Automatic merge from submit-queue (batch tested with PRs 65251, 67255, 67224, 67297, 68105). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Promote mount propagation to GA
**What this PR does / why we need it**:
This PR promotes mount propagation to GA.
Website PR: https://github.com/kubernetes/website/pull/9823
**Release note**:
```release-note
Mount propagation has promoted to GA. The `MountPropagation` feature gate is deprecated and will be removed in 1.13.
```
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
CSI Cluster Registry and Node Info CRDs
**What this PR does / why we need it**:
Introduces the new `CSIDriver` and `CSINodeInfo` API Object as proposed in https://github.com/kubernetes/community/pull/2514 and https://github.com/kubernetes/community/pull/2034
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/features/issues/594
**Special notes for your reviewer**:
Per the discussion in https://groups.google.com/d/msg/kubernetes-sig-storage-wg-csi/x5CchIP9qiI/D_TyOrn2CwAJ the API is being added to the staging directory of the `kubernetes/kubernetes` repo because the consumers will be attach/detach controller and possibly kubelet, but it will be installed as a CRD (because we want to move in the direction where the API server is Kubernetes agnostic, and all Kubernetes specific types are installed).
**Release note**:
```release-note
Introduce CSI Cluster Registration mechanism to ease CSI plugin discovery and allow CSI drivers to customize Kubernetes' interaction with them.
```
CC @jsafrane
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Add a ProcMount option to the SecurityContext & AllowedProcMountTypes to PodSecurityPolicy
So there is a bit of a chicken and egg problem here in that the CRI runtimes will need to implement this for there to be any sort of e2e testing.
**What this PR does / why we need it**: This PR implements design proposal https://github.com/kubernetes/community/pull/1934. This adds a ProcMount option to the SecurityContext and AllowedProcMountTypes to PodSecurityPolicy
Relies on https://github.com/google/cadvisor/pull/1967
**Release note**:
```release-note
ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked.
```
cc @Random-Liu @mrunalp
Automatic merge from submit-queue (batch tested with PRs 68051, 68130, 67211, 68065, 68117). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
support cross resource group for azure file
**What this PR does / why we need it**:
support cross resource group for azure file: by `resourceGroup` field, azure cloud provider will create azure file on user specified resource group
```
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: azurefile-rg
provisioner: kubernetes.io/azure-file
parameters:
resourceGroup: RESOURCE_GROUP_NAME
storageAccount: EXISTING_STORAGE_ACCOUNT
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64428
**Special notes for your reviewer**:
**Release note**:
```
resourcegroup parameter is added to AzureFile storage class to support azure file dyanmic provision in cross resource group.
```
/kind bug
/sig azure
/assign @feiskyer
cd @khenidak
Automatic merge from submit-queue (batch tested with PRs 68051, 68130, 67211, 68065, 68117). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Update `kubectl get` sorter to deal with server-side printing
**Release note**:
```release-note
NONE
```
### Why?
Currently, we default to non-server-side printing when sorting items in `kubectl get`. This means that instead of taking advantage of having the server tell `kubectl` how to display information, `kubectl` falls back to using hardcoded resource types to figure out how to print its output. This does not really work with resources that `kubectl` does not know about, and it goes against our goal of snipping any dependencies that `kubectl` has on the core repo.
This patch adds a sorter capable of dealing with Table objects sent by the server when using "server-side printing".
A few things left to take care of:
- ~~[ ] When printing `all` resources, this implementation does not handle sorting every single Table object, but rather _only_ the rows in each object. As a result, output will contain sorted resources of the same _kind_, but the overall list of mixed resources will _not_ itself be sorted. Example:~~
```bash
$ kubectl get all --sort-by .metadata.name
NAME READY STATUS RESTARTS AGE
# pods here will be sorted:
pod/bar 0/2 Pending 0 31m
pod/foo 1/1 Running 0 37m
NAME DESIRED CURRENT READY AGE
# replication controllers here will be sorted as well:
replicationcontroller/baz 1 1 1 37m
replicationcontroller/buz 1 1 1 37m
# ... but the overall mixed list of rc's and pods will not be sorted
```
This occurs because each Table object received from the server contains all rows for that resource _kind_. We would need a way to build an ambiguous Table object containing all rows for all objects regardless of their type to have a fully sorted mixed-object output.
- [ ] handle sorting by column-names, rather than _only_ with jsonpaths (Tracked in https://github.com/kubernetes/kubernetes/issues/68027)
cc @soltysh @kubernetes/sig-cli-maintainers @seans3 @mengqiy
Automatic merge from submit-queue (batch tested with PRs 68051, 68130, 67211, 68065, 68117). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Wait for Scheduler cache empty.
Signed-off-by: Klaus Ma <klaus1982.cn@gmail.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#68126
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Fix how to use ipvs mode by kubeadm
**What this PR does / why we need it**:
how to use ipvs mode by kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Change CPU sample sanitization in HPA.
**What this PR does / why we need it**:
Change CPU sample sanitization in HPA.
Ignore samples if:
- Pod is beeing initalized - 5 minutes from start defined by flag
- pod is unready
- pod is ready but full window of metric hasn't been colected since
transition
- Pod is initialized - 5 minutes from start defined by flag:
- Pod has never been ready after initial readiness period.
**Release notes:**
```release-note
Improve CPU sample sanitization in HPA by taking metric's freshness into account.
```
Automatic merge from submit-queue (batch tested with PRs 67756, 64149, 68076, 68131, 68120). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Fix ipam controller to not drop nodes forever in case of failures
https://github.com/kubernetes/kubernetes/pull/68084 introduced a problem that when 10 attempts to assign a cidr would fail, we stop retrying but the node is still marked as "in-processing" so it would never be reconciled again.
This PR is fixing this problem.
Automatic merge from submit-queue (batch tested with PRs 67756, 64149, 68076, 68131, 68120). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
kube-ctrl-mgr: enable secure port 10257
This PR enables authn+authz (delegated to the kube-apiserver) and the secure port 10257 for the kube-controller-manager. In addition, the insecure port is disabled.
Moreover, it adds integration test coverage for the `--port` and `--secure-port` flags, plus the testserver infrastructure to tests flags in general inside integration tests.
```release-note
Enable secure serving on port 10257 to kube-controller-manager (configurable via `--secure-port`). Delegated authentication and authorization have to be configured like for aggregated API servers.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Refactor admission webhook client code to a apiserver/pkg/util package
As part of #67006 This refactoring enable us to share code between admission webhooks and CRD conversion webhooks.
@deads2k @lavalamp @sttts @kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue (batch tested with PRs 68044, 68077). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
fix select zone error in azure disk creation
**What this PR does / why we need it**:
fix select zone error in azure disk creation, this issue only happens in v1.12
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#68043
**Special notes for your reviewer**:
**Release note**:
```
none
```
/kind bug
/sig azure
/assign @feiskyer
cc @khenidak
Automatic merge from submit-queue (batch tested with PRs 67349, 66056). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
wait until apiserver connection before starting kubelet tls bootstrap
I wonder if this helps with sometimes slow network programming
cc @mwielgus @awly
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
promote TokenRequest and projection to beta in 1.12
```release-note
TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags:
* --service-account-issuer
* --service-account-signing-key-file
* --service-account-api-audiences
```
