Automatic merge from submit-queue (batch tested with PRs 67596, 67520, 67605). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cert list 2
**What this PR does / why we need it**:
Continuation of #67208. Uses the newly created declarative list of certificates kubeadm requires for the certs phase and upgrade steps.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add --dns-loop-detect option to dnsmasq run by kube-dns
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67299
**Special notes for your reviewer**:
/cc @kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
add --dns-loop-detect option to dnsmasq run by kube-dns
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-{apiserver,ctrl-mgr}: unify into DeprecatedInsecureServingOptions
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 66793, 67405, 67068, 67501, 67484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove images from the context of kubeletFailTempl
**What this PR does / why we need it**:
Since #66658 kubeletFailTempl no longer contains any images, thus we don't need to fill them
in its context.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/kind cleanup
/assign @timothysc
/assign @fabriziopandini
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66209, 67380, 67499, 67437, 67498). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use versioned api in kube-proxy
**What this PR does / why we need it**:
Now in kube-proxy someplace still use the internal version api, change to use versioned api.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66209, 67380, 67499, 67437, 67498). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Make kubelet healthz port a constant
**What this PR does / why we need it**:
Make kubelet healthz port a constant
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add test for scheduler config defaults
This test will let us notice if defaults change when loading from a config file or from flags.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Synchronous & unbatched audit log writes
**What this PR does / why we need it**:
When enabling buffered audit log file writes to reduce latency under high load, we shouldn't be batching the writes, as the large data write can have an inverse (though unpredictable) impact. Additionally, batched audit log writes should not be done asynchronously, as this just creates lock contention on the log writer.
This is a clean-ed up version of https://github.com/kubernetes/kubernetes/pull/61217
**Which issue(s) this PR fixes**
Fixes#61932
**Release note**:
```release-note
NONE
```
/sig auth
/priority important-soon
/kind bug
/milestone v1.12
kubeletFailTempl no longer contains any images, thus we don't need to fill them
in its context.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused code in kubeadm/app/cmd/reset_test.go
**What this PR does / why we need it**:
remove unused code in kubeadm/app/cmd/reset_test.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62441, 66702, 67254, 67421, 65309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add backoff for DS's pod deletion to limit fighting with kubelet failing the pod repeatedly
**What this PR does / why we need it**:
Limits consequences of DS controller on hot loop fighting with kubelet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/65240
**Release note**:
```release-note
DaemonSet controller is now using backoff algorithm to avoid hot loops fighting with kubelet on pod recreation when a particular DaemonSet is misconfigured.
```
TODO:
- [x] Export the backoff settings as args or constants
- [x] Add test a case
/cc @mfojtik
(Will add more folks when it's ready, to avoid spamming them.)
Automatic merge from submit-queue (batch tested with PRs 62441, 66702, 67254, 67421, 65309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Apply means to search for existing KubeConfig files in standard locations across kubeadm
**What this PR does / why we need it**:
Apply means to search for existing KubeConfig files in standard locations across kubeadm.
Tasklist:
- [x] Use the Join of Dir and File name instead of DefaultKubeConfig
- [x] Refactor token.go::findExistingKubeConfig() into a utility in cmd/kubeadm/app/cmd/util
- [x] Use the utility in config, upgrade and some of the phases commands that use --kubeconfig
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref [kubernetes/kubeadm/#805](https://github.com/kubernetes/kubeadm/issues/805)
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
First pass of cert list
**What this PR does / why we need it**:
Refactors the cert management code in kubeadm to be more extensible and resiliant.
This initial change doesn't change anything on the surface, and in fact appears to add a bunch of complexity. The goal here is to reduce duplication in the certs codebase, which is started in this PR by gutting the New*CertAndKey. Eventually, those functions will be removed altogether. The declarative list will also allow us to build a more explicit renewal function and command line interface and reduce much more duplication in the cert package.
**Special notes for your reviewer**:
**Release note**:
```
```
Automatic merge from submit-queue (batch tested with PRs 66884, 67410, 67229, 67409). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: coverage improvement about ValidateVersion function
**What this PR does / why we need it**:
In commit log :2ef8157644, remove the `MinimumVersion support` for all featuregate, but the `MinimumVersion` still as a parameter in `Feature` struct for `future featuregate`.
However,https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/features/features.go#L79-L87 still have judgement about `MinimumVersion` in `ValidateVersion` function, we also need test it.
This PR make `test coverage` about `ValidateVersion` function from `20%` to `90%`. Details as below.
Before changed, the `test coverage` are:
```
root@shap000101123:/ycj/kubernetes-community/src/k8s.io/kubernetes/cmd/kubeadm/app/features# go tool cover -func=size_coverage.out
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:71: ValidateVersion 20.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:92: Enabled 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:101: Supports 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:111: Keys 0.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:120: KnownFeatures 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:139: NewFeatureGate 94.1%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:171: ResolveFeatureGateDependencies 100.0%
total: (statements) 73.1%
```
After change, the `test coverage` are:
```
root@shap000101123:/ycj/kubernetes-community/src/k8s.io/kubernetes/cmd/kubeadm/app/features# go tool cover -func=size_coverage.out
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:71: ValidateVersion 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:92: Enabled 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:101: Supports 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:111: Keys 0.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:120: KnownFeatures 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:139: NewFeatureGate 94.1%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:171: ResolveFeatureGateDependencies 100.0%
total: (statements) 86.5%
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@luxas @neolit123 @fabriziopandini @dixudx
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
*-controller-manager: remove the redundancy import file
**What this PR does / why we need it**:
remove the redundancy import file
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
remove the redundancy import file @deads2k @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66491, 66587, 66856, 66657, 66923). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix grammar error: the predicate verb should be singular.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66491, 66587, 66856, 66657, 66923). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add space for output
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set kubeadm version as the default version in phase command.
**What this PR does / why we need it**:
In some phase commands which don't use kubernetes version, set kubeadm version as the kubernetes version to avoid get it from internet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/756
**Special notes for your reviewer**:
cc @chrisob
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm join --control-plane main workflow
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm).
With this PR, kubeadm implements the `kubeadm join --control-plane`workflow, as described in the [KEP 0015-kubeadm-join-master.md](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) with the exception of the update of the `kubeadm-config` ConfigMap that will be completed in a following PR as soon as the implementation in the config file will allow it.
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
`kubeadm join` now has the --experimental-control-plane flag that triggers deploy of a new control plane instance on the joining node.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix CRI ListKubeContainers API
**What this PR does / why we need it**:
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
**Which issue this PR fixes**
Fixes: kubernetes/kubeadm#926
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use v1 version of advanced audit policy in kubeadm
audit api version has been updated to v1 #65891
**Release note**:
```release-note
kubeadm uses audit policy v1 instead of v1beta1
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Deduplicate kube-proxy image logic
**What this PR does / why we need it**:
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to generate the image for the manifest.
This PR also removes GetKubeControlPlaneImageNoOverride as it's no longer needed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same
```
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image
override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing
for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to
generate the image for the manifest.
Additionally, GetKubeControlPlaneImageNoOverride is removed as the only use case
for the function is now invalid.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Check config path for command "kubeadm alpha phase kubelet write-env-file"
**What this PR does / why we need it**:
Explicitly check the `--config` flag of command `kubeadm alpha phase kubelet write-env-file`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/1043
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This change adds a new --rootfs=path option to kubeadm, and (if
provided) chroot()s to this path before performing file operations.
This makes it possible to run the kubeadm binary from a container, but
perform remaining file operations against the host filesystem using
something like:
docker run -v /:/rootfs --net=host --uts=host --pid=host \
kubeadm:latest init --rootfs /rootfs...
Fixeskubernetes/kubeadm#503
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix spelling mistakes
**What this PR does / why we need it**:
fix spelling mistakes
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
Fixes: kubernetes/kubeadm#926
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor storage factory config with Complete().New() flow
**What this PR does / why we need it**:
1. Split `BuildStorageFactory` constructor into `Complete().New()` flow to build an instance for etcd storage.
2. Put `EtcdOptions` and `StorageSerializationOptions` into a `StorageFactoryOptions` for a more reasonable structured config object.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Generally, my idea is to split the huge code in [https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/app/server.go](https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/app/server.go) into somewhere else making more sense :)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64815, 66823, 66473, 66466). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix ImagePullCheck output
**What this PR does / why we need it**:
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
error out empty hostname
**What this PR does / why we need it**:
For linux, the hostname is read from file `/proc/sys/kernel/hostname` directly, which can be overwritten with whitespaces.
Should error out such invalid hostnames.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#835
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
nodes: improve handling of erroneous host names
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix runtime.ImageExists API
**What this PR does / why we need it**:
runtime.ImageExists returns error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
**Which issue(s) this PR fixes**:
Fixes [kubeadm issue 1024](https://github.com/kubernetes/kubeadm/issues/1024)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kernel_validator: amend kernel config check paths
**What this PR does / why we need it**:
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This PR amends the path to kernel validator's
config check paths.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
e2e_node: add new kernel config check paths
```
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add methods to apimachinery to easy unit testing
When unit testing, you often want a selective scheme and codec factory. Rather than writing the vars and the init function and the error handling, you can simply do
`scheme, codecs := testing.SchemeForInstallOrDie(install.Install)`
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
Instead discard metric values for pods that are unready and have never
been ready (they may report misleading values, the original reason for
introducing scale up forbidden window).
Use per pod metric when pod is:
- Ready, or
- Not ready but creation timestamp and last readiness change are more
than 10s apart.
In the latter case we asume the pod was ready but later became unready.
We want to use metrics for such pods because sometimes such pods are
unready because they were getting too much load.
Automatic merge from submit-queue (batch tested with PRs 66445, 66643, 60551). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Improve kubeadm init cmd tests
**What this PR does / why we need it**:
This PR improves kubeadm init cmd tests in the following ways:
- Fix a few cases that were always successful (despite completely wrong).
- Add more test cases (for different configs in particular)
- Use dry run, to avoid modifying the system and using kubeadm reset
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes NONE
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66623, 66718). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
expose GC graph via debug handler
Many times when debugging GC problems, it's important to understand the state of the GC graph at a given point in time. This pull adds the ability to dump that graph in DOT format for later consumption. It does this by exposing an additional debug handler and allowing any controller init function to produce such a handler that is included under debug.
Sample full output
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph
digraph full {
// Node definitions.
0 [
label="uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Pod.v1/kube-dns-7b479ccbc6-qz468
"
group=""
version="v1"
kind="Pod"
namespace="kube-system"
name="kube-dns-7b479ccbc6-qz468"
uid="8581a030-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
1 [
label="uid=822052fc-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Deployment.v1.apps/kube-dns
"
group="apps"
version="v1"
kind="Deployment"
namespace="kube-system"
name="kube-dns"
uid="822052fc-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
2 [
label="uid=857bd8ac-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
ReplicaSet.v1.apps/kube-dns-7b479ccbc6
"
group="apps"
version="v1"
kind="ReplicaSet"
namespace="kube-system"
name="kube-dns-7b479ccbc6"
uid="857bd8ac-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
// Edge definitions.
0 -> 2;
2 -> 1;
}
```
You can also select via UID and have all transitive dependencies output:
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph?uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
digraph full {
// Node definitions.
0 [
label="uid=822052fc-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Deployment.v1.apps/kube-dns
"
group="apps"
version="v1"
kind="Deployment"
namespace="kube-system"
name="kube-dns"
uid="822052fc-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
1 [
label="uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Pod.v1/kube-dns-7b479ccbc6-qz468
"
group=""
version="v1"
kind="Pod"
namespace="kube-system"
name="kube-dns-7b479ccbc6-qz468"
uid="8581a030-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
2 [
label="uid=857bd8ac-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
ReplicaSet.v1.apps/kube-dns-7b479ccbc6
"
group="apps"
version="v1"
kind="ReplicaSet"
namespace="kube-system"
name="kube-dns-7b479ccbc6"
uid="857bd8ac-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
// Edge definitions.
1 -> 2;
2 -> 0;
}
```
And with some sample rendering:
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph | dot -T svg -o project.svg
```
produces
@kubernetes/sig-api-machinery-pr-reviews
/assign @caesarxuchao @liggitt
```release-note
NONE
```
This API return error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
Fixed this by returning error nil even when inspect command fails.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move the` k8s.io/kubernetes/pkg/util/pointer` package to` k8s.io/utils/pointer`
**What this PR does / why we need it**:
Move `k8s.io/kubernetes/pkg/util/pointer` to `shared utils` directory, so that we can use it easily.
Close#66010 accidentally, and can't reopen it, so the same as #66010
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62444, 66358, 66724, 66726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move kubelet serving cert rotation to beta
xref https://github.com/kubernetes/features/issues/267
This is exercised in the alpha gke e2es, and can be enabled in the non-alpha gke e2es once it no longer requires an alpha feature gate.
```release-note
Kubelet serving certificate bootstrapping and rotation has been promoted to beta status.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
refactor server.go to simplify the invokes to kubeFlags and KubeConfiguration
**What this PR does / why we need it**:
Since kubeFlags and KubeletConfiguration have been fields of KubeletServer, we just need to pass the reference of KubeletServer to the following functions. This will simplify the migrations of flags such as BootstrapCheckpointPath and others, as we don't have to specify from which object the migrated field comes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@mtaufen
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66554, 66616, 66695, 66681). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Use KubeletRunDirectory instead of hard-coded way
**What this PR does / why we need it**:
fix `TODO: Make hard-coded "/var/lib/kubelet" strings reference this constant.`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
cc @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm join the cluster with pre-existing client certificate if provided
**What this PR does / why we need it**:
support `kubeadm join` with a pre-existing client certificate
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#945
**Special notes for your reviewer**:
/cc @luxas @timothysc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm now can join the cluster with pre-existing client certificate if provided
```
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This is documented, e.g.,
in https://github.com/clearlinux/clr-boot-manager.
Adapt kernel validator's config check paths to include Clear
Linux's path too.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove misleading error message on image pulling
**What this PR does / why we need it**:
Actually all the images needed have already been cached locally already as we have pulled them using `crictl`/`docker` in the preflight checks.
The error here is misleading, which should be removed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref kubernetes/kubeadm#1019
**Special notes for your reviewer**:
cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm: remove misleading error message regarding image pulling
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/controller: remove old clientbuilder methods
everything has moved to client-go now so these are the same as the original Client* methods. The only functional change is the collapse of the "horizontal-pod-autoscaler" from one client to two. This should have no effect because the GoClient was used only for discovery.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66291, 66471, 66499). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
**What this PR does / why we need it**:
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#1016
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind bug
**Release note**:
```release-note
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
```
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66296, 66382). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: rename cri-socket-path -> cri-socket
**What this PR does / why we need it**:
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url, not just a path
**Release note**:
```release-note
renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands.
```
kubeadm init cmd tests are improved in the following ways:
- Fix a few cases that were always successful (despite completely wrong).
- Add more test cases (for different configs in particular)
- Use dry run, to avoid modifying the system and using kubeadm reset
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url,
not just a path
The --docker-disable-shared-pid flag has been deprecated since 1.10 and
has been superceded by ShareProcessNamespace in the pod API, which is
scheduled for beta in 1.12.
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: stop setting UID in the kubelet ConfigMap
**What this PR does / why we need it**: kubeadm: stop setting UID in the kubelet ConfigMap
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubeadm/issues/921#
**Release note**:
```release-note
kubeadm: stop setting UID in the kubelet ConfigMap
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors
**What this PR does / why we need it**:
This is a followup PR for https://github.com/kubernetes/kubernetes/pull/64664 to handle errors returned from `.AddToScheme()` in places where they are not handled.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
/cc @sttts
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check for crictl executable only for CRI runtime
**What this PR does / why we need it**:
crictl is not used for docker runtime, so InPathCheck check can be skipped for docker.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm upgrade diff -config TODO
**What this PR does / why we need it**:
This PR addresses a TODO in `kubeadm upgrade diff` for the `-config` flag to use `options.AddConfigFlag()` instead of `cmd.Flags().StringVar()`.
**Which issue(s) this PR fixes**
None
**Special notes for your reviewer**:
/sig kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Improved runtime tests by using T.Run API:
https://golang.org/pkg/testing/#T.Run
This should improve the test output and make it more visible
which test is doing what.
Automatic merge from submit-queue (batch tested with PRs 65429, 64611). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move runtime details into ContainerRuntime
**What this PR does / why we need it**:
This PR moves all docker and CRI specifics into new ContainerRuntime
entity to isolate container runtime details from the rest of the code.
This should help to avoid having CRI and docker specific checks and code all over the place.
**NOTE: this is a not a finished work, but rather an RFC.**
Things to do:
- test manually in docker and cri-o environments
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm checks import error
kubeadm checks package import path exist "kubernetes/test",
So change the import path.
* move "k8s.io/kubernetes/test/e2e_node/system" directory file
tto "k8s.io/kubernetes/cmd/kubeadm/app/util/system" and change checks import
* remove "k8s.io/kubernetes/test/e2e_node/system" directory
Issues report link:
https://github.com/kubernetes/kubeadm/issues/976
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/976
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66094, 65676). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a timeout when fetching latest version
**What this PR does / why we need it**:
When there is no internet on the node and `--kubernetes-versio`n is not specified running `kubeadm init` hangs forever with no text output.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/986
**Special notes for your reviewer**:
Using the same duration as the existing timeout `externalEtcdRequestTimeout`
Sample output:
```
kubeadm init
unable to get URL "https://dl.k8s.io/release/stable-1.11.txt": Get https://dl.k8s.io/release/stable-1.11.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
```
**Release note**:
```release-note
kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io
```
Automatic merge from submit-queue (batch tested with PRs 65832, 66160, 66145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: make loopback logic in SecureServingOptions reusable
For reuse in other components this PR separates the loopback logic from the GenericApiServer config.
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix CRI socket validatioin
**What this PR does / why we need it**:
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
**Which issue(s) this PR fixes** :
[#928](https://github.com/kubernetes/kubeadm/issues/928)
**Release note**:
```release-note
NONE
```
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Printable default component configs
**What this PR does / why we need it**:
This PR makes default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Refs kubernetes/kubeadm#963
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind feature
**Release note**:
```release-note
kubeadm: Default component configs are printable via kubeadm config print-default
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Not step into ipvs.CleanupLeftovers() if canUseIPVS's false
**What this PR does / why we need it**:
Earlier we decide whether we should clean up the left-over ipvs rules inside `ipvs.CleanupLeftovers()`, therefore we call function `ipvs.CanUseIPVSProxier()` two times (and `GetModules()` two times). Actually no need to step into `ipvs.CleanupLeftovers()` if `canUseIPVS` is false.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get ipv6 nodeIP when in ipv6 cluster
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64985
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
Make default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66076, 65792, 65649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubernetes: fix printf format errors
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
```release-note
NONE
```
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
Lubomir I. Ivanov <neolit123@gmail.com>
applied ammend for:
pkg/cloudprovider/provivers/vsphere/nodemanager.go
Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: run kube-proxy on non-master tainted nodes
**What this PR does / why we need it**:
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.
This restriction was previously removed in bb28449e31 but
then was brought back in d1949261ab.
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @luxas @detiber @dixudx @discordianfish @mxey
/kind bug
/area kube-proxy
/area kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#699
**Special notes for your reviewer**:
we are removing the requirement again, but please have a look at all the implications here.
hopefully we don't have to bring it again.
**Release note**:
```release-note
kubeadm: run kube-proxy on non-master tainted nodes
```
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.
This restriction was previously removed in bb28449e31 but
then was brought back in d1949261ab.
Also, annotate with:
scheduler.alpha.kubernetes.io/critical-pod: ""
and add a class in the template spec:
priorityClassName: system-node-critical
Automatic merge from submit-queue (batch tested with PRs 64664, 65836, 65917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove stray comment from a merge
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
**What this PR does / why we need it**:
Remove stray comment from a merge.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65456, 65549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flexvolume in containerized kubelets
Fixes flex volumes in containerized kubelets.
cc @jsafrane @chakri-nelluri @verult
Note to reviewers : e2e tests pass in local containarized cluster.
```release-note
Fix flexvolume in containarized kubelets
```
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: pause image should be arch agnostic, as it is a manifest list
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
**What this PR does / why we need it**:
`pause` image is backed by a manifest list. so we should not use the arch image when reporting using say `kubeadm config image list`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/962
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Fix pause image to not use architecture, as it is a manifest list
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Print required flags when running kubeadm upgrade plan
**What this PR does / why we need it**:
print required flags when running kubeadm upgrade plan
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#935](https://github.com/kubernetes/kubeadm/issues/935)
**Special notes for your reviewer**:
/assign @chuckha
/assign @neolit123
**Release note**:
```release-note
kubeadm: print required flags when running kubeadm upgrade plan
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove --cadvisor-port - has been deprecated since v1.10
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56523
**Special notes for your reviewer**:
- Deprecated in https://github.com/kubernetes/kubernetes/pull/59827 (v1.10)
- Disabled in https://github.com/kubernetes/kubernetes/pull/63881 (v1.11)
**Release note**:
```release-note
[action required] The formerly publicly-available cAdvisor web UI that the kubelet started using `--cadvisor-port` is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet.
```
Automatic merge from submit-queue (batch tested with PRs 65897, 65909, 65856, 65815). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
only need to ignore resources that match discovery conditions
GC and quota controllers ignore resources that are too expensive to manage. In kube this is only events. The incompatible resources should now be excluded on the basis of discovery. We should actually reflect that in the RESTStorage (done for GC for events) and discovery too.
@liggitt
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
controller-managers: allow high ports in secure serving validation
Certain operating systems will select high port (>32768) when asked for a free port. This PR changes the validation to allow that.
Like https://github.com/kubernetes/kubernetes/pull/65833, but for controller managers.
```release-note
Allow kube- and cloud-controller-manager to listen on ports up to 65535.
```
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: add stopCh plumbing
Needed for integration testing.
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: create self-signed certs
If secure serving is enabled (not automatically wired yet, but 3rdparties could wire it), create self-signed certs if none are given. Reuses the code from k8s.io/apiserver.
Automatic merge from submit-queue (batch tested with PRs 64911, 65710). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration tests
In analogy to kube-apiserver, this implements a uniform apiextensions-apiserver for integration tests which can be started using customized flags.
Xianglin Gao
