Automatic merge from submit-queue (batch tested with PRs 43453, 42992)
make sure that the volume satisfies the requirements of the claim before binding
check if the volume requested by the claim satisfies the requirements of the claim before binding when
syncUnboundClaim and claim.Spec.VolumeName is not set, although the volume is asked by user
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43453, 42992)
Cluster-autoscaler multistep node drain e2e
**What this PR does / why we need it**:
This is another Cluster-Autoscaler node drain test. It tests draining a node, when there is pdb allowing for moving some pods, but not all the required pods in one go. Basically it's a more complex scenario of other CA drain e2e, testing the retry logic in CA scale down.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 42674, 43937, 44020)
Fix spelling of 'arguments' for kubectl create authinfo
**What this PR does / why we need it**:
Fixes a silly spelling mistake in help output.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a
**Special notes for your reviewer**:
I've signed the CLA but don't fully understand the PR process yet. I guess the "cla:yes" label gets added by someone else or automatically by a bot?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42674, 43937)
kube-proxy: OnServiceUpdate []*api.Service
This signature is more consistent with OnEndpointsUpdate and removes a
copy loop. This is part on ongoing cleanup to rate-limit iptables
calls.
Automatic merge from submit-queue
Fix abac oplicy example file
"system:unauthenticated" is a group name rather than user name.
Fix it in the example file.
**Release note**:
```NONE
```
We need to apply filter rules on the way in (nodeports) and out (cluster
IPs). Testing here is insufficient to have caught this - will come back
for that.
Automatic merge from submit-queue
node e2e: improve the validate OOM score test for infra containers
The test blindly checked all "pause" processes on the node, assuming
they were all infra containers. This change takes a snapshot of all
existing "pause" processes on the node, and exclude them in the
validation. The test still relies on the fact that it runs exclusively
on the node. If that assumption changes, we will need other methods to
locate the PIDs of the infra containers.
This fixes#37580
Automatic merge from submit-queue
Move autoscaling e2e tests to a separate directory
For fine-grain access control. Autoscaling team is expanding the e2e test coverage and the need for getting an approval for every PR is annoying.
cc: @MaciekPytel @jszczepkowski @fgrzadkowski @wojtek-t
Automatic merge from submit-queue
Include events when describing configmap
**What this PR does / why we need it**:
Currently `kubectl describe configmap/xxx` does not list events, even if there are events related to this congfigmap (and --show-events=true is explicitly passed). This PR makes it include events, same as for other resource types.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Add warning to skip v1.6.0 if you use kubeadm.
I'm not sure if this is the right place to put the warning. Suggestions welcome. Ideally it should be near the top and obvious to anyone who uses `kubeadm` but not overly obnoxious for those who don't.
Automatic merge from submit-queue
Support status.hostIP in downward API
**What this PR does / why we need it**:
Exposes pod's hostIP (node IP) via downward API.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubernetes/issues/24657
**Special notes for your reviewer**:
Not sure if there's more documentation that's needed, please point me in the right direction and I will add some :)
Automatic merge from submit-queue
Add separate KubeletFlags struct and remove HostnameOverride and NodeIP from config type
Add a separate flags struct for Kubelet flags
Kubelet flags are not necessarily appropriate for the KubeletConfiguration
object. For example, this PR also removes HostnameOverride and NodeIP
from KubeletConfiguration.This is a preleminary step to enabling Nodes
to share configurations, as part of the dynamic Kubelet configuration
feature (#29459). Fields that must be unique for each node inhibit
sharing, because their values, by definition, cannot be shared.
/cc @ncdc @kubernetes/sig-node-misc @kubernetes/sig-cluster-lifecycle-misc
Automatic merge from submit-queue (batch tested with PRs 42973, 41582)
Improve status manager unit testing
This is designed to simplify testing logic in the status manager, and decrease reliance on syncBatch. This is a smaller portion of #37119, and should be easier to review than that change.
It makes the following changes:
- creates convenience functions for get, update, and delete core.Action
- prefers using syncPod on elements in the podStatusChannel to using syncBatch to reduce unintended reliance on syncBatch
- combines consuming, validating, and clearing actions into single verifyActions function. This replaces calls to testSyncBatch(), verifyActions(), and ClearActions
- changes comments in testing functions into log statements for easier debugging
@Random-Liu
Kubelet flags are not necessarily appropriate for the KubeletConfiguration
object. For example, this PR also removes HostnameOverride and NodeIP
from KubeletConfiguration. This is a preleminary step to enabling Nodes
to share configurations, as part of the dynamic Kubelet configuration
feature (#29459). Fields that must be unique for each node inhibit
sharing, because their values, by definition, cannot be shared.
Automatic merge from submit-queue
Adding gnufied as reviewer for volume controller
I have helped review several PRs and made new
PRs to this area.
cc @childsb @saad-ali
Automatic merge from submit-queue (batch tested with PRs 43925, 42512)
AWS: add KubernetesClusterID as additional option when VPC is set
This is a small enhancement after the PRs https://github.com/kubernetes/kubernetes/pull/41695 and https://github.com/kubernetes/kubernetes/pull/39996
## Release Notes
```release-note
AWS cloud provider: allow to set KubernetesClusterID or KubernetesClusterTag in combination with VPC.
```
Automatic merge from submit-queue
[CRI] Use DNSOptions passed by CRI in dockershim.
When @xlgao-zju is working on the CRI validation test, he found that dockershim is not using the DNSOptions passed in CRI. https://github.com/kubernetes-incubator/cri-tools/pull/30#issuecomment-290644357
This PR fixed the issue. I've manually tried, for `ClusterFirst` DNSPolicy, the resolv.conf will be:
```
nameserver 8.8.8.8
search corp.google.com prod.google.com prodz.google.com google.com
options ndots:5
```
For `Default` DNSPolicy, the resolv.conf will be:
```
nameserver 127.0.1.1
search corp.google.com prod.google.com prodz.google.com google.com
```
@xlgao-zju You should be able to test after this PR is merged.
/cc @yujuhong @feiskyer
Automatic merge from submit-queue (batch tested with PRs 40432, 43955)
Fix coverage report testing on macOS
**What this PR does / why we need it**:
Fixes coverage testing on macOS
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43952
**Special notes for your reviewer**:
Uses SHA1 SUM of tests instead of full test string to generate directory, so that the directory doesn't exceed 255 chars.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
kubelet: change image-gc-high-threshold below docker dm.min_free_space
docker dm.min_free_space defaults to 10%, which "specifies the min free space percent in a thin pool require for new device creation to succeed....Whenever a new a thin pool device is created (during docker pull or during container creation), the Engine checks if the minimum free space is available. If sufficient space is unavailable, then device creation fails and any relevant docker operation fails." [1]
This setting is preventing the storage usage to cross the 90% limit. However, image GC is expected to kick in only beyond image-gc-high-threshold. The image-gc-high-threshold has a default value of 90%, and hence GC never triggers. If image-gc-high-threshold is set to a value lower than (100 - dm.min_free_space)%, GC triggers.
xref https://bugzilla.redhat.com/show_bug.cgi?id=1408309
```release-note
changed kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage.
```
@derekwaynecarr @sdodson @rhvgoyal
check if the volume requested by the claim satisfies the requirements of the claim before binding when
syncUnboundClaim and claim.Spec.VolumeName is not set
Automatic merge from submit-queue (batch tested with PRs 43450, 42999, 43968)
unit test for kubectl config set-context
**What this PR does / why we need it**:
unit test for create context
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
think you
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix deletion of Gluster, Ceph and Quobyte volumes
GetClassForVolume should check pv.spec.storageClassName together with beta annotation.
Fixes#43929
@kubernetes/sig-storage-pr-reviews
```release-note
Fix bug with error "Volume has no class annotation" when deleting a PersistentVolume.
```
Automatic merge from submit-queue
Make Constants Public so that They Can Be Used in an Ext. Provisioner
Out-of-tree external provisioners have the same purpose as in-tree provisioners. As external provisioners work with PV and PVC datastructures it's an advantage to import certain Kubernetes packages instead of copy-pasting the Kubernetes code.
That's why the constants are made public so that they can be used in an external provisioner.
@jsafrane @kubernetes/sig-storage-pr-reviews
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42038, 42083)
Validate ConfigMapRef and SecretRef name
fixes#42037
**Release note**:
```release-note
When creating a container using envFrom,
1. validate the name of the ConfigMap in a ConfigMapRef
2. validate the name of the Secret in a SecretRef
```
Maciej Pytel