The feature caused tests to fail when it was enabled.
- https://github.com/kubernetes/kubernetes/issues/78628
Work is in progress to fix the feature, but until that work is complete,
we will disable it in the GCE scripts.
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script
Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
Till a few days ago, it was possible to ssh into master and access cluster via insecure master port.
Now, the master insecure port has been disabled, we're not able to do that anymore.
This PR aims to fix that by uploading the kubeconfig to the master metadata during cluster setup in tests.
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
This change bumps the stackdriver logging agent version to v1-9,
re-enable it, and change the script/configuration to:
* Create /var/log in the startup script, since the fluentd
configuration expects the directory to exists
* Add support for collecting kubelet/kube-proxy logs
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
- Pass most of the flags via kube-env, similar to Kubelet, to make it
easier to reconfigure.
- Use kube-proxy's kubeconfig file to pass the API server address,
rather than the --master flag.
- Make KUBEPROXY_ARGS a required variable in Windows kube-env, similar
to KUBELET_ARGS.
I recently lowered the timeout value to 2 minutes but this turned out to
be too aggressive for now. 3 minutes is usually long enough for the test
containers to come up.
Note that this test is only used during development, it does not run
continuously anywhere.
--hostname-override should not be necessary, we can rely on kube-proxy
to auto-detect it just like we do in Kubelet.
I also added an optional variable to kube_env, KUBEPROXY_ARGS, that we
can use to remotely extend kube-proxy's command-line if necessary.
This PR adds the support for GCEPD volume. For now, it uses a workaround
(https://github.com/pjh/gce-tools) to get disk number in windows for a given GCE PD name.
Also switches to the most recent 64-bit version of OpenSSH for Windows.
Tested:
PROJECT=${CLOUDSDK_CORE_PROJECT} KUBERNETES_SKIP_CONFIRM=y NUM_NODES=2 \
NUM_WINDOWS_NODES=2 KUBE_GCE_ENABLE_IP_ALIASES=true TEST_CLUSTER=true \
./cluster/kube-up.sh
This rule is only created if the cluster has one or more Windows nodes,
but delete-firewall-rules() ignores firewall rule arguments that do not
exist so it's safe to always attempt to delete this rule.
Looks like the get-master-root-disk-size() and get-master-disk-size() functions didn't anticipate
clusters bigger than 2K nodes.
In https://github.com/kubernetes/kubernetes/issues/72976 we found out
that 100GB may be not enough for large clusters (5K nodes) when it comes
to master root disk size.
Updating both get-master-root-disk-size() and get-master-disk-size() to
make them consistent and match cluster sizes with get-master-size()
function.
Currently, only kubernetes-server-linux-<arch>.tar.gz will be downloaded
and staged for tests. It is not possible to test a cluster where the
platform/arch of the nodes differs from that of the master
control-plane. This changes allows downloading and staging node
binaries, in addition to the existing server binaries.
This change renames the '--experimental-encryption-provider-config'
flag to '--encryption-provider-config'. The old flag is accepted but
generates a warning.
In 1.14, we will drop support for '--experimental-encryption-provider-config'
entirely.
Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>
This change includes the yaml files and gce startup script changes
to run this addon. It is disabled by default, can be enabled by setting
KUBE_ENABLE_NODELOCAL_DNS=true
An ip address is required for the cache instance to listen for
requests on, default is a link local ip address of value 169.254.25.10
addressed review comments, updated image location
Picked a different prometheus port so stats port is not same as the
coredns deployment
Removed the nodelocaldns-ready label.
Set memory limit to 30Mi
2. Do not set Preemptible node label on master node unless the master node is explicitly set to be preemptible.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
Automatic merge from submit-queue (batch tested with PRs 67950, 68195). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Remove e2e-image-puller
**What this PR does / why we need it**:
A long time ago, We added the image prepulling as a workaround due to
the overwhelming amount of flake caused by pulling during the tests.
This functionality has been broken for a while now when we switched to a
COS image where mounting `docker` binary into `busybox` stopped working.
So we just have dead code we should clean up.
Change-Id: I538171a5c1d9361eee7f9e0a99655b88b1721e3e
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63355
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Update default etcd server to 3.2.24 for kubernetes 1.12
**What this PR does / why we need it**:
Update default etcd server to 3.2.24 for kubernetes 1.12
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref #68147
**Special notes for your reviewer**:
NONE
**Release note**:
```
Update default etcd server to 3.2.24 for kubernetes 1.12
```
/assign @wojtek-t @jpbetz @dims
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @gyuho
Automatic merge from submit-queue (batch tested with PRs 68119, 68191). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Update cluster autoscaler to 1.12.0-beta.1
Update Cluster Autoscaler to version 1.12.0-beta.1 which is compatible with k8s 1.12.
Note: this is pre release version. Update to the final version of CA image will be done a week before k8s release deadline.
Version skip from 1.3.x to 1.12.x is to synchronize version numbering between Cluster Autoscaler and k8s core.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 68087, 68256, 64621, 68299, 68296). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Bump addon-manager to v8.7
**What this PR does / why we need it**:
Major changes:
- Support extra `--prune-whitelist` resources in kube-addon-manager.
- Update kubectl to v1.10.7.
Basically picking up https://github.com/kubernetes/kubernetes/pull/67743.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @Random-Liu @mikedanese
**Release note**:
```release-note
Bump addon-manager to v8.7
- Support extra `--prune-whitelist` resources in kube-addon-manager.
- Update kubectl to v1.10.7.
```
Automatic merge from submit-queue (batch tested with PRs 68087, 68256, 64621, 68299, 68296). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
gce: use getrandom instead of urandom for on node rng
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Fix an issue about generation of secret key with invalid key size in gce
Replace /dev/random to /dev/urandom to avoid generation of secret key with invalid key size.
**What this PR does / why we need it**:
In GCE env, AESGCM encryption of secrets by default generates a secret key with /dev/random which sometime generates a key with invalid size.
This cause the cluster/kube-up.sh to fail in gce environment.
This PR replaces /dev/random with /dev/urandom to have a secret key generated consistently with right size.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67091
**Special notes for your reviewer**:
**Release note**:
```release-note
cluster/gce: generate consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random
```
Automatic merge from submit-queue (batch tested with PRs 68161, 68023, 67909, 67955, 67731). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Register RuntimeClass CRD as an addon
**What this PR does / why we need it**:
Register the RuntimeClass CRD when the RuntimeClass feature gate is enabled. This is done in through the addon manager.
This is an alternative approach to https://github.com/kubernetes/kubernetes/pull/67924
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
For https://github.com/kubernetes/features/issues/585
**Release note**:
Covered by #67737
```release-note
NONE
```
/sig node
/kind feature
/priority important-soon
/milestone v1.12
In the context, our urandoms where generally safe, however getrandom has
built in invariants around entropy pool initialization, making getrandom
safe in all contexts. This should protect us from cryptopasta errors or
weird entropy issues.
Automatic merge from submit-queue (batch tested with PRs 67736, 68123, 68138). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Added support to get clusters in gce cloud provider.
**What this PR does / why we need it**:
Implemented the call to get all cluster objects in a zone for a project.
Also added code to allow the container api to be set in the gce.conf
file.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
A long time ago, We added the image prepulling as a workaround due to
the overwhelming amount of flake caused by pulling during the tests.
This functionality has been broken for a while now when we switched to a
COS image where mounting `docker` binary into `busybox` stopped working.
So we just have dead code we should clean up.
Change-Id: I538171a5c1d9361eee7f9e0a99655b88b1721e3e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Support extra prune resources in kube-addon-manager.
The default prune whitelist resources in https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/apply.go#L531 are sometimes not enough.
One example is that when we remove an admission webhook running as an addon pod, after we remove the addon yaml file, the admission webhook pod will be pruned, but the `MutatingWebhookConfiguration`/`ValidationWebhookConfiguration` won't... If the webhook failure policy is `Fail`, this will break the cluster, and users can't create new pods anymore.
It would be good to at least make this configurable, so that users and vendors can configure it based on their requirement.
This PR keeps the default prune resource list exactly the same with before, just makes it possible to add extra ones.
@dchen1107 @MrHohn @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-gcp-pr-reviews
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
Support extra `--prune-whitelist` resources in kube-addon-manager.
```
Automatic merge from submit-queue (batch tested with PRs 65251, 67255, 67224, 67297, 68105). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Add namespace for (cluster)role(binding) cloud-provider.
**What this PR does / why we need it**:
Add namespace for (cluster)role(binding) cloud-provider.
Change the addonmanager mode to be from reconcile to EnsureExists.
Needs to be cherrypicked together with https://github.com/kubernetes/kubernetes/pull/59686.
**Special notes for your reviewer**:
/assign @bowei @tallclair
/sig auth
**Release note**:
```release-note
Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists.
```
Manual tested. Cluster can be created succesfully using kube-up.sh with desired (cluster)role(binding)s.
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Adding GCE node termination handler as an optional addon.
This step is a pre-requisite for auto-deploying that addon in GKE
cc @mikedanese
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Promote AdvancedAuditing to GA
**What this PR does / why we need it**:
Removes deprecated legacy code used for basic audit logging in favor of advanced audit logging.
```release-note
Promote AdvancedAuditing to GA, replacing the previous (legacy) audit logging mechanisms.
```
Automatic merge from submit-queue (batch tested with PRs 67745, 67432, 67569, 67825, 67943). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Add flag for disabling prometheus-to-sd only for daemon sets
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67745, 67432, 67569, 67825, 67943). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Enable CoreDNS as default for kube-up deployments
**What this PR does / why we need it**:
Enable CoreDNS as default (for kube-up installations)
It will allow to run CI tests to prepare graduation criteria for CoreDNS as Default
see : KEP - https://github.com/kubernetes/community/blob/master/keps/sig-network/0012-20180518-coredns-default-proposal.md
see also : https://github.com/kubernetes/features/issues/566
NOTE for release : I guess that CoreDNS as default server for k8s needs a longer description. This specific PR is to ensure we validate all e2e.
```release-note
Make CoreDNS be the default DNS server in kube-up (instead of kube-dns formerly).
It is still possible to deploy kube-dns by setting CLUSTER_DNS_CORE_DNS=false.
```
The requested Service Protocol is checked against the supported protocols of GCE Internal LB. The supported protocols are TCP and UDP.
SCTP is not supported by OpenStack LBaaS. If SCTP is requested in a Service with type=LoadBalancer, the request is rejected. Comment style is also corrected.
SCTP is not allowed for LoadBalancer Service and for HostPort. Kube-proxy can be configured not to start listening on the host port for SCTP: see the new SCTPUserSpaceNode parameter
changed the vendor github.com/nokia/sctp to github.com/ishidawataru/sctp. I.e. from now on we use the upstream version.
netexec.go compilation fixed. Various test cases fixed
SCTP related conformance tests removed. Netexec's pod definition and Dockerfile are updated to expose the new SCTP port(8082)
SCTP related e2e test cases are removed as the e2e test systems do not support SCTP
sctp related firewall config is removed from cluster/gce/util.sh. Variable name sctp_addr is corrected to sctpAddr in pkg/proxy/ipvs/proxier.go
cluster/gce/util.sh is copied from master
Implemented the call to get all cluster objects in a zone for a project.
Also added code to allow the container api to be set in the gce.conf
file.
Requested fix for @lavalamp. Fixed GetClusters to be GetManagedClusters.
Leaving ListClusters as ListClusters as it is part of the Cloud Clusters
interface, despite also being a "managed" call.
Remove copy pasta :D
Fixed method variable name.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove rescheduler since scheduling DS pods by default scheduler is moving to beta
**What this PR does / why we need it**:
remove rescheduler since scheduling DS pods by default scheduler is moving to beta
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64725
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove rescheduler since scheduling DS pods by default scheduler is moving to beta.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set --audit-webhook-mode flag properly based on the env variable
**What this PR does / why we need it**:
Audit webhook mode control via env variable is currently broken and this is the fix.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66177, 66185, 67136, 67157, 65065). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update configure-helper.sh to support heapster resource optimizations
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66177, 66185, 67136, 67157, 65065). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Templatize the scaling policy for metrics-server
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Add OWNERS for image (gci) configuration
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59030, 64666, 66251, 66485, 66813). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
A large set of improvements to the Stackdriver components.
**What this PR does / why we need it**:
This PR delivers a large set of improvements for both the Stackdriver Logging agent and the Stackdriver Metadata agent.
**Release note**:
```release-note
Metadata Agent Improvements
Bump metadata agent version to 0.2-0.0.21-1.
Expand the metadata agent's access to all API groups.
Remove metadata agent config maps in favor of command line flags.
Update the metadata agent's liveness probe to a new /healthz handler.
Logging Agent Improvements
Bump logging agent version to 0.2-1.5.33-1-k8s-1.
Appropriately set log severity for k8s_container.
Fix detect exceptions plugin to analyze message field instead of log field.
Fix detect exceptions plugin to analyze streams based on local resource id.
Disable the metadata agent for monitored resource construction in logging.
Disable timestamp adjustment in logs to optimize performance.
Reduce logging agent buffer chunk limit to 512k to optimize performance.
```
Metadata Agent Improvements
Bump metadata agent version to 0.2-0.0.21-1.
Expand the metadata agent's access to all API groups.
Remove metadata agent config maps in favor of command line flags.
Update the metadata agent's liveness probe to a new /healthz handler.
Logging Agent Improvements
Bump logging agent version to 0.2-1.5.33-1-k8s-1.
Appropriately set log severity for k8s_container.
Fix detect exceptions plugin to analyze message field instead of log field.
Fix detect exceptions plugin to analyze streams based on local resource id.
Disable the metadata agent for monitored resource construction in logging.
Disable timestamp adjustment in logs to optimize performance.
Reduce logging agent buffer chunk limit to 512k to optimize performance.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Default some unbound cluster/gce env vars
**What this PR does / why we need it**:
Sets defaults for two env vars used by cluster/gce/* scripts so as to
avoid the following warnings when bringing a cluster up for test
```
METADATA_CONCEALMENT_NO_FIREWALL: unbound variable
CUSTOM_KUBE_DASHBOARD_BANNER: unbound variable
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60850
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dd status=none does not exist on macOS
**What this PR does / why we need it**:
When running cluster/kubectl.sh on macOS 10.13.6, the use of the
`status=none` operand leads to `dd: unknown operand status` being
printed out as an error message. Redirecting to /dev/null does
the same thing, supressing transfer status.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66284, 66690). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Exit gce kube-up.sh early if openssl is LibreSSL
**What this PR does / why we need it**:
macOS has an openssl binary, but it's actually LibreSSL, which doesn't play well with the easyrsa script that cluster/gce/util.sh uses to generate certs
Instead of waiting until we generate certs to discover easyrsa doesn't work, consider openssl a prereq for gce, and include a check for the version string starting with OpenSSL
Also, mirror kube-up.sh's "... calling" output in kube-down.sh
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/community#1954
```release-note
NONE
```
macOS has an openssl binary, but it's actually LibreSSL, which
doesn't play well with the easyrsa script that cluster/gce/util.sh
uses to generate certs
Instead of waiting until we generate certs to discover easyrsa doesn't
work, consider openssl a prereq for gce, and include a check for the
version string starting with OpenSSL
Also, mirror kube-up.sh's "... calling" output in kube-down.sh
In addition to the shell script changes the heapster yaml has been
updated to use addon resizer 1.8.3 for the heapster-nanny. Addon resizer 1.8.3
is being used to take advantage of the new minClusterSize flag. Note this is a
no-op change. The values specified for heapster-nanny reflect the current
configuration used with version 1.8.2.
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update crictl to v1.11.1.
Update `crictl` to v1.11.1 to fix several bugs. Release note: https://github.com/kubernetes-incubator/cri-tools/releases/tag/v1.11.1
@kubernetes/sig-node-pr-reviews @kubernetes/sig-cluster-lifecycle-pr-reviews
@kubernetes/sig-gcp-pr-reviews
Signed-off-by: Lantao Liu <lantaol@google.com>
```release-note
Update crictl to v1.11.1.
```
Automatic merge from submit-queue (batch tested with PRs 66342, 66330, 65641). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bump ingress version to 1.2
```release-note
Bump Ingress-gce version to 1.2.0
```
The container used by build/run.sh doesn't necessarily have an entry in
/etc/passwd for the host user's uid, and this missing data causes
`whoami` to fail.
Switch `whoami` to `id -un` to fall back to the uid if the /etc/passwd
entry is missing.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disable initializers by default
The API group driving this field is not enabled by default, and it does not appear that these will progress beyond the alpha phase.
Remove the admission plugin from default configurations.
/sig api-machinery
/cc @smarterclayton
```release-note
The alpha `Initializers` admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior.
```
Automatic merge from submit-queue (batch tested with PRs 65794, 65919). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove references to the Debian-based Container-VM image
The image reached end-of-life in October 2017. Remove the associated
references from the cluster setup script.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove echo cmd when overwriting a file from an Env var.
**What this PR does / why we need it**:
Cleanup the shell script.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
"NONE"
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop using deprecated --etcd-quorum-read
etcd-quorum-read was deprecated, but it is still used.
This pr stops using it.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow custom manifests in GCP master setup
Add a hook in GCE setup script to allow using custom manifests on master, so we can decouple some GKE changes from k8s. Note that this PR just adds a hook there is no change in default behavior.
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bug fix: Should allow alias range size equals to max number of pods * 2
**What this PR does / why we need it**:
Currently in gce/config-common.sh, function get-alias-range-size returns a range which is strictly bigger than log2(max pods * 2). Where equal should be also acceptable. Say if max pods constraint = 8, it should return /28, instead of /27.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65521
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set pod priority on kube-proxy manifest by default
**What this PR does / why we need it**:
Follow up of https://github.com/kubernetes/kubernetes/pull/59237, set pod priority on kube-proxy by default and remove the unneeded logic in startup script.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @bsalamat @bowei
cc @tanshanshan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Rescheduler's manifest
**What this PR does / why we need it**: Updates Rescheduler's manifest to use version 0.4.0
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Update Rescheduler's manifest to use version 0.4.0.
```
Automatic merge from submit-queue (batch tested with PRs 65342, 65460). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update NPD config for GCI
**What this PR does / why we need it**:
Use https://github.com/kubernetes/node-problem-detector/pull/180 on GCI
**Special notes for your reviewer**:
This is currently pending an NPD release.
**Release note**:
```release-note
NONE
```
/assign @Random-Liu
/sig node
/kind feature
/priority important-soon
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add /home/kubernetes/bin into sudoers path, so that `sudo crictl` works.
Add `/home/kubernetes/bin` to sudoers path, so that user can call `sudo crictl` directly.
Without this fix, user has to either use the full path `sudo /home/kubernetes/bin/crictl` or switch to root, which is not a good user experience.
/cc @yujuhong @feiskyer @filbranden @kubernetes/sig-node-pr-reviews @kubernetes/sig-gcp-pr-reviews
**Release note**:
```release-note
User can now use `sudo crictl` on GCE cluster.
```
Automatic merge from submit-queue (batch tested with PRs 65024, 65287, 65345, 64693, 64941). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a helper function to customize K8s addon yamls and use it to customize Calico addons on GKE
**What this PR does / why we need it**:
Allow customizing Calico addon in GCP. With #65022, this allows us to do a couple of things:, e.g., run Calico 3.0+ on GCP, use a non-default MTU etc.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65045, #65067
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65123, 65176, 65139, 65084, 65056). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pass cluster_location argument to Heapster
**What this PR does / why we need it**:
Fixes Stackdriver monitoring on GCE clusters where cluster location is not a single zone, for example regional clusters.
**Release note**:
```release-note
Pass cluster_location argument to Heapster
```
Automatic merge from submit-queue (batch tested with PRs 64503, 64903, 64643, 64987). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use unix.EpollWait to determine when memcg events are available to be Read
**What this PR does / why we need it**:
This fixes a file descriptor leak introduced in https://github.com/kubernetes/kubernetes/pull/60531 when the `--experimental-kernel-memcg-notification` kubelet flag is enabled. The root of the issue is that `unix.Read` blocks indefinitely when reading from an event file descriptor and there is nothing to read. Since we refresh the memcg notifications, these reads accumulate until the memcg threshold is crossed, at which time all reads complete. However, if the node never comes under memory pressure, the node can run out of file descriptors.
This PR changes the eviction manager to use `unix.EpollWait` to wait, with a 10 second timeout, for events to be available on the eventfd. We only read from the eventfd when there is an event available to be read, preventing an accumulation of `unix.Read` threads, and allowing the event file descriptors to be reclaimed by the kernel.
This PR also breaks the creation, and updating of the memcg threshold into separate portions, and performs creation before starting the periodic synchronize calls. It also moves the logic of configuring memory thresholds into memory_threshold_notifier into a separate file.
This also reverts https://github.com/kubernetes/kubernetes/pull/64582, as the underlying leak that caused us to disable it for testing is fixed here.
Fixes#62808
**Release note**:
```release-note
NONE
```
/sig node
/kind bug
/priority critical-urgent
Automatic merge from submit-queue (batch tested with PRs 64503, 64903, 64643, 64987). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create system:cluster-autoscaler account & role and introduce it to C…
**What this PR does / why we need it**:
This PR adds cluster-autoscaler ClusterRole & binding, to be used by the Cluster Autoscaler (kubernetes/autoscaler repository).
It also updates GCE scripts to make CA use the cluster-autoscaler user account.
User account instead of Service account is chosen to be more in line with kube-scheduler.
**Which issue(s) this PR fixes**:
Fixes [issue 383](https://github.com/kubernetes/autoscaler/issues/383) from kubernetes/autoscaler.
**Special notes for your reviewer**:
This PR might be treated as a security fix since prior to it CA on GCE was using system:cluster-admin account, assumed due to default handling of unsecured & unauthenticated traffic over plain HTTP.
**Release note**:
```release-note
A cluster-autoscaler ClusterRole is added to cover only the functionality required by Cluster Autoscaler and avoid abusing system:cluster-admin role.
action required: Cloud providers other than GCE might want to update their deployments or sample yaml files to reuse the role created via add-on.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove deprecated option '--enable-custom-metrics'
**Release note**:
```release-note
deprecated and inactive option '--enable-custom-metrics' is removed in 1.11
```
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use default seccomp profile for GCE manifests
**What this PR does / why we need it**:
This PR sets the default seccomp profile of unprivileged addons to 'docker/default' for GCE manifests. This PR is a followup of #62662. We are using 'docker/default' instead of 'runtime/default' in addons in order to handle node version skew. When seccomp profile is applied automatically by default later, we can remove those annotations.
This is PR is part of #39845.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63453, 64592, 64482, 64618, 64661). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "Remove rescheduler and corresponding tests from master"
Reverts kubernetes/kubernetes#64364
After discussing with @bsalamat on how DS controllers(ref: https://github.com/kubernetes/kubernetes/pull/63223#discussion_r192277527) cannot create pods if the cluster is at capacity and they have to rely on rescheduler for making some space, we thought it is better to
- Bring rescheduler back.
- Make rescheduler priority aware.
- If cluster is full and if **only** DS controller is not able to create pods, let rescheduler be run and let it evict some pods which have less priority.
- The DS controller pods will be scheduled now.
So, I am reverting this PR now. Step 2, 3 above are going to be in rescheduler.
/cc @bsalamat @aveshagarwal @k82cn
Please let me know your thoughts on this.
```release-note
Revert #64364 to resurrect rescheduler. More info https://github.com/kubernetes/kubernetes/issues/64725 :)
```
Automatic merge from submit-queue (batch tested with PRs 61610, 64591, 58143, 63929). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add netd as an addon for GCP
**What this PR does / why we need it**:
Add netd as an addon for GKE.
The PR will add setup functions and var to help deploy netd daemon on GKE.
Please checkout more detail for netd at https://github.com/GoogleCloudPlatform/netd
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61610, 64591, 58143, 63929). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create CoreDNS and kube-dns folders
**What this PR does / why we need it**:
Separate the CoreDNS and kube-dns manifests by creating their own folders (dns/coredns and dns/kube-dns)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61435
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @MrHohn
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ipvs module loading logic to gce scripts
**What this PR does / why we need it**:
Add ipvs module loading logic to gce scripts.
Fixes a part of #59402.
/cc @Lion-Wei
/assign @roberthbailey @m1093782566
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disable memcg for testing prior to 1.11 release
**What this PR does / why we need it**:
Turn off kubelet memory cgroup notifications on GCE to unblock scalability testing.
Related issue: #62808
```release-note
NONE
```
/sig node
/kind bug
/priority critical-urgent
/assign @shyamjvs @yujuhong
Automatic merge from submit-queue (batch tested with PRs 63417, 64249, 64242, 64128, 64275). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
graduate DynamicKubeletConfig feature to beta
Everything in the https://github.com/kubernetes/features/issues/281 beta target except a few documentation-related items is complete. Docs should be done very soon, so I'm sending this PR to graduate to beta before freeze.
```release-note
The dynamic Kubelet config feature is now beta, and the DynamicKubeletConfig feature gate is on by default. In order to use dynamic Kubelet config, ensure that the Kubelet's --dynamic-config-dir option is set.
```
/cc @luxas
