Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Auto-calculate CLUSTER_IP_RANGE based on cluster size
In preparation for eliminating CLUSTER_IP_RANGE env var from job configs, making it less error prone while folks try to start their own large cluster tests (https://github.com/kubernetes/kubernetes/issues/50907).
/cc @kubernetes/sig-scalability-misc @wojtek-t @gmarek
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Set GCE_ALPHA_FEATURES environment variable in gce.conf
This allows us to gate alpha features in the pkg/cloudprovider/providers/gce.
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Delete load balancers if the UIDs for services don't match.
An attempt to fix https://github.com/kubernetes/kubernetes/issues/43730
@thockin @djsly
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Show events when describing service accounts
**What this PR does / why we need it**:
Any events associated with service accounts should appear in the describe output.
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
Show events when describing service accounts
```
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates iSCSI volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
Changing Flexvolume plugin directory to a location reachable by containerized k8s components.
**What this PR does / why we need it**: Testing Flexvolume requires plugins to be installed at a location which is accessible by containerized k8s components (such as controller-manager).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51123
```release-note
NONE
```
/assign @wongma7 @msau42
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
Add statefulset upgrade tests to cluster_upgrade
**What this PR does / why we need it**:
Adds already created statefulset upgrade tests to cluster_upgrade.go. With further test infra changes, this will allow them to be continuously run, giving better signals.
Detect and prevent issues like https://github.com/kubernetes/kubernetes/issues/48327
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
implement proposal 34058: hostPath volume type
**What this PR does / why we need it**:
implement proposal #34058
**Which issue this PR fixes** : fixes#46549
**Special notes for your reviewer**:
cc @thockin @luxas @euank PTAL
- Adds AddAliasToInstance() to the GCE cloud provider.
- Adds field "secondary-range-name" to the gce.conf configuration file.
```release-note
NONE
```
Automatic merge from submit-queue
quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates ~~nfs~~ quobyte volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Support HostAlias for HostNetwork Pods
**What this PR does / why we need it**: Currently, HostAlias does not support HostNetwork pods because historically, kubelet only manages hosts file for non-HostNetwork pods. With the recent change in https://github.com/kubernetes/kubernetes/pull/49140, kubelet now manages hosts file for all Pods, which enables HostAlias support also.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48398
**Special notes for your reviewer**: might be easier to review commit-by-commit
**Release note**:
```release-note
HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods.
```
@yujuhong @hongchaodeng @thockin
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Run multiarch/qemu-user-static:register before building cross-arch images
**What this PR does / why we need it**: #48365 inadvertently broke building non-x86 hyperkube images for developers who'd not built non-x86 images before and thus hadn't yet run `multiarch/qemu-user-static:register`. This PR restores that step.
**Release note**:
```release-note
NONE
```
/assign @david-mcmahon @mbohlool @luxas
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fixed code comments that were not updated
**What this PR does / why we need it**:
The comment of the args ‘KubeReserved’ is out of date and there is no consistent with command line messages
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
update to rbac v1 in yaml file
**What this PR does / why we need it**:
ref to https://github.com/kubernetes/kubernetes/pull/49642
ref https://github.com/kubernetes/features/issues/2
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Add ephemeral local storage resource name first
Since finally decided the ephemeral local storage resource name, send this PR to add the resource name first, and then i will rebase all my PRs about local storage isolation
**Special notes for your reviewer**:
related to: #50818
**Release note**:
```release-note
NONE
```
/assign @jingxu97
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fix the method name of BuiltInAuthenticationOptions.WithAnyonymous
change the BuiltInAuthenticationOptions.WithAnyonymous to
WithAnonymous would be better.
**What this PR does / why we need it**:
The BuiltInAuthenticationOptions.WithAnyonymous method name should be a meaningful name of WithAnonymous
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Library updates to better support removing kubectl deps on kubernetes/kubernetes
**What this PR does / why we need it**:
**Which issue this PR fixes**: kubernetes/kubectl#50
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Replace validateGlusterfs() with validateGlusterfsVolumeSource() for consistency.
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
apiextensions: update CRD strategy
This PR adds the following changes:
1. Clear the status of the CRD and set the Generation before creation.
2. While updating the CRD:
- ignore changes on status.
- increase Generation if spec changes.
3. Don't update objectmeta (except finalizers) when status is updated.
**Release note**:
```release-note
CRDs support metadata.generation and implement spec/status split
```
/cc @sttts @deads2k
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Use `select` to disable building static binaries if `--cpu=darwin`.
This change allows kubectl to be built on MacOS machines using
`bazel build //cmd/kubectl`.
Mac OS X doesn't support static binaries because it does not have a
stable syscall API. Userspace binaries are expected to dynamically
link against libcrt instead.
https://developer.apple.com/library/content/qa/qa1118/_index.html
```release-note
None
```
Automatic merge from submit-queue
Skip "Simple pod should support exec through kubectl proxy" test
As reported in https://github.com/kubernetes/kubernetes/issues/50466,
this test doesn't work in GKE because it uses a bearer token and the feature only works with client certs.
As the feature that is broken in GKE is new and didn't work before, it
is safe to juste ignore the test and consider the feature as "still not
working" in GKE.
**What this PR does / why we need it**: Fixes the broken test in https://k8s-testgrid.appspot.com/release-master-blocking#gke
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: works-around #50466
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
cloudprovider/openstack bug fix: don't try to append pool id if pool doesn't exist
**What this PR does / why we need it**:
This fixes a bug in the OpenStack cloud provider that could cause a panic.
Consider what will happen in the current `LbaasV2.EnsureLoadBalancerDeleted` code if `nil, ErrNotFound` is returned by `getPoolByListenerID`.
When operating e2e test, hack/e2e.go process creates kubetest process.
To kill the kubetest process when stop e2e test with Ctrl-C, we need
to send the signal to the process because it also creates another
process and it needs to kill it.
This PR adds the signal handler on hack/e2e.go to kill the kubetest
process.
NOTE: https://github.com/kubernetes/test-infra/pull/4154 is the part
of kubetest.
solve #43051
The test used to scale the StatefulSet down to 0, wait for ListPods to
return 0 matching Pods, and then scale the StatefulSet back up.
This was prone to a race in which StatefulSet was told to scale back up
before it had observed its own deletion of the last Pod, as evidenced by
logs showing the creation of Pod ss-1 prior to the creation of the
replacement Pod ss-0.
We now wait for the controller to observe all deletions before
scaling it back up. This should fix flakes of the form:
```
Too many pods scheduled, expected 1 got 2
```
Automatic merge from submit-queue
Add liggitt as an API approver.
@liggitt has been on the project since 2014, was a key participant of the evolution of the v1beta3 and v1 APIs, has performed many API reviews, has helped to develop the API conventions (most recently with the added guidance regarding alpha fields), and has demonstrated attention to detail and good taste. His efforts have helped keep the API sane and consistent.
Also note that bgrant0607 is an approver, but shouldn't be auto-assigned.
cc @kubernetes/api-approvers
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Allow attach of volumes to multiple nodes for vSphere
This is a fix for issue #50944 which doesn't allow a volume to be attached to a new node after the node is powered off where the volume was previously attached.
Current behaviour:
One of the cluster worker nodes was powered off in vCenter.
Pods running on this node have been rescheduled on different nodes but got stuck in ContainerCreating. It failed to attach the volume on the new node with error "Multi-Attach error for volume pvc-xxx, Volume is already exclusively attached to one node and can't be attached to another" and hence the application running in the pod has no data available because the volume is not attached to the new node. Since the volume is still attached to powered off node, any attempt to attach the volume on the new node failed with error "Multi-Attach error". It's stuck for 6 minutes until attach/detach controller forcefully tried to detach the volume on the powered off node. After the end of 6 minutes when volume is detached on powered off node, the volume is now successfully attached on the new node and application has now the data available.
What is expected to happen:
I would want the attach/detach controller to go ahead with the attach of the volume on new node where the pod got provisioned instead of waiting for the volume to be detached on the powered off node. It is ok to eventually delete the volume on the powered off node after 6 minutes. This way the application downtime is low and pods are up as soon as possible.
The current fix ignore, vSphere volumes/persistent volume to check for multi-attach scenario in attach/detach controller.
@jingxu97 @saad-ali : Can you please take a look at it.
@tusharnt @divyenpatel @rohitjogvmw @luomiao
```release-note
Allow attach of volumes to multiple nodes for vSphere
```
References in the openapi are currently completely hidden from the
model, and just passed through as we walk the tree. The problem is that
they can have a different description and more importantly, different
extensions.
Change them to be first-class citizen, and fully part of the model. It
means that visitors have to implement one more function and decide if
something specific should be done with references. Validation is updated
to just completely ignore them and passthrough (like it was done
before).
This change renames the `--experimental-bootstrap-token-auth` flag to `--enable-bootstrap-token-auth`. The old flag is accepted but generates a warning.
In 1.9, we will drop support for `--experimental-bootstrap-token-auth` entirely.
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Fix comment and typos in node_controller
**What this PR does / why we need it**:
1. fix comment to more accurately
2. fix typos
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
update to rbac v1 in bootstrappolicy test
xref https://github.com/kubernetes/features/issues/2
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @liggitt
**Release note**:
```release-note
NONE
```
Di Xu