Skip to content
Permalink
Browse files

Merge remote-tracking branch 'origin/master' into release-1.15. Delet…

…ing CHANGELOG-1.12.md
  • Loading branch information...
Bubblemelon committed May 28, 2019
2 parents 104add0 + b49d429 commit e0677859bbcaf681ea41d731534771a4e9843a17
Showing with 1,209 additions and 740 deletions.
  1. +1 −1 api/openapi-spec/swagger.json
  2. +9 −0 cluster/gce/gci/configure-helper.sh
  3. +1 −1 cmd/kubeadm/app/cmd/init.go
  4. +1 −1 cmd/kubeadm/app/cmd/join.go
  5. +1 −1 cmd/kubeadm/app/cmd/reset.go
  6. +17 −3 hack/verify-symbols.sh
  7. +0 −4 pkg/kubeapiserver/server/insecure_handler.go
  8. +1 −1 pkg/kubelet/dockershim/docker_sandbox.go
  9. +4 −4 pkg/scheduler/framework/v1alpha1/interface.go
  10. +4 −1 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/types.go
  11. +4 −1 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto
  12. +4 −1 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types.go
  13. +2 −2 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation.go
  14. +77 −0 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation_test.go
  15. +6 −5 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/conversion/converter.go
  16. +27 −18 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go
  17. +1 −6 staging/src/k8s.io/apiextensions-apiserver/test/integration/BUILD
  18. +61 −0 staging/src/k8s.io/apiextensions-apiserver/test/integration/conversion/BUILD
  19. +898 −0 staging/src/k8s.io/apiextensions-apiserver/test/integration/conversion/conversion_test.go
  20. +18 −58 staging/src/k8s.io/apiextensions-apiserver/test/integration/{convert → conversion}/webhook.go
  21. +0 −564 staging/src/k8s.io/apiextensions-apiserver/test/integration/conversion_test.go
  22. +0 −29 staging/src/k8s.io/apiextensions-apiserver/test/integration/convert/BUILD
  23. +7 −6 staging/src/k8s.io/apiextensions-apiserver/test/integration/fixtures/server.go
  24. +14 −0 staging/src/k8s.io/apiextensions-apiserver/test/integration/storage/objectreader.go
  25. +1 −1 staging/src/k8s.io/apiextensions-apiserver/test/integration/subresources_test.go
  26. +2 −0 staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
  27. +3 −2 staging/src/k8s.io/legacy-cloud-providers/azure/azure_backoff.go
  28. +5 −0 staging/src/k8s.io/legacy-cloud-providers/azure/azure_backoff_test.go
  29. +3 −0 test/e2e/apimachinery/crd_conversion_webhook.go
  30. +3 −1 test/e2e/apimachinery/crd_publish_openapi.go
  31. +3 −3 test/e2e/common/configmap_volume.go
  32. +1 −1 test/e2e/common/downwardapi_volume.go
  33. +5 −5 test/e2e/common/expansion.go
  34. +4 −4 test/e2e/common/init_container.go
  35. +1 −1 test/e2e/common/node_lease.go
  36. +2 −2 test/e2e/common/privileged.go
  37. +3 −3 test/e2e/common/projected_configmap.go
  38. +1 −1 test/e2e/common/projected_downwardapi.go
  39. +2 −2 test/e2e/common/projected_secret.go
  40. +8 −2 test/e2e/common/runtimeclass.go
  41. +2 −2 test/e2e/common/secrets_volume.go
  42. +1 −2 test/e2e/common/volumes.go
  43. +1 −1 test/e2e/framework/metrics/cluster_autoscaler_metrics.go

Some generated files are not rendered by default. Learn more.

@@ -611,6 +611,15 @@ function create-master-auth {
if [[ -n "${ADDON_MANAGER_TOKEN:-}" ]]; then
append_or_replace_prefixed_line "${known_tokens_csv}" "${ADDON_MANAGER_TOKEN}," "system:addon-manager,uid:system:addon-manager,system:masters"
fi
if [[ -n "${EXTRA_STATIC_AUTH_COMPONENTS:-}" ]]; then
# Create a static Bearer token and kubeconfig for extra, comma-separated components.
IFS="," read -r -a extra_components <<< "${EXTRA_STATIC_AUTH_COMPONENTS:-}"
for extra_component in "${extra_components[@]}"; do
local token="$(secure_random 32)"
append_or_replace_prefixed_line "${known_tokens_csv}" "${token}," "system:${extra_component},uid:system:${extra_component}"
create-kubeconfig "${extra_component}" "${token}"
done
fi
local use_cloud_config="false"
cat <<EOF >/etc/gce.conf
[global]
@@ -103,7 +103,7 @@ type initOptions struct {
// compile-time assert that the local data object satisfies the phases data interface.
var _ phases.InitData = &initData{}

// initData defines all the runtime information used when running the kubeadm init worklow;
// initData defines all the runtime information used when running the kubeadm init workflow;
// this data is shared across all the phases that are included in the workflow.
type initData struct {
cfg *kubeadmapi.InitConfiguration
@@ -133,7 +133,7 @@ type joinOptions struct {
// compile-time assert that the local data object satisfies the phases data interface.
var _ phases.JoinData = &joinData{}

// joinData defines all the runtime information used when running the kubeadm join worklow;
// joinData defines all the runtime information used when running the kubeadm join workflow;
// this data is shared across all the phases that are included in the workflow.
type joinData struct {
cfg *kubeadmapi.JoinConfiguration
@@ -59,7 +59,7 @@ type resetOptions struct {
kubeconfigPath string
}

// resetData defines all the runtime information used when running the kubeadm reset worklow;
// resetData defines all the runtime information used when running the kubeadm reset workflow;
// this data is shared across all the phases that are included in the workflow.
type resetData struct {
certificatesDir string
@@ -23,22 +23,36 @@ source "${KUBE_ROOT}/hack/lib/init.sh"

kube::golang::setup_env

make -C "${KUBE_ROOT}" WHAT=cmd/hyperkube
kube::util::ensure-temp-dir
OUTPUT="${KUBE_TEMP}"/symbols-output
cleanup() {
rm -rf "${OUTPUT}"
}
trap "cleanup" EXIT SIGINT
mkdir -p "${OUTPUT}"

GOLDFLAGS="-w" make -C "${KUBE_ROOT}" WHAT=cmd/hyperkube

# Add other BADSYMBOLS here.
BADSYMBOLS=(
"httptest"
"testify"
"testing[.]"
"TestOnlySetFatalOnDecodeError"
"TrackStorageCleanup"
)

# b/c hyperkube binds everything simply check that for bad symbols
SYMBOLS="$(nm "${KUBE_OUTPUT_HOSTBIN}/hyperkube")"
go tool nm "${KUBE_OUTPUT_HOSTBIN}/hyperkube" > "${OUTPUT}/hyperkube-symbols"

if ! grep -q "NewHyperKubeCommand" "${OUTPUT}/hyperkube-symbols"; then
echo "No symbols found in hyperkube binary."
exit 1
fi

RESULT=0
for BADSYMBOL in "${BADSYMBOLS[@]}"; do
if FOUND=$(echo "$SYMBOLS" | grep "$BADSYMBOL"); then
if FOUND=$(grep "${BADSYMBOL}" < "${OUTPUT}/hyperkube-symbols"); then
echo "Found bad symbol '${BADSYMBOL}':"
echo "$FOUND"
RESULT=1
@@ -24,10 +24,6 @@ import (
genericfilters "k8s.io/apiserver/pkg/server/filters"
)

// DeprecatedInsecureServingInfo is required to serve http. HTTP does NOT include authentication or authorization.
// You shouldn't be using this. It makes sig-auth sad.
// DeprecatedInsecureServingInfo *ServingInfo

// BuildInsecureHandlerChain sets up the server to listen to http. Should be removed.
func BuildInsecureHandlerChain(apiHandler http.Handler, c *server.Config) http.Handler {
handler := apiHandler
@@ -96,7 +96,7 @@ func (ds *dockerService) RunPodSandbox(ctx context.Context, r *runtimeapi.RunPod
}

// Step 2: Create the sandbox container.
if r.GetRuntimeHandler() != "" {
if r.GetRuntimeHandler() != "" && r.GetRuntimeHandler() != runtimeName {
return nil, fmt.Errorf("RuntimeHandler %q not supported", r.GetRuntimeHandler())
}
createConfig, err := ds.makeSandboxDockerConfig(config, image)
@@ -34,14 +34,14 @@ type Code int
const (
// Success means that plugin ran correctly and found pod schedulable.
// NOTE: A nil status is also considered as "Success".
Success Code = 0
Success Code = iota
// Error is used for internal plugin errors, unexpected input, etc.
Error Code = 1
Error
// Unschedulable is used when a plugin finds a pod unschedulable.
// The accompanying status message should explain why the pod is unschedulable.
Unschedulable Code = 2
Unschedulable
// Wait is used when a permit plugin finds a pod scheduling should wait.
Wait Code = 3
Wait
)

// Status indicates the result of running a plugin. It consists of a code and a
@@ -393,8 +393,11 @@ type CustomResourceSubresourceScale struct {
StatusReplicasPath string
// LabelSelectorPath defines the JSON path inside of a CustomResource that corresponds to Scale.Status.Selector.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under .status.
// Must be a JSON Path under .status or .spec.
// Must be set to work with HPA.
// The field pointed by this JSON path must be a string field (not a complex selector struct)
// which contains a serialized label selector in string form.
// More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
// If there is no value under the given path in the CustomResource, the status label selector value in the /scale
// subresource will default to the empty string.
// +optional
@@ -327,8 +327,11 @@ message CustomResourceSubresourceScale {

// LabelSelectorPath defines the JSON path inside of a CustomResource that corresponds to Scale.Status.Selector.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under .status.
// Must be a JSON Path under .status or .spec.
// Must be set to work with HPA.
// The field pointed by this JSON path must be a string field (not a complex selector struct)
// which contains a serialized label selector in string form.
// More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
// If there is no value under the given path in the CustomResource, the status label selector value in the /scale
// subresource will default to the empty string.
// +optional
@@ -412,8 +412,11 @@ type CustomResourceSubresourceScale struct {
StatusReplicasPath string `json:"statusReplicasPath" protobuf:"bytes,2,opt,name=statusReplicasPath"`
// LabelSelectorPath defines the JSON path inside of a CustomResource that corresponds to Scale.Status.Selector.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under .status.
// Must be a JSON Path under .status or .spec.
// Must be set to work with HPA.
// The field pointed by this JSON path must be a string field (not a complex selector struct)
// which contains a serialized label selector in string form.
// More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
// If there is no value under the given path in the CustomResource, the status label selector value in the /scale
// subresource will default to the empty string.
// +optional
@@ -794,8 +794,8 @@ func ValidateCustomResourceDefinitionSubresources(subresources *apiextensions.Cu
if subresources.Scale.LabelSelectorPath != nil && len(*subresources.Scale.LabelSelectorPath) > 0 {
if errs := validateSimpleJSONPath(*subresources.Scale.LabelSelectorPath, fldPath.Child("scale.labelSelectorPath")); len(errs) > 0 {
allErrs = append(allErrs, errs...)
} else if !strings.HasPrefix(*subresources.Scale.LabelSelectorPath, ".status.") {
allErrs = append(allErrs, field.Invalid(fldPath.Child("scale.labelSelectorPath"), subresources.Scale.LabelSelectorPath, "should be a json path under .status"))
} else if !strings.HasPrefix(*subresources.Scale.LabelSelectorPath, ".spec.") && !strings.HasPrefix(*subresources.Scale.LabelSelectorPath, ".status.") {
allErrs = append(allErrs, field.Invalid(fldPath.Child("scale.labelSelectorPath"), subresources.Scale.LabelSelectorPath, "should be a json path under either .spec or .status"))
}
}
}
@@ -1162,6 +1162,83 @@ func TestValidateCustomResourceDefinition(t *testing.T) {
required("spec", "versions[1]", "schema", "openAPIV3Schema"),
},
},
{
name: "labelSelectorPath outside of .spec and .status",
resource: &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{Name: "plural.group.com"},
Spec: apiextensions.CustomResourceDefinitionSpec{
Group: "group.com",
Version: "version0",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
// null labelSelectorPath
Name: "version0",
Served: true,
Storage: true,
Subresources: &apiextensions.CustomResourceSubresources{
Scale: &apiextensions.CustomResourceSubresourceScale{
SpecReplicasPath: ".spec.replicas",
StatusReplicasPath: ".status.replicas",
},
},
},
{
// labelSelectorPath under .status
Name: "version1",
Served: true,
Storage: false,
Subresources: &apiextensions.CustomResourceSubresources{
Scale: &apiextensions.CustomResourceSubresourceScale{
SpecReplicasPath: ".spec.replicas",
StatusReplicasPath: ".status.replicas",
LabelSelectorPath: strPtr(".status.labelSelector"),
},
},
},
{
// labelSelectorPath under .spec
Name: "version2",
Served: true,
Storage: false,
Subresources: &apiextensions.CustomResourceSubresources{
Scale: &apiextensions.CustomResourceSubresourceScale{
SpecReplicasPath: ".spec.replicas",
StatusReplicasPath: ".status.replicas",
LabelSelectorPath: strPtr(".spec.labelSelector"),
},
},
},
{
// labelSelectorPath outside of .spec and .status
Name: "version3",
Served: true,
Storage: false,
Subresources: &apiextensions.CustomResourceSubresources{
Scale: &apiextensions.CustomResourceSubresourceScale{
SpecReplicasPath: ".spec.replicas",
StatusReplicasPath: ".status.replicas",
LabelSelectorPath: strPtr(".labelSelector"),
},
},
},
},
Scope: apiextensions.NamespaceScoped,
Names: apiextensions.CustomResourceDefinitionNames{
Plural: "plural",
Singular: "singular",
Kind: "Plural",
ListKind: "PluralList",
},
PreserveUnknownFields: pointer.BoolPtr(true),
},
Status: apiextensions.CustomResourceDefinitionStatus{
StoredVersions: []string{"version0"},
},
},
errors: []validationMatch{
invalid("spec", "versions[3]", "subresources", "scale", "labelSelectorPath"),
},
},
}

for _, tc := range tests {
@@ -35,14 +35,15 @@ type CRConverterFactory struct {
// webhookConverterFactory is the factory for webhook converters.
// This field should not be used if CustomResourceWebhookConversion feature is disabled.
webhookConverterFactory *webhookConverterFactory
converterMetricFactory *converterMetricFactory
}

// converterMetricFactorySingleton protects us from reregistration of metrics on repeated
// apiextensions-apiserver runs.
var converterMetricFactorySingleton = newConverterMertricFactory()

// NewCRConverterFactory creates a new CRConverterFactory
func NewCRConverterFactory(serviceResolver webhook.ServiceResolver, authResolverWrapper webhook.AuthenticationInfoResolverWrapper) (*CRConverterFactory, error) {
converterFactory := &CRConverterFactory{
converterMetricFactory: newConverterMertricFactory(),
}
converterFactory := &CRConverterFactory{}
if utilfeature.DefaultFeatureGate.Enabled(apiextensionsfeatures.CustomResourceWebhookConversion) {
webhookConverterFactory, err := newWebhookConverterFactory(serviceResolver, authResolverWrapper)
if err != nil {
@@ -72,7 +73,7 @@ func (m *CRConverterFactory) NewConverter(crd *apiextensions.CustomResourceDefin
if err != nil {
return nil, nil, err
}
converter, err = m.converterMetricFactory.addMetrics("webhook", crd.Name, converter)
converter, err = converterMetricFactorySingleton.addMetrics("webhook", crd.Name, converter)
if err != nil {
return nil, nil, err
}

0 comments on commit e067785

Please sign in to comment.
You can’t perform that action at this time.