Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get rid of depends on kubectl in kubeadm
**What this PR does / why we need it**:
Get rif of depends on kubectl in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**What this PR does / why we need it**:
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check error when failed to prepull the images
**Special notes for your reviewer**:
return error when failed to prepull the images
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64758, 65627). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixed the wrong elasticsearch node counter
**What this PR does / why we need it**:
I am experiencing the nasty bug during the deployment of the elasticsearch-logging statefulset on my custom Kubernetes in Azure (AzureDisk persistant storage). Let's imaging that we want two master nodes which our elasticsearch will try to find during the discovery procedure. Because of the delay between creation of two nodes (azure disk creation) there will be a situation when only one node exists in the service endpoint list and it will be enough to pass the elasticsearch logging discovery step. Only one node will be written to the elasticsearch.yml, but it expects two. Elasticsearch will not be able to find required two nodes. Then Kubernetes will terminate the first pod while the second pod is almost ready (remove that endpoint from service). Then it adds the ip of the second pod to the endpoint and discovery fails as well. This is the endless procedure.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixes the wrong elasticsearch node counter
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Setup TLS with CA Cert for vsphere cloud provider
- Extend config to take a path to a CA Certificate
- Use the CA Cert when establishing a connection with the SOAP client
Testing
We provide certs and keys for tests as fixtures, `vclib/fixtures`.
Those were created (and can be regenerated) using `vclib/fixtures/createCerts.sh`.
At the moment it's possible to configure a CA path and at the same time allow insecure
communication between vsphere cloud provider and vcenter. This may
change in the future; we might opt for overwriting the insecure
communication if a CA is configured / log and transparently pass the
arguments to the vcenter command / other. To be discussed.
At the moment the CA is a global level configuration. In other
words, all vcenter servers need to use certificates signed by the same
CA. There might be use cases for different CA per vcenter server; to be
discussed.
**What this PR does / why we need it**:
This PR adds the option of configuring a trusted CA for the communication between the vsphere cloud provider and the vcenter control plane.
**Which issue(s) this PR fixes**:
Fixes#64222
**Special notes for your reviewer**:
**Release note**:
```release-note
- Can configure the vsphere cloud provider with a trusted Root-CA
```
Automatic merge from submit-queue (batch tested with PRs 65188, 65541, 65534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ipvs: remove duplicated masq rules
Duplicated masq rules are created by current implementation:
```
-A KUBE-NODE-PORT -m comment --comment "mark MASQ for
externaltrafficpolicy=cluster" -j KUBE-MARK-MASQ
-A KUBE-NODE-PORT -j KUBE-MARK-MASQ
```
The last one is always there. So the one inside if statement could
just be removed.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 65188, 65541, 65534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Increase certain waiting time window in gpu_device_plugin e2e_node test.
Kubelet restart process seems to get a bit slower recently. From running
the gpu_device_plugin e2e_node test on GCE, I saw it took ~37 seconds
for kubelet to start CM DeviceManager after it restarts, and then took
~12 seconds for the gpu device plugin to re-register. As the result,
this e2e_node test fails because the current 10 sec waiting time is too
small. Restarting a container also seems to get slower that it sometimes
exceeds the current 2 min waiting time in ensurePodContainerRestart().
This change increase both waiting time to 5 min to leave enough space
on slower machines.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Ubuntu 18.04 (Bionic) series to Juju charms
**What this PR does / why we need it**:
Adds Ubuntu 18.04 (Bionic) series to Juju charms. 16.04 (Xenial) is still the default series, but with this change the charms can be easily deployed on Bionic if desired.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add Ubuntu 18.04 (Bionic) series to Juju charms
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix local volume directory can't be deleted issue
**What this PR does / why we need it**:
Need to add volume mode field to constructed pv spec.
**Special notes for your reviewer**:
I get an issue:
1) kubelet has lots of logs with errors related with volume mode
```
Jun 21 10:31:18 kubelet[19333]: E0621 10:31:18.422321 19333 reconciler.go:179] operationExecutor.NewVolumeHandler for UnmountVolume failed for volume "lv-e57cf589-4658-4881-b125-7b9f35c2c8eb" (UniqueName: "kubernetes.io/local-volume/4103e613-656c-11e8-8c20-74dbd180ddb4-lv-e57cf589-4658-4881-b125-7b9f35c2c8eb") pod "4103e613-656c-11e8-8c20-74dbd180ddb4" (UID: "4103e613-656c-11e8-8c20-74dbd180ddb4") : cannot get volumeMode for volume: lv-e57cf589-4658-4881-b125-7b9f35c2c8eb
Jun 21 10:31:18 kubelet[19333]: E0621 10:31:18.422351 19333 reconciler.go:179] operationExecutor.NewVolumeHandler for UnmountVolume failed for volume "lv-b1e788ac-78eb-4d26-819a-263cef5337ea" (UniqueName: "kubernetes.io/local-volume/4082c1da-656c-11e8-8c20-74dbd180ddb4-lv-b1e788ac-78eb-4d26-819a-263cef5337ea") pod "4082c1da-656c-11e8-8c20-74dbd180ddb4" (UID: "4082c1da-656c-11e8-8c20-74dbd180ddb4") : cannot get volumeMode for volume: lv-b1e788ac-78eb-4d26-819a-263cef5337ea
```
2) The pod is an orphan pod and have the volume directory left at the node
3) Because of the errors, the volume directory will never be deleted
**Release note**:
```release-note
Fix local volume directory can't be deleted because of volumeMode error
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow enabling kubelet serving certificate rotation via flag
allows the server rotation feature to be exercised via flags as well as config file
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix test failure of truncated time
**What this PR does / why we need it**:
The test of `TestFsStoreAssignedModified` in `pkg/kubelet/kubeletconfig/checkpoint/store` fails in my environment like below.
```
$ make test WHAT=./pkg/kubelet/kubeletconfig/checkpoint/store/
Running tests for APIVersion: v1,admissionregistration.k8s.io/v1alpha1,admissionregistration.k8s.io/v1beta1,admission.k8s.io/v1beta1,apps/v1beta1,apps/v1beta2,apps/v1,authentication.k8s.io/v1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1,authorization.k8s.io/v1beta1,autoscaling/v1,autoscaling/v2beta1,batch/v1,batch/v1beta1,batch/v2alpha1,certificates.k8s.io/v1beta1,coordination.k8s.io/v1beta1,extensions/v1beta1,events.k8s.io/v1beta1,imagepolicy.k8s.io/v1alpha1,networking.k8s.io/v1,policy/v1beta1,rbac.authorization.k8s.io/v1,rbac.authorization.k8s.io/v1beta1,rbac.authorization.k8s.io/v1alpha1,scheduling.k8s.io/v1alpha1,scheduling.k8s.io/v1beta1,settings.k8s.io/v1alpha1,storage.k8s.io/v1beta1,storage.k8s.io/v1,storage.k8s.io/v1alpha1,
+++ [0628 22:53:39] Running tests without code coverage
--- FAIL: TestFsStoreAssignedModified (0.00s)
fsstore_test.go:316: expect "2018-06-28T22:53:43+09:00" but got "2018-06-28T22:53:43+09:00"
FAIL
FAIL k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint/store 0.236s
make: *** [test] Error 1
```
My environment is
OS: macOS Sierra Version 10.12.6
File System: Journaled HFS+
The error message confused me because the comparing times looked the same in the error log. If we know certain systems truncate times, I think we can just compare less precise times to avoid confusions in tests.
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Preparing for 1.11 release and update ingress image to 0.16.1
**What this PR does / why we need it**: This is to prepare Juju charms to default to 1.11 release.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cleanup: remove deadcode
/kind cleanup
remove deadcode
remove unnecessary conversion
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove kubectl delete hack that handles DaemonSet deletion
**What this PR does / why we need it**: follow up #64847
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
/cc @liggitt @soltysh
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
deprecate --use-openapi-print-columns in favor of --server-print
server-side printing has been supported since 1.10 with identical output for core kubernetes types, support is available for extension API servers since 1.10, and for CRDs since 1.11.
openapi printing is mutually exclusive with server-side printing (you have to fetch full objects to do openapi printing, and table row output to do server side printing)
openapi printing has many downsides:
* it requires fetching/parsing a very large schema on every get request
* it requires complex object extraction logic be built into every client
* it is limited to literal values that appear in the objects
see discussion of long-term direction between these two approaches in https://github.com/kubernetes/kubernetes/pull/53483
/sig cli
@kubernetes/sig-cli-pr-reviews
/assign @pwittrock @soltysh
```release-note
kubectl: --use-openapi-print-columns is deprecated in favor of --server-print
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable “Kubernetes Monitoring” and “PodSecurityPolicies” on the same cluster
Without that the daemonset "metadata-agent" return:
```pods "metadata-agent-" is forbidden: unable to validate against any pod security policy: [spec.containers[0].securityContext.containers[0].hostPort: Invalid value: 8799: Host port 8799 is not allowed to be used. Allowed ports: []]```
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use same rvParse in watchcache and move cacheStorage in separate dir
**What this PR does / why we need it**:
Use same rvParse in watchcache and move cacheStorage in separate dir.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow custom manifests in GCP master setup
Add a hook in GCE setup script to allow using custom manifests on master, so we can decouple some GKE changes from k8s. Note that this PR just adds a hook there is no change in default behavior.
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix sample-controller README
The guide in doc causes an error
```
$ go run *.go -kubeconfig=$HOME/.kube/config
go run: cannot run *_test.go files (controller_test.go)
```
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add prometheus scrape port to CoreDNS service
**What this PR does / why we need it**:
Add prometheus scrape port
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/955
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix out of bounds error on non-64-bit machines
This fixes an out of bounds error when running the controllers on a 32-bit machine
```
W0628 17:52:30.171975 1 node_lifecycle_controller.go:782] Missing timestamp for Node kube-master. Assuming now as a timestamp.
I0628 17:52:30.172115 1 taint_manager.go:205] Starting NoExecuteTaintManager
panic: runtime error: index out of range
goroutine 1740 [running]:
k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler.(*NoExecuteTaintManager).Run.func1(0x165e6000, 0x8, 0x15984100)
/workspace/anago-v1.11.0-rc.3.3+91e7b4fd31fcd3/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler/taint_manager.go:229 +0x1f8
created by k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler.(*NoExecuteTaintManager).Run
/workspace/anago-v1.11.0-rc.3.3+91e7b4fd31fcd3/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler/taint_manager.go:217 +0x27c
```
See https://play.golang.org/p/rIpicHGHtiT for an example of the coercion overflow
/assign @wojtek-t
/kind bug
```release-note
fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build
```
Automatic merge from submit-queue (batch tested with PRs 65600, 65203, 65462). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote [sig-api-machinery] Namespaces [Serial] e2e test for Conformance
**What this PR does / why we need it**:
This PR promotes two e2e tests cases for Conformance.
1. [sig-api-machinery] Namespaces [Serial] should ensure that all pods are removed when a namespace is deleted.
2. [sig-api-machinery] Namespaces [Serial] should ensure that all services are removed when a namespace is deleted.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
- No flakes found.
- https://github.com/cncf/k8s-conformance/issues/221#issuecomment-397375358
**Release note**:
```release-note
NONE
```
cc @fedebongio, @AishSundar
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bug printing openapi columns
Fixes#65579
```release-note
kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents
```
Automatic merge from submit-queue (batch tested with PRs 65548, 65598). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix comments about default mount propagation
We changed Private to be default mount propagation scheme but never got around to updating
docs and comments.
/sig storage
cc @jsafrane @liggitt
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bug fix: Should allow alias range size equals to max number of pods * 2
**What this PR does / why we need it**:
Currently in gce/config-common.sh, function get-alias-range-size returns a range which is strictly bigger than log2(max pods * 2). Where equal should be also acceptable. Say if max pods constraint = 8, it should return /28, instead of /27.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65521
**Release note**:
```release-note
NONE
```
Silvery Fu