- /var/lib/docker should be mount read-write, because kubelet needs to
update /etc/resolv.conf file in container, see #29378
- /var/lib/kubelet should be mount rslave, because mountpoints under
this directory must be propagated to other containers
- `--pid=host` is needed to run `nsenter --mount=/rootfs/proc/1/ns/mnt -- /usr/bin/systemd-run --scope` correctly
- configure cluster dns for kubelet running in a container
- should propagate sub-mounts of / to kubelet for local volume
- Use rslave to mount /var/lib/docker/ so we can see what the host
mounts under this path.
- Keep containerized kubelet flags same as non-containerized and check
kubelet is running or not.
- Use `all_kubelet_flags` to share kubelet flags.
Commit 43cb024402 replaced command line parameters with a .yaml
configuration file. But feature gates must be configured with a map in
.yaml, not with a comma-separated string as in the command line
parameters. As a result, kube-proxy failed to start and networking was
broken in the cluster.
Commit c339fc0c4f tried to fix that by moving feature gates back to
the command line, but later it was found out that the command line
parameter gets ignored when also specifying a config.
Therefore now the feature gates variable gets converted into a proper
map in the config.
This helps developers detect when something went wrong and then also
points them in the right direction by showing where the corresponding
log file is, if there is one.
For example, since commit 43cb024402 in April 2017 kube-proxy failed
to start because featureGates was not set correctly in the .yaml file,
but no-one seems to have noticed this.
Killing processes in cleanup is racing with those processes
terminating by themselves when aborting local-up-cluster.sh with
CTRL-C. That leads to unnecessary error messages:
^CCleaning up...
kill: (21592): No such process
kill: (21586): No such process
Automatic merge from submit-queue (batch tested with PRs 62425, 62212, 60824, 62383, 62384). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
optimize requestcontext: use RWMutex to improve r/w performance
RequestContextMapper is one of the mostly used interface by every request, and the underlying struct is a map with Mutex protect. So here we should use RWMutex.
**Release note**:
```release-note
NONE
```
The script used attachlease and migrate-if-needed.sh for performing
etcd2 -> etcd3 migration. In the commit 39e5a56691 we stopped migrating
data, but still built unused attachlease binary.
Later, in the dc4d92e154 commit, migrate-if-needed.sh was reimplemented
in go and unused attachlease was replaced by migrate that also wasn't
needed.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reimplement migrate-if-needed.sh in go
The `migrate-if-needed.sh` script was already partially implemented in go (see the attachlease and rollback sub-dirs), but was still unnecessarily difficult to understand and test. This closely reimplements the original logic but with improved code structure, error handling and testing.
Where possible, go code that was previously executed as separate binaries is now statically linked into a single 'migrate' go cobra CLI app, which is then thinly wrapped by`migrate-if-needed.sh`.
There are numerous additional improvements that need to be made, but will be submitted in future PRs. This PR is focused on achieving parity with the pre-existing functionality and introducing some much needed test coverage, in particular HA cluster upgrade test coverage.
It appears that the `attachlease` and `rollback` go binaries are no longer needed as standalones and so I have consolidated them into the new `migrate` go binary. Other than that, this change aims to be 100% backward compatible.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59027, 62333, 57661, 62086, 61584). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
local-up-cluster.sh: support preserving etcd optionally
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
**What this PR does / why we need it**:
Allow `hack/local-up-cluster.sh` to support preserve `ETCD_DIR` when `PRESERVE` is set to non-false value.
usage:
```
$ PRESERVE=true ETCD_DIR=/var/lib/etcd-kube-HEAD .... \
./hack/local-up-cluster.sh
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
(None)
**Special notes for your reviewer**:
(None)
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 59027, 62333, 57661, 62086, 61584). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make FAIL_SWAP_ON warning message clear
**What this PR does / why we need it**:
When operating local-up-cluster.sh to prepare e2e tests, the warning
message can be output. This commit makes the message clear.
**Release note**: NONE
As of go 1.10, we do not need to explicitly build the stdlib for static
any more. That happens automatically. Timing tests show no discernible
difference between a `go install` with and without it.
Also use 'static' suffix instead of 'cgo'.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fully resolve tmpdir in verify-bazel.sh, since it might be a symlink on macOS
**What this PR does / why we need it**: Apparently the system tmpdir is inside a symlink on macOS, which confuses gazelle's symlink logic. By resolving this symlink to the absolute path, we can avoid the issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61986
**Release note**:
```release-note
NONE
```
/assign @cblecker
cc @patrikerdes
Automatic merge from submit-queue (batch tested with PRs 60900, 62215, 62196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove need for server connections for dry-run create
when running create commands in --dry-run mode, we don't need a server connection or restmapper information
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use pause manifest image
**What this PR does / why we need it**:
As pause manifest code is merged part of https://github.com/kubernetes/kubernetes/pull/57723, now its time to remove all architecture-dependent pause imagename.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58420, 60483). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kube apiserver ServerRunOptions set default called before use
**What this PR does / why we need it**:
move `ServerRunOptions` set default function `defaultOptions` out of `CreateKubeAPIServerConfig`, it should be called before real use `CreateNodeDialer`. So move it to cobra.Command just after kube-apiserver flags parsed.
Similarly `ServerRunOptions.Validate` move there too.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61959, 62037). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump godep version to v80
**What this PR does / why we need it**:
Update the minimum godep, to v80 (supposed to be the final version).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Vendor gazelle and kazel
Rather that relying on upstream git repos that can break, vendor it all. These are NOT head of tree, respectively - they are some backrev forms that were previously being used.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61904, 61565, 61401, 61432, 61772). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove rktnetes code
**What this PR does / why we need it**:
rktnetes is scheduled to be deprecated in 1.10 (#53601). According to the deprecation policy for beta CLI and flags, we can remove the feature in 1.11.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58721
**Special notes for your reviewer**:
**Release note**:
```release-note
Removed rknetes code, which was deprecated in 1.10.
```
/assign @yujuhong
/hold
Hold until the end of the freeze.
Automatic merge from submit-queue (batch tested with PRs 61904, 61565, 61401, 61432, 61772). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow curl --max-time to be configurable
**What this PR does / why we need it**:
In nested virutalized environments, the 1 second max-time is too
low. Just bumping up WAIT_FOR_URL_API_SERVER does not work unless
we bump up the max-time too.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61842, 61477, 61777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Turn server-print on by default in kubectl
**What this PR does / why we need it**:
#55637 introduced `-experimental-server-print` that enabled users to opt-in to user server-side printing. This is a followup which enables this functionality by default, with the ability to fallback not to do it with `--server-print=false`.
/assign @smarterclayton @juanvallejo
**Release note**:
```release-note
Enable server-side print in kubectl by default, with the ability to turn it off with --server-print=false
```
Automatic merge from submit-queue (batch tested with PRs 61790, 61808, 60339, 61615, 61757). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure -o yaml populates kind/apiVersion
Fixes#61780
```release-note
kubectl: fixes issue with `-o yaml` and `-o json` omitting kind and apiVersion when used with `--dry-run`
```
