The ephemeral containers API changed in 1.22. As a result, kubectl
debug (currently) cannot create ephemeral containers in clusters prior
to 1.22.
This change causes kubectl to retry the request using the old API when
it receives a specific error message from the server.
Kubernetes-commit: 06124c1d1c68ec4a30406bf585df2ec83231cb65
Add a warning message to `kubectl debug` when using the `--target`
option as many runtimes don't support it yet.
Kubernetes-commit: 968185e1f7c4aee739d5abe6133a690c70e87d5e
This change updates the CSR API to add a new, optional field called
expirationSeconds. This field is a request to the signer for the
maximum duration the client wishes the cert to have. The signer is
free to ignore this request based on its own internal policy. The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration. The minimum allowed
value for this field is 600 seconds (ten minutes).
This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.
Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: cd91e59f7c351fce47c064a5162c2cb79075159c
Go 1.16's embed directive doesn't allow embeding files from parent
directories. Hence, moving the translations data to inside the i18n package.
Logically speaking as well, kubectl related artifacts should be inside
the kubectl package.
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 5ece28b77a284b24b674278378630373196789ac
Only --context, --cluster, --user and --namespace are included.
Signed-off-by: knight42 <anonymousknight96@gmail.com>
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Kubernetes-commit: 663b13e814909070e83642c42969174ce03a0e1e
This is no longer true as of `containerd` v1.4.0 because [0] removes `socat` dependency for port-forwarding. For lower versions of `containerd`, the error message is descriptive i.e. `"socat": executable file not found in $PATH`.
[0] https://github.com/containerd/cri/pull/1470
Kubernetes-commit: 64fca6bda7d36b9cc1667aa317896b540d4dcf8c
* Use deep copies in `PrepareForUpdate()`
* Preserve select metadata from new pod
* Use patch to add ephemeral container `kubectl debug`
* Distinguish between pod vs /ephemeralcontainers NotFound
Kubernetes-commit: 97726a50c138557522def7f753ec8581d00f0b02
This changes the `/ephemeralcontainers` subresource of `/pods` to use
the `Pod` kind rather than `EphemeralContainers`.
When designing this API initially it seemed preferable to create a new
kind containing only the pod's ephemeral containers, similar to how
binding and scaling work.
It later became clear that this made admission control more difficult
because the controller wouldn't be presented with the entire Pod, so we
updated this to operate on the entire Pod, similar to how `/status`
works.
Kubernetes-commit: d22dc5cb72a627341f4004b5d58d275f3d8773b3
--current-replicas is only meaningful when it's -1 or greater.
Also add an error message to clarify the range of --current-replicas. It
is unclear that --current-replicas=-1 means no precondition. This info
may be useful for programming purposes (i.e., shell scripting, etc.).
Kubernetes-commit: 8fd7862e6974fda28bb91286ca79dc6fa236f2f8
This is a result in Japanese language.
$ make test WHAT=./staging/src/k8s.io/kubectl/pkg/cmd/diff
[0402 07:24:05] Running tests without code coverage
FAIL: TestDiffProgram (0.00s)
diff_test.go:73: stdout = "ファイル /dev/zero と /dev/zero は同一です\n", expected = Files /dev/zero and /dev/zero are identical
"
FAIL
FAIL k8s.io/kubernetes/staging/src/k8s.io/kubectl/pkg/cmd/diff 0.045s
FAIL
make: *** [Makefile:184: test] エラー 1
Kubernetes-commit: 6b9ff98dd72503e0cad5c626f67c716d465d18b2
os.CreateTemp seems to perform the exactly same task here, and its
implementation seems having considered many more edge cases than the
implementation here. This patch uses os.CreateTemp here to avoid
reinventing the wheel.
Kubernetes-commit: de0f030bcec55944dcbf81a9eec4f4d87f76567f
As discussed during the alpha review, the ReadOnly field is not really
needed because volume mounts can also be read-only. It's a historical
oddity that can be avoided for generic ephemeral volumes as part
of the promotion to beta.
Kubernetes-commit: 555d4a12bf58f19cbd79f866e2abce13490bde40
Assume the following CRDs exist (ordered by priority, the first is the highest):
- authentications.migration.k8s.io (K=Authentications, G=migration.k8s.io)
- authentications.metal3.io (K=Authentications, G=metal3.io)
- authentications.whereabouts.cni.cncf.io (K=Authentications, G=whereabouts.cni.cncf.io)
- authentications.snapshot.storage.k8s.io (K=Authentications, G=snapshot.storage.k8s.io)
In case 'kubectl explain authentications' is ran, the highest priority definition (in this case authentications.migration.k8s.io)
is returned. In case a user wants to explain authentication CRD of a different group, --api-version flag has to be set alongside
to point to a specific group and version. E.g. --api-version=metal3.io/v1
This PR allows to dismiss --api-version flag and perform a prefix check to select a resource (e.g. CRD) whose (resource, group) pair
fully prefixes requested resource. E.g. running 'kubectl explain authentications.metal3.io' will return
description of authentications.metal3.io. The same holds for optional field path.
I.e. 'kubectl explain authentications.metal3.io.spec' will return description of spec field
of authentications.metal3.io.spec. In case no resource match is found, the search falls back
to selecting the highest priority gvr that matches the resource.
In case --api-version is set, no prefix matching is performed. To cover cases
such as 'kubectl explain authentications.metal3.io --api-version=authentications.metal3.io/v1' where
fields path coincide with the resource fully specified name (to access .metal3.io field of authentications.metal3.io).
Kubernetes-commit: 30674db1595e3a24273ceb71cbfe67bb300ad951
The behavior of the container defaulting in attach/exec is inconsistent
and should be unified. As a user, when we default the vast majority of
pods will have a small number of containers and so printing the container
names inline (as kubectl logs did) is more appropriate. The debug message
we printed about using describe was already longer than 99% of all pod
container names, so we were wasting user time.
Unify container selection for exec and attach to be consistent with old
behavior. Properly handle the --quiet flag (should not print in that case)
for both commands. Remove EnableCmdSuggestion and the machinery it needs.
The message now prints:
> Defaulted container "etcdctl" out of: etcdctl, etcd, etcd-metrics, etcd-ensure-env-vars (init), etcd-resources-copy (init)
Kubernetes-commit: 43e8ebbbcd3f57d18d8151efb6242f88a763b06d
--quiet means no informational output for the human that could be
confused with the output of the shell / command on the other side.
Kubernetes-commit: 75700d32bff0e28c7093ef384de78dbdd0db61b2
Currently, server-side dry-run fetches the OpenAPI schema for every
single object.
This change fetches the OpenAPI schema only once.
Kubernetes-commit: caa158610dfb53de3582ed6df0eb37359206fc66
Right now, there is no way to use these annotations, support multiple
`kubectl` versions, and not give users annoying warnings every time they
run `kubectl log`.
If a user is setting *both* annotations, they clearly know that the old
on is deprecated. Therefor, we should not warn them.
Kubernetes-commit: a7882d8a4264cdb9eaab9dc3d67cf0cc5afd5886
- update according to KEP: move getContainerName to helper
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Kubernetes-commit: b54e823dbce08bff6fab979243663b0fea5a351f
`kubectl get` supports specifying a comma separated list of resource types. E.g.:
```bash
kubectl get pods,secrets
```
Will list all pods and secrets in the current namespace.
This commit adds support to the kubectl bash completion for this feature. Which means if you type `kubectl get pods,sec<tab>` it will be auto-completed to `kubectl get pods,secrets` (assuming the cluster does not have a CRD starting with `sec`).
Kubernetes-commit: 51671ecc2e258d50c7b1315b7b68c4e239f7e829
* Remove the dependency between create namespace command and generators
* Update create_namespace.go
format the file
rename "kruntime" package to "runtime"
remove the reliance of generators
replace dynamic client with typed client
rename "options" to "o" in "NewNamespaceOptions" fun for better reading and comparison with other create cmd
remove Namespace and EnforceNamespace from NamespaceOptions
remove Mapper from NamespaceOptions
refactory the "Run" fun
refactory the "Run" fun
Update create_namespace.go and create_namespace_test.go
* Update create_namespace.go and create_namespace_test.go
* fix createNamespace function
* fix createNamespace function
* fix createNamespace function
* remove the wrong comment in NamespaceOptions
* add validate operation for cobra.Command
* add some unit tests
* add some unit tests
* remove the call of Validate() from createNamespace() and update return type of createNamespace()
* update test suite for the new createNamespace()
Kubernetes-commit: 6990d75625b6aaa32c1aa5a99a174775868263bc
Enables the PatchOrReplace call for the cordon helper to accept a
user-supplied context to be used for the client.Patch/Update calls to
alter the node status while cordoning/uncordoning the node.
Signed-off-by: Sagar Muchhal <muchhals@vmware.com>
Kubernetes-commit: 017eaa519de5926fd75a9ddc61bedf2398b69653
It took me a while to spot this subtlety.
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Kubernetes-commit: 7c764c8550121b48a6e2678700b6a80fa7d3e2f0
When using GNU diffutils, some commands (e.g. --color[=WHEN])
requires an equal sign.
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Kubernetes-commit: 722751accf7607f4d0573778e85027c63e1802ce
No need extra vars just for a single validation.
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Kubernetes-commit: ea017e53af84b05154f275fabcfc95a61b091493
cleanup: change klog.Fatalf to fmt.Errorf for kubectl auth reconcile
cleanup: change klog.Fatalf to fmt.Errorf for
Kubernetes-commit: 3b3a6d27cd1a55fff173427ac9d74d35de7f5acf
fix kubectl label error when local=true is set.
fix kubectl label error when local=true is set.
Kubernetes-commit: cb7009a63bbc90569493f070463ae6715088d46a
Certain missing comments and typos in comments are fixed in the files
that implement `kubectl create` subcommands.
Kubernetes-commit: 1c5c8601e479cc3b32809868c250aeb256796484
wawa0210