Automatic merge from submit-queue
add deploy for deployment in kubectl set image help text
add shorthand deploy for deployment in kubectl set image help text
Automatic merge from submit-queue
change annotate_resources to valid_resources
annotate_resources missing some resources such as deployment, namespace.
i think using valid_resources to replace annotate_resources more suitable.
Automatic merge from submit-queue
kubectl edit: Do not add warning header if ftype is json.
This PR blocks adding warning header if `kubectl edit` is used with `-o json` option.
Fixed header contains comment (what is not supported by json standard) what can break utilities which are using libraries that conforms with http://www.ietf.org/rfc/rfc7159.txtfixes#29524
/cc @pwittrock
```release-note
Removed comments in json config when using kubectl edit with -o json
```
Automatic merge from submit-queue
Make a vSphere cluster the failure_zone
vSphere cloud provider returns the FailureZone as Cluster, if the VM belongs to a ResourcePool under a Cluster.
fixes: #30933
* Currently the vSphere cloud provider treats Datacenter as the failure
Zone. This doesn't necessarily work since in the current implemention
Kubernetes nodes cannot span Datacenters.
* This change introduces Clusters as the failure zone, while treating
Datacenters as Regions
* Also updated tests for Zones
Automatic merge from submit-queue
Fix named pipe in kubectl zsh completion
This PR fixes#28049
Though my zsh version > 5.0, I still got the problem. So, I think we need this fix.
---
### Env
```
OS: Ubuntu 14.04
$ zsh --version
zsh 5.0.2 (x86_64-pc-linux-gnu)
```
### A simple DEMO to show the root cause
In zsh and bash, a multi-line named pipe, who is wrapped by parenthesis, is possible to mismatch the "right parenthesis", even that parenthesis is in a here-document.
The following script was going to use `sed` to print the text in the 'BASH_COMPLETION_EOF' here-document.
> * I made the `sed` simpler. As you can see, `sed` actually does nothing here. It just prints what it gets from `<<`). In real [`pkg/kubectl/cmd/completion.go`](https://github.com/kubernetes/kubernetes/blob/v1.3.5/pkg/kubectl/cmd/completion.go#L246-L258), `sed` will do some text replacement, changing bash functions to zsh functions. But that is not the point of the problem.
> * I use `cat <(...)` to replace the `source <(...)`.
> In this way, we can see how named pipe works.
run-bad.zsh:
```bash
#!/usr/bin/zsh
cat <(sed -e 's/foo/bar/g' <<'BASH_COMPLETION_EOF'
aaa='aaa'
case aaa in
'aaa') # <- This ')' is in a here-document, but it is handled by named pipe by mistake.
echo 'yes'
;;
esac
BASH_COMPLETION_EOF
)
```
> Output:
> ```
> ./run-bad.zsh
> aaa='aaa'
> case aaa in
> 'aaa'yes <- You can see the here-document `echo yes` has been executed!!!
> ./run-bad.zsh:8: parse error near `;;'
> ```
The named pipe `<(sed ...` "eats" the `)`, which should belong to `case aaa in 'aaa')`. So that the named pipe ends earlier than expectation. The left zsh code is broken, it fails.
### Here's the fix
Move the code into a function, and use an inline named pipe.
run.zsh:
```bash
#!/usr/bin/zsh
print_sed_result() {
sed -e 's/foo/bar/g' <<'BASH_COMPLETION_EOF'
aaa='aaa'
case aaa in
'aaa')
echo 'yes'
;;
esac
BASH_COMPLETION_EOF
}
cat <(print_sed_result) # <- Use an inline named pipe
```
> Output:
> ```
> ./run.zsh > stack@docker-dev01
> aaa='aaa'
> case aaa in
> 'aaa')
> echo 'yes'
> ;;
> esac
> ```
Now, the here-document and named pipe work correctly.
Automatic merge from submit-queue
Make @rootfs the assignee for various volumes
This, combined with the '/lgtm' capability of reviewers means you can approve
PRs. @rootfs - I assume you're OK with this?
Automatic merge from submit-queue
Typos and englishify pkg/cloudprovider + pkg/dns + pkg/kubectl
**What this PR does / why we need it**: Just fixed some typos + "englishify" in pkg/cloudprovider + pkg/dns + pkg/kubectl
**Which issue this PR fixes** : None
**Special notes for your reviewer**: It's just fixes typos
**Release note**: `NONE`
Automatic merge from submit-queue
kubelet_test.go: use assertions
Switch most of the tests in this file to using the assert library
(`github.com/stretchr/testify/assert`) in the tests for better readability and
less code in general.
Automatic merge from submit-queue
retry oauth token fetch in gce cloudprovider
Fixes https://github.com/kubernetes/kubernetes/issues/31560
The oauth client fetches a token on the initial request of that client. Let's warm the cache.
cc @goltermann @lavalamp
Automatic merge from submit-queue
Fix PSP update validation
Issues fixed:
- apparmor annotations were not being validated
- sysctl annotations were not being validated
- `ValidateObjectMetaUpdate` parameters were reversed
/cc @sttts
---
1.4 justification:
- Risk: If I did something wrong, valid updates could be rejected or invalid updates accepted.
- Rollback: Nothing should depend on this behavior
- Cost: As it stands, the PSP can be updated to an invalid state. The cost of this is relatively low, but a bad user experience.
Automatic merge from submit-queue
Fix PSP volumes error message
Was:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.containers[0].securityContext.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Now:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Also, only perform the validation once (by moving it from `ValidateContainerSecurityContext` to `ValidatePodSecurityContext`).
---
1.4 Justification:
- Risk: low, this is just altering an error message
- Rollback: nothing should depend on this functionality
- Cost: the old error message didn't make any sense (there are no volumes on a container SecurityContext). This is fixing a bug.
Automatic merge from submit-queue
Added printing of clarification for `object creation` request in case of object is in the process of graceful deletion
## **Output example:**
### # kubectl create -f ./pod.yaml
`pod "test-pod" created`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": pods "test-pod" already exists`
### # kubectl delete pods/test-pod
`pod "test-pod" deleted`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": object is being deleted: pods "test-pod" already exists`
Automatic merge from submit-queue
[GarbageCollector] GC retries failed garbage collection
The code was buried in #30483, which we decided to put off to 1.5.
Automatic merge from submit-queue
Update node status instead of node in kubelet
#31730 added code for the Kubelet to reconcile the existing and new nodes in order to annotate existing nodes with the annotation for controller-managed attach-detach. However, it used `Update` instead of `UpdateStatus`, which changes the operations the node's token needs to be permitted to use. Using `UpdateStatus` is functionally equivalent and maintains the same set of permissions nodes need to have today.
I'm adding this with the 1.4 milestone because it is a follow-on to a 1.4 PR and fixes a downstream bug (which won't surface to Kube).
Automatic merge from submit-queue
Namespace certificates API group
New API groups should follow best-practices for naming, including using DNS names within the k8s.io namespace
```release-note
The certificates API group has been renamed to certificates.k8s.io
```
Automatic merge from submit-queue
Namespace controller deletes pods last
I think this fixes https://github.com/kubernetes/kubernetes/issues/29308 or at least helps further reduce the incidence.
This PR changes the order in which namespace controller prioritizes resources for deletion. It deletes all resources before deleting pods. The rationale for this change is to broadcast deletion of controllers that spawn pods first rather than trip those controllers up into thinking they should spawn more pods which would increase the risk of causing races with the `NamespaceLifecycle` admission plug-in. Many of those controllers also are not rate-limited in the face of rejection, so rather than promote a situation where they are rejected, we promote a situation that removes those things first.
Automatic merge from submit-queue
Post event message for volume attachment
This PR is to add event message when attaching volume fails to help
users to debug. For detach failure, may address in a different PR since
it requires more data structure change.
Automatic merge from submit-queue
Revert "daemonset controller should respect taints"
Reverts kubernetes/kubernetes#31020
We will be unreverting with some modifications after v1.4.
cc @pwittrock @davidopp
Switch most of the tests in this file to using the assert/require library
(in `github.com/stretchr/testify`) in the tests for better readability and
less code in general.
Automatic merge from submit-queue
Ignore v1 bindings in namespace controller deletion
Fixes https://github.com/kubernetes/kubernetes/issues/31735
Ideally, in the long run, we can let clients built from discovery (and not requiring all of swagger) to know the verbs.
/cc @lavalamp
This PR is to add event message when attaching volume fails to help
users to debug. For detach failure, may address in a different PR since
it requires more data structure change.
