Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Restore help for --service-account-private-key-file flag, avoid incorrect deprecation notice
https://github.com/kubernetes/kubernetes/pull/60270/files#diff-fc9db90cc6b68d7c3ca838a8512447e9R61 incorrectly merged the ServiceAccountKeyFile flag used by the cloud controller manager (deprecated and scheduled to be removed in 1.10), and the one used by the kube-controller-manager (not deprecated, still supported)
This made the help for the supported flag disappear from 1.11 help output.
This PR:
* moves the option to the service account controller options
* removes the incorrect deprecation notice
* drops the option from the cloud-controller-manager
```release-note
The deprecated `--service-account-private-key-file` flag has been removed from the cloud-controller-manager. The flag is still present and supported in the kube-controller-manager.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use kubernetes image repo for coredns
Fixes#927
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
use the coredns image from the k8s image repository when building a cluster with kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#927
```release-note
NONE
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/assign @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix an upgrading issue wrt the dynamic kubelet dropin
**What this PR does / why we need it**:
At the moment (will change), this PR does two things:
- Makes `kubeletphase.WriteKubeletDynamicEnvFile` run at upgrade time if needed for making v1.10 -> v1.11 upgrades work end to end
- Fixes so that `--dry-run` works smoothly on `init/upgrade` ==> separate PR
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/kind bug
/priority critical-urgent
/status approved-for-milestone
/assign @timothysc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm init/upgrade --dry-run mode
**What this PR does / why we need it**:
Split out from https://github.com/kubernetes/kubernetes/pull/65104.
Fixes `kubeadm init --dry-run` and `kubeadm upgrade apply [version] --dry-run`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 64796, 65068). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm taints to not override existing node taints
**What this PR does / why we need it**:
If a node has existing taints they are being replaced with taints from the kubeadm config.
An example of this is that the `uninitialized` taint that kubelet sets for external cloud provider is being removed, and replaces with the master taint if set, or removed leaving the nodes taints empty if `noTaintMaster=true` .
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CRD Test: Fix resource creation/deletion for multi-version CRDs
During CRD testing setup, a setup instance CRD is created and watched to make sure the watch cache is prime. The deletion watch event for this instance can result in test failure for any watch test as they expect exact watch events. Previous code did not take multiple versioned CRDs into account. This change will make sure we wait for deletion for all versions before continue with any test.
@sttts @liggitt
Fixes#64571
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: fix concurrent map access copying items' ObjectMeta in UnstructuredList
The list endpoint sets the self-link. If we do not create a (shallow) copy of ObjectMeta this will mutate the cached objects.
Background: native objects like PodList have a `Items []Pod` field which implicitly shallow-copies ObjectMeta. UnstructuredList only shallow-copies Unstructured, but shares all the JSON data including ObjectMeta, i.e. the Object pointer points to the value in the cache.
Fixes https://github.com/kubernetes/kubernetes/issues/59478
Automatic merge from submit-queue (batch tested with PRs 64838, 65138). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use case-sensitive json-iter to decode custom resource ObjectMeta
found one additional spot where case-insensitivity could bite us. uses the case-sensitive decode added in https://github.com/kubernetes/kubernetes/pull/65034
/assign @sttts
/cc @caesarxuchao
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding summary metric for scheduling latency
**What this PR does / why we need it**:
Re-introduces histogram metrics for the backward compatibility.
Changes SchedulingLatency metric to satisfy prometheus best practice.
ref #64316
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
iptables proxier_test typo
**What this PR does / why we need it**:
The definition of `makeTestService` is
```
func makeTestService(namespace, name string, svcFunc func(*api.Service)) api.Service {
...
}
```
but in function `TestClusterIPReject`, use
makeTestService(svcPortName.Namespace, svcPortName.`Namespace`, func(svc *api.Service)
should be
makeTestService(svcPortName.Namespace, svcPortName.`Name`, func(svc *api.Service)
I think it's a typo
/area kube-proxy
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
Automatic merge from submit-queue (batch tested with PRs 64272, 64630). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Fix operation polling and error handling
Cloud functions using the generated API are bursting operation GET calls because we don't wait a minimum amount of time.
Fixes#64712Fixes#64858
**Changes**
- `operationPollInterval` is now 1.5 seconds instead of 3 seconds.
- `operationPollRateLimiter` is now configured with 5 QPS / 5 burst instead of 10 QPS / 10 burst.
- `gceRateLimiter` is now configured with a `MinimumRateLimiter` to wait the above `operationPollInterval` duration _before_ waiting on the token rate limiter.
- Operations are now rate limited on the very first GET call.
- Operations are polled until `DONE` or context times out (even if operations.get fails continuously).
- Compute operations are checked for errors when they're recognized as `DONE`.
- All "wrapper" funcs now generate a context with an hour timeout.
`ingress-gce` will need to update its vendor and utilize the `MinimumRateLimiter` as well. Since ingress creates rate limiters based off flags, we'll need to check the resource type and operation while parsing the flags and wrap the appropriate one.
**Special notes for your reviewer**:
/assign bowei
/cc bowei
**Fix Example**
Creating an external load balancer
without fix: https://pastebin.com/raw/NNkeNWS3
with fix: https://pastebin.com/raw/x2iMLW5S (a difference of about 200 GET calls)
**Release note**:
```release-note
GCE: Fixes operation polling to adhere to the specified interval. Furthermore, operation errors are now returned instead of ignored.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-use private key after failed CSR
**What this PR does / why we need it**:
This fixes a regression introduced in 1.11.
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
**Release note**:
```release-note
NONE
```
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add kms-plugin-container.manifest to release manifest tarball.
**What this PR does / why we need it**:
cluster/gce/manifests/kms-plugin-container.manifest needs to be included into the manifests' release tarball.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dockershim/network: add dcbw to OWNERS as an approver
I've been involved with the kubelet network code, including most
of this code, for a couple years and contributed a good number
of PRs for these directories. I've also been a SIG Network
co-lead for couple years.
I've also been on the CNI maintainers team for a couple years.
```release-note
NONE
```
@freehan @thockin @kubernetes/sig-network-pr-reviews
Lucas Käldström