Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
move term to kubectl/util
move term from pkg/util/term to pkg/kubectl/util/term
remove dependency of `k8s.io/kubernetes/pkg/util/term` for `pkg/kubelet/dockershim/exec.go` and `pkg/kubelet/dockershim/exec.go`
Ref: https://github.com/kubernetes/kubernetes/issues/48209
```release-note
NONE
```
/assign @apelisse @monopole
cc: @pwittrock
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
Add ApiEndpoint support to GCE config.
**What this PR does / why we need it**:
Add the ability to change ApiEndpoint for GCE.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
GZip openapi schema if accepted by client
**What this PR does / why we need it**: Uses gzip "Accept-Encoding" flag rather than specific path to download gzipped openapi schema.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48375
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
removed 'Storage' option from 'kubectl top' like options
**What this PR does / why we need it**:
https://github.com/kubernetes/kubectl/issues/34
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 47918, 47964, 48151, 47881, 48299)
Add unit test coverage for nvidiaGPUManager initialization
Part of #47750
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
kubelet: remove unused bandwidth shaping teardown code
Since v1.5 and the removal of --configure-cbr0:
0800df74ab "Remove the legacy networking mode --configure-cbr0"
kubelet hasn't done any shaping operations internally. They
have all been delegated to network plugins like kubenet or
external CNI plugins. But some shaping code was still left
in kubelet, so remove it now that it's unused.
@freehan @thockin @bprashanth
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
OpenAPI downloads protobuf rather than Json
**What this PR does / why we need it**:
The current implementation of the OpenAPI getter fetches the swagger in a Json format from the apiserver. The Json file is big (~1.7mb), which means that it takes a long time to download, and then a long time to parse. Because that is going to be needed on each `kubectl` run later, we want this to be as fast as possible.
The apiserver has been modified to be able to return a protobuf version of the swagger, which this patch intends to use.
Note that there is currently no piece of code that exists that allows us to go from the protobuf version of the file, back into Json and/or `spec.Swagger`. Because the protobuf is not very different (but significantly different enough that it can't be translated), I've updated the code to use `openapi_v2.Document` (the protobuf type) everywhere rather than `spec.Swagger`. The behavior should be identical though.
There are more changes that are coming in follow-up pull-requests: using the gzip version (also provided by the new apiserver) to even further reduce the size of the downloaded content, and use the HTTP Etag cache mechanism to completely get rid of recurrent fetch requests. I'm currently working on these two features.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
Add bind mount /etc/resolv.conf from host to containerized mounter
Currently, in containerized mounter rootfs, there is no DNS setup. If client
try to set up volume with host name instead of IP address, it will fail to resolve
the host name.
By bind mount the host's /etc/resolv.conf to mounter rootfs, VM hosts name
could be resolved when using host name during mount.
```release-note
Fixes issue where you could not mount NFS or glusterFS volumes using hostnames on GCI/GKE with COS images.
```
Automatic merge from submit-queue (batch tested with PRs 43558, 48261, 42376, 46803, 47058)
Fix removing finalizer for garbage collector
The loop should use 'continue' not 'break', otherwise removeFinalizer()
not only removes "orphaningFinalizer" from its finalizers list but
also removes others.
Fix#48363
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
kubeadm: If `--config` is set, don't allow any other option as it won't have effect
If use config in kubeadm init, cann't get other values from other arguments.
`kubeadm init --config=../kubeadm.config --token 447ad3.96cda76e3206fca0 --apiserver-bind-port 6445`
So I think we need to allow get values from command and is prior than cofig file.
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037)
Make the `--controllers` flag configurable in hack/local-up-cluster.sh
**What this PR does / why we need it**:
add options to enable tokencleaner,bootstrapsigner controller for bootstrap token testing
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037)
Make Makefiles in `test/images/` compatible with multiple architectures
**What this PR does / why we need it**:
This PR is for making test images multi architecture for different platforms like amd64, arm, arm64, ppc64le
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #31331
**Special notes for your reviewer**:
- Actual tests need to be modified to use these images based on the architecture later.
- Not covering the cross building of docker images for `s390x` platform due to problem faced while running containers with `qemu-s390x-static`
- Will submit separate PR for `volume and pet` test images
- This PR depends on - https://github.com/kubernetes/ingress/pull/587
**Release note**:
```NONE```
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037)
kubeadm: Remove v1.6 version gates, cleanup unused code, etc.
**What this PR does / why we need it**:
- Removes v1.6 version gates and requires a control plane version of v1.7.0 and above
- Removes unused/unnecessary functions that got freed up as a consequence of that
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes: kubernetes/kubeadm#327
**Special notes for your reviewer**:
This PR targets v1.8, can be merged first when the code freeze is lifted
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @timothysc @mikedanese @pipejakob
Since v1.5 and the removal of --configure-cbr0:
0800df74ab "Remove the legacy networking mode --configure-cbr0"
kubelet hasn't done any shaping operations internally. They
have all been delegated to network plugins like kubenet or
external CNI plugins. But some shaping code was still left
in kubelet, so remove it now that it's unused.
Automatic merge from submit-queue
Add waiting for node to become schedulable again in Cluster Autoscaler tests
Adding retrying until CriticalAddonsOnly taint is removed.
This fixes the issue where after disabling and fixing node as part of a test scenario, taint was added by a rescheduler and caused subsequent tests to fail.
Automatic merge from submit-queue
don't accept delete tokens that are waiting to be reaped
With garbage collection, it becomes possible (even likely) that we will have finalizers specified on resources before they are reaped. A secret or an SA which has been deleted and is awaiting reaping should not be considered valid. This adds checking for whether those have been deleted.
@kubernetes/sig-auth-misc
```release-note
Previously a deleted service account token secret would be considered valid until it was reaped. Now it is invalid as soon as the deletionTimestamp is set.
```
Automatic merge from submit-queue
Fix broken markdown format in v1.7 CHANGELOG
**What this PR does / why we need it**:
- fix broken markdown format in v1.7 CHANGELOG
- remove those changes which have release notes `NONE`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48325
**Special notes for your reviewer**:
/cc @dchen1107 @caesarxuchao @luxas @idvoretskyi @@calebamiles
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix a typo in deletion log of apiserver
**What this PR does / why we need it**:
I just fix a typo in a log message. Nothing more 😄
**Which issue this PR fixes**
apiserver sometimes log this message "About do delete object from database". It seems that there is a typo for `to`.
```release-note
Fix a typo in apiserver log message
```
Automatic merge from submit-queue
Validate if service has duplicate targetPort
**What this PR does / why we need it**:
Validate if a service has dup targetport
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47222
**Special notes for your reviewer**:
/cc @thockin
@kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Refactor unstructured converter
**What this PR does / why we need it**:
See #48039. Makes it impossible to misuse unstructured converter.
**Which issue this PR fixes**:
Fixes#48039
**Release note**:
```release-note
NONE
```
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 46336, 47643)
Add node e2e tests for runAsUser
**What this PR does / why we need it**:
This PR adds node e2e tests for runAsUser.
**Which issue this PR fixes**
Part of #44118.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Do not fail on error when deleting ingress
Fixes#48239
If the api server or master is unavailable, the test should manually teardown load balancer resources.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Populate endpoints for headless service with no ports
**What this PR does / why we need it**:
- populate endpoints with headless service (thanks @fraenkel for the original PR!)
- allow ports with headless service
- nits
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#32796https://github.com/kubernetes/kubernetes/issues/32796#issuecomment-270462724
**Special notes for your reviewer**:
/cc @thockin @fraenkel
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Allocate clusterIP when change service type from ExternalName to ClusterIP
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#35354#46190
**Special notes for your reviewer**:
/cc @smarterclayton @thockin
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Securing the cluster created by Juju
**What this PR does / why we need it**: This PR secures the deployments done with Juju master. Works around certain security issues inherent to kubernetes (see for example dashboard access)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
Securing Juju kubernetes dashboard
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
dockershim: checkpoint HostNetwork property
To ensure kubelet doesn't attempt network teardown on HostNetwork
containers that no longer exist but are still checkpointed, make
sure we preserve the HostNetwork property in checkpoints. If
the checkpoint indicates the container was a HostNetwork one,
don't tear down the network since that would fail anyway.
Related: https://github.com/kubernetes/kubernetes/issues/44307#issuecomment-299548609
@freehan @kubernetes/sig-network-misc
Kubernetes Submit Queue