Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add a `v1alpha3` API
**What this PR does / why we need it**:
Adds a (now duplicated) v1alpha3 API. Equal to `v1alpha2` now, but will be changed later.
Hopefully we'll graduate this to `v1beta1` during the v1.12 cycle.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/911
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/65776
- [x] https://github.com/kubernetes/kubernetes/pull/65628
**Special notes for your reviewer**:
These commits should be reviewed:
- `Add a duplicated v1alpha3 API`: A pure directory copy of the `v1alpha2` folder, only changed the package name in the Go files
- `Register the v1alpha3 API in the scheme, and update the roundtrip API tests`, started registering the new API and using it internally
- `Automated bump from v1alpha2 references to v1alpha3`: Replaced all v1alpha2 references with v1alpha3
**Release note**:
```release-note
kubeadm: Add a `v1alpha3` API.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add e2e tests for volumeMode of persistent volume
This set of e2e tests is to confirm that persistent volume works well for all volumeModes.
Coverage of the tests are shown in the figure of [Test cases], below.
Once implementation policy is confirmed to be good, we can add plugins and test cases to this.
[Test cases]
```
# plugin volumeMode Test case Expectation
--- ---------- -------------- ------------------------------------------------------ ------------
1 iSCSI Block (a) Create Pod with PV and confirm Read/Write to PV Success
2 iSCSI Block (b) Create Pod and restart kubelet and confirm PV Success
3 iSCSI Block (c) Create Pod and restart kubelet while deleting PV Success
4 iSCSI FileSystem (a) Create Pod with PV and confirm Read/Write to PV Success
5 iSCSI FileSystem (b) Create Pod and restart kubelet and confirm PV Success
6 iSCSI FileSystem (c) Create Pod and restart kubelet while deleting PV Success
7 RBD Block (a) Create Pod with PV and confirm Read/Write to PV Success
8 RBD Block (b) Create Pod and restart kubelet and confirm PV Success
9 RBD Block (c) Create Pod and restart kubelet while deleting PV Success
10 RBD FileSystem (a) Create Pod with PV and confirm Read/Write to PV Success
11 RBD FileSystem (b) Create Pod and restart kubelet and confirm PV Success
12 RBD FileSystem (c) Create Pod and restart kubelet while deleting PV Success
13 CephFS Block (a) Create Pod with PV and confirm Read/Write to PV Fail
14 CephFS FileSystem (a) Create Pod with PV and confirm Read/Write to PV Success
15 CephFS FileSystem (b) Create Pod and restart kubelet and confirm PV Success
16 CephFS FileSystem (c) Create Pod and restart kubelet while deleting PV Success
17 NFS Block (a) Create Pod with PV and confirm Read/Write to PV Fail
18 NFS FileSystem (a) Create Pod with PV and confirm Read/Write to PV Success
19 NFS FileSystem (b) Create Pod and restart kubelet and confirm PV Success
20 NFS FileSystem (c) Create Pod and restart kubelet while deleting PV Success
```
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56803
**Special notes for your reviewer**:
/sig storage
@gnufied @rootfs @jsafrane @jeffvance
This PR is intend to reflect the comments for the below PR.
https://github.com/kubernetes/kubernetes/pull/56804
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean unused function in file pkg/volume/projected/projected.go
**What this PR does / why we need it**:
It was imported by https://github.com/kubernetes/kubernetes/pull/37237
And it is unusable at first place when it was imported
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add StatefulSet rollback and rolling update test with PVCs
**What this PR does / why we need it**:
Adds a StatefulSet e2e test for testing rolling upgrades and rollbacks on a StatefulSet using PVCs.
**Which issue(s) this PR fixes**:
Fixes#63940
**Release note**:
```
NONE
```
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make use of request.UserAgent()
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @sttts
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos for TestBackoffHighWaterMark
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update --template printer defaulting
**Release note**:
```release-note
NONE
```
Depends on https://github.com/kubernetes/kubernetes/pull/65711
The relevant commit for this PR is the last one (`
fix go-template defaulting for commands w default output format`)
cc @deads2k @soltysh
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fail on rbac resources of non-v1 versions in reconcile
Reconcile only supports rbac/v1 and other resources are skipped. This is good, except that only RBAC resources should really fail. This makes it fail.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
run test TestAttacherMountDevice in temp directory
This change fix two unit test:
1. After run command `make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherMountDevice$'`
There is a file leaked in work space:
pkg/volume/csi/vol_data.json
2. make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherUnmountDevice$'
This test fails if it does not run along with TestAttacherMountDevice.
This change fix it.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove the v1alpha1 API
**What this PR does / why we need it**:
In v1.10 and earlier, kubeadm only had the `v1alpha1` API.
In v1.11, kubeadm could read `v1alpha1` configs, but only write `v1alpha2` configs
In v1.12, kubeadm can read `v1alpha2` configs, but only write `v1alpha3` or `v1beta1` configs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/911
Depends on: https://github.com/kubernetes/kubernetes/pull/65776
**Special notes for your reviewer**:
**Release note**:
```release-note
[action required] kubeadm: The `v1alpha1` config API has been removed.
Please convert your `v1alpha1` configuration files to `v1alpha2` using the
`kubeadm config migrate` command of kubeadm v1.11.x
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add healthz check to ensure logging is not blocked
When running the apiserver/controllers in pods, we encountered a docker bug that blocked stdout/stderr (https://github.com/moby/moby/issues/31373)
That in turn blocked flushing logs, which in turn eventually blocked any goroutine that logs anything (which is pretty much all the important goroutines)
This adds a healthz check that logging is not blocked so that healthz indicates something is wrong
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: wait for all errors and successes on podEviction
**What this PR does / why we need it**: This fixes `kubectl drain` to wait until all errors and successes are processed, instead of returning the first error. It also tweaks the behavior of the cleanup to check to see if the pod is already terminating, and if it is to not reissue the pod terminate which leads to an error getting thrown. This fix will allow `kubectl drain` to complete successfully when a node is draining.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @sjenning
**Release note**:
```release-note
NONE
```
#### Reproduction steps
### sleep.yml
```yaml
apiVersion: v1
kind: Pod
metadata:
name: bash
spec:
containers:
- name: bash
image: bash
resources:
limits:
cpu: 500m
memory: 500Mi
command:
- bash
- -c
- "nothing() { sleep 1; } ; trap nothing 15 ; while true; do echo \"hello\"; sleep 10; done"
terminationGracePeriodSeconds: 3000
restartPolicy: Never
```
```
$ kubectl create ns testing
$ kubectl create -f sleep.yml
$ kubectl delete ns testing
$ kubectl drain 127.0.0.1 --force
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Stop using/supporting the v1alpha1 Config API
**What this PR does / why we need it**:
In v1.10 and earlier, kubeadm only had the v1alpha1 API.
In v1.11, kubeadm could read v1alpha1 configs, but only write v1alpha2 configs
In v1.12, kubeadm can read v1alpha2 configs, but only write v1alpha3 or v1beta1 configs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/kubernetes/pull/65628
ref: kubernetes/kubeadm#911
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/assign @timothysc
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to go1.10.3
**What this PR does / why we need it**: updates to build with go1.10.3; see list of changes [here](https://github.com/golang/go/issues?q=milestone%3AGo1.10.3).
We'll probably want to cherrypick this to release-1.11 as well.
**Release note**:
```release-note
Update to use go1.10.3
```
/assign @BenTheElder @cblecker
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add additional authorization check for create-on-update
**What this PR does / why we need it**:
Currently it is possible for a user who is only authorized to update objects to send a PUT request for an object that doesn't currently exist, and if that resource allows create on update, it will all them to create the object. This PR fixes that bug and adds a test case which fails on master, but succeeds when the additional authorization check is done.
/sig api-machinery
/kind bug
/cc @liggitt @lavalamp
**Release note**:
```release-note
LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed.
```
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make template printers a recommended printer
WIP because it needs tests. Apparently there weren't any before.
@juanvallejo open a pull to this branch adding tests for commands that need `--template` support and I'll squash them in.
@liggitt since you think it's widespread, here's an option to make it "normal"
@kubernetes/sig-cli-maintainers
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improved logging message for checking if node is shutdown.
**What this PR does / why we need it**:
The previous error message was "Error getting data for node" which was too broad of a message and not very descriptive. This PR will update it to "Error checking if node is shutdown" so that it is more specific.
```release-note
NONE
```
Fixes defaulting done for commands that default to a specific output
format (such as yaml, json) when a --template flag is provided and no
explicit --output value is given.
Under the above case, these commands will now properly default to
honoring the --template argument given, and default their --output
format to "go-template".
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Mengqi to the list of approvers for strategicpatch
cc @mengqiy
/assign @pwittrock
Replaces #65535
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update priority admission to improve interoperability
Builds on https://github.com/kubernetes/kubernetes/pull/65722
Makes the following adjustments to the priority admission plugin:
* allows creation of pods to include an explicit priority field if it matches the computed priority (allows export/import cases to continue to work on the same cluster, between clusters that match priorityClass values, and between clusters where priority is unused and all pods get `priority:0`)
* preserves existing priority if a pod update does not include a priority value and the old pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value on create being preserved by the admission plugin on update)
This should avoid the failures revealed by the kubectl tests exercising the pod API without any awareness of the priority feature
/sig scheduling
/cc @bsalamat
```release-note
kube-apiserver: the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add lichuqiang as reviewer of persistentvolume controller (for volume scheduling)
Now that I've been working on the storage topology-aware feature for quite a time. Really hope that I can help do some review.
```release-note
NONE
```
/assign @msau42
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix 'kubectl cp' with no arguments causes a panic
**What this PR does / why we need it**:
/kind bug
"kubectl cp" with no arguments causes a panic
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65475
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix 'kubectl cp' with no arguments causes a panic
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bazel: kubelet deb package postinstall step
**What this PR does / why we need it**:
Presently bazel build .deb (kubelet.deb specifically) does not auto-restart after installation. Adding a postinst control file fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
kubernetes/kubeadm#944
**Special notes for your reviewer**:
@chuckha
```release-note
bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation
```
Automatic merge from submit-queue (batch tested with PRs 65719, 65764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix CoreDNS image generation bug
**What this PR does / why we need it**:
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65757
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind bug
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65719, 65764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
juju: Fix upgrade actions not working with resources
**What this PR does / why we need it**:
This fixes an issue with the kubernetes-master and kubernetes-worker charms, where running the `upgrade` action does not actually perform an upgrade when snaps are attached as resources.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/528
**Special notes for your reviewer**:
The underlying issue is that both layer-snap and the kubernetes layers are using `any_file_changed` to look for changes in the resources. This PR fixes it by removing the use of `any_file_changed` in the top-level layers, and implementing our own code for it instead.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65381, 65751). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix smb mount security issue
**What this PR does / why we need it**:
fix smb mount security issue:
user PowerShell Environment Variables to store user input string to prevent command line injection, the env var in PowerShell would be taken as literal values and not as executable vulnerable code, this kind of fix is common for command line injection issue (called: parameterized way)
Originally use go sdk for `New-SmbGlobalMapping` is best solution, while after discussion with Windows team, go API for `New-SmbGlobalMapping` is not ready yet and the new functionality of basic win32 API [NetUseAdd](https://msdn.microsoft.com/en-us/library/windows/desktop/aa370645(v=vs.85).aspx) is not public yet, use [PowerShell with Environment Variables](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1) is also their recommended way.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65750
**Special notes for your reviewer**:
- This is a security issue fix, no behavior change, E2E test of smb mount passes.
- Original logging as `azureMount` is incorrect since this mount_windows is for mount disk & smb, it's a common feature on Windows, not specific to Azure, I will send another PR to fixing all the logging naming issue, anyway it's not related to this security issue. Let's keep this PR simple.
**Release note**:
```
fix smb mount security issue
```
/sig windows
/sig storage
/kind bug
@jessfraz
/assign @jsafrane @msau42
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Kubernetes Submit Queue