Automatic merge from submit-queue (batch tested with PRs 56008, 56013). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
KubeletConfiguration.BaseConfig.ClusterDNS defaults to the tenth address of MasterConfiguration.Networking.ServiceSubnet
**What this PR does / why we need it**:
If can get DNS IP from MasterConfiguration.Networking.ServiceSubnet, defaults to it. Otherwise defaults to DefaultClusterDNSIP
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validate usage strings when creating bootstrap tokens via kubeadm
**What this PR does / why we need it**:
fix TODO: Validate usages here so we don't allow something unsupported
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55233, 55927, 55903, 54867, 55940). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enhance kubeadm markmaster
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm phases, and more specifically improves `mark-master` phase by implementing a behaviour similar to `kubeadm init`, that is:
- dynamically initialise node name if not provided
- allow to override with `--node-name` flag or with `--config`
Also reference doc for `mark-master` was improved.
**Which issue(s) this PR fixes**
part of the effort for [#454](https://github.com/kubernetes/kubeadm/issues/454)
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
Alpha disclaimer aligned to change requested on the website.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55642, 55897, 55835, 55496, 55313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disable container disk metrics when using the CRI stats integration
Issue: https://github.com/kubernetes/kubernetes/issues/51798
As explained in the issue, runtimes which make use of the CRI Stats API still have the performance overhead of collecting those same stats through cAdvisor.
The CRI Stats API has metrics for CPU, Memory, and Disk. This PR significantly reduces the added overhead due to collecting these stats in both cAdvisor and in the runtime.
This PR disables container disk metrics, which are very expensive to collect.
This PR does not disable node-level disk stats, as the "Raw" container handler does not currently respect ignoring DiskUsageMetrics.
This PR factors out the logic for determining whether or not to use the CRI stats provider into a helper function, as cAdvisor is instantiated before it is passed to the kubelet as a dependency.
cc @kubernetes/sig-node-pr-reviews @derekwaynecarr
/kind feature
/sig node
/assign @Random-Liu @derekwaynecarr
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add kubeadm support for Kubelet Dynamic Configuration
**What this PR does / why we need it**:
This PR will make kubeadm support for Kubelet Dynamic Configuration. This is still WIP (and the code seems ugly). Creating the PR for now to let reviewers see if I understand the feature correctly and am on the right path and what else I'm missing.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/28
**Special notes for your reviewer**:
This feature is targeting for 1.9 as alpha.
/cc @luxas @mtaufen @mikedanese
**Release note**:
```release-note
Kubeadm now supports for Kubelet Dynamic Configuration.
```
The first call to Set will clear the map before adding entries;
subsequent calls will simply append to the map.
This makes it possible to override default values with a command-line
option rather than appending to defaults,
while still allowing the distribution of key-value pairs across
multiple flag invocations.
For example: `--flag "a:hello" --flag "b:again" --flag "b:beautiful"
--flag "c:world"` results in `{"a": ["hello"], "b": ["again",
"beautiful"], "c": ["world"]}`
- Changes the following KubeletConfiguration fields from `string` to
`map[string]string`:
- `EvictionHard`
- `EvictionSoft`
- `EvictionSoftGracePeriod`
- `EvictionMinimumReclaim`
- Adds flag parsing shims to maintain Kubelet's public flags API, while
enabling structured input in the file API.
- Also removes `kubeletconfig.ConfigurationMap`, which was an ad-hoc flag
parsing shim living in the kubeletconfig API group, and replaces it
with the `MapStringString` shim introduced in this PR. Flag parsing
shims belong in a common place, not in the kubeletconfig API.
I manually audited these to ensure that this wouldn't cause errors
parsing the command line for syntax that would have previously been
error free (`kubeletconfig.ConfigurationMap` was unique in that it
allowed keys to be provided on the CLI without values. I believe this was
done in `flags.ConfigurationMap` to facilitate the `--node-labels` flag,
which rightfully accepts value-free keys, and that this shim was then
just copied to `kubeletconfig`). Fortunately, the affected fields
(`ExperimentalQOSReserved`, `SystemReserved`, and `KubeReserved`) expect
non-empty strings in the values of the map, and as a result passing the
empty string is already an error. Thus requiring keys shouldn't break
anyone's scripts.
- Updates code and tests accordingly.
Regarding eviction operators, directionality is already implicit in the
signal type (for a given signal, the decision to evict will be made when
crossing the threshold from either above or below, never both). There is
no need to expose an operator, such as `<`, in the API. By changing
`EvictionHard` and `EvictionSoft` to `map[string]string`, this PR
simplifies the experience of working with these fields via the
`KubeletConfiguration` type. Again, flags stay the same.
Other things:
- There is another flag parsing shim, `flags.ConfigurationMap`, from the
shared flag utility. The `NodeLabels` field still uses
`flags.ConfigurationMap`. This PR moves the allocation of the
`map[string]string` for the `NodeLabels` field from
`AddKubeletConfigFlags` to the defaulter for the external
`KubeletConfiguration` type. Flags are layered on top of an internal
object that has undergone conversion from a defaulted external object,
which means that previously the mere registration of flags would have
overwritten any previously-defined defaults for `NodeLabels` (fortunately
there were none).
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move 'alpha' KubeletConfiguration fields that aren't feature-gated and self-registration fields to KubeletFlags
Some of these fields are marked "alpha" in help text. They cannot be in the KubeletConfiguration object unless they are feature gated or graduated from alpha.
Others relate to Kubelet self-registration, and given https://github.com/kubernetes/community/pull/911 I think its prudent to wait and see if these really should be in the KubeletConfiguration type.
For now we just leave them all as flags.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54647, 55581). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove redundant code in ValidateDiscovery
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
**What this PR does / why we need it**:
Remove redundant code in ValidateDiscovery.
It deplicated check for DiscoveryToken and DiscoveryFile as follows:
func ValidateDiscovery(c *kubeadm.NodeConfiguration, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if len(c.DiscoveryToken) != 0 {
allErrs = append(allErrs, ValidateToken(c.DiscoveryToken, fldPath)...)
}
if len(c.DiscoveryFile) != 0 {
allErrs = append(allErrs, ValidateDiscoveryFile(c.DiscoveryFile, fldPath)...)
}
allErrs = append(allErrs, ValidateArgSelection(c, fldPath)...)
allErrs = append(allErrs, ValidateToken(c.TLSBootstrapToken, fldPath)...)
allErrs = append(allErrs, ValidateJoinDiscoveryTokenAPIServer(c, fldPath)...)
if len(c.DiscoveryToken) != 0 {
allErrs = append(allErrs, ValidateToken(c.DiscoveryToken, fldPath)...)
}
if len(c.DiscoveryFile) != 0 {
allErrs = append(allErrs, ValidateDiscoveryFile(c.DiscoveryFile, fldPath)...)
}
return allErrs
}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55868, 55393, 55152, 55849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a typo in CloudControllerManager
**What this PR does / why we need it**:
Fix a typo in CloudControllerManager
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55868, 55393, 55152, 55849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve documentation for kubeadm preflight command
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm reference doc (CLI, website, manpages), and more specifically improves documentation for `kubeadm alpha phase preflight`
**Which issue(s) this PR fixes**:
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
The PR has two commits:
- `Clone documentation utility from //pkg/kubectl/cmd/templates`, that re-implements in kubeadm some kubectl utilities for handling description and examples for cobra.commands; more PR will follow re-using those utilities. NB. I was forced to add an exception to golint because `blackfriday.Renderer` requires to implement an interface that is not compliant
- `kubeadm-doc-preflight` that implements improvement to `kubeadm alpha phase preflight`
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Create dnsIP by selecting the tenth IP from k8s svc CIDR
**What this PR does / why we need it**:
Creates dnsIP by selecting the ninth IP from k8s svc cluster IP, instead of appending 0 to the k8s svcIP string.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51997
**Special notes for your reviewer**:
This is helpful when we have service cluster range CIDR as 10.87.116.64/26 (for example), previously this would have failed while parsing the dnsIP, as we used to append a 0 to the k8s svc clusterIP string. This will get the same dnsIP 10.96.0.10 for very widely used service cluster range CIDR 10.96.0.0/12
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a grammatical problem in a comment
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 55682, 55444, 55456, 55717, 55131). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix crictl command for reset
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
**What this PR does / why we need it**:
This PR is fixing kubeadm reset, we used the wrong command pipeline now that crictl has a new version out. This version targets kube master (1.9-dev) so this is the right fix.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix kubeadm reset crictl command
```
@luxas PTAL
Automatic merge from submit-queue (batch tested with PRs 55764, 55683, 55468, 54409, 55546). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
streamline kubeadm-doc-gen
**What this PR does / why we need it**:
this PR completes the work of #54616 by automating post processing for kubeadm automatically generate documentation.
Post processing is necessary to adapt generated documents on website conventions, and before this PR, was executed manually.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-docs-maintainers @Bradamant3 @heckj @luxas
Automatic merge from submit-queue (batch tested with PRs 55764, 55683, 55468, 54409, 55546). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable file back state in static policy
**What this PR does / why we need it**:
Enables file back `State` in `static policy` and cpu manager + tests.
Upon policy start, state read from file is validated whether it meets the policy assumption. In case of any error, state is cleared.
Previous PR: #54408
Next PR: #54409
Automatic merge from submit-queue (batch tested with PRs 55764, 55683, 55468, 54409, 55546). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm join: Error out if CA pinning isn't used or opted out of
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
**What this PR does / why we need it**:
convert the warning to an error in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/534
**Special notes for your reviewer**:
/cc @mattmoyer
**Release note**:
```release-note
[action required] kubeadm join: Error out if CA pinning isn't used or opted out of
* kubeadm now requires the user to specify either the `--discovery-token-ca-cert-hash` flag or the `--discovery-token-unsafe-skip-ca-verification` flag.
```
Automatic merge from submit-queue (batch tested with PRs 55648, 55274, 54982, 51955, 55639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Swap NetworkPolicy storage to networking.k8s.io/v1
Finishes(?) the NetworkPolicy v1 migration.
Fixes#50604
The integration test passes. I copied the test-update-storage-objects.sh change from #50327 and have no idea if it's right.
/cc @sttts @caesarxuchao @thockin
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 55648, 55274, 54982, 51955, 55639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm:Clean up no longer used k8sVersion param
**What this PR does / why we need it**:
cleanup for kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
~~`kubeadm join` now requires the `--discovery-token-ca-cert-hash` argument to be set, or the `--discovery-token-unsafe-skip-ca-verification` flag to be set for opting out of the CA pinning feature.~~
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Conditionally mount flexvolume
**What this PR does / why we need it**:
See https://github.com/kubernetes/kubeadm/issues/476
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/476
```release-note
kubeadm: Fix a bug on some OSes where the kubelet tried to mount a volume path that is non-existent and on a read-only filesystem
```
/cc @luxas
Automatic merge from submit-queue (batch tested with PRs 53780, 55663, 55321, 52421, 55659). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicated import
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
hyperkube: add cloud-controller-manager
**What this PR does / why we need it**:
Adds `cloud-controller-manager` to `hyperkube`. (fix#55732)
This is useful as a number of deployment tools run all of the kubernetes components from the `hyperkube` image/binary. It also makes testing easier as a single binary/image can be built and pushed quickly.
This PR follows the same pattern of the other kubernetes binaries being available as part of `hyperkube`.
(This PR also makes an error condition appropriately fatal.)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: n/a
**Special notes for your reviewer**: n/a
**Release note**:
```release-note
hyperkube: add cloud-controller-manager
```
/sig cluster-lifecycle
/area cloudprovider
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce new `VolumeAttachment` API Object
**What this PR does / why we need it**:
Introduce a new `VolumeAttachment` API Object. This object will be used by the CSI volume plugin to enable external attachers (see design [here](https://github.com/kubernetes/community/pull/1258). In the future, existing volume plugins can be refactored to use this object as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Part of issue https://github.com/kubernetes/features/issues/178
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Introduce the v1alpha1 version to the Kubernetes storage API. And add a
new VolumeAttachment object to that version. This object will initially
be used only by the new CSI Volume Plugin. Eventually existing volume
plugins can be refactored to use it too.
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix incorrect parameter tip
**What this PR does / why we need it**:
run kubelet set --init-config-dir=xxx, kubelet not work. see the error log need to open KubeletConfigFile feature gates.
But
kubelet --help
--init-config-dir string The Kubelet will look in this directory for the init configuration. The path may be absolute or relative; relative paths start at the Kubelet's current working directory. Omit this argument to use the built-in default configuration values. Presently, you must also enable the `DynamicKubeletConfig` feature gate to pass this flag.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes ##55666
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enforce use of fixed size int types in the API
Changes 'int' to 'int32', enforced by import_known_versions_test
Follow up to PR #53402
**What this PR does / why we need it**:
This PR changes a few fields within the API from 'int' to 'int32' and is now enforced by import_known_versions_test. We need this so integer fields are the same size regardless of $GOARCH.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
aggregate cluster roles
xref https://github.com/kubernetes/community/pull/1219https://github.com/kubernetes/features/issues/502
This is a pull with API types, a controller, and a demonstration of how to move admin, edit, and view. Once we agree on the shape, I'll
I added
```yaml
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-admin: true
```
to the `ClusterRole`. A controller then goes and gathers all the matching ClusterRoles and sets the `rules` to the union of matching cluster roles.
@kubernetes/sig-auth-pr-reviews
```release-note
RBAC ClusterRoles can now select other roles to aggregate
```
Automatic merge from submit-queue (batch tested with PRs 55594, 47849, 54692, 55478, 54133). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add kubeadm alpha phase kubeconfig option(--output)
**What this PR does / why we need it**:
This PR will add --output option to `kubeadm alpha phase kubeconfig [command]`
This option can change output directory of kubeconfig.
Prev: kubeadm alpha phase kubeconfig admin
we can get admin.conf in /etc/kubernetes/ .
This PR: kubeadm alpha phase kubeconfig admin --output /root
we can get admin.conf in /root/ .
Of course, --output is optional.(default directory is /etc/kubernetes)
Note)
I have no confidence about my test code.
Thank you.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Part 1] Remove docker dep in kubelet startup
**What this PR does / why we need it**:
Remove dependency of docker during kubelet start up.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Part 1 of #54090
**Special notes for your reviewer**:
Changes include:
1. Move docker client initialization into dockershim pkg.
2. Pass a docker `ClientConfig` from kubelet to dockershim
3. Pass parameters needed by `FakeDockerClient` thru `ClientConfig` to dockershim
(TODO, the second part) Make dockershim tolerate when dockerd is down, otherwise it will still fail kubelet
Please note after this PR, kubelet will still fail if dockerd is down, this will be fixed in the subsequent PR by making dockershim tolerate dockerd failure (initializing docker client in a separate goroutine), and refactoring cgroup and log driver detection.
**Release note**:
```release-note
Remove docker dependency during kubelet start up
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm enable endpoint-reconciler for HA clusters
**What this PR does / why we need it**:
enable endpoint-reconciler on kube-apiserver when creating HA clusters with kubeadm
**Which issue(s) this PR fixes**:
[#529](https://github.com/kubernetes/kubeadm/issues/529)
**Special notes for your reviewer**:
CC @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53337, 55465, 55512, 55522, 54554). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Wording in missing config from cluster response typo.
**What this PR does / why we need it**:
Resolves a typo in the response message for Kubeadm Upgrade Plan that results in the wording:
"Without this information, 'kubeadm upgrade' don't how to configure your upgraded cluster."
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
none
**Special notes for your reviewer**:
none
**Release note**:
```release-note
Correct wording of kubeadm upgrade response for missing ConfigMap.
```
Automatic merge from submit-queue (batch tested with PRs 54460, 55258, 54858, 55506, 55510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
redendancy code and error log message in cni
**What this PR does / why we need it**:
redendancy code and error log message in cni
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig-node
Automatic merge from submit-queue (batch tested with PRs 46581, 55426, 54849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver shutdown gracefully
**What this PR does / why we need it**:
apiserver shutdown gracefully and wait all non-long running requests finish before process exit.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#54793
**Special notes for your reviewer**:
remove waitGroup, use atomic to count.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55265, 54092, 55353, 53733, 55385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubadm/cmd: wording and punctuation fixes
**What this PR does / why we need it**:
This is a follow-up PR from me fixing more wording & punctuation in the `kubeadm/app/cmd` namespace. I think it makes the output shown to the user clearer and better formatted.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
Please let me know if you want anything amended. Certain things might be a subject to an argument, so if the maintainers want them kept the way they are ATM, i would comply.
**Release note**:
```release-note
NONE
```
Lubomir (VMware)
This patch contains wording, punctuation and capitalization fixes
for stdout messages in most kubeadm 'cmd' files.
Also includes changes in '/phases' and '/upgrade' for
consistency.
Signed-off-by: Lubomir I. Ivanov <lubomirivanov@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 55380, 55399, 55377, 55055). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: use the CRI for preflights checks
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
**What this PR does / why we need it**:
Add preflights checks to be performed using `crictl` and the kubernetes CRI instead of relying on docker.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/285
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: use the CRI for preflights checks
```
@luxas PTAL
Automatic merge from submit-queue (batch tested with PRs 55380, 55399, 55377, 55055). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use const instead of hard-code for kubeadm usages
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55380, 55399, 55377, 55055). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Make swap check as an error
**What this PR does / why we need it**:
Based on amount of support issues where warning about enabled
swap not noticed or ignored, it will be better to make this
check as an error.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
cc @luxas
attention @jpbetz : this change planned to be also cherrypicked to 1.8 branch.
/area kubeadm
/sig cluster-lifecycle
**Release note**:
```release-note
kubeadm now produces error during preflight checks if swap is enabled. Users, who can setup kubelet to run in unsupported environment with enabled swap, will be able to skip that preflight check.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use volumeutil.LoadPodFromFile for pod spec
**What this PR does / why we need it**:
Minor cleanup.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move core API to pkg/apis/core
Fixes https://github.com/kubernetes/kubernetes/issues/55304.
This moves the types in pkg/api and most of pkg/api/v1 to pkg/apis/core to match the other api groups, following-up on what https://github.com/kubernetes/kubernetes/pull/44784 did for the external types.
It's a nearly 100% mechanical package move with a number of trivial fixups in code-generators and in tests which do string comparisons of types via reflection.
**Most importantly:**
- group names are unchanged
- apimachinery semantics are unchanged
- the outside api is unchanged.
Note that some packages for helpers are left in pkg/api/v1. Splitting them into helpers which belong tightly to the api and those which are not is left to follow-ups.
@kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 54868, 52547). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove deprecated stale flags of kube-apiserver
**What this PR does / why we need it**:
These flags have been marked as deprecated for more than two years. This PR removes them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #8740
**Special notes for your reviewer**:
**Release note**:
```release-note
action required: Deprecated flags `--portal-net` and `service-node-ports` of kube-apiserver are removed.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Extended KubeletVersionCheck
**What this PR does / why we need it**:
KubeletVersionCheck now able to detect if kubelet version
is higher than control plane. As this might lead to malfunctional
cluster setups, kubeadm will give warning.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#496
**Special notes for your reviewer**:
/sig cluster-lifecycle
/area kubeadm
**Release note**:
```release-note
- kubeadm will produce error if kubelet too new for control plane
```
Automatic merge from submit-queue (batch tested with PRs 55247, 55324, 55261, 55147, 54052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement dummy device operation by netlink for ipvs proxier
**What this PR does / why we need it**:
Currently, we implement network interface operations, e.g. create a dummy device and delete a dummy interface via ip cmd and then collect the exist code. For example, we assume the following command:
```
ip link add kube-ipvs0 type dummy
```
returns 2 means the dummy device `kube-ipvs0` exists, see https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L1529 .
However, from the man page of ip command, exit status 2 just means an error was reported by the kernel, see http://man7.org/linux/man-pages/man8/ip.8.html#EXIT_STATUS.
So, that's a bug.
This PR implements dummy device operation by netlink for ipvs proxier so that can get ride of ip command operations.
**Which issue this PR fixes**:
fixes#54054
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
/kind bug
Automatic merge from submit-queue (batch tested with PRs 55247, 55324, 55261, 55147, 54052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Restore kube-proxy's support for 0 values for conntrack settings
**What this PR does / why we need it**: re-allow 0 values for kube-proxy conntrack min, max, max per core, tcp close wait timeout, tcp established timeout.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#50787
**Special notes for your reviewer**:
- I adjusted validation to allow for 0 values for some of the conntrack settings, as otherwise the "leave the limit as-is" logic wouldn't be allowed.
- I moved the loading of the config file from the cobra command's Validate method to Complete. This way, the config is fully resolved before validation happens. Otherwise, it just validates the default config values first, and _then_ the config is loaded.
- I think I got all the default values & nil checking correct, but please review carefully!
**Release note**:
```release-note
Restored kube-proxy's support for 0 values for conntrack min, max, max per core, tcp close wait timeout, and tcp established timeout.
```
Automatic merge from submit-queue (batch tested with PRs 55092, 55348, 55095, 55277, 55352). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix data race in TestCRD
Fix this race:
```
==================
WARNING: DATA RACE
Write at 0x00c42a845350 by goroutine 748:
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.TestCRD()
cmd/kube-apiserver/app/testing/server_test.go:257 +0x15da
testing.tRunner()
/root/.cache/bazel/_bazel_root/e9f728bbd90b3fba632eb31b20e1dacd/external/go_sdk/src/testing/testing.go:746 +0x16c
Previous write at 0x00c42a845350 by goroutine 481:
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.TestCRD.func2()
cmd/kube-apiserver/app/testing/server_test.go:250 +0x241
```
Related to #54095
Automatic merge from submit-queue (batch tested with PRs 55301, 55319, 54018, 55322, 55125). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for configmap resource lock type to CCM
**What this PR does / why we need it**:
Adds support for configmap resource locks which can be specified currently via CLI args to the CCM. Currently the `--leader-elect-resource-lock=configmaps` is ignored.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#55124
```release-note
Fix support for configmap resource lock type in CCM
```
/cc @wlan0 @luxas @andrewsykim
@prydie
Output after running with this flag.
```
$ kubectl -n kube-system get cm cloud-controller-manager -oyaml
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"<host>-external-cloud-controller","leaseDurationSeconds":15,"acquireTime":"2017-11-06T00:14:41Z","renewTime":"2017-11-06T00:17:54Z","leaderTransitions":0}'
creationTimestamp: 2017-11-06T00:14:41Z
name: cloud-controller-manager
namespace: kube-system
resourceVersion: "2548197"
selfLink: /api/v1/namespaces/kube-system/configmaps/cloud-controller-manager
uid: 7c4cfe24-c287-11e7-99e4-0000170192f0
```
Automatic merge from submit-queue (batch tested with PRs 55331, 55272, 55228, 49763, 55242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use versiond group clients from client-go
**What this PR does / why we need it**:
Some **Deprecated** group clients are still used, replace them with versioned group clients.
**Which issue this PR fixes**: fixes#49760
**Special notes for your reviewer**:
/assign @caesarxuchao
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54493, 52501, 55172, 54780, 54819). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add CoreDNS as feature in kubeadm
**What this PR does / why we need it**:
This PR adds CoreDNS as a DNS plugin via the feature-gate option in Kubeadm init.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Fixeskubernetes/features#427
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add an experimental mode to deploy CoreDNS instead of KubeDNS
```
/cc @johnbelamaric
KubeletVersionCheck now able to detect if kubelet version
is higher than control plane. As this might lead to malfunctional
cluster setups, kubeadm will give warning.
Fixes: kubernetes/kubeadm#496
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tolerate partial discovery in garbage collector
Allow the garbage collector to tolerate partial discovery failures. On a
partial failure, use whatever was discovered, log the failures, and
allow the resync logic to try again later.
Fixes#55022.
```release-note
API discovery failures no longer crash the kube controller manager via the garbage collector.
```
/cc @caesarxuchao
Allow the garbage collector to tolerate partial discovery failures. On a
partial failure, use whatever was discovered, log the failures, and
allow the resync logic to try again later.
Fixes#55022.
When kube-proxy was refactored to use a configuration file, the ability
to use 0 for conntrack min, max, max per core, and tcp timeouts was
inadvertently broken; if you specified 0, it would instead apply the
default value from defaults.go.
This change restores the ability to use 0 to mean 0.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 53592, 52562, 55175, 55213). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor kube-scheduler config API, command, and server setup
Refactor the kube-scheduler configuration API, command setup, and server setup according to the guidelines established in #32215 and using the kube-proxy refactor (#34727) as a model of a well factored component adhering to said guidelines.
* Config API: clarify meaning and use of algorithm source by replacing modality derived from bools and string emptiness checks with an explicit AlgorithmSource type hierarchy.
* Config API: consolidate client connection config with common structs.
* Config API: split and simplify healthz/metrics server configuration.
* Config API: clarify leader election configuration.
* Config API: improve defaulting.
* CLI: deprecate all flags except `--config`.
* CLI: port all flags to new config API.
* CLI: refactor to match kube-proxy Cobra command style.
* Server: refactor away configurator.go to clarify application wiring.
* Server: refactor to more clearly separate wiring/setup from running.
Fixes https://github.com/kubernetes/kubernetes/issues/52428.
@kubernetes/api-reviewers
@kubernetes/sig-cluster-lifecycle-pr-reviews
@kubernetes/sig-scheduling-pr-reviews
/cc @ncdc @timothysc @bsalamat
```release-note
The kube-scheduler command now supports a `--config` flag which is the location of a file containing a serialized scheduler configuration. Most other kube-scheduler flags are now deprecated.
```
Automatic merge from submit-queue (batch tested with PRs 53592, 52562, 55175, 55213). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Check RegisterMetricAndTrackRateLimiterUsage error when starting BootstrapSigner & TokenCleaner controllers
**What this PR does / why we need it**:
Prevent `BootstrapSigner` and `TokenCleaner` controllers to start if `metrics.RegisterMetricAndTrackRateLimiterUsage` returns an error.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: complements #53571
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53273, 55058, 55237, 50140). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: remove priority admission controller for v1.9
**What this PR does / why we need it**:
Removes Priority Admission Controller in kubeadm since it's currently in alpha.
**Release note**:
```release-note
Removes Priority Admission Controller from kubeadm since it's alpha.
```
cc @luxas
Automatic merge from submit-queue (batch tested with PRs 55214, 55166). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: don't create duplicate volume/mount
**What this PR does / why we need it**:
If certificates for etcd are located in the same directory or
subdirectories of kubernetes pki directory, don't create separate
volumes and mounts in manifests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#522
**Special notes for your reviewer**:
/sig cluster-lifecycle
/area kubeadm
**Release note**:
```release-note
NONE
```
Refactor the kube-scheduler configuration API, command setup, and server
setup according to the guidelines established in #32215 and using the
kube-proxy refactor (#34727) as a model of a well factored component
adhering to said guidelines.
* Config API: clarify meaning and use of algorithm source by replacing
modality derived from bools and string emptiness checks with an explicit
AlgorithmSource type hierarchy.
* Config API: consolidate client connection config with common structs.
* Config API: split and simplify healthz/metrics server configuration.
* Config API: clarify leader election configuration.
* Config API: improve defaulting.
* CLI: deprecate all flags except `--config`.
* CLI: port all flags to new config API.
* CLI: refactor to match kube-proxy Cobra command style.
* Server: refactor away configurator.go to clarify application wiring.
* Server: refactor to more clearly separate wiring/setup from running.
Fixes#52428.
Automatic merge from submit-queue (batch tested with PRs 55061, 55157, 55231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: remove scheme arg from NewUnsecuredEtcd3TestClientServer
Not necessary anymore.
This was broken because the API machinery defaulting mechanism couldn't differentiate between an unset value (which should default to 24 hours) and a value explicitly set to 0 (which should mean infinite).
The fix is to change `TokenTTL` from a `metav1.Duration` to `*metav1.Duration` so that `nil` can represent the unspecified value.
This bug was introduced in https://github.com/kubernetes/kubernetes/pull/48783.
Automatic merge from submit-queue (batch tested with PRs 53866, 54852, 55178, 55185, 55130). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm mount path '/lib/modules'
**What this PR does / why we need it**:
Kube-proxy need mount path '/lib/modules' to load kernel modules automatically inside the pod.
We already have this pr: #52003, for 'cluster/addons' and `saltbase'.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move KubeProxyConfiguration out of componentconfig API group
**What this PR does / why we need it**:
move KubeProxyConfiguration out of componentconfig API group
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53577
**Special notes for your reviewer**:
/cc @thockin @ncdc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove Google Cloud KMS's in-tree integration
Removes the following introduced by #48574 and others:
* `kms.go` which contained the cloudkms-specific code for Google Cloud KMS service.
* Registering the Google Cloud KMS in the KMS plugin registry.
* Google's `cloudkms` API package from `vendor` folder.
The following changes are upcoming:
* Removal of KMSPluginRegistry. This would not be needed anymore, since KMS providers will be out-of-tree from now on (so no need of registering them, an address of the process would be enough).
* A service which allows encrypt/decrypt functionality (satisfies `envelope.Service` interface) if initialized with an IP/Port of an out-of-tree process serving KMS requests. Will tentatively use gRPC requests to talk to this external service.
Reference: https://github.com/kubernetes/kubernetes/pull/54439#issuecomment-340062801 and https://github.com/kubernetes/kubernetes/issues/51965#issuecomment-339333937.
```release-note
Google KMS integration was removed from in-tree in favor of a out-of-process extension point that will be used for all KMS providers.
```
If certificates for etcd are located in the same directory or
subdirectories of kubernetes pki directory, don't create separate
volumes and mounts in manifests.
Fixeskubernetes/kubeadm#522
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop using the PersistentVolumeLabel admission controller in v1.9
**What this PR does / why we need it**:
Stop using the PersistentVolumeLabel admission controller in v1.9, as in v1.9, we're targeting out-of-tree cloud providers to be ready to use more generally as part of moving to beta.
**Which issue this PR fixes**:
fixeskubernetes/kubeadm#444
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: reset: use crictl to reset containers
@luxas PTAL
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
**What this PR does / why we need it**:
This patch makes kubeadm to try and reset containers using `crictl` first instead of docker. The reason is that kubeadm reset is ineffective with new container runtimes using the CRI (like CRI-O).
This patch uses `crictl` first and falls back to `docker` in case `crictl` isn't available.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix https://github.com/kubernetes/kubeadm/issues/508
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: reset: use crictl to reset containers
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds Support for Configurable Kubeadm Probes.
**What this PR does / why we need it**:
Allows kubeadm liveness probes to be configurable using extra args. Needed to provide deployment flexibility where services are not bound to `127.0.0.1`.
**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/473
**Special notes for your reviewer**:
Needed for IPv6 support.
/sig network
/area ipv6
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Workloads V1
**What this PR does / why we need it**: This PR promotes the Deployment, ReplicaSet, and DaemonSet StatefulSet, ControllerRevision kinds to the apps/v1 group version.
https://github.com/kubernetes/features/issues/353
**Special notes for your reviewer**:
There will be at least two followups to this PR. The first to add a scale sub-resource when the correct location is resolved, and the second to deal with Conditions in the workloads API.
While it would have been preferable to move the kinds individually providing a lesser burden on reviewers, this proved impracticable due to the intricacies of version resolution in kubectl for objects of the different kinds in the same group.
```release-note
DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version.
```
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve unit test coverage for kube-proxy configuration.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @ncdc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only parse ClusterCIDR, ServiceCIDR if AllocateNodeCIDRs
**What this PR does / why we need it**:
Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false. Add clarification in kube-controller-manager help about that.
**Release note**
```release-note
Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false.
```
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kube-proxy fall back to iptables firstly when unable to load kernel modules
**What this PR does / why we need it**:
Fix kube-proxy fall back to iptables firstly when unable to load kernel modules
**Which issue this PR fixes**:
fixes#54121
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/kind bug
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 55016, 50887). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
If command.Execute() return err, print to stdErr
The current kube-proxy not print error if (execute() failed) . not so good and not so friendly to user.
If print err to stdError, will show us why it failed.
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Lift embedded structure out of ManifestURLHeader field
Related: #53833
```release-note
It is now possible to set multiple manifest url headers via the Kubelet's --manifest-url-header flag. Multiple headers for the same key will be added in the order provided. The ManifestURLHeader field in KubeletConfiguration object (kubeletconfig/v1alpha1) is now a map[string][]string, which facilitates writing JSON and YAML files.
```
ClusterCIDR and ServiceCIDR are settings that are only used if at least
AllocateNodeCIDRs is set. The route controller requires in addition to
it for ConfigureCloudRoutes to be true as well. Since
AllocateNodeCIDRs is by default false, if guard the parsing of these
settings in order to not unnecessarily spam logs. Amend the
documentation of kube-controller-manager for the 2 settings to point
out the requirement of AllocateNodeCIDRs to be true as well
`golint` emits warnings
```
exported function OutDir should have comment or be unexported.
strings should not be capitalized or end with punctuation or a newline
```
- Add documentation comment to exported function OutDir.
- Remove newline from error string.
- Remove `hack\.golint_failures` entry for `cmd/genutils`
Automatic merge from submit-queue (batch tested with PRs 54894, 54630, 54828, 54926, 54865). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix kubelet startup args
**What this PR does / why we need it**:
There should not be space between memory and disk.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54894, 54630, 54828, 54926, 54865). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a syntax error in a comment
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm - Added initial support for Windows worker nodes to join cluster using kubeadm
**What this PR does / why we need it**:
This PR adds initial support for adding a Windows worker node to a Kubernetes cluster with kubeadm. Also adds Windows build of kubeadm to node build targets.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubeadm/issues/364
**Special notes for your reviewer**:
Depends on #53730
**Release note**:
```release-note
kubeadm: Add support for adding a Windows node
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
support kube-proxy ipvs mode for kubeadm
**What this PR does / why we need it**:
When using `kubeadm` to build a cluster, you can chose kube-proxy with ipvs mode by add flag `--kube-proxy-mode=ipvs`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52834
**Special notes for your reviewer**:
By default, use `iptables` mode.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add self-hosted etcd API to kubeadm
**What this PR does / why we need it**:
This PR is part of a larger set that implements self-hosted etcd. This PR takes a first step by adding:
1. new API types in `cmd/kubeadm/app/apis` for configuring self-hosted etcd
2. new Go types in `cmd/kubeadm/app/phases/etcd/spec` used for constructing EtcdCluster CRDs for the etcd-operator. The reason we define these in trunk is because kubeadm cannot import `github.com/coreos/etcd-operator` as a dependency until it's in its own repo. Until then, we need to redefine the structs in our codebase.
**Which issue this PR fixes**:
https://github.com/kubernetes/kubeadm/issues/261https://github.com/kubernetes/kubeadm/issues/277
**Special notes for your reviewer**:
This is the first step PR in order to save reviewers from a goliath PR
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Have we already bumped the minimum supported version to v1.8.0?
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Make it possible to configure volume mounts via the config file
**What this PR does / why we need it**:
Kubeadm mounts host CA certs into api server and controller manager. It uses `/etc/pki` and does not allow for the path to be configurable. This PR adds a default to `/etc/pki` but also allows a user to configure the path in the config file. In the case of using Container Linux, the CAs are located at `/usr/share/ca-certificates`, so without this PR the hardcoded `/etc/pki` path is used and will break, for example, the `--cloud-provider` flag because of missing CAs.
Fixes https://github.com/kubernetes/kubeadm/issues/484
Fixes https://github.com/kubernetes/kubeadm/issues/476
Fixes https://github.com/kubernetes/kubeadm/issues/441
/cc @luxas
Automatic merge from submit-queue (batch tested with PRs 54160, 54016). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix `kubeadm upgrade plan` for offline operation
**What this PR does / why we need it**:
This PR allows `kubeadm upgrade plan` to work in firewalled/offline/otherwise restricted environments by ignoring errors when trying to reach dl.k8s.io. Instead, we fall back to the current kubeadm version as the latest stable version. This is a reasonable as a user is [expected to install a recent version of kubeadm before upgrading](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm-upgrade-1-8/#upgrading-your-control-plane).
**Which issue this PR fixes**: Fixeskubernetes/kubeadm#498
**Special notes for your reviewer**: Should preferably be cherrypicked to 1.8.
```release-note
Fix `kubeadm upgrade plan` for offline operation: ignore errors when trying to fetch latest versions from dl.k8s.io
```
Automatic merge from submit-queue (batch tested with PRs 53796, 54666, 54516, 54625, 54704). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix TestCRD Flake
**What this PR does / why we need it**:
The DestroyFunc functions returned by generic.NewRawStorage is never
called when we do a StartTestServer() in the test suite. For a quick
hack for now, added TrackStorageCleanup/RegisterStorageCleanup and
CleanupStorage. Note that unless TrackStorageCleanup is called (which
is called only from the test suite) the other two methods are
no-ops essentially. So no change in behavior at runtime. This vastly
brings down the number of goroutines that are left behind when this
test is executed and should reduce if not eliminate the flakiness
of TestCRD
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate ipvs scheduler
**What this PR does / why we need it**:
validate ipvs scheduler options
**Which issue this PR fixes**:
closes#53975
**Special notes for your reviewer**:
It depends on work of #53780.
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
The DestroyFunc functions returned by generic.NewRawStorage is never
called when we do a StartTestServer() in the test suite. For a quick
hack for now, added TrackStorageCleanup/RegisterStorageCleanup and
CleanupStorage. Note that unless TrackStorageCleanup is called (which
is called only from the test suite) the other two methods are
no-ops essentially. So no change in behavior at runtime. This vastly
brings down the number of goroutines that are left behind when this
test is executed and should reduce if not eliminate the flakiness
of TestCRD
Automatic merge from submit-queue (batch tested with PRs 54644, 53072). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm swallowed errors
**What this PR does / why we need it**: Fixes nine swallowed errors in kubeadm, and adds descriptive error returns to Init.Run().
**Special notes for your reviewer**: I've resubmitted this PR after it required a rebase. Previously, I submitted this PR as https://github.com/kubernetes/kubernetes/pull/52591
```release-note NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Shutdown http handlers before shutting down audit backend
**What this PR does / why we need it**:
Currently, audit backend is shut down before http handlers stop processing requests, so some audit events can be dropped in case of batching webhook.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50781
**Special notes for your reviewer**:
**Release note**:
```release-note
Shutdown http handlers in kube-apiserver before shutting down audit backend.
```
Automatic merge from submit-queue (batch tested with PRs 54437, 54714, 54720). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds support for v4/v6 loopback dns bind address.
**What this PR does / why we need it**:
Previously, IPv4 Loopback addresses (127.0.0.1) were hard coded into the kubeadm dns deployment manifest. This PR adds support for using an IPv6 Loopback (::1) when the kube-dns Service IP is an IPv6 address.
**Special notes for your reviewer**:
Required for IPv6-only deployments.
**Release note**:
```NONE
```
/area ipv6
/sig network
Automatic merge from submit-queue (batch tested with PRs 54331, 54655, 54320, 54639, 54288). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updates kube-dns in kubeadm to 1.14.7
**What this PR does / why we need it**:
Adds support for the latest kube-dns image (1.14.7) introduced by https://github.com/kubernetes/kubernetes/pull/54443
**Special notes for your reviewer**:
Required for IPv6 support.
/area ipv6
/sig network
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 54331, 54655, 54320, 54639, 54288). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ability to do object count quota for all namespaced resources
**What this PR does / why we need it**:
- Defines syntax for generic object count quota `count/<resource>.<group>`
- Migrates existing objects to support new syntax with old syntax
- Adds support to quota all standard namespace resources
- Updates the controller to do discovery and replenishment on those resources
- Updates unit tests
- Tweaks admission configuration around quota
- Add e2e test for replicasets (demonstrate dynamic generic counting)
```
$ kubectl create quota test --hard=count/deployments.extensions=2,count/replicasets.extensions=4,count/pods=3,count/secrets=4
resourcequota "test" created
$ kubectl run nginx --image=nginx --replicas=2
$ kubectl describe quota
Name: test
Namespace: default
Resource Used Hard
-------- ---- ----
count/deployments.extensions 1 2
count/pods 2 3
count/replicasets.extensions 1 4
count/secrets 1 4
```
**Special notes for your reviewer**:
- simple object count quotas no longer require writing code
- deferring support for custom resources pending investigation about how to share caches with garbage collector. in addition, i would like to see how this integrates with downstream quota usage in openshift.
**Release note**:
```release-note
Object count quotas supported on all standard resources using `count/<resource>.<group>` syntax
```
Automatic merge from submit-queue (batch tested with PRs 51409, 54616). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Generate kubeadm referencedoc and man pages
**What this PR does / why we need it**:
Improve kubeadm reference doc and start generating kubeadm man pages.
With this PR, also kubeadm will start following the same approach used by other tools
**Which issue this PR fixes**
initial work for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
This [document](https://docs.google.com/document/d/1w22y-C1YD1mmqqETxrQrCLnJpzwttscanddgvfYceYY/edit?usp=sharing) contains the design proposal for how to implement this goal, that will be implemented partially in https://github.com/kubernetes/kubernetes (this PR) and partially in https://github.com/kubernetes/website
In order to keep the PR as small and clean possible I didn't generated new placeholders files under `/docs/man` and `/docs/admin` at this stage. If this is necessary, I will do this later in this PR or eventually in another PR; however, if this is not strictly necessary, IMO we should avoid to pollute this repo with placeholders to file that are maintained in another repo.
cc @kubernetes/sig-docs-maintainers @Bradamant3 @heckj
Automatic merge from submit-queue (batch tested with PRs 54419, 53545). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
change alpha-endpoint-reconciler-type argument to endpoint-reconciler-type
**What this PR does / why we need it**: Tweaks the endpoint reconciler argument to remove 'alpha', because according to this [comment](https://github.com/kubernetes/kubernetes/pull/50984#discussion_r146290402) we are preferring to document the flags.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53730, 51608, 54459, 54534, 54585). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
RBD Plugin: Implement Attacher/Detacher interfaces.
**What this PR does / why we need it**:
This PR continues @rootfs 's work in #33660. It implements volume.Attacher/Volume.Detacher interfaces to resolve RBD image locking and makes RBD plugin more robust.
Summary of interfaces and what they do for RBD plugin:
- Attacher.Attach(): does nothing
- Attacher.VolumesAreAttached(): method to query volume attach status
- Attacher.GetDeviceMountPath(): method to get device mount path
- Attacher.WaitForAttach(): kubelet maps the image on the node (and lock the image if needed)
- Attacher.MountDevice(): kubelet mounts device at the device mount path
- Detacher.UnmountDevice: kubelet unmounts device from the device mount path (currently, we need to unmaps image from the node here) (and unlock the image if needed)
- Detacher.Detach(): does nothing
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes#50142.
**Special notes for your reviewer**:
RBD changes:
1) Modify rbdPlugin to implement volume.AttachableVolumePlugin interface.
2) Add rbdAttacher/rbdDetacher structs to implement
volume.Attacher/Detacher interfaces.
3) Add mount.SafeFormatAndMount/mount.Exec fields to rbdPlugin, and setup them in
rbdPlugin.Init for later uses. Attacher/Mounter/Unmounter/Detacher
reference rbdPlugin to use mounter and exec. This simplifies
code.
4) Add testcase struct to abstract RBD Plugin test case, etc.
5) Add newRBD constructor to unify rbd struct initialization.
Non-RBD changes:
1) Fix FakeMounter.IsLikelyNotMountPoint to return ErrNotExist if the
directory does not exist. Mounter.IsLikelyNotMountPoint interface
requires this, and RBD plugin depends on it.
2) ~~Extend Detacher.Detach method to pass `*volume.Spec`, RBD plugin
needs it to detach device from the node.~~
3) ~~Extend Volume.Spec struct to include namespace string, RBD Plugin needs
it to locate objects (e.g. secrets) in Pod's namespace.~~
4) ~~Update RABC bootstrap policy to allow
`system:controller:attachdetach-controller` cluster role to get
Secrets object. RBD attach/detach needs to access secrets object in
Pod's namespace.~~
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove federation
This PR removes the federation codebase and associated tooling from the tree.
The first commit just removes the `federation` path and should be uncontroversial. The second commit removes references and associated tooling and suggests careful review.
Requirements for merge:
- [x] Bazel jobs no longer hard-code federation as a target ([test infra #4983](https://github.com/kubernetes/test-infra/pull/4983))
- [x] `federation-e2e` jobs are not run by default for k/k
**Release note**:
```release-note
Development of Kubernetes Federation has moved to github.com/kubernetes/federation. This move out of tree also means that Federation will begin releasing separately from Kubernetes. The impact of this is Federation-specific behavior will no longer be included in kubectl, kubefed will no longer be released as part of Kubernetes, and the Federation servers will no longer be included in the hyperkube binary and image.
```
cc: @kubernetes/sig-multicluster-pr-reviews @kubernetes/sig-testing-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
correct the kubeDeps.Cloud instead of kcfg.Cloud
**What this PR does / why we need it**:
default to hostname if kubeDeps.Cloud == nil not kcfg.Cloud
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53000, 52870, 53569). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow running kube-apiserver without specifing service-cluster-ip-range
**What this PR does / why we need it**:
The flag service-cluster-ip-range has a default value which is not used by kube-apiserver, causing errors when people rely on that default value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52695
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed a bug which is causes kube-apiserver to not run without specifying service-cluster-ip-range
```
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move webhook admission to generic apiserver
This builds on https://github.com/kubernetes/kubernetes/pull/54414.
It moves the admission webhook into the generic apiserver. It also allows the injection of a server managed way to override the rest.Config used for a particular service. This makes for an easier point to allow auto-configuration of the kube-apiserver to loopback to itself as a special case for kubernetes.default.svc.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
the generic admission webhook is now available in the generic apiserver
```
Automatic merge from submit-queue (batch tested with PRs 54593, 54607, 54539, 54105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add HA feature gate and minVersion validation
**What this PR does / why we need it**:
As we add more feature gates, there might be occasions where a feature is only available on newer releases of K8s. If a user makes a mistake, we should notify them as soon as possible in the init procedure and not them go down the path of hard-to-debug component issues.
Specifically with HA, we ideally need the new `TaintNodesByCondition` (added in v1.8.0 but working in v1.9.0).
**Which issue this PR fixes:**
kubernetes/kubeadm#261kubernetes/kubeadm#277
**Release note**:
```release-note
Feature gates now check minimum versions
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @luxas @timothysc
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
import-verifier: use yaml for inline comments
For iterative cutting of dependencies, we will have temporary execeptions
in hack/import-restrictions.json. In order to document that, comments would
help a lot and using yaml is simple and gives us that.
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add scheduling.k8s.io to apiVersionPriorities
**What this PR does / why we need it**:
add scheduling.k8s.io to apiVersionPriorities
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53392
**Special notes for your reviewer**:
/assign @bsalamat
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kube-proxy panic on cleanup
**What this PR does / why we need it**:
Set the execer properly when we initialize ProxyServer or we will
end up with a panic.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#54305
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53760, 48996, 51267, 54414). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update admission webhook to handle multiple auth domains
Fixes https://github.com/kubernetes/kubernetes/issues/54404
Adds some wiring to have the admission plugin accept a config file for per-apiserver configuration.
@kubernetes/sig-auth-api-reviews @deads2k @ericchiang @liggitt in particular
@kubernetes/sig-api-machinery-pr-reviews @lavalamp @caesarxuchao @sttts @cheftako
```release-note
generic webhook admission now takes a config file which describes how to authenticate to webhook servers
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a grammatical problem in a comment
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
1) Modify rbdPlugin to implement volume.AttachableVolumePlugin
interface.
2) Add rbdAttacher/rbdDetacher structs to implement
volume.Attacher/Detacher interfaces.
3) Add mount.SafeFormatAndMount/mount.Exec fields to rbdPlugin, and
setup them in rbdPlugin.Init for later uses.
Attacher/Mounter/Unmounter/Detacher reference rbdPlugin to use mounter
and exec. This simplifies code.
4) Add testcase struct to abstract RBD Plugin test case, etc.
5) Add newRBD constructor to unify rbd struct initialization.
Automatic merge from submit-queue (batch tested with PRs 54327, 54433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate the SSH Tunneling functionality in API Server
#
**What this PR does / why we need it**:
As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Related to #54076
**Special notes for your reviewer**:
Please see discussion on mailing list:
https://groups.google.com/d/msg/kubernetes-sig-api-machinery/bwJJ93qA99o/pRTVFaIlBAAJ
**Release note**:
```release-note
kube-apiserver: `--ssh-user` and `--ssh-keyfile` are now deprecated and will be removed in a future release. Users of SSH tunnel functionality used in Google Container Engine for the Master -> Cluster communication should plan to transition to alternate methods for bridging master and node networks.
```
As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.
With this change, `ssh-user` and `ssh-keyfile` are now considered deprecated
and we can remove it in the future. This means that SSH tunnel functionality
used in Google Container Engine for the Master -> Cluster communication
will no longer be available in the future.
Automatic merge from submit-queue (batch tested with PRs 52479, 53956). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Register sync proxy rules latency metrics in app level
**What this PR does / why we need it**:
IMO, should may should register proxy metrics in app level instead of in specific proxy mode, e.g. iptables, ipvs, winkernel...
By registering sync proxy rules latency metrics in app level, we can reuse codes among different proxiers.
**Which issue this PR fixes**:
closes#53957
**Special notes for your reviewer**:
@wojtek-t What do you think about it?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: remove the --network-plugin-dir flag
**What this PR does / why we need it**:
This flag has been replaced with `--cni-bin-dir`, and has been deprecated in Kubernetes 1.7.
It is safe to remove in Kubernetes 1.9 according to the deprecation policy.
**Which issue this PR fixes**: fixes#46410
**Special notes for your reviewer**:
/assign @mtaufen @freehan @dchen1107
**Release note**:
```release-note
Remove the --network-plugin-dir flag.
```
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Polymorphic Scale Client
This PR introduces a polymorphic scale client based on discovery information that's able to scale scalable resources in arbitrary group-versions, as long as they present the scale subresource in their discovery information.
Currently, it supports `extensions/v1beta1.Scale` and `autoscaling/v1.Scale`, but supporting other versions of scale if/when we produce them should be fairly trivial.
It also updates the HPA to use this client, meaning the HPA will now work on any scalable resource, not just things in the `extensions/v1beta1` API group.
**Release note**:
```release-note
Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group.
```
Unblocks #29698
Unblocks #38756
Unblocks #49504Fixes#38810
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Warn user if Pod/Service networks will be accessed via proxy.
**What this PR does / why we need it**:
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm will warn users if access to IP ranges for Pods or Services will be done via HTTP proxy.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
addons/dns: changing probes for ANY IP record type
Signed-off-by: André Martins <aanm90@gmail.com>
**What this PR does / why we need it**:
Changes the kube-dns probes to ANY IP record to solve kube-dns probes failures when kubernetes master is running with an IPv6 only address.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51371
/sig network
/area ipv6
Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm should check for bridge-nf-call-ip6tables
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
**What this PR does / why we need it**:
Curently Kubeadm checks that bridge-nf-call-iptables is set to 1, but does not check
for bridge-nf-call-ip6tables. When using IPv6, kubeadm should check that this is set.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53013
**Special notes for your reviewer**:
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm-reset: notify about a non-default certificates directory
**What this PR does / why we need it**:
The `kubeadm reset` command requires super-user access.
When passing non-default path to the `kubeadm reset` command via `--cert-dir `, the user should be at least warned that a non-standard directory is being cleaned completely.
**Which issue this PR fixes**
/approve no-issue
**Special notes for your reviewer**:
If you think that this can be amended (or even improved as a whole) in some way, please let me know.
**Release note**:
```release-note
Make sure that "kubeadm reset" notifies about cleaning the directory specified by "--cert-dir" with a warning.
```
Lubomir I. Ivanov (VMWare)
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
Automatic merge from submit-queue (batch tested with PRs 53809, 54244, 54142). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm/cmdutil.go: improve ValidateExactArgNumber()
**What this PR does / why we need it**:
This patch makes small changes in
ValidateExactArgNumber():
- Use a variable for the length of supported arguments
- Return an error early if the number of valid arguments
exceeds the number of supported arguments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
none
**Special notes for your reviewer**:
none
**Release note**:
```release-note
NONE
```
Lubomir (VMware)
This updates the HPA controller to use the polymorphic scale client from
client-go. This should enable HPAs to work with arbitrary scalable
resources, instead of just those in the extensions API group (meaning we
can deprecate the copy of ReplicationController in extensions/v1beta1).
It also means that the HPA controller now pays attention to the
APIVersion field in `scaleTargetRef` (more specifically, the group part
of it).
Note that currently, discovery information on which resources are
available where is only fetched once (the first time that it's
requested). In the future, we may want a refreshing discovery REST
mapper.
This patch makes small changes in
ValidateExactArgNumber():
- Use a variable for the length of supported arguments
- Return an error early if the number of valid arguments
exceeds the number of supported arguments
Signed-off-by: Lubomir I. Ivanov <lubomirivanov@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme
This serves as
- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
left depenncies.
The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
Automatic merge from submit-queue (batch tested with PRs 53696, 54059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint warnings for useless err checks.
**What this PR does / why we need it**:
This check was recently added to golint.
**Which issue this PR fixes**
Related to #37254
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Duplicate a constant - LabelNodeRoleMaster
**What this PR does / why we need it**:
Per request from @luxas in 53458, to avoid cmd/kubeadm to
depend on pkg/controller/service. Added a comment to make
this clear.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make HPA tolerance a flag
**What this PR does / why we need it**:
Make HPA tolerance configurable as a flag. This change allows us to use
different tolerance values in production/testing.
**Which issue this PR fixes**:
Fixes#18155
**Release note:**
```release-note
Control HPA tolerance through the `horizontal-pod-autoscaler-tolerance` flag.
```
Signed-off-by: mattjmcnaughton <mattjmcnaughton@gmail.com>
The client cert manager uses the most recent cert to request new
certificates. If that certificate is expired, it will be unable to
complete new CSR requests. This commit alters the manager to force
process exit if no further client cert rotation is possible, which
is expected to trigger a restart of the kubelet and either a
re-bootstrap from the bootstrap kubeconfig or a re-read of the
current disk state (assuming that some other agent is managing the
bootstrap configuration).
This prevents the Kubelet from wedging in a state where it cannot make
API calls.
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unit test for cloud-controller-manager
**What this PR does / why we need it**:
Add more unit test for coud-controller-manager
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken links in kubeadm after moving proposals to subdirs
**What this PR does / why we need it**:
fix incorrect links in kubeadm after kubernetes/community#1010
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes/community#918
**Special notes for your reviewer**:
CC @bgrant0607
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53763, 53917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove the old Kubelet TLS Bootstrapping mode
**What this PR does / why we need it**:
As part of 1.9 clean up, remove old TLS Bootstrapping mode.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixeskubernetes/kubeadm#447
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken url
**What this PR does / why we need it**:
I install kubernetes with kubeadm. after kubeadm init, need to install podnetwork with addons. but the output of 'kubeadm init' is to broken url. fix it is available.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53783, 53175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add Priority to admission control
**What this PR does / why we need it**:
Adds Priority admission control to kubeadm for all kubernetes versions > v1.9 alpha.
Related: https://github.com/kubernetes/kubernetes/pull/49322
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubeadm/issues/434
**Special notes for your reviewer**:
**Release note**:
```release-note
Enable Priority admission control in kubeadm.
```
cc @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix pkg/ depends on cmd/ problems
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Partial fix for https://github.com/kubernetes/kubernetes/issues/53341
**Special notes for your reviewer**:
No logic changes, Just moving things around
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52883, 52183, 53915, 53848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE kube-up] Don't provision kubeconfig file for kube-proxy service account
**What this PR does / why we need it**:
Offloading the burden of provisioning kubeconfig file for kube-proxy service account from GCE startup scripts. This also helps us decoupling kube-proxy daemonset upgrade from node upgrade.
Previous attempt on https://github.com/kubernetes/kubernetes/pull/51172, using InClusterConfig for kube-proxy based on discussions on https://github.com/kubernetes/client-go/issues/281.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei @thockin
cc @luxas @murali-reddy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51840, 53542, 53857, 53831, 53702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
refactor NewCmdJoin function
**What this PR does / why we need it**:
refactor NewCmdJoin function to make the code more readable and concision
1、split the function into several small function
2、extract the big variable from the function
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Release note**:
```release-note
NONE
```
Lucas Käldström