This change will mount `/lib/modules` on host to the kube-proxy pod,
so that a kube-proxy pod can load kernel modules by need
or when `modprobe <kmod>` is run inside the pod.
This will be convenient for kube-proxy running in IPVS mode.
Users will don't have to run `modprobe ip_vs` on nodes before starting
a kube-proxy pod.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Build hyperkube image using Bazel
**What this PR does / why we need it**: Before we had the hyperkube base image, it was difficult to build the hyperkube with Bazel. Now that we have the base image with all the necessary dependencies, this has become trivial.
This will enable federation jobs etc on prow.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @mikedanese @spxtr
cc @luxas @pipejakob
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
container-vm is deprecated, so don't use it for GCE test clusters
**What this PR does / why we need it**: container-vm is deprecated. We shouldn't start test clusters using it for nodes.
**Release note**:
```release-note
NONE
```
x-ref #48279 which started this work
Automatic merge from submit-queue (batch tested with PRs 53044, 52956, 53512, 53028). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ipvs sync period parameters - align to iptables proxier
**What this PR does / why we need it**:
Add ipvs sync period parameters - align to iptables proxier
**Which issue this PR fixes**:
fixes#52957
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53454, 53446, 52935, 53443, 52917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump default snap channel to 1.8/stable in juju charms
**What this PR does / why we need it**:
This updates the Juju charms to deploy Kubernetes 1.8 by default.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use `--oom-score-adj` flag for kube-proxy
**What this PR does / why we need it**:
Replace `echo -998 > /proc/$$$/oom_score_adj` with `--oom-score-adj` flag for kube-proxy.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51083
**Special notes for your reviewer**:
/assign @justinsb @vishh
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fluentd-elasticsearch add-on: Rename Docker image tag
As @crassirostris requested in #53307 - rename tag of Docker image gcr.io/google-containers/elasticsearch to drop -1 suffix.
Automatic merge from submit-queue (batch tested with PRs 53280, 53330). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add permisions for Metrics Server to read resources on cluster level
**What this PR does / why we need it**:
Add permisions for Metrics Server to read resources on cluster level.
**Which issue this PR fixes**:
fixes https://github.com/kubernetes-incubator/metrics-server/issues/16
**Release note**:
```release-note
Fix permissions for Metrics Server.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Merge kube-dns templates into a single file
**What this PR does / why we need it**: Merge all of the kube-dns cluster yamls into a single file.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#42832
**Special notes for your reviewer**:
/assign @bowei @shashidharatd
cc @kevin-wangzefeng @euank @lhuard1A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
default fail-swap-on to false for kubelet on kubernetes-worker charm
**What this PR does / why we need it**: default fail-swap-on to false for kubelet on kubernetes-worker charm
**Release note**:
```release-note
default fail-swap-on to false for kubelet on kubernetes-worker charm
```
Automatic merge from submit-queue (batch tested with PRs 51765, 53053, 52771, 52860, 53284). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix failing import in juju master namespace actions.
**What this PR does / why we need it**: The import of the templating render method is failing.This is to address this issue.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change RBAC storage version to v1 for 1.9
v1 was introduced in 1.8, but storage version remained at v1beta1 to accommodate HA rolling upgrades. in 1.9, we can change the persisted and preferred version to v1
```release-note
RBAC objects are now stored in etcd in v1 format. After completing an upgrade to 1.9, RBAC objects (Roles, RoleBindings, ClusterRoles, ClusterRoleBindings) should be migrated to ensure all persisted objects are written in `v1` format, prior to `v1alpha1` support being removed in a future release.
```
Automatic merge from submit-queue (batch tested with PRs 52685, 53344). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't referece not-exist addon manager manifests in comment
**What this PR does / why we need it**:
`addon-manager-multinode.json` and `addon-manager-singlenode.json` have been removed by b814b62447 (diff-89347a70de188b3c15f5ee15323658d2).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.6.2
Upgrade Elasticsearch and Kibana to version 5.6.2. I also upgrade some API versions of manifests to correspond to Kubernetes 1.8, I hope the latter is uncontroversial?
```release-notes
```
Automatic merge from submit-queue (batch tested with PRs 50280, 52529, 53093, 53108, 53168). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove touch-lock init container from kube-proxy
**What this PR does / why we need it**: Ack https://github.com/kubernetes/kubeadm/issues/298, touch-lock init container is no longer needed after we have https://github.com/kubernetes/kubernetes/pull/46597.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei @cmluciano
cc @dixudx
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49249, 53203, 53209, 53208, 53177). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint error on kubernetes-worker
**What this PR does / why we need it**:
This fixes a lint error on kubernetes-worker that's causing problems in our CI builds.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kube-proxy addon OWNERS file
**What this PR does / why we need it**: Sorry for the typo :(
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @thockin @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50988, 50509, 52660, 52663, 52250). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
s390x ingress controller support
**What this PR does / why we need it**: Adds support for an s390x ingress image to the juju kubernetes-worker charm.
**Release note**:
```
Adds support for an s390x ingress image to the juju kubernetes-worker charm.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Mark Cluster Autoscaler as GA (1.0.0)
This is basically the same version as 0.7.0(-beta2). However to reduce confusion among users we decided to name the first GA version of CA as 1.0.0.
```release-note
Cluster Autoscaler 1.0.0
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Add fallback function 'detect-project' in skeleton util
**What this PR does / why we need it**:
detect-project is not implemented by default:
When use ./hack/ginkgo-e2e.sh to run e2e test with custom providers, it will prompt
```
log-dump.sh: line 70: detect-project: command not found
```
And script exits with code 127.
**Which issue this PR fixes**
**Special notes for your reviewer**:
**Release note**:
`NONE`
@shyamjvs
Automatic merge from submit-queue (batch tested with PRs 52880, 52855, 52761, 52885, 52929). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Add cos as an alias for gci in the upgrade script
This was causing some issues when upgrading from a GCI image. This is the same conversion happening in config-defaults.sh.
https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/logs/ci-kubernetes-e2e-gce-stable2-stable1-upgrade-cluster-new/205
The node image was being left at COS, and when we went to build the kube-env, we only check against "gci". This caused us to not fully construct the environment for nodes and then they couldn't fully come up after an upgrade.
I've already fixed the CI test suites to explicitly specify "gci", but this auto-detection logic should be fixed too.
Fixes: #52930
Automatic merge from submit-queue (batch tested with PRs 52880, 52855, 52761, 52885, 52929). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Remove cloud provider rackspace
**What this PR does / why we need it**:
For now, we have to implement functions in both `rackspace` and `openstack` packages if we want to add function for cinder, for example [resize for cinder](https://github.com/kubernetes/kubernetes/pull/51498). Since openstack has implemented all the functions rackspace has, and rackspace is considered deprecated for a long time, [rackspace deprecated](https://github.com/rackspace/gophercloud/issues/592) ,
after talking with @mikedanese and @jamiehannaford offline , i sent this PR to remove `rackspace` in favor of `openstack`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52854
**Special notes for your reviewer**:
**Release note**:
```release-note
The Rackspace cloud provider has been removed after a long deprecation period. It was deprecated because it duplicates a lot of the OpenStack logic and can no longer be maintained. Please use the OpenStack cloud provider instead.
```
Automatic merge from submit-queue (batch tested with PRs 52355, 52537, 52551, 52403, 50673). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Add s390x to juju kubernetes
**What this PR does / why we need it**: With this PR we add support for s390x to juju kubernetes worker
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```Kubernetes deployments to s390x via Juju
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Fix kubernetes charms not restarting services properly after host reboot on LXD
**What this PR does / why we need it**:
This fixes an issue when running the Kubernetes charms on LXD where the services don't restart properly after a reboot of the host machine.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/357
**Special notes for your reviewer**:
See https://github.com/juju-solutions/layer-cdk-service-kicker
**Release note**:
```release-note
Fix kubernetes charms not restarting services properly after host reboot on LXD
```
Automatic merge from submit-queue (batch tested with PRs 51438, 52182, 51607, 47912, 51595). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Add api-extra-args support to the kubernetes-master juju layer
**What this PR does / why we need it**: It adds api-extra-args config option to the kubernetes-master juju layer
**Which issue this PR fixes**: fixes#46778
**Special notes for your reviewer**:
```release-note
Add api-extra-args support to the kubernetes-master juju layer
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Fix url for Saltstack administration document
Got an 404 not found error on `https://kubernetes.io/docs/admin/salt.md`
**What this PR does / why we need it**:
Fixed a wrong url in document
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
[fluentd-gcp addon] Update Stackdriver plugin to version 0.6.7
A new gem among all fixes Java logging severity parsing and string timestamp parsing
Also sync the buffer size with the gem guidelines, making it 1M instead of 2M.
/cc @igorpeshansky
Automatic merge from submit-queue (batch tested with PRs 51081, 52725). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Fix mistype that causes breakage of e2e test.
**What this PR does / why we need it**:
Mistype in the configuration that breaks configuration with special heapster node.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#52496.
Automatic merge from submit-queue (batch tested with PRs 48970, 52497, 51367, 52549, 52541). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Default ABAC to off in GCE (for new clusters).
**What this PR does / why we need it**:
Disables the legacy ABAC authorizer by default on GCE/GKE clusters using kube-up.sh. Existing clusters upgrading to 1.8 will keep their existing configuration.
**Release note**:
```release-note
New GCE or GKE clusters created with `cluster/kube-up.sh` will not enable the legacy ABAC authorizer by default. If you would like to enable the legacy ABAC authorizer, export ENABLE_LEGACY_ABAC=true before running `cluster/kube-up.sh`.
```
Automatic merge from submit-queue (batch tested with PRs 52488, 52548). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Enable overriding Heapster resource requirements in GCP
This PR enables to override Heapster resource requirements in GCP.
**Release note:**
```release-note
```
Add CLUSTER_SIGNING_DURATION environment variable to cluster
configuration scripts to allow configuration of signing duration of
certificates issued via the Certificate Signing Request API.
Automatic merge from submit-queue (batch tested with PRs 52452, 52115, 52260, 52290)
Add env var to enable kubelet rotation in kube-up.sh.
Fixes https://github.com/kubernetes/kubernetes/issues/52114
```release-note
Adds ROTATE_CERTIFICATES environment variable to kube-up.sh script for GCE
clusters. When that var is set to true, the command line flag enabling kubelet
client certificate rotation will be added to the kubelet command line.
```
Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237)
Allow metadata firewall & proxy on in GCE, off by default
**What this PR does / why we need it**: Add necessary variables in kube-env to allow a user to turn on metadata firewall and proxy for K8s on GCE.
Ref #8867.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
GCE users can enable the metadata firewall and metadata proxy with KUBE_FIREWALL_METADATA_SERVER and ENABLE_METADATA_PROXY, respectively.
```
Automatic merge from submit-queue (batch tested with PRs 52376, 52439, 52382, 52358, 52372)
Add new api groups to the GCE advanced audit policy
Fixes https://github.com/kubernetes/kubernetes/issues/52265
It introduces the missing api groups, that were introduced in 1.8 release.
@piosz there's also the 'metrics' api group, should we audit it?
Automatic merge from submit-queue (batch tested with PRs 51601, 52153, 52364, 52362, 52342)
Make advanced audit policy on GCP configurable
Related to https://github.com/kubernetes/kubernetes/issues/52265
Make GCP audit policy configurable
/cc @tallclair
Automatic merge from submit-queue (batch tested with PRs 52316, 52289, 52375)
[fluentd-gcp addon] Trim too long log entries due to Stackdriver limitations
Stackdriver doesn't support log entries bigger than 100KB, so by default fluentd plugin just drops such entries. To avoid that and increase the visibility of this problem it's suggested to trim long lines instead.
/cc @igorpeshansky
```release-note
[fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them.
```
Automatic merge from submit-queue (batch tested with PRs 52316, 52289, 52375)
Small fix in salt manifest for kube-apiserver for request-timeout flag
**What this PR does / why we need it**:
Fixes a minor bug in salt manifest (typo from #51480)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
xref: #51355
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)
Make log-dump use 'gcloud ssh' for GKE also
Fixes https://github.com/kubernetes/test-infra/issues/4323
I tested it locally (with some hacking for mimicking gke's DumpClusterLogs function in kubetest) and it worked.
cc @ericchiang
Automatic merge from submit-queue (batch tested with PRs 52339, 52343, 52125, 52360, 52301)
Switch default audit policy to beta and omit RequestReceived stage
Related to https://github.com/kubernetes/kubernetes/issues/52265
```release-note
By default, clusters on GCE no longer sends RequestReceived audit event, if advanced audit is configured.
```
Automatic merge from submit-queue
[GCE kube-up] Add a warning for kube-proxy DaemonSet option
**What this PR does / why we need it**:
Add a warning for kube-proxy DaemonSet option for GCE kube-up so that user will be aware of the risks.
Ref: https://github.com/kubernetes/kubernetes/issues/23225
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51041, 52297, 52296, 52335, 52338)
[fluentd-gcp addon] Restore the metric for the number of read log entries
This metric, previously removed, will allow to monitor the number of log entries, that were read, but weren't sent by the output plugin because of liveness probe removing the data.
Automatic merge from submit-queue (batch tested with PRs 52007, 52196, 52169, 52263, 52291)
[fluentd-gcp addon] Update event-exporter to address metrics problem
Follow-up of https://github.com/GoogleCloudPlatform/k8s-stackdriver/pull/37:
```
In the clusters with CA, the number of metric streams will continuously grow if the host is included.
```
Name is updated b/c otherwise addon manager will not be able to pick up the change.
Automatic merge from submit-queue (batch tested with PRs 52227, 52120)
Use COS for nodes in testing clusters by default, and bump COS.
Addresses part of issue #51487. May assist with #51961 and #50695.
CVM is being deprecated, and falls out of support on 2017/10/01. We shouldn't run test jobs on it. So start using COS for all test jobs.
The default value of `KUBE_NODE_OS_DISTRIBUTION` for clusters created for testing will now be gci. Testjobs that do not specify this value will now run on clusters using COS (aka GCI) as the node OS, instead of CVM, the previous default.
This change only affects testing; non-testing clusters already use COS by default.
In addition, bump the version of COS from `cos-stable-60-9592-84-0` to `cos-stable-60-9592-90-0`.
```release-note
NONE
```
/cc @yujuhong, @mtaufen, @fejta, @krzyzacy
Automatic merge from submit-queue
Add cluster up configuration for certificate signing duration.
```release-note
Add CLUSTER_SIGNING_DURATION environment variable to cluster configuration scripts
to allow configuration of signing duration of certificates issued via the Certificate
Signing Request API.
```
Addresses part of issue #51487.
This is a big change for testing; any testjobs that do not
set an explicit KUBE_NODE_OS_DISTRIBUTION will have been running
on CVM, but after this PR will start running COS.
CVM is being deprecated, and falls out of support on 2018/10/01.
In addition, bump the patch version of COS from
cos-stable-60-9592-84-0 to cos-stable-60-9592-90-0.
Automatic merge from submit-queue (batch tested with PRs 51921, 51829, 51968, 51988, 51986)
COS/GCE: bump the max pids for the docker service
**What this PR does / why we need it**:
TasksMax limits how many threads/processes docker can create. Insufficient limit affects container starts.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes#51977
**Special notes for your reviewer**:
**Release note**:
```release-note
Ensure TasksMax is sufficient for docker
```
Automatic merge from submit-queue (batch tested with PRs 51921, 51829, 51968, 51988, 51986)
Fix unbound variable in configure-helper.sh
This isn't plumbed yet on GKE, so results in an unbound variable.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51186, 50350, 51751, 51645, 51837)
Set up DNS server in containerized mounter path
During NFS/GlusterFS mount, it requires to have DNS server to be able to
resolve service name. This PR gets the DNS server ip from kubelet and
add it to the containerized mounter path. So if containerized mounter is
used, service name could be resolved during mount
**Release note**:
```release-note
Allow DNS resolution of service name for COS using containerized mounter. It fixed the issue with DNS resolution of NFS and Gluster services.
```
During NFS/GlusterFS mount, it requires to have DNS server to be able to
resolve service name. This PR gets the DNS server ip from kubelet and
add it to the containerized mounter path. So if containerized mounter is
used, service name could be resolved during mount
Automatic merge from submit-queue (batch tested with PRs 51739, 51762)
GCE: Separate the network's project from the rest of the project
**What this PR does / why we need it**:
PR allows the user to specify a different project for network resources during cluster turn-up.
Depends on #51725Fixes#51846
/assign @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Bump gce metadata-proxy from 0.1.2 to 0.1.3
**What this PR does / why we need it**: Bump metadata-proxy from 0.1.2 to 0.1.3 to incorporate fix for CVE 2016-9063, xref https://github.com/kubernetes/contrib/pull/2720
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49727, 51792)
Introducing metrics-server
ref https://github.com/kubernetes/features/issues/271
There is still some work blocked on problems with repo synchronization:
- migrate to `v1beta1` introduced in #51653
- bump deps to HEAD
Will do it in a follow up PRs once the issue is resolved.
```release-note
Introduced Metrics Server
```
Automatic merge from submit-queue
Add RBAC, healthchecks, autoscalers and update Calico to v2.5.1
**What this PR does / why we need it**:
- Updates Calico to `v2.5`
- Calico/node to `v2.5.1`
- Calico CNI to `v1.10.0`
- Typha to `v0.4.1`
- Enable health check endpoints
- Add Readiness probe for calico-node and Typha
- Add Liveness probe for calico-node and Typha
- Add RBAC manifest
- With calico ClusterRole, ServiceAccount and ClusterRoleBinding
- Add Calico CRDs in the Calico manifest (only works for k8s v1.7+)
- Add vertical autoscaler for calico-node and Typha
- Add horizontal autoscaler for Typha
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50602, 51561, 51703, 51748, 49142)
Use arm32v7|arm64v8 images instead of the deprecated armhf|aarch64 image organizations
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50601
**Special notes for your reviewer**:
/assign @ixdy @jbeda @zmerlynn
**Release note**:
```release-note
Use arm32v7|arm64v8 images instead of the deprecated armhf|aarch64 image organizations
```
Automatic merge from submit-queue (batch tested with PRs 51553, 51538, 51663, 51069, 51737)
Edit owner files for kube-proxy manifests
**What this PR does / why we need it**: We should have owner file for kube-proxy daemonset manifest.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei @thockin
cc @dnardo @freehan @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51553, 51538, 51663, 51069, 51737)
Allow enable pod priority feature gate for GCE and configure priority for kube-proxy
**What this PR does / why we need it**:
From #23225, this PR adds an option for user to enable pod priority feature gate using GCE startup scripts, and configure pod priority for kube-proxy when enabled.
The setup `priorityClassName: system` derives from: ce1485c626/staging/src/k8s.io/api/core/v1/types.go (L2536-L2542)
The plan is to configure pod priority for kube-proxy daemonset (https://github.com/kubernetes/kubernetes/pull/50705) in the same way.
**Special notes for your reviewer**:
cc @bsalamat @davidopp @thockin
**Release note**:
```release-note
When using kube-up.sh on GCE, user could set env `ENABLE_POD_PRIORITY=true` to enable pod priority feature gate.
```
Automatic merge from submit-queue (batch tested with PRs 51583, 51283, 51374, 51690, 51716)
Create a secondary range for the services instead of a subnetwork
GCE now supports >1 secondary ranges / subnetwork.
Fixes#51774
```release-note
When using IP aliases, use a secondary range rather than subnetwork to reserve cluster IPs.
```
Automatic merge from submit-queue (batch tested with PRs 51590, 48217, 51209, 51575, 48627)
FlexVolume setup script for COS instance using mounting utility image in GCR.
**What this PR does / why we need it**: This scripts automates FlexVolume installation for a single COS instance. Users need to pre-pack their drivers and mount utilities in a Docker image and upload it to GCR.
For each FlexVolume plugin, the script places a driver wrapper in a writable and executable location. The wrapper calls commands from the actual driver but in a chroot environment, so that mount utilities from the image can be used.
I'm working on a script that automatically executes this on all instances. Will be in a separate PR.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48626
```release-note
NONE
```
/cc @gmarek @chakri-nelluri
/assign @saad-ali @msau42
/sig storage
/release-note-none
Automatic merge from submit-queue
Adding Flexvolume plugin dir piping for controller manager on COS
**What this PR does / why we need it**: Sets the default Flexvolume plugin directory correctly for controller manager running on COS images.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51563
```release-note
NONE
```
/release-note-none
/sig storage
/assign @msau42
/cc @wongma7
Automatic merge from submit-queue (batch tested with PRs 49971, 51357, 51616, 51649, 51372)
Add some initial shell parsing tests.
These just test to see if there is a bash syntax error in these shell
libraries.
For #51642
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51480, 49616, 50123, 50846, 50404)
Add KUBE_APISERVER_REQUEST_TIMEOUT_SEC env var.
Cluster startup support for the flag added by #51415. I won't merge until that PR merges.
Bug: #51355
cc @jpbetz
Automatic merge from submit-queue
fix some bad URL in the /cluster/uju/layers/kubernetes-e2e/README.md
**What this PR does / why we need it**:
There are some bad URL when I read the file and I have fix it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Retry master instance creation in case of retriable error (with sleep)
To help with our 5k-node CI tests failing to startup the cluster.
And also towards the greater goal - https://github.com/kubernetes/kubernetes/issues/43140
cc @kubernetes/sig-scalability-misc @kubernetes/sig-cluster-lifecycle-misc
Automatic merge from submit-queue (batch tested with PRs 47054, 50398, 51541, 51535, 51545)
Switch away from gcloud deprecated flags in compute resource listings
**What is fixed**
Remove deprecated `gcloud compute` flags, see linked issue.
**Which issue this PR fixes**:
fixes#49673
**Special notes for your reviewer**:
The change in `gcloudComputeResourceList` in `test/e2e/framework/ingress_utils.go` isn't strictly needed as currently no affected resources are called on within that file, however the function has the _potential_ to access affected resources so I covered it as well. Happy to change if deemed unnecessary.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add Google cloud KMS service for envelope encryption transformer
This adds the required pieces which will allow addition of KMS based encryption providers (envelope transformer).
For now, we will be implementing it using Google Cloud KMS, but the code should make it easy to add support for any other such provider which can expose Decrypt and Encrypt calls.
Writing tests for Google Cloud KMS Service may cause a significant overhead to the testing framework. It has been tested locally and on GKE though.
Upcoming after this PR:
* Complete implementation of the envelope transformer, which uses LRU cache to maintain decrypted DEKs in memory.
* Track key version to assist in data re-encryption after a KEK rotation.
Development branch containing the changes described above: https://github.com/sakshamsharma/kubernetes/pull/4
Envelope transformer used by this PR was merged in #49350
Concerns #48522
Planned configuration:
```
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- kms:
cachesize: 100
configfile: gcp-cloudkms.conf
name: gcp-cloudkms
- identity: {}
```
gcp-cloudkms.conf:
```
[GoogleCloudKMS]
kms-location: global
kms-keyring: google-container-engine
kms-cryptokey: example-key
```
Automatic merge from submit-queue (batch tested with PRs 51471, 50561, 50435, 51473, 51436)
Fix `gcloud compute instance-groups managed list` call
**What this PR does / why we need it**: gcloud 168.0.0 makes the `gcloud compute instance-groups managed list --format='value(instanceGroup)'` call return a URL instead of just the name, which is causing `list-instances` to fail. Switching to `--format='value(name)'` seems to restore the old behavior.
x-ref #49673
**Release note**:
```release-note
NONE
```
/cc @wojtek-t @mwielgus @shyamjvs @jiayingz @mindprince
Automatic merge from submit-queue (batch tested with PRs 50932, 49610, 51312, 51415, 50705)
Allow running kube-proxy as a DaemonSet when using kube-up.sh on GCE
**What this PR does / why we need it**:
From #23225, this PR adds an option for user to run kube-proxy as a DaemonSet instead of static pods using GCE startup scripts. By default, kube-proxy will run as static pods.
This is the first step for moving kube-proxy into a DaemonSet in GCE, remaining tasks will be tracked on #23225.
**Special notes for your reviewer**:
The last commit are purely for testing out kube-proxy as daemonset via CIs.
cc @kubernetes/sig-network-misc @kubernetes/sig-cluster-lifecycle-misc
**Release note**:
```release-note
When using kube-up.sh on GCE, user could set env `KUBE_PROXY_DAEMONSET=true` to run kube-proxy as a DaemonSet. kube-proxy is run as static pods by default.
```
Automatic merge from submit-queue (batch tested with PRs 51038, 50063, 51257, 47171, 51143)
update related manifest files to use hostpath type
**What this PR does / why we need it**:
Per [discussion in #46597](https://github.com/kubernetes/kubernetes/pull/46597#pullrequestreview-53568947)
Dependes on #46597
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes: https://github.com/kubernetes/kubeadm/issues/298
**Special notes for your reviewer**:
/cc @euank @thockin @tallclair @Random-Liu
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Update cos image to cos-stable-60-9592-84-0
cos-m60 has been stable for a long time. This image contains a docker upgrade, which has been validated in https://github.com/kubernetes/kubernetes/issues/42926.
**Release note**:
```
None
```
/assign @yujuhong
/cc @dchen1107
Automatic merge from submit-queue (batch tested with PRs 50713, 47660, 51198, 51159, 51195)
Dump installation and configuration logs for master
**What this PR does / why we need it**:
We are dumping out empty configuration and installation logs on master, see `kube-node-configuration.log` and `kube-node-installation.log` on http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-gci-gce/12818/artifacts/bootstrap-e2e-master/.
I guess it is just because [we name the services on master differently](https://github.com/kubernetes/kubernetes/blob/v1.7.3/cluster/gce/gci/master.yaml#L4-L40)?
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix invalid url link in cluster/addons/registry/auth/README.md
**What this PR does / why we need it**:
Fix invalid url link in `cluster/addons/registry/auth/README.md`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Removing push_api_data on kube-api.connected seems to be dead code
**What this PR does / why we need it**: Removing dead code is always good :)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**: There is no kube-api relation. This method was replace probably at some point by push_service_data firing when kube-api-endpoint.available
**Release note**:
```
```
Automatic merge from submit-queue (batch tested with PRs 51193, 51154, 42689, 51189, 51200)
Revert default service-cidr config on kubernetes-master charm
**What this PR does / why we need it**:
This reverts the default service-cidr config in the kubernetes-master charm.
A while back, we changed the default service-cidr in the kubernetes-master charm from `10.152.183.0/24` to `10.152.0.0/16`. In testing, we have found that the charms don't handle this change well, so we are reverting it until we can make the change more safely.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51193, 51154, 42689, 51189, 51200)
Include $USER in network name to not clash for different users' cl…
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Auto-calculate CLUSTER_IP_RANGE based on cluster size
In preparation for eliminating CLUSTER_IP_RANGE env var from job configs, making it less error prone while folks try to start their own large cluster tests (https://github.com/kubernetes/kubernetes/issues/50907).
/cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Set GCE_ALPHA_FEATURES environment variable in gce.conf
This allows us to gate alpha features in the pkg/cloudprovider/providers/gce.
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
Changing Flexvolume plugin directory to a location reachable by containerized k8s components.
**What this PR does / why we need it**: Testing Flexvolume requires plugins to be installed at a location which is accessible by containerized k8s components (such as controller-manager).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51123
```release-note
NONE
```
/assign @wongma7 @msau42
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Run multiarch/qemu-user-static:register before building cross-arch images
**What this PR does / why we need it**: #48365 inadvertently broke building non-x86 hyperkube images for developers who'd not built non-x86 images before and thus hadn't yet run `multiarch/qemu-user-static:register`. This PR restores that step.
**Release note**:
```release-note
NONE
```
/assign @david-mcmahon @mbohlool @luxas
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
update to rbac v1 in yaml file
**What this PR does / why we need it**:
ref to https://github.com/kubernetes/kubernetes/pull/49642
ref https://github.com/kubernetes/features/issues/2
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51039, 50512, 50546, 50965, 50467)
Add flags for prometheus-to-sd components.
Configure prometheus-to-sd-endpoint and prometheus-to-sd-prefix base on
the environment.
**Release note**:
NONE
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
Fix duplicate field in kubeconfig
The server field was accidentally duplicated during a rebase of #40050.
```release-note
NONE
```
Automatic merge from submit-queue
Update OWNERS files for networking components
This will reduce the approval load for the top level tree owners
```release-note
NONE
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add Priority admission controller
**What this PR does / why we need it**: Add Priority admission controller. This admission controller checks creation and update of PriorityClasses. It also resolves a PriorityClass name of a pod to its integer value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add Priority admission controller for monitoring and resolving PriorityClasses.
```
ref/ #47604
ref/ #48646
Automatic merge from submit-queue (batch tested with PRs 50302, 50573, 50500, 50633, 50617)
Fix kubernetes-worker charm hook failure when applying labels
**What this PR does / why we need it**:
This fixes a failure that can occur in the kubernetes-worker charm when trying to apply node labels.
The failure is rare, and can occur in two situations that I've seen:
1. kube-apiserver is not up yet
2. kubelet has not registered itself as a node yet
Rather than give up right away, let's give the services a minute to come up.
**Release note**:
```release-note
Fix kubernetes-worker charm hook failure when applying labels
```
Automatic merge from submit-queue
Increase kibana CPU limit to sped up the startup
Similarly to Elasticsearch, Kibana requires some additional CPU during startup to build caches.
Fixes https://github.com/kubernetes/kubernetes/issues/50610
/cc @piosz @coffeepac @aknuds1
Automatic merge from submit-queue
Add variables for passing test args to kubemark master components
cc @msau42 - This change will enable us to turn on extender in the scheduler in kubemark-scale job
Automatic merge from submit-queue (batch tested with PRs 50485, 49951, 50508, 50511, 50506)
Pass config to external Kubemark cluster in e2e tests
When cluster autoscaler is used in kubemark tests,
pass default kubeconfig as external cluster config.
@shyamjvs @gmarek
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50386, 50374, 50444, 50382)
Add explicit API kind and version to the audit policy file on GCE
Adds an explicit API version and kind to the audit policy file in GCE configuration scripts. It's a prerequisite for https://github.com/kubernetes/kubernetes/pull/49115
/cc @tallclair @piosz
Automatic merge from submit-queue (batch tested with PRs 49725, 50367, 50391, 48857, 50181)
New get-kube.sh option: KUBERNETES_SKIP_RELEASE_VALIDATION
**What this PR does / why we need it**:
This is an alternative solution to https://github.com/kubernetes/kubernetes/pull/49884. The goal is to be able to pull releases that were built by bazel jobs (both presubmit and postsubmit builds), which currently fail our regex validation against the version string.
This implementation is a simple "I know what I'm doing" breakglass option to turn regex validation off, whereas https://github.com/kubernetes/kubernetes/pull/49884 was to extend our validation to support the new formats of bazel build jobs. I'm testing the waters to see if this is a more palatable solution.
**Release note**:
```release-note
New get-kube.sh option: KUBERNETES_SKIP_RELEASE_VALIDATION
```
CC @BenTheElder @fejta @ixdy
Automatic merge from submit-queue (batch tested with PRs 50300, 50328, 50368, 50370, 50372)
Bugfix: set resources only for fluentd-gcp container.
There is more than one container in fluentd-gcp deployment. Previous
implementation was setting resources for all containers, not just
the fluent-gcp one.
**What this PR does / why we need it**:
Bugfix; https://github.com/kubernetes/kubernetes/pull/49009 without this is eating more resources.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50366
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
GKE deployment: Kill cluster/gke
kubernetes/test-infra#3983 migrated the remaining GKE jobs using the bash deployment (cluster/gke). All jobs are now on the gke `deployer` in `kubetest`.
Fixeskubernetes/test-infra#3307
```release-note
`cluster/gke` has been removed. GKE end-to-end testing should be done using `kubetest --deployment=gke`
```
There is more than one container in fluentd-gcp deployment. Previous
implementation was setting resources for multiple containers, not just
the fluent-gcp one.
Automatic merge from submit-queue
Ensure that pricing expander is used by default in Cluster Autoscaler
Pricing expander was set as the default one for GCP, however on some occasion it was possible that AUTOSCALER_EXPANDER_CONFIG variable was not set resulting in using the the random expander.
Automatic merge from submit-queue (batch tested with PRs 48532, 50054, 50082)
Refactored the fluentd-es addon
Refactor fluentd-elasticsearch addon:
- Decrease the number of files by moving RBAC-related objects in the same files where they're used
- Move the fluentd configuration out of the image
- Don't use PVC to avoid leaking resources in e2e tests
- Fluentd now ingest docker and kubelet logs that are written to journald
- Disable X-Pack, because it's not free
Fixes https://github.com/kubernetes/kubernetes/issues/41462
Fixes https://github.com/kubernetes/kubernetes/issues/49816
Fixes https://github.com/kubernetes/kubernetes/issues/48973
Fixes https://github.com/kubernetes/kubernetes/issues/49450
@aknuds1 @coffeepac Could you please take a look?
```release-note
Fluentd DaemonSet in the fluentd-elasticsearch addon is configured via ConfigMap and includes journald plugin
Elasticsearch StatefulSet in the fluentd-elasticsearch addon uses local storage instead of PVC by default
```
Automatic merge from submit-queue (batch tested with PRs 48487, 49009, 49862, 49843, 49700)
Enable overriding fluentd resources in GCP
**What this PR does / why we need it**: This enables overriding fluentd resources in GCP, when there is a need for custom ones.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)
Add basic install and mount flexvolumes e2e tests
fixes https://github.com/kubernetes/kubernetes/issues/47010
These two tests install a skeleton "dummy" flex driver, attachable and non-attachable respectively, then test that a pod can successfully use the flex driver. They are labeled disruptive because kubelet and controller-manager get restarted as part of the flex install. IMO it's important to keep this install procedure as part of the test to isolate any bugs with the startup plugin probe code.
There is a bit of an ugly dependency on cluster/gce/config-test.sh because --flex-volume-plugin-dir must be set to a dir that's readable from controller-manager container and writable by the flex e2e test. The default path is not writable on GCE masters with read-only root so I picked a location that looks okay.
In the "dummy" drivers I trick kubelet into thinking there is a mount point by doing "mount -t tmpfs none ${MNTPATH} >/dev/null 2>&1", hope that is okay.
I have only tested on GCE and theoretically they may work on AWS but I don't think there is a need to test on multiple cloudproviders.
-->
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46685, 49863, 50098, 50070, 50096)
GCE: Bump GLBC version to 0.9.6
Closes#50095
**Release note**:
```release-note
GCE: Bump GLBC version to 0.9.6
```
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Run kazel on the entire tree
**What this PR does / why we need it**: part of #47558: auto-generate `BUILD` files on the entire tree, since this is what `gazelle` does, and it'll make subsequent reviews easier if less is changing.
**Release note**:
```release-note
NONE
```
/assign
/release-note-none
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045)
Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.5
This is a patch to upgrade the fluentd-elasticsearch addon to Elasticsearch/Kibana 5.5. Please provide feedback!
```release-notes
* Upgrade Elasticsearch/Kibana to 5.5.1 in fluentd-elasticsearch addon
* Switch to basing our image of Elasticsearch in fluentd-elasticsearch addon off the official one
* Switch to the official image of Kibana in fluentd-elasticsearch addon
* Use StatefulSet for Elasticsearch instead of ReplicationController, with persistent volume claims
* Require authenticating towards Elasticsearch, as Elasticsearch 5.5 by default requires basic authentication
```
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045)
Rebase hyperkube image on debian-hyperkube-base, based on debian-base.
**What this PR does / why we need it**: saves all of the hyperkube image dependencies in a cacheable base image, rather than downloading them for every build (which is slow and flaky).
This way, at build time, we only need to pull down the hyperkube base image and add the hyperkube binary.
I've additionally based the base image on `debian-base` instead of `debian`, though we amusing end up reinstalling a bunch of the things we removed in `debian-base`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#35058, at least partially
**Special notes for your reviewer**: I'm increasingly convinced that the hyperkube image is a bad pattern, as this image carries the superset of dependencies anyone might need, rather than the limited set of dependencies one needs. hyperkube really needs a proper owner.
**Release note**:
```release-note
```
/assign @timstclair @luxas @philips @nikhiljindal
cc @kubernetes/sig-release-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49989, 49806, 49649, 49412, 49512)
Use existing k8s binaries and images on disk when they are preloaded to gce cos image.
**What this PR does / why we need it**:
This change is to accelerate K8S startup time on gce when k8s tarballs and images are already preloaded in VM image, by skipping the downloading, extracting and file transfer steps.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
fix spelling
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Add parallelism to GCE cluster upgrade
Fixes https://github.com/kubernetes/kubernetes/issues/48373
Should allow upgrading 500-node cluster (1.6->1.7) in < 1 hr. It currently takes ~1.5 day.
Though it is the duty of the upgrader to choose the right parallelism in order to avoid disrupting too many pods.
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-scalability-misc @mikedanese @gmarek
Automatic merge from submit-queue
[addon-manager] Remove unneeded annotation codes
**What this PR does / why we need it**:
Clean up addon-manager codes to make it less confusing. The annotation logics is only needed for 1.4->1.5 upgrade.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49898, 49897, 49919, 48860, 49491)
gce: make append_or_replace.. atomic
Before this change,
* the final echo is not atomically written to the target file
* two concurrent callers will use the same tempfile
Helps with https://github.com/kubernetes/kubernetes/issues/49895
cc @miekg
Automatic merge from submit-queue (batch tested with PRs 49898, 49897, 49919, 48860, 49491)
gce: extend CLOBBER_CONFIG to support known_tokens.csv
Helps with #49895
Automatic merge from submit-queue
Reduce kubectl calls from O(#nodes) to O(1) in cluster logdump
Ref https://github.com/kubernetes/kubernetes/issues/48513
Each node's logexporter is made to write a file to a GCS directory on success (https://github.com/kubernetes/test-infra/pull/3782).
We now use that directory as a registry of successful nodes and get it through a single "gsutil ls" call. This:
- reduces the current waiting time for logexporter in 5k-node cluster from >1hr to <10s.
- eliminates dependency on `kubectl logs` calls which seem to be unreliable sometimes (e.g when kubelet (or apiserver) is down)
/cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek @fejta
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Add a support for GKE regional clusters in e2e tests.
**What this PR does / why we need it**:
Add a support for GKE regional clusters in e2e tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49712, 49694, 49714, 49670, 49717)
set juju master charm state to blocked if the services appear to be failing
**What this PR does / why we need it**: set the juju master charm state to blocked if the services appear to be failing
**Release note**:
```release-note
set the juju master charm state to blocked if the services appear to be failing
```
Automatic merge from submit-queue (batch tested with PRs 49712, 49694, 49714, 49670, 49717)
Adding old Juju charm maintainers
**What this PR does / why we need it**: Update email addresses of past Juju charm maintainers
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Fix a dead link in cluster/update-storage-objects.sh
**What this PR does / why we need it**: This PR fixes a dead link in cluster/update-storage-objects.sh.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48360, 48469, 49576, 49516, 49558)
Update maintainers for Juju charm layers
**What this PR does / why we need it**: Update maintainers of harm layers to reflect ... reality
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 48360, 48469, 49576, 49516, 49558)
Rev Calico's Typha daemon to v0.2.3 in add-on deployment.
**What this PR does / why we need it**:
This PR revs the version of Calico's Typha daemon used in the calico-policy-controller add-on to the latest bug-fix release, which incorporates a [critical bug fix](https://github.com/projectcalico/typha/issues/28).
**Which issue this PR fixes**
fixes#49473
**Release note**:
```release-note
Rev version of Calico's Typha daemon used in add-on to v0.2.3 to pull in bug-fixes.
```
Automatic merge from submit-queue
Set snat to false
**What this PR does / why we need it**:
- the [version](e8bea554c5) of the portmap plugin included with calico CNI version `v1.9.1` doesn't have `noSnat` config option, it has `snat` which is not specified (which is the case without this PR), [will be set to true by default](https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap#usage) , so we need to explicitly set it to `false`
CC @caseydavenport
Automatic merge from submit-queue (batch tested with PRs 45040, 48960)
Add ceph-common to hyperkube image
**What this PR does / why we need it**:
Adds the ceph-common package to the hyperkube image
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Fix bug in cluster/log-dump
We're breaking in case KUBECTL is set as "./cluster/kubectl.sh --match-server-version". Moreover we always are using cluster/kubectl.sh as the default and don't want to do match-server-version for the purpose of logexporter.
Also adding owners file so I'm not blocked for approves while making fixes in log-dump. Besides I'll be able to review fixes sent by others.
/cc @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Use presence of kubeconfig file to toggle standalone mode
Fixes#40049
```release-note
The deprecated --api-servers flag has been removed. Use --kubeconfig to provide API server connection information instead. The --require-kubeconfig flag is now deprecated. The default kubeconfig path is also deprecated. Both --require-kubeconfig and the default kubeconfig path will be removed in Kubernetes v1.10.0.
```
/cc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-node-misc
Automatic merge from submit-queue
Remove flags low-diskspace-threshold-mb and outofdisk-transition-frequency
issue: #48843
This removes two flags replaced by the eviction manager. These have been depreciated for two releases, which I believe correctly follows the kubernetes depreciation guidelines.
```release-note
Remove depreciated flags: --low-diskspace-threshold-mb and --outofdisk-transition-frequency, which are replaced by --eviction-hard
```
cc @mtaufen since I am changing kubelet flags
cc @vishh @derekwaynecarr
/sig node
Replaces use of --api-servers with --kubeconfig in Kubelet args across
the turnup scripts. In many cases this involves generating a kubeconfig
file for the Kubelet and placing it in the correct location on the node.
Automatic merge from submit-queue (batch tested with PRs 49326, 49394, 49346, 49379, 49399)
more robust stat handling from ceph df output in the kubernetes-master charm create-rbd-pv action
**What this PR does / why we need it**: more robust stat handling from ceph df output in the kubernetes-master charm create-rbd-pv action
**Release note**:
```release-note
more robust stat handling from ceph df output in the kubernetes-master charm create-rbd-pv action
```
Automatic merge from submit-queue (batch tested with PRs 49420, 49296, 49299, 49371, 46514)
Fix: PV metric is not namespaced
**What this PR does / why we need it**: The PV metric of juju deployments is not namespaced. This PR fixes this bug.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/348
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 49420, 49296, 49299, 49371, 46514)
Update status to show failing services.
**What this PR does / why we need it**: Report on charm status any services that are not running.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/341
**Special notes for your reviewer**:
**Release note**:
```Report failing services in Juju deployed clusters.
```
Automatic merge from submit-queue
Auto-calculate master disk and root disk sizes in GCE
@gmarek PR https://github.com/kubernetes/kubernetes/pull/49282 didn't fix the issue because MASTER_DISK_SIZE was defaulting to 20GB in config-test.sh before being calculated inside get-master-disk-size() where you use pre-existing value if any.
It should be fixed by this now.
Automatic merge from submit-queue (batch tested with PRs 48565, 49172)
On GCE check whether NODE_LOCAL_SSDS=0 and handle this case appropriately
**What this PR does / why we need it**: Presently if you are using a mac and GCE and specify NODE_LOCAL_SSDS=0, or use the default, you end up with 2 local SSDs.
**Which issue this PR fixes** : fixes https://github.com/kubernetes/kubernetes/issues/49171
**Special notes for your reviewer**:
I've discovered that this issue is due to b353792f9c/cluster/gce/util.sh (L579)
If NODE_LOCAL_SSDS=0, this evaluates to $(seq 0)
```
$ for i in $(seq 0); do echo $i; done
1
0
```
From man seq on mac osx
```
The seq utility prints a sequence of numbers, one per line (default), from first (default 1),
to near last as possible, in increments of incr (default 1).When first is larger than last the
default incr is -1.
```
This was run on mac with the seq manpage indicating it comes from BSD Feb 19 2010.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49222, 49333, 48708, 49337)
Fix issue in installing containerized mounter
Fix PR #49335
PR #49157 causes failure when installing containerized mounter. This
PR is a fix for it
Automatic merge from submit-queue (batch tested with PRs 49222, 49333, 48708, 49337)
glbc: change the label of the l7-lb-controller pod
This ensures that the default http backend service doesn't include this
pod as its endpoint. This fixes#49159
Automatic merge from submit-queue (batch tested with PRs 49330, 49252, 49262, 49278, 49334)
Simplify master-worker relation missing message
**What this PR does / why we need it**: Simplify messaging of missing relation in Juju deployments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/309
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue
Use custom port for node-problem-detector
It fixes https://github.com/kubernetes/kubernetes/issues/49263
```release-note
Use port 20256 for node-problem-detector in standalone mode.
```
Automatic merge from submit-queue
fix the typo of Kubernetes Worker
**What this PR does / why we need it**:
fix the typo of Kubernetes Worker that Kubernetes spell error
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```NONE
Automatic merge from submit-queue
Bump rescheduler version to v0.3.1
**What this PR does / why we need it**:
Bump Rescheduler version to v0.3.1 to log to STDERR.
**Which issue this PR fixes**
Fixes https://github.com/kubernetes/contrib/issues/2518
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48377, 48940, 49144, 49062, 49148)
add some more deprecation warnings to cluster
Part of https://github.com/kubernetes/kubernetes/issues/49213
@kubernetes/sig-cluster-lifecycle-misc
Automatic merge from submit-queue
Bump e2e mounttest image version to 0.8
Reduce the number of image files required for e2e test run
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49058, 49072, 49137, 49182, 49045)
Set default CIDR to /16 for Juju deployments
**What this PR does / why we need it**: Increase the number of IPs on a deployment
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/272
**Special notes for your reviewer**:
**Release note**:
```Set default CIDR to /16 for Juju deployments
```
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)
gce: don't print every file in mounter to stdout
This is printing ~3000 lines.
Automatic merge from submit-queue (batch tested with PRs 48914, 48535, 49099, 48935, 48871)
Log error when fail to execute command in with-retry()
**What this PR does / why we need it**: Enhance gke/util.sh logging.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48913
**Special notes for your reviewer**:
/cc @krzyzacy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49019, 48919, 49040, 49018, 48874)
Set default snap channel on charms to 1.7 stable
**What this PR does / why we need it**: This PR sets the default snap channel on charms to 1.7/stable.
This addresses problems where the the user might want to deploy the charm and get the same kubernetes version found on the bundles.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/305
**Special notes for your reviewer**:
**Release note**:
```Set default snap channel on charms to 1.7/stable
```
Automatic merge from submit-queue (batch tested with PRs 48231, 47377, 48797, 49020, 49033)
prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm
**What this PR does / why we need it**: prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm
**Release note**:
```release-note
prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm
```
Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)
use port configuration
**What this PR does / why we need it**: Uses the `port` config option in the kubeapi-load-balancer charm.
**Release note**:
```release-note
Uses the port config option in the kubeapi-load-balancer charm.
```
Automatic merge from submit-queue
remove some people from OWNERS so they don't get reviews anymore
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- @bprashanth
- @rjnagal
- @vmarmol
Automatic merge from submit-queue (batch tested with PRs 48812, 48276)
Change fluentd-gcp monitoring to use metrics exposed by SD plugin
Following https://github.com/GoogleCloudPlatform/fluent-plugin-google-cloud/pull/135, make fluentd-gcp expose metrics in Prometheus registry and use them instead of counting records in the pipeline.
/cc @piosz @igorpeshansky
```release-note
Fluentd-gcp DaemonSet exposes different set of metrics.
```
Automatic merge from submit-queue (batch tested with PRs 48864, 48651, 47703)
Enable logexporter mechanism to dump logs from k8s nodes to GCS directly
Ref https://github.com/kubernetes/kubernetes/issues/48513
This adds support for logexporter from k8s side. Next I'll send a PR adding support from test-infra side.
/cc @kubernetes/sig-scalability-misc @kubernetes/test-infra-maintainers @fejta @wojtek-t @gmarek
Automatic merge from submit-queue
Fixed cluster validation for multizonal clusters.
Fixed cluster validation for multizonal clusters.
This should fix HA master e2e tests.
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46748, 48826)
Added `CriticalAddonsOnly` toleration for npd.
**What this PR does / why we need it**:
We should add `CriticalAddonsOnly` toleration to make sure the daemonset can be scheduled on the node even if already planned to run critical pod.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47015
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue
Properly nest code blocks
**What this PR does / why we need it**:
Markdown code blocks are adjusted to better display on GitHub. See [rendered](c3fbec7663/cluster/addons/cluster-loadbalancing/glbc/README.md) version.
**Release note**:
```release-note
Adjust markdown code block in README for Google Load Balancer addon.
```
Automatic merge from submit-queue
Update docs for user-guide
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48781, 48817, 48830, 48829, 48053)
Fix yaml-quote typo
Caught this looking through CI logs.
/assign wojtek-t
Automatic merge from submit-queue (batch tested with PRs 48279, 48566, 48319, 48794, 47952)
Add prometheus plugin on fluentd image.
**What this PR does / why we need it**:
This PR adds the prometheus plugin on Fluentd.
**Special notes for your reviewer**:
The plugin used was: https://github.com/kazegusuri/fluent-plugin-prometheus, on the latest stable version.
All configs used are default.
**Release note**:
```release-note
Fluentd-es addon now exposes a /metrics endpoint for monitoring on port 24231.
```
Automatic merge from submit-queue
Use Container-optimzed OS images for nodes by default
Part of the deprecation of the debian-based ContainerVM images.
```release-note
kube-up and kubemark will default to using cos (GCI) images for nodes.
The previous default was container-vm (CVM, "debian"), which is deprecated.
If you need to explicitly use container-vm for some reason, you should set
KUBE_NODE_OS_DISTRIBUTION=debian
```
Automatic merge from submit-queue
Pass cluster name to Heapster with Stackdriver sink.
**What this PR does / why we need it**:
Passes cluster name as argument to Heapster when it's used with Stackdriver sink to allow setting resource label 'cluster_name' in exported metrics.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48405, 48742, 48748, 48571, 48482)
Setting default FlexVolume driver directory on COS images.
**What this PR does / why we need it**: The original default FlexVolume driver directory is not writable on COS. A new location is necessary to make FlexVolume work.
This directory doesn't exist by default. FlexVolume users need to create this directory, bind mount it, and remount with the executable permission. The other candidate is /home/kubernetes/bin, but the directory is already getting cluttered. I will submit a different PR for a script that automates this step.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48570
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
GCE: Allow empty NETWORK_PROJECT_ID env var
Changes:
1. Adds `GCE_API_ENDPOINT` logic to container-linux as it was added to GCI in #47881.
1. Apply `NETWORK_PROJECT_ID` value to gce.conf only if the env var is set.
/sig network
/area platform/gce
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Launch kubemark with an existing Kubemark master
In order to expand the use of kubemark, allow developers to use kubemark with a pre-existing Kubernetes cluster.
Ref issue #44393
Automatic merge from submit-queue (batch tested with PRs 48399, 48450, 48144)
Skip errors when unregistering juju kubernetes-workers
**What this PR does / why we need it**: When removing a kubernetes node from using Juju and for some reason kubernetes master fails we should not error the node, instead we should proceed with the removal of the node and the master will recognise that node as unavailable because it will fail heartbeats.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/300
**Special notes for your reviewer**:
**Release note**:
```
Clean decommission of Juju kubernetes worker units
```
Automatic merge from submit-queue (batch tested with PRs 48399, 48450, 48144)
configure kube-proxy to run with unset conntrack param when in lxc
**What this PR does / why we need it**: Configures the Juju Charm code to run kube-proxy with `conntrack-max-per-core` set to `0` when in an lxc as a workaround for issues when mounting `/sys/module/nf_conntrack/parameters/hashsize`
**Release note**:
```release-note
Configures the Juju Charm code to run kube-proxy with conntrack-max-per-core set to 0 when in an lxc as a workaround for issues when mounting /sys/module/nf_conntrack/parameters/hashsize
```
