Automatic merge from submit-queue (batch tested with PRs 39150, 38615)
Add work queues to PV controller
PV controller should not use Controller.Requeue, as as it is not available in
shared informers. We need to implement our own work queues instead, where we
can enqueue volumes/claims as we want.
Automatic merge from submit-queue
Add Persistent Volume E2E in the context of a disrupted kubelet
This PR adds a test suite for persistent volumes affected by a disrupted kubelet. Two cases are presented:
1. A volume mounted via PVC remains accessible after a kubelet restart.
2. When a pod is deleted while the kubelet is down, the mounted volume is unmounted successfully.
PV controller should not use Controller.Requeue, as as it is not available in
shared informers. We need to implement our own work queues instead where we
can enqueue volumes/claims as we want.
Automatic merge from submit-queue
Remove all MAINTAINER statements in the codebase as they are deprecated
**What this PR does / why we need it**:
ref: https://github.com/docker/docker/pull/25466
**Release note**:
```release-note
Remove all MAINTAINER statements in Dockerfiles in the codebase as they are deprecated by docker
```
@ixdy @thockin (who else should be notified?)
Automatic merge from submit-queue
Remove system:anonymous check from kubectl test
This verbiage doesn't appear when the cluster is `AlwaysAllow` (and just makes the check more brittle).
Follow-on to #39263, this is the last (consistent) failure on [kops-aws](https://k8s-testgrid.appspot.com/google-aws#kops-aws&sort-by-failures=)
Automatic merge from submit-queue
Avoid unnecessary memory allocations
Low-hanging fruits in saving memory allocations. During our 5000-node kubemark runs I've see this:
ControllerManager:
- 40.17% k8s.io/kubernetes/pkg/util/system.IsMasterNode
- 19.04% k8s.io/kubernetes/pkg/controller.(*PodControllerRefManager).Classify
Scheduler:
- 42.74% k8s.io/kubernetes/plugin/pkg/scheduler/algrorithm/predicates.(*MaxPDVolumeCountChecker).filterVolumes
This PR is eliminating all of those.
Automatic merge from submit-queue
CreateNodeSelectorPods should respect parameter
Fix (1): `CreateNodeSelectorPods` should respect parameter `id`.
The existing e2e does not break because it happened use "node-selector" as id, which is the same as the hard coded value.
Fix (2): The current `CreateNodeSelectorPods` does not use `nodeSelector` parameter, it hard coded a label instead.
The reason current e2e does not influenced because we happened use the same label: https://github.com/kubernetes/kubernetes/blob/master/test/e2e/cluster_size_autoscaling.go#L177
Found these bugs during testing #36238
Automatic merge from submit-queue
Begin paths for internationalization in kubectl
This is just the first step, purposely simple so we can get the interface correct.
@kubernetes/sig-cli @deads2k
Automatic merge from submit-queue
Support loading UTF16 files if a byte-order-mark is present
Add support in kubectl for loading UTF16 encoded files if they have a correct BOM (Byte-Order-Mark https://en.wikipedia.org/wiki/Byte_order_mark) at the beginning
of the file. Falls back on UTF8 encoding, if no understandable BOM is present.
Fixes part of https://github.com/kubernetes/kubernetes/issues/39007
@fabianofranz @deads2k @kubernetes/sig-cli-misc
Automatic merge from submit-queue (batch tested with PRs 39059, 39175, 35676, 38655)
ReplicaSet has onwer ref of the Deployment that created it
**What this PR does / why we need it**:
This enabled garbage collection for ReplicaSets and ensures they are owned by their respective Deployment objects.
fixes https://github.com/kubernetes/kubernetes/issues/33845
This is an initial PR to get feedback. Will update this quickly with unit tests if this seems like in the right direction
Automatic merge from submit-queue
In-cluster configs must take flag overrides into account
**What this PR does / why we need it**: Some flags must override in-cluster configs if provided to `kubectl` inside a cluster.
**Which issue this PR fixes**: Fixes https://github.com/kubernetes/kubernetes/issues/38834
**Release note**:
```release-note
Fixed a bug where the --server, --token, and --certificate-authority flags were not overriding the related in-cluster configs when provided in a `kubectl` call inside a cluster.
```
Automatic merge from submit-queue
remove unneeded authenticator dependencies from genericapiserver
Refactors the authenticator options to remove unneeded dependencies.
@sttts
Automatic merge from submit-queue (batch tested with PRs 39146, 39094)
cleanup last e2e authorization failures
Builds on https://github.com/kubernetes/kubernetes/pull/39080. This adds rbac role bindings during e2e tests for test that use SA permissions to loopback to the API server.
Assigned to me until its ready.
Automatic merge from submit-queue
Node E2E: Set user with `--ssh-user` flag when running remote node e2e.
This PR unblocks https://github.com/kubernetes/test-infra/issues/1348.
In our test environment, we must login test instance as user `jenkins` because of the service account. Node e2e is always using the default user on the host, which works fine till now, because it is always run as `jenkins` in our test environment.
However, now we moved the test runner into a docker container, inside the container user is `root` by default, which will cause error:
```
Permission denied (publickey)
```
This PR added a flag `--ssh-user` to explicitly specify the user used to ssh into test instance. The dockerized test runner can set user to `jenkins` with this flag.
@krzyzacy @ixdy
Automatic merge from submit-queue
register batch/jobs to federation-apiserver
register batch/jobs api objects to federation-apiserver
**Release note**:
```release-note
Federation: Add `batch/jobs` API objects to federation-apiserver
```
@quinton-hoole @nikhiljindal @deepak-vij
#34261
Automatic merge from submit-queue
Added 'hollow'-node-problem-detector to hollow-nodes in kubemark
Added node-problem-detector container in kubemark hollow-nodes, which takes in a 'hollow' (having an empty list of rules and conditions) kernel monitor config.
cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue (batch tested with PRs 36751, 38968)
Convert * users/groups to system:authenticated group in ABAC
Part of enabling anonymous auth by default in 1.6 means protecting earlier policies that did not intend to grant access to anonymous users.
This modifies ABAC policies that match `user` or `group` `*` to only match authenticated users.
Docs PR to update examples to use `system:authenticated` or `system:unauthenticated` groups explicitly: https://github.com/kubernetes/kubernetes.github.io/pull/1992
```release-note
ABAC policies using "user":"*" or "group":"*" to match all users or groups will only match authenticated requests. To match unauthenticated requests, ABAC policies must explicitly specify "group":"system:unauthenticated"
```
