Using new fake clientset registry exposes the actual flow on pending
namespace finalization: get namespace, create finalizer, list pods and
delete namespace if there are no pods.
Since fake clientset now correctly tracks objects created by deployment
controller, it triggers different controller behavior: controller only
creates replica set once and updates deployment once.
Fake clientset no longer needs to be prepopulated with records: keeping
them in leads to the name conflict on creates. Also, since fake
clientset now respects namespaces, we need to correctly populate them.
Fake clientset is used by unit tests extensively but it has some
shortcomings:
- no filtering on namespace and name: tests that want to test objects in
multiple namespaces end up getting all objects from this clientset,
as it doesn't perform any filtering based on name and namespace;
- updates and deletes don't modify the clientset state, so some tests
can get unexpected results if they modify/delete objects using the
clientset;
- it's possible to insert multiple objects with the same
kind/name/namespace, this leads to confusing behavior, as retrieval is
based on the insertion order, but anchors on the last added object as
long as no more objects are added.
This change changes core.ObjectRetriever implementation to track object
adds, updates and deletes.
Some unit tests were depending on the previous (and somewhat incorrect)
behavior. These are fixed in the following few commits.
Automatic merge from submit-queue
vSphere provider - Adding config for working dir
This allows the user the set "working-dir" in their vsphere.cfg file.
The value should be a path in the vSphere datastore in which the
provider will look for vms. This should help compartmentalize
workloads in vSphere.
Automatic merge from submit-queue
Add EndpointReconcilerConfig to master Config
Add EndpointReconcilerConfig to master Config to allow downstream integrators to customize the reconciler and reconciliation interval when starting a customized master
@kubernetes/sig-api-machinery @deads2k @smarterclayton @liggitt @kubernetes/rh-cluster-infra
sync.WaitGroup produces data races when a GoroutineMap is empty and Wait() and
Run() are called at the same time.
From sync.WaitGroup:
Note that calls with a positive delta that occur when the counter is zero
must happen before a Wait.
Fixes#28128
Automatic merge from submit-queue
Convert service account token controller to use a work queue
Converts the service account token controller to use a work queue. This allows parallelization of token generation (useful when there are several simultaneous namespaces or service accounts being created). It also lets us requeue failures to be retried sooned than the next sync period (which can be very long).
Fixes an issue seen when a namespace is created with secrets quotaed, and the token controller tries to create a token secret prior to the quota status having been initialized. In that case, the secret is rejected at admission, and the token controller wasn't retrying until the resync period.
Automatic merge from submit-queue
Fix initialization of volume controller caches.
Fix `PersistentVolumeController.initializeCaches()` to pass pointers to volume or claim to `storeObjectUpdate()` and add extra functions to enforce that the right types are checked in the future.
Fixes#28076
This allows the user the set "working-dir" in their vsphere.cfg file.
The value should be a path in the vSphere datastore in which the
provider will look for vms.
Automatic merge from submit-queue
Should verify --secure-port and --insecure-port when starting kube-apiserver
When starting kube-apiserver, if we pass the flag `--secure-port` or `--insecure-port` with an invalid value (i.e. < 1 or > 65535), though there is an error message, the apiserver still runs normally. Actually, it should exit (as when not passing the flag `--etcd-servers` does), or else it's meaningless.
This fix is similar to #27762.
Maybe there is still other flags which have to be verified, if found, I will try to fix them.
Before fix:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1 &
[1] 1500
root@vm:/home/paas/zxp/log/kube# E0623 04:14:15.378332 1500 controller.go:97] Unable to perform initial Kubernetes service initialization: Endpoints "kubernetes" is invalid: [subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive, subsets[0].ports[0].port: Invalid value: -1: must be between 1 and 65535, inclusive]
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] listing is available at https://172.16.1.11:-1/swaggerapi/
[restful] 2016/06/23 04:14:15 log.go:30: [restful/swagger] https://172.16.1.11:-1/swaggerui/ is mapped to folder /swagger-ui/
E0623 04:14:15.422742 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube#
root@vm:/home/paas/zxp/log/kube# E0623 04:14:30.425211 1500 genericapiserver.go:730] Unable to listen for secure (listen tcp: invalid port -1); will try again.
root@vm:/home/paas/zxp/log/kube# ps -ef|grep kube
root 1500 13507 1 04:14 pts/1 00:00:00 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --secure-port=-1
```
After:
```
root@vm:/home/paas/zxp/log/kube# kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1 &
[1] 10570
root@vm:/home/paas/zxp/log/kube# F0623 05:37:16.124206 10570 genericapiserver.go:594] --insecure-port -1 must be between 1 and 65535, inclusive
goroutine 1 [running]:
k8s.io/kubernetes/vendor/github.com/golang/glog.stacks(0x4418400, 0x0, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:766 +0xb8
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).output(0x43f7f60, 0xc800000003, 0xc8200e4600, 0x42b2d5a, 0x13, 0x252, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:717 +0x259
k8s.io/kubernetes/vendor/github.com/golang/glog.(*loggingT).printf(0x43f7f60, 0xc800000003, 0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:655 +0x1d4
k8s.io/kubernetes/vendor/github.com/golang/glog.Fatalf(0x32278a0, 0x39, 0xc82037ac90, 0x1, 0x1)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/golang/glog/glog.go:1145 +0x5d
k8s.io/kubernetes/pkg/genericapiserver.verifyInsecurePort(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:594 +0x103
k8s.io/kubernetes/pkg/genericapiserver.ValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:603 +0x59
k8s.io/kubernetes/pkg/genericapiserver.DefaultAndValidateRunOptions(0xc820199800)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/genericapiserver/genericapiserver.go:607 +0x4e
k8s.io/kubernetes/cmd/kube-apiserver/app.Run(0xc820468b40, 0x0, 0x0)
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:83 +0x344
main.main()
/home/paas/zxp/code/k8s/train_test/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/apiserver.go:50 +0x121
[1]+ Exit 255 kube-apiserver --etcd-servers=http://172.16.1.11:4001 --service-cluster-ip-range=192.168.122.0/24 --insecure-bind-address=0.0.0.0 --logtostderr=false --log-dir=/home/paas/zxp/log/kube --v=10 --insecure-port=-1
root@vm:/home/paas/zxp/log/kube#
```
Add EndpointReconcilerConfig to master Config to allow downstream integrators to customize the reconciler
and reconciliation interval when starting a customized master.
Fix PersistentVolumeController.initializeCaches() to pass pointers to volume
or claim to storeObjectUpdate() and add extra functions to enforce that the
right types are checked in the future.
Fixes#28076
The one side effect is that for the "kubectl help" commands a newline
is prepended to output, which will alter the yaml output.
Here we use dedent to format the code to match the output.
hack/update-generated-docs.sh has been run and the affected files have
been added.
Note: for describe.go we added a period to the end of an output message.
