Automatic merge from submit-queue
add tokenreviews endpoint to implement webhook
Wires up an API resource under `apis/authentication.k8s.io/v1beta1` to expose the webhook token authentication API as an API resource. This allows one API server to use another for authentication and uses existing policy engines for the "authoritative" API server to controller access to the endpoint.
@cjcullen you wrote the initial type
Automatic merge from submit-queue
Format apiserver options
Trivial change, code formatting only: it was hard to read long lines, and my editor was really slow when scrolling through them.
Automatic merge from submit-queue
Certificate signing controller for TLS bootstrap (alpha)
The controller handles generating and signing certificates when a CertificateSigningRequest has the "Approved" condition. Uses cfssl to support a wide set of possible keys and algorithms. Depends on PR #25562, only the last two commits are relevant to this PR.
cc @mikedanese
[]()
Automatic merge from submit-queue
Unable to have optional message slice
When making a message slice optional, we need to handle one more
conditional case in the rewriter.
@wojtek-t
Automatic merge from submit-queue
Remove GOMAXPROCS() calls because they are unnecessary
Now we're setting GOMAXPROCS when every binary starts up, but we don't have to do that anymore, since we've upgraded to Go 1.6
Documentation for it:
> func GOMAXPROCS(n int) int
> GOMAXPROCS sets the maximum number of CPUs that can be executing simultaneously and returns the previous setting. If n < 1, it does not change the current setting. The number of logical CPUs on the local machine can be queried with NumCPU. This call will go away when the scheduler improves.
A simple program to prove it's unnecessary:
```go
package main
import (
"fmt"
"runtime"
)
func main(){
numCPUBefore := runtime.GOMAXPROCS(runtime.NumCPU())
numCPUAfter := runtime.GOMAXPROCS(runtime.NumCPU())
fmt.Println(numCPUBefore, numCPUAfter)
}
```
Output with Go 1.4.2: `1 4`
Output with Go 1.6.2: `4 4`
So I think we should remove calls to GOMAXPROCS now, and it should be pretty straightforward
@thockin @wojtek-t @gmarek @lavalamp @vishh
Automatic merge from submit-queue
Generate a better Stringer method for proto types
This replaces the bad string output generated by golang/proto with gogo/protobuf stringer generation. Makes the output similar to %#v and more debuggable. We have to have a String() method to implement proto.Message, so this is strictly better.
@wojtek-t, @thockin for after your PR merges
Fixes#28756
Automatic merge from submit-queue
[GarbageCollector] Let the RC manager set/remove ControllerRef
What's done:
* RC manager sets Controller Ref when creating new pods
* RC manager sets Controller Ref when adopting pods with matching labels but having no controller
* RC manager clears Controller Ref when pod labels change
* RC manager clears pods' Controller Ref when rc's selector changes
* RC manager stops adoption/creating/deleting pods when rc's DeletionTimestamp is set
* RC manager bumps up ObservedGeneration: The [original code](https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/replication/replication_controller_utils.go#L36) will do this.
* Integration tests:
* verifies that changing RC's selector or Pod's Labels triggers adoption/abandoning
* e2e tests (separated to #27151):
* verifies GC deletes the pods created by RC if DeleteOptions.OrphanDependents=false, and orphans the pods if DeleteOptions.OrphanDependents=true.
TODO:
- [x] we need to be able to select Pods that have a specific ControllerRef. Then each time we sync the RC, we will iterate through all the Pods that has a controllerRef pointing the RC, event if the labels of the Pod doesn't match the selector of RC anymore. This will prevent a Pod from stuck with a stale controllerRef, which could be caused by the race between abandoner (the goroutine that removes controllerRef) and worker the goroutine that add controllerRef to pods).
- [ ] use controllerRef instead of calling `getPodController`. This might be carried out by the control-plane team.
- [ ] according to the controllerRef proposal (#25256): "For debugging purposes we want to add an adoptionTime annotation prefixed with kubernetes.io/ which will keep the time of last controller ownership transfer." This might be carried out by the control-plane team.
cc @lavalamp @gmarek
Automatic merge from submit-queue
Allow proto tag to define field name
When we introduce a new field for backwards compatibility, we may want
to specify a different protobuf field name (one that matches JSON) than
the automatic transformation applied to the struct field. This allows an
API field to define the name of its protobuf tag.
@wojtek-t hit this while adding protobuf to OpenShift - we have fields we
keep for backward compatibility that need to be assigned a field by name.
Has no impact on existing (already tagged) fields.
Move SystemReserved and KubeReserved into KubeletConfiguration struct
Convert int64 to int32 for some external type fields so they match internal ones
tLS* to tls* for JSON field names
Fix dependency on removed options.AutoDetectCloudProvider
Change floats in KubeletConfiguration API to ints
Update external KubeletConfiguration type
Add defaults for new KubeletConfiguration fields
Modify some defaults to match upstream settings
Add/rename some conversion functions
Updated codegen
Fixed typos
Mike Danese caught that s.NodeLabels wasn't allocated, fix on line 118
of cmd/kubelet/app/options/options.go.
Provide list of valid sources in comment for HostNetworkSources field
Automatic merge from submit-queue
Support terminal resizing for exec/attach/run
```release-note
Add support for terminal resizing for exec, attach, and run. Note that for Docker, exec sessions
inherit the environment from the primary process, so if the container was created with tty=false,
that means the exec session's TERM variable will default to "dumb". Users can override this by
setting TERM=xterm (or whatever is appropriate) to get the correct "smart" terminal behavior.
```
Fixes#13585
Automatic merge from submit-queue
genconversion=false should skip fields during conversion generation
Currently it only skips if the fields don't match, but that leaves no
way for callers to say "no really, ignore this field".
@wojtek-t @thockin *must* be able to ignore a non-convertible field (if the types are different but we still want the autogeneration of everything else)
Automatic merge from submit-queue
Don't panic if we hit a dangling symlink in mungedocs
I hit this because I have a dangling symlink, which would cause a panic.
Add support for terminal resizing for exec, attach, and run. Note that for Docker, exec sessions
inherit the environment from the primary process, so if the container was created with tty=false,
that means the exec session's TERM variable will default to "dumb". Users can override this by
setting TERM=xterm (or whatever is appropriate) to get the correct "smart" terminal behavior.
Automatic merge from submit-queue
controller-manager support number of garbage collector workers to be configurable
The number of garbage collector workers of controller-manager is a fixed value 5 now, make it configurable should more properly
Automatic merge from submit-queue
Unify logging in generators and avoid annoying logs.
@thockin regarding our discussing in the morning
@lavalamp - FYI
