Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump pause container used by kubelet and tests to 3.1
This updates the version of the pause container used by the kubelet and
various test utilities to 3.1.
**What this PR does / why we need it**: The pause container hasn't been rebuilt in quite a while and needs an update to reap zombies (#50865) and for schema2 manifest (#56253).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#50865, Fixes#56253
**Special notes for your reviewer**:
**Release note**:
```release-note
The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Avoid error on closed pipe
fixes https://github.com/kubernetes/kubernetes/issues/57706
from @stevekuznetsov:
> If you do `echo | grep -q`, `grep` will exit when it finds the first match
> If the `echo` is still writing to stdout it fails because there's no reader on that pipe anymore
> So we always use `grep -q <<<"${content}"` now
> since that uses a FIFO
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle gazelle moving to a new repo
Gazelle moved to a new repo, and out of bazebuild/rules_go. At first I tried the same approach I used for kubernetes/test-infra and just bumped to the new repo. Turns out that version was later than what is used here in kubernetes/kubernetes. Now I'm trying to use a rewritten version of `go_install_from_commit` to support installing packages that aren't available at HEAD
ref kubernetes/test-infra#6075
/priority critical-urgent
https://k8s-testgrid.appspot.com/presubmits-kubernetes-blocking#pull-kubernetes-verify is blocked until this is addressed
This is brittle and really only intended to workaround the fact that
gazelle has moved out of the bazelbuild/rules_go repo to its own
repo. I would rather see this reverted once we move to the same
version of gazelle as used by kubernetes/test-infra
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
local-up-cluster.sh: improve messages when running with ENABLE_DAEMON=true
**What this PR does / why we need it**:
Don't suggest to use `Ctrl+C` or open up another terminal when the script was running with `ENABLE_DAEMON=true`.
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 57292, 56274, 57435, 57438, 57429). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enable podpreset by default in local up cluster
**What this PR does / why we need it**:
This PR enables PodPreset in Admission control and also for that
to work on the apiserver level enalbes the API group
settings.k8s.io/v1alpha1.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57434, 57221, 57417, 57474, 57481). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fabiano no longer a thing
**What this PR does / why we need it**: Removes me from lists of reviewers and approvers.
**Release note**:
```release-note
NONE
```
In 027c8b9ef2, we added code to
move from .dockercfg to config.json file. But we forgot to use
the right secret type and the key to store the base64'ed creds
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: reusable main.go logic, preparation for kube-gen
Split main.go files into plumbing and calls to NewDefaults, AddFlags and Validate. This will allow us to create kube-gen without duplicating much code, at least no generator logic (with the exception of a little loop in client-gen adding the group path to the input dirs).
Automatic merge from submit-queue (batch tested with PRs 55475, 57155, 57260, 57222). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make sure that 'ldflags' are space-safe
**What this PR does / why we need it**:
Recently I met the problem as #56216 described, I download the source-tar of 1.8.5 and run `make` command failed because of invalid ldflag:
`-X k8s.io/kubernetes/pkg/version.gitTreeState=git archive`
Though #56249 has change version string `git archive` to `archive`, i think we should avoid this problem happen again.
cc @ixdy
**Release note**: NONE
Automatic merge from submit-queue (batch tested with PRs 55751, 57337, 56406, 56864, 57347). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add pod-selector kubectl drain
**Release note**:
```release-note
Added the ability to select pods in a chosen node to be drained, based on given pod label-selector
```
This patch adds the ability to select pods in a chosen node to be drained, based on given pod label-selector. Related downstream issue: https://github.com/openshift/origin/issues/17554
Further, it removes explicit, specific, pod-controller check. The `drain` command currently fails if a pod has a controller of a `kind` [not explicitly handled in the command itself](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/drain.go#L331). This causes `drain` to be unusable if a node contains pods managed by third-party, or "unknown" controllers.
Based on [this comment](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/drain.go#L353), the expectation was to fail if a pod's controller was not found for whatever reason. I believe that the `drain` command should not care about the existence of a pod controller. It should only care whether a pod has one, and act according to that controller kind. This solves a downstream bug: https://github.com/openshift/origin/issues/17563
cc @fabianofranz @deads2k @kubernetes/sig-cli-misc
Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use k8s.gcr.io vanity domain for container images
Related issue: https://github.com/kubernetes/release/issues/281
```release-note
Use "k8s.gcr.io" for container images rather than "gcr.io/google_containers". This is just a redirect, for now, so should not impact anyone materially.
Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
```
Automatic merge from submit-queue (batch tested with PRs 54902, 56831, 56702, 56287, 56878). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a comment in hack/lib/version.sh about which tags are used to get the version
The `--tags` flag to `git describe` specifically adds in lightweight tags. This just makes the comment correct.
Alternatively, that flag could be removed from the command, but I think that requires more detailed thinking.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56390, 56334, 55572, 55598, 56563). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add parent PR title to cherry-picked PR title
**What this PR does / why we need it**:
Currently the cherry-picked PR title is like this: `Automated cherry pick of #55558`. This is not so readable when reading from PR list. This PR adds the original title to the cherry-picked PR title. This will make the title a bit long though...
See example: https://github.com/kubernetes/kubernetes/pull/55597
`Automated cherry pick of #55558: Apply taint when a volume is stuck in attaching state on node`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56217, 56268, 56263, 56328, 56200). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
export ENABLE_POD_PP=true to enable Pod priority and preemption
**What this PR does / why we need it**:
Though pod priority and preemption is disabled by default in Kubernetes 1.8, it too many steps if you want to enable the feature manually. It is important to enable it in `local-up` cluster by `export` variable.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#](https://github.com/kubernetes/kubeadm/issues/554)
**Special notes for your reviewer**:
cc @shashidharatd @sttts @lavalamp
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57172, 55382, 56147, 56146, 56158). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make quick-verify: show script names without full paths
**What this PR does / why we need it**:
This PR modifies the output of `make quick-verify` by showing script names without full paths. This simplifies reading its output during debugging session.
Before:
```
FAILED hack/make-rules/../../hack/verify-boilerplate.sh 1s
Skipping hack/make-rules/../../hack/verify-cli-conventions.sh in quick mode
Skipping hack/make-rules/../../hack/verify-codegen.sh in quick mode
Skipping hack/make-rules/../../hack/verify-description.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-device-plugin.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-docs.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-files-remake.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-protobuf.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-runtime.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-swagger-docs.sh in quick mode
Verifying hack/make-rules/../../hack/verify-godep-licenses.sh
Checking for 'Godeps/' changes against 'upstream/master'
SUCCESS hack/make-rules/../../hack/verify-godep-licenses.sh 14s
```
After:
```
FAILED verify-boilerplate.sh 1s
Skipping verify-cli-conventions.sh in quick mode
Skipping verify-codegen.sh in quick mode
Skipping verify-description.sh in quick mode
Skipping verify-generated-device-plugin.sh in quick mode
Skipping verify-generated-docs.sh in quick mode
Skipping verify-generated-files-remake.sh in quick mode
Skipping verify-generated-protobuf.sh in quick mode
Skipping verify-generated-runtime.sh in quick mode
Skipping verify-generated-swagger-docs.sh in quick mode
Verifying verify-godep-licenses.sh
Checking for 'Godeps/' changes against 'upstream/master'
SUCCESS verify-godep-licenses.sh 14s
```
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 54410, 56184, 56199, 56191, 56231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
hack: fix godep license parsing for gopkg.in packages
The script incorrectly thinks that `gopkg.in/square/go-jose.v2/cipher`
doesn't have a license because it parses `gopkg.in/square` as the
root of the repo, even though `gopkg.in/square/go-jose.v2` is the
root.
Add special handling for gopkg.in packages by grep'ing for the
version that gopkg.in appends to the package name.
Extracted from https://github.com/kubernetes/kubernetes/pull/56161
cc @thockin
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-apiserver: enable admissionregistration v1beta1 api by default
We have this enabled in the GCE cluster and in local-cluster-up, but forgot to switch the default. If we want people to use this feature by default in production clusters, we better enable the API.
Moreover, this PR fixes that beta works without alpha.
```release-note
Enable admissionregistration.k8s.io/v1beta1 by default in kube-apiserver.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Dashboard addon to version 1.8.0 and align /ui redirect with it
**What this PR does / why we need it**: In Dashboard 1.8.0 we have introduced a couple of changes (security, settings, new resources etc.) and fixed a lot of bugs. You can check release notes at https://github.com/kubernetes/dashboard/releases/tag/v1.8.0.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Updated Dashboard add-on to version 1.8.0.
- The Dashboard add-on now deploys with https enabled
- The Dashboard can be accessed via kubectl proxy at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
- The /ui redirect is deprecated and will be removed in 1.10
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use `git archive` to produce kubernetes-src.tar.gz when git tree is clean
**What this PR does / why we need it**: uses `git archive` to embed version information in the kubernetes source tarball produced in releases. Due to recent changes, the version information was missing from the source tarball, causing builds from these source tarballs to potentially fail.
This also includes a fix inspired by #56216, since the ld flags in `hack/lib/version.sh` are not space-safe.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56246
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @david-mcmahon
/priority urgent-soon
/sig release
cc @mrueg
Automatic merge from submit-queue (batch tested with PRs 55952, 49112, 55450, 56178, 56151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
New API group for Events.
Fixkubernetes/features#383
cc @shyamjvs
```release-note
Add events.k8s.io api group with v1beta1 API containing redesigned Event type.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Expose single annotation/label via downward API
**What this PR does / why we need it**:
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/annotations-downward-api.md
Support exposing single annotation via both env and volume downward API using the following syntax:
```
metadata.annotations['key']
metadata.labels['key']
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
#31218
**Special notes for your reviewer**:
This PR takes over the work in https://github.com/kubernetes/kubernetes/pull/41648.
**Release note**:
```
A single value in metadata.annotations/metadata.labels can be passed into the containers via Downward API
```
/assign @thockin @vishh
Automatic merge from submit-queue (batch tested with PRs 55545, 55548, 55815, 56136, 56185). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix storageclass unit tests
Before this change, a unit test fails:
```
make test WHAT=k8s.io/kubernetes/pkg/registry/storage/storageclass/storage
```
**Release note**:
```release-note
NONE
```
/assign @saad-ali
/assign @thockin
The script incorrectly thinks that `gopkg.in/square/go-jose.v2/cipher`
doesn't have a license because it parses `gopkg.in/square` as the
root of the repo, even though `gopkg.in/square/go-jose.v2` is the
root.
Add special handling for gopkg.in packages by grep'ing for the
version that gopkg.in appends to the package name.
Kubernetes Submit Queue