Automatic merge from submit-queue
Add Priority admission controller
**What this PR does / why we need it**: Add Priority admission controller. This admission controller checks creation and update of PriorityClasses. It also resolves a PriorityClass name of a pod to its integer value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add Priority admission controller for monitoring and resolving PriorityClasses.
```
ref/ #47604
ref/ #48646
Automatic merge from submit-queue
Remove the status of the terminated containers in the summary endpoint
Ref: https://github.com/kubernetes/kubernetes/issues/47853
- When building summary, a container is considered to be terminated if it has an older creation time and no CPU instantaneous or memory RSS usage.
- We remove the terminated containers in the summary by grouping the containers with the same name in the same pod, sorting them in each group by creation time, and skipping the oldest ones with no usage in each group. Let me know if there's simpler way.
**Release note**:
```
None
```
/assign @yujuhong
Automatic merge from submit-queue
Cleanup DaemonSet templateGeneration
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49336
**Special notes for your reviewer**:
/cc @janetkuo @foxish
~~Depends on #49071~~ (Merged)
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49842, 50649)
Add Unit Test: opaque int resource name
**What this PR does / why we need it**: https://github.com/kubernetes/kubernetes/issues/49384, adding unit tests for functions related to the prefix OpaqueIntResourceName in /pkg/api/v1helper
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
Fix Type Taint comment
**What this PR does / why we need it**:
remvoe redundant words in Type `Taint`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/assign @k82cn
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
Revert "Remove old node role label that is not used by kubeadm"
Revert the commit that removed printing of node roles from kubectl.
It sounds like we also need to update the labels we inspect, as these were previously removed. But starting with a clean revert.
Issue #49124
```release-note
NONE
```
Automatic merge from submit-queue
Fix dropped errors in vsphere_volume
**What this PR does / why we need it**: Error variables are being assigned in the vsphere_volume tests, but their values are being ignored.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue
Typed static/mirror pod UID translation
Fixes#36031 , partially.
TODO:
- [x] Add types ResolvedPodUID and MirrorPodUID.
- [x] Use the ResolvedPodUID type with minimal changes.
- [x] Use the MirrorPodUID type with minimal changes.
- [x] Clarify whether the new types should be used anywhere else; if so make the agreed upon changes.
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 50094, 48966, 49478, 50593, 49140)
Kubelet manage hosts file for HostNetwork Pods instead of Docker
**What this PR does / why we need it**: Currently, Docker manages the hosts file for containers inside Pods using hostNetwork. It creates discrepancy between how we treat hostNetwork and non-hostNetwork Pods. Kubelet should manage the file regardless of the network setup.
**Which issue this PR fixes**: fixes#48397 more context in https://github.com/kubernetes/kubernetes/issues/43632#issuecomment-304376441
**Special notes for your reviewer**: Because the new logic relies on reading the node filesystem, I'm not sure how to write a proper unit test. I was thinking about using a node e2e test to cover the case, but suggestions are greatly welcomed.
**Release note**:
```release-note
Kubelet now manages `/etc/hosts` file for both hostNetwork Pods and non-hostNetwork Pods.
```
/kind feature
/sig node
@yujuhong @hongchaodeng @thockin
@kubernetes/sig-network-feature-requests @kubernetes/sig-node-feature-requests
Automatic merge from submit-queue (batch tested with PRs 50094, 48966, 49478, 50593, 49140)
[kube-proxy] Move UDP conntrack operations together to pkg/proxy/util/conntrack.go
**What this PR does / why we need it**:
Fix TODO in pkg/proxy/iptables.go, see
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L1632
Move UDP conntrack operations together to from `pkg/proxy/iptables/proxier.go` to `pkg/proxy/util/conntrack.go` so that make them more consistent and add some UTs.
**Which issue this PR fixes**
Fixes#49477
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47034, 50329)
Fix comments
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Delete redundant print 'got:'
**What this PR does / why we need it**:
Delete redundant print 'got:'
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50592
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Validate token length of TokenReview
**What this PR does / why we need it**:
I find API Resource TokenReview has no validation yet. Without validation, client may post unexpected data to API Server. I think we need to validate it before processing it.
This PR Validate TokenReview Resource.
Fixes#50588
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)
Remove duplicate logging code
**What this PR does / why we need it**:
Currently function `handleAttachPod` contains duplicate code which copies the AttachOptions output writer to the pod logging writer. This code can be refactored into a separate function.
**Special notes for your reviewer**:
Refactor only, does not change program logic.
**Release note**:
```release-note
NONE
```
/sig cli
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 49847, 49743, 49853, 50225, 50479)
refactor capabilities to a singleton struct
**What this PR does / why we need it**:
refactor
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
refactor
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix winspace proxier wrong comment message
**What this PR does / why we need it**:
Since winspace proxier has nothing to do with iptables, this PR remove the wrong comment message on iptables.
**Which issue this PR fixes**:
Fixes#50524
Automatic merge from submit-queue
Delete redundant test para. for controller_ref_manager_test
**What this PR does / why we need it**:
The test does not use para. expectError.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
fix apps DeploymentSpec conversion issue
**What this PR does / why we need it**:
When working on #49645, I found current conversion for `v1.PodTemplateSpec` to `api.PodTemplateSpec` did not work properly. It should function as [L244-L246](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/apps/v1beta1/conversion.go#L244-L246).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/cc @janetkuo
**Release note**:
```release-note
fix apps DeploymentSpec conversion issue
```
Automatic merge from submit-queue
get_test.go fix error format and info
**What this PR does / why we need it**:
there left the only one need modify,thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49481
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)
not allowing "kubectl edit <resource>" when you got an empty list
**What this PR does / why we need it**:
`kubectl edit` will panic when adding an empty list.
> panic: runtime error: index out of range
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50147
**Special notes for your reviewer**:
/assign @errordeveloper @mengqiy @janetkuo @fabianofranz
/cc @rootfs @soltysh @sttts
**Release note**:
```release-note
not allowing "kubectl edit <resource>" when you got an empty list
```
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)
openapi: Add validation logic
This allows validation of a yaml/json object against an openapi schema.
A lot more testing would be needed to validate the logic, and also this
is not plumbed in, so it can't be used by kubectl yet.
**What this PR does / why we need it**: This is implementing validation against the openapi swagger spec rather than the old swagger spec.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubectl/issues/49
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205)
AddOrUpdateTaint should ignore duplicate Taint.
The parameter of AddOrUpdateTaint is Taint pointer, so should use
Taint object itself to compare with the node's taint list to ignore
duplicate taint.
While doing #49384, found this issue and fixed.
Fixed part of #49384, other test cases will be added in the following patch
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Remove useless conversion-gen tags
To generate cross group conversions, `+k8s:conversion-gen` should be added in the way https://github.com/kubernetes/kubernetes/pull/49751 did. This PR removes the useless tags in pkg/apis/extensions/v1beta1/doc.go
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Fix conflict about getPortByIp
**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#43909
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
cmd/explain: make 'recursive' local var (not global)
**What this PR does / why we need it**:
Use a parameter instead of a global variable.
Spotted this while I was looking for our recursive directory walker.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: no-issue
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This allows validation of a yaml/json object against an openapi schema.
A lot more testing would be needed to validate the logic, and also this
is not plumbed in, so it can't be used by kubectl yet.
Automatic merge from submit-queue
Added jdumars to OWNERS file for Azure cloud provider
**What this PR does / why we need it**:
This PR adds GitHub user jdumars as an approver to pkg/cloudprovider/providers/azure
Jaice Singer DuMars (me) is the program manager at Microsoft tasked with shepherding all upstream contributions from Microsoft into Kubernetes. With the volume of work, and the impending breakout of cloud provider code, this helps distribute the review and approval load more evenly.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
N/A
**Special notes for your reviewer**:
This was discussed with Brendan Burns prior to submitting the pre-approval.
**Release note**:
none
Automatic merge from submit-queue
Remove repeated reviewer's names
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
GCE: Fix lowercase value and alpha-missing annotation for ILB
**What this PR does / why we need it**:
Fixes#50426
Also explicitly sets an annotation as 'alpha'.
/assign @freehan @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)
Enable caching successful token authentication
Resolves#50472
To support revocation of service account tokens, an etcd lookup of the token and service account is done by the token authenticator. Controllers that make dozens or hundreds of API calls per second (like the endpoints controller) cause this lookup to be done very frequently on the same objects.
This PR:
* Implements a cached token authenticator that conforms to the authenticator.Token interface
* Implements a union token authenticator (same approach as the union request authenticator, conforming to the authenticator.Token interface)
* Cleans up the auth chain construction to group all token authenticators (means we only do bearer and websocket header parsing once)
* Adds a 10-second TTL cache to successful token authentication
```release-note
API server authentication now caches successful bearer token authentication results for a few seconds.
```
