Skip to content
Permalink
Browse files

Merge remote-tracking branch 'origin/master' into release-1.17

  • Loading branch information
cpanato committed Nov 17, 2019
2 parents 034eb14 + beaf3a2 commit fdf93bc4997f79570f6579e5837e984e73010405
Showing with 384 additions and 124 deletions.
  1. +2 −0 api/openapi-spec/swagger.json
  2. +2 −2 build/common.sh
  3. +0 −14 build/debian-base/Dockerfile.build
  4. +6 −6 build/debian-base/Makefile
  5. +19 −1 build/debian-iptables/Dockerfile
  6. +2 −2 build/debian-iptables/Makefile
  7. +44 −0 build/debian-iptables/iptables-wrapper
  8. +14 −14 build/workspace.bzl
  9. +26 −0 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
  10. +30 −2 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema.go
  11. +26 −0 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto
  12. +30 −2 staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types_jsonschema.go
  13. +1 −1 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go
  14. +10 −2 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/BUILD
  15. +65 −0 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/formats.go
  16. +31 −0 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/formats_test.go
  17. +2 −2 staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go
  18. +5 −5 staging/src/k8s.io/apimachinery/pkg/util/cache/expiring.go
  19. +10 −2 staging/src/k8s.io/apimachinery/pkg/util/cache/expiring_test.go
  20. +16 −12 staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
  21. +4 −3 staging/src/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go
  22. +17 −14 staging/src/k8s.io/apiserver/pkg/storage/value/metrics.go
  23. +20 −36 staging/src/k8s.io/apiserver/pkg/storage/value/metrics_test.go
  24. +1 −1 test/e2e/apimachinery/crd_publish_openapi.go
  25. +1 −3 test/e2e/framework/metrics/interesting_metrics.go

Some generated files are not rendered by default. Learn more.

@@ -94,8 +94,8 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730
# $1 - server architecture
kube::build::get_docker_wrapped_binaries() {
local arch=$1
local debian_base_version=v1.0.0
local debian_iptables_version=v11.0.2
local debian_base_version=v2.0.0
local debian_iptables_version=v12.0.1
### If you change any of these lists, please also update DOCKERIZED_BINARIES
### in build/BUILD. And kube::golang::server_image_targets
local targets=(
@@ -41,28 +41,14 @@ RUN apt-mark hold apt gnupg adduser passwd libsemanage1 libcap2
# Several utilities (e.g. ping) were kept for usefulness, but may be removed in later versions.
RUN echo "Yes, do as I say!" | apt-get purge \
bash \
debconf-i18n \
e2fslibs \
e2fsprogs \
init \
initscripts \
libcap2-bin \
libkmod2 \
libmount1 \
libsmartcols1 \
libudev1 \
libblkid1 \
libncursesw5 \
libprocps6 \
libslang2 \
libss2 \
libsystemd0 \
libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl \
ncurses-base \
ncurses-bin \
systemd \
systemd-sysv \
sysv-rc \
tzdata

# No-op stubs replace some unnecessary binaries that may be depended on in the install process (in
@@ -18,7 +18,7 @@ REGISTRY ?= staging-k8s.gcr.io
IMAGE ?= $(REGISTRY)/debian-base
BUILD_IMAGE ?= debian-build

TAG ?= v1.0.0
TAG ?= v2.0.0

TAR_FILE ?= rootfs.tar
ARCH?=amd64
@@ -33,22 +33,22 @@ SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
export DOCKER_CLI_EXPERIMENTAL := enabled

ifeq ($(ARCH),amd64)
BASEIMAGE?=debian:stretch
BASEIMAGE?=debian:buster-slim
endif
ifeq ($(ARCH),arm)
BASEIMAGE?=arm32v7/debian:stretch
BASEIMAGE?=arm32v7/debian:buster-slim
QEMUARCH=arm
endif
ifeq ($(ARCH),arm64)
BASEIMAGE?=arm64v8/debian:stretch
BASEIMAGE?=arm64v8/debian:buster-slim
QEMUARCH=aarch64
endif
ifeq ($(ARCH),ppc64le)
BASEIMAGE?=ppc64le/debian:stretch
BASEIMAGE?=ppc64le/debian:buster-slim
QEMUARCH=ppc64le
endif
ifeq ($(ARCH),s390x)
BASEIMAGE?=s390x/debian:stretch
BASEIMAGE?=s390x/debian:buster-slim
QEMUARCH=s390x
endif

@@ -14,10 +14,28 @@

FROM BASEIMAGE

# Install latest iptables package from buster-backports
RUN echo deb http://deb.debian.org/debian buster-backports main >> /etc/apt/sources.list; \
apt-get update; \
apt-get -t buster-backports -y --no-install-recommends install iptables

# Install other dependencies and then clean up apt caches
RUN clean-install \
conntrack \
ebtables \
ipset \
iptables \
kmod \
netbase

# Install iptables wrapper scripts to detect the correct iptables mode
# the first time any of them is run
COPY iptables-wrapper /usr/sbin/iptables-wrapper

RUN update-alternatives \
--install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \
--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper
RUN update-alternatives \
--install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \
--slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper
@@ -16,12 +16,12 @@

REGISTRY?="staging-k8s.gcr.io"
IMAGE=$(REGISTRY)/debian-iptables
TAG?=v11.0.2
TAG?=v12.0.1
ARCH?=amd64
ALL_ARCH = amd64 arm arm64 ppc64le s390x
TEMP_DIR:=$(shell mktemp -d)

BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):v1.0.0
BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):v2.0.0

# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled
@@ -0,0 +1,44 @@
#!/bin/sh

# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -e

# Detect whether the base system is using iptables-legacy or
# iptables-nft. This assumes that some non-containerized process (eg
# kubelet) has already created some iptables rules.

# Bugs in iptables-nft 1.8.3 may cause it to get stuck in a loop in
# some circumstances, so we have to run the nft check in a timeout. To
# avoid hitting that timeout, we only bother to even check nft if
# legacy iptables was empty / mostly empty.

num_legacy_lines=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep '^-' | wc -l)
if [ "${num_legacy_lines}" -ge 10 ]; then
mode=legacy
else
num_nft_lines=$( (timeout 5 sh -c "iptables-nft-save; ip6tables-nft-save" || true) 2>/dev/null | grep '^-' | wc -l)
if [ "${num_legacy_lines}" -ge "${num_nft_lines}" ]; then
mode=legacy
else
mode=nft
fi
fi

update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null

# Now re-exec the original command with the newly-selected alternative
exec "$0" "$@"
@@ -73,21 +73,21 @@ def cri_tarballs():

# Use go get -u github.com/estesp/manifest-tool to find these values
_DEBIAN_BASE_DIGEST = {
"manifest": "sha256:6966a0aedd7592c18ff2dd803c08bd85780ee19f5e3a2e7cf908a4cd837afcde",
"amd64": "sha256:8ccb65cd2dd7e0c24193d0742a20e4a673dbd11af5a33f16fcd471a31486866c",
"arm": "sha256:3432b41de3f6dfffdc1386fce961cfd1f9f8e208b3a35070e10ef3e2a733cb17",
"arm64": "sha256:9189251e1d1eb4126d6e6add2e272338f9c8a6a3db38863044625bca4b667f31",
"ppc64le": "sha256:50aa659e1e75e4231ee8293c3b4115e5755bb0517142b9b4bddbc134bf4354db",
"s390x": "sha256:bbb8ee3a2aaca738c00809f450233d98029fea4e319d8faaa30aa94c8b17a806",
"manifest": "sha256:ebda8587ec0f49eb88ee3a608ef018484908cbc5aa32556a0d78356088c185d4",
"amd64": "sha256:d7be39e143d4e6677a28c81c0a84868b40800fc979dea1848bb19d526668a00c",
"arm": "sha256:fc731da13b0bc9013b85a86b583fc92e50869b5bc8e7aa6ca730ec0240954c7d",
"arm64": "sha256:12502c3eed050fa9b6d5fe353a44bfc5f437dc325c8912b1a48dcc180df36f1e",
"ppc64le": "sha256:4277aa59b63c5a1369e6d84a295ecc4ffa08985dcf114de9f7b6de1af4fcbc86",
"s390x": "sha256:78ef2a6b017539379c1654b4e52ba8519bfec821c62d0b3a1dbd15104b711e21",
}

_DEBIAN_IPTABLES_DIGEST = {
"manifest": "sha256:b522b0035dba3ac2d5c0dbaaf8217bd66248e790332ccfdf653e0f943a280dcf",
"amd64": "sha256:adc40e9ec817c15d35b26d1d6aa4d0f8096fba4c99e26a026159bb0bc98c6a89",
"arm": "sha256:58e8a1d3b187eed2d8d3664cd1c9723e5029698714a24dfca4b6ef42ea27a9d4",
"arm64": "sha256:1a63fdd216fe7b84561d40ab1ebaa0daae1fc73e4232a6caffbd8353d9a14cea",
"ppc64le": "sha256:9f90adbc7513cc96d92fcec7633c4b29e766dd31cf876af03c0b54374e22fa9c",
"s390x": "sha256:4f147708deff2a0163ee49b6980cc95423514bec5f4091612d65773b898fbdae",
"manifest": "sha256:d1cd487e89fb4cba853cd3a948a6e9016faf66f2a7bb53cb1ac6b6c9cb58f5ed",
"amd64": "sha256:852d3c569932059bcab3a52cb6105c432d85b4b7bbd5fc93153b78010e34a783",
"arm": "sha256:c10f01b414a7cd4b2f3e26e152c90c64a1e781d99f83a6809764cf74ecbc46c3",
"arm64": "sha256:5725e6fde13a6405cf800e22846ebd2bde24b0860f1dc3f6f5f256f03cfa85bd",
"ppc64le": "sha256:b6d6e56a0c34c0393dcba0d5faaa531b92e5876114c5ab5a90e82e4889724c5a",
"s390x": "sha256:39e67e9bf25d67fe35bd9dcb25367277e5967368e02f2741e0efd4ce8874db14",
}

_DEBIAN_HYPERKUBE_BASE_DIGEST = {
@@ -113,7 +113,7 @@ def debian_image_dependencies():
digest = _digest(_DEBIAN_BASE_DIGEST, arch),
registry = "k8s.gcr.io",
repository = "debian-base",
tag = "0.4.1", # ignored, but kept here for documentation
tag = "v2.0.0", # ignored, but kept here for documentation
)

container_pull(
@@ -122,7 +122,7 @@ def debian_image_dependencies():
digest = _digest(_DEBIAN_IPTABLES_DIGEST, arch),
registry = "k8s.gcr.io",
repository = "debian-iptables",
tag = "v11.0.2", # ignored, but kept here for documentation
tag = "v12.0.1", # ignored, but kept here for documentation
)

container_pull(
@@ -359,6 +359,32 @@ message JSONSchemaProps {

optional string type = 5;

// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
//
// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string
// - uri: an URI as parsed by Golang net/url.ParseRequestURI
// - email: an email address as parsed by Golang net/mail.ParseAddress
// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].
// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP
// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP
// - cidr: a CIDR as parsed by Golang net.ParseCIDR
// - mac: a MAC address as parsed by Golang net.ParseMAC
// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041"
// - isbn10: an ISBN10 number string like "0321751043"
// - isbn13: an ISBN13 number string like "978-0321751041"
// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in
// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$
// - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$
// - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559"
// - byte: base64 encoded binary data
// - password: any kind of string
// - date: a date string like "2006-01-02" as defined by full-date in RFC3339
// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format
// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
optional string format = 6;

optional string title = 7;
@@ -23,8 +23,36 @@ type JSONSchemaProps struct {
Ref *string `json:"$ref,omitempty" protobuf:"bytes,3,opt,name=ref"`
Description string `json:"description,omitempty" protobuf:"bytes,4,opt,name=description"`
Type string `json:"type,omitempty" protobuf:"bytes,5,opt,name=type"`
Format string `json:"format,omitempty" protobuf:"bytes,6,opt,name=format"`
Title string `json:"title,omitempty" protobuf:"bytes,7,opt,name=title"`

// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
//
// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string
// - uri: an URI as parsed by Golang net/url.ParseRequestURI
// - email: an email address as parsed by Golang net/mail.ParseAddress
// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].
// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP
// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP
// - cidr: a CIDR as parsed by Golang net.ParseCIDR
// - mac: a MAC address as parsed by Golang net.ParseMAC
// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041"
// - isbn10: an ISBN10 number string like "0321751043"
// - isbn13: an ISBN13 number string like "978-0321751041"
// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in
// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$
// - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$
// - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559"
// - byte: base64 encoded binary data
// - password: any kind of string
// - date: a date string like "2006-01-02" as defined by full-date in RFC3339
// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format
// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
Format string `json:"format,omitempty" protobuf:"bytes,6,opt,name=format"`

Title string `json:"title,omitempty" protobuf:"bytes,7,opt,name=title"`
// default is a default value for undefined object fields.
// Defaulting is a beta feature under the CustomResourceDefaulting feature gate.
// Defaulting requires spec.preserveUnknownFields to be false.

0 comments on commit fdf93bc

Please sign in to comment.
You can’t perform that action at this time.