Automatic merge from submit-queue (batch tested with PRs 66840, 68159). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
TTL for cleaning up Jobs after they finish
**What this PR does / why we need it**: https://github.com/kubernetes/features/issues/592
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64470
For https://github.com/kubernetes/features/issues/592
**Special notes for your reviewer**: @kubernetes/sig-apps-pr-reviews
**Release note**:
```release-note
Add a TTL machenism to clean up Jobs after they finish.
```
Automatic merge from submit-queue (batch tested with PRs 67736, 68123, 68138). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Port security context NodeConformance e2e_node tests to e2e
**What this PR does / why we need it**:
Port all [NodeConformance] SecurityContext e2e_node tests to e2e/common.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67032
**Special notes for your reviewer**:
- This PR is a continuing effort to close#67032.
- Removed ContainerRuntime constraint [as discussed](https://github.com/kubernetes/kubernetes/pull/67032#discussion_r214201870).
- Porting all [NodeConformance] tests to e2e/common which do not have node dependencies.
- Does it make sense to port [privileged test](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/security_context_test.go#L558) to e2e/common and remove [NodeFeature:HostAccess] label from test name?
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 67739, 65222). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tests: Make e2e test platform-agnostic
The test:
[k8s.io] Pods should support remote command execution over websockets [NodeConformance]
uses cat on /etc/resolv.conf and checks if the output from the container is "namespace",
which is incompatible with windows containers as there is no such file.
Since the test just check if remote command execution works, the command is
irrelevant as long as the output checks out. Switched to using echo "remote execution test",
and checking that output as it works for both windows and linux.
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.
- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
Automatic merge from submit-queue (batch tested with PRs 67100, 67426). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
porting e2e_node lifecycle testcases into e2e folder under common
a) Shifted (and renamed) file existing in e2e_node to e2e/common.
b) Added these tests to the conformance suite:
- "should execute poststart exec hook properly"
- "should execute prestop exec hook properly"
- "should execute poststart http hook properly"
- "should execute prestop http hook properly"
[reference issue](https://github.com/kubernetes/kubernetes/issues/67086) explaining the effort.
Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete the busyboxImage and mountTest var and change use imageutils
**What this PR does / why we need it**:
delete the ```busyboxImage```,```mountTest``` variable and change everything to use ```imageutils.GetE2EImage(imageutils.BusyBox)```, ```imageutils.GetE2EImage(imageutils.MountTest)```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67237
**Special notes for your reviewer**:
/cc @mikedanese
/assign @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
#50102 Task 1: Move apimachinery/pkg/watch.Until into client-go/tools/watch.UntilWithoutRetry
**What this PR does / why we need it**:
This is a split off from https://github.com/kubernetes/kubernetes/pull/50102 to go in smaller pieces.
Moves `apimachinery/pkg/watch.Until` into `client-go/tools/watch.UntilWithoutRetry` and adds context so it is cancelable.
**Release note**:
```release-note
NONE
```
**Dev release note**:
```dev-release-note
`apimachinery/pkg/watch.Until` has been moved to `client-go/tools/watch.UntilWithoutRetry`.
While switching please consider using the new `client-go/tools/watch.UntilWithSync` or `client-go/tools/watch.Until`.
```
/cc @smarterclayton @kubernetes/sig-api-machinery-pr-reviews
/milestone v1.12
/priority important-soon
/kind bug
(bug after the main PR which is this split from)
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting "[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace" to Conformance
**What this PR does / why we need it**:
An consolidated effort to resolve the issue https://github.com/kubernetes/kubernetes/issues/66875
> _[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace_
Promoting mentioned e2e test for Conformance as it -
- Validates that secret with same name can be created in different namespaces but secrets which reside in same namespace as that of pod can be only be accessed from volume mounted in the container.
- Improves api coverage including prioritized Pod API lists. https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061
> GET /api/v1/namespaces/{namespace}/pods/{name}/log
GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes Found.
```
• [SLOW TEST:16.326 seconds]
[sig-storage] Secrets
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:33
should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:86
------------------------------
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
Aug 7 07:12:44.133: INFO: Running AfterSuite actions on all node
Aug 7 07:12:44.134: INFO: Running AfterSuite actions on node 1
Ran 1 of 1020 Specs in 16.441 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 1019 Skipped PASS
All tests passed...
Will keep running them until they fail.
This was attempt #40
No, seriously... you can probably stop now.
```
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 61212, 66369, 66446, 66895, 66969). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting configmap binarydata support [NodeConformance] test to conformance
**What this PR does / why we need it**:
**e2e:** _[sig-storage] ConfigMap binary data should be reflected in volume [NodeConformance]_
Promotes mentioned e2e to conformance as it -
1. Validates ConfigMap's binarydata support effectively
2. Improves API Coverage for prioritized api lists. (https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061)
> GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
GET /api/v1/namespaces/{namespace}/pods/{name}/log
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes found.
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 67042, 66480, 67053). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
HPA: Make dynamicRequestSizeInMillicores bigger
**What this PR does / why we need it**:
HPA e2e tests specify 20 as requestSizeMillicores on resource-consumer
for making CPU workload to test HPA feature, and the value is
hard-coded as 20. That means the tests expect 2% CPU workload on every
resource-consumer process, but actual CPU usage(4 - 6%) is over than
the expected usage on some environment. Then HPA scales many pods than
the test expected, and the test is failed.
To make these tests stable, this changes the value to 100 (10% CPU
workload on each process).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67051
**Special notes for your reviewer**:
**Release note**: None
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
e2e test harness - use busybox from dockerhub
**What this PR does / why we need it**:
Use the same pattern used everywhere in the e2e test
harness, just use "busybox" (from dockerhub) instead
of using the one from k8s.gcr.io registry.
Change-Id: I700b59f73fd31f2ed6d7f995cd9441839857dd44
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Use the same pattern everywhere in the e2e test
harness, use busybox (from dockerhub) instead
of using the one from k8s.gcr.io registry.
Change-Id: I57c3b867408c1f9478a8909c26744ea0368ff003
HPA e2e tests specify 20 as requestSizeMillicores on resource-consumer
for making CPU workload to test HPA feature, and the value is
hard-coded as 20. That means the tests expect 2% CPU workload on every
resource-consumer processes, but actual CPU usage(4 - 6%) is over than
the expected usage on some environment. Then HPA scales many pods than
the test expected, and the test is failed.
To make these tests stable, this changes the value to 100 (10% CPU
workload on each process).
Automatic merge from submit-queue (batch tested with PRs 58058, 67033, 66921, 66956). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting InitContainer [NodeConformance] e2e tests for Conformance
**What this PR does / why we need it**:
1. Promotes mentioned 4 InitContainer [NodeConformance] tests for Conformance
2. Validates different PodPhases effectively
3. Improves API coverage mentioned in #66124 .
E2E tests -
1. InitContainer [NodeConformance] should invoke init containers on a RestartNever pod
2. InitContainer [NodeConformance] should invoke init containers on a RestartAlways pod
3. InitContainer [NodeConformance] should not start app containers if init containers fail on a RestartAlways pod
4. InitContainer [NodeConformance] should not start app containers and fail the pod if init containers fail on a RestartNever pod
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66124
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 62901, 66562, 66938, 66927, 66926). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Sets higher memory limit for init_container tests
**What this PR does / why we need it**:
/sig testing
Currently, the limit set in the tests is 30 MB, which will cause
the Docker service on the Windows nodes to hang and be no longer
responsive. This will cause the Kubelet service to enter a NotReady state.
Setting a higher memory limit (50 MB) will avoid this issue.
**Which issue(s) this PR fixes**:
Fixes#37429
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66846, 60552). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding details to Conformance Tests using RFC 2119 standards.
This PR is part of the conformance documentation. This is to provide more formal specification using RFC 2119 keywords to describe the test so that who ever is running conformance tests do not have to go through the code to understand why and what is tested.
The documentation information added here into each of the tests eventually result into a document which is currently checked in at location https://github.com/cncf/k8s-conformance/blob/master/docs/KubeConformance-1.9.md
I would like to have this PR reviewed for v1.10 as I consider it important to strengthen the conformance documents.
Currently, the limit set in the tests is 30 MB, which will cause
the Docker service on the Windows nodes to hang and be no longer
responsive. This will cause the Kubelet service to enter a NotReady state.
Setting a higher memory limit (50 MB) will avoid this issue.
The test:
[k8s.io] Pods should support remote command execution over websockets [NodeConformance]
uses cat on /etc/resolv.conf and checks if the output from the container is "namespace",
which is incompatible with windows containers as there is no such file.
Since the test just check if remote command execution works, the command is
irrelevant as long as the output checks out. Switched to using echo "remote execution test",
and checking that output as it works for both windows and linux.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote sysctl annotations to fields
#
**What this PR does / why we need it**:
Promoting experimental sysctl feature from annotations to API fields.
**Special notes for your reviewer**:
Following sysctl KEP: https://github.com/kubernetes/community/pull/2093
**Release note**:
```release-note
The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.
```
**TODO**:
* [x] - Promote sysctl annotation in Pod spec
* [x] - Promote sysctl annotation in PodSecuritySpec spec
* [x] - Feature gate the sysctl
* [x] - Promote from alpha to beta
* [x] - docs PR - https://github.com/kubernetes/website/pull/8804
