Automatic merge from submit-queue (batch tested with PRs 52471, 53708). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean up winkernel proxy
**What this PR does / why we need it**:
clean up winkernel proxy
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Need to validate taint effect when removing taints.
Instead of reporting taint not found, it's better to report user
that the effect is invalid. This will help user to check errors.
So when user tries to remove a taint, two conditions will be checked:
1. Whether or not the effect is an empty string.
2. Whether or not the non-empty effect is a valid taint effect.
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix 404 link in changelog-1.6
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl resource builder to use versioned list
Switch to using a versioned listed when return an object from the resource builder.
This is necessary to allow cli's built outside the kubernetes/kubernetes repo to vendor the resource builder logic without vendoring all of Kubernetes.
The following commands call the modified function. (identified by changing the function name and recompiling)
- [x] `attach`
- pkg/kubectl/cmd/attach.go:155: builder.Do().Object
- passes to `AttachablePodForObject` which does not support Lists of any kind
- [x] `get`
- pkg/kubectl/cmd/get.go:251: r.Object
- [x] check if isList with `IsListType` -> `GetItemsPtr` -> check for presence of `Items` field
- [x] pass to `ResourceVersion` -> `CommonAccessor` -> checks for `metav1.ListInterface` (which this PR introduces a compile time check to ensure v1.List implements this)
- [x] pass to `ExtractList` -> checks if items implement `runtime.RawExtension`
- [x] `rolling_update`
- pkg/kubectl/cmd/rollingupdate.go:207: request.Object
- only accepts lists of length 1. updated in PR to support both api.List and v1.List
- [x] `rollout_status`
- pkg/kubectl/cmd/rollout/rollout_status.go:107: r.Object
- passes to `ResourceVersion` -> `CommonAccessor` -> checks for `metav1.ListInterface`
```release-note
NONE
```
Closeskubernetes/kubectl#81
Automatic merge from submit-queue (batch tested with PRs 52747, 54329). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix scheduler permissions to be able to patch pods/status
Add "patch" to the list of default operations that kube-scheduler can perform on pods. In 1.8, kube-scheduler was setting annotations via pod/status update, but later it was changed to patch pods. This PR changes default RBAC permissions of kube-scheduler so that it can set annotations of pods.
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 52747, 54329). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Device Plugin Endpoints correctly closes client connexion
**What this PR does / why we need it**:
Endpoints in the device plugin may unexpectedly end. Currently the connexion will not be properly closed.
This commit aims to fix this
Related issues #51993
**Special notes for your reviewer**: @jiayingz @mindprince @vishh
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54199, 54181, 54196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pass zone name instead of zone url to GCE API to update NIC setting for alias range
**What this PR does / why we need it**:
Zone passed to gce.serviceAlpha.Instances.UpdateNetworkInterface(...) as a URL as it results the following error:
Could not add alias 10.64.3.0/24 for node "kubernetes-minion-group-mhhd": googleapi: Error 400: Invalid value 'http://www.googleapis.com/compute/alpha/projects/bigclustertestdev0-devconsole/zones/dev-central1-std'. Values must match the following regular expression: '[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?', invalidParameter
The fix is to extract (last component of URL) the zone name from the corresponding resource URL.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
No issue filed yet.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54199, 54181, 54196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update openapi to use kube-openapi code
**What this PR does / why we need it**: OpenAPI code has moved to `github.com/kubernetes/kube-openapi`. Let's use that code as a dependency, since now it's duplicated.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51823
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
No user visible changes. Just code moving around.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typos: replace SECONDARY-RANGE-NAME with SECONDARY_RANGE_NAME.
**What this PR does / why we need it**:
Without the fix, secondary_range_name in /etc/gce.conf in node will always be empty.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
addons/dns: changing probes for ANY IP record type
Signed-off-by: André Martins <aanm90@gmail.com>
**What this PR does / why we need it**:
Changes the kube-dns probes to ANY IP record to solve kube-dns probes failures when kubernetes master is running with an IPv6 only address.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51371
/sig network
/area ipv6
Automatic merge from submit-queue (batch tested with PRs 52147, 54309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bootstrap policy with replicaset/daemonset permissions in the apps API group
Resolves#54310
Bootstrap policy was not updated when replicasets and daemonsets got promoted to the apps group
```release-note
Resolves forbidden error when accessing replicasets and daemonsets via the apps API group
```
Automatic merge from submit-queue (batch tested with PRs 52147, 54309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deviceplugin refactoring: cleanup some unnecessary functions
**What this PR does / why we need it**:
cleanup some of unnecessary functions of deviceplugin to improve code readability
**Which issue this PR fixes**
fixes#51993
Part1
**Special notes for your reviewer**:
Currently, it seems that func `IsResourceNameValid` is not used outside and could be changed to internal.
But as Renaud commented, it is designed for potential usage from users outside.
And I could not find a better position to place the func, except for file `utils.go`. So, shall we just retain the `utils.go` file, and maybe for possible expansion in the future?
/cc @jiayingz @RenaudWasTaken @vishh
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update .dockercfg content to config.json
update the data format of .dockercfg to match the new docker config.json
format, which encapsulates all registry auth objects in an overall
"auths" object when an option `--config-format` is specified with the value
`--config-format=config.json`:
```
{
"auths": {
"reg.url": {
"auth": "...=="
}
}
}
```
**Release note**:
```release-note
secret data containing Docker registry auth objects is now generated using the config.json format
```
cc @bparees @fabianofranz
Automatic merge from submit-queue (batch tested with PRs 54113, 54234). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding config option to add additional SANs to the master's certificate.
Regenerate certificate if data on certificate changes. This includes IP address and SANs.
Restart API server after updating certificate.
**What this PR does / why we need it**:
This allows users to add addition SAN entries to the certificate generated.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/426
**Special notes for your reviewer**:
**Release note**:
```release-note
Added support for SAN entries in the master node certificate via juju kubernetes-master config.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create new unit tests for version and kind validation
This is a follow up PR per discussion in the
https://github.com/kubernetes/kubernetes/pull/53587
Creating new unit tests here for basic and aggregated validation of version
and kind group.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51402, 54283). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Abstract contains function to common place
**What this PR does / why we need it**:
There are identical "contains" func in multiple files,better to abstract it to common place
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
NONE
**Release note**:
NONE
Automatic merge from submit-queue (batch tested with PRs 51402, 54283). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add event broadcaster logging for all contoller managers
**What this PR does / why we need it**:
add event broadcaster logging for controller -manager, and it help debug/trace resource status directly.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51400
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
support imagePullSecrets and imagePullPolicy in kubefed init
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50718
**Special notes for your reviewer**:
/assign @gyliu513
**Release note**:
```release-note
support imagePullSecrets and imagePullPolicy in kubefed init
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cleaning newNodeController from unsupported kubelet version
**What this PR does / why we need it**: this part of the #52356 effort
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm should check for bridge-nf-call-ip6tables
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
**What this PR does / why we need it**:
Curently Kubeadm checks that bridge-nf-call-iptables is set to 1, but does not check
for bridge-nf-call-ip6tables. When using IPv6, kubeadm should check that this is set.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53013
**Special notes for your reviewer**:
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use GetByKey() in typeLister_NonNamespacedGet
The Get() function of non-namespace lister passes a temporary object to
indexer.Get() in order to fetch the actual object from the indexer. This
may cause Go to allocate the temporary object on the heap instead of the
stack, as it is passed into interfaces. For non-namespaced objects,
Get(&Type{ObjectMeta: v1.ObjectMeta{Name: name}}) should be equivalent
to GetByKey(name).
This could be the root cause of excessive allocations, e.g. in tests
clusterRoleLister.Get() has trigger 4 billion allocations. See
openshift/origin#16954
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
avoid kubelet converts and validates pods multiple times
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53171
**Special notes for your reviewer**:
/assign @yujuhong @caesarxuchao
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 54031, 54261). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow absent Weight if PrioritizeVerb is empty
The scheduler currently validates `ExtenderConfig.Weight` (the weight applied to `Prioritize`) even when `ExtenderConfig.PrioritizeVerb` is empty, which is not correct. A configuration without these two fields should be allowed.
**Release note**:
```
None
```
/sig scheduling
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
reopen#53856 about doTestPlugin func delete volumePath in nfsvolume
**What this PR does / why we need it**:
reopen#53856 because of some reason that the branch become unknown repository,so commit a new pr and then close The original pr,thanks!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update gRPC to pick up data race fix
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53124
**Special notes for your reviewer**:
**Release note**:
```release-note
update gRPC to v1.6.0 to pick up data race fixgrpc/grpc-go#1316
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix dockershim panic when listing images
**What this PR does / why we need it**:
dockershim panic when listing containers because of `opts.Filters` not initialized:
505ccb88da/pkg/kubelet/dockershim/docker_image.go (L35-L39)
Also when imgSpec.Image is empty string, dockershim returns an empty image list which is not expected. (We should not set opts.Filters in this case).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54122
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
If there is no available node for LoadBalancer service, the LoadBlancer
service will become unavailable, we should update service status.
This is part of #53193
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add timothysc to test approvers
I've avoided this responsibility and leveraged super-powers, but I should own up and make it more legit. I've been working on the testing jiggery since epoch.
/cc @spiffxp @ixdy @fejta
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Try in-cluster config before using localhost:8080
**What this PR does / why we need it**:
When starting an e2e test in a pod in a cluster, if the host is
not specified in the command line, we default to using
'http://127.0.0.1:8080' currently. We should be discovering the
host/port using the in-cluster config and using that if
possible.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#53894
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue