Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add prometheus cluster monitoring addon.
This PR adds new cluster monitoring addon based on prometheus.
It adds prometheus deployment with e2e tests.
Additional components will be added iterativly in future.
Manifests based on current Helm chart.
At current state it's not intended for production use.
cc @piosz @kawych @miekg
```release-note
Add prometheus cluster monitoring addon to kube-up
```
/sig instrumentation
/kind feature
/priority important-soon
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Instrument transformer.go with latency metrics.
**What this PR does / why we need it**:
Instrument transformer.go with latency metrics - allowing to measure performance impact of adding KMS Providers.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
"NONE"
```
Automatic merge from submit-queue (batch tested with PRs 62436, 62499, 62664, 62685, 62660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding kube dns to kubemark
Adding kube dns to the kubemark. It will allow to test dns impact on kuberneters master performance.
Kube dns is optional - requires ENABLE_KUBEMARK_KUBE_DNS set to "true".
```release-note
NONE
```
This change updates the REST mapper used by all admission plugins to
be backed by cached discovery information. This cache is updated
every ten seconds via a post start hook and will not attempt to
update on calls to RESTMapping. It solely relies on the hook to
keep the cache in sync with discovery.
This prevents issues with the OwnerReferencesPermissionEnforcement
admission plugin when it is used with custom resources that set
blockOwnerDeletion.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubelet flags.
pflag now sets golang flag `Parsed` before parsing flags 1ce0cc6db4. With that, all kubelet flags setting will be skipped.
We initially added `flag.Parsed` check to work around a issue that flags are parsed twice, thus kubelet flags are appended twice.
However, it doesn't seem to be the case now. I removed the `Parsed` check, and kubelet flags are only appended once.
```
/tmp/node-e2e-20180416T200912/kubelet --kubeconfig /tmp/node-e2e-20180416T200912/kubeconfig --root-dir /var/lib/kubelet --v 4 --logtostderr --allow-privileged true --network-plugin=kubenet --cni-bin-dir /tmp/node-e2e-20180416T200912/cni/bin --cni-conf-dir /tmp/node-e2e-20180416T200912/cni/net.d --hostname-override test-cos-beta-66-10452-53-0 --container-runtime docker --container-runtime-endpoint unix:///var/run/dockershim.sock --config /tmp/node-e2e-20180416T200912/kubelet-config --experimental-mounter-path=/tmp/node-e2e-20180416T200912/mounter --experimental-kernel-memcg-notification=true --runtime-cgroups=/system.slice/docker.service
```
This PR removes the unnecessary `Parsed` check to fix the test. @mtaufen
/cc @kubernetes/sig-node-pr-reviews
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 62650, 62303, 62545, 62375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move podsecuritypolicy registry to policy package
**What this PR does / why we need it:**
This is a part of the PSP migration from extensions to policy API group. This PR moves registry to policy package and changes preferred storage format to policy/v1beta1
**Which issue(s) this PR fixes:**
Addressed to https://github.com/kubernetes/features/issues/5
Automatic merge from submit-queue (batch tested with PRs 62650, 62303, 62545, 62375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor subpath reconstruction tests to use util test
**What this PR does / why we need it**:
Use common util method for reconstruction tests so that test updates will be reflected in all e2es. Also increase termination grace period to allow more time for volume manager to cleanup before the tests check for leftover mounts
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62293
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58784, 62057, 62621, 62652, 62656). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove deprecated initresource admission plugin
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref https://github.com/kubernetes/kubernetes/pull/55375#issuecomment-360329586
**Special notes for your reviewer**:
/assign @piosz @deads2k
**Release note**:
```release-note
remove deprecated initresource admission plugin
```
Automatic merge from submit-queue (batch tested with PRs 62407, 62602, 62539, 62639, 62647). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubemark image-registry name assignment
Allows to create kubemark instance without explicitly specifying the project name.
start-kubemark.sh used to not run properly when using project name acquired from the cloud provider.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Private mount propagation
This PR changes the default mount propagation from "rslave" (newly added in 1.10) to "private" (default in 1.9 and before). "rslave" as default causes regressions, see below.
Value `"None"` has to be added to `MountPropagationMode` enum in API ("I don't want any propagation at all"), which translates to "private" on Linux. [We did not have use cases for it](https://github.com/kubernetes/community/pull/659#discussion_r131454319), but we have them now.
**Which issue(s) this PR fixes**
Fixes#62397, fixes#62396
**Special notes for your reviewer**:
CRI already has an option for private mount propagation in volumes, however it's called "PRIVATE", while Kubernetes API value is "None". I did not change PRIVATE to NONE to keep the interface stable. See `kubelet_pods.go`.
**Release note**:
```release-note
Default mount propagation has changed from "HostToContainer" ("rslave" in Linux terminology) to "None" ("private") to match the behavior in 1.9 and earlier releases. "HostToContainer" as a default caused regressions in some pods.
```
/sig storage
/sig node
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flaky crd e2e tests
Fixes#62345
/sig api-machinery
/kind flake
/priority failing-test
From the issue:
> All the tests that rely on creating a CustomResourceDefinition are flaky. This is because the test "AdmissionWebhook Should be able to deny custom resource creation" creates a validating webhook, called deny-crd.k8s.io, which denies all crd creations. This is an issue for any other test which will create a crd that gets run in parallel with that webhook test, causing them to fail with the message failed to create CustomResourceDefinition: admission webhook "deny-crd.k8s.io" denied the request: this webhook denies all requests
This PR changes the test webhook image to support handling a new "/crd" path which would accept and deny crd creations based on their labels, only denying if if the object has the label ```"webhook-e2e-test":"webhook-disallow"```, and updates the "AdmissionWebhook Should be able to deny custom resource creation" test to use that label.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62503, 62502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix ingress util for setting TLS spec
**What this PR does / why we need it**:
Fixes an issue with ingress TLS testing. For most tests, we want to only provide one certificate and verify it's being served. In some tests (including a conformance test), a new certificate was added; but only the first certificate was asserted.
This is because the multi-TLS test uses `WaitForIngressWithCert()` while the other tests use `WaitForGivenIngressWithTimeout`.
**Special notes for your reviewer**:
/assign rramkumar1
/cc rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62503, 62502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Node E2E: Remove the simple mount test
There are EmptyDir volume tests in test/e2e/common already. The test
does not add any more coverage.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62466, 62494). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix failed e2e tests for dns configmap
**What this PR does / why we need it**:
Fix DNS configMap e2e tests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62490
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix parsing timestamp in test
Go 1.9 changed the default string format, see https://github.com/golang/go/issues/20876
As discussed there, default format is intended to be readable for humans and can change without warning, so we should probably set the format explicitly when writing status configmap.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62324, 61459, 62475, 62476, 61914). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unnecessary code in ingress upgrade logic
Now that 1.1 is released, fix the TODO.
/assign @nicksardo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 62324, 61459, 62475, 62476, 61914). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump image in ingress downgrade test
**Release note**:
```release-note
None
```
/assign @nicksardo
Automatic merge from submit-queue (batch tested with PRs 62455, 62465, 62427, 62416, 62411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set slave mount propagation for local provisioner
**What this PR does / why we need it**:
Explicitly set slave mount propagation instead of assuming it's the default mode.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62455, 62465, 62427, 62416, 62411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump GLBC version and remove Unreleased tag from tests
/assign rramkumar1
/cc mrhohn
**Release note**:
```release-note
GCE: Bump GLBC version to 1.1.0 - supporting multiple certificates and HTTP2
```
