Automatic merge from submit-queue
fix kubectl get cluster display issue
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#31073
**Release note**:
`NONE`
Automatic merge from submit-queue
Unset https_proxy before roundtripper_test
When running `hack/test-go.sh`, if the testing env is behind a https proxy, roundtripper_test will fail randomly.
After `unset https_proxy`, the testing works well. So, add a comment to be a troubleshooting tip.
Fail info:
```
--- FAIL: TestRoundTripAndNewConnection (0.12s)
roundtripper_test.go:319: proxied http->http: shouldError=false, got true: Get http://127.0.0.1:46711: unexpected EOF
FAIL
FAIL k8s.io/kubernetes/pkg/util/httpstream/spdy 0.148s
```
```
--- FAIL: TestRoundTripAndNewConnection (0.12s)
roundtripper_test.go:319: proxied https with auth (valid hostname + RootCAs) -> http: shouldError=false, got true: Get http://127.0.0.1:41028: unexpected EOF
FAIL
FAIL k8s.io/kubernetes/pkg/util/httpstream/spdy 0.146s
```
Automatic merge from submit-queue
[kubelet test] Improve node status test debug info
I find the output format `%v` of glog couldn't output useful information of an `api.Node` object. The output of this line https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kubelet_node_status_test.go#L492
is
```
kubelet_node_status_test.go:491: expected
&TypeMeta{Kind:,APIVersion:,}
, got
&TypeMeta{Kind:,APIVersion:,}
```
- It's difficult for me to tell the difference between expected and got.
- I prefer to use `diff.ObjectDiff(expectedNode, updatedNode)` to output the debug information as it will point out the starting character of the different objects.
I think this line https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kubelet_node_status_test.go#L647 can use `diff.ObjectDiff()` as well.
The related issus is #30952
Automatic merge from submit-queue
Configure webhook
**What this PR does / why we need it**: this configures the image policy webhook + admission controller for gce/gci.
addresses: #22888
**Release note**:
```Configure image verification admission controller and webhook on gce.
```
Automatic merge from submit-queue
Make 'allAlpha' a special feature gate
Rather than making all caller check both allAlpha and their own flag, make `allAlpha` set all of the alpha gates explicitly.
This is hard to test because of the globalness. I will follow this commit with a new one to add some way to test, but I wanted to float this design
Automatic merge from submit-queue
Kubelet: pass pod name/namespace/uid in new runtime API
First part of #30463.
Pass pod name/namespace/uid in new runtime API and change dockershim to build unique sandbox/container name based on them.
CC @yujuhong @euank @yifan-gu @kubernetes/sig-node
Automatic merge from submit-queue
remove duplicate code in updatePodCIDR
As kl.runtimeState.podCIDR() is a sync method, need fetch lock and release lock, so we only invoke once here
Automatic merge from submit-queue
Federated Ingress Controller
Based on new federated controller libraries.
cc @kubernetes/sig-cluster-federation @mfanjie @nikhiljindal @mwielgus @mml @madhusudancs FYI
Automatic merge from submit-queue
etcd3 backend: support TLS
What?
Support TLS in etcd3 storage backend.
It works the same as previous etcd2 config.
- [ ] Blocked on #https://github.com/kubernetes/kubernetes/pull/30480
Automatic merge from submit-queue
Kubelet: implement GetPods for new runtime API
Implement GetPods for kuberuntime. Part of #28789 .
CC @yujuhong @Random-Liu
Automatic merge from submit-queue
AWS: More ELB attributes via service annotations
Replaces #25015 and addresses all of @justinsb's feedback therein. This is a new PR because I was unable to reopen#25015 to amend it.
I noticed recently that there is existing (but undocumented) precedent for the AWS cloud provider to manage ELB-specifc load balancer configuration based on service annotations. In particular, one can _already_ designate an ELB as "internal" or enable PROXY protocol.
This PR extends this capability to the management of ELB attributes, which includes the following items:
* Access logs:
* Enabled / disabled
* Emit interval
* S3 bucket name
* S3 bucket prefix
* Connection draining:
* Enabled / disabled
* Timeout
* Connection:
* Idle timeout
* Cross-zone load balancing:
* Enabled / disabled
Some of these are possibly more useful than others. Use cases that immediately come to mind:
* Enabling cross-zone load balancing is potentially useful for "Ubernetes Light," or anyone otherwise attempting to spread worker nodes around multiple AZs.
* Increasing idle timeout is useful for the benefit of anyone dealing with long-running requests. An example I personally care about would be git pushes to Deis' builder component.
Automatic merge from submit-queue
Fix coding style
cc @pmorie
**What this PR does / why we need it**: Fixes case on a variable name, it's simple and adjust the code to the coding style.
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```NONE
```
Automatic merge from submit-queue
Impersonate user extra
Second commit builds on https://github.com/kubernetes/kubernetes/pull/30803.
This adds a restriction to `user.Info.Extra`, keys must be lower case. This is because HTTP headers are case insensitive, so we can't be sure that we'll get the right case through proxies or even Go (the go library capitalizes after dashes). I don't think anyone is using them, if they are, they'll need to update to properly plumb through an impersonation flow.
@kubernetes/sig-auth
@ericchiang since you have background here.
Automatic merge from submit-queue
Do not hold the lock for a long time
Followup to #30839.
I'm not convinced this is a super great idea but I'll throw it out and let others decide.
Ref https://github.com/kubernetes/minikube/issues/368
Ref #30759
Automatic merge from submit-queue
AWS: Support HTTP->HTTP mode for ELB
**What this PR does / why we need it**:
Right now it is not possible to create an AWS ELB that listens for HTTP and where the backend pod also listens for HTTP.
I asked @justinsb in slack and he said that this seems to be an oversight, so I'd like to use this PR as a step towards solving this.
**Special notes for your reviewer**:
I've only added a simple unit test. Are any integration tests needed? I'm not familiar with the code base.
cc @therc
Automatic merge from submit-queue
Validate AppArmor annotations in the API server
This is important because it applies the same validation to the annotations that we would eventually want for the AppArmor fields, which will smooth the upgrade path.
/cc @pmorie @pweil- @jfrazelle @vishh
