Automatic merge from submit-queue
Prune unused parameters and call only once
Two parameters of `InstallServiceErrorHandler` were not used. Pruning them allows us to move the service error handler installation for each api group to be moved into the constructor.
Automatic merge from submit-queue
Fix cache expiration check
The check for whether an entry in the `forceLiveLookup` cache had expired was backwards. Fixed the logic and added tests
Automatic merge from submit-queue
Fixed a bug that causes k8s to delete all healthmonitors on your OpenStack tenant
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
The OpenStack LBaaS v2 api does not support filtering health monitors by pool_id, so /lbaas/healthmonitors?pool_id=abc123 will always return all health monitors in your OpenStack tenant.
This presents a problem when, in the very next block of code, we loop over the list of monitorIDs and delete them one-by-one. This will delete all the health monitors in your tenant without warning.
Fortunately, we already got the healthmonitor IDs when we built the list of pools. Using those, we can delete only those healthmonitors associated with our pool(s).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
The main issue here was the use of v2_monitors.List(lbaas.network, v2_monitors.ListOpts{PoolID: poolID}). This is trying to filter healthmonitors by pool_id, but that is not supported by the API. It creates a call like /lbaas/healthmonitors?pool_id=abc123. The API server ignores the pool_id parameter and returns a list of all healthmonitors (which k8s then tries to delete).
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
```
Automatic merge from submit-queue
add port validate when --port is set or --expose=true
```shell
$ kubectl run nginx --image=nginx --port=88888 --expose=true
The Deployment "nginx" is invalid.
spec.template.spec.containers[0].ports[0].containerPort: Invalid value: 88888: must be between 1 and 65535, inclusive
$ kubectl run nginx --image=nginx --port=0 --expose=true
error: --port must be a positive integer when exposing a service
```
1. when port is greater than 65535, port is required between 1 and 65535 and deployment 'nginx' can not be created.
2. when port is less than 1, port is not validated and deployment 'nginx' can be created. But service will be created failed.
so i add this change:
when --port is set or --expose=true, validate port range so that error reported can be the same when port is greater than 65535 or less than 1.
And this can also find the port range error before creating the deployment other than during creating the deployment.
Automatic merge from submit-queue
Update kubectl create message when using --dry-run
`kubectl create <resource> <name> --dry-run` provides a misleading success
message.
When commands such as `kubectl new-app node` are run with a
`--dry-run` flag, they make this clear by appending a "(DRY RUN)"
string to the final output. `kubectl create <resource> <name> --dry-run`
does not do this, providing a potentially misleading output.
This patch appends a "(DRY RUN)" string to the end of a successful
message of `kubectl create` subcommands that support the `--dry-run` flag.
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created
```
`kubectl create quota quota --dry-run`
```
resourcequota "quota" created (DRY RUN)
```
**Release note**:
```release-note
release-note-none
```
Automatic merge from submit-queue
Fix DaemonSet namespace handling for predicates
In order to determine whether a node should run its daemon pod,
DaemonController creates a dummy pod based on DaemonSet's template and
then uses scheduler predicates (currently GeneralPredicates) to test
whether such pod can be run by the node. The problem was that
DaemonController was not setting Namespace for the dummy pod. This was
not affecting currently used GeneralPredicates but this problem could
bite later when some namespace-dependent predicates are added to
GeneralPredicates or directly to DaemonController's node checks
(e.g. pod affinity).
Stumbled upon it while working on e2e test for #31136
Automatic merge from submit-queue
Pass SelectionPredicate instead of Filter to storage layer
Depends on #31189 (first commit).
ref: #29888
What?
This PR removes the filtering logic and passes SelectionPredicate to storage layer.
Why?
Filter doesn't provide enough information of and isn't the right abstraction for indexing. We need to pass in SelectionPredicate instead.
Automatic merge from submit-queue
Default HTTP2 on, post fixes from #29001
This reverts commit 8cb799c789.
Enables HTTP2 on by default post fixes from https://github.com/kubernetes/kubernetes/issues/29001 for 1.5
NOTE: We are nearing lb connection limits at current thresholds.
/cc @bradfitz @lavalamp @smarterclayton
In order to determine whether a node should run its daemon pod,
DaemonController creates a dummy pod based on DaemonSet's template and
then uses scheduler predicates (currently GeneralPredicates) to test
whether such pod can be run by the node. The problem was that
DaemonController was not setting Namespace for the dummy pod. This was
not affecting currently used GeneralPredicates but this problem could
bite later when some namespace-dependent predicates are added to
GeneralPredicates or directly to DaemonController's node checks
(e.g. pod affinity).
Stumbled upon it while working on e2e test for #31136
Automatic merge from submit-queue
start creating controller SA roles. start with just one
This creates a clusterrole for the replicationcontroller controller. It also streamlines the rule creation code and I'll use this role as practice for wiring up RBAC rules.
@kubernetes/sig-auth
@ericchiang Jordan is ooto, mind taking a look?
Automatic merge from submit-queue
remove the clientset adapter
This removes the clientset adapter entirely. There is one focused adapter that remains in a single e2e test. Every other reference was removed.
Automatic merge from submit-queue
move the REST storage creation to its proper packages
Moves the `RESTStorageProvider` interfaces to their proper packages.
Automatic merge from submit-queue
Do not report error when deleting an attached volume
Persistent volume controller should not send warning events to a PV and mark the PV as failed when the volume is still attached.
This happens when a user quickly deletes a pod and associated PVC - PV is slowly detaching, while the PVC is already deleted and the PV enters Failed phase.
`Deleter.Deleter` can now return `tryAgainError`, which is sent as INFO to the PV to let the user know we did not forget to delete the PV, however the PV stays in Released state. The controller tries again in the next sync (15 seconds by default).
Fixes#31511
Automatic merge from submit-queue
Remove kubectl namespace command
**What this PR does / why we need it**:
It removes deprecated `kubectl namespace` command, which `has been superseded by the context.namespace field of .kubeconfig files. See 'kubectl config set-context --help' for more details`. It was done nearly two years ago, so like `// TODO remove once people have been given enough time to notice` comment says it may be a good time to get rid of it.
**Special notes for your reviewer**:
None ATM.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
Remove kubectl namespace command
```
Automatic merge from submit-queue
simplify RC listers
Make the RC and SVC listers use the common list functions that more closely match client APIs, are consistent with other listers, and avoid unnecessary copies.
Automatic merge from submit-queue
CRI: add Message in ContainerStatus
Kubernetes expects a brief CamelCase string as "Reason" and a human-readable
string as "Message" in the conatiner status. It is difficult for kubelet to
derive the other one if the runtime only provides one of the two fields.
Augment the API by adding the "Message" field.
/cc @kubernetes/sig-node
Automatic merge from submit-queue
kuberuntime: include container hash in backoff keys
We should reset the backoff if the content of the container has been updated.
Part of #33189
Kubernetes expects a brief CamelCase string as "Reason" and a human-readable
string as "Message" in the conatiner status. It is difficult for kubelet to
derive the other one if the runtime only provides one of the two fields.
Augment the API by adding the "Message" field.
Automatic merge from submit-queue
Fix API Installer to generate unique Operation IDs
OperationIDs generated by api_installer.go may not be unique and that causes long auto-generated function names in swagger generated clients. This is a step toward making those IDs unique.
Reference Issue kubernetes/features#53 and #13414
Automatic merge from submit-queue
Allow garbage collection to work against different API prefixes
The GC needs to build clients based only on Resource or Kind. Hoist the
restmapper out of the controller and the clientpool, support a new
ClientForGroupVersionKind and ClientForGroupVersionResource, and use the
appropriate one in both places.
Allows OpenShift to use the GC
Automatic merge from submit-queue
Remove hacks from ScheduledJobs cron spec parsing
Previusly `github.com/robfig/cron` library did not allow passing cron spec without seconds. First commit updates the library, which has additional method ParseStandard which follows the standard cron spec, iow. minute, hour, day of month, month, day of week.
@janetkuo @erictune as promised in #30227 I've updated the library and now I'm updating it in k8s
Automatic merge from submit-queue
oidc authenticator: allow string value as groups claim
Allow the group claim to be a single string instead of an array of
strings. This means the following claim
{
"role": "admin"
}
Will be mapped to the groups
["admin"]
cc @kubernetes/sig-auth @mlbiam
closes#33290
