Automatic merge from submit-queue
kubeadm: Fix self-hosting race condition
**What this PR does / why we need it**:
Splitted out from: https://github.com/kubernetes/kubernetes/pull/50766
Waits for the Static Pod to be deleted before proceeding with checking the API health.
Otherwise there is a race condition where we're checking the health on the static pod API server; not the self-hosted one that we expect.
Also improves the logging output and adds reasonable timeouts for the process
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
Dependency for
- https://github.com/kubernetes/kubernetes/pull/50766
- https://github.com/kubernetes/kubernetes/pull/50631
- https://github.com/kubernetes/kubernetes/pull/48899
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue
Migrate sig-apimachinery and sig-servicecatalog e2e tests
**What this PR does / why we need it**:
Migrate sig-apimachinery and sig-servicecatalog e2e tests
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Ref Umbrella issue #49161
1. Move generated_clientset.go to sig-apimachinary
2. Move podpreset.go to sig-servicecatalog by creating new directory.
**Special notes for your reviewer**:
**Release note**:
none
/cc @liggitt
Automatic merge from submit-queue
remove unused function in openstack cloud provider
**What this PR does / why we need it**:
List function not used in openstack cloud provider, and useless, I think need remove it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Don't SSH to master for metrics in case of GKE
cc @kubernetes/sig-scalability-misc @crassirostris
Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Cleanup locking in configz
**What this PR does / why we need it**:
- Reduce scope of lock in `write()` method
- Use the read lock in `write()` method
**Release note**:
```release-note
NONE
```
/kind cleanup
@mikedanese
p.s. looks like the `Set()` method could be removed if the value is accepted as an argument to `New()`. I.e. looks like to code re-sets the value.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make endpoints controller update based on semantic equality
Fixes#50828
Split from https://github.com/kubernetes/kubernetes/pull/45294 for separate review
Currently, endpoints objects containing no subsets are decoded by the go client as subsets:[] (when requested individually) or as subsets:null (when requested in a list of endpoints).
Because the endpoints controller is fed via a lister/watcher, it gets the `subsets:null` version fed to it. The subsets computation then returns an empty slice, which fails reflect.DeepEqual, which triggers a write attempt.
This PR makes the comparison use semantic.DeepEqual to avoid spurious writes.
https://github.com/kubernetes/kubernetes/pull/45294 would remove the inconsistency between lists and individual gets.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Bump repo-infra/kazel dependency
**What this PR does / why we need it**: `kazel` shouldn't be looking under skipped paths (like `_output`) for openapi files. This was fixed in https://github.com/kubernetes/repo-infra/pull/32 and now should be included here.
I've tested locally that this now ignores everything under `_output`.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make socket address parsing work on FreeBSD.
**What this PR does / why we need it**:
I am currently in the process of porting Kubernetes to work on FreeBSD. What is interesting is that I am not interested in using Kubernetes to run Docker containers in this case. I happen to be the author of CloudABI, a sandboxing framework that is available on FreeBSD (and other systems). I want to have a cluster management tool for scheduling these sandboxed processes.
Anyway, right now `kubelet` crashes on startup when passing in CRI command line flags, for the reason that it's not able to parse `unix:...` socket addresses. This change fixes this by making the respective Linux-only source file work on FreeBSD as well.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Add ReclaimPolicy field to StorageClass
fix https://github.com/kubernetes/kubernetes/issues/38192, enough people want this imo so going ahead and adding it according to initial suggested design
some considerations:
* No Recycle allowed, Retain (& Delete) only.
* Do we need to gate the field.
* E2E test where a Retain PV is dynamically provisioned is TODO if we agree we want this & this is the way to do it.
* Need a feature repo issue to track docs and stuff for 1.8
**Release note**:
```release-note
StorageClass has a new field to configure reclaim policy of dynamically provisioned PVs.
```
Automatic merge from submit-queue
add some e2e for node authz
**What this PR does / why we need it**:
fix#47174
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47174
**Special notes for your reviewer**:
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
apimachinery: Print unknown transport type
The current error message prints a pointer value rather than the actual
type, which is really not useful.
e.g.:
```
# Old:
unknown transport type: &{0xc42044a7b0 0xc4208d6dc0}
# New:
unknown transport type: *gcp.conditionalTransport
```
**What this PR does / why we need it**: Makes an error message more useful.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: related to #50775
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Update RegisterMandatoryFitPredicate to avoid double register.
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/pull/50362 , we introduced `RegisterMandatoryFitPredicate` to make some predicates always included by scheduler. This PRs is to improve it by avoiding double register: `RegisterFitPredicate` and `RegisterMandatoryFitPredicate`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50360
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Device Plugin Protobuf API
**What this PR does / why we need it:**
This implements the Device Plugin API
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
Special notes for your reviewer:
First proposal submitted to the community repo, please advise if something's not right with the format or procedure, etc.
@vishh @derekwaynecarr
**Release note:**
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50807, 50650)
Add resouer into scheduler reviewer
Nominate myself as scheduling reviewer according to https://github.com/kubernetes/community/blob/master/community-membership.md
1. Member for at least 3 months
Member of Kubernetes org since 2015
2. Primary reviewer for at least 5 PRs to the codebase
Primary reviewed in kubernetes/kubernetes repo: [71 PRs ](https://github.com/search?utf8=%E2%9C%93&q=assignee%3Aresouer+is%3Aclosed+repo%3Akubernetes%2Fkubernetes&type=)
3. Reviewed or merged at least 20 substantial PRs to the codebase:
Already have [109 PRs merged](https://cncf.biterg.io/app/kibana#/dashboard/GitHub-Pull-Requests?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-2y,mode:quick,to:now))&_a=(filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:github_issues,key:author_name,negate:!f,value:'Harry%20Zhang'),query:(match:(author_name:(query:'Harry%20Zhang',type:phrase))))),options:(darkTheme:!f),panels:!((col:1,id:github_pullrequests_main_metrics,panelIndex:1,row:1,size_x:1,size_y:4,title:PRs,type:visualization),(col:2,id:github_pullrequests_pullrequests,panelIndex:2,row:1,size_x:5,size_y:2,title:'Pull%20Requests%20Per%20Status',type:visualization),(col:10,id:github_pullrequests_repositories,panelIndex:5,row:1,size_x:3,size_y:4,title:Repositories,type:visualization),(col:1,id:github_pullrequests_submitters,panelIndex:6,row:5,size_x:6,size_y:4,title:'Pull%20Request%20Submitters',type:visualization),(col:2,id:github_pullrequests_submitters_evolutionary,panelIndex:8,row:3,size_x:5,size_y:2,title:Submitters,type:visualization),(col:7,id:github_pullrequests_organizations_author_evolutionary,panelIndex:9,row:5,size_x:6,size_y:4,title:'Pull%20Requests%20by%20Organization,%20over%20time',type:visualization),(col:7,id:github_pullrequests_organizations_author,panelIndex:10,row:1,size_x:3,size_y:4,title:'Authors%20by%20Organization',type:visualization)),query:(query_string:(analyze_wildcard:!t,query:'*')),title:'GitHub%20Pull%20Requests',uiState:(P-1:(title:PRs),P-10:(title:'Authors%20by%20Organization'),P-2:(title:'Pull%20Requests%20Per%20Status',vis:(legendOpen:!f)),P-5:(title:Repositories),P-6:(title:'Pull%20Request%20Submitters'),P-8:(title:Submitters,vis:(legendOpen:!f)),P-9:(title:'Pull%20Requests%20by%20Organization,%20over%20time')))), most of them are related to sig-scheduling and sig-node, also, main author of `ImageLocalityPriority`, [Equivalence based scheduling](https://github.com/kubernetes/kubernetes/issues/17390) etc
cc @wojtek-t @davidopp @k82cn for sponsor
Automatic merge from submit-queue
Regenerate all BUILD files in vendor/ from scratch using gazelle
**What this PR does / why we need it**: the [godep `vendor/` instructions](https://github.com/kubernetes/community/blob/master/contributors/devel/godep.md) say to `rm -rf` everything under `vendor/` and then regenerate everything after saving. `gazelle` has slightly different functionality, in that it doesn't use `default_visibility`, which results in a large unrelated diff for anyone changing deps.
This PR regenerates everything in a no-op way so that subsequent changes have a reasonable diff.
x-ref #47558
**Release note**:
```release-note
NONE
```
/assign @nicksardo
/cc @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Rerun init containers when the pod needs to be restarted
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
This fixes#36485
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
fix the typo of errorf info
**What this PR does / why we need it**:
fix the error message of stateful_pod_control_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Log name if Azure file share cannot be created
**What this PR does / why we need it**: If the Azure storage provider fails to create a file share, it logs and error message 'failed to create share in account _foo_: _error-msg_'. A user on the Slack azure-sig channel reported an error of "The specified resource name length is not within the permissible limits". This PR adds logging of the name so that this error can be diagnosed in future.
**Which issue this PR fixes**: This was raised on Slack and has not been created as a GitHub issue.
**Special notes for your reviewer**: None
**Release note**:
```release-note
Changed the error log format when creating an Azure file share to include the name of the share.
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
**What this PR does / why we need it**:
Fixes#50473
Rationale: since the scheduler handles all resources except CPU as integers, that could just be the default behavior for namespaced resources.
cc @RenaudWasTaken @vishh
**Release note**:
```release-note
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
```
Automatic merge from submit-queue
Remove kubectl's dependence on schema file in pkg/api/validation.
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl. This move revealed a "hidden" dependence
(a dependence not expressed in a BUILD or make file) from a feature
level test in /hack/make-rules on a kubectl test data file. So this
PR also adds some BUILD rules around the relevant hack targets, to make the
dependence official. A later PR will move the kubectl aspect of this "hack"
test into a kubectl test directory. Leaving it in place for now after establishing
and "official" dependency, since moving the test beyond PR scope. The
test also depends on a small sh file in //cluster, which makes no sense.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41901, 50762, 50756)
Feature-gate self-hosted secrets
**What this PR does / why we need it**:
Feature gates now select whether secrets are used for TLS cert storage in self-hosted clusters.
**Release note**:
```release-note
TLS cert storage for self-hosted clusters is now configurable. You can store them as secrets (alpha) or as usual host mounts.
```
/cc @luxas
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue
Add metric for remaining lifetime of certificates authenticating requests
fixes#50778
When incoming requests to the API server are authenticated by a certificate, the expiration of the certificate can affect the validity of the authentication. With auto rotation of certificates, which is starting with kubelet certificates, the goal is to use shorter lifetimes and let the kubelet renew the certificate as desired. Monitoring certificates which are approaching expiration and not renewing would be an early warning sign that nodes are about to stop participating in the cluster.
**Release note**:
```release-note
Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server.
```
Wojciech Tyczynski