Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enhance kubeadm `bootstrap-token`
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm phases, and more specifically improves `bootstrap-token` phase by implementing a behaviour consistent with `kubeadm init`, that is:
- `all` subcommand
- `create` subcommand (with CA pinning stuff and --config)
- `cluster-info` subcommand was modified, removing --config (thus making it consistent with other phases)
- `allow-auto-approve` subcommand was improved, implementing also creation of RBAC rules for certificate rotation (thus making it consistent with `kubeadm init`)
- Reference docs improved
**Which issue(s) this PR fixes**
part of the effort for [#461](https://github.com/kubernetes/kubeadm/issues/461)
part of the effort for [#454](https://github.com/kubernetes/kubeadm/issues/454)
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
CC @luxas
**Release note**:
```release-note
NONE
```
With new flag `--ignore-checks-errors` user is able to
decrease severity of each individual check to warning.
Old flag `--skip-preflight-checks` now acts as
`--ignore-checks-errors=all` and will produce warnings.
Fixes: kubernetes/kubeadm#480
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes issue where PVCs using `standard` StorageClass create PDs in disks in wrong zone in multi-zone GKE clusters
Fixes#50115
Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior.
Automatic merge from submit-queue (batch tested with PRs 55112, 56029, 55740, 56095, 55845). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve kubeadm upgrade apply error logging style
**What this PR does / why we need it**:
Improve kubeadm upgrade apply error logging style
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubeadm/issues/549
**Special notes for your reviewer**:
/assign @luxas
**Release note**:
```release-note
NONE
```
running (renamed to GetAllCurrentZones). Added E2E test to confirm this
behavior.
Added node informer to cloud-provider controller to keep track of zones
with k8s nodes in them.
Automatic merge from submit-queue (batch tested with PRs 55839, 54495, 55884, 55983, 56069). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add condition "len(cfg.DiscoveryToken) != 0" to ValidateArgSelection.
**What this PR does / why we need it**:
as per https://github.com/kubernetes/kubernetes/pull/54982#discussion_r149968848
>only when the conditions having len(cfg.DiscoveryToken) != 0 means "using token-based discovery" as is mentioned in the error message.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: #54982
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55839, 54495, 55884, 55983, 56069). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
seccomp is an alpha feature and not feature gated
Move SeccompProfileRoot to KubeletFlags and document flag as alpha.
wrt https://github.com/kubernetes/kubernetes/pull/53833#issuecomment-345396575, seccomp is an alpha feature, but this isn't clearly documented anywhere (the annotation just has the word "alpha" in it, and that's your signal that it's alpha).
Since seccomp was around before feature gates, it doesn't have one.
Thus SeccompProfileRoot should not be part of KubeletConfiguration, and this PR moves it to KubeletFlags, and amends the help text to note the alpha state of the feature.
fixes: #56087
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ExtendedResourceToleration admission controller.
/kind feature
/sig scheduling
/area hw-accelerators
There's elaborate discussion on this in #55080. In short, we would like to enable cluster operators and/or cloud providers to create dedicated nodes with extended resources (like GPUs, FPGAs etc.) that are reserved for pods requesting such resources. [Taints is the kubernetes concept to create dedicated nodes.](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/#example-use-cases) If the cluster operator or cloud provider wants to create dedicated node pools, they are expected to taint the nodes containing extended resources with the key equal to the name of the resource and effect equal to NoSchedule. If they do that, only pods that have a toleration for such a taint can be scheduled there. To make it easy for the user, this admission controller when enabled, automatically adds a toleration with key `example.com/device`, operator `Exists` and effect `NoSchedule` if an extended resource of name `example.com/device` is requested.
**Release note**:
```release-note
Add ExtendedResourceToleration admission controller. This facilitates creation of dedicated nodes with extended resources. If operators want to create dedicated nodes with extended resources (like GPUs, FPGAs etc.), they are expected to taint the node with extended resource name as the key. This admission controller, if enabled, automatically adds tolerations for such taints to pods requesting extended resources, so users don't have to manually add these tolerations.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Using ipset doing SNAT and packet filter in IPVS kube-proxy
**What this PR does / why we need it**:
Try ipset in ipvs proxy mode.
**Which issue this PR fixes**:
fixes#54203
xref: #53393, #53775
**Special notes for your reviewer**:
**Release note**:
```release-note
Using ipset doing SNAT and packet filtering in IPVS kube-proxy
```
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 55939, 56007). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix bad return error text
**What this PR does / why we need it**:
fix bad return error text
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve documentation for kubeadm phases
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm reference doc (CLI, website, manpages), and more specifically improves documentation for:
- kubeadm alpha phase certs
- kubeadm alpha phase kubeconfig
- kubeadm alpha phase controlplane
- kubeadm alpha phase etcd
- kubeadm alpha phase uploadconfig
- kubeadm alpha phase addons
- kubeadm alpha phase selfhosting
**Which issue(s) this PR fixes**:
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-engineer the kubeadm join logic.
**What this PR does / why we need it**:
- wait for the kubelet to create `/etc/kubernetes/kubelet.conf`
- use those credentials to PATCH the node
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix a small bug in the self-hosting code
**What this PR does / why we need it**:
`apps/v1beta2` requires that `DaemonSet.spec.selector.matchLabels` equals `DaemonSet.spec.template.metadata.labels`. Without this change, the API server rejects the DaemonSet in the validation stage.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @xiangpengzhao
Automatic merge from submit-queue (batch tested with PRs 51192, 55010). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding etcd upgrade option to kubeadm upgrade apply
This PR adds etcd upgrade functionality to kubeadm upgrade apply.
First commit adds certain functions to be able to deal with a single component of control plane and not just with all three components (apiserver, controller-manager and scheduler). It adds granularity as a result code can be reused.
Closes: https://github.com/kubernetes/kubeadm/issues/490
```release-note
Adds to **kubeadm upgrade apply**, a new **--etcd-upgrade** keyword. When this keyword is specified, etcd's static pod gets upgraded to the etcd version officially recommended for a target kubernetes release.
```
Automatic merge from submit-queue (batch tested with PRs 56008, 56013). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
KubeletConfiguration.BaseConfig.ClusterDNS defaults to the tenth address of MasterConfiguration.Networking.ServiceSubnet
**What this PR does / why we need it**:
If can get DNS IP from MasterConfiguration.Networking.ServiceSubnet, defaults to it. Otherwise defaults to DefaultClusterDNSIP
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validate usage strings when creating bootstrap tokens via kubeadm
**What this PR does / why we need it**:
fix TODO: Validate usages here so we don't allow something unsupported
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55233, 55927, 55903, 54867, 55940). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enhance kubeadm markmaster
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm phases, and more specifically improves `mark-master` phase by implementing a behaviour similar to `kubeadm init`, that is:
- dynamically initialise node name if not provided
- allow to override with `--node-name` flag or with `--config`
Also reference doc for `mark-master` was improved.
**Which issue(s) this PR fixes**
part of the effort for [#454](https://github.com/kubernetes/kubeadm/issues/454)
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
Alpha disclaimer aligned to change requested on the website.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55642, 55897, 55835, 55496, 55313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disable container disk metrics when using the CRI stats integration
Issue: https://github.com/kubernetes/kubernetes/issues/51798
As explained in the issue, runtimes which make use of the CRI Stats API still have the performance overhead of collecting those same stats through cAdvisor.
The CRI Stats API has metrics for CPU, Memory, and Disk. This PR significantly reduces the added overhead due to collecting these stats in both cAdvisor and in the runtime.
This PR disables container disk metrics, which are very expensive to collect.
This PR does not disable node-level disk stats, as the "Raw" container handler does not currently respect ignoring DiskUsageMetrics.
This PR factors out the logic for determining whether or not to use the CRI stats provider into a helper function, as cAdvisor is instantiated before it is passed to the kubelet as a dependency.
cc @kubernetes/sig-node-pr-reviews @derekwaynecarr
/kind feature
/sig node
/assign @Random-Liu @derekwaynecarr
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add kubeadm support for Kubelet Dynamic Configuration
**What this PR does / why we need it**:
This PR will make kubeadm support for Kubelet Dynamic Configuration. This is still WIP (and the code seems ugly). Creating the PR for now to let reviewers see if I understand the feature correctly and am on the right path and what else I'm missing.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/28
**Special notes for your reviewer**:
This feature is targeting for 1.9 as alpha.
/cc @luxas @mtaufen @mikedanese
**Release note**:
```release-note
Kubeadm now supports for Kubelet Dynamic Configuration.
```
