Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Support autoprobing subnet-id for openstack cloud provider
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Make removing nodes public for Kubemark controller
The ability to remove a specific node is needed by Cluster Autoscaler to work.
**Release note**:
```
NONE
```
This change refactors various RBAC authorizer functions to be more
flexible in their inputs. This makes it easier to reuse the various
components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Automatic merge from submit-queue (batch tested with PRs 50692, 50727)
remove leaked socket file after unit test
Before this change:
```
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
```
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
Remove packages which aren't relied on by heapster anymore.
**What this PR does / why we need it**:
Do the TODO:
```
// TODO apimachinery remove this empty package. Godep fails without this because heapster relies
// on this package. This will allow us to start splitting packages, but will force
// heapster to update on their next kube rebase.
```
These packages aren't relied on by heapster anymore. This PR removes them. This is a followup of #48410.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #48386#48410
**Special notes for your reviewer**:
/cc @deads2k
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
remove useless comments
**What this PR does / why we need it**:
remove useless comments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49103
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Move List (the type) into metav1 but preserve the exposed type
Make a list something that other components can use without depending on the core API. This does not change the public API exposure of `List` (it is still in `v1`) but makes the interface common across both.
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Fix comment of limitranges
**What this PR does / why we need it**:
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
Automatic merge from submit-queue
Use nodePortOp for allocating healthCheck nodePort
**What this PR does / why we need it**: Allocate healthCheck nodePort via nodePortOp so that we won't leak port on failure.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49999
**Special notes for your reviewer**:
/assign @xiangpengzhao @thockin
**Release note**:
```release-note
NONE
```
Before this change:
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
Automatic merge from submit-queue
Fix error message of statefulset test
**What this PR does / why we need it**:
Fix error message of statefulset test
It should be 0 replocas in the error message.
And fix typo from Falied to Failed
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50592
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50694, 50702)
Allow injection of policy in RBAC post start hook
This change allows the RBAC PostStartHook logic to be reused with different policy data when bootstrapping the cluster. Thus any changes to the bootstrap logic are separated from the policy data.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
@kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 50694, 50702)
Fix make cross build failure
**What this PR does / why we need it**:
had to fix the method getSecurityOpts in helpers_windows.go to
match the implementation in helpers_linux.go from commit:
bf01fa2f00
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#50675
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Automatic merge from submit-queue (batch tested with PRs 50198, 49051, 48432)
New kubectl command: `kubectl set service-account`
**What this PR does / why we need it**:
Adds a command to update serviceaccount of resources with pod template
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes#45147
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50198, 49051, 48432)
move KubeletConfiguration out of componentconfig API group
I'm splitting #44252 into more manageable steps. This step moves the types and updates references.
To reviewers: the most important changes are the removals from pkg/apis/componentconfig and additions to pkg/kubelet/apis/kubeletconfig. Almost everything else is an import or name update.
I have one unanswered question: Should I create a whole new api scheme for Kubelet APIs rather than register e.g. a kubeletconfig group with the default runtime.Scheme instance? This feels like the right thing, as the Kubelet should be exposing its own API, but there's a big fat warning not to do this in `pkg/api/register.go`. Can anyone answer this?
This change allows the RBAC PostStartHook logic to be reused with
different policy data when bootstrapping the cluster. Thus any
changes to the bootstrap logic are separated from the policy data.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 50023, 50639)
Correct case for starting character of option string
**What this PR does / why we need it**:
Kubectl-conventions.md states:
"Flag descriptions should start with an uppercase letter and not have a period at the end of a sentence"
There are numerous cases where this is violated in `kubectl/cmd`. This PR is the result of an audit of all source files under `kublet/cmd` and corrects the case of the initial Flag description character.
/sig cli
/kind cleanup
/kind documentation
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50626, 50683, 50679, 50684, 50460)
Specify node labels for fakeVolumeHost
**What this PR does / why we need it**:
Adds ability to set arbitrary node labels to type `fakeVolumeHost`.
Allows creation of tests of code that depends on reading node labels using `fakeVolumeHost.GetNodeLabels() `.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add Priority admission controller
**What this PR does / why we need it**: Add Priority admission controller. This admission controller checks creation and update of PriorityClasses. It also resolves a PriorityClass name of a pod to its integer value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add Priority admission controller for monitoring and resolving PriorityClasses.
```
ref/ #47604
ref/ #48646
Automatic merge from submit-queue
Remove the status of the terminated containers in the summary endpoint
Ref: https://github.com/kubernetes/kubernetes/issues/47853
- When building summary, a container is considered to be terminated if it has an older creation time and no CPU instantaneous or memory RSS usage.
- We remove the terminated containers in the summary by grouping the containers with the same name in the same pod, sorting them in each group by creation time, and skipping the oldest ones with no usage in each group. Let me know if there's simpler way.
**Release note**:
```
None
```
/assign @yujuhong
Automatic merge from submit-queue
Cleanup DaemonSet templateGeneration
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49336
**Special notes for your reviewer**:
/cc @janetkuo @foxish
~~Depends on #49071~~ (Merged)
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49842, 50649)
Add Unit Test: opaque int resource name
**What this PR does / why we need it**: https://github.com/kubernetes/kubernetes/issues/49384, adding unit tests for functions related to the prefix OpaqueIntResourceName in /pkg/api/v1helper
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
Fix Type Taint comment
**What this PR does / why we need it**:
remvoe redundant words in Type `Taint`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
/assign @k82cn
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
Revert "Remove old node role label that is not used by kubeadm"
Revert the commit that removed printing of node roles from kubectl.
It sounds like we also need to update the labels we inspect, as these were previously removed. But starting with a clean revert.
Issue #49124
```release-note
NONE
```
Automatic merge from submit-queue
Fix dropped errors in vsphere_volume
**What this PR does / why we need it**: Error variables are being assigned in the vsphere_volume tests, but their values are being ignored.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue
Typed static/mirror pod UID translation
Fixes#36031 , partially.
TODO:
- [x] Add types ResolvedPodUID and MirrorPodUID.
- [x] Use the ResolvedPodUID type with minimal changes.
- [x] Use the MirrorPodUID type with minimal changes.
- [x] Clarify whether the new types should be used anywhere else; if so make the agreed upon changes.
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 50094, 48966, 49478, 50593, 49140)
Kubelet manage hosts file for HostNetwork Pods instead of Docker
**What this PR does / why we need it**: Currently, Docker manages the hosts file for containers inside Pods using hostNetwork. It creates discrepancy between how we treat hostNetwork and non-hostNetwork Pods. Kubelet should manage the file regardless of the network setup.
**Which issue this PR fixes**: fixes#48397 more context in https://github.com/kubernetes/kubernetes/issues/43632#issuecomment-304376441
**Special notes for your reviewer**: Because the new logic relies on reading the node filesystem, I'm not sure how to write a proper unit test. I was thinking about using a node e2e test to cover the case, but suggestions are greatly welcomed.
**Release note**:
```release-note
Kubelet now manages `/etc/hosts` file for both hostNetwork Pods and non-hostNetwork Pods.
```
/kind feature
/sig node
@yujuhong @hongchaodeng @thockin
@kubernetes/sig-network-feature-requests @kubernetes/sig-node-feature-requests
Kubernetes Submit Queue