Automatic merge from submit-queue
Skip gofmt for staging/ directory
Don't run gofmt for example on:
staging/src/k8s.io/client-go/1.4/_vendor
Fixes#31875
Automatic merge from submit-queue
kubelet_test.go: use assertions
Switch most of the tests in this file to using the assert library
(`github.com/stretchr/testify/assert`) in the tests for better readability and
less code in general.
Automatic merge from submit-queue
Check server version when running scheduled job e2e tests
@janetkuo this is the promised followup to #30575 which is checking minimal server version when running ScheduledJob e2e's.
Automatic merge from submit-queue
retry oauth token fetch in gce cloudprovider
Fixes https://github.com/kubernetes/kubernetes/issues/31560
The oauth client fetches a token on the initial request of that client. Let's warm the cache.
cc @goltermann @lavalamp
Automatic merge from submit-queue
update e2e test for federation replicaset controlelr
e2e test to verify replicases synced to underlying clusters.
@quinton-hoole @nikhiljindal @deepak-vij @kshafiee @mwielgus
Automatic merge from submit-queue
Fix PSP update validation
Issues fixed:
- apparmor annotations were not being validated
- sysctl annotations were not being validated
- `ValidateObjectMetaUpdate` parameters were reversed
/cc @sttts
---
1.4 justification:
- Risk: If I did something wrong, valid updates could be rejected or invalid updates accepted.
- Rollback: Nothing should depend on this behavior
- Cost: As it stands, the PSP can be updated to an invalid state. The cost of this is relatively low, but a bad user experience.
Automatic merge from submit-queue
Fix PSP volumes error message
Was:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.containers[0].securityContext.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Now:
```
Error from server: error when creating "pause-pod.yaml": pods "pause" is forbidden: unable to validate against any pod security policy: [spec.volumes[0]: Invalid value: "secret": secret volumes are not allowed to be used]
```
Also, only perform the validation once (by moving it from `ValidateContainerSecurityContext` to `ValidatePodSecurityContext`).
---
1.4 Justification:
- Risk: low, this is just altering an error message
- Rollback: nothing should depend on this functionality
- Cost: the old error message didn't make any sense (there are no volumes on a container SecurityContext). This is fixing a bug.
Automatic merge from submit-queue
Return detailed error message for better debugging.
Try to provide more details error message for debugging when this flake #31561 happens again.
@pwittrock
Automatic merge from submit-queue
Bump nfs server image tag in pv e2e
Image modified in https://github.com/kubernetes/kubernetes/pull/30084 has been pushed, so we can bump this back up to enable the part where pod writes to server with restrictive permissions
Automatic merge from submit-queue
Added printing of clarification for `object creation` request in case of object is in the process of graceful deletion
## **Output example:**
### # kubectl create -f ./pod.yaml
`pod "test-pod" created`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": pods "test-pod" already exists`
### # kubectl delete pods/test-pod
`pod "test-pod" deleted`
### # kubectl create -f ./pod.yaml
`Error from server: error when creating "../simplePod.yaml": object is being deleted: pods "test-pod" already exists`
Automatic merge from submit-queue
Adding namespaces/finalizer subresource to federation apiserver
Fixes https://github.com/kubernetes/kubernetes/issues/31077
cc @kubernetes/sig-cluster-federation @mwielgus
Verified manually that I can delete federation namespaces now.
Will update federation-namespace e2e test to verify that namespace is deleted fine
Automatic merge from submit-queue
[GarbageCollector] GC retries failed garbage collection
The code was buried in #30483, which we decided to put off to 1.5.
Automatic merge from submit-queue
Node Problem Detector: Use the right waiting time for eventually in NPD node e2e
Fixes https://github.com/kubernetes/kubernetes/issues/29656.
The `Eventually` check changed in this PR is used to make sure NPD generating default node condition after it starts. Mostly it should happen very fast, but sometimes it may take some time.
In the test, we should use `pollTimeout`(`1m`) for eventually check which is long enough, but we used `pollConsistent`(`5s`) by mistake.
This PR changed the eventually check to use `pollTimeout`(`1m`).
Mark P1 to match the corresponding test flake.
/cc @krousey @pwittrock
Automatic merge from submit-queue
Update node status instead of node in kubelet
#31730 added code for the Kubelet to reconcile the existing and new nodes in order to annotate existing nodes with the annotation for controller-managed attach-detach. However, it used `Update` instead of `UpdateStatus`, which changes the operations the node's token needs to be permitted to use. Using `UpdateStatus` is functionally equivalent and maintains the same set of permissions nodes need to have today.
I'm adding this with the 1.4 milestone because it is a follow-on to a 1.4 PR and fixes a downstream bug (which won't surface to Kube).
Automatic merge from submit-queue
Increase logging level for e2e node services
Without this change, the apiserver logs are non existent for node e2e tests.
Automatic merge from submit-queue
Namespace certificates API group
New API groups should follow best-practices for naming, including using DNS names within the k8s.io namespace
```release-note
The certificates API group has been renamed to certificates.k8s.io
```
Automatic merge from submit-queue
test/e2e: fix flake in kubelet expose should create services for rc
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
-->
```release-note
NONE
```
Add a loop to retry the request to account for the TLS Timeout and API
credential error responses outlined by the flakes in #29227.
Fixes#29227
Ke Zhang
