Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move AWS Fake implementations out of test
The AWS fake implementations are in a test file and can't be imported into any other tests. This makes integration testing difficult. This PR moves the fake implementations such that they can be used by other entities.
@kubernetes/sig-aws-misc @justinsb
Automatic merge from submit-queue (batch tested with PRs 50749, 52869, 53359). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role
Allow access to openapi docs
Fixes#53349
Automatic merge from submit-queue (batch tested with PRs 50749, 52869, 53359). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm: Change the marshal code to use ApiMachinery code.
**What this PR does / why we need it**:
The PR change the k8s obj marshaling to use ApiMachinery code instead of plain yaml.Marshal which is known to have some side-effect.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixeskubernetes/kubeadm#453
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
support nodeSelector in kubefed init
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50716
**Special notes for your reviewer**:
/assign @gyliu513
**Release note**:
```release-note
support nodeSelector in kubefed init
```
Automatic merge from submit-queue (batch tested with PRs 52685, 53344). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't referece not-exist addon manager manifests in comment
**What this PR does / why we need it**:
`addon-manager-multinode.json` and `addon-manager-singlenode.json` have been removed by b814b62447 (diff-89347a70de188b3c15f5ee15323658d2).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bazel: make //cmd/kubectl:kubectl binary publicly visible
**What this PR does / why we need it**: making the `kubectl` binary visible to the release rules only seems unnecessarily restrictive (x-ref https://github.com/bazelbuild/bazel/issues/3744) - I think making this publicly visible should be fine.
**Release note**:
```release-note
NONE
```
/assign @monopole
cc @achew22
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.6.2
Upgrade Elasticsearch and Kibana to version 5.6.2. I also upgrade some API versions of manifests to correspond to Kubernetes 1.8, I hope the latter is uncontroversial?
```release-notes
```
Automatic merge from submit-queue (batch tested with PRs 50555, 51152). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement CRI stats in Docker Shim
**What this PR does / why we need it**:
This PR implements CRI Stats in the Docker Shim. It is needed to enable CRI stats for Docker and ongoing /stats/summary API changes in moving to use CRI.
Related issues:
#46984 (CRI: instruct kubelet to (optionally) consume container stats from CRI)
#45614 (CRI: add methods for container stats)
This PR is also a followup to my original PR (https://github.com/kubernetes/kubernetes/pull/50396) to implement Windows Container Stats. The plan is that Windows Stats will use a hybrid model: pod and container level stats will come from CRI (via dockershim) and that node level stats will come from a "winstats" package that exports cadvisor like datastructures using windows specific perf counters from the node. I will update that PR to only export node level stats.
@yujuhong @yguo0905 @dchen1107 @jdumars @anhowe @michmike
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Major changes:
- Don't generate a patch, instead generate the merged object so it can be used with PUT
- Separate tree parsing logic to collate items in a list from the delete / merge / replace / add logic when merging
- Use openapi for merge strategy metadata so it works with extensions and version skew
- Support multi-field mergekeys when merging lists
- Support replace strategy for maps
- Reduce complexity of generating order when merging lists - keep the locally defined order and append remote only-items
Continue to support:
- Explicitly setting fields to null
- Merging lists of primitives
- Don't randomize ordering when merging lists
TODO:
- Retain keys
- Conflict detection
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
threadSafeMap: panic if index function call fails
**Which issue this PR fixes**
Fixes#43605
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
moved admission interfaces WantsClientCert, WantsAuthorizer and Wants…
**What this PR does / why we need it**:
moves some admission interfaces to apiserver, hopefully moving the webhook admission in the future will be much easier.
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused variables and constant from pkg/apis/componentconfig/v1…
…alpha1/defaults.go
This commit will remove variables `zeroDuration`, `defaultNodeAllocatableEnforcement` and
constants `defaultIPTablesMasqueradeBit` and `defaultIPTablesDropBit` as they are unused.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remake cluster size autoscaling scale to zero test
This PR affects only cluster size autoscaling test suite. Changes:
* check whether autoscaling for is enabled by looking for a node group with a given max number of nodes instead of min as the field is omitted if value is 0
* split scale to zero test into GKE & GCE versions, add GKE-specific setup and verification
Automatic merge from submit-queue (batch tested with PRs 52395, 53322). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Send VolumeMismatch event to PVC
PV controller should send events to PVCs and not PVs when a PVC requests a PV that's either too small or has mismatching StorageClass.
Regular users can't see events on PVs so `kubectl describe pvc` is the only way how to tell user that something is wrong.
**Release note**:
```release-note
NONE
```
/sig storage
@kubernetes/sig-storage-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enable to specific unconfined AppArmor profile
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52370
**Special notes for your reviewer**:
/assign @tallclair @liggitt
**Release note**:
```release-note
enable to specific unconfined AppArmor profile
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
openapi: Validate unregistered type, if they can be found
**What this PR does / why we need it**:
Types that are not registered/hard-coded in kubectl won't be validated, even if they could because they are defined in openapi. If they are neither registered nor in openapi, then skip validation.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes nothing
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
There are two ways how a scheduled pod can get its PVCs unbound:
- admin forcefuly unbinds it
- user deletes original PVC that was bound when the pod was scheduled and
creates a new one with the same name that does not get bound from some
reason.
In both cases we don't know where the original PVC pointed at and if we
should account it to the limit of attached AWS EBS / GCE PDs etc.
The common pattern here is to count it in when in doubt.
Automatic merge from submit-queue (batch tested with PRs 53247, 53319). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[cluster-monitoring addon] Update monitoring-influxdb-grafana to latest version
**What this PR does / why we need it**:
In cluster-monitoring addon, the `monitoring-influxdb-grafana` part of the content is too old, so I modified some file to update, this has been tested on v1.7.7, v1.8.0.
**Special notes for your reviewer**:
**Release note**:
```release-note
Update Influxdb image to latest version.
Update Grafana image to latest version.
Change influxdb-grafana-controller resource to Deployment.
```
Automatic merge from submit-queue (batch tested with PRs 53247, 53319). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused function addStorageLimit
**What this PR does / why we need it**:
In package `plugin/pkg/scheduler/algorithm/predicates` remove unused
unexported function `addStorageLimit`.
**Release note**:
```release-note
NONE
```
PV controller should send events to PVCs and not PVs when a PVC requests PV
that's either too small or has mismatching StorageClass.
Regular users can't see events on PVs so `kubectl describe pvc` is the only
way how to tell user that something is wrong.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
create separate transports for liveness and readiness probes
There is currently an issue with the http2 connection pools in golang such that two GETs to the same host:port using the same Transport can collide and one gets rejected with `http2: no cached connection was available`. This happens with readiness and liveness probes if the intervals line up such that worker goroutines invoke the two probes at the exact same time.
The result is a transient probe error that appears in the events. If the failureThreshold is 1, which is kinda crazy, it would cause a pod restart.
The PR creates a separate `httprobe` instance for readiness and liveness probes so that they don't share a Transport and connection pool.
Fixes https://github.com/kubernetes/kubernetes/issues/49740
@smarterclayton @jhorwit2
Implement CRI stats for dockershim using docker stats. This enables use
of the summary api to get container metrics on Windows where CRI stats
are enabled.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Eliminate extra CRI call during processing cpu set
**What this PR does / why we need it**:
Encountered this during `kubernetes/frakti` node e2e test.
When cpuset is not set, there's still plenty of `runtime.UpdateContainerResources` been called, which seems unnecessary.
cc @ConnorDoyle Make sense? Fixes: #53304
**Special notes for your reviewer**:
**Release note**:
```release-note
Only do UpdateContainerResources when cpuset is set
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Migrate sig-ui e2e test
**What this PR does / why we need it**:
Migrate sig-ui e2e tests
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Ref Umbrella issue #49161
**Special notes for your reviewer**:
**Release note**:
none
Automatic merge from submit-queue (batch tested with PRs 51034, 53239). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Correct APIGroup for RoleBindingBuilder Subjects
This change corrects `RoleBindingBuilder` to use the RBAC API group with users and groups as subjects (service accounts use the empty string since they are in the legacy core group). This is based on the defaulting in `pkg/apis/rbac/v1/defaults.go#SetDefaults_Subject`. This is required because the bootstrap RBAC data is built with these helpers and does not go through defaulting, whereas the data retrieved from the server has already gone through defaulting. This can lead to the reconciliation code incorrectly adding duplicate subjects because it believes that they are missing (since the API groups do not match).
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
Fixes an issue with RBAC reconciliation that could cause duplicated subjects in some bootstrapped rolebindings on each restart of the API server.
```
/assign @liggitt
/sig auth
Fixes#53296
Fixes openshift/origin/issues/16611
Jordan Liggitt