Skip to content
Permalink
Browse files

Merge remote-tracking branch 'origin/master' into release-1.14

  • Loading branch information...
hoegaarden committed Mar 12, 2019
2 parents 9ef24c9 + a213886 commit b1e389e6f7bd798a8dd162f82b918f509ac5291b
Showing with 906 additions and 122 deletions.
  1. +8 −0 cluster/gce/config-default.sh
  2. +8 −0 cluster/gce/config-test.sh
  3. +15 −0 cluster/gce/gci/configure-helper.sh
  4. +1 −1 cluster/gce/manifests/cluster-autoscaler.manifest
  5. +1 −0 cmd/hyperkube/main.go
  6. +1 −0 cmd/kube-apiserver/app/BUILD
  7. +2 −0 cmd/kube-apiserver/app/aggregator.go
  8. +3 −0 cmd/kube-apiserver/app/apiextensions.go
  9. +5 −0 cmd/kubeadm/app/cmd/init.go
  10. +1 −0 cmd/kubeadm/app/cmd/phases/init/data.go
  11. +1 −0 cmd/kubeadm/app/cmd/phases/init/data_test.go
  12. +5 −2 cmd/kubeadm/app/cmd/phases/init/uploadcerts.go
  13. +1 −1 cmd/kubeadm/app/phases/copycerts/copycerts.go
  14. +26 −6 pkg/kubelet/pod/pod_manager.go
  15. +36 −1 pkg/kubelet/util/manager/cache_based_manager_test.go
  16. +4 −0 pkg/kubelet/util/manager/manager.go
  17. +11 −0 pkg/master/BUILD
  18. +125 −1 pkg/master/master_test.go
  19. +23 −0 pkg/master/storageversionhashdata/BUILD
  20. +4 −0 pkg/master/storageversionhashdata/OWNERS
  21. +111 −0 pkg/master/storageversionhashdata/data.go
  22. +6 −0 pkg/registry/core/namespace/storage/storage.go
  23. +9 −3 pkg/registry/core/service/storage/rest.go
  24. +4 −0 pkg/registry/core/service/storage/rest_test.go
  25. +10 −0 pkg/registry/rbac/clusterrole/policybased/storage.go
  26. +10 −0 pkg/registry/rbac/clusterrolebinding/policybased/storage.go
  27. +10 −0 pkg/registry/rbac/role/policybased/storage.go
  28. +10 −0 pkg/registry/rbac/rolebinding/policybased/storage.go
  29. +3 −1 pkg/util/mount/BUILD
  30. +0 −21 pkg/util/mount/{mount_helper.go → mount_helper_common.go}
  31. +44 −0 pkg/util/mount/mount_helper_unix.go
  32. +68 −0 pkg/util/mount/mount_helper_windows.go
  33. +6 −5 pkg/util/mount/mount_windows.go
  34. +17 −5 pkg/volume/csi/csi_block.go
  35. +34 −0 pkg/volume/csi/csi_client.go
  36. +11 −3 pkg/volume/csi/csi_mounter.go
  37. +4 −16 pkg/volume/csi/csi_plugin.go
  38. +11 −6 pkg/volume/csi/csi_plugin_test.go
  39. +1 −0 pkg/volume/quobyte/quobyte.go
  40. +12 −7 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_discovery_controller.go
  41. +1 −0 staging/src/k8s.io/apiserver/pkg/endpoints/discovery/BUILD
  42. +40 −0 staging/src/k8s.io/apiserver/pkg/endpoints/discovery/storageversionhash.go
  43. +27 −0 staging/src/k8s.io/apiserver/pkg/endpoints/installer.go
  44. +8 −0 staging/src/k8s.io/apiserver/pkg/features/kube_features.go
  45. +11 −0 staging/src/k8s.io/apiserver/pkg/registry/generic/registry/store.go
  46. +9 −0 staging/src/k8s.io/apiserver/pkg/registry/rest/rest.go
  47. +11 −9 staging/src/k8s.io/apiserver/pkg/server/storage/storage_codec.go
  48. +2 −2 staging/src/k8s.io/apiserver/pkg/server/storage/storage_factory.go
  49. +5 −0 staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go
  50. +5 −1 staging/src/k8s.io/client-go/tools/watch/retrywatcher.go
  51. +3 −0 staging/src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD
  52. +5 −1 staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go
  53. +2 −0 test/e2e/apimachinery/BUILD
  54. +78 −0 test/e2e/apimachinery/discovery.go
  55. +35 −28 test/e2e/common/node_lease.go
  56. +1 −1 test/images/audit-proxy/Dockerfile
  57. +1 −1 test/images/audit-proxy/VERSION
@@ -413,6 +413,14 @@ if [[ -n "${LOGROTATE_MAX_SIZE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} LOGROTATE_MAX_SIZE"
fi

if [[ -n "${POD_LOG_MAX_FILE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} POD_LOG_MAX_FILE"
fi

if [[ -n "${POD_LOG_MAX_SIZE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} POD_LOG_MAX_SIZE"
fi

# Fluentd requirements
# YAML exists to trigger a configuration refresh when changes are made.
FLUENTD_GCP_YAML_VERSION="v3.2.0"
@@ -432,6 +432,14 @@ if [[ -n "${LOGROTATE_MAX_SIZE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} LOGROTATE_MAX_SIZE"
fi

if [[ -n "${POD_LOG_MAX_FILE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} POD_LOG_MAX_FILE"
fi

if [[ -n "${POD_LOG_MAX_SIZE:-}" ]]; then
PROVIDER_VARS="${PROVIDER_VARS:-} POD_LOG_MAX_SIZE"
fi

# Fluentd requirements
# YAML exists to trigger a configuration refresh when changes are made.
FLUENTD_GCP_YAML_VERSION="v3.2.0"
@@ -374,6 +374,21 @@ function setup-logrotate() {
}
EOF

# Configure log rotation for pod logs in /var/log/pods/NAMESPACE_NAME_UID.
cat > /etc/logrotate.d/allpodlogs <<EOF
/var/log/pods/*/*.log {
rotate ${POD_LOG_MAX_FILE:-5}
copytruncate
missingok
notifempty
compress
maxsize ${POD_LOG_MAX_SIZE:-5M}
daily
dateext
dateformat -%Y%m%d-%s
create 0644 root root
}
EOF
}

# Finds the master PD device; returns it in MASTER_PD_DEVICE
@@ -17,7 +17,7 @@
"containers": [
{
"name": "cluster-autoscaler",
"image": "k8s.gcr.io/cluster-autoscaler:v1.13.0",
"image": "k8s.gcr.io/cluster-autoscaler:v1.14.0-beta.1",
"livenessProbe": {
"httpGet": {
"path": "/health-check",
@@ -142,6 +142,7 @@ func NewHyperKubeCommand(stopCh <-chan struct{}) (*cobra.Command, []func() *cobr
}
cmd.Flags().BoolVar(&makeSymlinksFlag, "make-symlinks", makeSymlinksFlag, "create a symlink for each server in current directory")
cmd.Flags().MarkHidden("make-symlinks") // hide this flag from appearing in servers' usage output
cmd.Flags().MarkDeprecated("make-symlinks", "This feature will be removed in a later release.")

for i := range commandFns {
cmd.AddCommand(commandFns[i]())
@@ -39,6 +39,7 @@ go_library(
"//staging/src/k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion:go_default_library",
"//staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/options:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
@@ -30,6 +30,7 @@ import (

apiextensionsinformers "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/admission"
@@ -79,6 +80,7 @@ func createAggregatorConfig(
etcdOptions := *commandOptions.Etcd
etcdOptions.StorageConfig.Paging = utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking)
etcdOptions.StorageConfig.Codec = aggregatorscheme.Codecs.LegacyCodec(v1beta1.SchemeGroupVersion, v1.SchemeGroupVersion)
etcdOptions.StorageConfig.EncodeVersioner = runtime.NewMultiGroupVersioner(v1beta1.SchemeGroupVersion, schema.GroupKind{Group: v1beta1.GroupName})
genericConfig.RESTOptionsGetter = &genericoptions.SimpleRestOptionsFactory{Options: etcdOptions}

// override MergedResourceConfig with aggregator defaults and registry
@@ -23,6 +23,8 @@ import (
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
apiextensionsoptions "k8s.io/apiextensions-apiserver/pkg/cmd/server/options"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/admission"
"k8s.io/apiserver/pkg/features"
genericapiserver "k8s.io/apiserver/pkg/server"
@@ -61,6 +63,7 @@ func createAPIExtensionsConfig(
etcdOptions := *commandOptions.Etcd
etcdOptions.StorageConfig.Paging = utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking)
etcdOptions.StorageConfig.Codec = apiextensionsapiserver.Codecs.LegacyCodec(v1beta1.SchemeGroupVersion)
etcdOptions.StorageConfig.EncodeVersioner = runtime.NewMultiGroupVersioner(v1beta1.SchemeGroupVersion, schema.GroupKind{Group: v1beta1.GroupName})
genericConfig.RESTOptionsGetter = &genericoptions.SimpleRestOptionsFactory{Options: etcdOptions}

// override MergedResourceConfig with apiextensions defaults and registry
@@ -379,6 +379,11 @@ func (d *initData) SetCertificateKey(key string) {
d.certificateKey = key
}

// SkipCertificateKeyPrint returns the skipCertificateKeyPrint flag.
func (d *initData) SkipCertificateKeyPrint() bool {
return d.skipCertificateKeyPrint
}

// Cfg returns initConfiguration.
func (d *initData) Cfg() *kubeadmapi.InitConfiguration {
return d.cfg
@@ -30,6 +30,7 @@ type InitData interface {
UploadCerts() bool
CertificateKey() string
SetCertificateKey(key string)
SkipCertificateKeyPrint() bool
Cfg() *kubeadmapi.InitConfiguration
DryRun() bool
SkipTokenPrint() bool
@@ -33,6 +33,7 @@ var _ InitData = &testInitData{}
func (t *testInitData) UploadCerts() bool { return false }
func (t *testInitData) CertificateKey() string { return "" }
func (t *testInitData) SetCertificateKey(key string) {}
func (t *testInitData) SkipCertificateKeyPrint() bool { return false }
func (t *testInitData) Cfg() *kubeadmapi.InitConfiguration { return nil }
func (t *testInitData) DryRun() bool { return false }
func (t *testInitData) SkipTokenPrint() bool { return false }
@@ -21,7 +21,6 @@ import (

"github.com/pkg/errors"

"k8s.io/klog"
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
@@ -40,6 +39,7 @@ func NewUploadCertsPhase() workflow.Phase {
options.CfgPath,
options.UploadCerts,
options.CertificateKey,
options.SkipCertificateKeyPrint,
},
}
}
@@ -51,7 +51,7 @@ func runUploadCerts(c workflow.RunData) error {
}

if !data.UploadCerts() {
klog.V(1).Infoln("[upload-certs] Skipping certs upload")
fmt.Printf("[upload-certs] Skipping phase. Please see --%s\n", options.UploadCerts)
return nil
}
client, err := data.Client()
@@ -70,5 +70,8 @@ func runUploadCerts(c workflow.RunData) error {
if err := copycerts.UploadCerts(client, data.Cfg(), data.CertificateKey()); err != nil {
return errors.Wrap(err, "error uploading certs")
}
if !data.SkipCertificateKeyPrint() {
fmt.Printf("[upload-certs] Using certificate key:\n%s\n", data.CertificateKey())
}
return nil
}
@@ -85,7 +85,7 @@ func CreateCertificateKey() (string, error) {

//UploadCerts save certs needs to join a new control-plane on kubeadm-certs sercret.
func UploadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration, key string) error {
fmt.Printf("[upload-certs] storing the certificates in ConfigMap %q in the %q Namespace\n", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem)
fmt.Printf("[upload-certs] Storing the certificates in ConfigMap %q in the %q Namespace\n", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem)
decodedKey, err := hex.DecodeString(key)
if err != nil {
return err
@@ -168,20 +168,40 @@ func (pm *basicManager) UpdatePod(pod *v1.Pod) {
}
}

func isPodInTerminatedState(pod *v1.Pod) bool {
return pod.Status.Phase == v1.PodFailed || pod.Status.Phase == v1.PodSucceeded
}

// updatePodsInternal replaces the given pods in the current state of the
// manager, updating the various indices. The caller is assumed to hold the
// lock.
func (pm *basicManager) updatePodsInternal(pods ...*v1.Pod) {
for _, pod := range pods {
if pm.secretManager != nil {
// TODO: Consider detecting only status update and in such case do
// not register pod, as it doesn't really matter.
pm.secretManager.RegisterPod(pod)
if isPodInTerminatedState(pod) {
// Pods that are in terminated state and no longer running can be
// ignored as they no longer require access to secrets.
// It is especially important in watch-based manager, to avoid
// unnecessary watches for terminated pods waiting for GC.
pm.secretManager.UnregisterPod(pod)
} else {
// TODO: Consider detecting only status update and in such case do
// not register pod, as it doesn't really matter.
pm.secretManager.RegisterPod(pod)
}
}
if pm.configMapManager != nil {
// TODO: Consider detecting only status update and in such case do
// not register pod, as it doesn't really matter.
pm.configMapManager.RegisterPod(pod)
if isPodInTerminatedState(pod) {
// Pods that are in terminated state and no longer running can be
// ignored as they no longer require access to configmaps.
// It is especially important in watch-based manager, to avoid
// unnecessary watches for terminated pods waiting for GC.
pm.configMapManager.UnregisterPod(pod)
} else {
// TODO: Consider detecting only status update and in such case do
// not register pod, as it doesn't really matter.
pm.configMapManager.RegisterPod(pod)
}
}
podFullName := kubecontainer.GetPodFullName(pod)
// This logic relies on a static pod and its mirror to have the same name.
@@ -24,7 +24,7 @@ import (
"testing"
"time"

"k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"

apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -429,6 +429,41 @@ func TestCacheInvalidation(t *testing.T) {
fakeClient.ClearActions()
}

func TestRegisterIdempotence(t *testing.T) {
fakeClient := &fake.Clientset{}
fakeClock := clock.NewFakeClock(time.Now())
store := newSecretStore(fakeClient, fakeClock, noObjectTTL, time.Minute)
manager := newCacheBasedSecretManager(store)

s1 := secretsToAttach{
imagePullSecretNames: []string{"s1"},
}

refs := func(ns, name string) int {
store.lock.Lock()
defer store.lock.Unlock()
item, ok := store.items[objectKey{ns, name}]
if !ok {
return 0
}
return item.refCount
}

manager.RegisterPod(podWithSecrets("ns1", "name1", s1))
assert.Equal(t, 1, refs("ns1", "s1"))
manager.RegisterPod(podWithSecrets("ns1", "name1", s1))
assert.Equal(t, 1, refs("ns1", "s1"))
manager.RegisterPod(podWithSecrets("ns1", "name2", s1))
assert.Equal(t, 2, refs("ns1", "s1"))

manager.UnregisterPod(podWithSecrets("ns1", "name1", s1))
assert.Equal(t, 1, refs("ns1", "s1"))
manager.UnregisterPod(podWithSecrets("ns1", "name1", s1))
assert.Equal(t, 1, refs("ns1", "s1"))
manager.UnregisterPod(podWithSecrets("ns1", "name2", s1))
assert.Equal(t, 0, refs("ns1", "s1"))
}

func TestCacheRefcounts(t *testing.T) {
fakeClient := &fake.Clientset{}
fakeClock := clock.NewFakeClock(time.Now())
@@ -32,10 +32,14 @@ type Manager interface {
// i.e. should not block on network operations.

// RegisterPod registers all objects referenced from a given pod.
//
// NOTE: All implementations of RegisterPod should be idempotent.
RegisterPod(pod *v1.Pod)

// UnregisterPod unregisters objects referenced from a given pod that are not
// used by any other registered pod.
//
// NOTE: All implementations of UnregisterPod should be idempotent.
UnregisterPod(pod *v1.Pod)
}

@@ -141,10 +141,13 @@ go_test(
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/api/testapi:go_default_library",
"//pkg/apis/batch:go_default_library",
"//pkg/apis/core:go_default_library",
"//pkg/apis/storage:go_default_library",
"//pkg/generated/openapi:go_default_library",
"//pkg/kubelet/client:go_default_library",
"//pkg/master/reconcilers:go_default_library",
"//pkg/master/storageversionhashdata:go_default_library",
"//pkg/registry/certificates/rest:go_default_library",
"//pkg/registry/core/rest:go_default_library",
"//pkg/registry/registrytest:go_default_library",
@@ -154,16 +157,23 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/api/apitesting/naming:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/version:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizerfactory:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/endpoints/openapi:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/resourceconfig:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/storage/etcd/testing:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature/testing:go_default_library",
"//staging/src/k8s.io/client-go/discovery:go_default_library",
"//staging/src/k8s.io/client-go/informers:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
@@ -191,6 +201,7 @@ filegroup(
"//pkg/master/controller/crdregistration:all-srcs",
"//pkg/master/ports:all-srcs",
"//pkg/master/reconcilers:all-srcs",
"//pkg/master/storageversionhashdata:all-srcs",
"//pkg/master/tunneler:all-srcs",
],
tags = ["automanaged"],
Oops, something went wrong.

0 comments on commit b1e389e

Please sign in to comment.
You can’t perform that action at this time.