Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validate usage strings when creating bootstrap tokens via kubeadm
**What this PR does / why we need it**:
fix TODO: Validate usages here so we don't allow something unsupported
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Create dnsIP by selecting the tenth IP from k8s svc CIDR
**What this PR does / why we need it**:
Creates dnsIP by selecting the ninth IP from k8s svc cluster IP, instead of appending 0 to the k8s svcIP string.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51997
**Special notes for your reviewer**:
This is helpful when we have service cluster range CIDR as 10.87.116.64/26 (for example), previously this would have failed while parsing the dnsIP, as we used to append a 0 to the k8s svc clusterIP string. This will get the same dnsIP 10.96.0.10 for very widely used service cluster range CIDR 10.96.0.0/12
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 55648, 55274, 54982, 51955, 55639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm:Clean up no longer used k8sVersion param
**What this PR does / why we need it**:
cleanup for kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
~~`kubeadm join` now requires the `--discovery-token-ca-cert-hash` argument to be set, or the `--discovery-token-unsafe-skip-ca-verification` flag to be set for opting out of the CA pinning feature.~~
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Conditionally mount flexvolume
**What this PR does / why we need it**:
See https://github.com/kubernetes/kubeadm/issues/476
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/476
```release-note
kubeadm: Fix a bug on some OSes where the kubelet tried to mount a volume path that is non-existent and on a read-only filesystem
```
/cc @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm enable endpoint-reconciler for HA clusters
**What this PR does / why we need it**:
enable endpoint-reconciler on kube-apiserver when creating HA clusters with kubeadm
**Which issue(s) this PR fixes**:
[#529](https://github.com/kubernetes/kubeadm/issues/529)
**Special notes for your reviewer**:
CC @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53337, 55465, 55512, 55522, 54554). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Wording in missing config from cluster response typo.
**What this PR does / why we need it**:
Resolves a typo in the response message for Kubeadm Upgrade Plan that results in the wording:
"Without this information, 'kubeadm upgrade' don't how to configure your upgraded cluster."
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
none
**Special notes for your reviewer**:
none
**Release note**:
```release-note
Correct wording of kubeadm upgrade response for missing ConfigMap.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use volumeutil.LoadPodFromFile for pod spec
**What this PR does / why we need it**:
Minor cleanup.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54493, 52501, 55172, 54780, 54819). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add CoreDNS as feature in kubeadm
**What this PR does / why we need it**:
This PR adds CoreDNS as a DNS plugin via the feature-gate option in Kubeadm init.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Fixeskubernetes/features#427
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add an experimental mode to deploy CoreDNS instead of KubeDNS
```
/cc @johnbelamaric
Automatic merge from submit-queue (batch tested with PRs 53273, 55058, 55237, 50140). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: remove priority admission controller for v1.9
**What this PR does / why we need it**:
Removes Priority Admission Controller in kubeadm since it's currently in alpha.
**Release note**:
```release-note
Removes Priority Admission Controller from kubeadm since it's alpha.
```
cc @luxas
Automatic merge from submit-queue (batch tested with PRs 55214, 55166). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: don't create duplicate volume/mount
**What this PR does / why we need it**:
If certificates for etcd are located in the same directory or
subdirectories of kubernetes pki directory, don't create separate
volumes and mounts in manifests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#522
**Special notes for your reviewer**:
/sig cluster-lifecycle
/area kubeadm
**Release note**:
```release-note
NONE
```
If certificates for etcd are located in the same directory or
subdirectories of kubernetes pki directory, don't create separate
volumes and mounts in manifests.
Fixeskubernetes/kubeadm#522
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop using the PersistentVolumeLabel admission controller in v1.9
**What this PR does / why we need it**:
Stop using the PersistentVolumeLabel admission controller in v1.9, as in v1.9, we're targeting out-of-tree cloud providers to be ready to use more generally as part of moving to beta.
**Which issue this PR fixes**:
fixeskubernetes/kubeadm#444
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
support kube-proxy ipvs mode for kubeadm
**What this PR does / why we need it**:
When using `kubeadm` to build a cluster, you can chose kube-proxy with ipvs mode by add flag `--kube-proxy-mode=ipvs`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52834
**Special notes for your reviewer**:
By default, use `iptables` mode.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add self-hosted etcd API to kubeadm
**What this PR does / why we need it**:
This PR is part of a larger set that implements self-hosted etcd. This PR takes a first step by adding:
1. new API types in `cmd/kubeadm/app/apis` for configuring self-hosted etcd
2. new Go types in `cmd/kubeadm/app/phases/etcd/spec` used for constructing EtcdCluster CRDs for the etcd-operator. The reason we define these in trunk is because kubeadm cannot import `github.com/coreos/etcd-operator` as a dependency until it's in its own repo. Until then, we need to redefine the structs in our codebase.
**Which issue this PR fixes**:
https://github.com/kubernetes/kubeadm/issues/261https://github.com/kubernetes/kubeadm/issues/277
**Special notes for your reviewer**:
This is the first step PR in order to save reviewers from a goliath PR
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Have we already bumped the minimum supported version to v1.8.0?
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Make it possible to configure volume mounts via the config file
**What this PR does / why we need it**:
Kubeadm mounts host CA certs into api server and controller manager. It uses `/etc/pki` and does not allow for the path to be configurable. This PR adds a default to `/etc/pki` but also allows a user to configure the path in the config file. In the case of using Container Linux, the CAs are located at `/usr/share/ca-certificates`, so without this PR the hardcoded `/etc/pki` path is used and will break, for example, the `--cloud-provider` flag because of missing CAs.
Fixes https://github.com/kubernetes/kubeadm/issues/484
Fixes https://github.com/kubernetes/kubeadm/issues/476
Fixes https://github.com/kubernetes/kubeadm/issues/441
/cc @luxas
Automatic merge from submit-queue (batch tested with PRs 54160, 54016). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix `kubeadm upgrade plan` for offline operation
**What this PR does / why we need it**:
This PR allows `kubeadm upgrade plan` to work in firewalled/offline/otherwise restricted environments by ignoring errors when trying to reach dl.k8s.io. Instead, we fall back to the current kubeadm version as the latest stable version. This is a reasonable as a user is [expected to install a recent version of kubeadm before upgrading](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm-upgrade-1-8/#upgrading-your-control-plane).
**Which issue this PR fixes**: Fixeskubernetes/kubeadm#498
**Special notes for your reviewer**: Should preferably be cherrypicked to 1.8.
```release-note
Fix `kubeadm upgrade plan` for offline operation: ignore errors when trying to fetch latest versions from dl.k8s.io
```
Automatic merge from submit-queue (batch tested with PRs 54644, 53072). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm swallowed errors
**What this PR does / why we need it**: Fixes nine swallowed errors in kubeadm, and adds descriptive error returns to Init.Run().
**Special notes for your reviewer**: I've resubmitted this PR after it required a rebase. Previously, I submitted this PR as https://github.com/kubernetes/kubernetes/pull/52591
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 54437, 54714, 54720). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds support for v4/v6 loopback dns bind address.
**What this PR does / why we need it**:
Previously, IPv4 Loopback addresses (127.0.0.1) were hard coded into the kubeadm dns deployment manifest. This PR adds support for using an IPv6 Loopback (::1) when the kube-dns Service IP is an IPv6 address.
**Special notes for your reviewer**:
Required for IPv6-only deployments.
**Release note**:
```NONE
```
/area ipv6
/sig network
