Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge remote-tracking branch 'origin/master' into release-1.14
  • Loading branch information
hoegaarden committed Mar 11, 2019
2 parents 2676471 + f4d1253 commit 9ef24c9
Show file tree
Hide file tree
Showing 332 changed files with 13,061 additions and 4,237 deletions.
4 changes: 2 additions & 2 deletions Godeps/Godeps.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions SECURITY_CONTACTS
@@ -1,10 +1,10 @@
# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Team to reach out
# They are the contact point for the Product Security Committee to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy)
# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
Expand Down
2,528 changes: 2,527 additions & 1 deletion api/openapi-spec/swagger.json

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions cluster/addons/node-problem-detector/MAINTAINERS.md
@@ -1,6 +1,7 @@
# Maintainers

Random-Liu <lantaol@google.com>
wangzhen127 <zhenw@google.com>


[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/node-problem-detector/MAINTAINERS.md?pixel)]()
8 changes: 8 additions & 0 deletions cluster/addons/node-problem-detector/OWNERS
@@ -0,0 +1,8 @@
# See the OWNERS docs at https://go.k8s.io/owners

approvers:
- Random-Liu
- wangzhen127
reviewers:
- Random-Liu
- wangzhen127
10 changes: 5 additions & 5 deletions cluster/addons/node-problem-detector/npd.yaml
Expand Up @@ -26,28 +26,28 @@ subjects:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: npd-v0.4.1
name: npd-v0.6.2
namespace: kube-system
labels:
k8s-app: node-problem-detector
version: v0.4.1
version: v0.6.2
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: node-problem-detector
version: v0.4.1
version: v0.6.2
template:
metadata:
labels:
k8s-app: node-problem-detector
version: v0.4.1
version: v0.6.2
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: node-problem-detector
image: k8s.gcr.io/node-problem-detector:v0.4.1
image: k8s.gcr.io/node-problem-detector:v0.6.2
command:
- "/bin/sh"
- "-c"
Expand Down
2 changes: 1 addition & 1 deletion cluster/gce/config-default.sh
Expand Up @@ -79,7 +79,7 @@ fi
# you are updating the os image versions, update this variable.
# Also please update corresponding image for node e2e at:
# https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml
GCI_VERSION=${KUBE_GCI_VERSION:-cos-stable-65-10323-64-0}
GCI_VERSION=${KUBE_GCI_VERSION:-cos-beta-73-11647-64-0}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud}
NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
Expand Down
2 changes: 1 addition & 1 deletion cluster/gce/config-test.sh
Expand Up @@ -86,7 +86,7 @@ ALLOWED_NOTREADY_NODES="${ALLOWED_NOTREADY_NODES:-$(($(get-num-nodes) / 100))}"
# you are updating the os image versions, update this variable.
# Also please update corresponding image for node e2e at:
# https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml
GCI_VERSION=${KUBE_GCI_VERSION:-cos-stable-65-10323-64-0}
GCI_VERSION=${KUBE_GCI_VERSION:-cos-beta-73-11647-64-0}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud}
NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
Expand Down
149 changes: 60 additions & 89 deletions cluster/gce/windows/README-GCE-Windows-kube-up.md
Expand Up @@ -2,9 +2,9 @@

## IMPORTANT PLEASE NOTE!
Any time the file structure in the `windows` directory changes, `windows/BUILD`
and `k8s.io/release/lib/releaselib.sh` must be manually updated with the changes.
We HIGHLY recommend not changing the file structure, because consumers of
Kubernetes releases depend on the release structure remaining stable.
and `k8s.io/release/lib/releaselib.sh` must be manually updated with the
changes. We HIGHLY recommend not changing the file structure, because consumers
of Kubernetes releases depend on the release structure remaining stable.

## Bring up the cluster

Expand All @@ -31,48 +31,42 @@ The most straightforward approach to build those binaries is to run `make
release`. However, that builds binaries for all supported platforms, and can be
slow. You can speed up the process by following the instructions below to only
build the necessary binaries.
```
# Fetch the PR: https://github.com/pjh/kubernetes/pull/43
git remote add pjh https://github.com/pjh/kubernetes
git fetch pjh pull/43/head

# Get the commit hash and cherry-pick the commit to your current branch
BUILD_WIN_COMMIT=$(git ls-remote pjh | grep refs/pull/43/head | cut -f 1)
git cherry-pick $BUILD_WIN_COMMIT
```
# Apply https://github.com/pjh/kubernetes/pull/43 to your tree:
curl \
https://patch-diff.githubusercontent.com/raw/pjh/kubernetes/pull/43.patch | \
git apply
# Build binaries for both Linux and Windows
# Build binaries for both Linux and Windows:
make quick-release
```

### 2 Create a Kubernetes cluster
### 2. Create a Kubernetes cluster

You can create a regular Kubernetes cluster or an end-to-end test cluster.
End-to-end test clusters support running the Kubernetes e2e tests and enable
some debugging features such as SSH access on the Windows nodes.

Please make sure you set the environment variables properly following the
instructions in the previous section.

First, set the following environment variables which are required for
controlling the number of Linux and Windows nodes in the cluster and for
enabling IP aliases (which are required for Windows pod routing):
enabling IP aliases (which are required for Windows pod routing). At least one
Linux worker node is required and two are recommended because many default
cluster-addons (e.g., `kube-dns`) need to run on Linux nodes. The master control
plane only runs on Linux.

```
export NUM_NODES=2 # number of Linux nodes
export NUM_WINDOWS_NODES=2
export KUBE_GCE_ENABLE_IP_ALIASES=true
```

If you wish to use `netd` as the CNI plugin for Linux nodes, set these
variables:

```
export KUBE_ENABLE_NETD=true
export KUBE_CUSTOM_NETD_YAML=$(curl -s \
https://raw.githubusercontent.com/GoogleCloudPlatform/netd/master/netd.yaml \
| sed -e 's/^/ /')
```

Now bring up a cluster using one of the following two methods:

#### 2.a Create a regular Kubernetes cluster
#### 2a. Create a regular Kubernetes cluster

```
# Invoke kube-up.sh with these environment variables:
Expand All @@ -87,13 +81,15 @@ To teardown the cluster run:
PROJECT=${CLOUDSDK_CORE_PROJECT} KUBERNETES_SKIP_CONFIRM=y ./cluster/kube-down.sh
```

#### 2.b Create a Kubernetes end-to-end (E2E) test cluster
#### 2b. Create a Kubernetes end-to-end (E2E) test cluster

```
PROJECT=${CLOUDSDK_CORE_PROJECT} go run ./hack/e2e.go -- --up
```
This command, by default, tears down the existing E2E cluster and create a new
one.

This command, by default, tears down any existing E2E cluster and creates a new
one. To teardown the cluster run the same command with `--down` instead of
`--up`.

No matter what type of cluster you chose to create, the result should be a
Kubernetes cluster with one Linux master node, `NUM_NODES` Linux worker nodes
Expand All @@ -108,87 +104,62 @@ brought up correctly:
cluster/gce/windows/smoke-test.sh
```

## Running tests against the cluster

These steps are based on
[kubernetes-sigs/windows-testing](https://github.com/kubernetes-sigs/windows-testing).
Sometimes the first run of the smoke test will fail because it took too long to
pull the Windows test containers. The smoke test will usually pass on the next
attempt.

* TODO(pjh): use patched `cluster/local/util.sh` from
https://github.com/pjh/kubernetes/blob/windows-up/cluster/local/util.sh.
## Running e2e tests against the cluster

* If necessary run `alias kubectl=client/bin/kubectl` .
If you brought up an end-to-end test cluster using the steps above then you can
use the steps below to run K8s e2e tests. These steps are based on
[kubernetes-sigs/windows-testing](https://github.com/kubernetes-sigs/windows-testing).

* Set the following environment variables (these values should make sense if
you built your cluster using the kube-up steps above):
* Build the necessary test binaries. This must be done after every change to
test code.

```
export KUBE_HOME=$(pwd)
export KUBECONFIG=~/.kube/config
export KUBE_MASTER=local
export KUBE_MASTER_NAME=kubernetes-master
export KUBE_MASTER_IP=$(kubectl get node ${KUBE_MASTER_NAME} -o jsonpath='{.status.addresses[?(@.type=="ExternalIP")].address}')
export KUBE_MASTER_URL=https://${KUBE_MASTER_IP}
export KUBE_MASTER_PORT=443
make WHAT=test/e2e/e2e.test
```

* Download the list of Windows e2e tests:
* Set necessary environment variables and fetch the `run-e2e.sh` script:

```
curl https://raw.githubusercontent.com/e2e-win/e2e-win-prow-deployment/master/repo-list.txt -o ${KUBE_HOME}/repo-list.yaml
export KUBE_TEST_REPO_LIST=${KUBE_HOME}/repo-list.yaml
```

* Download and configure the list of tests to exclude:
export KUBECONFIG=~/.kube/config
export WORKSPACE=$(pwd)
export ARTIFACTS=${WORKSPACE}/e2e-artifacts
curl \
https://raw.githubusercontent.com/yujuhong/gce-k8s-windows-testing/master/run-e2e.sh \
-o ${WORKSPACE}/run-e2e.sh
chmod u+x run-e2e.sh
```
curl https://raw.githubusercontent.com/e2e-win/e2e-win-prow-deployment/master/exclude_conformance_test.txt -o ${KUBE_HOME}/exclude_conformance_test.txt
export EXCLUDED_TESTS=$(cat exclude_conformance_test.txt |
tr -d '\r' | # remove Windows carriage returns
tr -s '\n' '|' | # coalesce newlines into |
tr -s ' ' '.' | # coalesce spaces into .
sed -e 's/[]\[()]/\\&/g' | # escape brackets and parentheses
sed -e 's/.$//g') # remove final | added by tr
```

* Taint the Linux nodes so that test pods will not land on them:

```
export LINUX_NODES=$(kubectl get nodes -l beta.kubernetes.io/os=linux,kubernetes.io/hostname!=${KUBE_MASTER_NAME} -o name)
export LINUX_NODE_COUNT=$(echo ${LINUX_NODES} | wc -w)
for node in $LINUX_NODES; do
kubectl taint node $node node-under-test=false:NoSchedule
done
```
NOTE: `run-e2e.sh` begins with a 5 minute sleep to wait for container images
to be pre-pulled. You'll probably want to edit the script and remove this.

* Build necessary test binaries:
* The canonical arguments for running all Windows e2e tests against a cluster
on GCE can be seen by searching for `--test-cmd-args` in the [test
configuration](https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes/sig-gcp/sig-gcp-windows.yaml#L78)
for the `ci-kubernetes-e2e-windows-gce` continuous test job. These arguments
should be passed to the `run-e2e` script; escape the ginkgo arguments by
adding quotes around them. For example:

```
make WHAT=test/e2e/e2e.test
./run-e2e.sh --node-os-distro=windows \
--ginkgo.focus="\[Conformance\]|\[NodeConformance\]|\[sig-windows\]" \
--ginkgo.skip="\[LinuxOnly\]|\[Serial\]|\[Feature:.+\]" --minStartupPods=8
```

* Run the tests with flags that point at the "local" (already-running) cluster
and that permit the `NoSchedule` Linux nodes:
* Run a single test by setting the ginkgo focus to match your test name; for
example, the "DNS should provide DNS for the cluster" test can be run using:

```
export KUBETEST_ARGS="--ginkgo.noColor=true "\
"--report-dir=${KUBE_HOME}/e2e-reports "\
"--allowed-not-ready-nodes=${LINUX_NODE_COUNT} "\
"--ginkgo.dryRun=false "\
"--ginkgo.focus=\[Conformance\] "\
"--ginkgo.skip=${EXCLUDED_TESTS}"
go run ${KUBE_HOME}/hack/e2e.go -- --verbose-commands \
--ginkgo-parallel=4 \
--check-version-skew=false --test --provider=local \
--test_args="${KUBETEST_ARGS}" &> ${KUBE_HOME}/conformance.out
./run-e2e.sh --node-os-distro=windows \
--ginkgo.focus="provide\sDNS\sfor\sthe\scluster"
```

TODO: copy log files from Windows nodes using some command like:

```
scp -r -o PreferredAuthentications=keyboard-interactive,password \
-o PubkeyAuthentication=no \
user@kubernetes-minion-windows-group-mk0p:C:\\etc\\kubernetes\\logs \
kubetest-logs/
```
Make sure to always include `--node-os-distro=windows` for testing against
Windows nodes.

After the test run completes, log files can be found under the `${ARTIFACTS}`
directory.
2 changes: 1 addition & 1 deletion cluster/kubemark/gce/config-default.sh
Expand Up @@ -40,7 +40,7 @@ EVENT_PD=${EVENT_PD:-false}

MASTER_OS_DISTRIBUTION=${KUBE_MASTER_OS_DISTRIBUTION:-gci}
NODE_OS_DISTRIBUTION=${KUBE_NODE_OS_DISTRIBUTION:-gci}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-cos-stable-65-10323-64-0}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-cos-beta-73-11647-64-0}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud}
CLEANUP_KUBEMARK_IMAGE=${CLEANUP_KUBEMARK_IMAGE:-true}

Expand Down
4 changes: 4 additions & 0 deletions cmd/kube-controller-manager/app/plugins.go
Expand Up @@ -165,6 +165,10 @@ func ProbeControllerVolumePlugins(cloud cloudprovider.Interface, config kubectrl
allPlugins = append(allPlugins, azure_dd.ProbeVolumePlugins()...)
allPlugins = append(allPlugins, photon_pd.ProbeVolumePlugins()...)

if utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
}

return allPlugins
}

Expand Down
2 changes: 1 addition & 1 deletion cmd/kubeadm/app/phases/copycerts/copycerts.go
Expand Up @@ -252,7 +252,7 @@ func getSecret(client clientset.Interface) (*v1.Secret, error) {
secret, err := client.CoreV1().Secrets(metav1.NamespaceSystem).Get(kubeadmconstants.KubeadmCertsSecret, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return nil, errors.Errorf("Secret %q was not found in the %q Namespace. This Secret might have expired. Please, run `kubeadm init phase upload-certs` on a control plane to generate a new one", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem)
return nil, errors.Errorf("Secret %q was not found in the %q Namespace. This Secret might have expired. Please, run `kubeadm init phase upload-certs --experimental-upload-certs` on a control plane to generate a new one", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem)
}
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions hack/.golint_failures
Expand Up @@ -537,8 +537,8 @@ staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/tokentest
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook
staging/src/k8s.io/cli-runtime/pkg/genericclioptions
staging/src/k8s.io/cli-runtime/pkg/genericclioptions/printers
staging/src/k8s.io/cli-runtime/pkg/genericclioptions/resource
staging/src/k8s.io/cli-runtime/pkg/printers
staging/src/k8s.io/cli-runtime/pkg/resource
staging/src/k8s.io/client-go/deprecated-dynamic
staging/src/k8s.io/client-go/discovery
staging/src/k8s.io/client-go/discovery/fake
Expand Down
2 changes: 1 addition & 1 deletion hack/verify-godeps.sh
Expand Up @@ -101,7 +101,7 @@ pushd "${KUBE_ROOT}" > /dev/null 2>&1
ret=1
fi

if ! _out="$(diff -Naupr -x "BUILD" -x "AUTHORS*" -x "CONTRIBUTORS*" vendor "${_kubetmp}/vendor")"; then
if ! _out="$(diff -Naupr -x "BUILD" -x "zz_generated.openapi.go" -x "AUTHORS*" -x "CONTRIBUTORS*" vendor "${_kubetmp}/vendor")"; then
echo "Your vendored results are different:" >&2
echo "${_out}" >&2
echo "Godeps Verify failed." >&2
Expand Down

0 comments on commit 9ef24c9

Please sign in to comment.