vendor: bump to Kube 1.9/master

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-13 11:33:25 +01:00 · 2017-11-13 11:33:25 +01:00 · 7a675ccd92
commit 7a675ccd92
parent 7076c73172
202 changed files with 8543 additions and 7270 deletions
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.proto
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.proto
@ -331,6 +331,8 @@ message RemovePodSandboxResponse {}
 message PodSandboxStatusRequest {
    // ID of the PodSandbox for which to retrieve status.
    string pod_sandbox_id = 1;
+    // Verbose indicates whether to return extra information about the pod sandbox.
+    bool verbose = 2;
 }

 // PodSandboxNetworkStatus is the status of the network for a PodSandbox.
@ -382,6 +384,11 @@ message PodSandboxStatus {
 message PodSandboxStatusResponse {
    // Status of the PodSandbox.
    PodSandboxStatus status = 1;
+    // Info is extra information of the PodSandbox. The key could be abitrary string, and
+    // value should be in json format. The information could include anything useful for
+    // debug, e.g. network namespace for linux container based container runtime.
+    // It should only be returned non-empty when Verbose is true.
+    map<string, string> info = 2;
 }

 // PodSandboxStateValue is the wrapper of PodSandboxState.
@ -523,6 +530,7 @@ message LinuxContainerSecurityContext {
    repeated int64 supplemental_groups = 8;
    // AppArmor profile for the container, candidate values are:
    // * runtime/default: equivalent to not specifying a profile.
+    // * unconfined: no profiles are loaded
    // * localhost/<profile_name>: profile loaded on the node
    //    (localhost) by name. The possible profile names are detailed at
    //    http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference
@ -746,6 +754,8 @@ message ListContainersResponse {
 message ContainerStatusRequest {
    // ID of the container for which to retrieve status.
    string container_id = 1;
+    // Verbose indicates whether to return extra information about the container.
+    bool verbose = 2;
 }

 // ContainerStatus represents the status of a container.
@ -790,6 +800,11 @@ message ContainerStatus {
 message ContainerStatusResponse {
    // Status of the container.
    ContainerStatus status = 1;
+    // Info is extra information of the Container. The key could be abitrary string, and
+    // value should be in json format. The information could include anything useful for
+    // debug, e.g. pid for linux container based container runtime.
+    // It should only be returned non-empty when Verbose is true.
+    map<string, string> info = 2;
 }

 message UpdateContainerResourcesRequest {
@ -827,7 +842,17 @@ message ExecRequest {
    // Whether to exec the command in a TTY.
    bool tty = 3;
    // Whether to stream stdin.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
    bool stdin = 4;
+    // Whether to stream stdout.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
+    bool stdout = 5;
+    // Whether to stream stderr.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
+    // If `tty` is true, `stderr` MUST be false. Multiplexing is not supported
+    // in this case. The output of stdout and stderr will be combined to a
+    // single stream.
+    bool stderr = 6;
 }

 message ExecResponse {
@ -839,10 +864,20 @@ message AttachRequest {
    // ID of the container to which to attach.
    string container_id = 1;
    // Whether to stream stdin.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
    bool stdin = 2;
    // Whether the process being attached is running in a TTY.
    // This must match the TTY setting in the ContainerConfig.
    bool tty = 3;
+    // Whether to stream stdout.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
+    bool stdout = 4;
+    // Whether to stream stderr.
+    // One of `stdin`, `stdout`, and `stderr` MUST be true.
+    // If `tty` is true, `stderr` MUST be false. Multiplexing is not supported
+    // in this case. The output of stdout and stderr will be combined to a
+    // single stream.
+    bool stderr = 5;
 }

 message AttachResponse {
@ -899,11 +934,18 @@ message ListImagesResponse {
 message ImageStatusRequest {
    // Spec of the image.
    ImageSpec image = 1;
+    // Verbose indicates whether to return extra information about the image.
+    bool verbose = 2;
 }

 message ImageStatusResponse {
    // Status of the image.
    Image image = 1;
+    // Info is extra information of the Image. The key could be abitrary string, and
+    // value should be in json format. The information could include anything useful
+    // for debug, e.g. image config for oci image based container runtime.
+    // It should only be returned non-empty when Verbose is true.
+    map<string, string> info = 2;
 }

 // AuthConfig contains authorization information for connecting to a registry.
@ -986,11 +1028,19 @@ message RuntimeStatus {
    repeated RuntimeCondition conditions = 1;
 }

-message StatusRequest {}
+message StatusRequest {
+    // Verbose indicates whether to return extra information about the runtime.
+    bool verbose = 1;
+}

 message StatusResponse {
    // Status of the Runtime.
    RuntimeStatus status = 1;
+    // Info is extra information of the Runtime. The key could be abitrary string, and
+    // value should be in json format. The information could include anything useful for
+    // debug, e.g. plugins used by the container runtime.
+    // It should only be returned non-empty when Verbose is true.
+    map<string, string> info = 2;
 }

 message ImageFsInfoRequest {}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/container/helpers.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/container/helpers.go
@ -48,7 +48,7 @@ type HandlerRunner interface {
 type RuntimeHelper interface {
 	GenerateRunContainerOptions(pod *v1.Pod, container *v1.Container, podIP string) (contOpts *RunContainerOptions, useClusterFirstPolicy bool, err error)
 	GetClusterDNS(pod *v1.Pod) (dnsServers []string, dnsSearches []string, useClusterFirstPolicy bool, err error)
-	// GetPodCgroupParent returns the the CgroupName identifer, and its literal cgroupfs form on the host
+	// GetPodCgroupParent returns the CgroupName identifer, and its literal cgroupfs form on the host
 	// of a pod.
 	GetPodCgroupParent(pod *v1.Pod) string
 	GetPodDir(podUID types.UID) string
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/container/ref.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/container/ref.go
@ -21,7 +21,7 @@ import (

 	"k8s.io/api/core/v1"
 	ref "k8s.io/client-go/tools/reference"
-	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/legacyscheme"
 )

 var ImplicitContainerPrefix string = "implicitly required container "
@ -39,7 +39,7 @@ func GenerateContainerRef(pod *v1.Pod, container *v1.Container) (*v1.ObjectRefer
 		// start (like the pod infra container). This is not a good way, ugh.
 		fieldPath = ImplicitContainerPrefix + container.Name
 	}
-	ref, err := ref.GetPartialReference(api.Scheme, pod, fieldPath)
+	ref, err := ref.GetPartialReference(legacyscheme.Scheme, pod, fieldPath)
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/container/runtime.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/container/runtime.go
@ -127,9 +127,8 @@ type Runtime interface {
 // DirectStreamingRuntime is the interface implemented by runtimes for which the streaming calls
 // (exec/attach/port-forward) should be served directly by the Kubelet.
 type DirectStreamingRuntime interface {
-	// Runs the command in the container of the specified pod using nsenter.
-	// Attaches the processes stdin, stdout, and stderr. Optionally uses a
-	// tty.
+	// Runs the command in the container of the specified pod. Attaches
+	// the processes stdin, stdout, and stderr. Optionally uses a tty.
 	ExecInContainer(containerID ContainerID, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error
 	// Forward the specified port from the specified pod to the stream.
 	PortForward(pod *Pod, port int32, stream io.ReadWriteCloser) error
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_manager.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_manager.go
@ -177,11 +177,6 @@ func (hm *hostportManager) Remove(id string, podPortMapping *PodPortMapping) (er
 	chainsToRemove := []utiliptables.Chain{}
 	for _, pm := range hostportMappings {
 		chainsToRemove = append(chainsToRemove, getHostportChain(id, pm))
-
-		// To preserve backward compatibility for k8s 1.5 or earlier.
-		// Need to remove hostport chains added by hostportSyncer if there is any
-		// TODO: remove this in 1.7
-		chainsToRemove = append(chainsToRemove, hostportChainName(pm, getPodFullName(podPortMapping)))
 	}

 	// remove rules that consists of target chains
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_syncer.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_syncer.go
@ -64,7 +64,7 @@ func (hp *hostport) String() string {
 	return fmt.Sprintf("%s:%d", hp.protocol, hp.port)
 }

-//openPodHostports opens all hostport for pod and returns the map of hostport and socket
+// openHostports opens all hostport for pod and returns the map of hostport and socket
 func (h *hostportSyncer) openHostports(podHostportMapping *PodPortMapping) error {
 	var retErr error
 	ports := make(map[hostport]closeable)
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/server/streaming/server.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/server/streaming/server.go
@ -158,9 +158,24 @@ type server struct {
 	server  *http.Server
 }

-func (s *server) GetExec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error) {
+func validateExecRequest(req *runtimeapi.ExecRequest) error {
 	if req.ContainerId == "" {
-		return nil, grpc.Errorf(codes.InvalidArgument, "missing required container_id")
+		return grpc.Errorf(codes.InvalidArgument, "missing required container_id")
+	}
+	if req.Tty && req.Stderr {
+		// If TTY is set, stderr cannot be true because multiplexing is not
+		// supported.
+		return grpc.Errorf(codes.InvalidArgument, "tty and stderr cannot both be true")
+	}
+	if !req.Stdin && !req.Stdout && !req.Stderr {
+		return grpc.Errorf(codes.InvalidArgument, "one of stdin, stdout, or stderr must be set")
+	}
+	return nil
+}
+
+func (s *server) GetExec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error) {
+	if err := validateExecRequest(req); err != nil {
+		return nil, err
 	}
 	token, err := s.cache.Insert(req)
 	if err != nil {
@ -171,9 +186,24 @@ func (s *server) GetExec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse,
 	}, nil
 }

-func (s *server) GetAttach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error) {
+func validateAttachRequest(req *runtimeapi.AttachRequest) error {
 	if req.ContainerId == "" {
-		return nil, grpc.Errorf(codes.InvalidArgument, "missing required container_id")
+		return grpc.Errorf(codes.InvalidArgument, "missing required container_id")
+	}
+	if req.Tty && req.Stderr {
+		// If TTY is set, stderr cannot be true because multiplexing is not
+		// supported.
+		return grpc.Errorf(codes.InvalidArgument, "tty and stderr cannot both be true")
+	}
+	if !req.Stdin && !req.Stdout && !req.Stderr {
+		return grpc.Errorf(codes.InvalidArgument, "one of stdin, stdout, and stderr must be set")
+	}
+	return nil
+}
+
+func (s *server) GetAttach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error) {
+	if err := validateAttachRequest(req); err != nil {
+		return nil, err
 	}
 	token, err := s.cache.Insert(req)
 	if err != nil {
@ -239,8 +269,8 @@ func (s *server) serveExec(req *restful.Request, resp *restful.Response) {

 	streamOpts := &remotecommandserver.Options{
 		Stdin:  exec.Stdin,
-		Stdout: true,
-		Stderr: !exec.Tty,
+		Stdout: exec.Stdout,
+		Stderr: exec.Stderr,
 		TTY:    exec.Tty,
 	}

@ -273,8 +303,8 @@ func (s *server) serveAttach(req *restful.Request, resp *restful.Response) {

 	streamOpts := &remotecommandserver.Options{
 		Stdin:  attach.Stdin,
-		Stdout: true,
-		Stderr: !attach.Tty,
+		Stdout: attach.Stdout,
+		Stderr: attach.Stderr,
 		TTY:    attach.Tty,
 	}
 	remotecommandserver.ServeAttach(
@ -332,11 +362,11 @@ var _ remotecommandserver.Attacher = &criAdapter{}
 var _ portforward.PortForwarder = &criAdapter{}

 func (a *criAdapter) ExecInContainer(podName string, podUID types.UID, container string, cmd []string, in io.Reader, out, err io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error {
-	return a.Exec(container, cmd, in, out, err, tty, resize)
+	return a.Runtime.Exec(container, cmd, in, out, err, tty, resize)
 }

 func (a *criAdapter) AttachContainer(podName string, podUID types.UID, container string, in io.Reader, out, err io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize) error {
-	return a.Attach(container, in, out, err, tty, resize)
+	return a.Runtime.Attach(container, in, out, err, tty, resize)
 }

 func (a *criAdapter) PortForward(podName string, podUID types.UID, port int32, stream io.ReadWriteCloser) error {