Automatic merge from submit-queue (batch tested with PRs 47360, 48930)
Sig-instrumentation e2e tests refactoring
Consolidate all sig-intrumentation-owned tests to one directory with clean owners.
/cc @piosz
Automatic merge from submit-queue
GCP Fluentd Logging of node-problem-detector
**What this PR does / why we need it**:
This PR adds `node-problem-detector` logging to the gcp fluentd configmap.
Adding this logging GCE can now capture events and alert on process `OOMKilling` conditions when applying memory limits to containers.
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Renamed nodeutil to v1node.
**What this PR does / why we need it**:
Renamed `nodeutil` to `v1node` as there's already another similar package named `utilnode`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46973, 48556)
Improve error reporting when flex driver has failed to initialize
**What this PR does / why we need it**:
This PR improves error reporting for the case when flex driver is failing to initialize. There are 2 improvements:
1) show only the plugin name instead of a full struct. This makes a message shorter and removes useless and internal information.
Before:
>E0605 16:44:59.330215 26786 plugins.go:359] Failed to load volume plugin &{k8s/nfs /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs %!s(*kubelet.kubeletVolumeHost=&{0xc431ea5800 {{1 0} map[kubernetes.io/downward-api:0xc431ee3f20 kubernetes.io/aws-ebs:0xc431ee3eb0 kubernetes.io/git-repo:0xc431ee3ef0 kubernetes.io/host-path:0xc430e985f0 kubernetes.io/rbd:0xc42bfab840 kubernetes.io/quobyte:0xc431ee3f00 kubernetes.io/fc:0xc42bfab980 kubernetes.io/empty-dir:0xc431ee3ed0 kubernetes.io/nfs:0xc430e98640 kubernetes.io/iscsi:0xc42bfab720 kubernetes.io/glusterfs:0xc430faaba0 kubernetes.io/cinder:0xc42bfab8c0 kubernetes.io/gce-pd:0xc431ee3ee0 kubernetes.io/secret:0xc42bfab6a0 kubernetes.io/flocker:0xc431ee3f30 kubernetes.io/cephfs:0xc431ee3f10]} 0xc42698cf40}) %!s(*exec.executor=&{}) {%!s(int32=0) %!s(uint32=0)} []}, error: unexpected end of JSON input
After:
>E0605 16:59:45.520185 29041 plugins.go:359] Failed to load volume plugin k8s/nfs, error: unexpected end of JSON input
2) quote script output. In case the output was empty, messages look a bit better:
Before:
> E0605 16:44:59.330077 26786 driver-call.go:212] Failed to unmarshal output for command: init, **output: **, error: unexpected end of JSON input
> W0605 16:44:59.330170 26786 driver-call.go:140] FlexVolume: driver call failed: executable: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs, args: [init], error: fork/exec /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: permission denied, **output: **
After:
>E0605 16:59:45.519906 29041 driver-call.go:212] Failed to unmarshal output for command: init, **output: ""**, error: unexpected end of JSON input
>W0605 16:59:45.520109 29041 driver-call.go:140] FlexVolume: driver call failed: executable: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs, args: [init], error: fork/exec /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: permission denied, **output: ""**
Automatic merge from submit-queue (batch tested with PRs 44129, 48030, 48906)
Add default=false to usage of kube-apiserver allow-privileged flag
**What this PR does / why we need it**:
Users will be clear about default value of `allow-privileged` flag.
Automatic merge from submit-queue
Fix comments and typo in the error message
**What this PR does / why we need it**:
This PR fixes outdated comments and typo in the error message.
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 46318, 48978)
Mark sig-scheduling tests with [sig-scheduling] so they can be selected for the testdash dashboard
**What this PR does / why we need it**:
Mark sig-scheduling tests with [sig-scheduling] so they can be selected for the testdash dashboard
(see kubernetes/test-infra#3529 for sig-scheduling dashboard definition).
cc/ @bsalamat @kubernetes/sig-scheduling-pr-reviews
Automatic merge from submit-queue
Allow setting service account with kubectl run
As more containers need to make use of the API, and more clusters are RBAC-enabled, which service account is used to run a particular container becomes more important.
This adds support to existing generators for setting the service account name in the pod spec.
```release-note
`kubectl run` learned how to set a service account name in the generated pod spec with the `--serviceaccount` flag.
```
related to #45147
Automatic merge from submit-queue
Improved code coverage for equivalence cache.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue
Fix share name generation in azure file provisioner.
**What this PR does / why we need it**:
Azure file share name has a length limit of 63, but currently the code is using data volume's limit 75.
**Which issue this PR fixes**
With current implementation, when the cluster name is long, the resulting file share name could have a length of 75.
Also function `GenerateVolumeName` would produce double '-' when clusterName containing '-' is to be truncated.
In both cases, service would reject the creating file share request.
**Special notes for your reviewer**:
Please refer to:
https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-shares--directories--files--and-metadata#share-names
- Share names must be from 3 through 63 characters long.
- The name cannot contain two consecutive hyphens.
@rootfs @colemickens
**Release note**:
Automatic merge from submit-queue
jsonpath filter: allow intermediate missing keys
**What this PR does / why we need it**:
In jsonpath, when filtering a list, if allowMissingKeys is true, skip
over any items that are missing an intermediate key in the filter,
instead of returning a confusing error.
For example, if the filter is
{.items[?(@.metadata.annotations.foo=="bar")].metadata.name}
we should return all items where metadata.annotations.foo == bar, but if
an item in the list does not have metadata, metadata.annotations, or
metadata.annotations.foo, skip it instead of erroring.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45546
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed a bug where a jsonpath filter would return an error if one of the items being evaluated did not contain all of the nested elements in the filter query.
```
cc @timothysc @smarterclayton @stevekuznetsov @mengqiy @liggitt @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 48890, 46893, 48872, 48896)
Fix the order of deletion
1. EnsureLoadBalancer can't delete pool without deleting members,
just let EnsureLoadBalancerDeleted do it.
2. Add some friendly error message
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48890, 46893, 48872, 48896)
Support customized system spec in the node conformance test and create the GKE system spec
ref: https://github.com/kubernetes/kubernetes/issues/46891
- System specs are located in `test/e2e_node/system/specs`. Created one for validating GKE images in `test/e2e_node/system/specs/gke.yaml`.
- `--image-spec-name` can be used to specify a system spec in node e2e and conformance tests. This option maps to `SYSTEM_SPEC_NAME` in a test properties file, which is the user facing configuration. So, users can specify `SYSTEM_SPEC_NAME=gke` to run the image validation using the GKE system spec.
- If `SYSTEM_SPEC_NAME` is unspecified, the default spec (`system.DefaultSysSpec`) will be used.
- We can also use `make test-e2e-node SYSTEM_SPEC_NAME=gke` to run tests using GKE image spec.
**Release note**:
`None`
Automatic merge from submit-queue
Move api-machinery related e2e tests to a 'api-machinery' e2e test su…
…bdirectory.
**What this PR does / why we need it**:
Moves all e2e tests belonging to sig-api-machinery into a dedicated `test/e2e/apimachinery ` directory and updates the tests to use `SigDescribe` to prepend `[sig-api-machinery]` to the testnames of all apimachinery owned tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
EnsureHostInPool() submits a GET to azure API for VM info. We’re seeing this on agent node kubelets and would like to enable configurable backoff engagement for 4xx responses to be able to slow down the rate of reconciliation, when appropriate.
Automatic merge from submit-queue (batch tested with PRs 48842, 48891)
[Federation] Handle federation up timeouts
Instead of relying on external timeout command.
First raised in #48756
/assign madhusudancs
Automatic merge from submit-queue
Add quick-verify make rule.
This is useful for humans to run to catch obvious problems before
pushing commits and waiting for CI to run verify checks.
Quick mode only runs a whitelist of verify scripts that are reasonably fast.
I set the initial bar arbitrarily at <10s each on my workstation.
The whole set runs in <30s for me, assuming I had already run `make` and
`hack/godep-restore.sh`. This is compared to the full `make verify`
which takes [I don't know how long because I gave up after 45min].
Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)
use port configuration
**What this PR does / why we need it**: Uses the `port` config option in the kubeapi-load-balancer charm.
**Release note**:
```release-note
Uses the port config option in the kubeapi-load-balancer charm.
```
Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)
move sig-apps upgrade tests to its directory
**What this PR does / why we need it**: This PR moves sig-apps upgrade tests to its directory in accord to fixit requirements.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48839
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)
run must output message on container error
**What this PR does / why we need it**: `kubectl run` must output a message (instead of just exiting with an error code) on container error.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/openshift/origin/issues/15031 found in OpenShift
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47066, 48892, 48933, 48854, 48894)
replace hardcoded use of "kubectl" in apply warning msg
**Release note**:
```release-note
NONE
```
Removes use of hardcoded "kubectl" in the `kubectl apply ...` warning message that is printed when the `last-applied-configuration` annotation is missing on a resource. This is useful for downstream wrappers around the `apply` command.
cc @stevekuznetsov @fabianofranz
Automatic merge from submit-queue (batch tested with PRs 47066, 48892, 48933, 48854, 48894)
azure: msi: add managed identity field, logic
**What this PR does / why we need it**: Enables managed service identity support for the Azure cloudprovider. "Managed Service Identity" allows us to ask the Azure Compute infra to provision an identity for the VM. Users can then retrieve the identity and assign it RBAC permissions to talk to Azure ARM APIs for the purpose of the cloudprovider needs.
Per the commit text:
```
The azure cloudprovider will now use the Managed Service Identity
to retrieve access tokens for the Azure ARM APIs, rather than
requiring hard-coded, user-specified credentials.
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a
**Special notes for your reviewer**: none
**Release note**:
```release-note
azure: support retrieving access tokens via managed identity extension
```
cc: @brendandburns @jdumars @anhowe
Automatic merge from submit-queue (batch tested with PRs 47066, 48892, 48933, 48854, 48894)
Fix windows build by altering go-ansiterm version
**What this PR does / why we need it**:
An attempt to fix windows build break in #48887, moves `github.com/Azure/go-ansiterm` to 70b2c90b26.
We can upgrade to new version when we pick docker 1.12
See also:
fab67ab677 (diff-c36e523b64f1ca41293e912113063a92L9)
**Which issue this PR fixes**
Fixes#48887
**Special notes for your reviewer**:
**Release note**:
Automatic merge from submit-queue
examples/volumes/flexvolume/nfs: check for jq and simplify quoting
**What this PR does / why we need it**:
This PR improves error reporting of the nfs flex plugin script. Before it output non-JSON error, when `jq` wasn't installed on the server:
```
$ /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs getvolumename test
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs: line 87: jq: command not found
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs: line 88: jq: command not found
{"status": "Success", "volumeName": "/"}
```
K8s fails to unmarshal such output to show an error in the logs:
>E0606 19:32:30.196262 25700 driver-call.go:212] Failed to unmarshal output for command: getvolumename, output: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: line 87: jq: command not found\n/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: line 88: jq: command not found\n{\"status\": \"Success\", \"volumeName\": \"/\"}", error: invalid character '/' looking for beginning of value
After this change:
```sh
$ /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs getvolumename test
{ "status": "Failure", "message": "'jq' binary not found. Please install jq package before using this driver"}
```
and
> E0606 19:52:07.915594 25700 driver-call.go:219] getvolumename command failed, status: Failure, reason: 'jq' binary not found. Please install jq package before using this driver
Also this PR improves quoting a bit by using single quotes where it possible.
**Release note**:
```release-note
NONE
```
CC @mfojtik
Automatic merge from submit-queue
remove some people from OWNERS so they don't get reviews anymore
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- @bprashanth
- @rjnagal
- @vmarmol
Kubernetes Submit Queue