Currently, diff AND kubectl can return 1 errors either when diff finds
differences, or when kubectl fails something. It also prints an ugly
error when diff finds a differences, since 1 is treated as an error.
Two things this PR does:
1. If diff returns 1, then do not treat it as an error, and exit with
exit code 1. It no longer prints the ugly error.
2. Kubectl errors are +1'd so that they never return 1 which shouldn't
be considered an error.
We need to update the documentation accordingly, to mention that
`KUBECTL_EXTERNAL_DIFF` programs must also follow the convention of
using one as their exit code for changes detected.
Kubernetes-commit: f2b21f08d95291212ba8987aa9d446c02a96089a
* Extend --dry-run to support string values for dry run strategies
'client', 'server', and 'none'
* Ensure --dry-run is set and accessed via cmdutil
* Deprecate --dry-run (unset), --dry-run=true, and --dry-run=false
Kubernetes-commit: af52beda260257e81cc9e19e9e5108b682ee93d6
- Move TestSupportsDryRun to cli-runtime
- Move TestDryRunVerifier to cli-runtime
- Add OpenAPI schema for testdata to cli-runtime
- Use Helper.DryRun and DryRunVerifier for Apply
- Add WithOptions methods to Helper
Kubernetes-commit: 6bea0e469bcfe4967cbf2656a998d60e0b684747
Few days ago I watched this kubectl code base tour on Youtube
(https://www.youtube.com/watch?v=uz8TS3V9qqY). It talks about a design
pattern that almost every command follows. But I found out that
`kubectl proxy` command does not follow this pattern. So, I'm
refactoring this command to use similar design pattern as other kubectl
commands.
Kubernetes-commit: 0bd41a300f12b1dbaec19fc94b868f91640542df
Currently, some circumstances may cause waitForDelete to
never succeed after the pod has been marked for deletion.
In particular, Nodes that are unresponsive and have
pods with local-storage will not be able to
successfully drain.
We should allow drain to ignore pods that have a
DeletionTimestamp older than a user-provided age.
This will allow controllers utilizing kubectl/drain
to optionally account for a pod that cannot be
removed due to a misbehaving node.
Kubernetes-commit: da53044abdf8c8a9771a5c3dfd861f0c4ec78c40
Currently, if eviction is supported during a drain operation,
eviction is always used.
This commit allows the user to specify disabling eviction.
This is particularly useful when you wish to ignore
PodDisruptionBudgets after a normal drain has failed for
some time.
Kubernetes-commit: 6c1d587d5142b95e6c169a198a086332a7e4d8ad
This commits allows specifying a context.Context
in the Helper type. This context is utilized to
cancel waitForDelete.
Kubernetes-commit: 8682e902f5487e04b893da7230125db0d7ae66b4
When I describe network policies, it often tells me that pods are
isolated for egress connectivity because the policy that applies to them
has no egress rules. However, this would only lead to isolation if there
is an explicitly set egress policy type. Otherwise, the policy allows
egress traffic. The same applies if you have explicitly set an egress
type only, describe will incorrectly report isolated ingress traffic.
This PR fixes this by inferring the applicable direction for the policy
based on the PolicyTypes, and then if a policy doesn't apply eg to
egress, we print 'Not affecting egress traffic'
Kubernetes-commit: 7753bfa3a418d95795420d03193732e024456466
The tool golangci-lint gives a bunch of warnings. This PR solves the easier/less controversial ones, so the code is simpler and a little bit more optimal, since it removes some if conditions.
Kubernetes-commit: cd2adbe760641f844d84d411f9adcf17fb6982ff
* add certificate deny flag message
* bring back NewCertificateOptions with operation parameter
Kubernetes-commit: e528c2f2925d61fa7a12313a895af5a312d36dd6
`Get` method within the fake clientset returns an object that would not be normally returned when using the real clientset. Reproducer:
```go
package main
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
)
func main () {
cm := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "cm"},
}
client := fake.NewSimpleClientset(cm)
obj, err := client.CoreV1().ConfigMaps("").Get("", metav1.GetOptions{})
if err != nil {
panic(err)
}
fmt.Printf("obj: %#v\n", obj)
}
```
stored under `test.go` of `github.com/kubernetes/kubernetes` (master HEAD) root directory and ran:
```sh
$ go run test.go
obj: &v1.ConfigMap{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"cm", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Data:map[string]string(nil), BinaryData:map[string][]uint8(nil)}
```
As you can see fake clientset with a "test" configmap is created. When getting the object through the clientset back, I intentionally set the object name to an empty string. I would expect to get an error saying config map "" was not found. However, I get "test" configmap instead.
Reason for that is inside implementation of `filterByNamespaceAndName` private function:
```go
func filterByNamespaceAndName(objs []runtime.Object, ns, name string) ([]runtime.Object, error) {
var res []runtime.Object
for _, obj := range objs {
acc, err := meta.Accessor(obj)
if err != nil {
return nil, err
}
if ns != "" && acc.GetNamespace() != ns {
continue
}
if name != "" && acc.GetName() != name {
continue
}
res = append(res, obj)
}
return res, nil
}
```
When `name` is empty, `name != "" && acc.GetName() != name` condition is false and thus `obj` is consider as a fit.
[1] https://github.com/kubernetes/client-go/blob/master/testing/fixture.go#L481-L493
Kubernetes-commit: d32c76fc03381784516c47cb1bf62ef932189afa
When there's a pod that can't be evicted/deleted, and apiserver
connection breaks at a wrong moment, kubectl can panic due
to nil pointer dereference. This PR also improves drain tests
to avoid confusing panics with fatal errors.
Kubernetes-commit: 37226f8e8306475895d7e68eb52c57e57f00ee28
Recently, kubectl drain has been refactored to be consumeable
as a library. Currently, if a pod cannot be evicted due
to PDBs, we will leak a goroutine.
This commit ensures the goroutine always exists.
Related-bug: https://github.com/kubernetes/kubernetes/issues/81333
Kubernetes-commit: 0e8998a040efe5dd82592911e739fe2e2258cfa3
Running `diff -u` produces a unified diff. It isn't related to Unicode.
Also, `diff -N` treats _absent_ files as empty, not new files.
Kubernetes-commit: 0af2dedd96e973f4ed59af0cc325a70ca0b9100a
Michal Fojtik