Automatic merge from submit-queue (batch tested with PRs 50932, 49610, 51312, 51415, 50705)
Add local storage support in Quota
Add local storage(scratch, overlay) support in quota
**Release note**:
```release-note
Add local ephemeral storage support to Quota
```
/cc @ddysher @jingxu97
Automatic merge from submit-queue (batch tested with PRs 50932, 49610, 51312, 51415, 50705)
Implement StatsProvider interface using cadvisor
Ref: https://github.com/kubernetes/kubernetes/issues/46984
- This PR changes the `StatsProvider` interface in `pkg/kubelet/server/stats` so that it can provide container stats from either cadvisor or CRI, and the summary API can consume the stats without knowing how they are provided.
- The `StatsProvider` struct in the newly added package `pkg/kubelet/stats` implements part of the `StatsProvider` interface in `pkg/kubelet/server/stats`.
- In `pkg/kubelet/stats`,
- `stats_provider.go`: implements the node level stats and provides the entry point for this package.
- `cadvisor_stats_provider.go`: implements the container level stats using cadvisor.
- `cri_stats_provider.go`: implements the container level stats using CRI.
- `helper.go`: utility functions shared by the above three components.
- There should be no user visible behaviors change in this PR.
- A follow up PR will implement the StatsProvider interface using CRI.
**Release note**:
```
None
```
/assign @yujuhong
/assign @WIZARD-CXY
When API server crashes *after* saving a provisioned PV and before sending
200 OK, the controller tries to save the PV again. In this case, it gets
AlreadyExists error, which should be interpreted as success and not as error.
Especially, a volume that corresponds to the PV should not be deleted in the
underlying storage.
Specifying this new flag will automatically hash the configmap/secret
contents with sha256 and append the first 40 hex-encoded bits of the
hash to the name of the configmap/secret. This is especially useful for
workflows that generate configmaps/secrets from files (e.g.
--from-file).
Note that vowels and vowel-like characters in the hash are remapped to
consonants to make it more difficult to accidentally form bad words.
See this Google doc for more background:
https://docs.google.com/document/d/1x1fJ3pGRx20ujR-Y89HUAw8glUL8-ygaztLkkmQeCdU/edit
Prometheus requires that all metrics in the same family have the same
labels, so we arrange to supply blank strings for missing labels
See https://github.com/google/cadvisor/issues/1704
Automatic merge from submit-queue
When faild create pod sandbox record event.
I created pods because of the failure to create a sandbox, but there was no clear message telling me what was the failure, so I wanted to record an event when the sandbox was created.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Always check if default labels on node need to be updated in kubelet
**What this PR does / why we need it**:
Nodes join again but maybe OS/Arch/Instance-Type has changed in the meantime.
In this case the kubelet needs to check if the default labels are still correct and if not it needs to update them.
```release-note
Kubelet updates default labels if those are deprecated
```
Automatic merge from submit-queue (batch tested with PRs 51441, 51356, 51460)
Autodetect kubemark Cloud Provider
**What this PR does / why we need it**:
This is needed for CloudProviderId to be properly
filled for Hollow Nodes.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51441, 51356, 51460)
Don't update pvc.status.capacity if pvc is already Bound
As discussed here https://github.com/kubernetes/community/pull/657#discussion_r128008128, in order for `pvc.status.Capacity < pv.Spec.Capcity` to be the mechanism for volume filesystem* resize, the pv controller should stop updating pvc.status.Capacity every resync period.
/assign @jsafrane
/sig storage
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51441, 51356, 51460)
fix the bad position of code comment
**What this PR does / why we need it**:
The position of code comment is wrong and move it to the right position
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Add volume operation metrics to operation executor and PV controller
This PR implements the proposal for high level volume metrics https://github.com/kubernetes/community/pull/809
**Special notes for your reviewer**:
~Differences from proposal:~ all resolved
~"verify_volume" is now "verify_volumes_are_attached" + "verify_volumes_are_attached_per_node" + "verify_controller_attached_volume." Which of them do we want?~
~There is no "mount_device" metric because the MountVolume operation combines MountDevice and mount (plugin.Setup). Do we want to extract the mount_device metric or is it okay to keep mountvolume as one? For attachable volumes, MountDevice is the actual mount and Setup is a bindmount + setvolumeownership. For unattachable, mountDevice does not occur and Setup is an actual mount + setvolumeownership.~
~PV controller metrics I did not implement following the proposal at all. I did not change goroutinemap nor scheduleOperation. Because provisionClaimOperation does not return an error, so it's impossible for the caller to know if there is actually a failure worth reporting. So I manually create a new metric inside the function according to some conditions.~
@gnufied
I have tested the operationexecutor metrics but not provision & delete. Sample:
**Release note**:
```release-note
Add error count and time-taken metrics for storage operations such as mount and attach, per-volume-plugin.
```
AWS CreateVolume call does not check if referenced encryption key actually
exists and returns a valid new AWS EBS volume even though an invalid key
was specified. Later on it removes the EBS silently when its encryption fails.
To work around this buggy behavior we manually check that the key exists
before calling CreateVolume.
Automatic merge from submit-queue (batch tested with PRs 49861, 50933, 51380, 50688, 51305)
fix v1 validation return error
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51304
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49861, 50933, 51380, 50688, 51305)
refactor codes in volume iscsi to improve readability
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
This PR refactors some codes in pkg/volume/iscsi. What is specific, this PR takes advantage of return fast to make codes indent less. As a result the readability of codes will improve a little bit.
What I did:
1. refactor codes in volume iscsi to improve readability.
2. change a keyword of `delete` into `deleteArgs` to reduce ambiguousness.
3. make some variables camel case.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49861, 50933, 51380, 50688, 51305)
Test loading Kubelet config from a file
**What this PR does / why we need it**:
Adds a test for loading kubelet config from a file, part of improving https://github.com/kubernetes/kubernetes/issues/50217
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49861, 50933, 51380, 50688, 51305)
Add configurable groups to bootstrap tokens.
**What this PR does / why we need it**:
This change adds support for authenticating bootstrap tokens into a configurable set of extra groups in addition to `system:bootstrappers`. Previously, bootstrap tokens could only ever authenticate to the `system:bootstrappers` group.
Groups are specified as a comma-separated list in the `auth-extra-groups` key of the `bootstrap.kubernetes.io/token` Secret, and must begin with the prefix `system:bootstrapper:` (and match a validation regex that checks against our normal convention). Whether or not any extra groups are configured, `system:bootstrappers` will still be added.
This also adds a `--groups` flag for `kubeadm token create`, which sets the `auth-extra-groups` key on the resulting Secret. The default is to not set the key.
`kubeadm token list` is also updated to include a `EXTRA GROUPS` output column.
**Which issue this PR fixes**: fixes#49306
**Special notes for your reviewer**:
The use case for this is in https://github.com/kubernetes/kubernetes/issues/49306. Comments on the feature itself are probably better over there. It will be part of how HA/self-hosting kubeadm bootstraps new master nodes (post 1.8).
**Release note**:
```release-note
Add support for configurable groups for bootstrap token authentication.
```
cc @luxas @kubernetes/sig-cluster-lifecycle-api-reviews @kubernetes/sig-auth-api-reviews
/kind feature
Automatic merge from submit-queue
simplify disruption controller finder logic
**What this PR does / why we need it**:
Address some comments from https://github.com/kubernetes/kubernetes/pull/45003 and simplify the PDB controller logic as part of issue https://github.com/kubernetes/kubernetes/issues/42284
@enisoc @kargakis @caesarxuchao
Also it feels like we can get rid of the finders all together since with controller ref, each pod has only controller. Let me know if i should remove that finders all together ?
Automatic merge from submit-queue
fix issue(#50937)Fix kubectl get pvc lose volume name
**What this PR does / why we need it**:
closes#50937
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
this should has volumename column.
```
NAME STATUS CAPACITY ACCESS MODES STORAGECLASS AGE
myclaim Bound pv-gcepd2 5Gi ROX slow 35m
myclaim2 Bound pv-gcepd 5Gi ROX slow 25m
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49849, 50334, 51414)
Support iscsi volume attach and detach
**What this PR does / why we need it**:
Support iSCSI volume attach and detach to enforce RWO access
**Which issue this PR fixes** : fixes#48953
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49849, 50334, 51414)
make volumesInUse sorted in node status updates
**What this PR does / why we need it**:
`volumesInUse` is not sent in a stable sort order. This will make node status patch requests larger than needed, and makes debugging nodes harder than necessary.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49731
**Special notes for your reviewer**:
/cc @derekwaynecarr @jboyd01
**Release note**:
```release-note
make volumesInUse sorted in node status updates
```
This change is prerequisite for implementing iSCSI attacher
and detacher.
In order to use chap authentication at iSCSI plugin after
implementing attacher and detacher, secret is needed at
AttachDisk() which is called from WaitForAttach().
To obtain secret, pod information is required, but
WaitForAttach() doesn't pass pod information inside.
This patch adds 'pod' as an argument of WaitForAttach()
and adds changes to drivers who implements WaitForAttach().
Fixes#48953
Automatic merge from submit-queue
Remove null -> [] slice hack
Closes#44593
When 1.6 added protobuf storage, the storage layer lost the ability to persist slice fields with empty but non-null values.
As a workaround, we tried to convert empty slice fields to `[]`, rather than `null`. Compressing `null` -> `[]` was just as much of an API breakage as `[]` -> `null`, but was hoped to cause fewer problems in clients that don't do null checks.
Because of conversion optimizations around converting lists of objects, the `null` -> `[]` hack was discovered to only apply to individual get requests, not to a list of objects. 1.6 and 1.7 was released with this behavior, and the world didn't explode. 1.7 documented the breaking API change that `null` and `[]` should be considered equivalent, unless otherwise noted on a particular field.
This PR:
* Reverts the earlier attempt (https://github.com/kubernetes/kubernetes/pull/43422) at ensuring non-null json slice output in conversion
* Makes results of `get` consistent with the results of `list` (which helps naive clients that do deepequal comparisons of objects obtained via list/watch and get), and allows empty slice fields to be returned as `null`
```release-note
Protobuf serialization does not distinguish between `[]` and `null`.
API fields previously capable of storing and returning either `[]` and `null` via JSON API requests (for example, the Endpoints `subsets` field) can now store only `null` when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6+). JSON API clients should tolerate `null` values for such fields, and treat `null` and `[]` as equivalent in meaning unless specifically documented otherwise for a particular field.
```
Automatic merge from submit-queue
Implement GetZoneByProviderID and GetZoneByNodeName for openstack
This is part of #50926
cc @wlan0
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51391, 51338, 51340, 50773, 49599)
Remove duplicate code
This PR cleans up Kubelet test code. Adds a function enabling the removal of duplicate code for Mock chaining. Also adds a function to check the pod status, again enabling removal of duplicate code.
Fixes#22470
**Special notes for your reviewer**:
This is my first PR for the Kubernetes project. Keeping it simple.
Automatic merge from submit-queue (batch tested with PRs 51391, 51338, 51340, 50773, 49599)
Delete "hugetlb" from whitelistControllers
**What this PR does / why we need it**:
Delete "hugetlb" from whitelistControllers
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50770
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51391, 51338, 51340, 50773, 49599)
add an starting info log of namespace controller.
**What this PR does / why we need it**:
add an starting info log of namespace controller.
**Release note**:
NA
Automatic merge from submit-queue
Fix swallowed error in iscsi package
**What this PR does / why we need it**: Fixes a swallowed error in the iscsi package.
```release-note NONE
```
Automatic merge from submit-queue
Fix swallowed errors in tests of photon_pd package
**What this PR does / why we need it**: Fixes swallowed errors in the tests of the photon_pd package.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 51174, 51363, 51087, 51382, 51388)
Fix swallowed error in scaleio package tests
**What this PR does / why we need it**: Fixes a dropped error in the tests of the scaleio package.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 51174, 51363, 51087, 51382, 51388)
Add InstanceExistsByProviderID to cloud provider interface for CCM
**What this PR does / why we need it**:
Currently, [`MonitorNode()`](02b520f0a4/pkg/controller/cloud/nodecontroller.go (L240)) in the node controller checks with the CCM if a node still exists by calling `ExternalID(nodeName)`. `ExternalID` is supposed to return the provider id of a node which is not supported on every cloud. This means that any clouds who cannot infer the provider id by the node name from a remote location will never remove nodes that no longer exist.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50985
**Special notes for your reviewer**:
We'll want to create a subsequent issue to track the implementation of these two new methods in the cloud providers.
**Release note**:
```release-note
Adds `InstanceExists` and `InstanceExistsByProviderID` to cloud provider interface for the cloud controller manager
```
/cc @wlan0 @thockin @andrewsykim @luxas @jhorwit2
/area cloudprovider
/sig cluster-lifecycle
Automatic merge from submit-queue
Let the quota evaluator handle mutating specs of pod & pvc
### Background
The final goal is to address https://github.com/kubernetes/kubernetes/issues/47837, which aims to allow more mutation for uninitialized objects.
To do that, we [decided](https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321462433) to let the admission controllers to handle mutation of uninitialized objects.
### Issue
#50399 attempted to fix all admission controllers so that can handle mutating uninitialized objects. It was incomplete. I didn't realize although the resourcequota admission plugin handles the update operation, the underlying evaluator didn't. This PR updated the evaluators to handle updates of uninitialized pods/pvc.
### TODO
We still miss another piece. The [quota replenish controller](https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/resourcequota/replenishment_controller.go) uses the sharedinformer, which doesn't observe the deletion of uninitialized pods at the moment. So there is a quota leak if a pod is deleted before it's initialized. It will be addressed with https://github.com/kubernetes/kubernetes/issues/48893.
Automatic merge from submit-queue
fix error message for pdb.go
**What this PR does / why we need it**:
fix error message for pdb.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Print multiple node roles, remove kubeadm-specific annotation from kubectl
related to #50010
Follow up to https://github.com/kubernetes/kubernetes/pull/50438 that removes the kubeadm-specific label, makes kubectl role-agnostic, and outputs multiple roles if present
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Dynamic Flexvolume plugin discovery, probing with filesystem watch.
**What this PR does / why we need it**: Enables dynamic Flexvolume plugin discovery. This model uses a filesystem watch (fsnotify library), which notifies the system that a probe is necessary only if something changes in the Flexvolume plugin directory.
This PR uses the dependency injection model in https://github.com/kubernetes/kubernetes/pull/49668.
**Release Note**:
```release-note
Dynamic Flexvolume plugin discovery. Flexvolume plugins can now be discovered on the fly rather than only at system initialization time.
```
/sig-storage
/assign @jsafrane @saad-ali
/cc @bassam @chakri-nelluri @kokhang @liggitt @thockin
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Refactor kuberuntime test case with sets.String
**What this PR does / why we need it**:
change to make got and want use sets.String instead, since that is both safe and more clearly shows the intent.
ref: https://github.com/kubernetes/kubernetes/pull/50554
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/51396
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
support fieldSelector spec.schedulerName
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49190
**Special notes for your reviewer**:
/assign @davidopp @bsalamat
/cc @lavalamp
**Release note**:
```release-note
add fieldSelector spec.schedulerName
```
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
Fix NoNewPrivs and also allow remote runtime to provide the support.
Fixes https://github.com/kubernetes/kubernetes/issues/51319.
This PR:
1) Let kubelet admit remote runtime for `NoNewPrivis` container runtime.
2) Fix a `NoNewPrivis` bug which checks wrong runtime type.
/cc @kubernetes/sig-node-bugs @jessfraz
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
Change eviction manager to manage one single local storage resource
**What this PR does / why we need it**:
We decided to manage one single resource name, eviction policy should be modified too.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: part of #50818
**Special notes for your reviewer**:
**Release note**:
```release-note
Change eviction manager to manage one single local ephemeral storage resource
```
/assign @jingxu97
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
fix ReadOnlyPort defaulting, CAdvisorPort documentation
The ReadOnlyPort defaulting prevented passing 0 to diable via
the KubeletConfiguraiton struct.
The HealthzPort defaulting prevented passing 0 to disable via the
KubeletConfiguration struct. The documentation also failed to mention
this, but the check is performed in code.
The CAdvisorPort documentation failed to mention that you can pass 0 to
disable.
fixes#51345
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Cloud Controller Manager now sets Node.Spec.ProviderID
**What this PR does / why we need it**:
Cloud Controller Manager now sets `Node.Spec.ProviderID`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/49836.
**Special notes for your reviewer**:
* As part of an effort to move cloud controller manager into beta https://github.com/kubernetes/kubernetes/issues/48690.
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
NodeConditionPredicates should return NodeOutOfDisk error.
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/pull/49932 , I moved node condition check into a predicates; but it return incorrect error :(.
We also need to add more cases to `TestNodeShouldRunDaemonPod` which is key function of DaemonSet.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50594
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Paramaterize `stickyMaxAgeMinutes` for service in API
**What this PR does / why we need it**:
Currently I find `stickyMaxAgeMinutes` for a session affinity type service is hard code to 180min. There is a TODO comment, see
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L205
I think the seesion sticky max time varies from service to service and users may not aware of it since it's hard coded in all proxier.go - iptables, userspace and winuserspace.
Once we parameterize it in API, users can set/get the values for their different services.
Perhaps, we can introduce a new field `api.ClientIPAffinityConfig` in `api.ServiceSpec`.
There is an initial discussion about it in sig-network group. See,
https://groups.google.com/forum/#!topic/kubernetes-sig-network/i-LkeHrjs80
**Which issue this PR fixes**:
fixes#49831
**Special notes for your reviewer**:
**Release note**:
```release-note
Paramaterize session affinity timeout seconds in service API for Client IP based session affinity.
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
handle failed mounts for fc volumes
**What this PR does / why we need it**: handles failed mounts for fc
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50502
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
Support for specifying external LoadBalancerIP on openstack
1. Support ServiceAnnotationLoadBalancerFloatingNetworkId for LB v1
2. Support for specifying external LoadBalancerIP on openstack
Add ServiceAnnotationLoadBalancerInternal annotation to distinguish
between internal LoadBalancerIP and external LoadBalancerIP.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#50851
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
Clean cinder detachlogerror
**What this PR does / why we need it**:
**Which issue this PR fixes** : fixes#50441
**Special notes for your reviewer**:
**Release note**:
```release-note
```
This adds constants and validation for a new `auth-extra-groups` key on `bootstrap.kubernetes.io/token` secrets. This key allows a bootstrap token to authenticate to extra groups in addition to the `system:bootstrappers` group.
Extra groups are always applied in addition to the `system:bootstrappers` group, must begin with a `system:bootstrappers:` prefix, are limited in length, and are limited to a restricted set of characters (alphanumeric, colons, and dashes without a trailing colon/dash).
The ReadOnlyPort defaulting prevented passing 0 to diable via
the KubeletConfiguraiton struct.
The HealthzPort defaulting prevented passing 0 to disable via the
KubeletConfiguration struct. The documentation also failed to mention
this, but the check is performed in code.
The CAdvisorPort documentation failed to mention that you can pass 0 to
disable.
Automatic merge from submit-queue (batch tested with PRs 51038, 50063, 51257, 47171, 51143)
Fix validation return value
Errors returned by some validation functions may be wrong
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51256
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
GCE: Consume new config value for network project id
This PR will allow users to specify the network's project ID in gce.conf. If it's not specified, it will be filled with `ProjectID`. This means that `network-project-id` is a required field for building a cluster on a shared VPC network. However, this means the field does not need to be specified for GKE clusters on non-shared networks.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#48515
**Special notes for your reviewer**:
/assign @bowei @freehan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
StatefulSet kubectl rollout command
**What this PR does / why we need it**: This PR implements StatefulSet kubectl rollout command, covering `history`, `status`, and `undo`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49890
**Special notes for your reviewer**:
**Release note**:
```release-note
kubectl rollout `history`, `status`, and `undo` subcommands now support StatefulSets.
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Adding fsGroup check before mounting a volume
fsGroup check will be enforcing that if a volume has already been
mounted by one pod and another pod wants to mount it but has a different
fsGroup value, this mount operation will not be allowed.
Closes#45053
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Add IPBlock to Network Policy
**What this PR does / why we need it**:
Add ipBlockRule to NetworkPolicyPeer.
**Which issue this PR fixes**
fixes#49978
**Special notes for your reviewer**:
- I added this directly as a field on the existing API per guidance from API-Machinery/lazy SIG-Network consensus.
Todo:
- [ ] Documentation comments to mention this is beta, unless we want to go straight to GA
- [ ] e2e tests
**Release note**:
```
Support ipBlock in NetworkPolicy
```
Automatic merge from submit-queue (batch tested with PRs 50872, 51103, 51220, 51285, 50841)
Fix issue(#49695)kubectl set image deployment is ignoring --selector
**What this PR does / why we need it**:
closes#49695
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50872, 51103, 51220, 51285, 50841)
ScaleIO: Use VolumeHost.GetExec() to execute stuff in volume plugins
This PR updates ScaleIO volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec` + to use a fresh `mounter` for every `SetUp` / `TearDown` calls, as they may be different each time.
This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Special notes for your reviewer**:
* I needed to pass `mount.Exec` interface from the place where it is available down to `SioClient` where it's needed to execute stuff.
@kubernetes/sig-storage-pr-reviews
/assign @vladimirvivien @rootfs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46986, 51214, 51169, 50155, 51261)
Add Italian translation for kubectl
**What this PR does / why we need it:**
This PR provides first attempt to translate kubectl in Italian (related to #40645, #45573,
#45562, #40591, #46559).
**Which issue this PR fixes** _(`optional, in fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)_: fixes #
No issues
**Special notes for your reviewer:**
This PR requires Italian people to assist in the review. I'm native in Italian with BS in Computer Science.
```release-note
Adding Italian translation for kubectl
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
default field selectors
We have a lot of code around field selectors that doesn't add much value. Every gettable resources probably wants name and namespace by default and since they all use metav1 (today), we can assign that as a default. If we think we'll always have metav1 style name and namespace, then this makes a reasonable default and you can always set something different.
This removes cruft and avoids the risk of accidentally forgetting a field selector.
@kubernetes/sig-api-machinery-misc @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
add UT for pkg/apis/autoscaling/v2alpha1/defaults.go
**What this PR does / why we need it**:
add UT for pkg/apis/autoscaling/v2alpha1/defaults.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
Add AddAliasToInstance() to gce cloud provider
- Adds AddAliasToInstance() to the GCE cloud provider.
- Adds field "secondary-range-name" to the gce.conf configuration file.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
rbd: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates rbd volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
RBD Plugin: Log RBD Attach/Mount/Unmout actions in addition to Detach
**What this PR does / why we need it**:
Currently, RBD Plugin can log a info message for a successful action of RBD Unmap, e.g.:
```
I0822 09:32:31.595162 15177 rbd_util.go:349] rbd: successfully unmap device /dev/rbd0
```
This PR adds logs for another three important actions: Attach, Mount and Unmount.
Logging these actions and associated info is *very* useful in diagnosing problems.
**Special notes for your reviewer**:
Example RBD Plugin logs of successful pod volume attaching and mounting:
```
I0822 09:30:27.512015 15177 rbd_util.go:148] lock list output "2017-08-22 09:30:27.493889 7fa4ae3c23c0 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.kube.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory\n"
W0822 09:30:27.547513 15177 rbd_util.go:460] rbd: no watchers on kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
I0822 09:30:27.704703 15177 rbd_util.go:315] rbd: successfully map image kube/kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71 to /dev/rbd0
I0822 09:30:27.965603 15177 rbd_util.go:322] rbd: successfully mount image kube/kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71 at /var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/kube-image-kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
```
Example RBD Plugin logs of successful pod volume detaching and unmouting:
```
I0822 09:32:31.380124 15177 rbd_util.go:334] rbd: successfully umount mountpoint /var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/kube-image-kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
I0822 09:32:31.459867 15177 rbd_util.go:148] lock list output "2017-08-22 09:32:31.443643 7f2bb8ab53c0 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.kube.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory\nThere is 1 exclusive lock on this image.\nLocker ID Address \nclient.64117 kubelet_lock_magic_k8s 192.168.2.128:0/4124042516 \n"
I0822 09:32:31.595162 15177 rbd_util.go:349] rbd: successfully unmap device /dev/rbd0
```
It does not add too much logs, but admins/ops can know what RBD plugin are doing internally and exact time a RBD image is mapped, mounted or unmounted (in addition to unmapped).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51244, 50559, 49770, 51194, 50901)
Fix the matching rule of instance ProviderID
Url.Parse() can't parse ProviderID which contains ':///'.
This PR use regexp to match ProviderID.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#49769
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51244, 50559, 49770, 51194, 50901)
fix status in deployment_rollback response
**What this PR does / why we need it**:
fix status in deployment_rollback response
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
#51243
Automatic merge from submit-queue (batch tested with PRs 51229, 50131, 51074, 51167, 51213)
Allow remote runtimes to pass apparmor host validation
**What this PR does / why we need it**:
Allow remote runtimes to pass apparmor host validation.
**Which issue this PR fixes** : fixes#51156
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51229, 50131, 51074, 51167, 51213)
[proxy] Clean up LocalPort related functions and structures in proxier.go
**What this PR does / why we need it**:
See, https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L1694
I think RevertPorts() is independent from iptables, and would be used by other proxiers which needs to hold/close local port.
Perhaps we can move RevertPorts() from proxier.go to pkg/proxy/util package so that it can be consumed among different proxiers. And, reduce codes in proxier.go
**Which issue this PR fixes**:
fixes#51073
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50213, 50707, 49502, 51230, 50848)
Refactor CephFS PV spec
**What this PR does / why we need it**:
refactor CephFS Volume Persistent Volume Spec so CephFS PV's SecretRef allows referencing a secret from a persistent volume in any namespace. This allows locating credentials for persistent volumes in namespaces other than the one containing the PVC.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes-incubator/external-storage/issues/309
**Special notes for your reviewer**:
@kubernetes/sig-storage-api-reviews
**Release note**:
```release-note
Allow CephFS PV to specify a namespace for secret
```
Automatic merge from submit-queue (batch tested with PRs 50213, 50707, 49502, 51230, 50848)
Fix comment of cronjob utils.go
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50951
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51224, 51191, 51158, 50669, 51222)
Change the FakeCloudAddressService to store Alpha objects internally
The change assumes the compute Alpha object is the superset of the v1
object. By storing the Alpha objects internally in the fake, we can
convert them to Beta and v1 to test different functions.
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
openapi: Change references to be first-class
**What this PR does / why we need it**:
References in the openapi are currently completely hidden from the
model, and just passed through as we walk the tree. The problem is that
they can have a different description and more importantly, different
extensions.
Change them to be first-class citizen, and fully part of the model. It
means that visitors have to implement one more function and decide if
something specific should be done with references. Validation is updated
to just completely ignore them and passthrough (like it was done
before).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
cloudprovider.Zones should support external cloud providers
**What this PR does / why we need it**:
Provides methods in cloudprovider.Zones that allows external cloud providers to set the correct zone labels to nodes. Part of https://github.com/kubernetes/kubernetes/issues/48690
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubernetes/issues/49308
**Special notes for your reviewer**:
Should help with getting ccm/external cloud providers to beta.
**Release note**:
```release-note
cloudprovider.Zones should support external cloud providers
```
cc @luxas @wlan0 @thockin
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
Add tests around TableConvert and server side printing
Also wire in more table printers
@fabianofranz
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
Remove redundant err definition
**What this PR does / why we need it**:
Remove redundant err definition,err is defined by using "err :=" at line 107
**Release note**:
NONE
```release-note
```
Automatic merge from submit-queue
fix fuzzer for hostpath type that the path can be an empty string
**What this PR does / why we need it**:
It seems the path of `HostPath` generated by fuzzer can be an empty string. This is causing [pull-kubernetes-unit](https://k8s-gubernator.appspot.com/builds/kubernetes-jenkins/pr-logs/directory/pull-kubernetes-unit) failing.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51260
**Special notes for your reviewer**:
/assign @thockin @luxas @ixdy
**Release note**:
```release-note
None
```
fsGroup check will be enforcing that if a volume has already been
mounted by one pod and another pod wants to mount it but has a different
fsGroup value, this mount operation will not be allowed.
Automatic merge from submit-queue (batch tested with PRs 50713, 47660, 51198, 51159, 51195)
kubeapiserver: rename `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`.
#**What this PR does / why we need it**:
This change renames the API server `--experimental-bootstrap-token-auth` flag to `--enable-bootstrap-token-auth`. The old flag is accepted but generates a warning.
In 1.9, we will drop support for `--experimental-bootstrap-token-auth` entirely.
#### Example of the warning log:
```
$ kube-apiserver --experimental-bootstrap-token-auth --etcd-servers https://127.0.0.1:1234 --service-cluster-ip-range 10.0.1.0/24
Flag --experimental-bootstrap-token-auth has been deprecated, use --enable-bootstrap-token-auth instead.
[...]
```
**Which issue this PR fixes** fixes https://github.com/kubernetes/kubernetes/issues/50613
**Release note**:
```release-note
Renamed the API server flag `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`. The old value is accepted with a warning in 1.8 and will be removed in 1.9.
```
/sig cli
/sig cluster-lifecycle
cc @luxas
The change assumes the compute Alpha object is the superset of the v1
object. By storing the Alpha objects internally in the fake, we can
convert them to Beta and v1 to test different functions.
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Add an OrDie version for AddPostStartHook
Simplifies usage and consolidate the error message so it is always
the same everywhere.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Delete redundant err definition
**What this PR does / why we need it**:
Delete reduandant err definition
Line 307 has err definition and initialization.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Remove crash loop "detection" from the dynamic kubelet config feature
**What this PR does / why we need it**:
The subfeature was a cool idea, but in the end it is very complex to
separate Kubelet restarts into crash-loops caused by config vs.
crash-loops caused by other phenomena, like admin-triggered node restarts,
kernel panics, and and process babysitter behavior. Dynamic kubelet config
will be better off without the potential for false positives here.
Removing this subfeature also simplifies dynamic configuration by
reducing persistent state:
- we no longer need to track bad config in a file
- we no longer need to track kubelet startups in a file
**Which issue this PR fixes**: fixes#50216
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Delete load balancers if the UIDs for services don't match.
An attempt to fix https://github.com/kubernetes/kubernetes/issues/43730
@thockin @djsly
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Show events when describing service accounts
**What this PR does / why we need it**:
Any events associated with service accounts should appear in the describe output.
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
Show events when describing service accounts
```
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates iSCSI volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
implement proposal 34058: hostPath volume type
**What this PR does / why we need it**:
implement proposal #34058
**Which issue this PR fixes** : fixes#46549
**Special notes for your reviewer**:
cc @thockin @luxas @euank PTAL
- Adds AddAliasToInstance() to the GCE cloud provider.
- Adds field "secondary-range-name" to the gce.conf configuration file.
```release-note
NONE
```
Automatic merge from submit-queue
quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates ~~nfs~~ quobyte volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Support HostAlias for HostNetwork Pods
**What this PR does / why we need it**: Currently, HostAlias does not support HostNetwork pods because historically, kubelet only manages hosts file for non-HostNetwork pods. With the recent change in https://github.com/kubernetes/kubernetes/pull/49140, kubelet now manages hosts file for all Pods, which enables HostAlias support also.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48398
**Special notes for your reviewer**: might be easier to review commit-by-commit
**Release note**:
```release-note
HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods.
```
@yujuhong @hongchaodeng @thockin
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fixed code comments that were not updated
**What this PR does / why we need it**:
The comment of the args ‘KubeReserved’ is out of date and there is no consistent with command line messages
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Add ephemeral local storage resource name first
Since finally decided the ephemeral local storage resource name, send this PR to add the resource name first, and then i will rebase all my PRs about local storage isolation
**Special notes for your reviewer**:
related to: #50818
**Release note**:
```release-note
NONE
```
/assign @jingxu97
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fix the method name of BuiltInAuthenticationOptions.WithAnyonymous
change the BuiltInAuthenticationOptions.WithAnyonymous to
WithAnonymous would be better.
**What this PR does / why we need it**:
The BuiltInAuthenticationOptions.WithAnyonymous method name should be a meaningful name of WithAnonymous
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Library updates to better support removing kubectl deps on kubernetes/kubernetes
**What this PR does / why we need it**:
**Which issue this PR fixes**: kubernetes/kubectl#50
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Replace validateGlusterfs() with validateGlusterfsVolumeSource() for consistency.
Automatic merge from submit-queue
cloudprovider/openstack bug fix: don't try to append pool id if pool doesn't exist
**What this PR does / why we need it**:
This fixes a bug in the OpenStack cloud provider that could cause a panic.
Consider what will happen in the current `LbaasV2.EnsureLoadBalancerDeleted` code if `nil, ErrNotFound` is returned by `getPoolByListenerID`.
Automatic merge from submit-queue
Add liggitt as an API approver.
@liggitt has been on the project since 2014, was a key participant of the evolution of the v1beta3 and v1 APIs, has performed many API reviews, has helped to develop the API conventions (most recently with the added guidance regarding alpha fields), and has demonstrated attention to detail and good taste. His efforts have helped keep the API sane and consistent.
Also note that bgrant0607 is an approver, but shouldn't be auto-assigned.
cc @kubernetes/api-approvers
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Allow attach of volumes to multiple nodes for vSphere
This is a fix for issue #50944 which doesn't allow a volume to be attached to a new node after the node is powered off where the volume was previously attached.
Current behaviour:
One of the cluster worker nodes was powered off in vCenter.
Pods running on this node have been rescheduled on different nodes but got stuck in ContainerCreating. It failed to attach the volume on the new node with error "Multi-Attach error for volume pvc-xxx, Volume is already exclusively attached to one node and can't be attached to another" and hence the application running in the pod has no data available because the volume is not attached to the new node. Since the volume is still attached to powered off node, any attempt to attach the volume on the new node failed with error "Multi-Attach error". It's stuck for 6 minutes until attach/detach controller forcefully tried to detach the volume on the powered off node. After the end of 6 minutes when volume is detached on powered off node, the volume is now successfully attached on the new node and application has now the data available.
What is expected to happen:
I would want the attach/detach controller to go ahead with the attach of the volume on new node where the pod got provisioned instead of waiting for the volume to be detached on the powered off node. It is ok to eventually delete the volume on the powered off node after 6 minutes. This way the application downtime is low and pods are up as soon as possible.
The current fix ignore, vSphere volumes/persistent volume to check for multi-attach scenario in attach/detach controller.
@jingxu97 @saad-ali : Can you please take a look at it.
@tusharnt @divyenpatel @rohitjogvmw @luomiao
```release-note
Allow attach of volumes to multiple nodes for vSphere
```
References in the openapi are currently completely hidden from the
model, and just passed through as we walk the tree. The problem is that
they can have a different description and more importantly, different
extensions.
Change them to be first-class citizen, and fully part of the model. It
means that visitors have to implement one more function and decide if
something specific should be done with references. Validation is updated
to just completely ignore them and passthrough (like it was done
before).
This change renames the `--experimental-bootstrap-token-auth` flag to `--enable-bootstrap-token-auth`. The old flag is accepted but generates a warning.
In 1.9, we will drop support for `--experimental-bootstrap-token-auth` entirely.
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Fix comment and typos in node_controller
**What this PR does / why we need it**:
1. fix comment to more accurately
2. fix typos
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
StorageOS: Use VolumeHost.GetExec() to execute stuff in volume plugins
Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates StorageOS volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Mark the volumes as detached when node does not exist
If node does not exist, node's volumes will be detached
automatically and become available. So mark them detached and do not return err.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
#50200
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Call Fatalf instead of Errorf when mounter/unmounter is nil in volume tests
If we get a nil mounter or unmounter, a panic will occur. Should call `Fatalf` instead of `Errorf`.
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
gluster: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates GlusterFS volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Special notes for your reviewer**:
There are two commits:
* The first one removes unused `plugin.execCommand` (so we don't need to update it to `VolumeHost.GetExec`)
* The second one does the `VolumeHost.GetExec` trick described above.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
FlexVolume: Add ability to control 'SupportsSELinux' during driver's init phase
**What this PR does / why we need it**:
Adds the ability to disable FlexVolume SELinux relabeling for filesystems that don't support it, e.g. fuse
**Which issue this PR fixes**:
This was reported in: https://github.com/lizardfs/lizardfs/issues/581
This is a reworked solution as per feedback from #50548https://github.com/kubernetes/kubernetes/pull/50548#issuecomment-322328679
**Special notes for your reviewer**:
/assign @thockin
/cc @chakri-nelluri @verult @saad-ali
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
nfs: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates nfs volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
azure: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates Azure volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
To simplify testing, `/sys/bus/scsi/devices/*/model` and `.../vendor` are read using `ioutil.ReadFile` instead of `/bin/cat` in the first commit.
```release-note
NONE
```
@kubernetes/sig-storage-pr-reviews @kubernetes/sig-azure-misc
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
fibre channel: Remove unused exe interface
**What this PR does / why we need it**:
`execCommand` is not used anywhere, let's remove it and associated `exe` field from several structs.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50229, 50973, 50976, 51085, 51084)
Remove duplicate command example
**What this PR does / why we need it**:
`kubectl port-forward --help` currently contains a duplicate example. This PR removes the duplicate.
```release-note
/release-note Remove duplicate command example from `kubectl port-forward --help`
```
/sig cli
/kind cleanup
/kind documentation
Automatic merge from submit-queue (batch tested with PRs 50257, 50247, 50665, 50554, 51077)
fix issue(51027)kubect logs --selector ignoring --tail=-1
**What this PR does / why we need it**:
closes issue #51027
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix kubect logs --selector ignoring --tail=-1
```
Automatic merge from submit-queue (batch tested with PRs 50257, 50247, 50665, 50554, 51077)
Refactor kubectl factory test case with sets.String
**What this PR does / why we need it**:
change to make got and want use sets.String instead, since that is both safe and more clearly shows the intent.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50257, 50247, 50665, 50554, 51077)
Replace hard-code "cpu" and "memory" to consts
**What this PR does / why we need it**:
There are many places using hard coded "cpu" and "memory" as resource name. This PR replace them to consts.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50257, 50247, 50665, 50554, 51077)
Add whitespace to improve error msg clarity
**What this PR does / why we need it**:
Currently when `kubectl explain` is called without a resource the error message is tacked onto the end of the list of valid resources. The error is clearer if there is a new line after the valid resource list, this also causes the error to be left aligned instead of indented level with the valid resource list.
```release-note
NONE
```
/sig cli
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 50980, 46902, 51051, 51062, 51020)
fix confusion in service_controller
**What this PR does / why we need it**:
Fix code and comment confusion in `service_controller`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51009
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50980, 46902, 51051, 51062, 51020)
Fix swallowed errors in statefulset tests
**What this PR does / why we need it**: Fixes errors that were being swallowed in the tests of the statefulset package.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 50980, 46902, 51051, 51062, 51020)
Fix StatefulSet update validation
StatefulSet update validation did not allow change to number of containers in pod template. Fix this bug so that it's possible to make this kind of change.
Found it when suggesting test-cmd changes in https://github.com/kubernetes/kubernetes/pull/49674.
@kubernetes/sig-apps-pr-reviews @smarterclayton
/approve no-issue
Automatic merge from submit-queue
Add Humble as GlusterFS approver.
@humblec has shown his commitment into GlusterFS by number of commits there
and by support on sig-storage slack channel.
@kubernetes/sig-storage-misc
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51039, 50512, 50546, 50965, 50467)
add alpha api gate at gce cloud provider
**What this PR does / why we need it**:
Add a flag in gce.conf to gate alpha api. Related wrapper function can choose to examine corresponding gate.
Currently, there is no new alpha api wrapper funciton being introduced. So there is no supported alpha api.
**Release note**:
```release-note
None
```
cc: @yujuhong @saad-ali @MrHohn
Automatic merge from submit-queue (batch tested with PRs 51039, 50512, 50546, 50965, 50467)
Kubectl: Plumb openapi validation (disabled by default)
**What this PR does / why we need it**: Creates a new flag '--openapi' and plumb in the validation code so that it can be used by default to validate objects against the openapi schema.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partially https://github.com/kubernetes/kubectl/issues/49
**Special notes for your reviewer**:
This is not complete, the name of the variable must change for example.
**Release note**:
```release-note
Kubectl uses openapi for validation. If OpenAPI is not available on the server, it defaults back to the old Swagger.
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
kubectl show node role if defined
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50010
**Special notes for your reviewer**:
/assign @justinsb @luxas @jbeda @philips
/cc @qrevel
**Release note**:
```release-note
kubectl show node role if defined
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
Remove deprecated kubectl command aliases
**What this PR does / why we need it**:
These command aliases have been deprecated for more than two years. It's time to remove them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #8319#6118#8596
**Special notes for your reviewer**:
/sig cli
**Release note**:
```release-note
Remove deprecated kubectl command aliases `apiversions, clusterinfo, resize, rollingupdate, run-container, update`
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
Fix Getpath() description
Modify the description of the word error
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
iSCSI volume plugin: iSCSI initiatorname support
**What this PR does / why we need it**:
This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator.
**Which issue this PR fixes**: fixes#47311
**Special notes for your reviewer**:
/cc @rootfs @jsafrane @msau42
**Release note**:
```
iSCSI volume plugin: Support customization of iSCSI initiator name per volume
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
On AttachDetachController node status update, do not retry when node …
…doesn't exist but keep the node entry in cache.
**What this PR does / why we need it**: An alternative fix for https://github.com/kubernetes/kubernetes/issues/42438 which also fixes#50721.
Instead of removing the node entry entirely from the node status update cache (which prevents the node from ever being updated even when it recovers), here the node status updater does nothing, so that there won't be an update retry until the node is re-added, where the cache entry is set to true.
Will cherry pick to prior versions after this is merged.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50721
**Release Note**:
``` release-note
On AttachDetachController node status update, do not retry when node doesn't exist but keep the node entry in cache.
```
/assign @jingxu97
/cc @saad-ali
/sig storage
/release-note
A pod status change of unready -> ready results in a move from
the endpoint's unready endpoint addresses to its ready addresses
so if a pod update contains an unready -> ready status change,
the endpoint needs to be updated.
The subfeature was a cool idea, but in the end it is very complex to
separate Kubelet restarts into crash-loops caused by config vs.
crash-loops caused by other phenomena, like admin-triggered node restarts,
kernel panics, and and process babysitter behavior. Dynamic kubelet config
will be better off without the potential for false positives here.
Removing this subfeature also simplifies dynamic configuration by
reducing persistent state:
- we no longer need to track bad config in a file
- we no longer need to track kubelet startups in a file
Automatic merge from submit-queue (batch tested with PRs 51102, 50712, 51037, 51044, 51059)
fix#51043
**What this PR does / why we need it**: The StatefulSet controller no longer attempts to mutate "hostname" or "subdomain" fields of the "pod.spec" to enforce the network identity of Pods in a StatefeulSet. Since these fields are set upon creation and immutable thereafter setting the annotations is no longer necessary.
fixes: #51043
Automatic merge from submit-queue (batch tested with PRs 51102, 50712, 51037, 51044, 51059)
Create the directory for cadvisor if needed
**What this PR does / why we need it**:
In 6c7245d464, code was added to
bail out if the directory that cadvisor monitored did not exist.
However, this breaks the earlier assumption that kubelet created
directories when needed in pkg/kubelet/kubelet.go's setupDataDirs()
method. setupDataDirs() happens much later, so basically kubelet
exits now.
So since cadvisor really needs this directory, let us just create
it
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#50709
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50967, 50505, 50706, 51033, 51028)
Revert "Merge pull request #51008 from kubernetes/revert-50789-fix-scheme"
I'm spinning up a cluster right now to test this fix, but I'm pretty sure this was the problem.
There doesn't seem to be a way to confirm from logs, because AFAICT the logs from the hollow kubelet containers are not collected as part of the kubemark test.
**What this PR does / why we need it**:
This reverts commit f4afdecef8, reversing
changes made to e633a1604f.
This also fixes a bug where Kubemark was still using the core api scheme
to manipulate the Kubelet's types, which was the cause of the initial
revert.
**Which issue this PR fixes**: fixes#51007
**Release note**:
```release-note
NONE
```
/cc @shyamjvs @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 50967, 50505, 50706, 51033, 51028)
teach gce cloud to handle alpha/beta operations v2
Alternative to #50704
This one feels cleaner. BUT, type assertion problems cannot be exposed at compile time.
Please let me know what you think. This will set the precedence for consuming GCE alpha/beta API.
cc: @thockin @yujuhong @saad-ali @MrHohn
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50893, 50913, 50963, 50629, 50640)
gce external LB: add a function to verify the requested IP address
Factor out the logic for verifying the user-requested IP for better
readability and testing. Also rename a few variables for clarity.
This prepares volume plugins to run things in containers instead of running
them on the host.
As consequence, a mount.Exec interface needs to be passed from VolumeHost
down to SioClient.
Automatic merge from submit-queue (batch tested with PRs 46458, 50934, 50766, 50970, 47698)
kubeadm: Warn in preflight checks if KubernetesVersion is of a newer branch than kubeadm
**What this PR does / why we need it**:
see https://github.com/kubernetes/kubeadm/issues/307
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubeadm/issues/307
**Special notes for your reviewer**:
**Release note**:
Automatic merge from submit-queue (batch tested with PRs 46458, 50934, 50766, 50970, 47698)
Skip non-update endpoint updates
**What this PR does / why we need it**:
On large clusters, a large percentage of endpoint updates are actually non-updates that occur as a result of a change in an associated pod. This results in endpoint updates where the only field that has changed is the `TargetRef.ResourceVersion` in the endpoint address associated with the changed pod. Given enough of these non-updates, the endpoint controller's queue rate limit can be overwhelmed and legitimate updates can be delayed, resulting in (temporarily) broken services. We have clusters where we've seen endpoint updates take 9 minutes.
**Which issue this PR fixes** : fixes#50936
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
Prevent unneeded endpoint updates
```
Automatic merge from submit-queue (batch tested with PRs 46458, 50934, 50766, 50970, 47698)
Prepare VolumeHost for running mount tools in containers
This is the first part of implementation of https://github.com/kubernetes/features/issues/278 - running mount utilities in containers.
It updates `VolumeHost` interface:
* `GetMounter()` now requires volume plugin name, as it is going to return different mounter to different volume plugings, because mount utilities for these plugins can be on different places.
* New `GetExec()` method that should volume plugins use to execute any utilities. This new `Exec` interface will execute them on proper place.
* `SafeFormatAndMount` is updated to the new `Exec` interface.
This is just a preparation, `GetExec` right now leads to simple `os.Exec` and mount utilities are executed on the same place as before. Also, the volume plugins will be updated in subsequent PRs (split into separate PRs, some plugins required lot of changes).
```release-note
NONE
```
@kubernetes/sig-storage-pr-reviews
@rootfs @gnufied
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
Do not allow empty topology key for pod affinities.
**What this PR does / why we need it**:
This PR do not allow empty topology key for all 4 pod affinities.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Affinity in annotations alpha feature is no longer supported in 1.8. Anyone upgrading from 1.7 with AffinityInAnnotation feature enabled must ensure pods (specifically with pod anti-affinity PreferredDuringSchedulingIgnoredDuringExecution) with empty TopologyKey fields must be removed before upgrading to 1.8.
```
@kubernetes/sig-scheduling-bugs @bsalamat @davidopp
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
cni: print better error when a CNI .configlist is put into a .config
If the admin mistakenly puts a CNI configlist into a "conf" file, that's not correct, but kubelet will still read the config file and then fail to start the pod because "type=". Be a bit smarter about that. Should also be fixed in CNI, which I'm doing a PR for as well.
@squeed @thockin @freehan
Automatic merge from submit-queue (batch tested with PRs 50693, 50831, 47506, 49119, 50871)
Use reflect.DeepEqual to replace slicesEqual
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50952
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50693, 50831, 47506, 49119, 50871)
fix two typos in quobyte error message
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
fix two typos in quobyte error message
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
This reverts commit f4afdecef8, reversing
changes made to e633a1604f.
This also fixes a bug where Kubemark was still using the core api scheme
to manipulate the Kubelet's types, which was the cause of the initial
revert.
This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource
to enable automatic configuration of initiator name per volume.
This would allow for more fine grained configuration, and remove
the need to configure the initiator name on the host by
administrator.
fixes: #47311
Automatic merge from submit-queue (batch tested with PRs 47896, 50678, 50620, 50631, 51005)
allow heapster option defaults to be set - kubectl top node|pod
**Release note**:
```release-note
NONE
```
Allows downstream / outside consumers of `NewCmdTopNode` and `NewCmdTopPod` commands to set project or case-specific heapster option defaults.
Related downstream PR: https://github.com/openshift/origin/pull/15764
cc @fabianofranz
Automatic merge from submit-queue (batch tested with PRs 47896, 50678, 50620, 50631, 51005)
Remove deprecated lookup cache flags.
**What this PR does / why we need it**:
Remove deprecated lookup cache flags: `replication-controller-lookup-cache-size, replicaset-lookup-cache-size, daemonset-lookup-cache-size`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43388
**Special notes for your reviewer**:
/cc @enisoc
**Release note**:
```release-note
The following deprecated flags have been removed from `kube-controller-manager`: `replication-controller-lookup-cache-size`, `replicaset-lookup-cache-size`, and `daemonset-lookup-cache-size`. Make sure you no longer attempt to set them.
```
If user specify floating-network-id by annotation rather than cloud
provider file, openstack cloud provider don't delete floatingip when
deleting LoadBalancer service.
In 6c7245d464, code was added to
bail out if the directory that cadvisor monitored did not exist.
However, this breaks the earlier assumption that kubelet created
directories when needed in pkg/kubelet/kubelet.go's setupDataDirs()
method. setupDataDirs() happens much later, so basically kubelet
exits now.
So since cadvisor really needs this directory, let us just create
it
Fixes#50709
Automatic merge from submit-queue (batch tested with PRs 46512, 50146)
Make metav1.(Micro)?Time functions take pointers
Is there any reason for those functions not to be on pointers?
Automatic merge from submit-queue
Fix initial exec terminal dimensions
**What this PR does / why we need it**:
Delay attempting to send a terminal resize request to docker until after
the exec has started; otherwise, the initial resize request will fail.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47990
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Use CollisionCount for collision avoidance in StatefulSet controller
**What this PR does / why we need it**:
This PR uses the newly added `CollisionCount` in `StatefulSetStatus` for name collision avoidance when the `StatefulSet` controller creates `ControllerRevision`s. The `CreateControllerRevision` method of the `ControllerHistory` interface was augmented to use a user-specified `collisionCount` instead of the internal probe that always starts with 0. The `StatefulSet` controller uses the `CreateControllerRevision` to create `ControllerRevision`s and when it calls it, it passes in the `CollisionCount` of the `StatefulSet` it manipulates.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49909.
**Special notes for your reviewer**:
/assign @kow3ns
**Release note**:
```release-note
Use CollisionCount for collision avoidance when creating ControllerRevisions in StatefulSet controller
```
Add the following flags to control the prefixing of usernames and
groups authenticated using OpenID Connect tokens.
--oidc-username-prefix
--oidc-groups-prefix
Automatic merge from submit-queue
Add enj as reviewer to OWNERS
Adding myself as a reviewer for the following areas:
- API
- auth
- registry
- storage (etcd)
Signed-off-by: Monis Khan <mkhan@redhat.com>
**Release note**:
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
@kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 50255, 50885)
AWS: Arbitrarily choose first (lexicographically) subnet in AZ
When there is more than one subnet for an AZ on AWS choose arbitrarily
chose the first one lexicographically for consistency.
**What this PR does / why we need it**:
If two subnets were to be used appear in the same aws az which one is chosen is currently not consistent. This could lead to difficulty in diagnosing issues.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45983
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50303, 50856)
Make route-controller list only relevant routes instead of all of them
Ref https://github.com/kubernetes/kubernetes/issues/50854 (somewhat related issue)
IIUC from the code, route-controller memory is mainly being used in storing routes and nodes (also CIDRs, but that's not much).
This should help reduce that memory usage (particularly when running in a project with large no. of routes), by moving filtering to server-side.
For e.g in kubernetes-scale project we have ~5000 routes (each about 600B) => 3 MB of routes
This doesn't help with reducing time to list the routes as filtering is also linear.
cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue
delete ineffectual assginment
**What this PR does / why we need it**:
delete ineffectual assignment
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
Automatic merge from submit-queue
CollisionCount should have type int32 across controllers that use it for collision avoidance
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50530
**Special notes for your reviewer**:
/cc @liyinan926
/assign @kow3ns @thockin @janetkuo
**Release note**:
```release-note
Change CollisionCount from int64 to int32 across controllers
```
Automatic merge from submit-queue
verify pkg/util contains no code
**What this PR does / why we need it**:
verify util packages contain no go codes
related issue: #49923
Automatic merge from submit-queue (batch tested with PRs 50277, 50823, 50376, 50867)
fix issue(#50821)Add image check, if image not changed, transform false
**What this PR does / why we need it**:
closes#50821
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
fix GPU resource validation that incorrectly allows zero limits
**What this PR does / why we need it**:
The validation logic for GPUs is not run if limits is not set for GPUs.
We need to check limits equals requests even if just request is set for GPUs.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50182
**Special notes for your reviewer**:
/assign @vishh
/cc @jiayingz
**Release note**:
```release-note
fix GPU resource validation that incorrectly allows zero limits
```
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Set ExecSync timeout in liveness prober.
Although Dockershim doesn't actually support `ExecSync` timeout (see [here](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/dockershim/exec.go#L137)), we should set the timeout, so that the other runtime which supports the timeout could work properly.
Fixes#50389.
/cc @yujuhong @timstclair @feiskyer
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Make admission plugin handle mutating spec of uninitialized pods
Address https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321323243.
Updated to handle mutating pod spec of uninitialized pods:
* InitialResources
* PodNodeSelector
* PodTolerationRestriction
* ServiceAccount
Doesn't change:
* NodeRestriction: this plugin only cares about the mirror pods created by nodes, and mirror pods are exempted from initializers, so no modification required
* PersistentVolumeLabel, DefaultStorageClass: It only cares about PersistentVolume. We can revisit when we relax its validation.
* InitialResource: deprecated according to https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321388879
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
Refactor statefulset test with sets.String
**What this PR does / why we need it**:
Delete redundant sort. These string slices only own one element.
There is no necessary to sort them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50536, 50809, 50220, 50399, 50176)
mark created-by annotation as deprecated
**What this PR does / why we need it**: This PR marks created-by annotation as deprecated in code comments.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44407
**Special notes for your reviewer**:
**Release note**:
```release-note
The `kubernetes.io/created-by` annotation is now deprecated and will be removed in v1.9. Use [ControllerRef](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/controller-ref.md) instead to determine which controller, if any, owns an object.
```
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
fix kubectl issue(#52)kubectl run --expose continues after error (mis…
…sing port)
**What this PR does / why we need it**:
https://github.com/kubernetes/kubectl/issues/52
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
[proxy] Move IsLocalIP() and ShouldSkipService() to pkg/proxy/util
**What this PR does / why we need it**:
Move function `IsLocalIP()` and `ShouldSkipService()` to pkg/proxy/util package so that they can be consumed among different proxiers.
Besides, add some UTs for `ShouldSkipService()`.
**Which issue this PR fixes**: fixes#50744
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Mark volume as detached when node does not exist for vsphere
If node does not exist, node's volumes will be detached
automatically and become available. So mark them detached and
return false without error.
Fix#50266
**Special notes for your reviewer**:
/assign @jingxu97
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
fix issue(#49883) Add selector example
**What this PR does / why we need it**:
fixes#49883
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Disable Docker's health check until we officially support it
Ref: https://github.com/kubernetes/kubernetes/issues/50703
Tested locally.
Without this PR:
```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
afdd796ddddc gcr.io/ygg-gke-dev/nginx-healthcheck "nginx -g 'daemon ..." 5 minutes ago Up 5 minutes (healthy) k8s_test-container_test-pod_default_8a1ad225-82bf-11e7-becb-480fcf514648_0
```
With this PR:
```
e3fb2437555f gcr.io/ygg-gke-dev/nginx-healthcheck "nginx -g 'daemon ..." 10 seconds ago Up 9 seconds k8s_test-container_test-pod_default_de82e83c-82c0-11e7-b3fc-480fcf514648_0
```
**Release note**:
```
Disable Docker's health check until we officially support it.
```
/assign @yujuhong
/assign @dchen1107
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Add ControllerRevision to apps/v1beta2
**What this PR does / why we need it**:
This PR added `ControllerRevision` currently in `apps/v1beta1` to `apps/v1beta2`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50696.
**Special notes for your reviewer**:
@kow3ns @janetkuo
**Release note**:
```release-note
Add ControllerRevision to apps/v1beta2
```
Automatic merge from submit-queue
remove unused function in openstack cloud provider
**What this PR does / why we need it**:
List function not used in openstack cloud provider, and useless, I think need remove it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Cleanup locking in configz
**What this PR does / why we need it**:
- Reduce scope of lock in `write()` method
- Use the read lock in `write()` method
**Release note**:
```release-note
NONE
```
/kind cleanup
@mikedanese
p.s. looks like the `Set()` method could be removed if the value is accepted as an argument to `New()`. I.e. looks like to code re-sets the value.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make endpoints controller update based on semantic equality
Fixes#50828
Split from https://github.com/kubernetes/kubernetes/pull/45294 for separate review
Currently, endpoints objects containing no subsets are decoded by the go client as subsets:[] (when requested individually) or as subsets:null (when requested in a list of endpoints).
Because the endpoints controller is fed via a lister/watcher, it gets the `subsets:null` version fed to it. The subsets computation then returns an empty slice, which fails reflect.DeepEqual, which triggers a write attempt.
This PR makes the comparison use semantic.DeepEqual to avoid spurious writes.
https://github.com/kubernetes/kubernetes/pull/45294 would remove the inconsistency between lists and individual gets.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make socket address parsing work on FreeBSD.
**What this PR does / why we need it**:
I am currently in the process of porting Kubernetes to work on FreeBSD. What is interesting is that I am not interested in using Kubernetes to run Docker containers in this case. I happen to be the author of CloudABI, a sandboxing framework that is available on FreeBSD (and other systems). I want to have a cluster management tool for scheduling these sandboxed processes.
Anyway, right now `kubelet` crashes on startup when passing in CRI command line flags, for the reason that it's not able to parse `unix:...` socket addresses. This change fixes this by making the respective Linux-only source file work on FreeBSD as well.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Add ReclaimPolicy field to StorageClass
fix https://github.com/kubernetes/kubernetes/issues/38192, enough people want this imo so going ahead and adding it according to initial suggested design
some considerations:
* No Recycle allowed, Retain (& Delete) only.
* Do we need to gate the field.
* E2E test where a Retain PV is dynamically provisioned is TODO if we agree we want this & this is the way to do it.
* Need a feature repo issue to track docs and stuff for 1.8
**Release note**:
```release-note
StorageClass has a new field to configure reclaim policy of dynamically provisioned PVs.
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Device Plugin Protobuf API
**What this PR does / why we need it:**
This implements the Device Plugin API
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
Special notes for your reviewer:
First proposal submitted to the community repo, please advise if something's not right with the format or procedure, etc.
@vishh @derekwaynecarr
**Release note:**
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Rerun init containers when the pod needs to be restarted
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
This fixes#36485
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
fix the typo of errorf info
**What this PR does / why we need it**:
fix the error message of stateful_pod_control_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Log name if Azure file share cannot be created
**What this PR does / why we need it**: If the Azure storage provider fails to create a file share, it logs and error message 'failed to create share in account _foo_: _error-msg_'. A user on the Slack azure-sig channel reported an error of "The specified resource name length is not within the permissible limits". This PR adds logging of the name so that this error can be diagnosed in future.
**Which issue this PR fixes**: This was raised on Slack and has not been created as a GitHub issue.
**Special notes for your reviewer**: None
**Release note**:
```release-note
Changed the error log format when creating an Azure file share to include the name of the share.
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
**What this PR does / why we need it**:
Fixes#50473
Rationale: since the scheduler handles all resources except CPU as integers, that could just be the default behavior for namespaced resources.
cc @RenaudWasTaken @vishh
**Release note**:
```release-note
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
```
Automatic merge from submit-queue
Remove kubectl's dependence on schema file in pkg/api/validation.
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl. This move revealed a "hidden" dependence
(a dependence not expressed in a BUILD or make file) from a feature
level test in /hack/make-rules on a kubectl test data file. So this
PR also adds some BUILD rules around the relevant hack targets, to make the
dependence official. A later PR will move the kubectl aspect of this "hack"
test into a kubectl test directory. Leaving it in place for now after establishing
and "official" dependency, since moving the test beyond PR scope. The
test also depends on a small sh file in //cluster, which makes no sense.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
