Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
Export BaseControllerRefManager
**What this PR does / why we need it**:
It exports go struct `baseControllerRefManager`. This is needed so other distributions like OpenShift or TPR controllers can reuse that code for writing ref managers for other objects.
**Release note**:
It is not worthy of a release note.
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
Update two dependencies
**What this PR does / why we need it**:
github.com/stretchr/testify - main desired update. Old version has bugs. Specifically I encountered https://github.com/stretchr/testify/issues/347 which was fixed a year ago.
github.com/davecgh/go-spew/spew is set to the newest version, a bit
newer than required by testify. Updated from version 6 Nov 2015 to
27 Jun 2017.
github.com/stretchr/objx is not updated - testify uses version
from 27 May 2014 which is older than 28 Sep 2015 used now (latest
actually). In practice there is only a tiny difference - one method was
removed in new version.
**Release note**:
```release-note
NONE
```
/sig testing
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
Fix typo in ExecCommandParam
**What this PR does / why we need it**: Makes ExecCommandParam look like all of the other "Param"s
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
kubeadm: Make kube-proxy tolerate the uninitialized cloud taint
**What this PR does / why we need it**:
This is needed in order to start the cloud-controller-manager successfully. The cloud controller manager should run as a DaemonSet with a nodeSelector for master nodes. The cloud controller manager should run on the hostNetwork to avoid the bootstrap problem when there is no CNI network yet. But the cloud controller manager needs to know how to address the master. It does this by talking to the kubernetes service (e.g. 10.96.0.1). That iptables rule must exist at the time, which now isn't the case when kube-proxy isn't running. kube-proxy isn't running due to that the kubelet is tainted with the external cloud taint.
This PR makes kube-proxy tolerate the cloud taint, so that the cloud controller manager can run easily on kubeadm clusters.
This was found by @prydie, thanks!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
This should probably be a cherrypick candidate so folks can use kubeadm to easily create external cloud clusters. The change is small and isolated.
cc @wojtek-t
**Release note**:
```release-note
kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm
```
cc @kubernetes/sig-cluster-lifecycle-pr-reviews @wlan0 @thockin
Transitional part of kubernetes/test-infra#3307, should be eliminated
by kubernetes/test-infra#3330: Allow NODE_INSTANCE_GROUP to be set
before we get here, which eliminates any cluster/gke use if
KUBERNETES_CONFORMANCE_PROVIDER is set to "gke".
Automatic merge from submit-queue (batch tested with PRs 48997, 48595, 48898, 48711, 48972)
Revert "Use go-ansiterm version matching docker/pkg/term/windows v1.11"
This reverts commit 72044a11a1.
**What this PR does / why we need it**: earlier this week, #47140 updated the vendored azure dependencies, which broke the windows build because the docker dependencies were too old. #48933 was merged, which reverted part of #47140 and fixed the build, but then #48308, which updated the vendored docker dependencies, broke the windows build again.
By reverting #48933, we should get back to a working build, I hope.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48887
**Release note**:
```release-note
NONE
```
/release-note-none
/test pull-kubernetes-cross
/assign @brendandburns
cc @karataliu @yguo0905 @yujuhong @dchen1107
Automatic merge from submit-queue (batch tested with PRs 48997, 48595, 48898, 48711, 48972)
minor adjustments in the sample apiserver around resource creation.
**What this PR does / why we need it**: This PR improves `NewREST` method to support an error and nor-error path. The method is then wrapped in a convenient function which panics on error.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48997, 48595, 48898, 48711, 48972)
Use local PX endpoint for mount, unmount, detach and attach calls
**What this PR does / why we need it**:
This PR fixes an issue with Setup and TearDown of Portworx volumes which has side-effects such a Pod using a Portworx volume not being able to start on the minion.
**Which issue this PR fixes**: fixes#49034
This PR addresses an issue that fails to mount, attach, unmount or detach a volume when Kubernetes sends these requests to Portworx when it's API server on that particular minion is down.
Portworx mount, unmount, attach and detach requests need to be received on the minion where the pod is running. So these calls need to talk to the Portworx API server running locally on that node (and NOT to the Portworx k8s service since it may route the request to any node in the cluster). This PR explicitly makes such requests local only.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48997, 48595, 48898, 48711, 48972)
remove useless code in podautoscaler
**What this PR does / why we need it**:
code optimization,remove some useless code.
**Special notes for your reviewer:**
My first Kubernetes PR,please let me know if anything wrong on this one.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48997, 48595, 48898, 48711, 48972)
hpa: Prevent scaling below MinReplicas if desiredReplicas is zero
**What this PR does / why we need it**:
Prevent a HPA scaling below `minReplicas` if `desiredReplicas` is calculated as `0`.
Example events of a HPA continuously scaling between `1` and `MinReplicas`:
```
2h 59s 22 horizontal-pod-autoscaler Normal SuccessfulRescale New size: 1; reason: All metrics below target
2h 29s 22 horizontal-pod-autoscaler Normal SuccessfulRescale New size: 15; reason: Current number of replicas below Spec.MinReplicas
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49028
**Special notes for your reviewer**:
**Release note**:
```release-note
hpa: Prevent scaling below MinReplicas if desiredReplicas is zero
```
Automatic merge from submit-queue
Kubelet CRI: move seccomp from annotations to security context
**What this PR does / why we need it**:
This is the final step for #39130, which moves seccomp from annotations to linux container security context. And it also fixes#36997 by set the full seccomp profile path for node-installed profiles.
Note it doesn't include spec the seccomp profile format, which should be addressed at #39128. And a following PR is required for implementing in kuberuntime and dockershim.
**Which issue this PR fixes**
Fixes#39130Fixes#36997
**Special notes for your reviewer**:
**Release note**:
```release-note
Kubelet CRI: move seccomp from annotations to security context.
```
Automatic merge from submit-queue (batch tested with PRs 48494, 48733)
Never prevent deletion of resources as part of namespace lifecycle
Namespace lifecycle should not prevent deletion of resources... its purpose is to prevent creation of resources in a terminating namespace, or create/update of resources in a non-existent namespace.
Fixes#49027
Automatic merge from submit-queue (batch tested with PRs 48494, 48733)
Move test-webserver from contrib/for-demos to kubernetes/test/images
**What this PR does / why we need it**:
This PR is for
- Moving the https://github.com/kubernetes/contrib/tree/master/for-demos/test-webserver to kubernetes/test/images - Refer https://github.com/kubernetes/contrib/pull/2544 for more information
- Multi architecture support for test-webserver image
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 48991, 48908)
Group every two services into one in load test
Ref https://github.com/kubernetes/kubernetes/issues/48938
Following from discussion with @bowei and @freehan .
This reduces #services to 8200 while keeping no. of backends same.
/cc @wojtek-t @gmarek
Automatic merge from submit-queue
Remove old, core/v1 specific constructs from RESTClient
Now that metav1 is abstracted from the APIs, RESTClient should also be agnostic to the core API.
* Remove `LabelSelectorParam` and `FieldSelectorParam` - use `VersionedParams` with `ListOptions`
* Remove `UintParam`
* Remove all legacy field selector logic from `VersionedParams` - ParameterCodec now handles that
* Remove special parameters (like `timeout`) which is no longer set by most clients
Automatic merge from submit-queue (batch tested with PRs 48262, 48805)
[Scheduler] Use const value maxPriority instead of immediate value 10
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
Use const value maxPriority instead of immediate value 10.
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48262, 48805)
Fix condition in autoscaler e2e
Fix off-by-one in cluster-autoscaler that made the test trivially
pass (without actually requiring scale-up to happen).
Automatic merge from submit-queue
forget pod first after binding failed
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
In the implementation of scheduler cache, `FinishBinding` marks Pod expired, and then pod would be cleaned in ttl seconds. While `ForgetPod` checks Pod whether assumed, if not, it reports an error.
So if binding failed and ttl(now 30s) is too short, the error will occur when `ForgetPod`, thus we won't record `BindingRejected` event.
Although it's rare, we shouldn't depend on the value of ttl.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Changes to fix the node eviction flake
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#39975
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Log error when failed to renew lease.
**What this PR does / why we need it**:
Log detailed error when leaderelection can not renew release.
It would add a little bit help to find direct reason of failing renew lease
```
E0626 15:23:06.269198 46443 leaderelection.go:263] Failed to update lock: etcdserver: request timed out
E0626 15:23:07.528206 46443 leaderelection.go:263] Failed to update lock: Operation cannot be fulfilled on endpoints "kube-scheduler": the object has been modified; please apply yo
ur changes to the latest version and try again
E0626 15:23:07.528260 46443 event.go:259] Could not construct reference to: '&v1.Endpoints{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"", GenerateN
ame:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*
v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]str
ing(nil), ClusterName:""}, Subsets:[]v1.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'LeaderElection' 'gd6-k8s-noah-prod0
01-master-s0004 stopped leading'
I0626 15:23:07.528391 46443 leaderelection.go:208] failed to renew lease kube-system/kube-scheduler
F0626 15:23:07.528422 46443 server.go:134] lost master
```
Kubernetes Submit Queue