Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Mark Flexvolume as GA
Flex volume became GA from release 1.8 onwards. This PR fixes the comments to reflect it.
Fixes#56920
**Special notes for your reviewer**:
**Release note**:
```release-note
Flexvolume feature has graduated to GA.
```
Automatic merge from submit-queue (batch tested with PRs 56529, 57054). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet should use the value of the cri container runtime endpoint fr…
…om cadvisor
**What this PR does / why we need it**:
To make cri container runtime endpoint consistent, kubelet (currently using "/var/run/crio.sock" ) should use value of CrioSocket exactly as defined in cadvisor.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57005
**Special notes for your reviewer**:
**Release note**:
```release-note
Use the same value for cri container runtime endpoint as defined in cadivsor/crio
```
Automatic merge from submit-queue (batch tested with PRs 56529, 57054). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updates Kubeproxy validators to allow Windows 'kernelspace' mode.
**What this PR does / why we need it**:
Allows necessary `--proxy-mode` parameter in Kubeproxy, so that it can proceed as usual on Windows.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56522
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56599, 56824, 56918, 56967, 56959). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bug in container lifecycle event message generation
**What this PR does / why we need it**:
In HandlerRunner of container lifecycle, the event msg is re-declared. Thus, the event message we returned would always be empty.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56962
**Special notes for your reviewer**:
/sig node
**Release note**:
```release-note
Fix bug in container lifecycle event messaging
```
Automatic merge from submit-queue (batch tested with PRs 56599, 56824, 56918, 56967, 56959). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Check both name and ports for azure health probes
**What this PR does / why we need it**:
Check both name and ports for azure health probes, so that probe ports could follow nodePorts changes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56898
**Special notes for your reviewer**:
Should be cherry-picked in 1.7, 1.8, 1.9.
**Release note**:
```release-note
BUG FIX: Check both name and ports for azure health probes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove time waiting after create storage account (save 25s)
**What this PR does / why we need it**:
I found azure cloud provider will always sleep 25 seconds after creating a new azure storage account:
https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/azure/azure_blobDiskController.go#L531
Actually it's not necessary now, since it's already using sync way to create a storage account:
https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/azure/azure_blobDiskController.go#L531
Above code will wait until the storage account is created in azure.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56674
**Special notes for your reviewer**:
Below are logs without this PR:
```
I1201 06:41:22.486663 1 azure_blobDiskController.go:522] azureDisk - Creating storage account pvc3329812692002 type Standard_LRS
I1201 06:41:22.486810 1 azure_blobDiskController.go:531] azureDisk - Creating storage account pvc3329812692002 type Standard_LRS begin to wait
I1201 06:41:40.440005 1 azure_blobDiskController.go:533] azureDisk - Creating storage account pvc3329812692002 type Standard_LRS end wait
I1201 06:41:40.440030 1 azure_blobDiskController.go:551] azureDisk - storage account pvc3329812692002 was just created, allowing time before polling status
I1201 06:42:05.440176 1 azure_blobDiskController.go:553] azureDisk - storage account pvc3329812692002 was just created, allowing time before polling status, end wait
```
Below are logs with this PR, it could save 25s now:
```
I1201 07:36:07.755540 1 azure_blobDiskController.go:523] azureDisk - Creating storage account pvc33298126923895004820 type Standard_LRS
I1201 07:36:07.755652 1 azure_blobDiskController.go:532] azureDisk - Creating storage account pvc33298126923895004820 type Standard_LRS begin to wait
I1201 07:36:25.722540 1 azure_blobDiskController.go:534] azureDisk - Creating storage account pvc33298126923895004820 type Standard_LRS end wait
I1201 07:36:25.722557 1 azure_blobDiskController.go:552] azureDisk - storage account pvc33298126923895004820 was just created, allowing time before polling status
I1201 07:36:25.722562 1 azure_blobDiskController.go:554] azureDisk - storage account pvc33298126923895004820 was just created, allowing time before polling status, end wait
I1201 07:36:26.011157 1 azure_blobDiskController.go:436] azureDisk - storage account:pvc33298126923895004820 had no default container(3329812692) and it was created
I1201 07:36:26.011201 1 azure_blobDiskController.go:182] azureDisk - creating page blob andy-mgwin1710-dynamic-pvc-88c50c37-d668-11e7-94dc-000d3a041274.vhd in container 3329812692 account pvc33298126923895004820
```
**Release note**:
```
none
```
/sig azure
/assign @khenidak
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prevent deadlock on azure zone fetch in presence of failure
**What this PR does / why we need it**:
This fixes a bug in the Zone get function for the Azure cloud provider.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix deadlock in azure cloud provider zone fetching
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix static IP issue for Azure internal LB
**What this PR does / why we need it**:
Fix regression for Azure internal LB with static IP support
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56686
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Test Fix] Fake docker client can remove containers which have not been started
**What this PR does / why we need it**:
During kubemark-5000 scalability tests, which use the fake docker client, we encountered a bug where containers where the pod was deleted before the container was started could not be deleted.
This is because we only remove pods from the `ExitedContainers` list. Containers are only added to this when they have been created, started, and then stopped. However, containers that have only been created, but not started cannot be deleted. This PR fixes this issue by allowing containers with `State.Running=false` to be deleted.
**Which issue(s) this PR fixes**:
Ref #53327
**Release note**:
```release-note
NONE
```
/sig node
/kind bug
/priority critical-urgent
/assign @Random-Liu @dchen1107 @shyamjvs
Automatic merge from submit-queue (batch tested with PRs 52748, 56623). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Declare ipvs proxier beta in v1.9
**What this PR does / why we need it**:
This PR declares ipvs proxier beta - we have finished all tasks in IPVS proxier beta scope.
**Which issue(s) this PR fixes**:
Fixes#51602
**Special notes for your reviewer**:
**Release note**:
```release-note
Declare ipvs proxier beta
```
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-apiserver: enable admissionregistration v1beta1 api by default
We have this enabled in the GCE cluster and in local-cluster-up, but forgot to switch the default. If we want people to use this feature by default in production clusters, we better enable the API.
Moreover, this PR fixes that beta works without alpha.
```release-note
Enable admissionregistration.k8s.io/v1beta1 by default in kube-apiserver.
```
Automatic merge from submit-queue (batch tested with PRs 52013, 56719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support autoprobing floating-network-id for openstack cloud provider
Currently if user doesn't specify floatingnetwork-id and loadbalancer.openstack.org/floating-network-id annotation, openstack cloud provider can't create a external LoadBalancer service.
Actually we can get floatingnetwork-id automatically.
If we get multiple floatingnetwork-ids, then ask user to specify one, or we use the floatingnetwork-id to create floatingip for external LoadBalancer service.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
**Release note**:
```release-note
Support autoprobing floating-network-id for openstack cloud provider
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Dashboard addon to version 1.8.0 and align /ui redirect with it
**What this PR does / why we need it**: In Dashboard 1.8.0 we have introduced a couple of changes (security, settings, new resources etc.) and fixed a lot of bugs. You can check release notes at https://github.com/kubernetes/dashboard/releases/tag/v1.8.0.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Updated Dashboard add-on to version 1.8.0.
- The Dashboard add-on now deploys with https enabled
- The Dashboard can be accessed via kubectl proxy at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
- The /ui redirect is deprecated and will be removed in 1.10
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
AWS: Support for mounting nvme volumes
Supports mounting nvme volumes
Fixes#56155
```release-note
AWS: Detect EBS volumes mounted via NVME and mount them
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Return no volume match if prebound PV node affinity doesn't match node
**What this PR does / why we need it**:
VolumeBindingChecker predicate needs to return false for prebound PVs if the NodeAffinity doesn't match the node.
Also fix log formatting in predicate.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56596
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix CreateVolume func: use search mode instead
**What this PR does / why we need it**:
This is a little fall back for CreateVolume func: use search mode for Dedicated kind as @rootfs suggested.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52396
**Special notes for your reviewer**:
I reference the implmentation of v1.6 in the same CreateVolume func
https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/cloudprovider/providers/azure/azure_storage.go#L213-L247
**Release note**:
```
fix azure storage account exhausting issue by using azure disk mount
```
/sig azure
@rootfs @feiskyer @karataliu
Automatic merge from submit-queue (batch tested with PRs 56589, 56503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
MustRunAsNonRoot should reject a pod if it has non-numeric USER
**What this PR does / why we need it**:
This PR modifies kubelet behavior to reject pods with non-numeric USER instead of showing a warning.
**Special notes for your reviewer**:
Related discussion: https://github.com/kubernetes/community/pull/756#discussion_r143694443
**Release note**:
```release-note
kubelet: fix bug where `runAsUser: MustRunAsNonRoot` strategy didn't reject a pod with a non-numeric `USER`.
```
PTAL @pweil- @tallclair @liggitt @Random-Liu
CC @simo5 @adelton
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add andyzhangx as azure reviewer
**What this PR does / why we need it**:
add andyzhangx as azure reviewer
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
none
```
/sig azure
/assign @jdumars @brendandburns
Automatic merge from submit-queue (batch tested with PRs 56520, 53764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add service.UID into security group name
Related to: #53714
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55893, 55906, 55026). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Test Fix] Mock docker network dependencies and fix filtering bug
This PR only affects the mocked docker runtime, and has no impact on the kubelet.
Issue #53327
When kubernetes creates a pod using the docker shim, it creates a container which contains the pod's network namespace, and then creates containers which specify that namespace.
The current mocked docker does not mock this interaction, and thus allows a container to be created even when the container whose network it is joining does not exist.
This allows the mocked kubelet to end up in a state where the pod does not exist, but a container in the pod does, and this breaks pod deletion.
This fixes the above by only allowing containers to be started if the container whose network it is trying to join is running.
Additionally, this PR fixes a filtering bug where we were incorrectly comparing docker container statuses.
/assign @shyamjvs
can you test this to see if it fixes the issue?
/assign @Random-Liu
for approval after @shyamjvs confirms this works.
