NetworkPolicy egress-all `kubectl describe` output should refer
to the term "destination" as opposed to "source" for describing
policies which do not restrict traffic based on the destination.
Kubernetes-commit: e0caf0b46f061c3fafa10aef83592fe300f2bf52
This reuses the code for describing a PVC, except that the output gets
indented more and some fields are skipped.
Kubernetes-commit: c1178bd925b54898e66cace37d35bf551380a75b
Ingressv1 Get is attempted for Ingresses and IngressClasses
and falls back to Ingressv1beta1 if there is a failure.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 31520ccb9b9a96acc4721b69ae231a6cbb74a503
An empty key with operator Exists matches all keys, values
and effects which means this will tolerate everything:
tolerations:
- operator: "Exists"
as stated in https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/.
However, the current printTolerationsMultilineWithIndent implementation ignores
this case. As the toleration is valid, there's no reason
to skip it when writing the list of all pod's tolerations.
Kubernetes-commit: 0bd9a4c6c5ba4fbbc8439effddc99004ddd6b232
When I describe network policies, it often tells me that pods are
isolated for egress connectivity because the policy that applies to them
has no egress rules. However, this would only lead to isolation if there
is an explicitly set egress policy type. Otherwise, the policy allows
egress traffic. The same applies if you have explicitly set an egress
type only, describe will incorrectly report isolated ingress traffic.
This PR fixes this by inferring the applicable direction for the policy
based on the PolicyTypes, and then if a policy doesn't apply eg to
egress, we print 'Not affecting egress traffic'
Kubernetes-commit: 7753bfa3a418d95795420d03193732e024456466
The tool golangci-lint gives a bunch of warnings. This PR solves the easier/less controversial ones, so the code is simpler and a little bit more optimal, since it removes some if conditions.
Kubernetes-commit: cd2adbe760641f844d84d411f9adcf17fb6982ff
`Get` method within the fake clientset returns an object that would not be normally returned when using the real clientset. Reproducer:
```go
package main
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
)
func main () {
cm := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "cm"},
}
client := fake.NewSimpleClientset(cm)
obj, err := client.CoreV1().ConfigMaps("").Get("", metav1.GetOptions{})
if err != nil {
panic(err)
}
fmt.Printf("obj: %#v\n", obj)
}
```
stored under `test.go` of `github.com/kubernetes/kubernetes` (master HEAD) root directory and ran:
```sh
$ go run test.go
obj: &v1.ConfigMap{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"cm", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Data:map[string]string(nil), BinaryData:map[string][]uint8(nil)}
```
As you can see fake clientset with a "test" configmap is created. When getting the object through the clientset back, I intentionally set the object name to an empty string. I would expect to get an error saying config map "" was not found. However, I get "test" configmap instead.
Reason for that is inside implementation of `filterByNamespaceAndName` private function:
```go
func filterByNamespaceAndName(objs []runtime.Object, ns, name string) ([]runtime.Object, error) {
var res []runtime.Object
for _, obj := range objs {
acc, err := meta.Accessor(obj)
if err != nil {
return nil, err
}
if ns != "" && acc.GetNamespace() != ns {
continue
}
if name != "" && acc.GetName() != name {
continue
}
res = append(res, obj)
}
return res, nil
}
```
When `name` is empty, `name != "" && acc.GetName() != name` condition is false and thus `obj` is consider as a fit.
[1] https://github.com/kubernetes/client-go/blob/master/testing/fixture.go#L481-L493
Kubernetes-commit: d32c76fc03381784516c47cb1bf62ef932189afa
Jan Chaloupka