Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Let the `--node-name` flag flow down to `--hostname-override` for the kubelet
**What this PR does / why we need it**:
Kubeadm-initialised kubelet uses provided hostname if present
If --node-name is passed in to `kubeadm init`, `--hostname-override` will be
passed to kubelet. This prevents timeout errors for `kubeadm init`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#846
**Special notes for your reviewer**:
Depends on #64624 to work fully, but can safely merged before hand.
**Release note**:
```release-note
[action required] The `--node-name` flag for kubeadm now dictates the Node API object name the
kubelet uses for registration, in all cases but where you might use an in-tree cloud provider.
If you're not using an in-tree cloud provider, `--node-name` will set the Node API object name.
If you're using an in-tree cloud provider, you MUST make `--node-name` match the name the
in-tree cloud provider decides to use.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Volume topology aware dynamic provisioning: work based on new API
**What this PR does / why we need it**:
The PR has been split to 3 parts:
Part1: https://github.com/kubernetes/kubernetes/pull/63232 for basic scheduler and PV controller plumbing
Part2: https://github.com/kubernetes/kubernetes/pull/63233 for API change
and the PR itself includes work based on the API change:
- Dynamic provisioning allowed topologies scheduler work
- Update provisioning interface to be aware of selected node and topology
**Which issue(s) this PR fixes**
Feature: https://github.com/kubernetes/features/issues/561
Design: https://github.com/kubernetes/community/issues/2168
**Special notes for your reviewer**:
/sig storage
/sig scheduling
/assign @msau42 @jsafrane @saad-ali @bsalamat
@kubernetes/sig-storage-pr-reviews
@kubernetes/sig-scheduling-pr-reviews
**Release note**:
```release-note
Volume topology aware dynamic provisioning
```
Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove event handler to satisfy alpha tests
**What this PR does / why we need it**:
An original assumption of time out did not fix issue. The events look masked by lubelet flags so reducing test
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64578
/cc @msau42
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CoreDNS to use gcr.io repo
**What this PR does / why we need it**:
Switch CoreDNS to use the gcr.io in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
CoreDNS deployment configuration now uses k8s.gcr.io imageRepository
```
Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm for v1alpha1 configs
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR allows v1alpha1 configurations to still work when running `kubeadm init`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#884
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm lowercases all domain names passed as additional SANs
**What this PR does / why we need it**:
Some domains, like ELBs, output a domain name with uppercase letters. To
accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #[kubeadm/827](https://github.com/kubernetes/kubeadm/issues/827)
```release-note
NONE
```
This PR implements the function to return attachable volume limit based
on machineType for GCE PD. This is part of the design in kubernetes/community#2051/
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE PD plugin now prevents attaching a regional PD PV with pdName of …
…a regular PD
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63317
/sig storage
/sig gcp
/assign @msau42 @saad-ali
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
housekeeping: improved language used in ISSUE_TEMPLATE.md
**What this PR does / why we need it**:
Improves language seen/experienced by developers that raise issues on GitHub.
**Special notes for your reviewer**:
If you have better ideas - edit my PR and 🚢
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix quota sync
**What this PR does / why we need it**:
In quota sync, scope selectors were being missed to match and thus at the time of sync, incorrect usage stats were getting updated.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/priority important-soon
/sig scheduling
/sig node
/cc @resouer @derekwaynecarr @sjenning @bsalamat @timstclair @aveshagarwal @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: allow Description at root with status subresource
Allows `Description` at the root of the schema when the status subresource is enabled.
**Release note**:
I'll update the original PR, which allowed `Required`, to de-duplicate the release notes.
```release-note
NONE
```
/assign sttts
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade container-storage-interface/spec dependency to v0.3.0
Also updated golang/protobuf to v1.1.0 to satisfy hard requirement of new CSI Spec version
/sig storage
/kind enhancement
/assign @saad-ali
```release-note
Updated Container Storage Interface specification version to v0.3.0
```
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Delegate map operation to BlockVolumeMapper plugin
**What this PR does / why we need it**:
This PR refactors the volume controller's operation generator, for block mapping, to delegate core block mounting sequence to the `volume.BlockVolumeMapper` plugin instead of living in the operation generator. This is to ensure better customization of block volume logic for existing internal volume plugins.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64093
```release-note
NONE
```
/sig storage
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use default seccomp profile for GCE manifests
**What this PR does / why we need it**:
This PR sets the default seccomp profile of unprivileged addons to 'docker/default' for GCE manifests. This PR is a followup of #62662. We are using 'docker/default' instead of 'runtime/default' in addons in order to handle node version skew. When seccomp profile is applied automatically by default later, we can remove those annotations.
This is PR is part of #39845.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Drop capabilities of CoreDNS container and run in read-only
**What this PR does / why we need it**: Make the CoreDNS container more secure by dropping (root) capabilities. Improve the integrity of the of the container by running the whole container in read-only.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Same [changes](aba0245609) as in the CoreDNS deployment repository.
**Release note**:
```release-note
Kubeadm: Make CoreDNS run in read-only mode and drop all unneeded privileges
```
Some domains, like ELBs, output a domain name with uppercase letters. To
accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add exit code 1 on not allowed to kubectl auth can-i
What this PR does / why we need it:
kubectl auth can-i verb resource always returns 0 status, even if the user can't <verb> <resource>
With this commit, kubectl will return exit code 1 when a verb is not allowed. It doesn't affect quiet option.
Release note:
```release-note
Fix kubectl auth can-i exit code. It will return 1 if the user is not allowed and 0 if it's allowed.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apply global flag "context" for kubectl config view
**What this PR does / why we need it**:
`--context` is a global flag, which should be applied to `kubectl config view` as well when minifying.
Currently this command is only available for `current-context`. With this PR, it will be easier for users to view other non current contexts when minifying.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64583
**Special notes for your reviewer**:
/cc soltysh juanvallejo
**Release note**:
```release-note
apply global flag "context" for kubectl config view --minify
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic while provisioning Azure security group rules
**What this PR does / why we need it**:
kube-controller-manager panic when provisioning Azure security group rules, especially when securityGroupName is wrong configured. This PR fixes the issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64716
**Special notes for your reviewer**:
Should also cherry pick to release-1.10.
**Release note**:
```release-note
Fix kube-controller-manager panic while provisioning Azure security group rules
```
Fix kubectl -o error message:
Before this change:
```shell
kubectl get pods -o foo
error: unable to match a printer suitable for the output format "" and the options specified: &get.PrintFlags{JSONYamlPrintFlags:(*genericclioptions.JSONYamlPrintFlags)(0x23aa610), NamePrintFlags:(*genericclioptions.NamePrintFlags)(0xc42058b4e0), TemplateFlags:(*printers.KubeTemplatePrintFlags)(0xc4206765e0), CustomColumnsFlags:(*printers.CustomColumnsPrintFlags)(0xc420676620), HumanReadableFlags:(*get.HumanPrintFlags)(0xc4204eb180), NoHeaders:(*bool)(0xc4206fefbc), OutputFormat:(*string)(0xc42058b4d0)}
```
After this change:
```shell
Kubectl get pods -o foo
error: unable to match a printer suitable for the output format "aaa", allowed formats are: custom-columns,custom-columns-file,go-template,go-template-file,json,jsonpath,jsonpath-file,name,template,templatefile,wide,yaml
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl cp support colons-in-filename
**What this PR does / why we need it**:
This is a rebased version of #53127.
/cc @bruceauyeung
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64344, 64709, 64717, 63631, 58647). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for enforcing read only host paths in PSPs.
**What this PR does / why we need it**:
This PR adds support for the PSP to enforce that host paths are readonly.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57371
xref https://github.com/kubernetes/features/issues/5
**Special notes for your reviewer**:
**Release note**:
```release-note
PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes
```
/cc @ericchiang @liggitt
Automatic merge from submit-queue (batch tested with PRs 64344, 64709, 64717, 63631, 58647). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add gpu cluster upgrade test.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Currently running GPUMasterUpgrade test should pass with gpu nodes but running GPUClusterUpgrade test will run into https://github.com/kubernetes/kubernetes/issues/63506
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 64344, 64709, 64717, 63631, 58647). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CoreDNS pull image from gcr.io
**What this PR does / why we need it**:
CoreDNS now pulls image from gcr.io
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Cheng Xing