Automatic merge from submit-queue (batch tested with PRs 65832, 66160, 66145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix metrics help comment
**What this PR does / why we need it**:
pod_start_latency_microseconds is not broken down by podname.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65832, 66160, 66145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Modify resource constraints for master components.
The growth is caused by increasing --kube-api-qps in kube-scheduler.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65832, 66160, 66145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: make loopback logic in SecureServingOptions reusable
For reuse in other components this PR separates the loopback logic from the GenericApiServer config.
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix CRI socket validatioin
**What this PR does / why we need it**:
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
**Which issue(s) this PR fixes** :
[#928](https://github.com/kubernetes/kubeadm/issues/928)
**Release note**:
```release-note
NONE
```
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.
Automatic merge from submit-queue (batch tested with PRs 66121, 66140, 66045). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support setting azure LB idle timeout
**What this PR does / why we need it**:
Adds a new annotation to allow users to configure the idle timeout of
the Azure LB.
**Release note**:
```release-note
Support configuring the Azure load balancer idle connection timeout for services
```
Automatic merge from submit-queue (batch tested with PRs 66121, 66140, 66045). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow modifying current context with kubectl set-context
Fixes https://github.com/kubernetes/kubernetes/issues/40968
Enabled setting the namespace (or any other attribute) for the current context, rather than needing to provide a name:
```
kubectl config set-context --current --namespace=some-namespace
kubectl config set-context --current --cluster=some-cluster
kubectl config set-context --current --user=some-user
```
```release-note
`kubectl config set-context` can now set attributes of the current context, like the current namespace, by passing `--current` instead of a specific context name
```
Automatic merge from submit-queue (batch tested with PRs 66121, 66140, 66045). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix csr status message for kubectl certificate deny
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable adaptive scoring in ImageLocalityPriority
**What this PR does / why we need it**:
This PR replaces the original, pure image-size based scoring to an adaptive scoring scheme. The new scoring scheme considers not only the image size but also its `"spread" `- the definition of `"spread"` is described in what follows:
> Given an image`i`, `spread_i = num_node_has_i / total_num_nodes`
And the image receives the score: `score_i = size_i * spread_i`, as proposed by @resouer. The final node score is the summation of image scores for all images found existing on the node that are mentioned in the pod spec.
The goal of this heuristic is to better _balance image locality with other scheduling policies_. In particular, it aims to mitigate and prevent the undesirable "node heating problem", _i.e._, pods get assigned to the same or a few nodes due to preferred image locality. Given an image, the larger `spread` it has the more image locality we can consider for it - since we can expect more nodes having this image.
The new image state information in scheduler cache, enabled in this PR, allows other potential heuristics to be explored.
**Special notes for your reviewer**:
@resouer
Additional unit tests are WIP.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disable initializers by default
The API group driving this field is not enabled by default, and it does not appear that these will progress beyond the alpha phase.
Remove the admission plugin from default configurations.
/sig api-machinery
/cc @smarterclayton
```release-note
The alpha `Initializers` admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior.
```
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix TestVolumeBinding out of sync errors
**What this PR does / why we need it**:
Invalidate `CheckVolumeBinding` predicate cache on PV update.
CheckVolumeBinding predicate calls SchedulerVolumeBinder.FindPodVolumes which will cache PVs in PodBindingCache. When PV got updated, we should invalidate cache, otherwise PVAssumeCache.Assume will fail with out of sync error.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64626
**Special notes for your reviewer**:
When a PV is created, these operations happen asynchronously:
- [pvcontroller.1] pv controller will update PV status from empty to `Available`
- [scheduler.1] scheduler will find matching PVs and cache them in PodBindingCache in `CheckVolumeBinding` predicate
- [scheduler.2] scheduler will assume matching PVs from PodBindingCache
If [pvcontroller.1] happens between [scheduler.1] and [scheduler.2], and `CheckVolumeBinding` predicate result is cached in [scheduler.1], then scheduler will always use stale PodBindingCache in [scheduler.2] which [will cause out-of-sync error](https://github.com/kubernetes/kubernetes/blob/v1.12.0-alpha.0/pkg/controller/volume/persistentvolume/scheduler_assume_cache.go#L277) because resource version is old.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fieldpath: Add tests for missing cases
Tests some missing cases in `pkg/fieldpath`.
**Release note**:
```release-note
NONE
```
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Automatic merge from submit-queue (batch tested with PRs 66011, 66111, 66106, 66039, 65745). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up unused internal node expansion code
**What this PR does / why we need it**:
As the title
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Printable default component configs
**What this PR does / why we need it**:
This PR makes default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Refs kubernetes/kubeadm#963
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind feature
**Release note**:
```release-note
kubeadm: Default component configs are printable via kubeadm config print-default
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
optimize certificate cleaner
No need to parse certificates for every conditions
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Not step into ipvs.CleanupLeftovers() if canUseIPVS's false
**What this PR does / why we need it**:
Earlier we decide whether we should clean up the left-over ipvs rules inside `ipvs.CleanupLeftovers()`, therefore we call function `ipvs.CanUseIPVSProxier()` two times (and `GetModules()` two times). Actually no need to step into `ipvs.CleanupLeftovers()` if `canUseIPVS` is false.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get ipv6 nodeIP when in ipv6 cluster
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64985
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make delete waits match on UID
If you delete an object, there is a race where something can recreate it with a different UID and the wait will wait forever. This allows passing a UID through
@kubernetes/sig-cli-maintainers
@soltysh @liggitt
```release-note
prevents infinite CLI wait on delete when item is recreated
```
Automatic merge from submit-queue (batch tested with PRs 65105, 62948). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make kubeadm phases ready for join master
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm).
With this PR, kubeadm phases implements methods that will be used by the `kubeadm join --master`workflow, and more in detail:
- kubeconfig phase implements a new method for creating kubeconfig required files (nb. with respect to init, the kubelet.conf file should not be created because it will generated by the TLS bootstrap process)
- certs phase implements a new method for checking the pki provided by the users (all the certificates are present, the API server certificate is properly configured)
**Special notes for your reviewer**:
/CC @timothysc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65105, 62948). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dry-run: Create Options with dryRun for POST/PUT/PATCH
**What this PR does / why we need it**:
Create new options for Create and Update (through POST/PUT/PATCH).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66122, 66007). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Return vmUUID when renewing nodeinfo in VCP
**What this PR does / why we need it**:
This PR fixes an issue that VM UUID is removed when renewing node information in vSphere cloud provider
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig vmware
Automatic merge from submit-queue (batch tested with PRs 66095, 66092). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make the addons docker registry configurable
**What this PR does / why we need it**:
Allow users to configure the docker registry used when applying cdk-addons templates.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Depends on https://github.com/juju-solutions/cdk-addons/pull/45
**Release note**:
```release-note
Expose docker registry config for addons used in Juju deployments
```
Automatic merge from submit-queue (batch tested with PRs 66095, 66092). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump cluster-proportional-autoscaler to 1.2.0
**What this PR does / why we need it**:
Ref https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/pull/47.
Major changes in cluster-proportional-autoscaler to 1.2.0:
- Watch nodes instead of periodic polls.
RBAC permission is slightly edited to allow dns-autoscaler to watch nodes.
/assign @shyamjvs
cc @wojtek-t
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Release note**:
```release-note
NONE
```
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
Make default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Kubernetes Submit Queue