Uprade to Kubernetes v1.3.4

docs/minikube_start.md

@@ -20,7 +20,7 @@ minikube start
       --docker-env=[]: Environment variables to pass to the Docker daemon. (format: key=value)
       --insecure-registry=[]: Insecure Docker registries to pass to the Docker daemon
       --iso-url="https://storage.googleapis.com/minikube/minikube-0.5.iso": Location of the minikube iso
-      --kubernetes-version="v1.3.3": The kubernetes version that the minikube VM will (ex: v1.2.3) 
+      --kubernetes-version="v1.3.4": The kubernetes version that the minikube VM will (ex: v1.2.3) 
  OR a URI which contains a localkube binary (ex: https://storage.googleapis.com/minikube/k8sReleases/v1.3.0/localkube-linux-amd64)
       --memory=1024: Amount of RAM allocated to the minikube VM
       --vm-driver="virtualbox": VM driver is one of: [virtualbox vmwarefusion kvm xhyve]

vendor/github.com/docker/engine-api/client/container_logs.go

@@ -35,6 +35,10 @@ func (cli *Client) ContainerLogs(ctx context.Context, container string, options
 		query.Set("timestamps", "1")
 	}
 
+	if options.Details {
+		query.Set("details", "1")
+	}
+
 	if options.Follow {
 		query.Set("follow", "1")
 	}

vendor/github.com/docker/engine-api/client/image_load.go

@@ -10,8 +10,8 @@ import (
 )
 
 // ImageLoad loads an image in the docker host from the client host.
-// It's up to the caller to close the io.ReadCloser returned by
-// this function.
+// It's up to the caller to close the io.ReadCloser in the
+// ImageLoadResponse returned by this function.
 func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error) {
 	v := url.Values{}
 	v.Set("quiet", "0")

vendor/github.com/docker/engine-api/client/image_pull.go

@@ -27,12 +27,12 @@ func (cli *Client) ImagePull(ctx context.Context, ref string, options types.Imag
 
 	query := url.Values{}
 	query.Set("fromImage", repository)
-	if tag != "" {
+	if tag != "" && !options.All {
 		query.Set("tag", tag)
 	}
 
 	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
-	if resp.statusCode == http.StatusUnauthorized {
+	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
 			return nil, privilegeErr

vendor/github.com/docker/engine-api/client/image_push.go

@@ -10,7 +10,6 @@ import (
 
 	distreference "github.com/docker/distribution/reference"
 	"github.com/docker/engine-api/types"
-	"github.com/docker/engine-api/types/reference"
 )
 
 // ImagePush requests the docker host to push an image to a remote registry.
@@ -27,7 +26,10 @@ func (cli *Client) ImagePush(ctx context.Context, ref string, options types.Imag
 		return nil, errors.New("cannot push a digest reference")
 	}
 
-	tag := reference.GetTagFromNamedRef(distributionRef)
+	var tag = ""
+	if nameTaggedRef, isNamedTagged := distributionRef.(distreference.NamedTagged); isNamedTagged {
+		tag = nameTaggedRef.Tag()
+	}
 
 	query := url.Values{}
 	query.Set("tag", tag)

vendor/github.com/docker/engine-api/client/image_search.go

@@ -6,6 +6,7 @@ import (
 	"net/url"
 
 	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
 	"github.com/docker/engine-api/types/registry"
 	"golang.org/x/net/context"
 )
@@ -17,6 +18,14 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 	query := url.Values{}
 	query.Set("term", term)
 
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+		if err != nil {
+			return results, err
+		}
+		query.Set("filters", filterJSON)
+	}
+
 	resp, err := cli.tryImageSearch(ctx, query, options.RegistryAuth)
 	if resp.statusCode == http.StatusUnauthorized {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()

vendor/github.com/docker/engine-api/types/client.go

@@ -57,6 +57,7 @@ type ContainerLogsOptions struct {
 	Timestamps bool
 	Follow     bool
 	Tail       string
+	Details    bool
 }
 
 // ContainerRemoveOptions holds parameters to remove containers.
@@ -172,12 +173,14 @@ type ImageListOptions struct {
 
 // ImageLoadResponse returns information to the client about a load process.
 type ImageLoadResponse struct {
+	// Body must be closed to avoid a resource leak
 	Body io.ReadCloser
 	JSON bool
 }
 
 // ImagePullOptions holds information to pull images.
 type ImagePullOptions struct {
+	All           bool
 	RegistryAuth  string // RegistryAuth is the base64 encoded credentials for the registry
 	PrivilegeFunc RequestPrivilegeFunc
 }
@@ -203,6 +206,7 @@ type ImageRemoveOptions struct {
 type ImageSearchOptions struct {
 	RegistryAuth  string
 	PrivilegeFunc RequestPrivilegeFunc
+	Filters       filters.Args
 }
 
 // ImageTagOptions holds parameters to tag an image

vendor/github.com/docker/engine-api/types/container/host_config.go

@@ -136,30 +136,49 @@ func (n UTSMode) Valid() bool {
 	return true
 }
 
-// PidMode represents the pid stack of the container.
+// PidMode represents the pid namespace of the container.
 type PidMode string
 
-// IsPrivate indicates whether the container uses its private pid stack.
+// IsPrivate indicates whether the container uses its own new pid namespace.
 func (n PidMode) IsPrivate() bool {
-	return !(n.IsHost())
+	return !(n.IsHost() || n.IsContainer())
 }
 
-// IsHost indicates whether the container uses the host's pid stack.
+// IsHost indicates whether the container uses the host's pid namespace.
 func (n PidMode) IsHost() bool {
 	return n == "host"
 }
 
-// Valid indicates whether the pid stack is valid.
+// IsContainer indicates whether the container uses a container's pid namespace.
+func (n PidMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the pid namespace is valid.
 func (n PidMode) Valid() bool {
 	parts := strings.Split(string(n), ":")
 	switch mode := parts[0]; mode {
 	case "", "host":
+	case "container":
+		if len(parts) != 2 || parts[1] == "" {
+			return false
+		}
 	default:
 		return false
 	}
 	return true
 }
 
+// Container returns the name of the container whose pid namespace is going to be used.
+func (n PidMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
 // DeviceMapping represents the device mapping between the host and the container.
 type DeviceMapping struct {
 	PathOnHost        string

vendor/github.com/docker/engine-api/types/reference/image_reference.go

@@ -27,6 +27,8 @@ func GetTagFromNamedRef(ref distreference.Named) string {
 		tag = x.Digest().String()
 	case distreference.NamedTagged:
 		tag = x.Tag()
+	default:
+		tag = "latest"
 	}
 	return tag
 }

vendor/github.com/docker/engine-api/types/registry/registry.go

@@ -78,12 +78,10 @@ type IndexInfo struct {
 type SearchResult struct {
 	// StarCount indicates the number of stars this repository has
 	StarCount int `json:"star_count"`
-	// IsOfficial indicates whether the result is an official repository or not
+	// IsOfficial is true if the result is from an official repository.
 	IsOfficial bool `json:"is_official"`
 	// Name is the name of the repository
 	Name string `json:"name"`
-	// IsTrusted indicates whether the result is trusted
-	IsTrusted bool `json:"is_trusted"`
 	// IsAutomated indicates whether the result is automated
 	IsAutomated bool `json:"is_automated"`
 	// Description is a textual description of the repository

vendor/github.com/docker/engine-api/types/types.go

@@ -395,6 +395,7 @@ type Volume struct {
 	Mountpoint string                 // Mountpoint is the location on disk of the volume
 	Status     map[string]interface{} `json:",omitempty"` // Status provides low-level status information about the volume
 	Labels     map[string]string      // Labels is metadata specific to the volume
+	Scope      string                 // Scope describes the level at which the volume exists (e.g. `global` for cluster-wide or `local` for machine level)
 }
 
 // VolumesListResponse contains the response for the remote API:

vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/controllermanager.go

@@ -56,7 +56,6 @@ import (
 	"k8s.io/kubernetes/pkg/controller/job"
 	namespacecontroller "k8s.io/kubernetes/pkg/controller/namespace"
 	nodecontroller "k8s.io/kubernetes/pkg/controller/node"
-	persistentvolumecontroller "k8s.io/kubernetes/pkg/controller/persistentvolume"
 	petset "k8s.io/kubernetes/pkg/controller/petset"
 	"k8s.io/kubernetes/pkg/controller/podautoscaler"
 	"k8s.io/kubernetes/pkg/controller/podautoscaler/metrics"
@@ -66,7 +65,8 @@ import (
 	routecontroller "k8s.io/kubernetes/pkg/controller/route"
 	servicecontroller "k8s.io/kubernetes/pkg/controller/service"
 	serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
-	"k8s.io/kubernetes/pkg/controller/volume"
+	"k8s.io/kubernetes/pkg/controller/volume/attachdetach"
+	persistentvolumecontroller "k8s.io/kubernetes/pkg/controller/volume/persistentvolume"
 	"k8s.io/kubernetes/pkg/healthz"
 	quotainstall "k8s.io/kubernetes/pkg/quota/install"
 	"k8s.io/kubernetes/pkg/serviceaccount"
@@ -408,7 +408,7 @@ func StartControllers(s *options.CMServer, kubeClient *client.Client, kubeconfig
 	time.Sleep(wait.Jitter(s.ControllerStartInterval.Duration, ControllerStartJitter))
 
 	attachDetachController, attachDetachControllerErr :=
-		volume.NewAttachDetachController(
+		attachdetach.NewAttachDetachController(
 			clientset.NewForConfigOrDie(restclient.AddUserAgent(kubeconfig, "attachdetach-controller")),
 			podInformer,
 			nodeInformer,

vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/rulevalidation.go

@@ -25,6 +25,7 @@ import (
 	apierrors "k8s.io/kubernetes/pkg/api/errors"
 	"k8s.io/kubernetes/pkg/apis/rbac"
 	"k8s.io/kubernetes/pkg/auth/user"
+	"k8s.io/kubernetes/pkg/serviceaccount"
 	utilerrors "k8s.io/kubernetes/pkg/util/errors"
 )
 
@@ -201,8 +202,7 @@ func appliesToUser(user user.Info, subject rbac.Subject) (bool, error) {
 		if subject.Namespace == "" {
 			return false, fmt.Errorf("subject of kind service account without specified namespace")
 		}
-		// TODO(ericchiang): Is there a better way of matching a service account name?
-		return "system:serviceaccount:"+subject.Name+":"+subject.Namespace == user.GetName(), nil
+		return serviceaccount.MakeUsername(subject.Namespace, subject.Name) == user.GetName(), nil
 	default:
 		return false, fmt.Errorf("unknown subject kind: %s", subject.Kind)
 	}

vendor/k8s.io/kubernetes/pkg/cloudprovider/providers/aws/aws_instancegroups.go

@@ -25,7 +25,7 @@ import (
 )
 
 // AWSCloud implements InstanceGroups
-var _ InstanceGroups = &AWSCloud{}
+var _ InstanceGroups = &Cloud{}
 
 // ResizeInstanceGroup sets the size of the specificed instancegroup Exported
 // so it can be used by the e2e tests, which don't want to instantiate a full
@@ -44,8 +44,8 @@ func ResizeInstanceGroup(asg ASG, instanceGroupName string, size int) error {
 
 // Implement InstanceGroups.ResizeInstanceGroup
 // Set the size to the fixed size
-func (a *AWSCloud) ResizeInstanceGroup(instanceGroupName string, size int) error {
-	return ResizeInstanceGroup(a.asg, instanceGroupName, size)
+func (c *Cloud) ResizeInstanceGroup(instanceGroupName string, size int) error {
+	return ResizeInstanceGroup(c.asg, instanceGroupName, size)
 }
 
 // DescribeInstanceGroup gets info about the specified instancegroup
@@ -72,8 +72,8 @@ func DescribeInstanceGroup(asg ASG, instanceGroupName string) (InstanceGroupInfo
 
 // Implement InstanceGroups.DescribeInstanceGroup
 // Queries the cloud provider for information about the specified instance group
-func (a *AWSCloud) DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error) {
-	return DescribeInstanceGroup(a.asg, instanceGroupName)
+func (c *Cloud) DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error) {
+	return DescribeInstanceGroup(c.asg, instanceGroupName)
 }
 
 // awsInstanceGroup implements InstanceGroupInfo

vendor/k8s.io/kubernetes/pkg/cloudprovider/providers/gce/gce.go

@@ -2363,6 +2363,15 @@ func (gce *GCECloud) AttachDisk(diskName, instanceID string, readOnly bool) erro
 func (gce *GCECloud) DetachDisk(devicePath, instanceID string) error {
 	inst, err := gce.getInstanceByName(instanceID)
 	if err != nil {
+		if err == cloudprovider.InstanceNotFound {
+			// If instance no longer exists, safe to assume volume is not attached.
+			glog.Warningf(
+				"Instance %q does not exist. DetachDisk will assume PD %q is not attached to it.",
+				instanceID,
+				devicePath)
+			return nil
+		}
+
 		return fmt.Errorf("error getting instance %q", instanceID)
 	}
 
@@ -2377,6 +2386,15 @@ func (gce *GCECloud) DetachDisk(devicePath, instanceID string) error {
 func (gce *GCECloud) DiskIsAttached(diskName, instanceID string) (bool, error) {
 	instance, err := gce.getInstanceByName(instanceID)
 	if err != nil {
+		if err == cloudprovider.InstanceNotFound {
+			// If instance no longer exists, safe to assume volume is not attached.
+			glog.Warningf(
+				"Instance %q does not exist. DiskIsAttached will assume PD %q is not attached to it.",
+				instanceID,
+				diskName)
+			return false, nil
+		}
+
 		return false, err
 	}
 

vendor/k8s.io/kubernetes/pkg/controller/node/nodecontroller.go

@@ -232,6 +232,34 @@ func NewNodeController(
 					glog.Errorf("Error allocating CIDR: %v", err)
 				}
 			},
+			UpdateFunc: func(_, obj interface{}) {
+				node := obj.(*api.Node)
+				// If the PodCIDR is not empty we either:
+				// - already processed a Node that already had a CIDR after NC restarted
+				//   (cidr is marked as used),
+				// - already processed a Node successfully and allocated a CIDR for it
+				//   (cidr is marked as used),
+				// - already processed a Node but we did saw a "timeout" response and
+				//   request eventually got through in this case we haven't released
+				//   the allocated CIDR (cidr is still marked as used).
+				// There's a possible error here:
+				// - NC sees a new Node and assigns a CIDR X to it,
+				// - Update Node call fails with a timeout,
+				// - Node is updated by some other component, NC sees an update and
+				//   assigns CIDR Y to the Node,
+				// - Both CIDR X and CIDR Y are marked as used in the local cache,
+				//   even though Node sees only CIDR Y
+				// The problem here is that in in-memory cache we see CIDR X as marked,
+				// which prevents it from being assigned to any new node. The cluster
+				// state is correct.
+				// Restart of NC fixes the issue.
+				if node.Spec.PodCIDR == "" {
+					err := nc.cidrAllocator.AllocateOrOccupyCIDR(node)
+					if err != nil {
+						glog.Errorf("Error allocating CIDR: %v", err)
+					}
+				}
+			},
 			DeleteFunc: func(obj interface{}) {
 				node := obj.(*api.Node)
 				err := nc.cidrAllocator.ReleaseCIDR(node)

vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/OWNERS

+assignees:
+  - saad-ali

vendor/k8s.io/kubernetes/pkg/controller/persistentvolume/OWNERS → vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/OWNERS

 assignees:
+  - jsafrane
   - saad-ali
   - thockin

vendor/k8s.io/kubernetes/pkg/kubelet/volumemanager/OWNERS

+assignees:
+  - saad-ali