Add a new Alpha Feature to set a maximum number of pids per Pod.
This is to allow the use case where cluster administrators wish
to limit the pids consumed per pod (example when running a CI system).
By default, we do not set any maximum limit, If an administrator wants
to enable this, they should enable `SupportPodPidsLimit=true` in the
`--feature-gates=` parameter to kubelet and specify the limit using the
`--pod-max-pids` parameter.
The limit set is the total count of all processes running in all
containers in the pod.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix TestCadvisorListPodStats failure under mac/darwin
**What this PR does / why we need it**:
GetPodCgroupNameSuffix is not really implemented under darwin
(or windows for that matter). So let's just skip over the check
for CPU and Memory if that is not set.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57636
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57823, 58091, 58093, 58096, 57020). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ignore images in used by running containers when GC
**What this PR does / why we need it**:
Let kubelet not attempt to remove images being used by running containers.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57006
**Special notes for your reviewer**:
@kubernetes/sig-node-pr-reviews
**Release note**:
```release-note
ignore images in used by running containers when GC
```
The `--docker-disable-shared-pid` flag will be removed once per-pod
configurable process namespace sharing becomes available. Mark it
deprecated to notify cluster admins.
Automatic merge from submit-queue (batch tested with PRs 57733, 57613, 57953). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[eviction manager]fix type error
**What this PR does / why we need it**:
It should not wrong hint messages when create memory threshold notifier failed
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dockershim: bump the minimum supported docker version to 1.11
Drop the 1.10 compatibilty code.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicate function getBuggyHostportChain
**What this PR does / why we need it**:
remove `TODO remove this after release 1.9, please refer https://github.com/kubernetes/kubernetes/pull/55153`
function `getBuggyHostportChain` does bad conversion on HostPort from int32 to string, now that `getHostportChain` does right, we remove function `getBuggyHostportChain` .
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix the wrong code comment
**What this PR does / why we need it**:
Fix the wrong code comment
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#55608
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move scheduler out of plugin directory
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
This is but one step toward resolving the referenced issue.
/ref #57579
**Special notes for your reviewer**:
**Release note**:
```release-note
Default scheduler code is moved out of the plugin directory.
plugin/pkg/scheduler -> pkg/scheduler
plugin/cmd/kube-scheduler -> cmd/kube-scheduler
```
/sig scheduling
This moves plugin/pkg/scheduler to pkg/scheduler and
plugin/cmd/kube-scheduler to cmd/kube-scheduler.
Bulk of the work was done with gomvpkg, except for kube-scheduler main
package.
Credential provider is useful without the v1 API, move the only
dependency out so that we can more easily move credential provider to a
utility library in the future (other callers besides Kubelet may need to
load pull secrets like Docker).
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump pause container used by kubelet and tests to 3.1
This updates the version of the pause container used by the kubelet and
various test utilities to 3.1.
**What this PR does / why we need it**: The pause container hasn't been rebuilt in quite a while and needs an update to reap zombies (#50865) and for schema2 manifest (#56253).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#50865, Fixes#56253
**Special notes for your reviewer**:
**Release note**:
```release-note
The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits.
```
Automatic merge from submit-queue (batch tested with PRs 57533, 57524). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make ConfigOK status messages more human readable
This makes the ConfigOK status messages for dynamic config more human readable by including the path (e.g. SelfLink) to the object. The messages used to include the UID, but this was kind of useless, because there's no way to GET an object by UID.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57533, 57524). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
periodically check whether assigned kubelet config should become last-known-good
Fixes#57808
Previously, the last-known-good was only updated on Kubelet restart. This has been on my todo list for a while, good to finally have a PR up.
Previously we could have this scenario, which is fixed by this PR:
- lkg is set to local
- we set config A
- config A passes trial period, but nothing caused Kubelet to restart
- we set config B, which turns out to be invalid
- Kubelet will fall back to local, because lkg was never updated
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update gengo version to include goimports formatter
Update gengo which now uses goimports to format code and organize imports.
Fixes#55542
**Special notes for your reviewer**:
Updates version of k8s.io/gengo
Takes new dependency on golang.org/x/tools/imports and golang.org/x/tools/go/ast/astutil
**Release Notes**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57572, 57512, 57770). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
More default fixups for Kubelet flags
Similar to #57621, this fixes some other Kubelet flags that were
defaulted wrong.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57746, 57621, 56839, 57464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
security_context_test.go(TestVerifyRunAsNonRoot): add more test cases
**What this PR does / why we need it**:
In #56503 we modified `VerifyRunAsNonRoot` function add add one more argument. As [was requested](https://github.com/kubernetes/kubernetes/pull/56503#discussion_r153870821) by @simo5, this change should have a unit test.
This PR adds this test and also some more to cover more execution paths.
**Release note**:
```release-note
NONE
```
PTAL @pweil- @liggitt
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 57651, 56411, 56779, 57523, 57624). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace --init-config-dir with --config
Rather than a directory with magic names, just give the Kubelet a file path.
Was originally in #55718, but I'm splitting it out for clarity.
Fixes#57763
```release-note
The alpha `--init-config-dir` flag has been removed. Instead, use the `--config` flag to reference a kubelet configuration file directly.
```
Automatic merge from submit-queue (batch tested with PRs 49856, 56257, 57027, 57695, 57432). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change to pkg/util/node.UpdateNodeStatus
**What this PR does / why we need it**:
> // TODO: Change to pkg/util/node.UpdateNodeStatus.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/cc @brendandburns @dchen1107 @lavalamp
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
new testcase to cgroup_manager_linux.go
a new test case to adaptName(), for testing "cgroupManagerType != libcontainerSystemd"
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove redundant sleep from ReRegistration unit test case
/kind cleanup
/sig node
**What this PR does / why we need it**:
Once upon a time, there was a race in the device plugin registration logic. At that time, [list()](5cac9fc984/pkg/kubelet/deviceplugin/manager.go (L206)) and [listAndWatch()](5cac9fc984/pkg/kubelet/deviceplugin/manager.go (L224)) used to be separate functions. Race was there for taking manager.mutex lock from two places. [One, from within the m.addEndpoint()](5cac9fc984/pkg/kubelet/deviceplugin/manager.go (L214)) and the [second, from within m.Devices()](5cac9fc984/pkg/kubelet/deviceplugin/manager.go (L137)). This race was making `TestDevicePluginReRegistration` flaky as explained below.
```
1. p1.Register(socketName, testResourceName)
2. // Wait for the first callback to be issued.
3. <-callbackChan
4. devices := m.Devices()
```
* L#1 leads to eventually **asynchronous** invocation of m.addEndpoint(), let say **thread1**.
* L#3 holds the test case execution till the [callback gets invoked](5cac9fc984/pkg/kubelet/deviceplugin/endpoint.go (L108)). This means test case execution waits on channel till the **thread1** reaches the point where [e.list() call completes in the addEndpoint.](5cac9fc984/pkg/kubelet/deviceplugin/manager.go (L206))
* L#4 triggers a new thread. thread1 and this new thread are both racing for m.mutex.Lock(). Former, in the addEndpoint() and later one in the m.Devices(). If m.Devices wins the race, result is the test case failure because endpoint gets added in the manager only after taking mutex.Lock() in the addEndpoint().
To deal with this flake, we added `Sleep` between L#3 and L#4. `Sleep` was getting some extra time to addEndpoint() and thus making thread1 win the race each time.
Above explained race scenario got fixed and merged sometime back in this PR:
[Deviceplugin refactoring: merge func list and listwatch in endpoint into one](https://github.com/kubernetes/kubernetes/pull/52149)
With the above PR, callback function is invoked from e.run() which makes sure that test case waits on channel till the endpoint is added and devices are updated
Above explained race scenario does not exist now, therefore removing redundant sleeps from the test case.
Tested:
go test -race -count 500 k8s.io/kubernetes/pkg/kubelet/cm/deviceplugin -run TestDevicePluginReRegistration -timeout 5h
Related #52616#56026
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/cc @vishh @derekwaynecarr @jiayingz @RenaudWasTaken @lichuqiang @ScorpioCPH @tengqm @mindprince @ConnorDoyle @jeremyeder
GetPodCgroupNameSuffix is not really implemented under darwin
(or windows for that matter). So let's just skip over the check
for CPU and Memory if that is not set.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix incorrect hairpin-mode value and validate it
**What this PR does / why we need it**:
* Fix incorrect hairpin-mode value
* Add validation
**Which issue(s) this PR fixes**:
Fixes#57609
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add vikaschoudhary16 as reviewer in pkg/kubelet/cm/deviceplugin
**What this PR does / why we need it**:
Add github user vikaschoudhary16 (me) to the reviewers list for pkg/kubelet/cm/deviceplugin
**Special notes for your reviewer**:
I would like to help with the review load in this package.
```release-note
None
```
/sig node
/cc @vishh @jiayingz @derekwaynecarr @mindprince @RenaudWasTaken @ConnorDoyle
Automatic merge from submit-queue (batch tested with PRs 57591, 57369). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert back #57278
**What this PR does / why we need it**:
This PR reverts back to behavior of scanning Limits.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related #
#57276#57170
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/sig node
/cc @vishh @ConnorDoyle @jiayingz
Automatic merge from submit-queue (batch tested with PRs 57591, 57369). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a race in the endpoint.go
**What this PR does / why we need it**:
This PR fixes a race in the endpoint.go
Fixes#56026
-->
```release-note
None
```
/sig node
/cc @RenaudWasTaken @ConnorDoyle @jiayingz @mindprince @ScorpioCPH @resouer @tengqm @vishh
Automatic merge from submit-queue (batch tested with PRs 57434, 57221, 57417, 57474, 57481). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Send an event just before the Kubelet restarts to use a new config
**What this PR does / why we need it**:
This PR makes the Kubelet send events for configuration changes. This makes it much easier to see a recent history of configuration changes for the Kubelet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56895
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/cc @dchen1107 @liggitt @dashpole
Automatic merge from submit-queue (batch tested with PRs 55475, 57155, 57260, 57222). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improved mount/attach error logging and added attach event.
Fixed kubelet error message to be more descriptive. Added Attach success event for help in debugging.
The attach event is helpful when the node may not have the correct information about attachment status, it allows the user to see whether the Attach was run at all. If there is no success/failure attach message we can infer that there was no attach started at all.
Fixes#57217
Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove useless function hasHostPortConflicts
`hasHostPortConflicts` is not used anywhere. Delete it.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use k8s.gcr.io vanity domain for container images
Related issue: https://github.com/kubernetes/release/issues/281
```release-note
Use "k8s.gcr.io" for container images rather than "gcr.io/google_containers". This is just a redirect, for now, so should not impact anyone materially.
Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cpumanager: Propagate error up instead panic
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57239
**Special notes for your reviewer**:
/assign @sjenning
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix device manager to scan resources.Requests
**What this PR does / why we need it**:
This PR makes device manager to scan resources.Requests from the container spec. Currently
it scans resources.Limits. For extended resources, it is not mandatory for resources.Limits to be present in the container spec and if Limits are present, validation logic ensures that Limits will always be equal to Requests.
Fixes#57276
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/sig node
/cc @ConnorDoyle @vishh @jiayingz @RenaudWasTaken @tengqm @resouer @mindprince
Automatic merge from submit-queue (batch tested with PRs 57127, 57011, 56754, 56601, 56483). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove hacks added for mesos
**What this PR does / why we need it**:
Since Mesos is no longer in your main repository and since we have
things like dynamic kubelet configuration in progress, we should
drop these undocumented, untested, private hooks.
cmd/kubelet/app/server.go::CreateAPIServerClientConfig
CreateAPIServerClientConfig::getRuntime
pkg/kubelet/kubelet_pods.go::getPhase
Also remove stuff from Dependencies struct that were specific to
the Mesos integration (ContainerRuntimeOptions and Options)
Also remove stale references in test/e2e and and test owners file
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Drop hacks used for Mesos integration that was already removed from main kubernetes repository
```
Automatic merge from submit-queue (batch tested with PRs 57127, 57011, 56754, 56601, 56483). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check and set promiscuous mode with netlink because netlink already supports it
**What this PR does / why we need it**:
check and set promiscuous mode with netlink because netlink already supports it.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
I wanted to add tests for the changes, however I found upstream CI does not allow UT acquire root privilege :(
**Release note**:
```release-note
NONE
```
/sig network
Automatic merge from submit-queue (batch tested with PRs 56386, 57204, 55692, 57107, 57177). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor TestPodContainerDeviceAllocation for extensiblity/readability
**What this PR does / why we need it**:
This PR refactors and reorganizes TestPodContainerDeviceAllocation(). This PR changes the logic to use array for iterating over test conditions and other refactoring such as moving test pod creation logic to a separate function.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
cc @sjenning @jeremyeder @RenaudWasTaken @vishh @mindprince @jiayingz @ScorpioCPH
/sig node
Automatic merge from submit-queue (batch tested with PRs 57148, 57123, 57091, 57141, 57131). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix magic string for runtime type
**What this PR does / why we need it**:
This PR correct the magic string about container runtime to the constants.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
This PR correct the magic string about container runtime to the constants.
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 56650, 55813, 56911, 56921, 56871). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enable flexvolume on Windows node
**What this PR does / why we need it**:
enable flexvolume on Windows node:
current PodVolumeDir is like
`\var\lib\kubelet\pods\f54c5a74-da63-11e7-b71a-000d3a02c330\volumes\test~hostpath.cmd\flextest`
which is a unix path, with this PR, PodVolumeDir in **windows** kubelet will be converted into like
`c:\var\lib\kubelet\pods\f54c5a74-da63-11e7-b71a-000d3a02c330\volumes\test~hostpath.cmd\flextest`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56875
**Special notes for your reviewer**:
Detailed steps about how to use flexvolume on Windows with this PR:
https://github.com/andyzhangx/Demo/tree/master/windows/flexvolume
**Release note**:
```
enable flexvolume on Windows node
```
/sig windows
Automatic merge from submit-queue (batch tested with PRs 56650, 55813, 56911, 56921, 56871). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix deviceplugin test file create leak file problem
When execute make test, this test file will create a file named "kubelet_internal_checkpoint" in k8s directory and not delete it.
This patch fix this error
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56365
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 56410, 56707, 56661, 54998, 56722). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move some kubelet constants to a common place
**What this PR does / why we need it**:
More context, see: https://github.com/kubernetes/kubernetes/issues/56516
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56516
[thanks @ixdy for verifying this!]
**Special notes for your reviewer**:
@ixdy how can I verify #56516 against this locally?
/cc @ixdy @mtaufen
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56337, 56546, 56550, 56633, 56635). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove redundant code in container manager.
- Reuse stub implementations from unsupported implementations.
- Delete test file that didn't contain any tests.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig node
Automatic merge from submit-queue (batch tested with PRs 56579, 55236, 56512, 56549, 56538). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
security_context_test.go(TestVerifyRunAsNonRoot): remove unused variables
**What this PR does / why we need it**:
This PR removed unused member and related variables from the test.
**Special notes for your reviewer**:
It's better to review this PR in the mode that ignore whitespace-related changes: https://github.com/kubernetes/kubernetes/pull/56579/files?w=1
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 56401, 56506, 56551, 56298, 56581). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Addressing Comments from Code Review
**What this PR does / why we need it**: addressing comments from code review: https://github.com/kubernetes/kubernetes/pull/55824#pullrequestreview-78597250
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: N/A
**Special notes for your reviewer**:
@thockin @jsafrane @msau42 PTAL
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56401, 56506, 56551, 56298, 56581). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: include runtime error in event on CreatePodSandbox failure
Include the error from the runtime in the event message when CreatePodSandbox fails. The sandbox creation can fail for many reasons and including the error makes the situation easier to debug.
The event for failed PodSandboxStatus includes this information so there is already precedent for doing this.
xref https://bugzilla.redhat.com/show_bug.cgi?id=1506813
@eparis @derekwaynecarr @dchen1107 @vishh
/release-note-none
/sig node
Automatic merge from submit-queue (batch tested with PRs 57172, 55382, 56147, 56146, 56158). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete useless params containerized
Signed-off-by: zhangjie <zhangjie0619@yeah.net>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
delete useless params containerized
```
Automatic merge from submit-queue (batch tested with PRs 57172, 55382, 56147, 56146, 56158). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use file store utility for device plugin checkpointing
Partially address issue #54088
cc @sjenning @jeremyeder @jiayingz @vishh
/sig node
Automatic merge from submit-queue (batch tested with PRs 54410, 56184, 56199, 56191, 56231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CPU Manager panics on state initialization error.
**What this PR does / why we need it**:
- CPU Manager panics on state initialization error.
- Update unit tests accordingly.
- Minor related cleanup in `state_file.go`.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/kind bug
/sig node
/priority important-soon
Blocks #52031
/assign @balajismaniam
cc @flyingcougar
Automatic merge from submit-queue (batch tested with PRs 54410, 56184, 56199, 56191, 56231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cpu manager reconcile loop - restore state
**What this PR does / why we need it**:
Cpu manager reconcile loop can add orphaned containers to `State` calling `policy.AddContainer()`
Previous PR: #54409
e2e tests PR: #53378
Blocked by #56191
Automatic merge from submit-queue (batch tested with PRs 52259, 53951, 54385, 54805, 55145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a typo in NewManager function
**What this PR does / why we need it**:
Fix a typo in NewManager function
**Special notes for your reviewer**:
**Release note**:
`None`
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ConnorDoyle as approver in /pkg/kubelet/cm.
**What this PR does / why we need it**:
- Add github user `ConnorDoyle` (me) to the approvers list for `pkg/kubelet/cm`.
**Special notes for your reviewer**:
I would like to help with the review load in this package. I believe I have demonstrated good stewardship of sub-packages in this part of the code base.
```release-note
NONE
```
/sig node
/kind cleanup
/assign @derekwaynecarr
Automatic merge from submit-queue (batch tested with PRs 56529, 57054). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet should use the value of the cri container runtime endpoint fr…
…om cadvisor
**What this PR does / why we need it**:
To make cri container runtime endpoint consistent, kubelet (currently using "/var/run/crio.sock" ) should use value of CrioSocket exactly as defined in cadvisor.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57005
**Special notes for your reviewer**:
**Release note**:
```release-note
Use the same value for cri container runtime endpoint as defined in cadivsor/crio
```
