Automatic merge from submit-queue
HugePages feature
**What this PR does / why we need it**:
Implements HugePages support per https://github.com/kubernetes/community/pull/837
Feature track issue: https://github.com/kubernetes/features/issues/275
**Special notes for your reviewer**:
A follow-on PR is opened to add the EmptyDir support.
**Release note**:
```release-note
Alpha support for pre-allocated hugepages
```
Automatic merge from submit-queue (batch tested with PRs 51915, 51294, 51562, 51911)
make clean will remove all gitignored files
**What this PR does / why we need it**:
During review of #51766, it was noticed that we don't fully clean all gitignored files when we run "make clean":
https://github.com/kubernetes/kubernetes/pull/51766#discussion_r136688728
This change will change `make clean` to use `git clean` to remove all files in the gitignore.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51915, 51294, 51562, 51911)
Remove OutOfDisk from controllers
This is one of the working items for #48843 for 1.8.
This changes the scheduler and daemonset controllers to no longer respect the OutOfDisk condition. The kubelet has not published OutOfDisk=True since 1.5.
This still preserves the Toleration for the OutOfDisk condition, as (I think?) this is required for backwards compatibility. I added TODOs to remove this in 1.10.
Automatic merge from submit-queue (batch tested with PRs 51739, 51762)
Update vendor kube-openapi
Update vendor to pick up some change in kube-openapi. The goal is to move some generic openapi parsing and indexing code to kube-openapi repo.
Update the places that using it.
https://github.com/kubernetes/kubernetes/pull/51321 will depend on this.
fixes: #51822https://github.com/kubernetes/kube-openapi/pull/10 is the PR to move stuff to kube-openapi repo.
```release-note
NONE
```
/assign @apelisse
Automatic merge from submit-queue (batch tested with PRs 51739, 51762)
GCE: Separate the network's project from the rest of the project
**What this PR does / why we need it**:
PR allows the user to specify a different project for network resources during cluster turn-up.
Depends on #51725Fixes#51846
/assign @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51833, 51936)
fix docstring of advanced audit policy
I found this when I write doc for advanced audit beta version.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51833, 51936)
Changed volume IO e2e test to verify file hash instead of content.
**What this PR does / why we need it**: The existing way of verifying file content takes too much memory, causing processes to be OOM killed.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/51717
**Release note**:
```release-note
NONE
```
/sig storage
/release-note-none
/assign @jeffvance @rootfs
/cc @msau42
Automatic merge from submit-queue
Add support for multi-zone GCE PDs
**What this PR does / why we need it**:
Adds alpha support in k8s for multi-zone (aka Regional) GCE PDs.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/51232
**Special notes for your reviewer**:
**Release note**:
Modifies the VolumeZonePredicate to handle a PV that belongs to more
then one zone or region. This is indicated by the zone or region label
value containing a comma separated list.
Automatic merge from submit-queue (batch tested with PRs 51180, 51893)
Clear alpha MountPropagation fields.
This is leftover from #50924, mount propagation introduced a new field that needs to be cleared.
**Which issue this PR fixes**
fixes#51738
**Release note**:
```release-note
NONE
```
@k8s-mirror-api-machinery-pr-reviews
/assign @liggitt
Automatic merge from submit-queue (batch tested with PRs 51180, 51893)
CPU manager static policy
Blocker for CPU manager #49186 (5 of 6)
* Previous PR in this series: #51357
* Next PR in this series: #51041
cc @derekwaynecarr @sjenning @flyingcougar @balajismaniam
Attempting to be fairly accurate with main authorship at least at a file level -- please let me know if anyone has a better idea on how to improve this.
For posterity, here are the Kubelet flags to run the static policy (assuming `/kube-reserved` is a cgroup that exists for all required controllers)
`--feature-gates=CPUManager=true --cpu-manager-policy=static --cpu-manager-reconcile-period=5s --enforce-node-allocatable=pods,kube-reserved --kube-reserved-cgroup=/kube-reserved --kube-reserved=cpu=500m`
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add client side event spam filtering
**What this PR does / why we need it**:
Add client side event spam filtering to stop excessive traffic to api-server from internal cluster components.
this pr defines a per source+object event budget of 25 burst with refill of 1 every 5 minutes.
i tested this pr on the following scenarios:
**Scenario 1: Node with 50 crash-looping pods**
```
$ create 50 crash-looping pods on a single node
$ kubectl run bad --image=busybox --replicas=50 --command -- derekisbad
```
Before:
* POST events with peak of 1.7 per second, long-tail: 0.2 per second
* PATCH events with peak of 5 per second, long-tail: 5 per second
After:
* POST events with peak of 1.7 per second, long-tail: 0.2 per second
* PATCH events with peak of 3.6 per second, long-tail: 0.2 per second
Observation:
* https://github.com/kubernetes/kubernetes/pull/47462 capped the number of total events in the long-tail as expected, but did nothing to improve total spam of master.
**Scenario 2: replication controller limited by quota**
```
$ kubectl create quota my-quota --hard=pods=1
$ kubectl run nginx --image=nginx --replicas=50
```
Before:
* POST events not relevant as aggregation worked well here.
* PATCH events with peak and long-tail of 13.6 per second
After:
* POST events not relevant as aggregation worked well here.
* PATCH events with peak: .35 per second, and long-tail of 0
**Which issue this PR fixes**
fixes https://github.com/kubernetes/kubernetes/issues/47366
**Special notes for your reviewer**:
this was a significant problem in a kube 1.5 cluster we are running where events were co-located in a single etcd. this cluster was normal to have larger numbers of unhealty pods as well as denial by quota.
**Release note**:
```release-note
add support for client-side spam filtering of events
```
Automatic merge from submit-queue
Add liggitt to registry approvers
~50 commits to this subtree, and changes to pkg/api, apimachinery, and apiserver (already in approvers list) usually involve corresponding changes here
/assign @smarterclayton
/assign @lavalamp
/assign @wojtek-t
Automatic merge from submit-queue
Fix Stackdriver Logging tests for large clusters
Fixes https://github.com/kubernetes/kubernetes/issues/51700
Due to the limit on the length of the filter, filtering out all nodes in the cluster is not possible. Removing the filter shouldn't affect the tests, since the checks are made based on the nodeIds in the cluster that are unique anyway
Automatic merge from submit-queue
Bump gce metadata-proxy from 0.1.2 to 0.1.3
**What this PR does / why we need it**: Bump metadata-proxy from 0.1.2 to 0.1.3 to incorporate fix for CVE 2016-9063, xref https://github.com/kubernetes/contrib/pull/2720
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Remove DynamicVolumeProvisioning from feature gate
**What this PR does / why we need it**:
Remove `DynamicVolumeProvisioning` from feature gate.
**Which issue this PR fixes** : fixes#51120
**Special notes for your reviewer**:
N/A
**Release note**:
No
Automatic merge from submit-queue
Provide a way to omit Event stages in audit policy
This provide a way to omit some stages for each audit policy rule.
For example:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
- level: Metadata
resources:
- group: "rbac.authorization.k8s.io"
resources: ["roles"]
omitStages:
- "RequestReceived"
```
RequestReceived stage will not be emitted to audit backends with previous config.
**Release note**:
```
None
```
#
Solly Ross