Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete the busyboxImage and mountTest var and change use imageutils
**What this PR does / why we need it**:
delete the ```busyboxImage```,```mountTest``` variable and change everything to use ```imageutils.GetE2EImage(imageutils.BusyBox)```, ```imageutils.GetE2EImage(imageutils.MountTest)```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67237
**Special notes for your reviewer**:
/cc @mikedanese
/assign @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67294, 67320, 67335, 67334, 67325). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add wait to discovery integration test to fix flakiness
**What this PR does / why we need it**:
Reduce the flakiness of the discovery test that was introduced in #66932 (see cherry-pick PR #67154 for report on flaky failure and suggestions).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67294, 67320, 67335, 67334, 67325). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some minor mistakes in e2e
**What this PR does / why we need it**:
fix some minor mistakes in e2e
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67294, 67320, 67335, 67334, 67325). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use framework.GetClusterZones() instead of getZoneNames()
**What this PR does / why we need it**:
fix todo:
use framework.GetClusterZones() instead of getZoneNames()
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
#50102 Task 1: Move apimachinery/pkg/watch.Until into client-go/tools/watch.UntilWithoutRetry
**What this PR does / why we need it**:
This is a split off from https://github.com/kubernetes/kubernetes/pull/50102 to go in smaller pieces.
Moves `apimachinery/pkg/watch.Until` into `client-go/tools/watch.UntilWithoutRetry` and adds context so it is cancelable.
**Release note**:
```release-note
NONE
```
**Dev release note**:
```dev-release-note
`apimachinery/pkg/watch.Until` has been moved to `client-go/tools/watch.UntilWithoutRetry`.
While switching please consider using the new `client-go/tools/watch.UntilWithSync` or `client-go/tools/watch.Until`.
```
/cc @smarterclayton @kubernetes/sig-api-machinery-pr-reviews
/milestone v1.12
/priority important-soon
/kind bug
(bug after the main PR which is this split from)
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting "[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace" to Conformance
**What this PR does / why we need it**:
An consolidated effort to resolve the issue https://github.com/kubernetes/kubernetes/issues/66875
> _[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace_
Promoting mentioned e2e test for Conformance as it -
- Validates that secret with same name can be created in different namespaces but secrets which reside in same namespace as that of pod can be only be accessed from volume mounted in the container.
- Improves api coverage including prioritized Pod API lists. https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061
> GET /api/v1/namespaces/{namespace}/pods/{name}/log
GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes Found.
```
• [SLOW TEST:16.326 seconds]
[sig-storage] Secrets
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:33
should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:86
------------------------------
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
Aug 7 07:12:44.133: INFO: Running AfterSuite actions on all node
Aug 7 07:12:44.134: INFO: Running AfterSuite actions on node 1
Ran 1 of 1020 Specs in 16.441 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 1019 Skipped PASS
All tests passed...
Will keep running them until they fail.
This was attempt #40
No, seriously... you can probably stop now.
```
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 61212, 66369, 66446, 66895, 66969). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting configmap binarydata support [NodeConformance] test to conformance
**What this PR does / why we need it**:
**e2e:** _[sig-storage] ConfigMap binary data should be reflected in volume [NodeConformance]_
Promotes mentioned e2e to conformance as it -
1. Validates ConfigMap's binarydata support effectively
2. Improves API Coverage for prioritized api lists. (https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061)
> GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
GET /api/v1/namespaces/{namespace}/pods/{name}/log
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes found.
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 66491, 66587, 66856, 66657, 66923). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
PVC Protection: Wait for Pod delete
Currently, the PVC protection controller will remove its finalizer when
all Pods using a PVC reach at least a Terminating state. However,
certain volumes cannot be guaranteed to be umounted until a Pod is
deleted. Only Pods not in the current pods list can be considered
deleted, so we're removing the exception to not check Terminating Pods.
```release-note
NONE
```
Resolves: #65552
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flakiness in daemonset TestLaunchWithHashCollisiion
**What this PR does / why we need it**: Addresses flakiness in test/integration/daemonset TestLaunchWithHashCollision. It makes sure the test waits for the pod to be added to the daemonset before updating the daemonset. The should avoid the race where the daemonset gets updated in between the calls to get and update in the test.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67273
**Special notes for your reviewer**:
@janetkuo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
attachdetach controller: attach volumes immediately when Pod's PVCs are bound
**What this PR does / why we need it**:
Let attachdetach controller to attach volumes immediately when Pod's PVCs are bound.
Current attachdetach controller calls `util.ProcessPodVolume` to add pod volumes into `desiredStateOfWorld` on these events:
- podAdd event
- podUpdate event
- podDelete event
- periodical `desiredStateOfWorldPopulator.findAndAddActivePod`
But if a pod is created with PVCs not bound, no volumes will be added into `desiredStateOfWorld` [because PVCs not bound](https://github.com/kubernetes/kubernetes/blob/v1.12.0-alpha.0/pkg/controller/volume/attachdetach/util/util.go#L99). When pv controller binds PVCs successfully, attachdetach controller will not add pod volumes immediately because it does not watch on PVC events.
It will wait until a pod update event is triggered (normally will not happen because no new status will be reported by kubelet) or `desiredStateOfWorldPopulator.findAndAddActivePod` is called (maybe 0~3 minutes later, see [timer configs](https://github.com/kubernetes/kubernetes/blob/v1.12.0-alpha.0/pkg/controller/volume/attachdetach/attach_detach_controller.go)).
In bad case, pod start time will be very long (~3 minutes + ~2 minutes (kubelet max exponential backoff)), for example: https://github.com/kubernetes/kubernetes/issues/64549#issuecomment-409440546.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64549
**Special notes for your reviewer**:
**Release note**:
```release-note
attachdetach controller attaches volumes immediately when Pod's PVCs are bound
```
Currently, the PVC protection controller will remove its finalizer when
all Pods using a PVC reach at least a Terminating state. However,
certain volumes cannot be guaranteed to be umounted until a Pod is
deleted. Only Pods not in the current pods list can be considered
deleted, so we're removing the exception to not check Terminating Pods.
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Correct spelling errors in the comments
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add integration test for scheduler "on PVC add" event handling
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67246
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
End2End tests for DynamicVolumeProvisioning of EBS
**What this PR does / why we need it**:
Add end2end tests to exercise `DynamicProvisioningScheduling` features for EBS. The tests make sure `WaitForFirstConsumer` and `AllowedTopologies` specified in a EBS storage class has the desired effect.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Tests features added to 217a3d8902
**Release note**:
```
NONE
```
/sig storage
/assign @msau42 @jsafrane
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to use debian-base:0.3.2
**What this PR does / why we need it**: uses the fixed debian-base image from #67222.
Also includes a small fix for a bug in the debian-base Makefile that I introduced in that same PR.
This is basically a rehash of #67026.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
macOS and docker for mac don't play nicely with mktemp
**What this PR does / why we need it**:
On macOS mktemp -d drops something in /var/folders, which isn't
shared by default with Docker for Mac. Thus I can't run docker
with that volume mounted to build binaries for test images. So
instead, tell mktemp to use kubernetes/_tmp as its base, which
is what I see some of the hack/verify-* scripts use
I had to use this patch to build images for:
- https://github.com/kubernetes/kubernetes/pull/67030
- https://github.com/kubernetes/kubernetes/pull/67034
- https://github.com/kubernetes/kubernetes/pull/67035
I am _super_ open to a better way of doing this if I missed something
**Special notes for your reviewer**: Kindly make sure this doesn't break
building images on linux
/release-note-none
/sig release
/cc @dims @ixdy
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow running various storage e2e tests on custom images
Ubuntu image is treated as custom image in some e2e tests. We whitelist both ubuntu and custom to run the storage tests.
**Release note**:
```release-note
None
```
/assign @msau42
/release-note-none
/sig storage
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove ARCH specific image consideration from e2e tests
Change-Id: I309fec49b030a4d457890f25d2f69e7c641c03fd
**What this PR does / why we need it**:
All e2e test images are now using multi-arch manifests so we should stop
looking up and using images that are specific to runtime.GOARCH
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
CI has shown occasional failures stemming from an -EBUSY when
test/e2e/storage/persistent_volumes-local.go aka "PersistentVolumes-local"
attempts to do losetup.
Looking at the code, it has a clear race between querying the current
free loopback device and later explicitly attempting to loopback setup a
file at the queried device node. Losetup nowadays includes the logic to
handle this for the user, if the '-f' option is used instead of naming
the desired target loopback device explicitly. It is safe to presume
a suitable losetup is present as the '-f' option is used elsewhere in
the test, and it is safe to not record the allocated device, as it is
already queried on the fly elsewhere in the test ahead of other commands
which need to know an already created loopback device's node name.
This patch should result in less flakes for this test case.
Signed-off-by: Tim Pepper <tpepper@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: recreating resources for immutable fields when force is applied
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66390
**Special notes for your reviewer**:
/assign soltysh juanvallejo
/cc @kubernetes/sig-cli-bugs
**Release note**:
```release-note
kubectl: recreating resources for immutable fields when force is applied
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
tests: Skips AfterEach step if provider is not supported
**What this PR does / why we need it**:
The BeforeEach step for cluster_size_autoscaling is skipped if
the provider is not gce or gke. The AfterEach step should also
be skipped, since nothing was done.
**Which issue(s) this PR fixes**:
Fixes#67199
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
On macOS mktemp -d drops something in /var/folders, which isn't
shared by default with Docker for Mac. Thus I can't run docker
with that volume mounted to build binaries for test images. So
instead, tell mktemp to use kubernetes/_tmp as its base, which
is what I see some of the hack/verify-* scripts use.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ensure ScheduleDSPods respects tainted nodes
- add PodToleratesNodeTaints to ~~nodeSelectionPredicates()~~ checkNodeFitness()
- add integration testcase
Fixes#66348, and would keep the behavior consistent with it was when ScheduleDSPods is disabled.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix permissions of qemu-ARCH-static in debian-base and other images
**What this PR does / why we need it**: proper fix for the issue I found in #67215. Some machines (like apparently workstations at Google) have a restrictive umask, so the `qemu-ARCH-static` binaries were getting installed in images without world read/execute permissions, causing utilities like `apt-get` to fail.
There was also a duplicate download/install of these binaries for `debian-iptables`, which further confused the issue. I've since removed that duplicate installation.
Many thanks to @BenTheElder for asking the right question to get me to look at the permissions again.
I haven't pushed any images yet. After merge, I'll build/promote `debian-base:0.3.2`, then update everything to use it, then push some more images, write some more PRs, ...
**Release note**:
```release-note
NONE
```
/assign @tallclair
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a check for docker version to push fat manifest images
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
This is for adding a check to avoid any corrupted fat manifest creation.
**Special notes for your reviewer**:
@dims @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use const v1.ProtocolTCP replace of string TCP
**What this PR does / why we need it**:
use const v1.ProtocolTCP replace of string TCP
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove the local manifest list after push
**What this PR does / why we need it**:
Manifests seem sticky in docker, so let's try to purge so if
we have re-push a fresh set of containers (with same version number as
before) during testing, the manifests are created fresh.
Change-Id: I41c010c08bd50b68ff6973a4ae1e004824fab178
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67090, 67159, 66866, 62111, 66476). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix to handle hash collisions correctly for DaemonSets
**What this PR does / why we need it**: This adds an integration test for the case where there is a hash collision when creating a ControllerRevision for a DaemonSet. It also fixes a shadowed variable that prevented this functionality from working as intended.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62519
**Special notes for your reviewer**:
/sig apps
**Release note**:
```release-note
Fixes issue when updating a DaemonSet causes a hash collision.
```
All e2e test images are now using multi-arch manifests so we should stop
looking up and using images that are specific to runtime.GOARCH
Change-Id: I5f3fd6e9a42b9fb88891c19e28a2dfcf7a14be82
Automatic merge from submit-queue (batch tested with PRs 66652, 67034). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Multi-arch images for metadata-concealment check container
**What this PR does / why we need it**:
Originally from:
https://github.com/GoogleCloudPlatform/k8s-metadata-proxy/tree/master/test
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the metadata concealment e2e test can run on multiple architectures.
Change-Id: I15009268da4e7809a1c03d9af3181b585afa8139
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65297, 67179, 67116, 67011, 66842). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean up unused parameter in func restrictedPod and testPrivilegedPods
**What this PR does / why we need it**:
clean up unused parameter in func restrictedPod and testPrivilegedPods
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65297, 67179, 67116, 67011, 66842). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Externalize node admission controller
**Release note**:
```release-note
NONE
```
**What this PR does / why we need it**:
/sig api-machinery
under unbrella: #66680
We start with injecting external informer/lister into node admission controller for that it's slightly simpler than the others.
Here is the thing I actually did in this pull:
1. Enable plugin initializer to inject external/internal clientset/informers into the admission controllers.
2. Receive external informer in node admission controller.
3. Create a `AdmissionConfig` following how we did in `AuthenticationConfig` and `AuthorizationConfig` and creates the actual plugin initializers and the admission post-start hook in its `New()` method
Automatic merge from submit-queue (batch tested with PRs 67026, 62945, 66917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade debian-base to 0.3.1 for CVEs
**What this PR does / why we need it**:
Upgrade debian-base to 0.3.1 in response to CVE fixes in debian-base
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Bumps up the version number of related components.
**Release note**:
```release-note
Bump up version number of debian-base, debian-hyperkube-base and debian-iptables.
Also updates dependencies of users of debian-base.
debian-base version 0.3.1 is already available.
```
Automatic merge from submit-queue (batch tested with PRs 66987, 67035). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Multi-arch images for echoserver
Originally from:
https://github.com/kubernetes/ingress-nginx/tree/master/images/echoheaders
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the e2e test that use this container.
Change-Id: I15009268da4e7809a1c03d9af3181b585afa8139
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66987, 67035). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Multiarch manifest for volume-tester docker images
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/48376
**Special notes for your reviewer**:
@dims @luxas
Changes made:
- Removed the ceph folder which is not used anymore and merged into rbd image
- Converted following images multi-arch:
```
volume/gluster
volume/iscsi
volume/nfs
volume/rbd
```
**Release note**:
```release-note
NONE
```
The BeforeEach step for cluster_size_autoscaling is skipped if
the provider is not gce or gke. The AfterEach step should also
be skipped, since nothing was done.
Originally from:
https://github.com/GoogleCloudPlatform/k8s-metadata-proxy/tree/master/test
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the metadata concealment e2e test can run on multiple architectures.
Change-Id: I15009268da4e7809a1c03d9af3181b585afa8139
Automatic merge from submit-queue (batch tested with PRs 67061, 66589, 67121, 67149). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get load balancer name per provider
**What this PR does / why we need it**:
GetLoadBalancerName() should be implemented per cloud provider as opposed to one neutral implementation.
This PR will address this by moving `cloudprovider.GetLoadBalancerName()` to the `LoadBalancer interface` and then provide an implementation for each cloud provider, while maintaining previously expected functionality.
**Which issue(s) this PR fixes**:
Fixes [#43173](https://github.com/kubernetes/kubernetes/issues/43173)
**Special notes for your reviewer**:
This is a work in progress. Looking for feedback as I work on this, from any interested parties.
**Release note**:
```release-note
NONE
```
Manifests seem sticky in docker, so let's try to purge so if
we have re-push a fresh set of containers (with same version number as
before) during testing, the manifests are created fresh.
Change-Id: I41c010c08bd50b68ff6973a4ae1e004824fab178
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: add a crictl test
This verifies that crictl is available on the node.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Originally from:
https://github.com/kubernetes/ingress-nginx/tree/master/images/echoheaders
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the e2e test that use this container.
Change-Id: I15009268da4e7809a1c03d9af3181b585afa8139
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Multi-arch images for apparmor-loader container
**What this PR does / why we need it**:
Originally from:
https://github.com/kubernetes/contrib/tree/master/apparmor/loader
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the apparmor e2e test can run on multiple architectures.
Change-Id: Idece17c494fc944c0aaef64805d2f0e3c4d7fb28
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66394, 66888, 66932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include unavailable apiservices in discovery response
**What this PR does / why we need it**:
Include unavailable apiservices into `apis/` discovery endpoint response to fix namespace deletion https://github.com/kubernetes-incubator/service-catalog/issues/2254
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes-incubator/service-catalog/issues/2254
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add watch integration test for dynamic client
**What this PR does / why we need it**:
Add watch to dynamic client integration test
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Originally from:
https://github.com/kubernetes/contrib/tree/master/apparmor/loader
Moving the code here to prevent bit-rot and to be sure we can recreate
or update the images on demand. Moving it here also ensures we can use
the common harness to build the multi-arch manifests needed for running
the apparmor e2e test can run on multiple architectures.
Change-Id: Idece17c494fc944c0aaef64805d2f0e3c4d7fb28
Automatic merge from submit-queue (batch tested with PRs 63572, 67084). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove [Conformance] from tests in test/e2e_node
Conformance tests live inside of test/e2e, none of the tests currently
tagged as `[Conformance]` in test/e2e_node actually get run when you run
the conformance tests with e2e.test (either directly or indirectly with
sonobuoy)
If these tests make sense as both `[NodeConformance]` and `[Conformance]`
tests, they should be ported to test/e2e/common
/kind cleanup
/area conformance
/sig architecture
/cc @bgrant0607 @smarterclayton @timothysc
/sig node
/cc @yujuhong
ref: https://github.com/kubernetes/kubernetes/issues/66875
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Deployment conformance tests
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**: @kubernetes/sig-apps-pr-reviews @kubernetes/sig-architecture-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67042, 66480, 67053). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
HPA: Make dynamicRequestSizeInMillicores bigger
**What this PR does / why we need it**:
HPA e2e tests specify 20 as requestSizeMillicores on resource-consumer
for making CPU workload to test HPA feature, and the value is
hard-coded as 20. That means the tests expect 2% CPU workload on every
resource-consumer process, but actual CPU usage(4 - 6%) is over than
the expected usage on some environment. Then HPA scales many pods than
the test expected, and the test is failed.
To make these tests stable, this changes the value to 100 (10% CPU
workload on each process).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67051
**Special notes for your reviewer**:
**Release note**: None
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete broken test for a deprecated feature.
**What this PR does / why we need it**:
This test is broken and it's for a deprecated feature.
https://github.com/kubernetes/contrib/tree/master/service-loadbalancer
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67085, 66559, 67089). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow setting tolerations in test framework
Add support for setting tolerations on pods in e2e framework. This is needed for adding e2e tests for autoscaling respecting taints&tolerations.
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
e2e: Ensure that sysrq-trigger is enabled before use
**What this PR does / why we need it**:
On Ubuntu (and, presumably, other distros too), the default configuration prohibits some sysrq operations. Before performing sysrq operations in the e2e testing, ensure that all operations are permitted.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make admission webhooks conversion convert CONNECT body correctly
Fix#59759.
1. Make apiserver pass connectRequest.Options directly to the admission layer. All other information in rest.ConnectRequest is present in admission attributes.
2. Make the scope.Kind of pod/attach, pod/exec, pod/portforward, node/proxy, service/proxy to their respective options Kind, instead of the parent Kind.
I've tested it locally, the conversion is working correctly for "kubectl attach". I'll add e2e tests.
I'll keep this to myself until I add the tests, but cc @mikedanese @liggitt RE. https://github.com/kubernetes/kubernetes/pull/66633.
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
e2e test harness - use busybox from dockerhub
**What this PR does / why we need it**:
Use the same pattern used everywhere in the e2e test
harness, just use "busybox" (from dockerhub) instead
of using the one from k8s.gcr.io registry.
Change-Id: I700b59f73fd31f2ed6d7f995cd9441839857dd44
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
