Automatic merge from submit-queue (batch tested with PRs 50208, 50259, 49702, 50267, 48986)
Relax restrictions on environment variable names.
Fixes#2707
The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. (Reference [here](http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html), my prose reasoning [here](https://github.com/kubernetes/kubernetes/issues/2707#issuecomment-285309156).)
This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict `C_IDENTIFIERS` and start permitting lowercase, dot, and dash characters.
Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
Automatic merge from submit-queue (batch tested with PRs 50208, 50259, 49702, 50267, 48986)
fix the typo of intializing
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Ignore the available volume when calling DetachDisk
Fix#50207
If user detachs the volume by nova in openstack env, volume becomes
available. If nova instance is been deleted, nova will detach it
automatically and become available. So the "available" is fine since that means the
volume is detached from instance already.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Removed un-used InodePressure condition.
**What this PR does / why we need it**:
Removed un-used InodePressure condition; kubelet did not report it anymore, so remove it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49103
**Release note**:
```release-note
The node condition 'NodeInodePressure' was removed, as kubelet did not report it.
```
1. Deprecate `.spec.rollbackTo` field in extensions/v1beta1 and
apps/v1beta1 Deployments
2. Remove the same field from apps/v1beta2 Deployment, and remove
its rollback subresource and endpoint
Automatic merge from submit-queue
StatefulSet scale subresource
**What this PR does / why we need it**: This PR implements scale subresource for StatefulSet.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46005
**Special notes for your reviewer**:
**Release note**:
```release-note
StatefulSet uses scale subresource when scaling in accord with ReplicationController, ReplicaSet, and Deployment implementations.
```
**Feature Checklist**:
- [x] Introduce Registry interface for storage purpose
- [x] Introduce `ScaleREST New(), Get() and Update()` utility functions
- [x] Create a `ScaleREST` object at `NewREST()` and return it
- [x] Enable scale subresource by adding `/scale` field to the storage map
**Testing Checklist**:
- Unit testing
- [x] Modify `newStorage()` to call `NewStorage()`, and change all unit tests accordingly
- [x] Add unit tests for `ScaleREST Get() and Update()` utility functions
- [x] Add missing unit test for `ShortNames`
- Manual testing
- [x] Verify existence of the subresource using `kubectl proxy` command
- [x] Modify the subresource using `curl` via `POST`
- e2e testing
- [x] Add e2e tests using `RESTClient`
Automatic merge from submit-queue (batch tested with PRs 49524, 46760, 50206, 50166, 49603)
Fix errorf for get test
**What this PR does / why we need it**:
If the error messages do not use format, use t.Error() will be fine.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49524, 46760, 50206, 50166, 49603)
[OpenStack] Add more detail error message
I get same simple error messages "Unable to initialize cinder client
for region: RegionOne" from controller-manager, but I can not find the
reason. We should add more detail message "err" into glog.Errorf.
Currently NewBlockStorageV2() return err when failed to get cinder endpoint, but there is no code to output the message of err.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49524, 46760, 50206, 50166, 49603)
fix parse pairs
**What this PR does / why we need it**:
add check to `-`
```
# kubectl label pod foo -
error: at least one label update is required
See 'kubectl label -h' for help and examples.
```
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49524, 46760, 50206, 50166, 49603)
Handled taints on node in batch.
**What this PR does / why we need it**:
Enhanced helpers to handled taints on node in batch.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49522
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49885, 49751, 49441, 49952, 49945)
There is no need to split service key repeatedly
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49885, 49751, 49441, 49952, 49945)
Fix error format and info for get_test.go
**What this PR does / why we need it**:
Fix error format and info for get_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49885, 49751, 49441, 49952, 49945)
Ignore UDP metrics in kubelet
Updating cadvisor godeps to 0.26.0 for the 1.7 release (#46658) added udp metrics. However, they were not disabled in the kubelet.
This PR disables collection of UDP metrics in the kubelet.
This should be cherrypicked to the 1.7 branch.
cc @dchen1107
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
AttachDisk should not call detach inside of Cinder volume provider
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
convert default predicates to use the default
Builds on https://github.com/kubernetes/kubernetes/pull/50019 (lgtm'd already)
This converts the already default field selectors to use the default value. I'll let CI point out the unit test failures for me to chase.
@kubernetes/sig-api-machinery-misc
This is needed for cluster autoscaler e2e test to
run on kubemark. We need the ability to add and
remove nodes and operate on nodegroups. Kubemark
does not provide this at the moment.
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)
add fieldSelector podIP
**What this PR does / why we need it**:
Currently the `fieldSelector` for `Pod` only support `metadata.name`, `metadata.namespace`, `spec.nodeName`, `spec.restartPolicy` and `status.phase`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50075
**Special notes for your reviewer**:
/cc @wojtek-t @caesarxuchao @justinsb @LiliC
**Release note**:
```release-note
add fieldSelector podIP
```
Automatic merge from submit-queue
fix typo in replenishment_controller.go
**What this PR does / why we need it**:
fix typo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #N/A
**Release note**:
```release-note
None
```
If use detachs the volume by nova in openstack env, volume becomes
available. If nova instance is been deleted, nova will detach it
automatically. So the "available" is fine since that means the
volume is detached from instance already.
Automatic merge from submit-queue (batch tested with PRs 49370, 49481)
continue Fix error format and info for get_test.go
**What this PR does / why we need it**:
continue fix the error info
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49441
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
Automatic merge from submit-queue (batch tested with PRs 49370, 49481)
client-gen: stop embedding of GroupVersion client intfs
It is undefined (or at least uncontrollable) which methods of the clientset apigroup
interfaces are actually inherited. Moreover, there might be nameconflicts between the
accessors and inherited methods. This PR removes the embedding to make it unambiguous.
```release-note
Enforce explicit references to API group client interfaces in clientsets to avoid ambiguity.
```
Automatic merge from submit-queue
Delete unuse err check
**What this PR does / why we need it**:
err has fatal, this err check can't execute.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
thank you ~
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix a bug that --flag=val causes completion error in zsh
**What this PR does / why we need it**:
This PR fixes a bug that flag of syntax like --flag=val causes completion error in zsh.
```
kubectl --namespace=foo g__handle_flag:25: bad math expression: operand expected at end of string
```
This problem is due to [dynamic scope](https://en.wikipedia.org/wiki/Scope_(computer_science)#Dynamic_scoping) of shell variables. If a variable is declared as local to a function, that scope remains until the function returns.
In kubectl completion zsh, `declare -A flaghash` in __start_kubectl() is replaced with `__kubectl_declare -A flaghash` by __kubectl_convert_bash_to_zsh(). As a result of it, flaghash is declared in __kubectl_declare(), and it can not access to flaghash declared in __kubectl_declare() from __handle_flag(). Therefore an error occurs in __handle_flag().
The following is the minimum reproduction code.
```sh
#!/usr/bin/env zsh
set -e
__kubectl_declare() {
builtin declare "$@"
}
__handle_flag() {
local flagname="--namespace="
local flagval="kube-system"
flaghash[${flagname}]=${flagval}
echo "flaghash[${flagname}]=${flaghash[${flagname}]}"
}
__handle_word() {
__handle_flag
}
__start_kubectl() {
__kubectl_declare -A flaghash
__handle_word
}
__start_kubectl
#
# $ zsh reproduction.zsh
# __handle_flag:4: bad math expression: operand expected at end of string
#
# __start_kubectl {
#
# __kubectl_declare {
#
# builtin declare -A flaghash
#
# }
#
# __handle_word {
#
# __handle_flag {
#
# # It is unable to access flaghash declared in __kubectl_declare from here
# flaghash[${flagname}]=${flagval}
#
# }
#
# }
# }
```
The following is the fixed code.
```sh
#!/usr/bin/env zsh
set -e
__handle_flag() {
local flagname="--namespace="
local flagval="kube-system"
flaghash[${flagname}]=${flagval}
echo "flaghash[${flagname}]=${flaghash[${flagname}]}"
}
__handle_word() {
__handle_flag
}
__start_kubectl() {
builtin declare -A flaghash
__handle_word
}
__start_kubectl
#
# $ zsh fixed.zsh
# flaghash[--namespace=]=kube-system
#
# __start_kubectl {
#
# builtin declare -A flaghash
#
# __handle_word {
#
# __handle_flag {
#
# # It is able to access flaghash declared in __start_kubectl from here :)
# flaghash[${flagname}]=${flagval}
#
# }
#
# }
# }
```
https://gist.github.com/superbrothers/0ede4292f6d973f93e54368e227a4902
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixeskubernetes/kubectl#42
**Special notes for your reviewer**:
@mengqiy
**Release note**:
```release-note
NONE
```
I get same simple error messages "Unable to initialize cinder client
for region: RegionOne" from controller-manager, but I can not find the
reason. We should add more detail message "err" into glog.Errorf.
Automatic merge from submit-queue
Display healthcheck nodeport and other fields in describe service
**What this PR does / why we need it**:
Some fields such as `HealthCheckNodePort` are not displayed currently. This PR fixes it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Update: found this when tracing #49999
**Special notes for your reviewer**:
/sig cli network
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49855, 49915)
Let controllers ignore initialization timeout when creating pods
Partially address https://github.com/kubernetes/kubernetes/issues/48893#issuecomment-318540129.
This only updates the controllers that create pods with `GenerateName`.
The controllers ignore the timeout error when creating the pods, depending on how the initialization progress:
* If the initialization is successful in less than 5 mins, the controller will observe the creation via the informer. All is good.
* If the initialization fails, server will delete the pod, but the controller won't receive any event. The controller will not create new pod until the Creation expectation expires in 5 min.
* If the initialization takes too long (> 5 mins), the Creation expectation expires and the controller will create extra pods.
I'll send follow-up PRs to fix the latter two cases, e.g., by refactoring the sharedInformer.
Automatic merge from submit-queue (batch tested with PRs 49805, 50052)
We never want to modify the globally defined SG for ELBs
**What this PR does / why we need it**:
Fixes a bug where creating or updating an ELB will modify a globally defined security group
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50105
**Special notes for your reviewer**:
**Release note**:
```release-note
fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group.
```
Automatic merge from submit-queue (batch tested with PRs 47416, 47408, 49697, 49860, 50162)
fix error message for cronjob
**What this PR does / why we need it**:
fix error message for cronjob
expected an error would be better than unexpected lack of error.
ref: https://github.com/kubernetes/kubernetes/blob/master/cmd/genutils/genutils_test.go#L33
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47416, 47408, 49697, 49860, 50162)
add possibility to use multiple floatingip pools in openstack loadbalancer
**What this PR does / why we need it**: Currently only one floating pool is supported in kubernetes openstack cloud provider. It is quite big issue for us, because we want run only single kubernetes cluster, but we want that external and internal services can be used. It means that we need possibility to create services with internal and external pools.
**Which issue this PR fixes**: fixes#49147
**Special notes for your reviewer**: service labels is not maybe correct place to define this floatingpool id. However, I did not find any better place easily. I do not want start modifying service api structure.
**Release note**:
```release-note
Add possibility to use multiple floatingip pools in openstack loadbalancer
```
Example how it works:
```
cat /etc/kubernetes/cloud-config
[Global]
auth-url=https://xxxx
username=xxxx
password=xxxx
region=yyy
tenant-id=b23efb65b1d44b5abd561511f40c565d
domain-name=foobar
[LoadBalancer]
lb-version=v2
subnet-id=aed26269-cd01-4d4e-b0d8-9ec726c4c2ba
lb-method=ROUND_ROBIN
floating-network-id=56e523e7-76cb-477f-80e4-2dc8cf32e3b4
create-monitor=yes
monitor-delay=10s
monitor-timeout=2000s
monitor-max-retries=3
```
```
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 1
template:
metadata:
labels:
run: web
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
run: web-ext
name: web-ext
namespace: default
spec:
selector:
run: web
ports:
- port: 80
name: https
protocol: TCP
targetPort: 80
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
labels:
run: web-int
floatingPool: a2a84887-4915-42bf-aaff-2b76688a4ec7
name: web-int
namespace: default
spec:
selector:
run: web
ports:
- port: 80
name: https
protocol: TCP
targetPort: 80
type: LoadBalancer
```
```
% kubectl create -f example.yaml
deployment "nginx-deployment" created
service "web-ext" created
service "web-int" created
% kubectl get svc -o wide
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes 10.254.0.1 <none> 443/TCP 2m <none>
web-ext 10.254.23.153 192.168.1.57,193.xx.xxx.xxx 80:30151/TCP 52s run=web
web-int 10.254.128.141 192.168.1.58,10.222.130.80 80:32431/TCP 52s run=web
```
cc @anguslees @k8s-sig-openstack-feature-requests @dims
Automatic merge from submit-queue
simplify if and else for code
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
This PR tries to simplify the code of if and else, and this could make code a little bit cleaner.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Timeout and Max-in-flight don't report non-resource URLs correctly.
Unify error reporting for 429 and 504 to be correct for timeout and max in flight and eviction. Add better messages to eviction (removing a todo). Return the correct body content for timeouts (reason and code should be correct).
This potentially increases cardinality of 429, but because non-api urls may be under the max-inflight budget we need to report them somewhere (if something breaks and starts fetching API versions endlessly).
```release-note
The 504 timeout error was returning a JSON error body that indicated it was a 500. The body contents now correctly report a 500 error.
```
Automatic merge from submit-queue (batch tested with PRs 48487, 49009, 49862, 49843, 49700)
fix swallowed error in kubectl rolling_updater
This fixes a swallowed error in kubectl.
AddDeploymentKeyToReplicationController() is already tested, but there was an error that was not being exposed.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48487, 49009, 49862, 49843, 49700)
add label examples for kubectl run
**What this PR does / why we need it**:
Add `--labels` examples for kubectl run
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
xref #49854
**Special notes for your reviewer**:
/cc @ahmetb
**Release note**:
```release-note
add examples for kubectl run --labels
```
Automatic merge from submit-queue
go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching
**What this PR does / why we need it**: Use HTTP ETag for caching Swagger spec download
This also adds a new command-line flag "cachedir" to specify where the cache should keep its file. It defaults to `$HOME/.kube/http-cache`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
Because this adds a bunch of dependencies, and removes a couple of files, I do recommend reading each commit individually.
**Release note**:
```release-note
```
Automatic merge from submit-queue
Update OWNERS to correct members' handles
**What this PR does / why we need it**:
Fix some typos of members' handles as per https://github.com/kubernetes/kubernetes/issues/50048#issuecomment-319831957.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Associated with: #50048
**Special notes for your reviewer**:
/cc @madhusudancs @sebgoa @liggitt @saad-ali
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)
Task 0: Added node taints labels and feature flags
**What this PR does / why we need it**:
Added node taint const for node condition.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: part of #42001
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)
Move remaining cert helper functions from pkg/serviceaccount to client-go/util/cert
**What this PR does / why we need it**:
Unifies all remaining certificate helper functions from pkh/serviceaccount to client-go/util/cert. Private key functions were moved in #40907
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40807
**Special notes for your reviewer**:
**Release note**:
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)
Fail on swap enabled and deprecate experimental-fail-swap-on flag
**What this PR does / why we need it**:
* Deprecate the old experimental-fail-swap-on
* Add a new flag fail-swap-on and set it to true
Before this change, we would not fail when swap is on. With this
change we fail for everyone when swap is on, unless they explicitly
set --fail-swap-on to false.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#34726
**Special notes for your reviewer**:
**Release note**:
```release-note
Kubelet will by default fail with swap enabled from now on. The experimental flag "--experimental-fail-swap-on" has been deprecated, please set the new "--fail-swap-on" flag to false if you wish to run with /proc/swaps on.
```
Automatic merge from submit-queue
kube-gen: cut off dependencies
Only gengo is left and apimachinery/pkg/openapi. The later will go away when #48861 merges.
This is the preparation that we can use kube-gen also from apimachinery without circular dependencies.
Requires a separate transport that is guaranteed not to be HTTP/2 for
exec/attach/portforward, because otherwise the Go client attempts to
upgrade us to HTTP/2 first.
Automatic merge from submit-queue
kubelet: remove code for handling old pod/containers paths
**What this PR does / why we need it**:
This PR removes the code for handling the paths that has been deprecated for a long time.
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 46685, 49863, 50098, 50070, 50096)
Remove 0,1,3 from rand.String to avoid 'bad words'
**What this PR does / why we need it**:
Remove 0,1,3 from the runes to prevent accidental bad words profanity
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49543
**Special notes for your reviewer**:
/cc @mml @jamesawebb1 @spiffxp
**Release note**:
```release-note
Remove 0,1,3 from rand.String, to avoid 'bad words'
```
Automatic merge from submit-queue (batch tested with PRs 48237, 50084, 50019, 50069, 50090)
create default storage selection functions
The vast majority of our REST storage needs either default selection predicates or minor tweaks the the field selection criteria. This pull makes that work without any special fields set, but also allows the more complex configuration where it is required. I only changed one storage an example. Once this merges, I'll update the others.
@kubernetes/sig-api-machinery-misc @wojtek-t @smarterclayton @sttts @cheftako ptal.
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Adding IPv6 to cidr_set and cidr_set_test
**What this PR does / why we need it**:
This allows IPv6 in cidr_set
Currently cidr_set only supports IPv4. This adds IPv6 compatibility and adds
IPv6 unit tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43588
**Special notes for your reviewer**:
The IPv6 code here makes some assumptions.
The subnets should be at least /64. (maximum 64 bits of prefix)
The subnet mask size cannot be greater than 30 more than the cluster mask size.
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Do not try to run preStopHook when the gracePeriod is 0
**What this PR does / why we need it**:
1. Sometimes when the user force deletes a POD with no gracePeriod, its possible that kubelet attempts to execute the preStopHook which will certainly fail. This PR prevents this inavitable PreStopHook failure.
```
kubectl delete --force --grace-period=0 po/<pod-name>
```
2. This also adds UT for LifeCycle Hooks
```
time go test --cover -v --run "Hook" ./pkg/kubelet/kuberuntime/
.
.
.
--- PASS: TestLifeCycleHook (0.00s)
--- PASS: TestLifeCycleHook/PreStop-CMDExec (0.00s)
--- PASS: TestLifeCycleHook/PreStop-HTTPGet (0.00s)
--- PASS: TestLifeCycleHook/PreStop-NoTimeToRun (0.00s)
--- PASS: TestLifeCycleHook/PostStart-CmdExe (0.00s)
PASS
coverage: 15.3% of statements
ok k8s.io/kubernetes/pkg/kubelet/kuberuntime 0.429s
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
Do not try to run preStopHook when the gracePeriod is 0
```
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Add missing UID in SubjectAccessReviewSpec
**What this PR does / why we need it**:
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
The SubjectAccessReview API in the authorization.k8s.io API group now allows providing the user uid.
```
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
[Bug Fix] Fix updating LastHeartbeatTime for the OutOfDisk node condition.
Fixes#50058. #49841 for some (currently unknown) reason did not correctly update LastHeartbeatTime, causing OutOfDisk to be marked unknown.
I have not found the reason for this yet. This change makes the setNodeOODCondition method nearly identical to the other conditions (e.g. [setNodeMemoryPressureCondition](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kubelet_node_status.go#L741)).
I have started a cluster with this change, and all nodes have been reporting `Ready` for 25 minutes.
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
Automatic merge from submit-queue
Increase default value of apps/v1beta2 DeploymentSpec.RevisionHistoryLimit to 10
**What this PR does / why we need it**:
All controllers that use the `RevisionHistoryLimit` field have a default value of 10 for the field, except for `Deployment`, which has a default of 2. We should increase it to 10 for consistency on its default value across controllers.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49913
**Special notes for your reviewer**:
/cc @janetkuo @foxish @liyinan926
**Release note**:
```release-note
Increase default value of apps/v1beta2 DeploymentSpec.RevisionHistoryLimit to 10
```
Automatic merge from submit-queue
Fix incorrect owner in OWNERS
**What this PR does / why we need it**:
typo: yuyuhong --> yujuhong
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/50048#issuecomment-319846621
**Special notes for your reviewer**:
/assign @yujuhong
I don't know whether you can approve this PR or not in such case 😄
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Moved node condition check into Predicats.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partially fixes#42001
**Release note**:
```release-note
None
```
Automatic merge from submit-queue
Switch from package syscall to golang.org/x/sys/unix
**What this PR does / why we need it**:
The syscall package is locked down and the comment in https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 advises to switch code to use the corresponding package from golang.org/x/sys. This PR does so and replaces usage of package syscall with package golang.org/x/sys/unix where applicable. This will also allow to get updates and fixes
without having to use a new go version.
In order to get the latest functionality, golang.org/x/sys/ is re-vendored. This also allows to use Eventfd() from this package instead of calling the eventfd() C function.
**Special notes for your reviewer**:
This follows previous works in other Go projects, see e.g. moby/moby#33399, cilium/cilium#588
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
client-gen: don't ignore nil clientsets
Closes https://github.com/kubernetes/client-go/issues/240
When a clientset is nil, fail fast instead of returning a nil value as an interface.
/cc @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49916, 50050)
GCE: Fix bug by correctly cast port to string
Code is incorrectly casting a port to a string, causing the diff-expression to always return true.
**What this PR does / why we need it**:
Fixes#50049
**Special notes for your reviewer**:
/assign @MrHohn
**Release note**:
```release-note
NONE
```
if not needed here
load network ids from gophercloud api
fix to getnetworkbyname
update godeps, add networks library
fix gofmt and boilerplate
gofmt
use annotations
fix
remove enableflag
add comment to annotationvalue
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045)
Allow update to GC fields for RBAC resources
This change makes it so that no escalation check is performed when updating only the garbage collector fields (owner references and finalizers) of RBAC resources. This allows the garbage collector to delete roles that grant permissions such as "create", which it will never have.
Signed-off-by: Monis Khan <mkhan@redhat.com>
@kubernetes/sig-auth-api-reviews
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50000, 49954, 49943, 50018, 49607)
change apps/v1beta2 StatefulSet observedGeneration from a pointer to an int for consistency
**What this PR does / why we need it**:
change the StatefulSet observedGeneration from a pointer to an int for consistency
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49623
xref #49135
**Special notes for your reviewer**:
/cc @janetkuo @foxish @kow3ns
**Release note**:
```release-note
change apps/v1beta2 StatefulSet observedGeneration (optional field) from a pointer to an int for consistency
```
Automatic merge from submit-queue (batch tested with PRs 50000, 49954, 49943, 50018, 49607)
Remove extraneous white space
**What this PR does / why we need it**:
Output from command `kubectl delete --help` contains extraneous whitespace. While we are at it, paragraph in multi-paragraph section has shorter line lengths, text looks better if all paragraphs have similar line lengths.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
White space only. This PR is outward facing but so trivial I don't think it needs a release note. I'm new around here, if this assumption is incorrect please tell me. Thanks.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49237, 49656, 49980, 49841, 49899)
certificate manager: close existing client conns once cert rotates
After the kubelet rotates its client cert, it will keep connections to the API server open indefinitely, causing it to use its old credentials instead of the new certs. Because the API server authenticates client certs at the time of the request, and not the handshake, this could cause the kubelet to start hitting auth failures even if it rotated its certificate to a new, valid one.
When the kubelet rotates its cert, close down existing connections to force a new TLS handshake.
Ref https://github.com/kubernetes/features/issues/266
Updates https://github.com/kubernetes-incubator/bootkube/pull/663
```release-note
After a kubelet rotates its client cert, it now closes its connections to the API server to force a handshake using the new cert. Previously, the kubelet could keep its existing connection open, even if the cert used for that connection was expired and rejected by the API server.
```
/cc @kubernetes/sig-auth-bugs
/assign @jcbsmpsn @mikedanese
Automatic merge from submit-queue (batch tested with PRs 49237, 49656, 49980, 49841, 49899)
[Bug Fix] Set NodeOODCondition to false
fixes#49839, which was introduced by #48846
This PR makes the kubelet set NodeOODCondition to false, so that the scheduler and other controllers do not consider the node to be unschedulable.
/assign @vishh
/sig node
/release-note-none
Automatic merge from submit-queue (batch tested with PRs 49237, 49656, 49980, 49841, 49899)
GC shouldn't send empty patch
The scope of the `if` statement was wrong, causing GC to sometimes send empty patch.
Found this bug while investigating https://github.com/kubernetes/kubernetes/issues/49966.
Automatic merge from submit-queue
Log abridged set of rules at v2 in kube-proxy on error
**What this PR does / why we need it**:
this is a follow-on to https://github.com/kubernetes/kubernetes/pull/48085
**Special notes for your reviewer**:
we hit this in operations where we typically run in v2, and would like to log abridged set of output rather than full output.
**Release note**:
```release-note
NONE
```
* Deprecate the old experimental-fail-swap-on
* Add a new flag fail-swap-on and set it to true
Before this change, we would not fail when swap is on. With this
change we fail for everyone when swap is on, unless they explicitly
set --fail-swap-on to false.
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
Update generated deepcopy code
**What this PR does / why we need it**:
In generated deepcopy code, the method names in comments do not match the real method names.
**Which issue this PR fixes**: fixes#49755
**Special notes for your reviewer**:
/assign @sttts @caesarxuchao
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
Pod affinity test clean up as AffinitInAnnotation is removed.
**What this PR does / why we need it**:
These tests are already covered under "empty topologyKey" pod affinity test cases.
These test cases were added only to test the scenario when the AffinitInAnnotation
feature was disabled. Since AffinitInAnnotation is removed now, these test cases are
no longer needed as they are duplicate now.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
@kubernetes/sig-scheduling-misc @bsalamat
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
iptables_test should not run on OSX or Windows
**What this PR does / why we need it**:
Fix for failing tests. Let's just skip these on darwin and windows
platforms as iptables is not available on these.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#48509
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Have a uniform format for filenames across controllers
**What this PR does / why we need it**:
Bring in uniformity in filename format across all the controllers. Now controllers are of the format
`<controllerName>_controller.go`
From
```
./pkg/controller/node/nodecontroller.go
./pkg/controller/route/routecontroller.go
./pkg/controller/service/servicecontroller.go
./pkg/controller/cloud/nodecontroller.go
./pkg/controller/ttl/ttlcontroller.go
./pkg/controller/job/jobcontroller.go
./pkg/controller/daemon/daemoncontroller.go
```
TO
```
./pkg/controller/node/node_controller.go
./pkg/controller/route/route_controller.go
./pkg/controller/service/service_controller.go
./pkg/controller/cloud/node_controller.go
./pkg/controller/ttl/ttl_controller.go
./pkg/controller/job/job_controller.go
./pkg/controller/daemon/daemon_controller.go
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Emit event and retry when fail to start healthz server on kube-proxy
**What this PR does / why we need it**: Enhance kube-proxy's logic when fail to start healthz server.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: From #49263.
**Special notes for your reviewer**:
/assign @thockin @nicksardo @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Reintegrate aggregation support for OpenAPI
Reintegrating changes of #46734
Changes summary:
- Extracted all OpenAPI specs to new repo `kube-openapi`
- Make OpenAPI spec aggregator to copy and rename any non-requal model (even with documentation change only).
- Load specs when adding APIServices and retry on failure until successful spec retrieval or a 404.
- Assumes all Specs except aggregator's Spec are static
- A re-register of any APIService will result in updating the spec for that service (Suggestion for TPR: they should be registered to aggregator API Server, Open for discussion if any more changes needed for another PR.)
fixes#48548
Automatic merge from submit-queue (batch tested with PRs 49871, 49422, 49092, 49858, 48999)
ScaleIO Volume Plugin - Volume attribute fixes and updates
**What this PR does / why we need it**:
This is a housekeeping PR for small enhancements and fixes to the ScaleIO volume plugin to address issues:
- Enforcement of fsGroup
- Enable ScaleIO multiple-instance volume mapping
- Tighter validation of PVC parameters
- Injection of default PVC capacity when omitted
- Better alignment of PVC, PV, and volume names for dynamic provisioning
**Special notes for your reviewer**:
**Release note**:
```release-note
Enforcement of fsGroup; enable ScaleIO multiple-instance volume mapping; default PVC capacity; alignment of PVC, PV, and volume names for dynamic provisioning
```
Automatic merge from submit-queue
If error continue for loop
If err does not add continue, type conversion will be error.
If do not add continue, pod. (* V1.Pod) may cause panic to run.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49870, 49416, 49872, 49892, 49908)
fix alpha/beta endpoint when api endpoint is specified
fix a bug in alpha/beta compute API endpoint bootstraping when api-endpiont is specified.
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49870, 49416, 49872, 49892, 49908)
FC volume plugin: remove block device at DetachDisk
**What this PR does / why we need it**:
After a volume is unmounted from pod and worker node, and then PV and PVC are deleted, cluster admin or external-provisioner might delete the disk from storage, therefore block device on the node should be cleaned up beforehand.
The photon volume plugin already has same functionality.
**Which issue this PR fixes**: fixes#49392
**Special notes for your reviewer**:
/assign @rootfs
/cc @jsafrane @saad-ali
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49870, 49416, 49872, 49892, 49908)
Renamed zoneNotReadyOrUnreachableTainer to zoneNoExecuteTainer.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partially fixes#42001
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49898, 49897, 49919, 48860, 49491)
Fix usage a make(struct, len()) followed by append()
A couple of places in the code we allocate with make() but then use
append(), instead of copy() or direct assignment. This results in a
slice with len() zero elements at the front followed by the expected
data. The correct form for such usage is `make(struct, 0, len())`.
I found these by running:
```
$ git grep -EI -A7 'make\([^,]*, len\(' | grep 'append(' -B7 | grep -v vendor
```
And then manually looking through the results. I'm sure something better
could exist.
**Release note**:
```release-note
NONE
```
After the kubelet rotates its client cert, it will keep connections
to the API server open indefinitely, causing it to use its old
credentials instead of the new certs
When the kubelet rotates its cert, close down existing connections
to force a new TLS handshake.
Automatic merge from submit-queue
Validate if service has duplicate port
**What this PR does / why we need it**:
Validate if a service has duplicate Spec.Ports.Port (same number with same protocol)
xref #47221
fixes this part:
>It is possible to express a Service with multiple ports blocks with the same number. This is not very useful and may cause trouble for implementations of Services.
**Special notes for your reviewer**:
/cc @thockin @liggitt @mengqiy
@kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
NONE
```
This change makes it so that no escalation check is performed when
updating only the garbage collector fields (owner references and
finalizers) of RBAC resources. This allows the
garbage collector to delete roles that grant permissions such
as "create", which it will never have.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 46519, 49794, 49720, 49692, 49821)
[route_controller] Emit event when failed to create route
**What this PR does / why we need it**:
When route controller failed to create route for nodes, pod's networking is likely broken. We surface this situation through node condition (https://github.com/kubernetes/kubernetes/blob/v1.7.2/pkg/controller/route/routecontroller.go#L197-L231), but this might not be easily tracked when user have a large cluster with many nodes. Surface the error through event might make things more obvious.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46519, 49794, 49720, 49692, 49821)
Log attach detach controller skipping pods at higher priority
This will help us in tracking down problems related to pods
not getting added to desired state of world because of events
arriving out of order or some other problem related to that.
cc @kubernetes/sig-storage-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49284, 49555, 47639, 49526, 49724)
skip WaitForAttachAndMount for terminated pods in syncPod
Fixes https://github.com/kubernetes/kubernetes/issues/49663
I tried to tread lightly with a small localized change because this needs to be picked to 1.7 and 1.6 as well.
I suspect this has been as issue since we started unmounting volumes on pod termination https://github.com/kubernetes/kubernetes/pull/37228
xref openshift/origin#14383
@derekwaynecarr @eparis @smarterclayton @saad-ali @jwforres
/release-note-none
Automatic merge from submit-queue (batch tested with PRs 49284, 49555, 47639, 49526, 49724)
Supply Portworx StorageClass paramters in volume spec labels for server-side processing
**What this PR does / why we need it**:
This change offloads the requirement of successfully parsing all existing and new portworx volume parameters to it's server-side components. As a result, for fixing bugs in existing volume parameters parsing and adding new support, we will not need to submit a k8s PR.
**Which issue this PR fixes**: fixes#49525
**Release note**:
```release-note
Fix incorrect parsing of io_priority in Portworx volume StorageClass and add support for new paramters.
```
Automatic merge from submit-queue (batch tested with PRs 49284, 49555, 47639, 49526, 49724)
Change pod config to manifest
**What this PR does / why we need it**:
As per https://github.com/kubernetes/kubernetes/pull/46494#discussion_r119675805, change `config` to `manifest` to avoid ambiguous.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
Since it's a minor fix, there is no issue here.
/cc @mtaufen
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49284, 49555, 47639, 49526, 49724)
amend spec.PersistentVolume.Spec
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747)
Add support for `no_new_privs` via AllowPrivilegeEscalation
**What this PR does / why we need it**:
Implements kubernetes/community#639
Fixes#38417
Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`.
Adds `AllowPrivilegeEscalation` to container `SecurityContext`.
Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set.
Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity.
**Release note**:
```release-note
Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process
```
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747)
remove the redundant err define
**What this PR does / why we need it**:
some place has define err ,like
class, err := volutil.GetClassForVolume(d.plugin.host.GetKubeClient(), d.spec)
so delete the err define!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This commit introduces the following updates and fixes:
- Enable scaleIO volume multip-mapping based on accessMode
- No longer uses "default" as default values for storagepool & protection domain
- validates capacity when capacity is zero
- Better naming for PV and volume
- make mount ro when accessModes contains ROM
After a volume is unmounted from pod and worker node,
cluster admin or external-provisioner might delete
the disk from storage, therefore block device on
the node should be cleaned up beforehand.
The photon volume plugin already has same functionality.
Fixes#49392
A couple of places in the code we allocate with make() but then use
append(), instead of copy() or direct assignment. This results in a
slice with len() zero elements at the front followed by the expected
data. The correct form for such usage is `make(struct, 0, len())`.
I found these by running:
```
$ git grep -EI -A7 'make\([^,]*, len\(' | grep 'append(' -B7 | grep -v vendor
```
And then manually looking through the results. I'm sure something better
could exist.
Automatic merge from submit-queue
fix invalid issue link in api conversion
**What this PR does / why we need it**:
When working on #49336, found invalid link `https://github.com/kubernetes/kubernetextensionsssues/39865`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @janetkuo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49533, 49264)
Add test items for pdb describe
**What this PR does / why we need it**:
Add test items for pdb describe
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
ref: #49362
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49533, 49264)
rename stop.go to delete.go to avoid confusion
**What this PR does / why we need it**:
Refer to [comments](https://github.com/kubernetes/kubernetes/pull/46784#issuecomment-317582927) from @foxish and @janetkuo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
xref #46784
**Special notes for your reviewer**:
/cc @janetkuo @foxish
**Release note**:
```release-note
rename stop.go file to delete.go to avoid confusion
```
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Enable garbage collection of custom resources
Enhance the garbage collector to periodically refresh the resources it monitors (via discovery) to enable custom resource definition GC (addressing #44507 and reverting #47432).
This is a replacement for #46000.
/cc @lavalamp @deads2k @sttts @caesarxuchao
/ref https://github.com/kubernetes/kubernetes/pull/48065
```release-note
The garbage collector now supports custom APIs added via CustomeResourceDefinition or aggregated apiservers. Note that the garbage collector controller refreshes periodically, so there is a latency between when the API is added and when the garbage collector starts to manage it.
```
Automatic merge from submit-queue
Fix Reaper timeout bug
This PR is an fix to the issue [noticed](https://github.com/kubernetes/kubernetes/pull/46468#discussion_r118589512) in a previous PR.
Previous behavior was to calculate a timeout but then ignore it, using `reaper.timeout` instead.
New behavior is to use the calculated timeout for `waitForStatefulSet`, which is passed to the Scaler.
Thanks to @foxish and @apelisse for pointing me in the right direction.
**Release note**:
```release-note
NONE
```
The POSIX standard restricts environment variable names to uppercase
letters, digits, and the underscore character in shell contexts only.
For generic application usage, it is stated that all other characters
shall be tolerated.
This change relaxes the rules to some degree. Namely, we stop requiring
environment variable names to be strict C_IDENTIFIERS and start
permitting lowercase, dot, and dash characters.
Public container images using environment variable names beyond the
shell-only context can benefit from this relaxation. Elasticsearch is
one popular example.
This will help us in tracking down problems related to pods
not getting added to desired state of world because of events
arriving out of order or some other problem related to that.
Automatic merge from submit-queue
Volunteer to review Cinder related code
**What this PR does / why we need it**:
Since i am currently helping with the OpenStack cloud provider, happy
to do the same with cinder package as well as they are related.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49712, 49694, 49714, 49670, 49717)
FC volume plugin: remove unmount of global mount
**What this PR does / why we need it**:
The unmount operation for global mount should be done by reconciler.go instead of executing inside the FC Plugin since attacher/detacher for FC plugin was merged recently.
**Which issue this PR fixes** : fixes#49669
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45813, 49594, 49443, 49167, 47539)
GCE: Adding unit test for ensureStaticIP
**What this PR does / why we need it**:
Entry into unit testing GCE loadbalancer code by testing `ensureStaticIP` which had a bug in 1.7.0.
@bowei @freehan @MrHohn @dnardo @thockin, any thoughts and comments on how we could unit test LB code moving forward? I think there are many areas we can split functions into smaller ones for easier testing - firewallNeedsUpdate being an example of that. However, it seems to me that we still need to mock our GCP calls for some functions that heavily revolve around API calls. A dream goal would be to have a unit test that can call EnsureLoadBalancer. Now that we have shared resources between different services and ingresses (firewalls, instance groups, [future features]), being able to setup different scenarios without depending on E2E tests would be awesome. However, I'm not sure how reachable that goal would be.
Most importantly, let's not make things worse. If you have advice on anti-patterns to avoid, please speak up.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45813, 49594, 49443, 49167, 47539)
GCE: Update vendor of gcfg and filter config parsing errors
**What this PR does / why we need it**:
To utilize new function `FatalOnly` which filters "programmer errors"
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#49660
**Special notes for your reviewer**:
/assign @bowei
**Release note**:
```release-note
NONE
```
Enhance the garbage collector to periodically refresh the resources it
monitors (via discovery) to enable custom resource definition GC.
This implementation caches Unstructured structs for any kinds not
covered by a shared informer. The existing meta-only codec only supports
compiled types; an improved codec which supports arbitrary types could
be introduced to optimize caching to store only metadata for all
non-informer types.
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Remove default binding of system:node role to system:nodes group
part of https://github.com/kubernetes/features/issues/279
deprecation of this automatic binding announced in 1.7 in https://github.com/kubernetes/kubernetes/pull/46076
```release-note
RBAC: the `system:node` role is no longer automatically granted to the `system:nodes` group in new clusters. It is recommended that nodes be authorized using the `Node` authorization mode instead. Installations that wish to continue giving all members of the `system:nodes` group the `system:node` role (which grants broad read access, including all secrets and configmaps) must create an installation-specific `ClusterRoleBinding`.
```
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Flag support in kubectl plugins
Adds support to flags in `kubectl` plugins. Flags are declared in the plugin descriptor and are passed to plugins through env vars, similar to global flags (which already works).
Fixes https://github.com/kubernetes/kubernetes/issues/49122
**Release note**:
```release-note
Added flag support to kubectl plugins
```
PTAL @monopole @kubernetes/sig-cli-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
Adding metrics support to local volume
Adding metrics support to local volume plugin.
Fixes#49601
Automatic merge from submit-queue (batch tested with PRs 49619, 49598, 47267, 49597, 49638)
replicaset fix typo
**What this PR does / why we need it**:
reopen#47821
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
@NickrenREN
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
Use MetricsStatsFs to expose RBD volume plugin metrics.
**What this PR does / why we need it**:
We need to monitor RBD volume usage of our cluster and configure alerts if RBD volume is nearly full. Users of cluster also need to see usage history graph on Grafana.
This PR use MetricsStatsFs to implement MetricsProvider interface of RBD plugin (same as `gce_pd`), so kubelet /stat/summary can expose RBD volume stats.
**Special notes for your reviewer**:
cc @rootfs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
GCE: Remove resource Get function calls from Create functions
**What this PR does / why we need it**:
Consistency. This PR removes the GetXXX from the CreateXXX functions of the GCE cloudprovider. Consumers (specifically the ingress controller) will need to call the Get resource funcs separately when updating their vendored versions.
**Release note**:
```release-note
NONE
```
/assign @bowei
Automatic merge from submit-queue (batch tested with PRs 49081, 49318, 49219, 48989, 48486)
Better message if we dont find appropriate BlockStorage API
**What this PR does / why we need it**:
With latest devstack, v1 and v2 are DEPRECATED and v3 is marked
as CURRENT. So we fail to attach the disk, the error message is
shown when one does "kubectl describe pod" but the operator has
to dig into find the problem.
So log a better message if we can't find the appropriate version
of the API that we support with an explicit error message that
the operator can see how to fix the situation.
Note support for v3 block storage API is being added to gophercloud
and will take a bit of time before we can support it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47738, 49196, 48907, 48533, 48822)
Fix TODO: rename podInfraContainerID to sandboxID
**What this PR does / why we need it**:
Code-cleanup in kubelet to use consistent naming for sandbox ID. Not super urgent, but thought it would be nice to knock off some TODOs.
**Which issue this PR fixes**
Fixes a TODO in the code, no associated issue.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
remove dead code in rbac helper
**What this PR does / why we need it**:
validated in `case len(r.PolicyRule.NonResourceURLs) > 0:` .
**Which issue this PR fixes**: #49540
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49238, 49595, 43494, 47897, 48905)
Add apps/v1beta2.ReplicaSet
~Depends on #48746~ (merged)
~Depends on #49357~ (merged)
xref: #49135
```release-note
Add a new API object apps/v1beta2.ReplicaSet
```
Yassine TIJANI