Automatic merge from submit-queue (batch tested with PRs 39169, 40719, 38954, 40808, 40689)
add details to patch conflict
Adds conflict details to the patch message so we can debug #39471. Seems like this may have general utility since others may also wonder what they conflicted on.
@sig-api
Automatic merge from submit-queue (batch tested with PRs 39169, 40719, 38954, 40808, 40689)
genericapiserver: cut off more dependencies – episode 5
Follow-up of https://github.com/kubernetes/kubernetes/pull/40658
Left for episode 6:
- pkg/storage/etc
- pkg/storage/etc3
- pkg/storage/storagebackend/factory
approved based on #40363
Automatic merge from submit-queue (batch tested with PRs 39169, 40719, 38954, 40808, 40689)
Add StatefulSets checks at Service level
Hi!
Please let me propose some very small e2e testsuite enhancement.
This PR removed a `TODO` about checking governing service at unit test level (which is hard) and adds this to e2e testsuite.
Thanks
Sebastian
Automatic merge from submit-queue (batch tested with PRs 39169, 40719, 38954, 40808, 40689)
Exports KUBE_TEMP for use in Vagrantfile
In #40147, the logic for setting `KUBE_TEMP` was refactored into `common.sh`. However, it was overlooked that `KUBE_TEMP` [needs to be exported for vagrant to work properly](https://github.com/kubernetes/kubernetes/pull/40147/files#diff-b19d3d93456020e2168c7f304f722969).
This PR restores the `export` so that `Vagrantfile` can use `ENV["KUBE_TEMP"]` properly.
👀 @rthallisey @shyamjvs @timothysc
Automatic merge from submit-queue
Add websocket support for port forwarding
#32880
**Release note**:
```release-note
Port forwarding can forward over websockets or SPDY.
```
Automatic merge from submit-queue
Added missing closing parens to kubectl describe node command
Closing parens was missing in the "Total limits may be over 100%" line. See below:
```
$ kubectl describe node
Name: minikube
...
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.
CPU Requests CPU Limits Memory Requests Memory Limits
...
```
```release-note
Improve kubectl describe node output by adding closing paren
```
Automatic merge from submit-queue (batch tested with PRs 37617, 40197)
dnsprovider: Add direct access to Route53 data
This methods allow us to develop advanced functionality for Route53,
before we add all the functionality to the cross-provider interface.
Use of these methods should be avoided, and adding methods to the
cross-provider interfaces should be preferred.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40828, 40821)
test/images/mount-tester-user: bump base image to 0.8
This PR bumps the base image used by `mount-tester-user` after
https://github.com/kubernetes/kubernetes/pull/40613.
Automatic merge from submit-queue
Bump GCE to container-vm-v20170201
```release-note
Bump GCE ContainerVM to container-vm-v20170201 to address CVE-2016-9962.
```
- adjust ports to int32
- CRI flows the websocket ports as query params
- Do not validate ports since the protocol is unknown
SPDY flows the ports as headers and websockets uses query params
- Only flow query params if there is at least one port query param
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
kubeadm: kube-proxy needs to know the pod subnet CIDR
**What this PR does / why we need it**: `kube-proxy` 1.5 has a new flag `cluster-cidr` that isn't specified by `kubeadm`, thus resulting in bug https://github.com/kubernetes/kubeadm/issues/102.
**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/102
**Special notes for your reviewer**:
/cc @luxas @dmmcquay
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
kubeadm: preflight check for incorrect FQDN
**What this PR does / why we need it**: There are a variety of system configuration errors (such as cloud-init bugs when deploying on AWS) which can cause hostname and uname -n to be wrong for a given host. This will cause kubeadm setup to fail in interesting and hard-to-figure-out ways (it doesn't fail until you start trying to set up DNS on the master, for example).
This PR adds a preflight check to test whether or not the server can reach itself using that name. This does not catch the case that the FQDN belongs to a different but valid server, but it would catch some of the cases.
**Which issue this PR fixes** : fixes https://github.com/kubernetes/kubeadm/issues/135
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
Add bootstrap cluster role for external pv provisioners
The set of permissions an external provisioner https://github.com/kubernetes/kubernetes/pull/30285 running as a pod will need. Technically in order to dynamically provision PVs one doesn't need to "update" PVCs or "watch" events but the controller https://github.com/kubernetes-incubator/nfs-provisioner/tree/master/controller we are recommending people use does those things to: set lock annotations on PVCs and watch `ProvisioningSucceeded`/`ProvisioningFailed` events.
Some external provisioners may need additional permissions, for example nfs-provisioner requires "get" access to Services and Endpoints when run "statefully." I think in that case we would recommend creating a new ClusterRole specific to that provisioner, using this as a base?
(This was to be a part of my redo/fix of the external e2e test https://github.com/kubernetes/kubernetes/pull/39545 but I'm submitting it as a separate PR for now due to some issues I had with running nfs-provisioner on gce.)
@kubernetes/sig-auth-misc ?
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
move api server no kube dep packages
Simple moves, see commit titles. I did not move the source of the generated swagger, I simply change the destination of the script. I'm ok building a little debt to complete the move.
@sttts
Automatic merge from submit-queue
securitycontext: move docker-specific logic into kubelet/dockertools
This change moves the code specific to docker to kubelet/dockertools,
while leaving the common utility functions at its current package
(pkg/securitycontext).
When we deprecate dockertools in the future, the code will be moved to
pkg/kubelet/dockershim instead.
Automatic merge from submit-queue
add OWNERS for client-go
client-go is the source (not a copy) for the generic client libraries we wrote. This is a copy of the OWNERS file from `pkg/client`.
Automatic merge from submit-queue (batch tested with PRs 40758, 39145, 40776)
Bumps addon-manager to v6.4-alpha.1 for supporting optional ConfigMap
From #40382. Bumps up addon-manager to use v1.6.0-alpha.1 kubectl for the optional ConfigMap feature. Below images have been pushed:
- gcr.io/google-containers/kube-addon-manager:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-amd64:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-arm:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-arm64:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-ppc64le:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-s390x:v6.4-alpha.1
@liggitt @bowei
Automatic merge from submit-queue
kubeadm: Move some code from apiclient.go to the dedicated apiconfig phase
**What this PR does / why we need it**:
Add constants and somewhat refactor the RBAC code as well + some cleanup.
I'm planning to rewrite the code in `setupmaster.go` later, but this PR has only the move of the code for easier reviewing.
**Special notes for your reviewer**:
This is broken out from: https://github.com/kubernetes/kubernetes/pull/40556
**Release note**:
```release-note
NONE
```
@mikedanese @pires @dmmcquay @dgoodwin
This commit wires-in the pre-existing `--container-runtime` flag for
local node_e2e testing.
This is needed in order to further skip docker specific testing
and validation.
Local CRI node_e2e can now be performed via
`make test-e2e-node RUNTIME=remote REMOTE=false`
which will also take care of passing the appropriate arguments to
the kubelet.
Dr. Stefan Schimanski