Automatic merge from submit-queue (batch tested with PRs 67655, 67639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix validate-cluster.sh for clusters with more than 500 nodes.
**What this PR does / why we need it**:
Without the change, validate-cluster.sh counts nodes using 'wc -l' minus one (header).
kubectl repeats header every 500 rows, so for bigger clusters this doesn't work.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67597
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67378, 67675, 67654). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add some unit tests in staging/src/k8s.io/apiserver/pkg/server/options
**What this PR does / why we need it**:
add some unit tests in staging/src/k8s.io/apiserver/pkg/server/options
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67378, 67675, 67654). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pass files to golint one at a time
**What this PR does / why we need it**:
When we pass multiple files into golint at once, and golint detects a fatal error in one of them, it will actually exit and not process any more of the files passed. For large packages, this increases the chance that golint will exit.
This change will, instead of golinting once per package, will use xargs to run each file through golint individually.
**Special notes for your reviewer**:
Out of interest, I timed the difference between using find and a regex to exclude the generated files, but `ls | grep` was about 15-20 seconds faster throughout the entire duration of the run (about 2 minutes).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67378, 67675, 67654). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Store logs from 'logexporter' to allow debugging it.
**What this PR does / why we need it**:
With https://github.com/kubernetes/kubernetes/pull/67190 logexporter stopped working properly in 5000 kubemark test (while it works fine in smaller tests)
As we have no tools to debug this in a big scale, I propose storing logexporter logs in some place so that it's possible to debug all attempts.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Supplementary information for common flags and add restart second config
**What this PR does / why we need it**:
the admission-control flag has been marked deprecated, it need to be updated.
And provide them with supplementary information about flags.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/67627
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 67430, 67550). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add e2e Test Description to User-Agent
This PR appends detail e2e test line number and test details to the User-Agent.
It's needed for https://github.com/kubernetes/community/pull/2363 and Conformance Data gathering.
This can be easily tested with any 1.12.0-alpha or later that is configured for audit-logging.
Here is an example using the test-infra/kubetest dind from https://github.com/kubernetes/test-infra/pull/9061
```
cd ~/go/src/k8s.io/kubernetes/
go get -u k8s.io/test-infra/kubetest
kubetest --build=dind
kubetest --up --deployment=dind
export KUBERNETES_CONFORMANCE_TEST=y
export KUBECONFIG=$(ls -rt /tmp/k8s-dind-kubecfg-* | tail -1)
export DIND_K8S_DATA=$(ls -drt /tmp/dind-k8* | tail -1)
make -j 8 GOGCFLAGS="-N -l -v" WHAT=test/e2e/e2e.test
./_output/local/bin/linux/amd64/e2e.test \
--ginkgo.focus=\[Conformance\] \
--ginkgo.seed=1436380640 \
--v=2 \
--ginkgo.skip='\[Slow\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:.+\]|\[HPA\]|Dashboard|Services.*functioning.*NodePort'
cp $DIND_KCS_DATA/audit/audit.log .
```
```
e2e.test/v1.12.0 (linux/amd64) kubernetes/94c2c6c -- k8s.io/kubernetes/test/e2e/kubectl/portforward.go:496 -- [sig-cli] Kubectl Port forwarding [k8s.io] With a server listening on localhost [k8s.io] that expects NO client request should support a client that connects, sends DATA, and disconnects
e2e.test/v1.12.0 (linux/amd64) kubernetes/94c2c6c -- k8s.io/kubernetes/test/e2e/network/dns.go:158 -- [sig-network] DNS should provide DNS for ExternalName services
e2e.test/v1.12.0 (linux/amd64) kubernetes/94c2c6c -- k8s.io/kubernetes/test/e2e/framework/framework.go:710 -- [sig-cli] Kubectl client [k8s.io] Kubectl cluster-info should check if Kubernetes master services is included in cluster-info [Conformance]
e2e.test/v1.12.0 (linux/amd64) kubernetes/94c2c6c -- k8s.io/kubernetes/test/e2e/storage/persistent_volumes-local.go:562 -- [sig-storage] PersistentVolumes-local StatefulSet with pod affinity should use volumes on one node when pod has affinity
```
Sample log file from e2e run:
[audit.log.gz](https://github.com/kubernetes/kubernetes/files/2298944/audit.log.gz)
Automatic merge from submit-queue (batch tested with PRs 67430, 67550). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cpumanager: rollback state if updateContainerCPUSet failed
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63018
If `updateContainerCPUSet` failed, the container will start failed. We should rollback the state to avoid CPU leak.
**Special notes for your reviewer**:
**Release note**:
```release-note
cpumanager: rollback state if updateContainerCPUSet failed
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add labels to kubelet OWNERS files
**What this PR does / why we need it**:
This change makes it possible to automatically add the two labels: `area/kubelet` to PRs that touch the paths in question.
this already exists for kubeadm:
https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/OWNERS#L17-L19
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
refs https://github.com/kubernetes/community/issues/1808
**Special notes for your reviewer**:
none
**Release note**:
```release-note
NONE
```
/area kubelet
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove incorrect comment
**What this PR does / why we need it**:
These code did not Update the revisions labels, the comment is incorrect
```
// Update the revisions name and labels
clone.Name = ControllerRevisionName(parent.GetName(), hash)
ns := parent.GetNamespace()
created, err := rh.client.AppsV1().ControllerRevisions(ns).Create(clone)
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
NONE
**Release note**:
```
NONE
```
/kind cleanup
/release-note-none
/sig apps
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow adding default capabilities to unprivileged addons
**What this PR does / why we need it**:
Allow adding the default set of capabilities back to unprivileged addons, when using the the default GCE PodSecurityPolicies. This is useful when paired with `drop: [ 'all' ]`
This is not a relaxation of permissions, as a pod that didn't touch capabilities (implicitly has the default set) is already allowed.
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/dns/issues/254
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67298, 67518, 67635, 67673). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
build/debian-iptables: make: support arguments for base and tag
**What this PR does / why we need it**:
Change debian-iptables makefile to support arguments for base image and tag.
**Special notes for your reviewer**:
Tested locally.
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 67298, 67518, 67635, 67673). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix unstructured metadata accessors to respect omitempty semantics
Fixes#67541Fixes#48211Fixes#49075
Follow up of #67562
`ObjectMeta` has fields with `omitempty` json tags. This means that when the fields have zero values, they should not be persisted in the object.
Before this PR, some of the metadata accessors for unstructured objects did not respect these semantics i.e they would persist a field even if it had a zero value.
This PR updates the accessors so that the field is removed from the unstructured object map if it contains a zero value.
/sig api-machinery
/kind bug
/area custom-resources
/cc sttts liggitt yue9944882 roycaihw
/assign sttts liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Log real file's name and line
**What this PR does / why we need it**:
Have correct location of emission in the logs
**Release note**:
pkg/kubectl/util/logs & staging/src/k8s.io/apiserver/pkg/util/logs
use `glog.info(...)` but this function is not made to be wrapped because
the underlying mechanism use a fixed call trace length to determine
where the log has been emited.
This results is having `logs.go:49` in the logs which is in the body
of the wrapper function and thus useless.
Instead use `glog.infoDepth(1, ...)` which tells the underlying mechanism
to go back 1 more level in the call trace to determine where the log
has been emitted.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create cli-runtime staging repository
**What this PR does / why we need it**:
This PR creates a designated repository for CLI helpers, which are used for:
- kubectl itself
- kubectl plugins
- commands that want to mimic kubectl behavior
/assign @deads2k @juanvallejo
@seans3 @pwittrock fyi
**Release note**:
```release-note
Create cli-runtime staging repository
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Labels to various OWNERS files
**What this PR does / why we need it**:
Will reduce the burden of manually adding labels. Information pulled
from:
https://github.com/kubernetes/community/blob/master/sigs.yaml
Change-Id: I17e661e37719f0bccf63e41347b628269cef7c8b
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce Azure custom metrics adapter in IMPLEMENTATIONS
**What this PR does / why we need it**:
Makes Kubernetes users aware that there is now a Microsoft Azure metrics adapter to use inside the cluster. This can be used to autoscale on with the abitrary metrics API.
All kudos goes to @jsturtevant for this.
**Which issue(s) this PR fixes**:
Relates to [jsturtevant/azure-k8-metrics-adapter #13](https://github.com/jsturtevant/azure-k8-metrics-adapter/issues/13)
**Special notes for your reviewer**: None.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67661, 67497, 66523, 67622, 67632). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reduce verbose logs of node addresses requesting
**What this PR does / why we need it**:
Kubelet build from the master branch is flushing node addresses requesting logs, which is too verbose:
```sh
Aug 16 10:09:40 node-1 kubelet[24217]: I0816 10:09:40.658479 24217 cloud_request_manager.go:97] Requesting node addresses from cloud provider for node "node-1"
Aug 16 10:09:40 node-1 kubelet[24217]: I0816 10:09:40.666114 24217 cloud_request_manager.go:116] Node addresses from cloud provider for node "node-1" collected
Aug 16 10:09:50 node-1 kubelet[24217]: I0816 10:09:50.666357 24217 cloud_request_manager.go:97] Requesting node addresses from cloud provider for node "node-1"
Aug 16 10:09:50 node-1 kubelet[24217]: I0816 10:09:50.674322 24217 cloud_request_manager.go:116] Node addresses from cloud provider for node "node-1" collected
Aug 16 10:10:01 node-1 kubelet[24217]: I0816 10:10:00.674644 24217 cloud_request_manager.go:97] Requesting node addresses from cloud provider for node "node-1"
Aug 16 10:10:01 node-1 kubelet[24217]: I0816 10:10:00.682794 24217 cloud_request_manager.go:116] Node addresses from cloud provider for node "node-1" collected
Aug 16 10:10:10 node-1 kubelet[24217]: I0816 10:10:10.683002 24217 cloud_request_manager.go:97] Requesting node addresses from cloud provider for node "node-1"
Aug 16 10:10:10 node-1 kubelet[24217]: I0816 10:10:10.689641 24217 cloud_request_manager.go:116] Node addresses from cloud provider for node "node-1" collected
Aug 16 10:10:20 node-1 kubelet[24217]: I0816 10:10:20.690006 24217 cloud_request_manager.go:97] Requesting node addresses from cloud provider for node "node-1"
Aug 16 10:10:20 node-1 kubelet[24217]: I0816 10:10:20.696545 24217 cloud_request_manager.go:116] Node addresses from cloud provider for node "node-1" collected
```
This PR sets them to level 5.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/cc @ingvagabund
Automatic merge from submit-queue (batch tested with PRs 67661, 67497, 66523, 67622, 67632). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow headless svc without ports to have endpoints
As cited in
https://github.com/kubernetes/dns/issues/174 - this is documented to
work, and I don't see why it shouldn't work. We allowed the definition
of headless services without ports, but apparently nobody tested it very
well.
Manually tested clusterIP services with no ports - validation error.
Manually tested services with negative ports - validation error.
New tests failed, output inspected and verified. Now pass.
xref https://github.com/kubernetes/dns/issues/174
**Release note**:
```release-note
Headless Services with no ports defined will now create Endpoints correctly, and appear in DNS.
```
Automatic merge from submit-queue (batch tested with PRs 67661, 67497, 66523, 67622, 67632). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updating ceph to use CSI for k8s >= 1.10
**What this PR does / why we need it**:
Updates the ceph charms to use CSI if the k8s version is >= 1.10
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Kubernetes juju charms will now use CSI for ceph.
```
Automatic merge from submit-queue (batch tested with PRs 67661, 67497, 66523, 67622, 67632). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Externalize node informers for node authz
the pull will completely externalize node authz together with #67194
ref: #66680
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
device manager: don't do operations on nil pointer
**What this PR does / why we need it**:
In the device plugin stub, if `grpc.DialContext()` fails, a `nil` connection is returned. Check the
error before calling `conn.Close()`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65788, 67648, 67660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] fix panic when node annotation is nil
**What this PR does / why we need it**:
kubeadm will panic, when the node annotation is nil.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
kubeadm: Fix panic when node annotation is nil
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup apiserver errors
- delete unused methods (is this safe, or might they be used in another project outside kubernetes/kubernetes?)
- use the standard library `http.Error` function (functional change adds a newline)
```release-note
NONE
```
/sig api-machinery
/kind cleanup
As cited in
https://github.com/kubernetes/dns/issues/174 - this is documented to
work, and I don't see why it shouldn't work. We allowed the definition
of headless services without ports, but apparently nobody tested it very
well.
Manually tested clusterIP services with no ports - validation error.
Manually tested services with negative ports - validation error.
New tests failed, output inspected and verified. Now pass.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prevent resourceVersion updates for custom resources on no-op writes
Fixes partly https://github.com/kubernetes/kubernetes/issues/67541
For ObjectMeta pruning, we round trip by marshalling and unmarshalling. If the ObjectMeta contained any strings with `""` (or other fields with empty values) _and_ the respective fields are `omitempty`, those fields will be lost in the round trip process.
This makes ObjectMeta after the no-op write different from the one before the write.
Resource version is incremented every time data is written to etcd. Writes to etcd short-circuit if the bytes being written are identical to the bytes already present.
So this ends up incrementing the `resourceVersion` even on no-op writes. This PR updates the `BeforeUpdate` function such that omitempty fields have values set only if they are non-zero so that they produce an unstructured object that matches ObjectMeta omitempty semantics.
/sig api-machinery
/kind bug
/area custom-resources
/assign sttts liggitt
**Release note**:
```release-note
Prevent `resourceVersion` updates for custom resources on no-op writes.
```
Automatic merge from submit-queue (batch tested with PRs 67332, 66737, 67281, 67173). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use v1 version of advanced audit policy in kubemark
audit api version has been updated to v1 #65891
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67332, 66737, 67281, 67173). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
storage e2e test: remove race when setting up loopback device
CI has shown occasional failures stemming from an -EBUSY when
test/e2e/storage/persistent_volumes-local.go aka "PersistentVolumes-local"
attempts to do losetup.
Looking at the code, it has a clear race between querying the current
free loopback device and later explicitly attempting to loopback setup a
file at the queried device node. Losetup nowadays includes the logic to
handle this for the user, if the '-f' option is used instead of naming
the desired target loopback device explicitly. It is safe to presume
a suitable losetup is present as the '-f' option is used elsewhere in
the test, and it is safe to not record the allocated device, as it is
already queried on the fly elsewhere in the test ahead of other commands
which need to know an already created loopback device's node name.
This patch should result in less flakes for this test case.
Signed-off-by: Tim Pepper <tpepper@vmware.com>
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67332, 66737, 67281, 67173). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use aws.StringSlice replace of deprecated func stringPointerArray
**What this PR does / why we need it**:
use aws.StringSlice replace of deprecated func stringPointerArray
```
// stringPointerArray creates a slice of string pointers from a slice of strings
// Deprecated: consider using aws.StringSlice - but note the slightly different behaviour with a nil input
func stringPointerArray(orig []string) []*string {
if orig == nil {
return nil
}
return aws.StringSlice(orig)
}
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue