Automatic merge from submit-queue (batch tested with PRs 62481, 62643, 61877, 62515). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add write-config-to to scheduler
**What this PR does / why we need it**:
Scheduler should be able to write its default configure to file. This actually applies to all components which claims options other than `--config` will be deprecated.
Otherwise, users will be super confused to find out how to write a proper config file to these components.
See: https://stackoverflow.com/questions/47966440/how-to-create-a-config-file-for-kube-scheduler-to-use-by-the-config-argument
ref: #52562
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58805
Usage:
```bash
./_output/bin/kube-scheduler --write-config-to /tmp/kube-scheduler.yaml
```
**Special notes for your reviewer**:
This should have been fixed several releases ago, so lets include it in 1.11
**Release note**:
```release-note
Add write-config-to to scheduler
```
Automatic merge from submit-queue (batch tested with PRs 62481, 62643, 61877, 62515). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Not validating front proxy CA Key when using External CA.
**What this PR does / why we need it**:
"That the front ca key is not required as the front proxy client tls keypair can be managed by the third party." This PR don't validate the front CA Key but check if it already exists.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/752
**Special notes for your reviewer**:
@yanndegat @timothysc @stealthybox @fabriziopandini
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62481, 62643, 61877, 62515). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm preflight: check CRI socket path if defined or docker service otherwise
**What this PR does / why we need it**:
Currently, running `kubeadm init` without Docker installed will cause the `Service-Docker` preflight check to fail even when another CRI is installed and the CRI socket specified. This changes the preflight checks to check the CRI socket if specified, and falling back to checking the Docker service otherwise. Additionally, this deduplicates common checks between `kubeadm init` and `kubeadm join` to ensure that similar preflight checks stay in-sync going forward.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubeadm/issues/657 - it still has the same behavior on joins
Fixes # https://github.com/kubernetes/kubeadm/issues/749 - will check the CRI socket if specified and skip the Docker service check
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm preflight: check CRI socket path if defined, otherwise check for Docker
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Link to vulnerabilitiy disclosure process from the issue template
Inspired by BSidesSF talk where the presenter told a story of not knowing about the disclosure process when they opened a (public) issue.
/cc @philips @liggitt @jessfraz @cjcullen
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix up and use record flags
This pull starts a genericclioptions package with a dependency enforcer to ensure that we have no kube/kube links. It makes the recordflags nil-able and still behave as expected. And it also updates several commands to use the record flags.
@kubernetes/sig-cli-maintainers @soltysh @juanvallejo
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: move patch tests to their own file
**What this PR does / why we need it**: Create a new file to test patch handler.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62694, 62569, 62646, 61633, 62433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add GCE-PD CSI Driver test to E2E test suite
Fixes: #60462
/sig storage
/kind technical-debt
/assign @saad-ali @msau42
**What this PR does / why we need it**:
This PR adds an E2E test for the GCE-PD CSI driver that deploys the driver in a production-like setting and tests whether dynamic provisioning with the driver is possible.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62694, 62569, 62646, 61633, 62433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Patch for #61632, add `/etc/sysconfig/kublet` and supporting wiring.
**What this PR does / why we need it**:
These are just simple config structure changes to better meet expectations for RHEL users. Helps `KUBELET_EXTRA_ARGS` parameters more easily survive across version upgrades without requiring manual merge of the service file.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61632
**Special notes for your reviewer**:
It may be beneficial to give this treatment to other `systemd`-based systems, but I do not have the intellectual authority to do so.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 62694, 62569, 62646, 61633, 62433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Report events to apiserver in local volume plugin.
**What this PR does / why we need it**:
See https://github.com/kubernetes/kubernetes/pull/62102#discussion_r179238429.
Report events to apiserver in local volume plugin.
- Add VolumeHost.GetEventRecorder() method
- Add related e2e tests
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62248
**Special notes for your reviewer**:
Example output of `kubectl describe pods`:
```
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7s default-scheduler Successfully assigned e2e-tests-persistent-local-volumes-test-x4h5x/security-context-670da435-4174-11e8-9098-000c29bb0377 to 127.0.0.1
Warning AlreadyMountedVolume 7s kubelet, 127.0.0.1 The requested fsGroup is 4321, but the volume local-pvfbb76 has GID 1234. The volume may not be shareable.
Normal SuccessfulMountVolume 7s kubelet, 127.0.0.1 MountVolume.SetUp succeeded for volume "default-token-996xr"
Normal SuccessfulMountVolume 7s kubelet, 127.0.0.1 MountVolume.SetUp succeeded for volume "local-pvfbb76"
Normal Pulled 6s kubelet, 127.0.0.1 Container image "k8s.gcr.io/busybox:1.24" already present on machine
Normal Created 6s kubelet, 127.0.0.1 Created container
Normal Started 6s kubelet, 127.0.0.1 Started container
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62694, 62569, 62646, 61633, 62433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
wire printflags through run cmd
**Release note**:
```release-note
NONE
```
Adds PrintFlags to `run` command.
cc @soltysh @deads2k
Automatic merge from submit-queue (batch tested with PRs 62694, 62569, 62646, 61633, 62433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use filepath.Clean() instead of path.Clean()
**What this PR does / why we need it**:
Use filepath.Clean() instead of path.Clean() across `pkg/volume`. This could fix potential issues for windows containers.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
followup of #62375.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @msau42
Automatic merge from submit-queue (batch tested with PRs 62445, 62768, 60633). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Local up cluster enhancements
**What this PR does / why we need it**:
Networking in a cluster brought up by hack/local-up-cluster.sh was broken because kube-proxy fails to start: connectivity to the Internet is okay, but anything involving communication among services (for example, starting cluster DNS) fails.
Debugging this took a while because there was no indication in the output of hack/local-up-cluster.sh that something had gone wrong. There were also some harmless "no such process" errors during cleanup.
The kube-proxy startup issue was fixed in parallel by PR #60431 but that fix turned out to be incomplete, so this PR uses a different approach, suppresses the harmless error messages (caused by a race) and also makes it more obvious when processes die by checking them regularly.
**Special notes for your reviewer**:
I used
KUBE_ENABLE_CLUSTER_DNS=true NET_PLUGIN=kubenet hack/local-up-cluster.sh -O
to start the cluster. Check the kube-dns pod and its logs to see how kube-dns fails to communicate with the API server.
I've left out health checking of kubelet when run under Docker because that isn't something that I have used myself yet and I wanted to send the enhancements without further delays. I can try to add that later once you agree that such a health check is useful.
**Release note**:
```release-note
fix network setup in hack/local-up-cluster.sh (https://github.com/kubernetes/kubernetes/pull/60431)
better error diagnostics in hack/local-up-cluster.sh output
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes failing job back off test
**What this PR does / why we need it**:
The test `TestJobBackoff` is always failing on my local environment.
After debugging, I find that it is caused by `fakeRateLimitQueue` in which the `Forget` call should have delete the key entry from the queue. But actually it is doing nothing.
IDK why upstream test is running successfully all the time. Am I missing sth?
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add validation in kubectl create if no file in directory
**What this PR does / why we need it**:
if no yaml or json file in a directory
```
# ./cluster/kubectl.sh create -f ../0/1 --dry-run
pod "nginx" created (dry run)
# ./cluster/kubectl.sh create -f ../0
error: You must provide one or more resources by argument or filename.
Example resource specifications include:
'-f rsrc.yaml'
'--filename=rsrc.json'
'<resource> <name>'
'<resource>'
```
expected:
```
# ./cluster/kubectl.sh create -f ../0
error: error reading [../0]: please make sure the file extension is [.json .yaml .yml]
```
**Which issue this PR fixes**: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use a dynamic RESTMapper for admission plugins
**What this PR does / why we need it**:
This change updates the REST mapper used by all admission plugins to be backed by cached discovery information. This cache is updated every ten seconds via a post start hook and will not attempt to update on calls to `RESTMapping`. It solely relies on the hook to keep the cache in sync with discovery.
This prevents issues with the `OwnerReferencesPermissionEnforcement` admission plugin when it is used with custom resources that set `blockOwnerDeletion`.
**Which issue(s) this PR fixes**:
`Fixes #...`
**Special notes for your reviewer**:
There are probably other ways the post start hook could be wired.
**Release note**:
```release-note
NONE
```
Signed-off-by: Monis Khan <mkhan@redhat.com>
@kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue (batch tested with PRs 60201, 62744). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubectl describe cronjob
CronJob describer was attempting to use the internal batch clientset, which speaks to the batch/v1 API group. CronJobs do not exist in that API group.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix error message of TokenRequest
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/62020
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @mikedanese
Automatic merge from submit-queue (batch tested with PRs 62378, 62734). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add `snapfactor` storageclass parameter for GlusterFS provisioner.
This patch add a new parameter called `snapfactor` to glusterfs
storageclass. This is an optional parameter and value should
fall into the range of 1-100. When set the thin pool calculation
respect this snapfactor and create a thinpool accordingly.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add prometheus cluster monitoring addon.
This PR adds new cluster monitoring addon based on prometheus.
It adds prometheus deployment with e2e tests.
Additional components will be added iterativly in future.
Manifests based on current Helm chart.
At current state it's not intended for production use.
cc @piosz @kawych @miekg
```release-note
Add prometheus cluster monitoring addon to kube-up
```
/sig instrumentation
/kind feature
/priority important-soon
storageclass. This is an optional parameter and value should
fall into the range of 1-100. When set the thin pool calculation
respect this snapfactor and create a thinpool accordingly.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 62761, 62715). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix inter-pod anti-affinity check to consider a pod a match when all the anti-affinity terms match
**What this PR does / why we need it**:
Inter-pod anti-affinity check used to incorrectly consider a pod a match when any of the anti-affinity terms matched the pod. This PR fixes the logic to consider a pod a match when all the terms match the pod.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62567
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix inter-pod anti-affinity check to consider a pod a match when all the anti-affinity terms match.
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix extra-log flag for node e2e.
Similar with https://github.com/kubernetes/kubernetes/pull/62670.
Without this, test-infra can't collect extra logs, such as contianerd log.
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Bump GLBC manifest to v1.1.1
**Special notes for your reviewer**:
/assign bowei
/cc bowei
/cc rramkumar1
**Release note**:
```release-note
GCE: Bump GLBC version to 1.1.1 - fixing an issue of handling multiple certs with identical certificates
```
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix NPD preload.
Fix NPD preload.
NPD preload information is:
```
node-problem-detector-v0.4.1.tar.gz,a57a3fe64cab8a18ec654f5cef0aec59dae62568
```
@shiliangxue Do we need to cherrypick this?
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[vSphere Cloud Provider] Fix detach disk when VM is not found
**What this PR does / why we need it**:
When VM is deleted from VC inventory and detach request is issued detach returns error since VM cannot be found. In this scenario, detach should return no error if VM is not found. This PR fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61707.
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
@kubernetes/vmware
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm upgrade same version
What this PR does / why we need it:
When kubeadm 1.10 came out, it inadvertently introduced a backwards incompatible config change. Because the kubeadm MasterConfiguration is written by the old version of kubeadm and read by the new one, this incompatibility causes the upgrade to fail.
To mitigate this, I've written a simple transform that operates on a map-based version of the config. This map is mutated to make it compatible with the new structure, then serialised to JSON and deserialised by the usual APIMachinery.
Because of complications with the multiple versions, this PR enforces kubeadm only being used to upgrade to kubernetes of the same minor and major versions.
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes [kubeadm#744](https://github.com/kubernetes/kubeadm/issues/744#issuecomment-379045823L)
This PR is an alternate take on #62353. Instead of trying to gate migration on versions, this constrains kubeadm to only upgrade versions from the same major and minor versions.
Special notes for your reviewer:
```release-note
fixes configuration error when upgrading kubeadm from 1.9 to 1.10+
enforces kubeadm upgrading kubernetes from the same major and minor versions as the kubeadm binary.
```
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bzl: build --config unit should build with race enabled
This allows preheating unit test runs with:
bazel build -k --config unit -- //... -//vendor/...
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Parallelize GCE loadbalancer tests
**What this PR does / why we need it**:
- Encapsulate IP counter in Mocks. Previously, ipCounter was a global int modified by multiple tests.
- Use mock-provided Lock before modifying resources.
- Parallelize loadbalancer tests.
```release-note
NONE
```
Kubernetes Submit Queue