Automatic merge from submit-queue (batch tested with PRs 58444, 59283, 59437, 59325, 59449). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update PriorityClassName API doc
**What this PR does / why we need it**: It updates the comment (and hence API doc) for PriorityClassName of PodSpec.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add NominatedNodeName field to PodStatus
**What this PR does / why we need it**:
Today, Scheduler uses an annotation called "nominated-node-name" to mark a preemptor Pod. This annotation helps scheduler know about the Pods that are destined to run on the nodes so that the resources made available by preemption is not allocated to a different Pod. In a recent discussion with @bgrant0607, we learned that we should change the annotation to a field as this field can be used by multiple schedulers and other components that may make scheduling-related decisions (descheduler, auto-scaler, kube-arbitrator, ...).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref #57471
**Special notes for your reviewer**:
**Release note**:
```release-note
Add "nominatedNodeName" field to PodStatus. This field is set when a pod preempts other pods on the node.
```
/sig scheduling
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add binary configmap
Reviving code from https://github.com/kubernetes/kubernetes/pull/33549 submitted by @zreigz
**What this PR does / why we need it**:
Add support for binary files in ConfigMap
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#32432
**Special notes for your reviewer**:
**Release note**:
```release-note
ConfigMap objects now support binary data via a new `binaryData` field. When using `kubectl create configmap --from-file`, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add FSType for CSI volume source
**What this PR does / why we need it**:
Add FSType for CSI volume source to specify filesystems (alpha defaults to `ext4`)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58183
**Special notes for your reviewer**:
**Release note**:
```release-note
Add FSType for CSI volume source to specify filesystems
```
/assign @saad-ali
cc @vladimirvivien
Automatic merge from submit-queue (batch tested with PRs 56410, 56707, 56661, 54998, 56722). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix autoscaling API documentation
**What this PR does / why we need it**:
This PR fixes the API documentation generated for HorizontalPodAutoscaler resource.
**Which issue(s) this PR fixes**:
The current API doc for `MetricSpec` and `MetricStatus` is confusing. Users get no idea what can be used as the value for the `type` field, because the doc says this:
```
type is the type of metric source. It should match one of the fields below.
```
While acceptable in the source code, it makes no senses when reading the API doc, especially when the "`type`" field is listed as the last row in a table (see: https://kubernetes.io/docs/api-reference/v1.8/#metricspec-v2beta1-autoscaling )
**Special notes for your reviewer**:
This PR makes no changes to the code behavior.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56413, 56322, 56490, 56460, 56487). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow FlexVolume PV secret namespaces
Completes the secret namespace PV refactor, so all PV volume sources that specify secrets can reference them outside the PVC namespace.
Finished the secret-related aspect of https://github.com/kubernetes/kubernetes/issues/32131
```release-note
PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused federation docs
**What this PR does / why we need it**:
Federation docs are already in project [federation](https://github.com/kubernetes/federation).
And /hack/generate-docs.sh here do not generate federation docs right now.
So it's time to remove these docs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56958
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56400, 56535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Document None dns policy clearly
**What this PR does / why we need it**:
Needs to indicate that None dns policy is controlled by a feature gate and by alpha. It also needs to note that only 1.9 or later Kubernetes servers will allow the None value.
Needs to be fixed for 1.9 so that public API documentation is correct.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56399
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56497, 56500, 55018, 56544, 56425). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Mark v1beta1 NetworkPolicy types as deprecated
**What this PR does / why we need it**:
Deprecates v1beta1 NetworkPolicy in favor of v1. The default storage is now set to v1 in 1.9.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related #56423
**Special notes for your reviewer**:
**Release note**:
```
deprecate NetworkPolicy v1beta1 API in extensions
```
Automatic merge from submit-queue (batch tested with PRs 55952, 49112, 55450, 56178, 56151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
New API group for Events.
Fixkubernetes/features#383
cc @shyamjvs
```release-note
Add events.k8s.io api group with v1beta1 API containing redesigned Event type.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update code comment that are out of date for apps/v1beta2
**What this PR does / why we need it**:
update comment that are out of date
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54139
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Custom Pod DNS to Kubernetes API
**What this PR does / why we need it**:
Ref:
- Feature issue: https://github.com/kubernetes/features/issues/504
- Proposal: https://github.com/kubernetes/community/pull/1276
This PR adds the relevant APIs, validation check and the underlying kubelet changes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/sig network
@kubernetes/sig-network-api-reviews
/assign @bowei @thockin
**Release note**:
```release-note
Add DNSConfig field to PodSpec and support "None" mode for DNSPolicy (Alpha).
```
Automatic merge from submit-queue (batch tested with PRs 55757, 55741, 55817, 55834, 51530). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor iSCSI PV spec to use SecretReference
**What this PR does / why we need it**:
Use SecretReference in iSCSI PV spec
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes-incubator/external-storage/issues/321
**Special notes for your reviewer**:
@liggitt
**Release note**:
```release-note
iSCSI Persistent Volume Sources can now reference CHAP Secrets in namespaces other than the namespace of the bound Persistent Volume Claim
```
Automatic merge from submit-queue (batch tested with PRs 55757, 55741, 55817, 55834, 51530). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clarify ExternalNames are hostnames
Updates the documentation for ExternalName to clarify
that they adhere RFC-1123 hostname and are not DNS names.
Fixes#52266
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update apps/v1 types.go comments for controller spec selector fields
**What this PR does / why we need it**:
This PR updates apps/v1 types.go comments (including removal of `optional` tag) for controller spec selector fields.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref #50808
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce new `VolumeAttachment` API Object
**What this PR does / why we need it**:
Introduce a new `VolumeAttachment` API Object. This object will be used by the CSI volume plugin to enable external attachers (see design [here](https://github.com/kubernetes/community/pull/1258). In the future, existing volume plugins can be refactored to use this object as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Part of issue https://github.com/kubernetes/features/issues/178
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clarify DefaultAddCapabilities behavior
Clarify that capabilities listed in `DefaultAddCapabilities` in the `PodSecurityPolicySpec` need not be repeated in `AllowedCapabilities`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54460, 55258, 54858, 55506, 55510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add create subcommand for priorityclass
**What this PR does / why we need it**:
add `create priorityclass` sub command
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:Fixes #54857
**Special notes for your reviewer**:
**Release note**:
```release-note
add create priorityclass sub command
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix the inconsistent description of TopologyKey in PodAffinityTerm
**What this PR does / why we need it**:
Clarify the confusing of inconsistent description.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Just fix#54276
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53047, 54861, 55413, 55395, 55308). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Switch internal scale type to autoscaling, enable apps/v1 scale subresources
xref #49504
* Switch workload internal scale type to autoscaling.Scale (internal-only change)
* Enable scale subresources for apps/v1 deployments, replicasets, statefulsets
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add MutatingWebhookConfiguration type
As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed.
Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic.
ref: https://github.com/kubernetes/features/issues/492
Automatic merge from submit-queue (batch tested with PRs 55331, 55272, 55228, 49763, 55242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add DaemonSet conditions
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref https://github.com/kubernetes/features/issues/353, #7856
**Special notes for your reviewer**:
A `conditions` field is added to DaemonSetStatus for consistency. No valid DaemonSet condition type is supported yet.
@kubernetes/sig-apps-api-reviews
**Release note**:
```release-note
DaemonSet status now has a new field named "conditions", making it consistent with other workloads controllers.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve cronjob concurrency policy doc
**What this PR does / why we need it**:
The CronJob API documentation (https://kubernetes.io/docs/api-reference/v1.8/#cronjobspec-v1beta1-batch) did not clearly state what can be used as `concurrencyPolicy`. Instead, it only says that the default value is "Raw".
**Which issue(s) this PR fixes**:
**Special notes for your reviewer**:
This patch is not changing any code logic but it involves generated "code".
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Workloads V1
**What this PR does / why we need it**: This PR promotes the Deployment, ReplicaSet, and DaemonSet StatefulSet, ControllerRevision kinds to the apps/v1 group version.
https://github.com/kubernetes/features/issues/353
**Special notes for your reviewer**:
There will be at least two followups to this PR. The first to add a scale sub-resource when the correct location is resolved, and the second to deal with Conditions in the workloads API.
While it would have been preferable to move the kinds individually providing a lesser burden on reviewers, this proved impracticable due to the intricacies of version resolution in kubectl for objects of the different kinds in the same group.
```release-note
DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version.
```
Automatic merge from submit-queue (batch tested with PRs 55050, 53464, 54936, 55028, 54928). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update deletionTimestamp with information about finalizer effect
**What this PR does / why we need it**:
ref https://github.com/kubernetes/community/pull/1177
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:Fixes # https://github.com/kubernetes/website/issues/6128
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ScaleIO - Ability to specify Secret's name and namespace
**What this PR does / why we need it**:
This PR is to decouple the ScaleIO secret from the same namespace as that of the StorageClass/PVC/PV that uses it (#53619). Currently, authorized non-admin k8s user, who creates volumes, may end up having unauthorized access to ScaleIO secret information. This PR introduces secret parameter that allows specification of secret's namespace.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53619
**Release note**:
```release-note
ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the `secretNamespace` storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value `default`
```
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typo in comment.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53051, 52489, 53920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement `kubectl alpha diff` to diff resources
`kubectl alpha diff` lets you diff your resources against live
resources, or last applied, or even preview what changes are going to be
applied on the cluster.
This is still quite premature, and mostly untested.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
Clearly not ready for Release note.
```release-note
NONE
```
kubernetes/community#287
Automatic merge from submit-queue (batch tested with PRs 54229, 54380, 54302, 54454). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor RBD volume
Refactor RBD Volume Persistent Volume Spec so RBD PV's SecretRef
allows referencing a secret from a persistent volume in any namespace.
This allows locating credentials for persistent volumes in namespaces
other than the one containing the PVC.
Closes#54432
```release-note
RBD Persistent Volume Sources can now reference User's Secret in namespaces other than the namespace of the bound Persistent Volume Claim
```
Automatic merge from submit-queue (batch tested with PRs 52556, 52897, 54342). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken links in api after moving proposals to subdirs
**What this PR does / why we need it**:
fix incorrect links in api after kubernetes/community#1010
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes/community#918
**Special notes for your reviewer**:
CC @bgrant0607
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some typos in api/types
**What this PR does / why we need it**:
Fix some typos in api/types
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53420
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 52500, 52533). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Cronjob beta defaults
**What this PR does / why we need it**:
I forget to set the defaults in beta for (successful|failed)JobsHistoryLimit so doing this now. It's already too late for 1.8 so this goes into 1.9.
**Release note**:
```release-note
Set defaults for successfulJobsHistoryLimit (3) and failedJobsHistoryLimit (1) in batch/v1beta1.CronJobs
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
api: update progressdeadlineseconds comment for deployments
@kubernetes/sig-apps-api-reviews we may never end up doing autorollback - this drops the comment from the pds field for now
Automatic merge from submit-queue (batch tested with PRs 51956, 50708)
Move autoscaling/v2 from alpha1 to beta1
This graduates autoscaling/v2alpha1 to autoscaling/v2beta1. The move is more-or-less just a straightforward rename.
Part of kubernetes/features#117
```release-note
v2 of the autoscaling API group, including improvements to the HorizontalPodAutoscaler, has moved from alpha1 to beta1.
```
Automatic merge from submit-queue
Workloads deprecation 1.8
**What this PR does / why we need it**: This PR deprecates the Deployment, ReplicaSet, and DaemonSet kinds in the extensions/v1beta1 group version and the StatefulSet, Deployment, and ControllerRevision kinds in the apps/v1beta1 group version. The Deployment, ReplicaSet, DaemonSet, StatefuSet, and ControllerRevision kinds in the apps/v1beta2 group version are now the current version.
xref kubernetes/features#353
```release-note
The Deployment, DaemonSet, and ReplicaSet kinds in the extensions/v1beta1 group version are now deprecated, as are the Deployment, StatefulSet, and ControllerRevision kinds in apps/v1beta1. As they will not be removed until after a GA version becomes available, you may continue to use these kinds in existing code. However, all new code should be developed against the apps/v1beta2 group version.
```
Automatic merge from submit-queue (batch tested with PRs 50832, 51119, 51636, 48921, 51712)
add reconcile command to kubectl auth
This pull exposes the RBAC reconcile commands through `kubectl auth reconcile -f FILE`. When passed a file which contains RBAC roles, rolebindings, clusterroles, or clusterrolebindings, it will compute covers and add the missing rules.
The logic required to properly "apply" rbac permissions is more complicated that a json merge since you have to compute logical covers operations between rule sets. This means that we cannot use `kubectl apply` to update rbac roles without risking breaking old clients (like controllers).
To solve this problem, RBAC created reconcile functions to use during startup for "stock" roles. We want to offer this power to users who are running their own controllers and extension servers.
This is an intersection between @kubernetes/sig-auth-misc and @kubernetes/sig-cli-misc
Automatic merge from submit-queue (batch tested with PRs 51335, 51364, 51130, 48075, 50920)
[API] Feature/job failure policy
**What this PR does / why we need it**: Implements the Backoff policy and failed pod limit defined in https://github.com/kubernetes/community/pull/583
**Which issue this PR fixes**:
fixes#27997, fixes#30243
**Special notes for your reviewer**:
This is a WIP PR, I updated the api batchv1.JobSpec in order to prepare the backoff policy implementation in the JobController.
**Release note**:
```release-note
Add backoff policy and failed pod limit for a job
```
Automatic merge from submit-queue (batch tested with PRs 45724, 48051, 46444, 51056, 51605)
Mount propagation in kubelet
Together with #45724 it implements mount propagation as proposed in https://github.com/kubernetes/community/pull/659
There is:
- New alpha annotation that allows user to explicitly set propagation mode for each `VolumeMount` in pod containers (to be replaced with real `VolumeMount.Propagation` field during beta) + validation + tests. "Private" is the default one (= no change to existing pods).
I know about proposal for real API fields for alpha feature in https://docs.google.com/document/d/1wuoSqHkeT51mQQ7dIFhUKrdi3-1wbKrNWeIL4cKb9zU/edit, but it seems it's not implemented yet. It would save me quite lot of code and ugly annotation.
- Updated CRI API to transport chosen propagation to Docker.
- New `kubelet --experimental-mount-propagation` option to enable the previous bullet without modifying types.go (worked around with changing `KubeletDeps`... not nice, but it's better than adding a parameter to `NewMainKubelet` and removing it in the next release...)
```release-note
kubelet has alpha support for mount propagation. It is disabled by default and it is there for testing only. This feature may be redesigned or even removed in a future release.
```
@derekwaynecarr @dchen1107 @kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 45724, 48051, 46444, 51056, 51605)
Add selfsubjectrulesreview in authorization
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#47834#31292
**Special notes for your reviewer**:
**Release note**:
```release-note
Add selfsubjectrulesreview API for allowing users to query which permissions they have in a given namespace.
```
/cc @deads2k @liggitt
Automatic merge from submit-queue (batch tested with PRs 51632, 51055, 51676, 51560, 50007)
fixing a typo in staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
**What this PR does / why we need it**:
Fix a typo in `staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
`NONE`
Automatic merge from submit-queue (batch tested with PRs 49971, 51357, 51616, 51649, 51372)
add information for subresource kind determination
xref https://github.com/kubernetes/kubernetes/issues/38810https://github.com/kubernetes/kubernetes/issues/38756
Polymorphic subresources usually have different groupVersions for their discovery kinds than their "native" groupVersions. Even though the APIResourceList shows the kind properly, it does not reflect the group or version of that kind, which makes it impossible to unambiguously determine if the subresource matches you and it is impossible to determine how to serialize your data. See HPA controller.
This adds an optional Group and Version to the discovery doc, which can be used to communicate the "native" groupversion of an endpoint. Doing this does not preclude fancier contenttype negotiation in the future and doesn't prevent future expansion from indicating equivalent types, but it does make it possible to solve the problem we have today or polymorphic categorization.
@kubernetes/sig-api-machinery-misc @smarterclayton
@cheftako since @lavalamp is out.
```release-note
Adds optional group and version information to the discovery interface, so that if an endpoint uses non-default values, the proper value of "kind" can be determined. Scale is a common example.
```
Automatic merge from submit-queue (batch tested with PRs 50719, 51216, 50212, 51408, 51381)
Allow PSP's to specify a whitelist of allowed paths for host volume
**What this PR does / why we need it**:
Reverts the revert for the allowed host path feature that was moved from v1.7 to v1.8. This PR also changes the api as discussed in https://github.com/kubernetes/kubernetes/pull/47811.
Original pr: https://github.com/kubernetes/kubernetes/pull/43946
revert: https://github.com/kubernetes/kubernetes/pull/47851
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29326
**Special notes for your reviewer**:
cc @liggitt @ericchiang @php-coder
It seems the api build process has changed. Hopefully I did it right 👼 .
**Release note**:
```release-note
Allow PSP's to specify a whitelist of allowed paths for host volume
```
Automatic merge from submit-queue
Add storageClass.mountOptions and use it in all applicable plugins
split off from https://github.com/kubernetes/kubernetes/pull/50919 and still dependent on it. cc @gnufied
issue: https://github.com/kubernetes/features/issues/168
```release-note
Add mount options field to StorageClass. The options listed there are automatically added to PVs provisioned using the class.
```
Automatic merge from submit-queue (batch tested with PRs 51377, 46580, 50998, 51466, 49749)
feat(#21648 )Add kubectl set env command.
**What this PR does / why we need it**:
#21648
Moved from OpenShift to Kubenetes.
@kargakis @smarterclayton
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50919, 51410, 50099, 51300, 50296)
Remove failure policy from initializer configuration
A few reasons:
* Implementing fail open initializers increases complexity a lot
* We haven't seen strong use cases
* We can always add it back
Automatic merge from submit-queue (batch tested with PRs 50919, 51410, 50099, 51300, 50296)
Take mount options to GA by adding PV.spec.mountOptions
**What this PR does / why we need it**: Implements https://github.com/kubernetes/community/pull/771
issue: https://github.com/kubernetes/features/issues/168
**Special notes for your reviewer**:
TODO:
- ~StorageClass mountOptions~
As described in proposal, this adds PV.spec.mountOptions + mountOptions parameter to every plugin that is both provisionable & supports mount options.
(personally, even having done all the work already, i don't agree w/ the proposal that mountOptions should be SC parameter but... :))
**Release note**:
```release-note
Add mount options field to PersistentVolume spec
```
Automatic merge from submit-queue (batch tested with PRs 51471, 50561, 50435, 51473, 51436)
Add local storage to downwards API
**Release note**:
```release-note
Add local ephemeral storage to downward API
```
/assign @NickrenREN
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Paramaterize `stickyMaxAgeMinutes` for service in API
**What this PR does / why we need it**:
Currently I find `stickyMaxAgeMinutes` for a session affinity type service is hard code to 180min. There is a TODO comment, see
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L205
I think the seesion sticky max time varies from service to service and users may not aware of it since it's hard coded in all proxier.go - iptables, userspace and winuserspace.
Once we parameterize it in API, users can set/get the values for their different services.
Perhaps, we can introduce a new field `api.ClientIPAffinityConfig` in `api.ServiceSpec`.
There is an initial discussion about it in sig-network group. See,
https://groups.google.com/forum/#!topic/kubernetes-sig-network/i-LkeHrjs80
**Which issue this PR fixes**:
fixes#49831
**Special notes for your reviewer**:
**Release note**:
```release-note
Paramaterize session affinity timeout seconds in service API for Client IP based session affinity.
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Add IPBlock to Network Policy
**What this PR does / why we need it**:
Add ipBlockRule to NetworkPolicyPeer.
**Which issue this PR fixes**
fixes#49978
**Special notes for your reviewer**:
- I added this directly as a field on the existing API per guidance from API-Machinery/lazy SIG-Network consensus.
Todo:
- [ ] Documentation comments to mention this is beta, unless we want to go straight to GA
- [ ] e2e tests
**Release note**:
```
Support ipBlock in NetworkPolicy
```
Automatic merge from submit-queue (batch tested with PRs 50806, 48789, 49922, 49935, 50438)
Remove deprecated kubectl command aliases
**What this PR does / why we need it**:
These command aliases have been deprecated for more than two years. It's time to remove them.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #8319#6118#8596
**Special notes for your reviewer**:
/sig cli
**Release note**:
```release-note
Remove deprecated kubectl command aliases `apiversions, clusterinfo, resize, rollingupdate, run-container, update`
```
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Add ControllerRevision to apps/v1beta2
**What this PR does / why we need it**:
This PR added `ControllerRevision` currently in `apps/v1beta1` to `apps/v1beta2`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50696.
**Special notes for your reviewer**:
@kow3ns @janetkuo
**Release note**:
```release-note
Add ControllerRevision to apps/v1beta2
```
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Add ReclaimPolicy field to StorageClass
fix https://github.com/kubernetes/kubernetes/issues/38192, enough people want this imo so going ahead and adding it according to initial suggested design
some considerations:
* No Recycle allowed, Retain (& Delete) only.
* Do we need to gate the field.
* E2E test where a Retain PV is dynamically provisioned is TODO if we agree we want this & this is the way to do it.
* Need a feature repo issue to track docs and stuff for 1.8
**Release note**:
```release-note
StorageClass has a new field to configure reclaim policy of dynamically provisioned PVs.
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Automatic merge from submit-queue (batch tested with PRs 50198, 49051, 48432)
New kubectl command: `kubectl set service-account`
**What this PR does / why we need it**:
Adds a command to update serviceaccount of resources with pod template
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes#45147
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Cleanup DaemonSet templateGeneration
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49336
**Special notes for your reviewer**:
/cc @janetkuo @foxish
~~Depends on #49071~~ (Merged)
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
Fix Type Taint comment
**What this PR does / why we need it**:
remvoe redundant words in Type `Taint`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/assign @k82cn
**Release note**:
```release-note
None
```
Automatic merge from submit-queue
Added field CollisionCount to StatefulSetStatus
**What this PR does / why we need it**:
This PR added a new field `CollisionCount` into `StatefulSetStatus`, similarly in terms of both name and semantics to the existing `CollisionCount` field in `DaemonSetStatus`. The field will be used for collision avoidance when the `StatefulSet` controller creates name for the newest ControllerRevision, which will be done in another PR.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: #49909.
**Special notes for your reviewer**:
A second PR will include logic that actually uses the field for collision avoidance.
**Release note**:
```release-note
Added field CollisionCount to StatefulSetStatus in both apps/v1beta1 and apps/v1beta2
```
Automatic merge from submit-queue
add newline for unimplemented RequiredDuringSchedulingRequiredDuringExecution
**What this PR does / why we need it**:
Unimplemented `RequiredDuringSchedulingRequiredDuringExecution` should not be treated as comments of `RequiredDuringSchedulingIgnoredDuringExecution`
* [pkg/api/types.go#L1937](https://github.com/kubernetes/kubernetes/blob/master/pkg/api/types.go#L1937)
* [staging/src/k8s.io/api/core/v1/types.go#L2155](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/api/core/v1/types.go#L2155)
> // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:fixes #50483
**Special notes for your reviewer**:
* Add an empty line to separate them.
/cc @aveshagarwal @bsalamat @gyliu513 @k82cn @timothysc
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49642, 50335, 50390, 49283, 46582)
Add rbac.authorization.k8s.io/v1
xref https://github.com/kubernetes/features/issues/2
Promotes the rbac.authorization.k8s.io/v1beta1 API to v1 with no changes
```release-note
The `rbac.authorization.k8s.io/v1beta1` API has been promoted to `rbac.authorization.k8s.io/v1` with no changes.
The `rbac.authorization.k8s.io/v1alpha1` version is deprecated and will be removed in a future release.
```
Automatic merge from submit-queue (batch tested with PRs 50016, 49583, 49930, 46254, 50337)
Alpha Dynamic Kubelet Configuration
Feature: https://github.com/kubernetes/features/issues/281
This proposal contains the alpha implementation of the Dynamic Kubelet Configuration feature proposed in ~#29459~ [community/contributors/design-proposals/dynamic-kubelet-configuration.md](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/dynamic-kubelet-configuration.md).
Please note:
- ~The proposal doc is not yet up to date with this implementation, there are some subtle differences and some more significant ones. I will update the proposal doc to match by tomorrow afternoon.~
- ~This obviously needs more tests. I plan to write several O(soon). Since it's alpha and feature-gated, I'm decoupling this review from the review of the tests.~ I've beefed up the unit tests, though there is still plenty of testing to be done.
- ~I'm temporarily holding off on updating the generated docs, api specs, etc, for the sake of my reviewers 😄~ these files now live in a separate commit; the first commit is the one to review.
/cc @dchen1107 @vishh @bgrant0607 @thockin @derekwaynecarr
```release-note
Adds (alpha feature) the ability to dynamically configure Kubelets by enabling the DynamicKubeletConfig feature gate, posting a ConfigMap to the API server, and setting the spec.configSource field on Node objects. See the proposal at https://github.com/kubernetes/community/blob/master/contributors/design-proposals/dynamic-kubelet-configuration.md for details.
```
Automatic merge from submit-queue (batch tested with PRs 50016, 49583, 49930, 46254, 50337)
Remove scheduledjobs
This is a prerequisite for promoting CronJobs to beta.
**Release note**:
```release-note
Remove deprecated ScheduledJobs endpoints, use CronJobs instead.
```
Automatic merge from submit-queue
Change default update strategy to rolling update
Fixes https://github.com/kubernetes/kubernetes/issues/49604
Change default update strategy to rolling update for daemonset and statefulset in v1beta2
cc @kubernetes/sig-apps-pr-reviews @lukaszo @kargakis
**Release note**:
```release-note
Make rolling update the default update strategy for v1beta2.DaemonSet and v1beta2.StatefulSet
```
Automatic merge from submit-queue
Timeout and Max-in-flight don't report non-resource URLs correctly.
Unify error reporting for 429 and 504 to be correct for timeout and max in flight and eviction. Add better messages to eviction (removing a todo). Return the correct body content for timeouts (reason and code should be correct).
This potentially increases cardinality of 429, but because non-api urls may be under the max-inflight budget we need to report them somewhere (if something breaks and starts fetching API versions endlessly).
```release-note
The 504 timeout error was returning a JSON error body that indicated it was a 500. The body contents now correctly report a 500 error.
```
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Add missing UID in SubjectAccessReviewSpec
**What this PR does / why we need it**:
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
The SubjectAccessReview API in the authorization.k8s.io API group now allows providing the user uid.
```
Automatic merge from submit-queue
Increase default value of apps/v1beta2 DeploymentSpec.RevisionHistoryLimit to 10
**What this PR does / why we need it**:
All controllers that use the `RevisionHistoryLimit` field have a default value of 10 for the field, except for `Deployment`, which has a default of 2. We should increase it to 10 for consistency on its default value across controllers.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49913
**Special notes for your reviewer**:
/cc @janetkuo @foxish @liyinan926
**Release note**:
```release-note
Increase default value of apps/v1beta2 DeploymentSpec.RevisionHistoryLimit to 10
```
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747)
Add support for `no_new_privs` via AllowPrivilegeEscalation
**What this PR does / why we need it**:
Implements kubernetes/community#639
Fixes#38417
Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`.
Adds `AllowPrivilegeEscalation` to container `SecurityContext`.
Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set.
Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity.
**Release note**:
```release-note
Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process
```
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)
[Federation][Kubefed] Support reference document autogeneration for kubefed
This PR is needed to address the documentation issue https://github.com/kubernetes/kubernetes.github.io/issues/2888
Apart from the code auto generation have updated some descriptions for consistency.
**Special notes for your reviewer**:
@kubernetes/sig-federation-misc
cc @madhusudancs @csbell
**Release note**:
```NONE
```
Automatic merge from submit-queue
Remove flags low-diskspace-threshold-mb and outofdisk-transition-frequency
issue: #48843
This removes two flags replaced by the eviction manager. These have been depreciated for two releases, which I believe correctly follows the kubernetes depreciation guidelines.
```release-note
Remove depreciated flags: --low-diskspace-threshold-mb and --outofdisk-transition-frequency, which are replaced by --eviction-hard
```
cc @mtaufen since I am changing kubelet flags
cc @vishh @derekwaynecarr
/sig node
Automatic merge from submit-queue (batch tested with PRs 48480, 48353)
remove tpr api access
xref https://github.com/kubernetes/kubernetes/issues/48152
TPR tentacles go pretty deep. This gets us started by removing API access and we'll move down from there.
@kubernetes/sig-api-machinery-misc
@ironcladlou this should free up the GC implementation since TPRs will no longer be present and failing.
```release-note
Removing TPR api access per https://github.com/kubernetes/kubernetes/issues/48152
```
Automatic merge from submit-queue
Add alpha command to kubectl
Also allow new commands to disable themselves by returning a nil value. This can be used to disable commands based on feature gates.
**What this PR does / why we need it**: Method of enabling alpha functionality in kubectl
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: ref #45922
**Special notes for your reviewer**: Part of a discussion in #45922 with @pwittrock
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47851, 47824, 47858, 46099)
Revert 44714 manually
#44714 broke backward compatibility for old swagger spec that kubectl still uses. The decision on #47448 was to revert this change but the change was not automatically revertible. Here I semi-manually remove all references to UnixUserID and UnixGroupID and updated generated files accordingly.
Please wait for tests to pass then review that as there may still be tests that are failing.
Fixes#47448
Adding release note just because the original PR has a release note. If possible, we should remove both release notes as they cancel each other.
**Release note**: (removed by caesarxuchao)
UnixUserID and UnixGroupID is reverted back as int64 to keep backward compatibility.
If there are 2 or more PR(s) in the queue, they will end up with
conflicts (and rechecks). So let us remove the timestamp entirely
when we generate the files.
Fixes#46814
Automatic merge from submit-queue
Fix api description
**What this PR does / why we need it**:
prefered -> preferred
the the -> the
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Alpha commands can be added under `kubectl alpha` and are always
accessible (regardless of feature gates). If no alpha commands have been
defined then `alpha` is not displayed in `help`.
Automatic merge from submit-queue (batch tested with PRs 46441, 43987, 46921, 46823, 47276)
Remove PartitionStatefulSetStrategyType
This PR removes PartitionStatefulSetStrategyType add adds a parameter to RollingUpdateStatefulSetStrategyType as described in the issue below. We need this PR to ensure that the StatefulSet API conforms to the existing API for DaemonSet.
fixes#46975
```release-note
NONE
```
@kargakis
@smarterclayton
@janetkuo
Automatic merge from submit-queue
Deprecated binding for 1.7
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#10043
```release-note
Deprecated Binding objects in 1.7.
```
Automatic merge from submit-queue
Implement Daemonset history
~Depends on #45867 (the 1st commit, ignore it when reviewing)~ (already merged)
Ref https://github.com/kubernetes/community/pull/527/ and https://github.com/kubernetes/community/pull/594
@kubernetes/sig-apps-api-reviews @kubernetes/sig-apps-pr-reviews @erictune @kow3ns @lukaszo @kargakis
---
TODOs:
- [x] API changes
- [x] (maybe) Remove rollback subresource if we decide to do client-side rollback
- [x] deployment controller
- [x] controller revision
- [x] owner ref (claim & adoption)
- [x] history reconstruct (put revision number, hash collision avoidance)
- [x] de-dup history and relabel pods
- [x] compare ds template with history
- [x] hash labels (put it in controller revision, pods, and maybe deployment)
- [x] clean up old history
- [x] Rename status.uniquifier when we reach consensus in #44774
- [x] e2e tests
- [x] unit tests
- [x] daemoncontroller_test.go
- [x] update_test.go
- [x] ~(maybe) storage_test.go // if we do server side rollback~
kubectl part is in #46144
---
**Release note**:
```release-note
```
Automatic merge from submit-queue
Add Local Storage Capacity Isolation API
This PR adds the new APIs to support storage capacity isolation as
described in the proposal [https://github.com/kubernetes/community/pull/306](url)
1. Add SizeLimit for emptyDir volume
2. Add scratch and overlay storage type used by container level or
node level
**Release note**:
```release-note
Alpha feature: Local volume Storage Capacity Isolation allows users to set storage limit to isolate EmptyDir volumes, container storage overlay, and also supports allocatable storage for shared root file system.
```
Automatic merge from submit-queue (batch tested with PRs 42240, 46100, 46154, 46431, 45755)
Fix api description in swagger
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46489, 46281, 46463, 46114, 43946)
Allow PSP's to specify a whitelist of allowed paths for host volume
**What this PR does / why we need it**:
This PR adds the ability to whitelist paths for the host volume to ensure pods cannot access directories they aren't supposed to. E.g. `/var/lib/kubelet`, `/etc/kubernetes/*`, etc.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29326
**Special notes for your reviewer**:
**Release note**:
```release-note
Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes
```
Automatic merge from submit-queue (batch tested with PRs 46407, 46457)
Remove deletecollection support from namespace object
Namespace storage accidentally picked up deletecollection support from embedding the generic store. If invoked, it skips the custom namespace `Delete()` storage method that enforces finalization, and skips the namespace lifecycle admission plugin that protects immortal namespaces from deletion.
Given the data integrity implications of skipping namespace finalization, I'd backport this as far as we're releasing patch releases.
```release-note
The namespace API object no longer supports the deletecollection operation.
```
Automatic merge from submit-queue (batch tested with PRs 42256, 46479, 45436, 46440, 46417)
Add `kubectl apply edit-last-applied` subcommand
third command of https://github.com/kubernetes/community/pull/287
Fixes https://github.com/kubernetes/kubernetes/issues/44905
@pwittrock @AdoHe @ymqytw @kubernetes/sig-cli-feature-requests could you guys have an early review ? cause some of feature I'm not sure about, will add unit tests if you think it's ok.
Kubernetes Submit Queue