Automatic merge from submit-queue (batch tested with PRs 55792, 58342). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote Statefulset controller and its e2e tests to use apps/v1
**What this PR does / why we need it**:
Promotes the statefulset controller to use to use the latest apps group [apps/v1](https://github.com/kubernetes/kubernetes/pull/53679)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubernetes/issues/55714
**Special notes for your reviewer**:
* Listerexpansion for v1 `k8s.io/client-go/listers/apps/v1` (was recently done for v1beta2)
* `v1beta2` && `v1` had `ObservedGeneration` as `int64` where as `v1beta1` and rest of the code (including conversion) is expecting `ObservedGeneration` to be `*int64`
```
type StatefulSetStatus struct {
// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
// StatefulSet's generation, which is updated on mutation by the API Server.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`
```
* for kubectl's `rollback` and `history` commands a couple functions have been duplicated to allow us to use `v1` version instead of `v1beta1` for statefulsets, while the older functions are still used by other controllers.
We should be able to remove these duplicates once all the controllers are moved.
If this aligns with the plan then i could move other controllers too.
cc: @kow3ns
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add binary configmap
Reviving code from https://github.com/kubernetes/kubernetes/pull/33549 submitted by @zreigz
**What this PR does / why we need it**:
Add support for binary files in ConfigMap
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#32432
**Special notes for your reviewer**:
**Release note**:
```release-note
ConfigMap objects now support binary data via a new `binaryData` field. When using `kubectl create configmap --from-file`, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets.
```
Automatic merge from submit-queue (batch tested with PRs 58713, 58841). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tag multi-az cluster volume e2e test with sig-storage
Follow-on from #58726 to make it clear that responsibility for the test is shared between @kubernetes/sig-scheduling-pr-reviews and @kubernetes/sig-storage-pr-reviews.
```release-note
NONE
```
cc: @bsalamat @timothysc
Automatic merge from submit-queue (batch tested with PRs 58713, 58841). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Created bootstrap logic for vSphere test
**What this PR does / why we need it**:
Add bootstrapping logic and Context for vSphere tests. This context can be utilized to hold information like node-vsphere mapping, which needs to be initialized only once per test suit run.
sync.Once takes care of executing bootstrapping only once for all the specs. 'waiting' channel takes care of making sure that parallel test spec executions wait for bootstrapping to finish before moving on.
**Which issue(s) this PR fixes**
Fixes https://github.com/vmware/kubernetes/issues/437, partly
**Special notes for your reviewer**:
Successfully ran make.
Tested by added additional log messages to bootstrap process (now removed). Made sure bootstrapping logic is getting invoked just once and bootstrapping is done by the time It-blocks are executed.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58302, 58782, 58555, 58741). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make it possible to override the driver installer daemonset url from test-infra.
This will enable things like kubernetes/test-infra#6430
/kind enhancement
/sig testing
/sig scheduling
**Release note**:
```release-note
NONE
```
/assign @jiayingz @vishh
Automatic merge from submit-queue (batch tested with PRs 58412, 56132, 58506, 58542, 58394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Instances to use generated code
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57896, 58070). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't remove APIService from apiHandlerManager when its Available Conditions is not True
**What this PR does / why we need it**:
I use my own apiserver works together with `kube-apiserver`, i have a custom resource: `databases` and created a `database` named: `db-name-1`.
When this apiserver is down(for example: OOMKilled), `kubectl get databases db-name-1 -v 10` returns `404 NotFound`:
```
[{
"metadata": {},
"status": "Failure",
"message": "the server could not find the requested resource (get databases.core.example.com db-name-1)”,
"reason": "NotFound",
"details": {
"name": “db-name-1”,
"group": "core.example.com",
"kind": “databases”,
"causes": [
{
"reason": "UnexpectedServerResponse",
"message": "404 page not found"
}
]
},
"code": 404
}]
```
But it is not really `NotFound`.
So if the APIService is not available, just return 503.
There was a PR related with this: #57943
**Release note**:
```release-note
kube-apiserver: requests to endpoints handled by unavailable extension API servers (as indicated by an `Available` condition of `false` in the registered APIService) now return `503` errors instead of `404` errors.
```
Automatic merge from submit-queue (batch tested with PRs 57908, 58436). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updates UrlMap, BackendService, Healthcheck, Certs, InstanceGroup to use the generated code
Updates UrlMap, BackendService, Healthcheck, Certs, InstanceGroup to use the generated code
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58104, 58492, 58491). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: forwarding rules to use generated code
GCE: forwarding rules to use generated code
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55918, 57258). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add multi-vc configuration for e2e tests
**What this PR does / why we need it**:
Currently, we accept configuration for only single VC in e2e tests. This PR adds support for multiple VC configuration for e2e tests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/vmware/kubernetes/issues/412
**Special notes for your reviewer**:
Internally reviewed here: https://github.com/vmware/kubernetes/pull/418
**Release note**:
```release-note
NONE
```
// cc @divyenpatel @shaominchen
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make cluster e2e non docker specific.
Fixes https://github.com/kubernetes/kubernetes/issues/57979.
This PR:
1) Install `crictl` for GCE GCI/Ubuntu test cluster.
2) Change cluster e2e test to use `crictl`. If `crictl` is not installed, it will fall back to `docker` CLI.
Please note that, this PR:
1) Only installs `crictl` for GCI/Ubuntu image on GCE. If other image maintainers want to support this, it's very easy to install `crictl` `v1.0.0-alpha.0`:
```console
$ wget -O crictl https://storage.googleapis.com/kubernetes-release/crictl/crictl-v1.0.0-alpha.0-linux-amd64
$ chmod +x crictl
// The sha1sum is `075190a36a03beb08065f279693f3e369e70cf99`.
```
2) Only installs `crictl` for test cluster. We may want to install it by default in production cluster after `crictl` is beta in v1.10.
@yujuhong @feiskyer @mrunalp @mikebrow
/cc @dchen1107 for approval
@kubernetes/sig-node-pr-reviews @kubernetes/sig-testing-bugs
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 58216, 58193, 53033, 58219, 55921). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix golint errors on test/e2e/e2e.go
**What this PR does / why we need it**:
When running golint on test/e2e/e2e.go, the following erros
were faced:
$ golint e2e.go
e2e.go:329:2: var metricsJson should be metricsJSON
e2e.go:342:1: comment on exported function RunE2ETests should be of the form "RunE2ETests ..."
This PR fixes them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
`NONE`
**Special notes for your reviewer**:
`NONE`
**Release note**:
`NONE`
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
wires the generic scaler to kubectl
**What this PR does / why we need it**:
the changes introduced in this commit plumbs in the generic scaler to kubectl.
note that we don't change the behaviour of kubectl.
For example it won't scale new resources. That's the end goal.
The first step is to retrofit existing code to use the generic scaler.
**Release note**:
```release-note
NONE
```
note that we don't change the behaviour of kubectl.
For example it won't scale new resources. That's the end goal.
The first step is to retrofit existing code to use the generic scaler.
When running golint on test/e2e/e2e.go, the following erros
were faced:
$ golint e2e.go
e2e.go:329:2: var metricsJson should be metricsJSON
e2e.go:342:1: comment on exported function RunE2ETests should be of the
form "RunE2ETests ..."
This PR fixes them.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow Ceph server some time to start
Ceph server needs to create our "foo" volume on startup. It keeps the image small, however it makes the server container start slow.
Add sleep before the server is usable. Without this PR, all pods that use Ceph fail to start for couple of seconds with cryptic "image foo not found" error and it clutters logs and pod logs and makes it harder to spot real errors.
```release-note
NONE
```
/sig storage
/sig testing
/assign @jeffvance @copejon
Automatic merge from submit-queue (batch tested with PRs 58025, 57112, 57879, 57571, 58062). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Let mutating webhook defaults the object
...after applying the patch sent back by the webhook
This should be treated as a bug and cherrypicked to 1.9.
Fixes#57982
Automatic merge from submit-queue (batch tested with PRs 57733, 57613, 57953). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Explicit kubelet flags
The Kubelet was using the global flag set.
Libraries also often use the global flag set.
There are flags in the Kubelet's usage statement for which the Kubelet does not control registration.
This is bad, we must have full control of our command-line API.
This PR puts a stop to it.
I worked through the Kubelet's usage printout and tracked down the flags.
In the below list, flags with checkboxes are one of:
- explicitly **registered** in this PR
- thought about and outright **rejected**
- thought about and **registered-deprecated** for legacy reasons
For the others we need to figure out whether they should be **registered** or **rejected** or **registered-deprecated**.
### cadvisor:
grep commands, for reference:
```
# flag definitions in cadvisor
git grep -E "\"application_metrics_count_limit\"|\"boot_id_file\"|\"container_hints\"|\"containerd\"|\"docker\"|\"docker_env_metadata_whitelist\"|\"docker_only\"|\"docker_root\"|\"docker-tls\"|\"docker-tls-ca\"|\"docker-tls-cert\"|\"docker-tls-key\"|\"enable_load_reader\"|\"event_storage_age_limit\"|\"event_storage_event_limit\"|\"global_housekeeping_interval\"|\"housekeeping_interval\"|\"log_cadvisor_usage\"|\"machine_id_file\"|\"storage_driver_buffer_duration\"|\"storage_driver_db\"|\"storage_driver_host\"|\"storage_driver_password\"|\"storage_driver_secure\"|\"storage_driver_table\"|\"storage_driver_user\"" -- vendor/github.com/google/cadvisor
# flag invocations
git grep -E "\--application_metrics_count_limit|--boot_id_file|--container_hints|--containerd|--docker|--docker_env_metadata_whitelist|--docker_only|--docker_root|--docker_tls|--docker_tls_ca|--docker_tls_cert|--docker_tls_key|--enable_load_reader|--event_storage_age_limit|--event_storage_event_limit|--global_housekeeping_interval|--housekeeping_interval|--log_cadvisor_usage|--machine_id_file|--storage_driver_buffer_duration|--storage_driver_db|--storage_driver_host|--storage_driver_password|--storage_driver_secure|--storage_driver_table|--storage_driver_user" -- ':(exclude)pkg/generated/bindata.go' ':(exclude)Godeps' ':(exclude)CHANGELOG*' ':(exclude)vendor'
# normalized flag invocations
git grep -E "\--application-metrics-count-limit|--boot-id-file|--container-hints|--containerd|--docker|--docker-env-metadata-whitelist|--docker-only|--docker-root|--docker-tls|--docker-tls-ca|--docker-tls-cert|--docker-tls-key|--enable-load-reader|--event-storage-age-limit|--event-storage-event-limit|--global-housekeeping-interval|--housekeeping-interval|--log-cadvisor-usage|--machine-id-file|--storage-driver-buffer-duration|--storage-driver-db|--storage-driver-host|--storage-driver-password|--storage-driver-secure|--storage-driver-table|--storage-driver-user" -- ':(exclude)pkg/generated/bindata.go' ':(exclude)Godeps' ':(exclude)CHANGELOG*' ':(exclude)vendor'
# flag names
git grep -E "application_metrics_count_limit|boot_id_file|container_hints|containerd|docker|docker_env_metadata_whitelist|docker_only|docker_root|docker_tls|docker_tls_ca|docker_tls_cert|docker_tls_key|enable_load_reader|event_storage_age_limit|event_storage_event_limit|global_housekeeping_interval|housekeeping_interval|log_cadvisor_usage|machine_id_file|storage_driver_buffer_duration|storage_driver_db|storage_driver_host|storage_driver_password|storage_driver_secure|storage_driver_table|storage_driver_user" ':(exclude)pkg/generated/bindata.go' ':(exclude)Godeps' ':(exclude)CHANGELOG*' ':(exclude)vendor'
# normalized flag names
git grep -E "application-metrics-count-limit|boot-id-file|container-hints|containerd|docker|docker-env-metadata-whitelist|docker-only|docker-root|docker-tls|docker-tls-ca|docker-tls-cert|docker-tls-key|enable-load-reader|event-storage-age-limit|event-storage-event-limit|global-housekeeping-interval|housekeeping-interval|log-cadvisor-usage|machine-id-file|storage-driver-buffer-duration|storage-driver-db|storage-driver-host|storage-driver-password|storage-driver-secure|storage-driver-table|storage-driver-user" ':(exclude)pkg/generated/bindata.go' ':(exclude)Godeps' ':(exclude)CHANGELOG*' ':(exclude)vendor'
# normalized and underscore names combined
git grep -E "application_metrics_count_limit|boot_id_file|container_hints|containerd|docker|docker_env_metadata_whitelist|docker_only|docker_root|docker_tls|docker_tls_ca|docker_tls_cert|docker_tls_key|enable_load_reader|event_storage_age_limit|event_storage_event_limit|global_housekeeping_interval|housekeeping_interval|log_cadvisor_usage|machine_id_file|storage_driver_buffer_duration|storage_driver_db|storage_driver_host|storage_driver_password|storage_driver_secure|storage_driver_table|storage_driver_user|application-metrics-count-limit|boot-id-file|container-hints|containerd|docker-env-metadata-whitelist|docker-only|docker-root|docker-tls|docker-tls-ca|docker-tls-cert|docker-tls-key|enable-load-reader|event-storage-age-limit|event-storage-event-limit|global-housekeeping-interval|housekeeping-interval|log-cadvisor-usage|machine-id-file|storage-driver-buffer-duration|storage-driver-db|storage-driver-host|storage-driver-password|storage-driver-secure|storage-driver-table|storage-driver-user" ':(exclude)pkg/generated/bindata.go' ':(exclude)Godeps' ':(exclude)CHANGELOG*' ':(exclude)vendor'
```
- [x] --docker-root (**registered** - this is used in `cluster/saltbase/salt/kubelet/default`)
- [x] --housekeeping-interval (**registered** - e2e node tests rely on this (`test/e2e_node/resource_collector.go`))
- [x] --application-metrics-count-limit (**registered-deprecated** - temporarily register for legacy)
- [x] --boot-id-file (**registered-deprecated** - temporarily register for legacy)
- [x] --container-hints (**registered-deprecated** - temporarily register for legacy)
- [x] --containerd (**registered-deprecated** - temporarily register for legacy)
- [x] --docker (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-env-metadata-whitelist (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-only (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-tls (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-tls-ca (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-tls-cert (**registered-deprecated** - temporarily register for legacy)
- [x] --docker-tls-key (**registered-deprecated** - temporarily register for legacy)
- [x] --enable-load-reader (**registered-deprecated** - temporarily register for legacy)
- [x] --event-storage-age-limit (**registered-deprecated** - the Kubelet overrides the default via the global flagset (`pkg/kubelet/cadvisor/cadvisor_linux.go`), but nothing else in core repo provides)
- [x] --event-storage-event-limit (**registered-deprecated** - the Kubelet overrides the default via the global flagset (`pkg/kubelet/cadvisor/cadvisor_linux.go`), but nothing else in core repo provides)
- [x] --global-housekeeping-interval (**registered-deprecated** - temporarily register for legacy)
- [x] --log-cadvisor-usage (**registered-deprecated** - temporarily register for legacy)
- [x] --machine-id-file (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-user (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-password (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-host (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-db (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-table (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-secure (**registered-deprecated** - temporarily register for legacy)
- [x] --storage-driver-buffer-duration (**registered-deprecated** - temporarily register for legacy)
### pkg/apiserver/util/logs:
- [x] --log-flush-frequency (**registered** - like the glog flags, this is probably useful)
### pkg/credentialprovider/azure/azure_credentials.go:
- [x] --azure-container-registry-config (**registered** - This isn't quite as straightforward as --google-json-key, because the file it points to isn't static. For now we will just register, and we will deprecate it when there is an alternative. See below comments.)
### pkg/credentialprovider/gcp/jwt.go:
- [x] --google-json-key (**registered-deprecated** - This is really old legacy stuff to allow kubelets to authenticate with gcr (see: d5e0054eb0). See @liggit's below comment for what should be used instead.)
### pkg/cloudprovider/providers/gce/gce_loadbalancer.go:
- [x] --cloud-provider-gce-lb-src-cidrs (**rejected** - Kubelet doesn't need to know about the cidrs that were opened in the firewall for the load balancer)
### glog:
I registered all of these, since this logging library is used pretty much everywhere in the Kubelet, and all of its toggles are probably useful.
- [x] --logtostderr (**registered**)
- [x] --alsologtostderr (**registered**)
- [x] -v, --v (**registered**)
- [x] --stderrthreshold (**registered**)
- [x] --vmodule (**registered**)
- [x] --log-backtrace-at (**registered**)
- [x] --log-dir (**registered**)
### verflag:
This is how you get the Kubelet's version, absolutely necessary to register this.
- [x] --version (**registered**)
```release-note
The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. One previously leaked flag, --cloud-provider-gce-lb-src-cidrs, was entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation.
```
Thanks to @liggitt for being surprised that we didn't already do this.
Thanks to @dashpole for realizing cadvisor flags were leaked after seeing #55863.
Thanks to @tallclair who recognized this problem a long time ago in #19432.
This explicitly registers Kubelet flags from libraries that were
registering flags globally, and stops parsing the global flag set.
In general, we should always be explicit about flags we register
and parse, so that we maintain control over our command-line API.
