Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reduce latency to node ready after CIDR is assigned.
This adds code to execute an immediate runtime and node status update when the Kubelet sees that it has a CIDR, which significantly decreases the latency to node ready.
```release-note
Speed up kubelet start time by executing an immediate runtime and node status update when the Kubelet sees that it has a CIDR.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make OpenStack cloud provider report a node hostname address
Related to: #67714
Cloud-provider-reported addresses are authoritative in 1.12, this
preserves default behavior that used the internal dns name as
the "Hostname" address on Node status.
**Release note**:
```release-note
The OpenStack cloud provider now reports a `Hostname` address type for nodes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set --audit-webhook-mode flag properly based on the env variable
**What this PR does / why we need it**:
Audit webhook mode control via env variable is currently broken and this is the fix.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66980, 67604, 67741, 67715). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make aws cloud provider report a node hostname address
Cloud-provider-reported addresses are authoritative in 1.12, this preserves default behavior that used the internal dns name as the "Hostname" address on Node status
/sig aws
/sig cloud-provider
```release-note
The aws cloud provider now reports a `Hostname` address type for nodes based on the `local-hostname` metadata key.
```
Automatic merge from submit-queue (batch tested with PRs 66980, 67604, 67741, 67715). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vsphere: add tests for Cloud Provider Zones implementation
**What this PR does / why we need it**:
- Add tests for GetZones()
- Fix bug where a host tag other than region or zone caused an error
- Fix bug where GetZones() errored if zone tag was set, but region was not
Follow up to PR #66795 / towards #64021
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66980, 67604, 67741, 67715). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of Azure cross resource group nodes
**What this PR does / why we need it**:
Part of feature [Cross resource group nodes](https://github.com/kubernetes/features/issues/604).
This PR adds support of Azure cross resource group nodes that are labeled with `kubernetes.azure.com/resource-group=<rg-name>` and `alpha.service-controller.kubernetes.io/exclude-balancer=true`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
See designs [here](https://github.com/kubernetes/community/pull/2479).
**Release note**:
```release-note
Azure cloud provider now supports cross resource group nodes that are labeled with `kubernetes.azure.com/resource-group=<rg-name>` and `alpha.service-controller.kubernetes.io/exclude-balancer=true`
```
/sig azure
/kind feature
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Correct typos and missing word in help text
**What this PR does / why we need it**:
Corrects a grammatical/readability error in the help output.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reduce API calls for Azure instance metadata
**What this PR does / why we need it**:
Azure cloud provider gets a lot of `"Too many requests"` error when getting availability zones, instance types and node addresses. Hence kubelet won't be able to initialize itself sometimes.
This PR reduces such calls and alos switches to json API which is more stable.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/Azure/acs-engine/issues/3681
**Special notes for your reviewer**:
**Release note**:
```release-note
Reduce API calls for Azure instance metadata.
```
cc @ritazh @khenidak @andyzhangx
Automatic merge from submit-queue (batch tested with PRs 59230, 66233, 67483, 67713). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubectl create secret tls work with process substitution
Fixes#57909
```release-note
`kubectl create secret tls` can now read certificate and key files from process substitution arguments
```
Automatic merge from submit-queue (batch tested with PRs 59230, 66233, 67483, 67713). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
change default value of kind for azure disk
**What this PR does / why we need it**:
change default value of kind for azure disk, as we are suggesting users to use managed disk, default value should be managed disk.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67480
**Special notes for your reviewer**:
assign @feiskyer
FYI @khenidak @brendandburns
**Release note**:
```
change default value of kind for azure disk
```
/kind feature
/sig azure
Automatic merge from submit-queue (batch tested with PRs 59230, 66233, 67483, 67713). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
translations: point license header to Kubernetes
Part of https://github.com/kubernetes/sig-release/issues/223 and https://github.com/kubernetes/steering/issues/57 (point 7):
> In the translations/ folder in kubernetes, there are 12 files stating that "This file is distributed under the same license as the PACKAGE package." (e.g., here) Can these be corrected to refer to Kubernetes specifically?
/cc justaugustus swinslow
/assign justaugustus brendandburns
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
should log error when error in parsing device plugin image
**What this PR does / why we need it**:
add some extra error log in parsing the device plugin image. Error happened in my setup when fetching the yaml from url, but since no error log printed it cost a long time to figure out the reason. So it'd be nice to print the error IMO.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig-node
Related to: #67714
Cloud-provider-reported addresses are authoritative in 1.12, this
preserves default behavior that used the internal dns name as
the "Hostname" address on Node status.
Automatic merge from submit-queue (batch tested with PRs 67576, 66936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support dry run in admission webhooks
**What this PR does / why we need it**:
Follow up to https://github.com/kubernetes/kubernetes/pull/66391
- [x] add DryRun to ```admission.k8s.io/v1beta1.AdmissionReview```
- [x] add DryRunnable to ```admissionregistration.k8s.io/v1beta1.(Valid|Mut)atingWebhookConfiguration```
- [x] add dry run support to (Valid|Mut)atingAdmissionWebhook
Includes all the api-changes outlined by https://github.com/kubernetes/community/pull/2387
/sig api-machinery
**Release note**:
```release-note
To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Externalize serviceaacount admission controller
ref: #66680
this pull externalizes serviceaccount admission controller in which secret & serviceaccount informers will be completely replaced.
/sig api-machinery
**Release note**:
```release-note
NONE
```
- Add tests for GetZones()
- Fix bug where a host tag other than region or zone caused an error
- Fix bug where GetZones() errored if zone tag was set, but region was not
Follow up to PR #66795 / towards #64021
Automatic merge from submit-queue (batch tested with PRs 66973, 67704, 67722, 67723, 63512). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Populate internal DNS names in GCE provider
Both VM name and hostname are internally routable.
**What this PR does / why we need it**: GCE cloud provider only populated IP addresses for instances. This PR adds internal DNS names. DNS names are used e.g. in kubelet server certificates (5b77996433/pkg/kubelet/kubelet.go (L385))
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66973, 67704, 67722, 67723, 63512). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
godeps: update vmware/govmomi
**What this PR does / why we need it**:
Update required to continue work on #64021
- The govmomi tag API changed
- Pulling in the new vapi/simulator package for testing the VCP Zones impl
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66973, 67704, 67722, 67723, 63512). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Externalize default storageclass admission controller
now continue with this low hanging fruit.
and we will seriously step into deep water zone like `resourcequota` 🙃
ref: #66680
/assign deads2k
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm ha upgrade
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm). see [KEP 0015](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) for more context
With this PR, kubeadm implements a new command `kubeadm upgrade node experimental-control-plane` that managed upgrade of control plane components on a secondary control plane instance.
The entire workflow in case of HA clusters will be:
- Upgrade the control plane
- run `kubeadm upgrade apply` on a first control plane instance
- run `kubeadm upgrade node experimental-control-plane` on secondary control plane instances
- Upgrade nodes
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
kubeadm now has the `kubeadm upgrade node experimental-control-plane` command for upgrading secondary control plane instances created with `kubeadm join --experimental-control-plane`.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[reissue] kubeadm: Split out ClusterConfiguration from InitConfiguration
As @luxas is not able to take care of #66219, I am reissuing the same change here. There are a few minor things added by me:
- The original PR is rebased on latest master.
- Some broken tests were fixed.
- Some TODOs were added.
- Run update-bazel and update-gofmt
Below is the text of the original PR by Lucas.
-----
**What this PR does / why we need it:**
Splits MasterConfiguration to InitConfiguration and ClusterConfiguration as outlined in the kubeadm Config KEP. InitConfiguration holds init-only information, and ClusterConfiguration holds cluster-wide information. In the internal representation InitConfiguration wraps ClusterConfiguration as a field, but in serialized format they're different YAML documents.
**Which issue(s) this PR fixes** (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
ref: kubernetes/kubeadm#911
Depends on:
- [X] #65776
- [X] #65628
- [X] #65629
- [X] #65631
- [X] #65940
- [X] #65787
- [X] #65945
- [X] #65951
- [X] #65952
**Special notes for your reviewer:**
**Release note**:
```release-note
kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 63757, 67698, 67712, 67494, 67700). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix test case: invalid version should not trigger network operations
**What this PR does / why we need it**: current invalid version value in the test case triggers network operation to check it validity via `https://dl.k8s.io/`. Using incorrect semantic version will achieve same result of test case without possibility to trigger network connection.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63757, 67698, 67712, 67494, 67700). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make log more readable
**What this PR does / why we need it**:
Make log more readable
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
NONE
**Release note**:
```
NONE
```
/kind cleanup
/release-note-none
Automatic merge from submit-queue (batch tested with PRs 63757, 67698, 67712, 67494, 67700). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix NameFromCommandArgs when passing command after --
**What this PR does / why we need it**:
This fixes `kubectl create deployment name --image=xyz -- mycommand` invocation. Currently the `NameFromCommandArgs` is unnecessarily parsing arguments after `--`.
**Special notes for your reviewer**:
/assign @juanvallejo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused functions in cmd
**What this PR does / why we need it**:
/kind cleanup
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66229, 67682, 67585, 67641, 67697). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix validation logic in E2ETestNodePreparer.
**What this PR does / why we need it**:
There is a bug in E2ETestNodePreparer validation logic.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66229, 67682, 67585, 67641, 67697). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't ignore error in GetMasterAndWorkerNodesOrDie.
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/issues/67584 I'm seeing that method to be failing. Without any error message, it's not possible to debug what is happening there.
Although this method has 'OrDie' in name, it ignores an error and never dies.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66229, 67682, 67585, 67641, 67697). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/kubectl: fix spelling mistake
**Release note**:
```release-note
NONE
```
Jordan Liggitt