Commit Graph

5396 Commits

Author SHA1 Message Date
Janet Kuo
edabdac094 Implement kubectl rollout history and undo for DaemonSet 2017-06-03 17:10:57 -07:00
Kubernetes Submit Queue
07f85565a2 Merge pull request #36721 from smarterclayton/initializers
Automatic merge from submit-queue

Add initializer support to admission and uninitialized filtering to rest storage

Initializers are the opposite of finalizers - they allow API clients to react to object creation and populate fields prior to other clients seeing them.

High level description:

1. Add `metadata.initializers` field to all objects
2. By default, filter objects with > 0 initializers from LIST and WATCH to preserve legacy client behavior (known as partially-initialized objects)
3. Add an admission controller that populates .initializer values per type, and denies mutation of initializers except by certain privilege levels (you must have the `initialize` verb on a resource)
4. Allow partially-initialized objects to be viewed via LIST and WATCH for initializer types
5. When creating objects, the object is "held" by the server until the initializers list is empty
6. Allow some creators to bypass initialization (set initializers to `[]`), or to have the result returned immediately when the object is created.

The code here should be backwards compatible for all clients because they do not see partially initialized objects unless they GET the resource directly. The watch cache makes checking for partially initialized objects cheap. Some reflectors may need to change to ask for partially-initialized objects.

```release-note
Kubernetes resources, when the `Initializers` admission controller is enabled, can be initialized (defaulting or other additive functions) by other agents in the system prior to those resources being visible to other clients.  An initialized resource is not visible to clients unless they request (for get, list, or watch) to see uninitialized resources with the `?includeUninitialized=true` query parameter.  Once the initializers have completed the resource is then visible.  Clients must have the the ability to perform the `initialize` action on a resource in order to modify it prior to initialization being completed.
```
2017-06-03 07:16:52 -07:00
Kubernetes Submit Queue
e837c3bbc2 Merge pull request #46388 from lavalamp/whitlockjc-generic-webhook-admission
Automatic merge from submit-queue (batch tested with PRs 46239, 46627, 46346, 46388, 46524)

Dynamic webhook admission control plugin

Unit tests pass.

Needs plumbing:
* [ ] service resolver (depends on @wfender PR)
* [x] client cert (depends on ????)
* [ ] hook source (depends on @caesarxuchao PR)

Also at least one thing will need to be renamed after Chao's PR merges.

```release-note
Allow remote admission controllers to be dynamically added and removed by administrators.  External admission controllers make an HTTP POST containing details of the requested action which the service can approve or reject.
```
2017-06-02 23:37:42 -07:00
Clayton Coleman
4ce3907639
Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
Kubernetes Submit Queue
5bf5d45c2b Merge pull request #46192 from cblecker/verify-dockerized
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)

Exclude dockerized verify patterns

**What this PR does / why we need it**:
Change some of the `make verify` logic to allow excluding based on a pattern. Add the `verify-*-dockerized.sh` pattern to the excluded list.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-06-02 18:05:57 -07:00
Kubernetes Submit Queue
caead74171 Merge pull request #45184 from DirectXMan12/feature/metrics-client-gen-tweaks
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)

Tweak client-gen to support metrics API

This PR adds support to client-gen for readonly APIs as well as for customizing the resource name used for a given type.

This is required to support the clients generated for `k8s.io/metrics/pkg/apis/metrics`.

cc @caesarxuchao 

Currently based on #45180

**Release note**:
```release-note
NONE
```
2017-06-02 18:05:50 -07:00
Kubernetes Submit Queue
dcf19e8865 Merge pull request #45865 from caesarxuchao/remove-exception
Automatic merge from submit-queue

remove exception in verify-no-vendor-cycles.sh

The exception is fixed by https://github.com/kubernetes/kubernetes/pull/45758.
2017-06-02 13:02:18 -07:00
Kubernetes Submit Queue
97a5d37841 Merge pull request #40848 from smarterclayton/serverside_get
Automatic merge from submit-queue (batch tested with PRs 46432, 46701, 46326, 40848, 46396)

Add a server side Get operation

Implement proposal kubernetes/community#363

```release-note
The Kubernetes API supports retrieving tabular output for API resources via a new mime-type `application/json;as=Table;v=v1alpha1;g=meta.k8s.io`.  The returned object (if the server supports it) will be of type `meta.k8s.io/v1alpha1` with `Table`, and contain column and row information related to the resource.  Each row will contain information about the resource - by default it will be the object metadata, but callers can add the `?includeObject=Object` query parameter and receive the full object.  In the future kubectl will use this to retrieve the results of `kubectl get`.
```
2017-06-02 11:47:11 -07:00
Kubernetes Submit Queue
f7a1f10275 Merge pull request #45919 from ericchiang/audit-webhook-backend
Automatic merge from submit-queue

apiserver: add a webhook implementation of the audit backend

This builds off of #45315 and is intended to implement an interfaced defined in #45766.

TODO:

- [x] Rebase on top of API types PR.
- [x] Rebase on top of API types updates (#46065)
- [x] Rebase on top of feature flag (#46009)
- [x] Rebase on top of audit instrumentation.
- [x] Hook up API server flag or register plugin (depending on #45766)

Features issue https://github.com/kubernetes/features/issues/22

Design proposal https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auditing.md

```release-notes
Webhook added to the API server which omits structured audit log events.
```

/cc @soltysh @timstclair @soltysh @deads2k
2017-06-01 13:41:59 -07:00
Kubernetes Submit Queue
62435edeff Merge pull request #46448 from dashpole/disk_eviction_defaults
Automatic merge from submit-queue

Set Kubelet Disk Defaults for the 1.7 release

The `--low-diskspace-threshold-mb` flag has been depreciated since 1.6.
This PR sets the default to `0`, and sets defaults for disk eviction based on the values used for our [e2e tests](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/services/kubelet.go#L145).
This also removes the custom defaults for vagrant, as the new defaults should work for it as well.

/assign @derekwaynecarr 
cc @vishh 

```release-note
By default, --low-diskspace-threshold-mb is not set, and --eviction-hard includes "nodefs.available<10%,nodefs.inodesFree<5%"
```
2017-06-01 10:04:27 -07:00
Kubernetes Submit Queue
d3554ac0ce Merge pull request #46709 from wanghaoran1988/fix_46691
Automatic merge from submit-queue

Disable all alpha feature gates by default in local-up-cluster.sh

**What this PR does / why we need it**:
Disable all alpha feature gates by default in local-up-cluster.sh
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #46691

**Special notes for your reviewer**:

**Release note**:
```
None
```
2017-06-01 08:18:15 -07:00
Kubernetes Submit Queue
555fdf425d Merge pull request #46777 from sttts/sttts-inverse-verify-staging-imports-logic
Automatic merge from submit-queue

hack/verify-staging-imports.sh: simplify by negating package list

The forbidden list of repos got lengthy. The inverse is much shorter and easiert to maintain.
2017-06-01 07:11:13 -07:00
Dr. Stefan Schimanski
2b26a946a2 hack/verify-staging-imports.sh: simplify by negating package list 2017-06-01 14:49:13 +02:00
Kubernetes Submit Queue
98e5496aa2 Merge pull request #46677 from enisoc/tpr-migrate-etcd
Automatic merge from submit-queue (batch tested with PRs 43505, 45168, 46439, 46677, 46623)

Add TPR to CRD migration helper.

This is a helper for migrating TPR data to CustomResource. It's rather hacky because it requires crossing apiserver boundaries, but doing it this way keeps the mess contained to the TPR code, which is scheduled for deletion anyway.

It's also not completely hands-free because making it resilient enough to be completely automated is too involved to be worth it for an alpha-to-beta migration, and would require investing significant effort to fix up soon-to-be-deleted TPR code. Instead, this feature will be documented as a best-effort helper whose results should be verified by hand.

The intended benefit of this over a totally manual process is that it should be possible to copy TPR data into a CRD without having to tear everything down in the middle. The process would look like this:

1. Upgrade to k8s 1.7. Nothing happens to your TPRs.
1. Create CRD with group/version and resource names that match the TPR. Still nothing happens to your TPRs, as the CRD is hidden by the overlapping TPR.
1. Delete the TPR. The TPR data is converted to CustomResource data, and the CRD begins serving at the same REST path.

Note that the old TPR data is left behind by this process, so watchers should not receive DELETE events. This also means the user can revert to the pre-migration state by recreating the TPR definition.

Ref. https://github.com/kubernetes/kubernetes/issues/45728
2017-06-01 05:43:44 -07:00
Kubernetes Submit Queue
c365829d01 Merge pull request #46487 from CaoShuFeng/LANG
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

set LANG to 'C' in Makefile

Now we support multi-languages:
https://github.com/kubernetes/kubernetes/tree/master/translations

But some tests support only English. This test fails when LANG is set to zh_CN.UTF-8:
https://github.com/kubernetes/kubernetes/blob/master/hack/make-rules/test-cmd-util.sh#L2838
The expected err string is translated to Chinese:
https://github.com/kubernetes/kubernetes/blob/master/translations/kubectl/zh_CN/LC_MESSAGES/k8s.po#L82

**Release note**:

```
NONE
```
2017-06-01 03:42:12 -07:00
Kubernetes Submit Queue
3e1d68624e Merge pull request #46323 from marun/fed-kubefed-beta-storage-class-annotation
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

[Federation][kubefed]: Use StorageClassName for etcd pvc

This PR updates kubefed to use the StorageClassName field [added in 1.6](http://blog.kubernetes.io/2017/03/dynamic-provisioning-and-storage-classes-kubernetes.html
) for etcd's pvc to allow the user to specify which storage class they want to use.  If no value is provided to ``kubefed init``, the field will not be set, and initialization of the pvc may fail on a cluster without a default storage class configured.

The alpha annotation that was previously used (``volume.alpha.kubernetes.io/storage-class``) was deprecated as of 1.4 according to the following blog post:

http://blog.kubernetes.io/2016/10/dynamic-provisioning-and-storage-in-kubernetes.html

**Release note**:

```
'kubefed init' has been updated to support specification of the storage class (via --etcd-pv-storage-class) for the Persistent Volume Claim (PVC) used for etcd storage.  If --etcd-pv-storage-class is not specified, the default storage class configured for the cluster will be used.
```

cc: @kubernetes/sig-federation-pr-reviews
2017-06-01 03:42:07 -07:00
Kubernetes Submit Queue
bcc674bc9c Merge pull request #46686 from CaoShuFeng/deprecated-flags
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)

Update deprecated flags for "make test-cmd"

**Release note**:

```
NONE
```
2017-06-01 03:42:03 -07:00
Anthony Yeh
ba59e14d44
Add TPR to CRD migration helper. 2017-05-31 19:07:38 -07:00
Christoph Blecker
079abb9ec9
Exclude dockerized verify patterns 2017-05-31 18:08:16 -07:00
Daniel Smith
d6e1140b5d Implement dynamic admission webhooks
Also fix a bug in rest client
2017-05-31 16:38:46 -07:00
Jeremy Whitlock
83d3d59ce0 add "install" package for admission API group
To properly register the types in the admission API group we need to
create an "install" package and wire it up.  This is required by the
webhook admission controller being developed as part of
https://github.com/kubernetes/community/pull/132
2017-05-31 11:41:10 -07:00
Eric Chiang
a88e0187f9 apiserver: add a webhook implementation of the audit backend 2017-05-31 09:45:23 -07:00
Haoran Wang
cadbcf9419 Disable all alpha feature gates by default 2017-05-31 23:30:00 +08:00
Dr. Stefan Schimanski
781d27acac hack/update-swagger-spec.sh: use posix regex syntax 2017-05-31 11:57:03 +02:00
Kubernetes Submit Queue
c79df64306 Merge pull request #46242 from ahmetb/clientgo-examples/crud-deployment
Automatic merge from submit-queue

clientgo/examples: Add CRUD Deployment sample
2017-05-31 01:54:07 -07:00
Cao Shufeng
33cecc3499 Update deprecated flags for "make test-cmd" 2017-05-31 15:20:09 +08:00
Cao Shufeng
58c6200764 set LANG to 'C' for "make test-cmd"
Now we support multi-languages:
https://github.com/kubernetes/kubernetes/tree/master/translations

But some tests support only English. This test fails when LANG is set to zh_CN.UTF-8:
https://github.com/kubernetes/kubernetes/blob/master/hack/make-rules/test-cmd-util.sh#L2838
The expected err string is translated to Chinese:
https://github.com/kubernetes/kubernetes/blob/master/translations/kubectl/zh_CN/LC_MESSAGES/k8s.po#L82
2017-05-31 13:44:16 +08:00
Kubernetes Submit Queue
5995690396 Merge pull request #46076 from liggitt/node-authorizer
Automatic merge from submit-queue

Node authorizer

This PR implements the authorization portion of https://github.com/kubernetes/community/blob/master/contributors/design-proposals/kubelet-authorizer.md and kubernetes/features#279:
* Adds a new authorization mode (`Node`) that authorizes requests from nodes based on a graph of related pods,secrets,configmaps,pvcs, and pvs:
  * Watches pods, adds edges (secret -> pod, configmap -> pod, pvc -> pod, pod -> node)
  * Watches pvs, adds edges (secret -> pv, pv -> pvc)
  * When both Node and RBAC authorization modes are enabled, the default RBAC binding that grants the `system:node` role to the `system:nodes` group is not automatically created.
* Tightens the `NodeRestriction` admission plugin to require identifiable nodes for requests from users in the `system:nodes` group.

This authorization mode is intended to be used in combination with the `NodeRestriction` admission plugin, which limits the pods and nodes a node may modify. To enable in combination with RBAC authorization and the NodeRestriction admission plugin:
* start the API server with `--authorization-mode=Node,RBAC --admission-control=...,NodeRestriction,...`
* start kubelets with TLS boostrapping or with client credentials that place them in the `system:nodes` group with a username of `system:node:<nodeName>`

```release-note
kube-apiserver: a new authorization mode (`--authorization-mode=Node`) authorizes nodes to access secrets, configmaps, persistent volume claims and persistent volumes related to their pods.
* Nodes must use client credentials that place them in the `system:nodes` group with a username of `system:node:<nodeName>` in order to be authorized by the node authorizer (the credentials obtained by the kubelet via TLS bootstrapping satisfy these requirements)
* When used in combination with the `RBAC` authorization mode (`--authorization-mode=Node,RBAC`), the `system:node` role is no longer automatically granted to the `system:nodes` group.
```

```release-note
RBAC: the automatic binding of the `system:node` role to the `system:nodes` group is deprecated and will not be created in future releases. It is recommended that nodes be authorized using the new `Node` authorization mode instead. Installations that wish to continue giving all members of the `system:nodes` group the `system:node` role (which grants broad read access, including all secrets and configmaps) must create an installation-specific ClusterRoleBinding.
```

Follow-up:
- [ ] enable e2e CI environment with admission and authorizer enabled (blocked by kubelet TLS bootstrapping enablement in https://github.com/kubernetes/kubernetes/pull/40760)
- [ ] optionally enable this authorizer and admission plugin in kubeadm
- [ ] optionally enable this authorizer and admission plugin in kube-up
2017-05-30 22:42:54 -07:00
Kubernetes Submit Queue
438e737657 Merge pull request #46415 from shiywang/prvent304
Automatic merge from submit-queue (batch tested with PRs 46635, 45619, 46637, 45059, 46415)

Update url information to prevent http 304 redirection

Although repo [https://github.com/GoogleCloudPlatform/kubernetes](https://github.com/GoogleCloudPlatform/kubernetes) still can be access, but I think one more 304 redirection is no needed

```release-note
NONE
```
2017-05-30 19:49:04 -07:00
Kubernetes Submit Queue
40dcbc4eb3 Merge pull request #46461 from ncdc/e2e-suite-metrics
Automatic merge from submit-queue

Support grabbing test suite metrics

**What this PR does / why we need it**:
Add support for grabbing metrics that cover the entire test suite's execution.

Update the "interesting" controller-manager metrics to match the
current names for the garbage collector, and add namespace controller
metrics to the list.

If you enable `--gather-suite-metrics-at-teardown`, the metrics file is written to a file with a name such as `MetricsForE2ESuite_2017-05-25T20:25:57Z.json` in the `--report-dir`. If you don't specify `--report-dir`, the metrics are written to the test log output.

I'd like to enable this for some of the `pull-*` CI jobs, which will require a separate PR to test-infra.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

@kubernetes/sig-testing-pr-reviews @smarterclayton @wojtek-t @gmarek @derekwaynecarr @timothysc
2017-05-30 16:41:49 -07:00
Jordan Liggitt
fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00
Jordan Liggitt
48a9357926
Add PV util for extracting referenced secrets 2017-05-30 15:12:30 -04:00
Ahmet Alp Balkan
d75710f9f4
client-go: Add CRUD Deployment sample
This sample adds sample code for create/list/replace/delete operations for
Deployment resource for client-go library. This patch also contains
documentation explaining what the example application does and how it can be
executed.

This patch is part of the body of work improving the client library samples.

Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
2017-05-30 09:52:53 -07:00
Kubernetes Submit Queue
d621ebce89 Merge pull request #46116 from ncdc/storageclass-etcd-upgrade
Automatic merge from submit-queue

Support storageclass storage updates to v1

**What this PR does / why we need it**: enable cluster administrators to update storageclasses stored in etcd from storage.k8s.io/v1beta1 to storage.k8s.io/v1. 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**: I had a hard time getting the test to work with how it was handling KUBE_API_VERSIONS and RUNTIME_CONFIG. I would appreciate some extra review attention there. Also, I had to hack in a `cluster-scoped` "namespace" to get the verification portions of the test script to work. I'm definitely open to ideas for how to improve that if needed.

**Release note**:

```release-note
Support updating storageclasses in etcd to storage.k8s.io/v1. You must do this prior to upgrading to 1.8.
```

cc @kubernetes/sig-storage-pr-reviews @kubernetes/sig-api-machinery-pr-reviews @jsafrane @deads2k @saad-ali @enj
2017-05-30 09:31:11 -07:00
deads2k
ce681fe47c move CRD from alpha to beta 2017-05-30 07:57:26 -04:00
Kubernetes Submit Queue
a4e730336d Merge pull request #46566 from xychu/kube-apiserver
Automatic merge from submit-queue (batch tested with PRs 46561, 46566)

Fix golint errors in cmd/kube-apiserver

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-05-30 02:50:57 -07:00
Kubernetes Submit Queue
c866355894 Merge pull request #46561 from zhangxiaoyu-zidif/return-nil-e2e
Automatic merge from submit-queue (batch tested with PRs 46561, 46566)

Return nil when err is nil

**What this PR does / why we need it**:
Return nil directly when err is nil

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-05-30 02:50:55 -07:00
Kubernetes Submit Queue
cc432dbc77 Merge pull request #46594 from xychu/golint
Automatic merge from submit-queue

Fix golint error in apimachinery/pkg/{fields,lables}

Also add these two packages to linted packages lists



**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-05-29 22:02:20 -07:00
Kubernetes Submit Queue
755d368c4a Merge pull request #45782 from mtaufen/no-snat-test
Automatic merge from submit-queue

no-snat test

This test checks that Pods can communicate with each other in the same cluster without SNAT.

I intend to create a job that runs this in small clusters (\~3 nodes) at a low frequency (\~once per day) so that we have a signal as we work on allowing multiple non-masquerade CIDRs to be configured (see [kubernetes-incubator/ip-masq-agent](https://github.com/kubernetes-incubator/ip-masq-agent), for example).

/cc @dnardo
2017-05-29 16:19:46 -07:00
Clayton Coleman
3f41f8fcd1
Add priority and condition to column definitions
Allow the server to indicate additional information along with each row
and table.
2017-05-29 18:23:48 -04:00
Ethan Chu
d7485de02a Fix golint error in apimachinery/pkg/{fields,lables}
Also add these two packages to linted packages lists
2017-05-29 21:07:00 +08:00
Ethan Chu
ec18533f81 Add cmd/kube-apiserver/app/preflight to linted packages list 2017-05-29 20:57:11 +08:00
Dan Winship
0923f860f1 Regenerate files 2017-05-28 10:11:02 -04:00
Dan Winship
0683e55fc1 Add networking.k8s.io v1 API, with NetworkPolicy 2017-05-28 10:11:01 -04:00
Kubernetes Submit Queue
c2667203e4 Merge pull request #45859 from DirectXMan12/refactor/protobuf-for-metrics
Automatic merge from submit-queue

Protobuf generation for k8s.io/metrics

This PR introduces protobuf generation for k8s.io/metrics.  Doing so required:

- fixing a bug in `go-to-protobuf` causing the `cast{key,value,type}` values to not be quoted when coming from struct tags (and not auto-injection by `go-to-protobuf` itself).
- Making sure the proto IDL in k8s.io/client-go had a package name of `k8s.io.client_go.xyz` and not `k8s.io.kubernetes.xyz`.

Additionally, I updated `go-to-protobuf` to skip functions and non-public types when composing the import list, which cuts down on the more bizarre imports in the IDL (like importing the sample API package in every IDL file because it contained `addToScheme`, like every other API package).

We use `castvalue` to force gogo-proto to realize that it should consider the value of the map which underlies `ResourceList` when calculating which imports need to be named.  Otherwise, it ignores the value's type, leading to compilation errors when it later can't find an import it assumed existed.  We accidentally didn't hit this in `k8s.io/kubernetes/pkg/api/v1` since another field coincidentally happens to directly use `resource.Quantity` (the value type of `ResourceList`).

**Release note**:
```release-note
NONE
```
2017-05-27 14:08:46 -07:00
zhangxiaoyu-zidif
6245f34a00 return nil when err is nil 2017-05-27 14:34:45 +08:00
Kubernetes Submit Queue
fdb4fa689e Merge pull request #44742 from cheftako/aggregate
Automatic merge from submit-queue (batch tested with PRs 46302, 44597, 44742, 46554)

Change to aggregator so it calls a user apiservice via its pod IP.

proxy_handler now does a sideways call to lookup the pod IPs for aservice.
It will then pick a random pod IP to forward the use apiserver request to.

**What this PR does / why we need it**: It allows the aggregator to work without setting up the full network stack on the kube master (i.e. with kube-dns or kube-proxy)

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #44619

**Special notes for your reviewer**:

**Release note**:

```release-note
```
2017-05-26 20:39:56 -07:00
Solly Ross
7b8e572d8a [go-to-protobuf] generate proto for k8s.io/metrics
This commit adds the `k8s.io/metrics` APIs to the list of packages for
which to generate protobuf.  Additionally, it adds
`k8s.io/client-go/pkg/apis/v1` as a non-generated (referenced) package.
2017-05-26 19:59:27 -04:00
Kubernetes Submit Queue
899b6c00ba Merge pull request #45809 from CaoShuFeng/non-resource-url-create-rolebinding
Automatic merge from submit-queue

support NonResourceURL for kubectl create clusterrole

Release note:
```release-note
add --non-resource-url to kubectl create clusterrole
```
2017-05-26 16:47:06 -07:00
Walter Fender
ad8a83a7c1 Change to aggregator so it calls a user apiservice via its pod IP.
proxy_handler now uses the endpoint router to map the cluster IP to
appropriate endpoint (Pod) IP for the given resource.
Added code to allow aggregator routing to be optional.
Updated bazel build.
Fixes to cover JLiggit comments.
Added util ResourceLocation method based on Listers.
Fixed issues from verification steps.
Updated to add an interface to obfuscate some of the routing logic.
Collapsed cluster IP resolution in to the aggregator routing
implementation.
Added 2 simple unit tests for ResolveEndpoint
2017-05-26 16:10:01 -07:00