- 04 Dec, 2017 12 commits
-
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kube-apiserver: enable admissionregistration v1beta1 api by default We have this enabled in the GCE cluster and in local-cluster-up, but forgot to switch the default. If we want people to use this feature by default in production clusters, we better enable the API. Moreover, this PR fixes that beta works without alpha. ```release-note Enable admissionregistration.k8s.io/v1beta1 by default in kube-apiserver. ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. certs: add month buckets to expiration metric 7 days isn't enough warning for cert expiration alerting. #56444
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Configure metadata concealment iptables rules in node startup. **What this PR does / why we need it**: Configure iptables rule for metadata concealment at startup so the pod doesn't have to, to reduce memory consumption. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 52013, 56719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Build patch from openapi only for registered types Address the concern in https://github.com/kubernetes/kubernetes/pull/51321#pullrequestreview-80212182. fixes kubernetes/kubectl#156 ```release-note NONE ``` /assign @apelisse
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 52013, 56719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Support autoprobing floating-network-id for openstack cloud provider Currently if user doesn't specify floatingnetwork-id and loadbalancer.openstack.org/floating-network-id annotation, openstack cloud provider can't create a external LoadBalancer service. Actually we can get floatingnetwork-id automatically. If we get multiple floatingnetwork-ids, then ask user to specify one, or we use the floatingnetwork-id to create floatingip for external LoadBalancer service. This is a part of #50726 **Special notes for your reviewer**: /assign @dims **Release note**: ```release-note Support autoprobing floating-network-id for openstack cloud provider ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 56790, 56638). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Make audit batch webhook backend configurable This PR adds an ability to configure key parameters for the most important audit backend at-scale, so that if the default parameters don't fit and audit events are lost/delayed, it's possible to adjust these parameters to fix the problem. In the future those parameters will stay, but will be used to populate the values for the generic buffering backend, both for webhook and log backends. /cc @kubernetes/sig-auth-pr-reviews @sttts @tallclair @ericchiang ```release-note Audit webhook batching parameters are now configurable via command-line flags in the apiserver. ``` ref #54551
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 56790, 56638). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Disable GCE target for network partition tests Disabling until https://github.com/kubernetes/kubernetes/issues/56787 is addressed.
-
foxish authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Revert "Fix for the network partition tests" Reverts kubernetes/kubernetes#56718
-
Anirudh Ramanathan authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Update kubectl to the stable version **What this PR does / why we need it**: Update kubectl to the stable version 1.8.1 **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # fixes #54762 **Special notes for your reviewer**: **Release note**: ``` Update kubectl in the addon-manager to v1.8.4 ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Extracts Volume Attributes from PV.Annotations **What this PR does / why we need it**: This PR fixes an issue with current alpha implementation of CSI that does not pass volume attributes. As a workaround, this PR extracts the volume attributes information from the `PV.Annotations` map during `mounter.SetUpAt` cycle. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #56749 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
-
- 03 Dec, 2017 4 commits
-
-
Vladimir Vivien authored
csi - code review fixes
-
Vladimir Vivien authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. CSI - Fix feature gate bug and add bootstrap RBAC rules **What this PR does / why we need it**: This PR addresses show-stopper bug https://github.com/kubernetes/kubernetes/issues/56532. It fixes the faulty feature gate logic and adds RBAC rules for kube-controller-manager and kubelet that allows `VolumeAttachment` API operations against the api-server. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #56532, #56667 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. fix inter-pod anti-affinity issue This is used to fix: https://github.com/kubernetes/kubernetes/issues/50813
-
- 02 Dec, 2017 3 commits
-
-
Vladimir Vivien authored
This commit tracks chages to fix blocking bugs such as feature gates, rbac rules, usage of csi nodeID to derive attachment ID.
-
Vladimir Vivien authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: Fix bugs in the codebase related to upgrades/downgrades **What this PR does / why we need it**: Fixes bugs related to the upgrade / downgrade paths I found in the codebase Hides the HighAvailability flag from help text as that feature didn't make it in fully Fixes some small things in defaulting and the config JSON schema Fixes a bug when cloud-config is referenced but not mounted into the static pod **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ``` @kubernetes/sig-cluster-lifecycle-pr-reviews
-
- 01 Dec, 2017 14 commits
-
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix for the network partition tests Fix https://github.com/kubernetes/kubernetes/issues/56416 The underlying issue was that after cluster upgrade, the nodes talk to the master using the in-cluster IP. The IPTables rules used for blocking were thus far only effective when the nodes used the external network interface. Reasoning: api-server.log [from gce upgrade cluster](https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-stable1-beta-upgrade-cluster-new/35/artifacts/bootstrap-e2e-master/kube-apiserver.log) > I1201 13:56:34.287956 5 wrap.go:42] PATCH /api/v1/nodes/bootstrap-e2e-minion-group-hv6p/status: (18.100082ms) 200 [[node-problem-detector/v1.4.0 (linux/amd64) kubernetes/$Format] **10.128.0.4:53766**] > I1201 13:56:34.287956 5 wrap.go:42] PATCH /api/v1/nodes/bootstrap-e2e-minion-group-hv6p/status: (18.100082ms) 200 [[node-problem-detector/v1.4.0 (linux/amd64) kubernetes/$Format] **10.128.0.4:53766**] > I1201 13:56:34.515042 5 wrap.go:42] PATCH /api/v1/nodes/bootstrap-e2e-master/status: (4.327563ms) 200 [[kubelet/v1.9.0 (linux/amd64) kubernetes/e067596] **10.128.0.2:41898**] api-server.log [from gce serial](https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-cos-k8sbeta-serial/70/artifacts/test-34cf3ed1e3-master/kube-apiserver.log) > I1201 15:59:46.863961 5 wrap.go:42] GET /api/v1/nodes/test-34cf3ed1e3-minion-group-zr99?resourceVersion=0: (926.753µs) 200 [[kubelet/v1.9.0 (linux/amd64) kubernetes/e067596] **104.154.254.154:40220**] > I1201 15:59:46.881810 5 wrap.go:42] PATCH /api/v1/nodes/test-34cf3ed1e3-minion-group-zr99/status: (10.157704ms) 200 [[kubelet/v1.9.0 (linux/amd64) kubernetes/e067596] **104.154.254.154:40220**] The underlying issue is one of cluster setup - but we can make the test more resilient with this change. cc @krzyzacy @spiffxp @enisoc @jberkus @kubernetes/sig-autoscaling-misc
-
Lucas Käldström authored
-
ymqytw authored
-
Anirudh authored
potentially)
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Update nvidia-gpu-device-plugin addon. This includes changes from GoogleCloudPlatform/container-engine-accelerators#33 **Release note**: ```release-note NONE ``` /sig node /priority critical-urgent /kind bug
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Cluster Autoscaler 1.1.0-beta1 This PR will be shortly followed with one updating Cluster Autoscaler to 1.1.0 (final). ```release-note NONE ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Update Dashboard addon to version 1.8.0 and align /ui redirect with it **What this PR does / why we need it**: In Dashboard 1.8.0 we have introduced a couple of changes (security, settings, new resources etc.) and fixed a lot of bugs. You can check release notes at https://github.com/kubernetes/dashboard/releases/tag/v1.8.0. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note Updated Dashboard add-on to version 1.8.0. - The Dashboard add-on now deploys with https enabled - The Dashboard can be accessed via kubectl proxy at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ - The /ui redirect is deprecated and will be removed in 1.10 ```
-
Marcin Wielgus authored
-
Dr. Stefan Schimanski authored
-
wenlxie authored
-
Dr. Stefan Schimanski authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. AWS: Support for mounting nvme volumes Supports mounting nvme volumes Fixes #56155 ```release-note AWS: Detect EBS volumes mounted via NVME and mount them ```
-
Rohit Agarwal authored
This includes changes from GoogleCloudPlatform/container-engine-accelerators#33
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Return no volume match if prebound PV node affinity doesn't match node **What this PR does / why we need it**: VolumeBindingChecker predicate needs to return false for prebound PVs if the NodeAffinity doesn't match the node. Also fix log formatting in predicate. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #56596 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
-
- 30 Nov, 2017 7 commits
-
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. fix CreateVolume func: use search mode instead **What this PR does / why we need it**: This is a little fall back for CreateVolume func: use search mode for Dedicated kind as @rootfs suggested. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #52396 **Special notes for your reviewer**: I reference the implmentation of v1.6 in the same CreateVolume func https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/cloudprovider/providers/azure/azure_storage.go#L213-L247 **Release note**: ``` fix azure storage account exhausting issue by using azure disk mount ``` /sig azure @rootfs @feiskyer @karataliu
-
David Ashpole authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 56589, 56503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. MustRunAsNonRoot should reject a pod if it has non-numeric USER **What this PR does / why we need it**: This PR modifies kubelet behavior to reject pods with non-numeric USER instead of showing a warning. **Special notes for your reviewer**: Related discussion: https://github.com/kubernetes/community/pull/756#discussion_r143694443 **Release note**: ```release-note kubelet: fix bug where `runAsUser: MustRunAsNonRoot` strategy didn't reject a pod with a non-numeric `USER`. ``` PTAL @pweil- @tallclair @liggitt @Random-Liu CC @simo5 @adelton
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add wildcard tolerations to kube-proxy - Add wildcard tolerations to kube-proxy. - Add `nvidia.com/gpu` toleration to nvidia-gpu-device-plugin. Related to #55080 and #44445. /kind bug /priority critical-urgent /sig scheduling **Release note**: ```release-note kube-proxy addon tolerates all NoExecute and NoSchedule taints by default. ``` /assign @davidopp @bsalamat @vishh @jiayingz
-
Justin Santa Barbara authored
-
Mik Vyatskov authored
Signed-off-by:
Mik Vyatskov <vmik@google.com>
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add andyzhangx as azure reviewer **What this PR does / why we need it**: add andyzhangx as azure reviewer **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ``` none ``` /sig azure /assign @jdumars @brendandburns
-