Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
bazel: build/test almost everything
**What this PR does / why we need it**: Miscellaneous cleanups and bug fixes. The main motivating idea here was to make `bazel build //...` and `bazel test //...` mostly work. (There's a few reasons these still don't work, but we're a lot closer.)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 51929, 52015, 51906, 52069, 51542). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Add example pods to demonstrate CPU manager.
**What this PR does / why we need it**:
Adds example pods and README for the CPU manager static policy which is a new feature in Kubernetes v1.8.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Paramaterize `stickyMaxAgeMinutes` for service in API
**What this PR does / why we need it**:
Currently I find `stickyMaxAgeMinutes` for a session affinity type service is hard code to 180min. There is a TODO comment, see
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L205
I think the seesion sticky max time varies from service to service and users may not aware of it since it's hard coded in all proxier.go - iptables, userspace and winuserspace.
Once we parameterize it in API, users can set/get the values for their different services.
Perhaps, we can introduce a new field `api.ClientIPAffinityConfig` in `api.ServiceSpec`.
There is an initial discussion about it in sig-network group. See,
https://groups.google.com/forum/#!topic/kubernetes-sig-network/i-LkeHrjs80
**Which issue this PR fixes**:
fixes#49831
**Special notes for your reviewer**:
**Release note**:
```release-note
Paramaterize session affinity timeout seconds in service API for Client IP based session affinity.
```
Automatic merge from submit-queue (batch tested with PRs 51038, 50063, 51257, 47171, 51143)
update related manifest files to use hostpath type
**What this PR does / why we need it**:
Per [discussion in #46597](https://github.com/kubernetes/kubernetes/pull/46597#pullrequestreview-53568947)
Dependes on #46597
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes: https://github.com/kubernetes/kubeadm/issues/298
**Special notes for your reviewer**:
/cc @euank @thockin @tallclair @Random-Liu
**Release note**:
```release-note
None
```
Automatic merge from submit-queue
Reduce one time url redirection
Reduce one time url direction
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #https://github.com/kubernetes/kubernetes/issues/50954
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Copy of previous newrelic example, then modified to use the new agent
"newrelic-infra" instead of "nrsysmond".
Also maps all of host node's root fs into /host in the container (ro,
but still exposes underlying node info into a container).
Updates to README
Automatic merge from submit-queue
examples/volumes/flexvolume/nfs: check for jq and simplify quoting
**What this PR does / why we need it**:
This PR improves error reporting of the nfs flex plugin script. Before it output non-JSON error, when `jq` wasn't installed on the server:
```
$ /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs getvolumename test
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs: line 87: jq: command not found
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs: line 88: jq: command not found
{"status": "Success", "volumeName": "/"}
```
K8s fails to unmarshal such output to show an error in the logs:
>E0606 19:32:30.196262 25700 driver-call.go:212] Failed to unmarshal output for command: getvolumename, output: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: line 87: jq: command not found\n/usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s\~nfs/nfs: line 88: jq: command not found\n{\"status\": \"Success\", \"volumeName\": \"/\"}", error: invalid character '/' looking for beginning of value
After this change:
```sh
$ /usr/libexec/kubernetes/kubelet-plugins/volume/exec/k8s~nfs/nfs getvolumename test
{ "status": "Failure", "message": "'jq' binary not found. Please install jq package before using this driver"}
```
and
> E0606 19:52:07.915594 25700 driver-call.go:219] getvolumename command failed, status: Failure, reason: 'jq' binary not found. Please install jq package before using this driver
Also this PR improves quoting a bit by using single quotes where it possible.
**Release note**:
```release-note
NONE
```
CC @mfojtik
Automatic merge from submit-queue
Correct the comment in PSP examples.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue
Update docs for user-guide
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48264, 48324, 48125, 47944, 47489)
Remove duplicated line from ceph-secret-admin.yaml
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 48264, 48324, 48125, 47944, 47489)
Set quota for volumes
**What this PR does / why we need it**:
This PR allows users of the Quobyte Storage class to specify if automatically a Quota for the volume should be created. With a Quota a Quobyte volume can only grow in the specified size.
**Special notes for your reviewer**:
Update the Quobyte API version for the needed functionality.
Automatic merge from submit-queue
storageclass ceph add imageformat parameter
**What this PR does / why we need it**:
Add a imageformat parameter for StorageClass(ceph rbd)
k8s hard coded ceph imageformat 1, according to [ceph manual](http://docs.ceph.com/docs/master/man/8/rbd/), imageformat 1 was deprecated, we should add an extra ceph parameter to set ceph rbd imageformat. Ceph rbd imageformat can only be 1 or 2, set the default value to 1.
**Release note**:
```release-note
Allow StorageClass Ceph RBD to specify image format and image features.
```
Cockroach errors out when using said command:
```shell
▶ kubectl run -it --rm cockroach-client --image=cockroachdb/cockroach --restart=Never --command -- ./cockroach sql --host cockroachdb-public
Waiting for pod default/cockroach-client to be running, status is Pending, pod ready: false
Waiting for pod default/cockroach-client to be running, status is Pending, pod ready: false
Waiting for pod default/cockroach-client to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
Error attaching, falling back to logs: unable to upgrade connection: container cockroach-client not found in pod cockroach-client_default
Error: problem using security settings, did you mean to use --insecure?: problem with CA certificate: not found
Failed running "sql"
Waiting for pod default/cockroach-client to terminate, status is Running
pod "cockroach-client" deleted
```
This PR updates the README.md to include --insecure in the client command
This switches from using v0.1 of the peer-finder image to a version that
includes https://github.com/kubernetes/contrib/pull/2013
While I'm here, switch the version of cockroachdb from 1.0 to 1.0.1
Automatic merge from submit-queue
Move hardPodAffinitySymmetricWeight to scheduler policy config
**What this PR does / why we need it**:
Move hardPodAffinitySymmetricWeight to scheduler policy config
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43845
**Special notes for your reviewer**:
If you like this, will add test later
**Release note**:
```
Move hardPodAffinitySymmetricWeight from KubeSchedulerConfiguration to scheduler Policy config
```
Automatic merge from submit-queue
fix some typo in docs[example/volumes]
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue