Automatic merge from submit-queue (batch tested with PRs 46678, 45545, 47375)
bazel: update debian-iptables-amd64 digest
**What this PR does / why we need it**: upstream debian has fixed several CVEs recently, so we should apply those fixes:
* CVE-2017-2616
* CVE-2017-6512
x-ref #47386
**Special notes for your reviewer**: nothing has been pushed yet, so this will likely fail many of the tests.
Do you think these version numbers make sense? We also need to fix debian-iptables v5, and I don't know what to do there. (v5.1?)
**Release note**:
```release-note
NONE
```
/assign @timstclair
Automatic merge from submit-queue (batch tested with PRs 44061, 46614, 46419, 46628, 46134)
fix make release/quick-release doesn't respect go build flags
**What this PR does / why we need it**:
k8s build process run `make cross` in a docker container, so we have to pass make command line variables to docker container, then each environment variable in docker container will be transformed into a makefile variable with the same name and value.
with this PR, `make release GOFLAGS=xx GOLDFLAGS=xx GOGCFLAGS=xx`, `make quick-release GOFLAGS=xx GOLDFLAGS=xx GOGCFLAGS=xx` will work as expected
**Which issue this PR fixes**:
fixes#46274
Automatic merge from submit-queue
Update examples in Makefile with WHAT arguments changed.
**What this PR does / why we need it**:
The examples `make check WHAT` and `make vet WHAT` in Makefile don't work anymore. This PR updates them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
xref: https://github.com/kubernetes/community/issues/327, https://github.com/kubernetes/community/pull/296, https://github.com/kubernetes/kubernetes/pull/39433
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Remove kubectl's dependence on pkg/api/helper, as part of
broader effort to isolate kubectl from the rest of k8s.
In this case, the code becomes private to kubectl; nobody else uses it.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45582, 45855)
move build related files out of the root directory
Turn the files in root to symlinks into build/root/
alternative to OWNERS changes. what do you guys think of this?
Automatic merge from submit-queue
Improve pause-container warning message
Signed-off-by: Vinothkumar Siddharth <sidvin@amazon.com>
**What this PR does / why we need it**:
This just improves the warning message currently emitted by pause
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 45884, 45879, 45912, 45444, 45874)
Use patched version of Go 1.8.1 to eliminate performance regression
Ref https://github.com/kubernetes/kubernetes/issues/45216
Until this is solved in Go (it's still unclear whether there will be patch release with the fix or not), this is solving the problem on our side.
**What this PR does / why we need it**:
Visibility rules allow dependency control. The rules currently in
place make all targets public, to override the default state of
private. This PR removes public visibility from kubectl code. It
uses specially named pacakge groups to identify "bad" dependencies on
kubectl code for later refactoring or removal.
**Which issue this PR fixes**
First in a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Also upload debs to bin/$OS/$ARCH
**What this PR does / why we need it**: the bazel-built debs are used by the kubeadm e2e tests, so upload them too.
https://github.com/kubernetes/kubernetes/pull/44591#issuecomment-298084453
/assign @pipejakob
/cc @mikedanese @spxtr
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Use munged semantic version for side-loaded docker tag
**What this PR does / why we need it**: rather than using the md5sum of the dockerized binary for each side-loaded docker image, use the semantic version (with `+`s replaced with `_`s) for the side-loaded docker images.
The use of the md5sum for the docker tag dates to #6326 2 years ago. I'm not sure why that was chosen, short of it being fairly unique.
My main motivation for changing this is that it makes building the docker images using Bazel's docker rules easier, since the semantic version doesn't depend on the build output.
An added benefit is that the list of images on a running kubernetes cluster is also more straightfoward; rather than a list of opaque, meaningless hexadecimal strings, you get something that indicates the provenance of the image. It'd also be clearer that all of the images came from the same build.
I was able to start a cluster with this change on GCE using both `make quick-release` and `make bazel-release`.
Note that this change has no effect on the tag that's pushed to gcr.io during releases; that's still controlled via `KUBE_IMAGE_DOCKER_TAG`, though we may want to merge this functionality at some point.
@kubernetes/sig-node-pr-reviews is there any reason to stick with using the md5sum strategy? @dchen1107 do you remember why we went with md5sums originally?
cc @spxtr @mikedanese
**Release note**:
```release-note
```
Automatic merge from submit-queue
Support arbitrary alphanumeric strings as prerelease identifiers
**What this PR does / why we need it**: this is basically an extension of #43642, but supports more general prerelease identifiers, per the spec at http://semver.org/#spec-item-9.
These regular expressions are still a bit more restrictive than the SemVer spec allows (we disallow hyphens, and we require the format `-foo.N` instead of arbitrary `-foo.X.bar.Y.bazZ`), but this should support our needs without changing too much more logic or breaking other assumptions.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44591, 44549)
Update repo-infra bazel dependency and use new gcs_upload rule
This PR provides similar functionality to push-build.sh entirely within Bazel rules (though it relies on gsutil).
It's an alternative to #44306.
Depends on https://github.com/kubernetes/repo-infra/pull/13.
**Release note**:
```release-note
NONE
```
Jeff Grafton