Automatic merge from submit-queue (batch tested with PRs 60150, 65467, 65487, 65595, 65374). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add warning function that includes timestamp
Knowing when a process has terminated is helpful when looking through log files. The scenario that happened to me was that /tmp filled up, so as expected things failed. But I'd really like to know when things got bad without looking through 10G log files.
Release note:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60150, 65467, 65487, 65595, 65374). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: feature gate LSI capacity calculation
Currently if `cm.cadvisorInterface.RootFsInfo()` fails, the whole kubelet bails. If `/var/lib/kubelet` is on a tmpfs or bindmount, this can happen (this is the case for some of our CI envs https://github.com/openshift/origin/issues/19948).
We would be able to workaround this, in the short term, by disabling the LSI feature gate if the capacity calculate was protected by the gate, but currently it isn't.
This PR adds the gate check around setting the ephemeral storage capacity.
@liggitt @derekwaynecarr @dashpole
It might be a different discussion about whether or not this should be fatal. If it isn't fatal, seems that it would just prevent pods that had a ephemeral storage request from being scheduled.
/sig node
Automatic merge from submit-queue (batch tested with PRs 60150, 65467, 65487, 65595, 65374). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use lowercase hostnames for node names
**What this PR does / why we need it**:
Uppercase hostnames used in charms result in (lowercase) node name lookup errors. This happens when /etc/hostname contains uppercase characters and gethostname or getfqdn return those characters.
**Special notes for your reviewer**:
Discovered in a field deployment where hostnames are all uppercase.
**Release note**:
```release-note
Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm.
```
Automatic merge from submit-queue (batch tested with PRs 60150, 65467, 65487, 65595, 65374). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pick the first extension matched
**What this PR does / why we need it**:
Since it's possible to match only one file extension, change the ```if``` statement in order to check the condition only once.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set pod priority on kube-proxy manifest by default
**What this PR does / why we need it**:
Follow up of https://github.com/kubernetes/kubernetes/pull/59237, set pod priority on kube-proxy by default and remove the unneeded logic in startup script.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @bsalamat @bowei
cc @tanshanshan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "certs: only append locally discovered addresses when we got none from the cloudprovider"
This reverts commit 7354bbe5ac.
https://github.com/kubernetes/kubernetes/pull/61869 caused a mismatch between the requested CSR and the addresses in node status.
Instead of computing addresses in two places, the cert manager should derive its CSR request from the addresses in node status. This would enable the kubelet to react to address changes, as well as be driven by an external cloud provider.
/cc @mikedanese
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for plugin directory hierarchy
**What this PR does / why we need it**:
Add hierarchy support for plugin directory, it traverses and
watch plugin directory and its sub directory recursively.
plugin socket file only need be unique within one directory,
```
plugin socket directory
|
---->sub directory 1
| |
| -----> socket1, socket2 ...
----->sub directory 2
|
------> socket1, socket2 ...
```
the design itself allow sub directory be anything,
but in practical, each plugin type could just use one sub directory.
**Which issue(s) this PR fixes**:
Fixes#64003
**Special notes for your reviewer**:
twos bonus changes added as below
1) propose to let pluginWatcher bookkeeping registered plugins,
to make sure plugin name is unique within one plugin type.
arguably, we could let each handler do the same work, but it requires
every handler repeat the same thing.
2) extract example handler out from test, it is easier to read the code with the
seperation.
**Release note**:
```release-note
N/A
```
/sig node
/cc @vikaschoudhary16 @jiayingz @RenaudWasTaken @vishh @derekwaynecarr @saad-ali @vladimirvivien @dchen1107 @yujuhong @tallclair @Random-Liu @anfernee @akutz
Knowing when a process has terminated is helpful when looking through
log files (especially very large ones). This also refactors the terminal
coloring function to be used with custom prefix and colors.
warning_log outputs red text in the current e2e inspired format:
W0628 16:58:26]: this is a test
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: do not print feature gates for glog v=0
**What this PR does / why we need it**:
Demand verbosity level > 0 for glog Infof() calls when
setting feature gates in pkg/util/feature_gate.go.
Without this, regular calls to things like `kubeadm token generate` would also print `feature_gate.go:230] feature gates: &{map[]}`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#953
**Special notes for your reviewer**:
i doubt there is a particular reason to not use verbosity level here?
is `v=1` sufficient here?
/area apiserver
/area kubeadm
/kind cleanup
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @kubernetes/sig-api-machinery-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65361, 64527). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add attachable pvc in use metrics
This metric reports number of PVCs that are in-use in Kubernetes with plugin and node name as dimensions.
This allows us to figure out, how many PVCs each node is using. It is super helpful in figuring out attach/detach issues.
/sig storage
cc @jsafrane @tsmetana @msau42
```release-note
Add metrics for PVC in-use
```
Automatic merge from submit-queue (batch tested with PRs 65361, 64527). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix exception detection in new version of fluentd-gcp addon
**What this PR does / why we need it**:
The `detect_exceptions` plugin is used to group log entries that belong to a common exception together into one log message. A [recent change](1ca851baec/cluster/addons/fluentd-gcp/fluentd-gcp-configmap.yaml (L100)) to the configuration modified which field is used for the log message, but this change was not applied to the configuration of the `detect_exceptions` plugin, so currently no collation of exception lines is happening.
This change fixes the issue by changing the field the `detect_exceptions` plugin is using.
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed exception detection in fluentd-gcp plugin.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix K8s-Storage-Plugins repo
**What this PR does / why we need it**: Fix K8s-Storage-Plugins repo
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
/release-note-none
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Honor custom transport dialer
https://github.com/kubernetes/kubernetes/pull/60012 updated API machinery code to use context dial functions by default, but we should still fall back to honor transport.Dial if set
* SetOldTransportDefaults should not use the default http DialContext if a custom Dial method is already set
* DialerFor should prefer DialContext, but fall back to returning a custom Dial if set before returning nil
```release-note
api-machinery utility functions `SetTransportDefaults` and `DialerFor` once again respect custom Dial functions set on transports
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a nit error in log
**What this PR does / why we need it**:
fix a small error in log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set flag show-kind when getting multiple types
**What this PR does / why we need it**:
Set "--show-kind" flag if requesting multiple resource types.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65375
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve job describe and get output
For get, condense completions and success into a single column, and
print the job duration. Use a new variant of ShortHumanDuration that
shows more significant digits, since duration matters more for jobs.
```
NAME COMPLETIONS DURATION AGE
image-mirror-origin-v3.10-1529985600 1/1 47s 42m
image-mirror-origin-v3.11-1529985600 1/1 74s 42m
image-pruner-1529971200 1/1 60m 4h
```
The completions column can be:
```
COMPLETIONS
0/1 # completions nil or 1, succeeded 0
1/1 # completions nil or 1, succeeded 1
0/3 # completions 3, succeeded 1
1/3 # completions 3, succeeded 1
0/1 of 30 # parallelism of 30, completions is nil
```
Update describe to show the completion time and the duration.
```
Start Time: Mon, 25 Jun 2018 20:00:05 -0400
Completed At: Mon, 25 Jun 2018 21:00:34 -0400
Duration: 60m
```
This is more useful than the current output:
```
NAME DESIRED SUCCESSFUL AGE
image-mirror-origin-v3.10-1529982000 1 1 54m
image-mirror-origin-v3.11-1529982000 1 1 54m
image-pruner-1529971200 1 1 3h
```
```release-note
Improve the display of jobs in `kubectl get` and `kubectl describe` to emphasize progress and duration.
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revendor GCE Go Client
Revendor GCE API go client and switch to use beta neg api in gce cloud provider.
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for Linux Abstract Socket Namespace for KMS provider plugin.
**What this PR does / why we need it**:
Currently, kube-apiserver and kms-plugin interact via a Unix Domain Socket. The current implementation, assumes that such a Domain Socket is supported via a socket file, which is in turn is supported via a volume shared between kube-apiserver and kms-plugin containers.
However, Linux supports Abstract Socket Namespace, where a socket does not need to be back-up by a file. In golang, such sockets are created by prefixing a socket's name with @.
Benefits of using Linux Abstract Socket Namespace:
1. Don't need to worry about possible collisions with existing files.
2. Simpler configuration of master's manifest - no need to setup a shared volume between kube-apiserver and kms-plugin containers.
3. Don't need to remember to unlink the socket when KMS Plugin shuts down.
4. Creates a possibility to run KMS Plugin without access to file system.
This PR adds the ability to define a KMS endpoint as: unix:///@kms-provider.sock
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Print type information when unknown watch error
Got
```
E0628 00:23:07.106285 1 watch.go:274] unable to encode watch object: expected pointer, but got invalid kind
```
on a production system and had no way to debug what type was being sent.
@liggitt re: the message I sent you
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup verbose cAdvisor mocking in Kubelet unit tests
These tests had a lot of duplicate code to set up the cAdvisor mock, but weren't really depending on the mock functionality. By moving the tests to use the fake cAdvisor, most of the setup can be cleaned up.
/kind cleanup
/sig node
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
smaller fix about validate EnforceNodeAllocatable error
**What this PR does / why we need it**:
duplicate output messages about validate `EnforceNodeAllocatable` error
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Print error when APIServer fails to start
**What this PR does / why we need it**: Print apiserver logs when it fails to start.
This is copied from `update-swagger-spec.sh`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Got
```
E0628 00:23:07.106285 1 watch.go:274] unable to encode watch object: expected pointer, but got invalid kind
```
on a production system and had no way to debug what type was being sent.
Automatic merge from submit-queue (batch tested with PRs 64246, 65489, 65443). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
azure: Move configuration of resource group in storage class.
**What this PR does / why we need it**:
This moves configuration of Azure resource group into storage class. Users can't configure dynamic provisioning in PVCs, because that makes the PVC not portable to other Kubernetes installations, possibly on other clouds.
/sig storage
/assign @andyzhangx
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64246, 65489, 65443). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl convert should not double wrap output in nested lists
@kubernetes/sig-cli-maintainers
@soltysh
```release-note
kubectl convert previous created a list inside of a list. Now it is only wrapped once.
```
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Resolve potential devicePath symlink when MapVolume in containerized kubelet
**What this PR does / why we need it**: Ensures local block volumes will work in case kubelet is running in a container
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65445
**Special notes for your reviewer**: Code is mostly plumbing. If there is a better way to do it, let me know :)
I assume there will be e2e tests for the non-containerized case. I will need to test the containerized case myself, which may take a while.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure disk creation issue when specifying external resource group
**What this PR does / why we need it**:
fix azure disk creation issue when specifying external resource group, after azure disk creation succeeded, it fails to get azure disk state since it's still using original resource group
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65515
**Special notes for your reviewer**:
Together with https://github.com/kubernetes/kubernetes/pull/65443, this feature has been done, I will cherry-pick to prior versions later.
So in the end, we have two ways to make azure disk dynamic provision under an external resource group
- specify `resourcegroup` parameter in azure disk storage class
```
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: hdd
provisioner: kubernetes.io/azure-disk
parameters:
skuname: Standard_LRS
kind: managed
cachingmode: None
resourcegroup: USER-SPECIFIED-RG
```
- specify `volume.beta.kubernetes.io/resource-group` in PVC annotations
```
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-azuredisk
annotations:
volume.beta.kubernetes.io/resource-group: "USER-SPECIFIED-RG"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hdd
```
**Release note**:
```
fix azure disk issue when specifying external resource group
```
/kind bug
/sig azure
@jsafrane @rootfs
Just FYI @khenidak @brendandburns @feiskyer
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] update NEGAnnotation
**What this PR does / why we need it**:
Updates the NEG annotation in a few more places in the e2e test for Ingress.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add limit to the TokenRequest expiration time
**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63575
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Cao Shufeng