Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Rerun init containers when the pod needs to be restarted
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
This fixes#36485
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
fix the typo of errorf info
**What this PR does / why we need it**:
fix the error message of stateful_pod_control_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Log name if Azure file share cannot be created
**What this PR does / why we need it**: If the Azure storage provider fails to create a file share, it logs and error message 'failed to create share in account _foo_: _error-msg_'. A user on the Slack azure-sig channel reported an error of "The specified resource name length is not within the permissible limits". This PR adds logging of the name so that this error can be diagnosed in future.
**Which issue this PR fixes**: This was raised on Slack and has not been created as a GitHub issue.
**Special notes for your reviewer**: None
**Release note**:
```release-note
Changed the error log format when creating an Azure file share to include the name of the share.
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
**What this PR does / why we need it**:
Fixes#50473
Rationale: since the scheduler handles all resources except CPU as integers, that could just be the default behavior for namespaced resources.
cc @RenaudWasTaken @vishh
**Release note**:
```release-note
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
```
Automatic merge from submit-queue
Remove kubectl's dependence on schema file in pkg/api/validation.
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl. This move revealed a "hidden" dependence
(a dependence not expressed in a BUILD or make file) from a feature
level test in /hack/make-rules on a kubectl test data file. So this
PR also adds some BUILD rules around the relevant hack targets, to make the
dependence official. A later PR will move the kubectl aspect of this "hack"
test into a kubectl test directory. Leaving it in place for now after establishing
and "official" dependency, since moving the test beyond PR scope. The
test also depends on a small sh file in //cluster, which makes no sense.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41901, 50762, 50756)
Feature-gate self-hosted secrets
**What this PR does / why we need it**:
Feature gates now select whether secrets are used for TLS cert storage in self-hosted clusters.
**Release note**:
```release-note
TLS cert storage for self-hosted clusters is now configurable. You can store them as secrets (alpha) or as usual host mounts.
```
/cc @luxas
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue
Add metric for remaining lifetime of certificates authenticating requests
fixes#50778
When incoming requests to the API server are authenticated by a certificate, the expiration of the certificate can affect the validity of the authentication. With auto rotation of certificates, which is starting with kubelet certificates, the goal is to use shorter lifetimes and let the kubelet renew the certificate as desired. Monitoring certificates which are approaching expiration and not renewing would be an early warning sign that nodes are about to stop participating in the cluster.
**Release note**:
```release-note
Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server.
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Support autoprobing subnet-id for openstack cloud provider
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Make removing nodes public for Kubemark controller
The ability to remove a specific node is needed by Cluster Autoscaler to work.
**Release note**:
```
NONE
```
This change refactors various RBAC authorizer functions to be more
flexible in their inputs. This makes it easier to reuse the various
components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 50758, 48057)
continue fix the typo in staging file
**What this PR does / why we need it**:
in kubernetes has left two place to modify the word of explicit,thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50680
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Adds IPv6 test cases for kubeadm certs.
**What this PR does / why we need it**:
Adds IPv6 test cases in support of kubeadm certificate and validation functionality. It's needed to ensure test cases cover IPv6 related networking scenarios.
**Which issue this PR fixes**
This PR is in support of Issue #1443
**Special notes for your reviewer**:
Additional PR's will follow to ensure kubeadm supports IPv6.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Automatic merge from submit-queue (batch tested with PRs 50692, 50727)
remove leaked socket file after unit test
Before this change:
```
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
```
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
Remove packages which aren't relied on by heapster anymore.
**What this PR does / why we need it**:
Do the TODO:
```
// TODO apimachinery remove this empty package. Godep fails without this because heapster relies
// on this package. This will allow us to start splitting packages, but will force
// heapster to update on their next kube rebase.
```
These packages aren't relied on by heapster anymore. This PR removes them. This is a followup of #48410.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #48386#48410
**Special notes for your reviewer**:
/cc @deads2k
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
remove useless comments
**What this PR does / why we need it**:
remove useless comments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49103
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Move List (the type) into metav1 but preserve the exposed type
Make a list something that other components can use without depending on the core API. This does not change the public API exposure of `List` (it is still in `v1`) but makes the interface common across both.
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
fix panic in e2e
**What this PR does / why we need it**:
fix#50660
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
no
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Fix comment of limitranges
**What this PR does / why we need it**:
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Automatic merge from submit-queue (batch tested with PRs 50670, 50332)
e2e test for local storage mount point
**What this PR does / why we need it**:
We discovered that kubernetes can treat local directories and actual mountpoints differently. For example, https://github.com/kubernetes/kubernetes/issues/48331. The current local storage e2e tests use directories.
This PR introduces a test that creates a tmpfs and mounts it, and runs one of the local storage e2e tests.
**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubernetes/issues/49126
**Special notes for your reviewer**:
I cherrypicked PR https://github.com/kubernetes/kubernetes/pull/50177, since local storage e2e tests are broken in master on 2017-08-08 due to "no such host" error. This PR replaces NodeExec with SSH commands.
You can run the tests using the following commands:
```
$ NUM_NODES=1 KUBE_FEATURE_GATES="PersistentLocalVolumes=true" go run hack/e2e.go -- -v --up
$ go run hack/e2e.go -- -v --test --test_args="--ginkgo.focus=\[Feature:LocalPersistentVolumes\]"
```
Here are the summary of results from my test run:
```
Ran 9 of 651 Specs in 387.905 seconds
SUCCESS! -- 9 Passed | 0 Failed | 0 Pending | 642 Skipped PASS
Ginkgo ran 1 suite in 6m29.369318483s
Test Suite Passed
2017/08/08 11:54:01 util.go:133: Step './hack/ginkgo-e2e.sh --ginkgo.focus=\[Feature:LocalPersistentVolumes\]' finished in 6m32.077462612s
```
**Release note**:
`NONE`
Automatic merge from submit-queue
Make kube::util::ensure_clean_working_dir more verbose in log files
Makes it easier to understand why files seem to be changed during CI build, especially
autogenerated files like conversions.
Kubernetes Submit Queue