for your reviewer**:
Please note that this is the first admission controller to make use of the admission controller config file (`--admission-controller-config-file`). I have defined a format for it but we may want to double check it's adequate for future use cases as well.

The format defined is:

```
{
  "imagePolicy": {
     "kubeConfigFile": "path/to/kubeconfig/for/backend",
     "allowTTL": 50,          # time in s to cache approval
     "denyTTL": 50,           # time in s to cache denial
     "retryBackoff": 500,      # time in ms to wait between retries
     "defaultAllow": true      # determines behavior if the webhook backend fails
  }
}
```

(or yaml)

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
Adding ImagePolicyWebhook admission controller.
```
2016-08-20 13:39:44 -07:00
Kubernetes Submit Queue
7228ac1984 Merge pull request #31057 from johscheuer/fix-kube-controller-manager.manifest
Automatic merge from submit-queue

Fixes #31056

This PR fixes the issue described in https://github.com/kubernetes/kubernetes/issues/31056 - In https://github.com/kubernetes/kubernetes/blob/master/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest#L82 there is a missing `+` after `" "`

result:
```
==> master: Summary
==> master: -------------
==> master: Succeeded: 52 (changed=43)
==> master: Failed:     0
==> master: -------------
==> master: Total states run:     52
```
2016-08-20 13:00:38 -07:00
Johannes Scheuermann
f8d2b21327 Fixes #31056 2016-08-20 20:24:01 +02:00
Kubernetes Submit Queue
e9947d9ad7 Merge pull request #30813 from bprashanth/kubectl_petset
Automatic merge from submit-queue

Basic scaler/reaper for petset

Currently scaling or upgrading a petset is more complicated than it should be. Would be nice if this made code freeze on friday. I'm planning on a follow up change with generation number and e2es post freeze.
2016-08-20 10:51:07 -07:00
nikhiljindal
56a2458d29 Adding cert and basic auth files for federation-apiserver 2016-08-20 02:17:39 -07:00
Kubernetes Submit Queue
65233e4bf2 Merge pull request #30575 from soltysh/scheduledjobs_e2e
Automatic merge from submit-queue

Scheduledjobs e2e

@janetkuo resubmitted e2e for SJ, I've updated all scripts to consume `KUBE_RUNTIME_CONFIG` properly in 2nd commit, ptal
2016-08-19 23:42:32 -07:00
Kubernetes Submit Queue
010c976ce8 Merge pull request #30468 from jlowdermilk/feature-config
Automatic merge from submit-queue

Feature gates for kube-system components

Implements [this proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/runtimeconfig.md). Adds `--feature-gates` to apiserver, scheduler, controller-manager and proxy.

cc @lavalamp @adityakali
2016-08-19 18:15:19 -07:00
Kubernetes Submit Queue
99295356ed Merge pull request #30937 from fejta/delete
Automatic merge from submit-queue

Delete deprecated dockerized-e2e-runner.sh

We moved this file to the test-infra repo in https://github.com/kubernetes/test-infra/pull/385
2016-08-19 17:22:48 -07:00
Kubernetes Submit Queue
237db0363a Merge pull request #31035 from ixdy/e2e-service-account
Automatic merge from submit-queue

When running inside docker, activate service account ASAP

Also switching to just use `GOOGLE_APPLICATION_CREDENTIALS`, rather than both.

x-ref https://github.com/kubernetes/test-infra/issues/318
2016-08-19 17:22:34 -07:00
Kubernetes Submit Queue
2a6237c000 Merge pull request #31025 from david-mcmahon/fix-set-e
Automatic merge from submit-queue

Fix unbound variable issue (set -e).
2016-08-19 15:46:57 -07:00
Jeff Grafton
8278d1c2ef When running inside docker, activate service account ASAP
Additionally, remove activation code everywhere else, since we do that
already in Jenkins.
2016-08-19 15:41:33 -07:00
Erick Fejta
1e3bc1caa2 Delete deprecated dockerized-e2e-runner.sh 2016-08-19 15:38:52 -07:00
Jordan Liggitt
26a6623261 kubelet: '--experimental-bootstrap-kubeconfig' refactor.
Move bootstrap functions to separate files.
Split some of the functions into small sub-functions for reusability.
Other cleanups
2016-08-19 15:27:23 -07:00
Kubernetes Submit Queue
b29023aa91 Merge pull request #30810 from mnshaw/gubernator-bugs
Automatic merge from submit-queue

Gubernator bug fixes: mv and GCS bucket permissions

Fixed issue where results file was not moved correctly, and also the permissions issue with the GCS bucket.

Will rebase after #30414 is merged

@timstclair
2016-08-19 14:34:56 -07:00
Kubernetes Submit Queue
d40e2296b2 Merge pull request #30630 from silasbw/short-n0
Automatic merge from submit-queue

Add a short `-n` for `kubectl --namespace`

fixes #24078

 `--namespace` is a very common flag for nearly every `kubectl` command we have. We should claim `-n` for it.
2016-08-19 14:34:13 -07:00
David McMahon
3c4f7491c9 Fix unbound variable issue (set -e). 2016-08-19 13:46:00 -07:00
Kris
8d6ce0dcc6 Remove implicit Prometheus metrics from client 2016-08-19 10:11:45 -07:00
Kubernetes Submit Queue
f51e834d63 Merge pull request #30445 from deads2k/get-raw
Automatic merge from submit-queue

add --raw for kubectl get

Adds a `--raw` option to `kubectl get` that allow you specify your URI, but use the transport built by `kubectl`.  This is especially useful when working with secured environments that require authentication and authorization to hit non-api endpoints.  For example, `kubect get --raw /metrics` or if you want to debug a watch with a view at the exact data `kubectl get --raw '/api/v1/namespaces/one/replicationcontrollers?watch=true'`.

@kubernetes/kubectl 
@fabianofranz fyi
2016-08-19 09:29:08 -07:00
Jeff Lowdermilk
51198f59da Add --feature-gates to kube-system components
apiserver,scheduler,controller-manager,proxy,kubelet all get
flag. Using one variable to plumb through config via salt/init
scripts for GCE and GKE
2016-08-19 09:07:43 -07:00
Kubernetes Submit Queue
1e09eb7949 Merge pull request #30500 from wojtek-t/etcd_migration
Automatic merge from submit-queue

Support for etcd migration

@xiang90 @timothysc @hongchaodeng
2016-08-19 00:34:06 -07:00
Kubernetes Submit Queue
b1194ffb43 Merge pull request #30659 from ixdy/disable-kubemark-ppc
Automatic merge from submit-queue

Disable linux/ppc64le compilation by default

Work-around for #30384.

I'm still testing this locally to see if it actually works. The build is slow. (PR Jenkins won't tell us whether this fixes ppc.)

cc @Random-Liu @spxtr @david-mcmahon @luxas
2016-08-18 23:12:09 -07:00
Pengfei Ni
b36ace9a57 Kubelet: add --container-runtime-endpoint and --image-service-endpoint
New flag --container-runtime-endpoint (overrides --container-runtime)
is introduced to kubelet which identifies the unix socket file of
the remote runtime service. And new flag --image-service-endpoint is
introduced to kubelet which identifies the unix socket file of the
image service.
2016-08-19 10:22:44 +08:00
Evan Cordell
711e3cff98 Add new admission controller: image policy webhook 2016-08-18 21:59:45 -04:00
Kubernetes Submit Queue
c5e3b79f32 Merge pull request #30634 from timothysc/etcd3_shouldbe_intergration_tests
Automatic merge from submit-queue

Move UTs that block on apiserver to integration tests. 

In validating etcd.v3client we had uncovered that a change in the behavior of the client https://github.com/coreos/etcd/issues/6162 , caused a number of unit tests to fail.  These test failures were due to the fact that the unit tests were trying to standup a apiserver even though there was no etcd backend stood up.  

This PR simply shuffles those tests to integration tests, which is where they should be. 

/cc @kubernetes/sig-scalability @wojtek-t @hongchaodeng @xiang90
2016-08-18 18:39:13 -07:00
nikhiljindal
d76cdc7482 Adding a script to fetch swagger spec from federation apiserver 2016-08-18 17:19:21 -07:00
bprashanth
05aa040b0f Allow changes to container image for updates 2016-08-18 16:33:51 -07:00
Kubernetes Submit Queue
06cfb18917 Merge pull request #30797 from fejta/e2e2
Automatic merge from submit-queue

Unset a couple GINKGO_TEST_ARGS in kubekins-e2e

Address #30749
2016-08-18 16:25:21 -07:00
Kubernetes Submit Queue
7523669699 Merge pull request #30814 from freehan/lbsrcrevert
Automatic merge from submit-queue

Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE

Reverts kubernetes/kubernetes#30729
2016-08-18 15:34:10 -07:00
Erick Fejta
3b5b70a62f Unset a couple GINKGO_TEST_ARGS in kubekins-e2e 2016-08-18 15:19:23 -07:00
krousey
0e5e6f4a94 Merge pull request #30894 from ivan4th/fix-overlong-junit-prefixes
Fix overlong junit filename prefixes
2016-08-18 15:03:59 -07:00