Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Remove default binding of system:node role to system:nodes group
part of https://github.com/kubernetes/features/issues/279
deprecation of this automatic binding announced in 1.7 in https://github.com/kubernetes/kubernetes/pull/46076
```release-note
RBAC: the `system:node` role is no longer automatically granted to the `system:nodes` group in new clusters. It is recommended that nodes be authorized using the `Node` authorization mode instead. Installations that wish to continue giving all members of the `system:nodes` group the `system:node` role (which grants broad read access, including all secrets and configmaps) must create an installation-specific `ClusterRoleBinding`.
```
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
improve log for pod deletion poll loop
**What this PR does / why we need it**:
It improves some logging related to waiting for a pod to reach a passed-in condition. Specifically, related to issue [49529](https://github.com/kubernetes/kubernetes/issues/49529) where better logging may help to debug the root cause.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Flag support in kubectl plugins
Adds support to flags in `kubectl` plugins. Flags are declared in the plugin descriptor and are passed to plugins through env vars, similar to global flags (which already works).
Fixes https://github.com/kubernetes/kubernetes/issues/49122
**Release note**:
```release-note
Added flag support to kubectl plugins
```
PTAL @monopole @kubernetes/sig-cli-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Adding metrics support to local volume
Adding metrics support to local volume plugin.
Fixes#49601
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
replicaset fix typo
**What this PR does / why we need it**:
reopen#47821
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
@NickrenREN
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
Use MetricsStatsFs to expose RBD volume plugin metrics.
**What this PR does / why we need it**:
We need to monitor RBD volume usage of our cluster and configure alerts if RBD volume is nearly full. Users of cluster also need to see usage history graph on Grafana.
This PR use MetricsStatsFs to implement MetricsProvider interface of RBD plugin (same as `gce_pd`), so kubelet /stat/summary can expose RBD volume stats.
**Special notes for your reviewer**:
cc @rootfs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
GCE: Remove resource Get function calls from Create functions
**What this PR does / why we need it**:
Consistency. This PR removes the GetXXX from the CreateXXX functions of the GCE cloudprovider. Consumers (specifically the ingress controller) will need to call the Get resource funcs separately when updating their vendored versions.
**Release note**:
```release-note
NONE
```
/assign @bowei
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
Use case-insensitive header keys for `--requestheader-group-headers`.
This flag is documented as being case-insensitive, but the code was
doing a case-sensitive map lookup.
**Release note**:
```release-note
Bug fix: Parsing of `--requestheader-group-headers` in requests should be case-insensitive.
```
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
Better message if we dont find appropriate BlockStorage API
**What this PR does / why we need it**:
With latest devstack, v1 and v2 are DEPRECATED and v3 is marked
as CURRENT. So we fail to attach the disk, the error message is
shown when one does "kubectl describe pod" but the operator has
to dig into find the problem.
So log a better message if we can't find the appropriate version
of the API that we support with an explicit error message that
the operator can see how to fix the situation.
Note support for v3 block storage API is being added to gophercloud
and will take a bit of time before we can support it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Fix TODO: rename podInfraContainerID to sandboxID
**What this PR does / why we need it**:
Code-cleanup in kubelet to use consistent naming for sandbox ID. Not super urgent, but thought it would be nice to knock off some TODOs.
**Which issue this PR fixes**
Fixes a TODO in the code, no associated issue.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Fix a dead link in cluster/update-storage-objects.sh
**What this PR does / why we need it**: This PR fixes a dead link in cluster/update-storage-objects.sh.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Bumps go-oidc version to include fix for jwt header parsing
**What this PR does / why we need it**:
This bumps the go-oidc dependency to use a fix merged in https://github.com/coreos/go-oidc/pull/153 for OIDC providers that don't set an `Expires` header
**Which issue this PR fixes** :
Partially addresses #42654
Also related: https://github.com/coreos/go-oidc/issues/136
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Move e2e dependent images from kubernetes/kubernetes.github.io repo
**What this PR does / why we need it**:
Move e2e dependent images from kubernetes/kubernetes.github.io repo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48530
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
ParseEncryptionConfiguration: simplify code
**What this PR does / why we need it**:
Reorder `if`-s to make code a bit more readable. It also improves godoc comment and error message.
**Release note**:
```release-note
NONE
```
PTAL @sakshamsharma
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
adds an admission plugin initializer to the sample apiserver.
**What this PR does / why we need it**:
this PR adds an admission plugin initializer to the sample apiserver.
the plugin initializer is going to be used by an admission plugin
that will use generated informers/listers to list the cluster-scoped resources.
#47868
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
remove dead code in rbac helper
**What this PR does / why we need it**:
validated in `case len(r.PolicyRule.NonResourceURLs) > 0:` .
**Which issue this PR fixes**: #49540
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
Should not set struct pointer directly to interface which may cause potential panic
fix https://github.com/kubernetes/kubernetes/issues/43127 to avoid potential kubelet panic.
In our old implemention, interface `kubeDeps.EventClient ` (interface) will never equals to `nil` even if `eventClient `(struct pointer )was set to `nil`. `kubeDeps.ExternalKubeClient` and `kubeDeps.KubeClient` also have same potential risk.
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
Add apps/v1beta2.ReplicaSet
~Depends on #48746~ (merged)
~Depends on #49357~ (merged)
xref: #49135
```release-note
Add a new API object apps/v1beta2.ReplicaSet
```
Automatic merge from submit-queue
fix pdb validation bug on spec
**What this PR does / why we need it**:
When working on issue #48691, I found a bug on current [pdb validation on spec](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/policy/validation/validation.go#L41-L42). This validation is to check `PodDisruptionBudgetSpec` instead of the whole obj. Currently when doing updates, this check will fail as always.
**Which issue this PR fixes** : fix#48691
**Special notes for your reviewer**:
**Release note**:
```release-note
fix pdb validation bug on PodDisruptionBudgetSpec
```
Automatic merge from submit-queue (batch tested with PRs 49665, 49689, 49495, 49146, 48934)
Add Integration tests for Inter-Pod Affinity(AntiAffinity)
Signed-off-by: vikaschoudhary16 <choudharyvikas16@gmail.com>
**What this PR does / why we need it**:
Adds integration tests for inter-pod affinity(anti-affinity)
**Special notes for your reviewer**:
Once after @bsalamat 's #48847 gets merged, changes in this PR will be restructured according to the merged changes.
ref/ #48176#48847
@kubernetes/sig-scheduling-pr-reviews
@davidopp @k82cn
Automatic merge from submit-queue (batch tested with PRs 49665, 49689, 49495, 49146, 48934)
openapi: refactor into more generic structure
**What this PR does / why we need it**:
Refactor the openapi schema to be a more generic structure that can be
"visited" to get more specific types. Will be used by validation.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: #44589
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49665, 49689, 49495, 49146, 48934)
make it possible to allow discovery errors for controllers
Update the discovery client to return partial discovery information *and* an error. Since we can aggregate API servers, discovery of some resources can fail independently. Callers of this function who want to tolerate the errors can, existing callers will still get an error and fail in normal blocks.
@kubernetes/sig-api-machinery-misc @sttts
Automatic merge from submit-queue (batch tested with PRs 49665, 49689, 49495, 49146, 48934)
Reverting deprecation of vCenter port in vSphere Cloud Provider
**What this PR does / why we need it**:
This PR reverts back the deprecation of vCenter port made with PR: kubernetes#42024
We observed an issue when kubernetes cluster is deployed on the vCenter with non-default Port.
When VC is configured with non default port govmomi requests were going to default port 443. This is not valid, as confirmed in https://github.com/vmware/govmomi/issues/802
**Which issue this PR fixes**
fixes # https://github.com/vmware/kubernetes/issues/220
**Special notes for your reviewer**:
Verified with deploying Kubernetes Cluster on the vCenter with port (7443).
Used following vsphere.conf file on master and worker nodes
```
# cat vsphere.conf
[Global]
user = "Administrator@vsphere.local"
password = "Admin!23"
server = "10.192.87.209"
port = "7443"
insecure-flag = "1"
datacenter = "Datacenter"
datastore = "storage1"
working-dir = "kubernetes"
[Disk]
scsicontrollertype = pvscsi
```
Created Storage Class, PV, PVC and Pod. Verified Attach, Detach, Create and Delete Volume Operations are working as expected.
Also verified with completely removing port from vsphere.conf file. default 443 is used in this case.
```
# cat vsphere.conf
[Global]
user = "Administrator@vsphere.local"
password = "Admin!23"
server = "10.192.66.216"
insecure-flag = "1"
datacenter = "Datacenter"
datastore = "storage1"
working-dir = "kubernetes"
[Disk]
scsicontrollertype = pvscsi
```
**Release note**:
```release-note
NONE
```
@luomiao @BaluDontu @tusharnt @rohitjogvmw
Automatic merge from submit-queue
Tune Cinder approvers
I don't want to be single approver for cinder PRs, @anguslees is OpenStack maintainer and should be able to help with Cinder.
Any other volunteers from @kubernetes/sig-storage-pr-reviews or @k8s-sig-openstack-pr-reviews?
Note: @justinsb **is** still reviewer, he was just listed twice.
```release-note
NONE
```
Automatic merge from submit-queue
Add OWNERS file for Calico add-on
**What this PR does / why we need it**:
Adds @caseydavenport and @fasaxc as owners to the Calico add-on.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
No related issue.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48360, 48469, 49576, 49516, 49558)
Update maintainers for Juju charm layers
**What this PR does / why we need it**: Update maintainers of harm layers to reflect ... reality
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 48360, 48469, 49576, 49516, 49558)
Rev Calico's Typha daemon to v0.2.3 in add-on deployment.
**What this PR does / why we need it**:
This PR revs the version of Calico's Typha daemon used in the calico-policy-controller add-on to the latest bug-fix release, which incorporates a [critical bug fix](https://github.com/projectcalico/typha/issues/28).
**Which issue this PR fixes**
fixes#49473
**Release note**:
```release-note
Rev version of Calico's Typha daemon used in add-on to v0.2.3 to pull in bug-fixes.
```
Automatic merge from submit-queue
Set snat to false
**What this PR does / why we need it**:
- the [version](e8bea554c5) of the portmap plugin included with calico CNI version `v1.9.1` doesn't have `noSnat` config option, it has `snat` which is not specified (which is the case without this PR), [will be set to true by default](https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap#usage) , so we need to explicitly set it to `false`
CC @caseydavenport
Automatic merge from submit-queue (batch tested with PRs 47357, 49514, 49271, 49572, 49476)
enhance kubectl run error message
Before this change:
$ kubectl run nginx
error: Invalid image name "": invalid reference format
After this change:
$ kubectl run nginx
error: --image is required
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47357, 49514, 49271, 49572, 49476)
Updates etcd-client to 3.1.10
I have no idea why azure sdk update became transitive but godeps we're restored before update
Fixes: https://github.com/kubernetes/kubernetes/issues/49386
xref: https://github.com/kubernetes/kubernetes/pull/49393
```
NONE
```
/cc @kubernetes/sig-scalability-pr-reviews @kubernetes/sig-api-machinery-misc @hongchaodeng @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 47357, 49514, 49271, 49572, 49476)
set default adminid for rbd deleter if unset
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49225
**Special notes for your reviewer**:
/cc @BastiPaeltz @sjenning
**Release note**:
```release-note
set default adminid for rbd deleter if unset
```
Automatic merge from submit-queue (batch tested with PRs 47357, 49514, 49271, 49572, 49476)
Using only the exit code to decide when to fall back on logs
We expect the exit code to be non-zero if the the container process was
OOM killed. Remove the check that uses the "Reason" field.
supereagle