lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Automatic merge from submit-queue
Fix go-xgettext (go get) reference on translations README
The `go get` command to install `xgettext` was wrongly pointing to `tree/master`.
Automatic merge from submit-queue (batch tested with PRs 45699, 46200, 46335, 46599)
Bump CNI and etcd go base images to 1.7.6
**What this PR does / why we need it**:
Addresses #46391 for CNI and etcd images.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @luxas
Automatic merge from submit-queue (batch tested with PRs 45699, 46200, 46335, 46599)
apiextensions: add integration test for name conflicts
**What this PR does / why we need it**: Add integration test for name conflicts.
Create 2 CRDs with name conflict. The controller sets the NameConflict condition on the second one. Delete the first one. The second CRD should now get accepted.
Update:
- [x] Add integration test for name conflicts
- [x] Fix naming controller so that when a resource is deleted, other resources in the same group are added to the queue
- [x] Add integration test for self link (cluster scoped resources)
- [x] Add bigger poll interval
- [x] Fix DeleteCustomResourceDefinition poll condition
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: for #45511
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
@sttts
Automatic merge from submit-queue (batch tested with PRs 45699, 46200, 46335, 46599)
modify the initialization statement
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
* add integration test for name conflicts of CRDs
* fix naming controller so that when a resource is deleted,
other resources in the same group are added to the queue
* add integration test for self link (clusterscoped resources)
* fix minor nits
address comments
add comments and fix nits
Bigger poll interval
customResource -> crd
Fix DeleteCustomResourceDefinition condition
Automatic merge from submit-queue
Add generic NoExecute Toleration to NPD
Ref. #44445
cc @davidopp
```release-note
Add generic Toleration for NoExecute Taints to NodeProblemDetector
```
adding comments stating that returned pods should be used as read-only objects
fixing typo
avoiding unnecessary loop to copy pods listed see #46433
fixing fmt
avoiding unnecessary loop to copy pods listed see #46433
Automatic merge from submit-queue
Optimize provisioner plugin result check logic
If err is not returned by findProvisionablePlugin(...), storageClass is certainly not nil
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Let kubemark exit if it fails to start
Fix the bug: If there is sth wrong to run hollow kubelet, kubemark will just hang instead of exiting.
I came across the problem when I tried to start kubemark with no-root user.
```
I0523 15:27:39.721447 16855 docker_service.go:223] Setting cgroupDriver to cgroupfs
I0523 15:27:39.721634 16855 docker_legacy.go:151] No legacy containers found, stop performing legacy cleanup.
I0523 15:27:39.722208 16855 kubelet.go:559] Starting the GRPC server for the docker CRI shim.
I0523 15:27:39.722228 16855 docker_server.go:60] Start dockershim grpc server
I0523 15:27:39.722265 16855 server.go:819] failed to unlink socket file "/var/run/dockershim.sock": permission denied
E0523 15:27:39.722327 16855 container_manager_linux.go:98] Unable to ensure the docker processes run in the desired containers
```
Automatic merge from submit-queue
Added k82cn as one of scheduler approver.
According to the requirement of Approver at [community-membership.md](https://github.com/kubernetes/community/blob/master/community-membership.md), I meet the requirements as follow; so I'd like to add myself as an approver of scheduler.
* Reviewer of the codebase for at least 3 months
[k82cn]: [~3 months](6cc40678b6 )
* Primary reviewer for at least 10 substantial PRs to the codebase
[k82cn] Reviewed [40 PRs](https://github.com/issues?q=assignee%3Ak82cn+is%3Aclosed)
* Reviewed or merged at least 30 PRs to the codebase
[k82cn]: 71 merged PRs in kubernetes/kubernetes, and ~100 PRs in kuberentes at https://goo.gl/j2D1fR
As an approver,
* I agree to only approve familiar PRs
* I agree to be responsive to review/approve requests as per community expectations
* I agree to continue my reviewer work as per community expectations
* I agree to continue my contribution, e.g. PRs, mentor contributors
Automatic merge from submit-queue (batch tested with PRs 46407, 46457)
GCE - Refactor API for firewall and backend service creation
**What this PR does / why we need it**:
- Currently, firewall creation function actually instantiates the firewall object; this is inconsistent with the rest of GCE api calls. The API normally gets passed in an existing object.
- Necessary information for firewall creation, (`computeHostTags`,`nodeTags`,`networkURL`,`subnetworkURL`,`region`) were private to within the package. These now have public getters.
- Consumers might need to know whether the cluster is running on a cross-project network. A new `OnXPN` func will make that information available.
- Backend services for regions have been added. Global ones have been renamed to specify global.
- NamedPort management of instance groups has been changed from an `AddPortsToInstanceGroup` func (and missing complementary `Remove...`) to a single, simple `SetNamedPortsOfInstanceGroup`
- Addressed nitpick review comments of #45524
ILB needs the regional backend services and firewall refactor. The ingress controller needs the new `OnXPN` func to decide whether to create a firewall.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46407, 46457)
Remove deletecollection support from namespace object
Namespace storage accidentally picked up deletecollection support from embedding the generic store. If invoked, it skips the custom namespace `Delete()` storage method that enforces finalization, and skips the namespace lifecycle admission plugin that protects immortal namespaces from deletion.
Given the data integrity implications of skipping namespace finalization, I'd backport this as far as we're releasing patch releases.
```release-note
The namespace API object no longer supports the deletecollection operation.
```
Automatic merge from submit-queue
Move NetworkPolicy to v1
Move NetworkPolicy to v1
@kubernetes/sig-network-misc
**Release note**:
```release-note
NetworkPolicy has been moved from `extensions/v1beta1` to the new
`networking.k8s.io/v1` API group. The structure remains unchanged from
the beta1 API.
The `net.beta.kubernetes.io/network-policy` annotation on Namespaces
to opt in to isolation has been removed. Instead, isolation is now
determined at a per-pod level, with pods being isolated if there is
any NetworkPolicy whose spec.podSelector targets them. Pods that are
targeted by NetworkPolicies accept traffic that is accepted by any of
the NetworkPolicies (and nothing else), and pods that are not targeted
by any NetworkPolicy accept all traffic by default.
Action Required:
When upgrading to Kubernetes 1.7 (and a network plugin that supports
the new NetworkPolicy v1 semantics), to ensure full behavioral
compatibility with v1beta1:
1. In Namespaces that previously had the "DefaultDeny" annotation,
you can create equivalent v1 semantics by creating a
NetworkPolicy that matches all pods but does not allow any
traffic:
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: default-deny
spec:
podSelector:
This will ensure that pods that aren't match by any other
NetworkPolicy will continue to be fully-isolated, as they were
before.
2. In Namespaces that previously did not have the "DefaultDeny"
annotation, you should delete any existing NetworkPolicy
objects. These would have had no effect before, but with v1
semantics they might cause some traffic to be blocked that you
didn't intend to be blocked.
```
Automatic merge from submit-queue
Update troubleshooting link in ISSUE_TEMPLATE.md
**What this PR does / why we need it**:
Since our troubleshooting page has been moved, we should update the issue template.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
ref: #44434
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
fix some typo in docs[example/volumes]
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Protobuf generation for k8s.io/metrics
This PR introduces protobuf generation for k8s.io/metrics. Doing so required:
- fixing a bug in `go-to-protobuf` causing the `cast{key,value,type}` values to not be quoted when coming from struct tags (and not auto-injection by `go-to-protobuf` itself).
- Making sure the proto IDL in k8s.io/client-go had a package name of `k8s.io.client_go.xyz` and not `k8s.io.kubernetes.xyz`.
Additionally, I updated `go-to-protobuf` to skip functions and non-public types when composing the import list, which cuts down on the more bizarre imports in the IDL (like importing the sample API package in every IDL file because it contained `addToScheme`, like every other API package).
We use `castvalue` to force gogo-proto to realize that it should consider the value of the map which underlies `ResourceList` when calculating which imports need to be named. Otherwise, it ignores the value's type, leading to compilation errors when it later can't find an import it assumed existed. We accidentally didn't hit this in `k8s.io/kubernetes/pkg/api/v1` since another field coincidentally happens to directly use `resource.Quantity` (the value type of `ResourceList`).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Apply KubeProxyEndpointLagTimeout to ESIPP tests
Fixes#46533.
The previous construction of ESIPP tests is weird, so I redo it a bit.
A 30 seconds `KubeProxyEndpointLagTimeout` is introduced, as these tests ain't verifying performance, may be better to not make it too tight.
/assign @thockin
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
fix typo in build.sh
**What this PR does / why we need it**:
fix typo in build.sh
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
This commit regenerates the protobuf as per the recent generation
changes (removing erroneous imports, adding k8s.io/metrics), and
syncs the changes to client-go (which also ensures that client-go
protobuf IDL has the correct package names).
Automatic merge from submit-queue (batch tested with PRs 46302, 44597, 44742, 46554)
Do not install do-nothing iptables rules
Deprecate kubelet non-masquerade-cidr.
Do not install iptables rules if it is set to 0.0.0.0/0.
Fixes#46553
p0lyn0mial