Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Update RegisterMandatoryFitPredicate to avoid double register.
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/pull/50362 , we introduced `RegisterMandatoryFitPredicate` to make some predicates always included by scheduler. This PRs is to improve it by avoiding double register: `RegisterFitPredicate` and `RegisterMandatoryFitPredicate`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50360
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Device Plugin Protobuf API
**What this PR does / why we need it:**
This implements the Device Plugin API
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
Special notes for your reviewer:
First proposal submitted to the community repo, please advise if something's not right with the format or procedure, etc.
@vishh @derekwaynecarr
**Release note:**
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50807, 50650)
Add resouer into scheduler reviewer
Nominate myself as scheduling reviewer according to https://github.com/kubernetes/community/blob/master/community-membership.md
1. Member for at least 3 months
Member of Kubernetes org since 2015
2. Primary reviewer for at least 5 PRs to the codebase
Primary reviewed in kubernetes/kubernetes repo: [71 PRs ](https://github.com/search?utf8=%E2%9C%93&q=assignee%3Aresouer+is%3Aclosed+repo%3Akubernetes%2Fkubernetes&type=)
3. Reviewed or merged at least 20 substantial PRs to the codebase:
Already have [109 PRs merged](https://cncf.biterg.io/app/kibana#/dashboard/GitHub-Pull-Requests?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-2y,mode:quick,to:now))&_a=(filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:github_issues,key:author_name,negate:!f,value:'Harry%20Zhang'),query:(match:(author_name:(query:'Harry%20Zhang',type:phrase))))),options:(darkTheme:!f),panels:!((col:1,id:github_pullrequests_main_metrics,panelIndex:1,row:1,size_x:1,size_y:4,title:PRs,type:visualization),(col:2,id:github_pullrequests_pullrequests,panelIndex:2,row:1,size_x:5,size_y:2,title:'Pull%20Requests%20Per%20Status',type:visualization),(col:10,id:github_pullrequests_repositories,panelIndex:5,row:1,size_x:3,size_y:4,title:Repositories,type:visualization),(col:1,id:github_pullrequests_submitters,panelIndex:6,row:5,size_x:6,size_y:4,title:'Pull%20Request%20Submitters',type:visualization),(col:2,id:github_pullrequests_submitters_evolutionary,panelIndex:8,row:3,size_x:5,size_y:2,title:Submitters,type:visualization),(col:7,id:github_pullrequests_organizations_author_evolutionary,panelIndex:9,row:5,size_x:6,size_y:4,title:'Pull%20Requests%20by%20Organization,%20over%20time',type:visualization),(col:7,id:github_pullrequests_organizations_author,panelIndex:10,row:1,size_x:3,size_y:4,title:'Authors%20by%20Organization',type:visualization)),query:(query_string:(analyze_wildcard:!t,query:'*')),title:'GitHub%20Pull%20Requests',uiState:(P-1:(title:PRs),P-10:(title:'Authors%20by%20Organization'),P-2:(title:'Pull%20Requests%20Per%20Status',vis:(legendOpen:!f)),P-5:(title:Repositories),P-6:(title:'Pull%20Request%20Submitters'),P-8:(title:Submitters,vis:(legendOpen:!f)),P-9:(title:'Pull%20Requests%20by%20Organization,%20over%20time')))), most of them are related to sig-scheduling and sig-node, also, main author of `ImageLocalityPriority`, [Equivalence based scheduling](https://github.com/kubernetes/kubernetes/issues/17390) etc
cc @wojtek-t @davidopp @k82cn for sponsor
Automatic merge from submit-queue
Regenerate all BUILD files in vendor/ from scratch using gazelle
**What this PR does / why we need it**: the [godep `vendor/` instructions](https://github.com/kubernetes/community/blob/master/contributors/devel/godep.md) say to `rm -rf` everything under `vendor/` and then regenerate everything after saving. `gazelle` has slightly different functionality, in that it doesn't use `default_visibility`, which results in a large unrelated diff for anyone changing deps.
This PR regenerates everything in a no-op way so that subsequent changes have a reasonable diff.
x-ref #47558
**Release note**:
```release-note
NONE
```
/assign @nicksardo
/cc @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Rerun init containers when the pod needs to be restarted
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
This fixes#36485
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
fix the typo of errorf info
**What this PR does / why we need it**:
fix the error message of stateful_pod_control_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Log name if Azure file share cannot be created
**What this PR does / why we need it**: If the Azure storage provider fails to create a file share, it logs and error message 'failed to create share in account _foo_: _error-msg_'. A user on the Slack azure-sig channel reported an error of "The specified resource name length is not within the permissible limits". This PR adds logging of the name so that this error can be diagnosed in future.
**Which issue this PR fixes**: This was raised on Slack and has not been created as a GitHub issue.
**Special notes for your reviewer**: None
**Release note**:
```release-note
Changed the error log format when creating an Azure file share to include the name of the share.
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
**What this PR does / why we need it**:
Fixes#50473
Rationale: since the scheduler handles all resources except CPU as integers, that could just be the default behavior for namespaced resources.
cc @RenaudWasTaken @vishh
**Release note**:
```release-note
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
```
Automatic merge from submit-queue
Remove kubectl's dependence on schema file in pkg/api/validation.
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl. This move revealed a "hidden" dependence
(a dependence not expressed in a BUILD or make file) from a feature
level test in /hack/make-rules on a kubectl test data file. So this
PR also adds some BUILD rules around the relevant hack targets, to make the
dependence official. A later PR will move the kubectl aspect of this "hack"
test into a kubectl test directory. Leaving it in place for now after establishing
and "official" dependency, since moving the test beyond PR scope. The
test also depends on a small sh file in //cluster, which makes no sense.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41901, 50762, 50756)
Feature-gate self-hosted secrets
**What this PR does / why we need it**:
Feature gates now select whether secrets are used for TLS cert storage in self-hosted clusters.
**Release note**:
```release-note
TLS cert storage for self-hosted clusters is now configurable. You can store them as secrets (alpha) or as usual host mounts.
```
/cc @luxas
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue
Add metric for remaining lifetime of certificates authenticating requests
fixes#50778
When incoming requests to the API server are authenticated by a certificate, the expiration of the certificate can affect the validity of the authentication. With auto rotation of certificates, which is starting with kubelet certificates, the goal is to use shorter lifetimes and let the kubelet renew the certificate as desired. Monitoring certificates which are approaching expiration and not renewing would be an early warning sign that nodes are about to stop participating in the cluster.
**Release note**:
```release-note
Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server.
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Support autoprobing subnet-id for openstack cloud provider
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Make removing nodes public for Kubemark controller
The ability to remove a specific node is needed by Cluster Autoscaler to work.
**Release note**:
```
NONE
```
The current error message prints a pointer value rather than the actual
type, which is really not useful.
e.g.:
```
unknown transport type: &{0xc42044a7b0 0xc4208d6dc0}
unknown transport type: *gcp.conditionalTransport
```
This change refactors various RBAC authorizer functions to be more
flexible in their inputs. This makes it easier to reuse the various
components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 50758, 48057)
continue fix the typo in staging file
**What this PR does / why we need it**:
in kubernetes has left two place to modify the word of explicit,thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50680
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Adds IPv6 test cases for kubeadm certs.
**What this PR does / why we need it**:
Adds IPv6 test cases in support of kubeadm certificate and validation functionality. It's needed to ensure test cases cover IPv6 related networking scenarios.
**Which issue this PR fixes**
This PR is in support of Issue #1443
**Special notes for your reviewer**:
Additional PR's will follow to ensure kubeadm supports IPv6.
**Release note**:
```NONE
```
Kubernetes Submit Queue