Automatic merge from submit-queue
Fix swallowed errors in tests of photon_pd package
**What this PR does / why we need it**: Fixes swallowed errors in the tests of the photon_pd package.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 51174, 51363, 51087, 51382, 51388)
Fix swallowed error in scaleio package tests
**What this PR does / why we need it**: Fixes a dropped error in the tests of the scaleio package.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 51174, 51363, 51087, 51382, 51388)
Add InstanceExistsByProviderID to cloud provider interface for CCM
**What this PR does / why we need it**:
Currently, [`MonitorNode()`](02b520f0a4/pkg/controller/cloud/nodecontroller.go (L240)) in the node controller checks with the CCM if a node still exists by calling `ExternalID(nodeName)`. `ExternalID` is supposed to return the provider id of a node which is not supported on every cloud. This means that any clouds who cannot infer the provider id by the node name from a remote location will never remove nodes that no longer exist.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50985
**Special notes for your reviewer**:
We'll want to create a subsequent issue to track the implementation of these two new methods in the cloud providers.
**Release note**:
```release-note
Adds `InstanceExists` and `InstanceExistsByProviderID` to cloud provider interface for the cloud controller manager
```
/cc @wlan0 @thockin @andrewsykim @luxas @jhorwit2
/area cloudprovider
/sig cluster-lifecycle
Automatic merge from submit-queue
Let the quota evaluator handle mutating specs of pod & pvc
### Background
The final goal is to address https://github.com/kubernetes/kubernetes/issues/47837, which aims to allow more mutation for uninitialized objects.
To do that, we [decided](https://github.com/kubernetes/kubernetes/issues/47837#issuecomment-321462433) to let the admission controllers to handle mutation of uninitialized objects.
### Issue
#50399 attempted to fix all admission controllers so that can handle mutating uninitialized objects. It was incomplete. I didn't realize although the resourcequota admission plugin handles the update operation, the underlying evaluator didn't. This PR updated the evaluators to handle updates of uninitialized pods/pvc.
### TODO
We still miss another piece. The [quota replenish controller](https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/resourcequota/replenishment_controller.go) uses the sharedinformer, which doesn't observe the deletion of uninitialized pods at the moment. So there is a quota leak if a pod is deleted before it's initialized. It will be addressed with https://github.com/kubernetes/kubernetes/issues/48893.
Automatic merge from submit-queue
fix error message for pdb.go
**What this PR does / why we need it**:
fix error message for pdb.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Print multiple node roles, remove kubeadm-specific annotation from kubectl
related to #50010
Follow up to https://github.com/kubernetes/kubernetes/pull/50438 that removes the kubeadm-specific label, makes kubectl role-agnostic, and outputs multiple roles if present
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Dynamic Flexvolume plugin discovery, probing with filesystem watch.
**What this PR does / why we need it**: Enables dynamic Flexvolume plugin discovery. This model uses a filesystem watch (fsnotify library), which notifies the system that a probe is necessary only if something changes in the Flexvolume plugin directory.
This PR uses the dependency injection model in https://github.com/kubernetes/kubernetes/pull/49668.
**Release Note**:
```release-note
Dynamic Flexvolume plugin discovery. Flexvolume plugins can now be discovered on the fly rather than only at system initialization time.
```
/sig-storage
/assign @jsafrane @saad-ali
/cc @bassam @chakri-nelluri @kokhang @liggitt @thockin
Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173)
Refactor kuberuntime test case with sets.String
**What this PR does / why we need it**:
change to make got and want use sets.String instead, since that is both safe and more clearly shows the intent.
ref: https://github.com/kubernetes/kubernetes/pull/50554
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/51396
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
support fieldSelector spec.schedulerName
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49190
**Special notes for your reviewer**:
/assign @davidopp @bsalamat
/cc @lavalamp
**Release note**:
```release-note
add fieldSelector spec.schedulerName
```
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
Fix NoNewPrivs and also allow remote runtime to provide the support.
Fixes https://github.com/kubernetes/kubernetes/issues/51319.
This PR:
1) Let kubelet admit remote runtime for `NoNewPrivis` container runtime.
2) Fix a `NoNewPrivis` bug which checks wrong runtime type.
/cc @kubernetes/sig-node-bugs @jessfraz
Automatic merge from submit-queue (batch tested with PRs 50889, 51347, 50582, 51297, 51264)
Change eviction manager to manage one single local storage resource
**What this PR does / why we need it**:
We decided to manage one single resource name, eviction policy should be modified too.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: part of #50818
**Special notes for your reviewer**:
**Release note**:
```release-note
Change eviction manager to manage one single local ephemeral storage resource
```
/assign @jingxu97
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
fix ReadOnlyPort defaulting, CAdvisorPort documentation
The ReadOnlyPort defaulting prevented passing 0 to diable via
the KubeletConfiguraiton struct.
The HealthzPort defaulting prevented passing 0 to disable via the
KubeletConfiguration struct. The documentation also failed to mention
this, but the check is performed in code.
The CAdvisorPort documentation failed to mention that you can pass 0 to
disable.
fixes#51345
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Cloud Controller Manager now sets Node.Spec.ProviderID
**What this PR does / why we need it**:
Cloud Controller Manager now sets `Node.Spec.ProviderID`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/49836.
**Special notes for your reviewer**:
* As part of an effort to move cloud controller manager into beta https://github.com/kubernetes/kubernetes/issues/48690.
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
NodeConditionPredicates should return NodeOutOfDisk error.
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/pull/49932 , I moved node condition check into a predicates; but it return incorrect error :(.
We also need to add more cases to `TestNodeShouldRunDaemonPod` which is key function of DaemonSet.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50594
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49850, 47782, 50595, 50730, 51341)
Paramaterize `stickyMaxAgeMinutes` for service in API
**What this PR does / why we need it**:
Currently I find `stickyMaxAgeMinutes` for a session affinity type service is hard code to 180min. There is a TODO comment, see
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L205
I think the seesion sticky max time varies from service to service and users may not aware of it since it's hard coded in all proxier.go - iptables, userspace and winuserspace.
Once we parameterize it in API, users can set/get the values for their different services.
Perhaps, we can introduce a new field `api.ClientIPAffinityConfig` in `api.ServiceSpec`.
There is an initial discussion about it in sig-network group. See,
https://groups.google.com/forum/#!topic/kubernetes-sig-network/i-LkeHrjs80
**Which issue this PR fixes**:
fixes#49831
**Special notes for your reviewer**:
**Release note**:
```release-note
Paramaterize session affinity timeout seconds in service API for Client IP based session affinity.
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
handle failed mounts for fc volumes
**What this PR does / why we need it**: handles failed mounts for fc
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50502
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
Support for specifying external LoadBalancerIP on openstack
1. Support ServiceAnnotationLoadBalancerFloatingNetworkId for LB v1
2. Support for specifying external LoadBalancerIP on openstack
Add ServiceAnnotationLoadBalancerInternal annotation to distinguish
between internal LoadBalancerIP and external LoadBalancerIP.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#50851
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51235, 50819, 51274, 50972, 50504)
Clean cinder detachlogerror
**What this PR does / why we need it**:
**Which issue this PR fixes** : fixes#50441
**Special notes for your reviewer**:
**Release note**:
```release-note
```
This adds constants and validation for a new `auth-extra-groups` key on `bootstrap.kubernetes.io/token` secrets. This key allows a bootstrap token to authenticate to extra groups in addition to the `system:bootstrappers` group.
Extra groups are always applied in addition to the `system:bootstrappers` group, must begin with a `system:bootstrappers:` prefix, are limited in length, and are limited to a restricted set of characters (alphanumeric, colons, and dashes without a trailing colon/dash).
The ReadOnlyPort defaulting prevented passing 0 to diable via
the KubeletConfiguraiton struct.
The HealthzPort defaulting prevented passing 0 to disable via the
KubeletConfiguration struct. The documentation also failed to mention
this, but the check is performed in code.
The CAdvisorPort documentation failed to mention that you can pass 0 to
disable.
Automatic merge from submit-queue (batch tested with PRs 51038, 50063, 51257, 47171, 51143)
Fix validation return value
Errors returned by some validation functions may be wrong
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51256
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
GCE: Consume new config value for network project id
This PR will allow users to specify the network's project ID in gce.conf. If it's not specified, it will be filled with `ProjectID`. This means that `network-project-id` is a required field for building a cluster on a shared VPC network. However, this means the field does not need to be specified for GKE clusters on non-shared networks.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#48515
**Special notes for your reviewer**:
/assign @bowei @freehan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
StatefulSet kubectl rollout command
**What this PR does / why we need it**: This PR implements StatefulSet kubectl rollout command, covering `history`, `status`, and `undo`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49890
**Special notes for your reviewer**:
**Release note**:
```release-note
kubectl rollout `history`, `status`, and `undo` subcommands now support StatefulSets.
```
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Adding fsGroup check before mounting a volume
fsGroup check will be enforcing that if a volume has already been
mounted by one pod and another pod wants to mount it but has a different
fsGroup value, this mount operation will not be allowed.
Closes#45053
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)
Add IPBlock to Network Policy
**What this PR does / why we need it**:
Add ipBlockRule to NetworkPolicyPeer.
**Which issue this PR fixes**
fixes#49978
**Special notes for your reviewer**:
- I added this directly as a field on the existing API per guidance from API-Machinery/lazy SIG-Network consensus.
Todo:
- [ ] Documentation comments to mention this is beta, unless we want to go straight to GA
- [ ] e2e tests
**Release note**:
```
Support ipBlock in NetworkPolicy
```
Automatic merge from submit-queue (batch tested with PRs 50872, 51103, 51220, 51285, 50841)
Fix issue(#49695)kubectl set image deployment is ignoring --selector
**What this PR does / why we need it**:
closes#49695
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50872, 51103, 51220, 51285, 50841)
ScaleIO: Use VolumeHost.GetExec() to execute stuff in volume plugins
This PR updates ScaleIO volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec` + to use a fresh `mounter` for every `SetUp` / `TearDown` calls, as they may be different each time.
This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Special notes for your reviewer**:
* I needed to pass `mount.Exec` interface from the place where it is available down to `SioClient` where it's needed to execute stuff.
@kubernetes/sig-storage-pr-reviews
/assign @vladimirvivien @rootfs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46986, 51214, 51169, 50155, 51261)
Add Italian translation for kubectl
**What this PR does / why we need it:**
This PR provides first attempt to translate kubectl in Italian (related to #40645, #45573,
#45562, #40591, #46559).
**Which issue this PR fixes** _(`optional, in fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)_: fixes #
No issues
**Special notes for your reviewer:**
This PR requires Italian people to assist in the review. I'm native in Italian with BS in Computer Science.
```release-note
Adding Italian translation for kubectl
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
default field selectors
We have a lot of code around field selectors that doesn't add much value. Every gettable resources probably wants name and namespace by default and since they all use metav1 (today), we can assign that as a default. If we think we'll always have metav1 style name and namespace, then this makes a reasonable default and you can always set something different.
This removes cruft and avoids the risk of accidentally forgetting a field selector.
@kubernetes/sig-api-machinery-misc @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
add UT for pkg/apis/autoscaling/v2alpha1/defaults.go
**What this PR does / why we need it**:
add UT for pkg/apis/autoscaling/v2alpha1/defaults.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
Add AddAliasToInstance() to gce cloud provider
- Adds AddAliasToInstance() to the GCE cloud provider.
- Adds field "secondary-range-name" to the gce.conf configuration file.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51114, 51233, 51024, 51053, 51197)
rbd: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates rbd volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
RBD Plugin: Log RBD Attach/Mount/Unmout actions in addition to Detach
**What this PR does / why we need it**:
Currently, RBD Plugin can log a info message for a successful action of RBD Unmap, e.g.:
```
I0822 09:32:31.595162 15177 rbd_util.go:349] rbd: successfully unmap device /dev/rbd0
```
This PR adds logs for another three important actions: Attach, Mount and Unmount.
Logging these actions and associated info is *very* useful in diagnosing problems.
**Special notes for your reviewer**:
Example RBD Plugin logs of successful pod volume attaching and mounting:
```
I0822 09:30:27.512015 15177 rbd_util.go:148] lock list output "2017-08-22 09:30:27.493889 7fa4ae3c23c0 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.kube.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory\n"
W0822 09:30:27.547513 15177 rbd_util.go:460] rbd: no watchers on kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
I0822 09:30:27.704703 15177 rbd_util.go:315] rbd: successfully map image kube/kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71 to /dev/rbd0
I0822 09:30:27.965603 15177 rbd_util.go:322] rbd: successfully mount image kube/kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71 at /var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/kube-image-kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
```
Example RBD Plugin logs of successful pod volume detaching and unmouting:
```
I0822 09:32:31.380124 15177 rbd_util.go:334] rbd: successfully umount mountpoint /var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/kube-image-kubernetes-dynamic-pvc-83bfd49e-871c-11e7-b88e-000c291fbe71
I0822 09:32:31.459867 15177 rbd_util.go:148] lock list output "2017-08-22 09:32:31.443643 7f2bb8ab53c0 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.kube.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory\nThere is 1 exclusive lock on this image.\nLocker ID Address \nclient.64117 kubelet_lock_magic_k8s 192.168.2.128:0/4124042516 \n"
I0822 09:32:31.595162 15177 rbd_util.go:349] rbd: successfully unmap device /dev/rbd0
```
It does not add too much logs, but admins/ops can know what RBD plugin are doing internally and exact time a RBD image is mapped, mounted or unmounted (in addition to unmapped).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51244, 50559, 49770, 51194, 50901)
Fix the matching rule of instance ProviderID
Url.Parse() can't parse ProviderID which contains ':///'.
This PR use regexp to match ProviderID.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#49769
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51244, 50559, 49770, 51194, 50901)
fix status in deployment_rollback response
**What this PR does / why we need it**:
fix status in deployment_rollback response
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
#51243
Automatic merge from submit-queue (batch tested with PRs 51229, 50131, 51074, 51167, 51213)
Allow remote runtimes to pass apparmor host validation
**What this PR does / why we need it**:
Allow remote runtimes to pass apparmor host validation.
**Which issue this PR fixes** : fixes#51156
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51229, 50131, 51074, 51167, 51213)
[proxy] Clean up LocalPort related functions and structures in proxier.go
**What this PR does / why we need it**:
See, https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/iptables/proxier.go#L1694
I think RevertPorts() is independent from iptables, and would be used by other proxiers which needs to hold/close local port.
Perhaps we can move RevertPorts() from proxier.go to pkg/proxy/util package so that it can be consumed among different proxiers. And, reduce codes in proxier.go
**Which issue this PR fixes**:
fixes#51073
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50213, 50707, 49502, 51230, 50848)
Refactor CephFS PV spec
**What this PR does / why we need it**:
refactor CephFS Volume Persistent Volume Spec so CephFS PV's SecretRef allows referencing a secret from a persistent volume in any namespace. This allows locating credentials for persistent volumes in namespaces other than the one containing the PVC.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes-incubator/external-storage/issues/309
**Special notes for your reviewer**:
@kubernetes/sig-storage-api-reviews
**Release note**:
```release-note
Allow CephFS PV to specify a namespace for secret
```
Automatic merge from submit-queue (batch tested with PRs 50213, 50707, 49502, 51230, 50848)
Fix comment of cronjob utils.go
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/50951
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51224, 51191, 51158, 50669, 51222)
Change the FakeCloudAddressService to store Alpha objects internally
The change assumes the compute Alpha object is the superset of the v1
object. By storing the Alpha objects internally in the fake, we can
convert them to Beta and v1 to test different functions.
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
openapi: Change references to be first-class
**What this PR does / why we need it**:
References in the openapi are currently completely hidden from the
model, and just passed through as we walk the tree. The problem is that
they can have a different description and more importantly, different
extensions.
Change them to be first-class citizen, and fully part of the model. It
means that visitors have to implement one more function and decide if
something specific should be done with references. Validation is updated
to just completely ignore them and passthrough (like it was done
before).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
cloudprovider.Zones should support external cloud providers
**What this PR does / why we need it**:
Provides methods in cloudprovider.Zones that allows external cloud providers to set the correct zone labels to nodes. Part of https://github.com/kubernetes/kubernetes/issues/48690
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubernetes/issues/49308
**Special notes for your reviewer**:
Should help with getting ccm/external cloud providers to beta.
**Release note**:
```release-note
cloudprovider.Zones should support external cloud providers
```
cc @luxas @wlan0 @thockin
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
Add tests around TableConvert and server side printing
Also wire in more table printers
@fabianofranz
Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
Remove redundant err definition
**What this PR does / why we need it**:
Remove redundant err definition,err is defined by using "err :=" at line 107
**Release note**:
NONE
```release-note
```
Automatic merge from submit-queue
fix fuzzer for hostpath type that the path can be an empty string
**What this PR does / why we need it**:
It seems the path of `HostPath` generated by fuzzer can be an empty string. This is causing [pull-kubernetes-unit](https://k8s-gubernator.appspot.com/builds/kubernetes-jenkins/pr-logs/directory/pull-kubernetes-unit) failing.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51260
**Special notes for your reviewer**:
/assign @thockin @luxas @ixdy
**Release note**:
```release-note
None
```
fsGroup check will be enforcing that if a volume has already been
mounted by one pod and another pod wants to mount it but has a different
fsGroup value, this mount operation will not be allowed.
Automatic merge from submit-queue (batch tested with PRs 50713, 47660, 51198, 51159, 51195)
kubeapiserver: rename `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`.
#**What this PR does / why we need it**:
This change renames the API server `--experimental-bootstrap-token-auth` flag to `--enable-bootstrap-token-auth`. The old flag is accepted but generates a warning.
In 1.9, we will drop support for `--experimental-bootstrap-token-auth` entirely.
#### Example of the warning log:
```
$ kube-apiserver --experimental-bootstrap-token-auth --etcd-servers https://127.0.0.1:1234 --service-cluster-ip-range 10.0.1.0/24
Flag --experimental-bootstrap-token-auth has been deprecated, use --enable-bootstrap-token-auth instead.
[...]
```
**Which issue this PR fixes** fixes https://github.com/kubernetes/kubernetes/issues/50613
**Release note**:
```release-note
Renamed the API server flag `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`. The old value is accepted with a warning in 1.8 and will be removed in 1.9.
```
/sig cli
/sig cluster-lifecycle
cc @luxas
The change assumes the compute Alpha object is the superset of the v1
object. By storing the Alpha objects internally in the fake, we can
convert them to Beta and v1 to test different functions.
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Add an OrDie version for AddPostStartHook
Simplifies usage and consolidate the error message so it is always
the same everywhere.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Delete redundant err definition
**What this PR does / why we need it**:
Delete reduandant err definition
Line 307 has err definition and initialization.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Remove crash loop "detection" from the dynamic kubelet config feature
**What this PR does / why we need it**:
The subfeature was a cool idea, but in the end it is very complex to
separate Kubelet restarts into crash-loops caused by config vs.
crash-loops caused by other phenomena, like admin-triggered node restarts,
kernel panics, and and process babysitter behavior. Dynamic kubelet config
will be better off without the potential for false positives here.
Removing this subfeature also simplifies dynamic configuration by
reducing persistent state:
- we no longer need to track bad config in a file
- we no longer need to track kubelet startups in a file
**Which issue this PR fixes**: fixes#50216
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Delete load balancers if the UIDs for services don't match.
An attempt to fix https://github.com/kubernetes/kubernetes/issues/43730
@thockin @djsly
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
Show events when describing service accounts
**What this PR does / why we need it**:
Any events associated with service accounts should appear in the describe output.
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
Show events when describing service accounts
```
Automatic merge from submit-queue (batch tested with PRs 51108, 51035, 50539, 51160, 50947)
iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates iSCSI volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51113, 46597, 50397, 51052, 51166)
implement proposal 34058: hostPath volume type
**What this PR does / why we need it**:
implement proposal #34058
**Which issue this PR fixes** : fixes#46549
**Special notes for your reviewer**:
cc @thockin @luxas @euank PTAL
- Adds AddAliasToInstance() to the GCE cloud provider.
- Adds field "secondary-range-name" to the gce.conf configuration file.
```release-note
NONE
```
Automatic merge from submit-queue
quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates ~~nfs~~ quobyte volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Support HostAlias for HostNetwork Pods
**What this PR does / why we need it**: Currently, HostAlias does not support HostNetwork pods because historically, kubelet only manages hosts file for non-HostNetwork pods. With the recent change in https://github.com/kubernetes/kubernetes/pull/49140, kubelet now manages hosts file for all Pods, which enables HostAlias support also.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48398
**Special notes for your reviewer**: might be easier to review commit-by-commit
**Release note**:
```release-note
HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods.
```
@yujuhong @hongchaodeng @thockin
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fixed code comments that were not updated
**What this PR does / why we need it**:
The comment of the args ‘KubeReserved’ is out of date and there is no consistent with command line messages
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Add ephemeral local storage resource name first
Since finally decided the ephemeral local storage resource name, send this PR to add the resource name first, and then i will rebase all my PRs about local storage isolation
**Special notes for your reviewer**:
related to: #50818
**Release note**:
```release-note
NONE
```
/assign @jingxu97
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)
Fix the method name of BuiltInAuthenticationOptions.WithAnyonymous
change the BuiltInAuthenticationOptions.WithAnyonymous to
WithAnonymous would be better.
**What this PR does / why we need it**:
The BuiltInAuthenticationOptions.WithAnyonymous method name should be a meaningful name of WithAnonymous
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Library updates to better support removing kubectl deps on kubernetes/kubernetes
**What this PR does / why we need it**:
**Which issue this PR fixes**: kubernetes/kubectl#50
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51047, 48573, 50764, 51092, 50578)
Replace validateGlusterfs() with validateGlusterfsVolumeSource() for consistency.
Automatic merge from submit-queue
cloudprovider/openstack bug fix: don't try to append pool id if pool doesn't exist
**What this PR does / why we need it**:
This fixes a bug in the OpenStack cloud provider that could cause a panic.
Consider what will happen in the current `LbaasV2.EnsureLoadBalancerDeleted` code if `nil, ErrNotFound` is returned by `getPoolByListenerID`.
Automatic merge from submit-queue
Add liggitt as an API approver.
@liggitt has been on the project since 2014, was a key participant of the evolution of the v1beta3 and v1 APIs, has performed many API reviews, has helped to develop the API conventions (most recently with the added guidance regarding alpha fields), and has demonstrated attention to detail and good taste. His efforts have helped keep the API sane and consistent.
Also note that bgrant0607 is an approver, but shouldn't be auto-assigned.
cc @kubernetes/api-approvers
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Allow attach of volumes to multiple nodes for vSphere
This is a fix for issue #50944 which doesn't allow a volume to be attached to a new node after the node is powered off where the volume was previously attached.
Current behaviour:
One of the cluster worker nodes was powered off in vCenter.
Pods running on this node have been rescheduled on different nodes but got stuck in ContainerCreating. It failed to attach the volume on the new node with error "Multi-Attach error for volume pvc-xxx, Volume is already exclusively attached to one node and can't be attached to another" and hence the application running in the pod has no data available because the volume is not attached to the new node. Since the volume is still attached to powered off node, any attempt to attach the volume on the new node failed with error "Multi-Attach error". It's stuck for 6 minutes until attach/detach controller forcefully tried to detach the volume on the powered off node. After the end of 6 minutes when volume is detached on powered off node, the volume is now successfully attached on the new node and application has now the data available.
What is expected to happen:
I would want the attach/detach controller to go ahead with the attach of the volume on new node where the pod got provisioned instead of waiting for the volume to be detached on the powered off node. It is ok to eventually delete the volume on the powered off node after 6 minutes. This way the application downtime is low and pods are up as soon as possible.
The current fix ignore, vSphere volumes/persistent volume to check for multi-attach scenario in attach/detach controller.
@jingxu97 @saad-ali : Can you please take a look at it.
@tusharnt @divyenpatel @rohitjogvmw @luomiao
```release-note
Allow attach of volumes to multiple nodes for vSphere
```
References in the openapi are currently completely hidden from the
model, and just passed through as we walk the tree. The problem is that
they can have a different description and more importantly, different
extensions.
Change them to be first-class citizen, and fully part of the model. It
means that visitors have to implement one more function and decide if
something specific should be done with references. Validation is updated
to just completely ignore them and passthrough (like it was done
before).
This change renames the `--experimental-bootstrap-token-auth` flag to `--enable-bootstrap-token-auth`. The old flag is accepted but generates a warning.
In 1.9, we will drop support for `--experimental-bootstrap-token-auth` entirely.
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Fix comment and typos in node_controller
**What this PR does / why we need it**:
1. fix comment to more accurately
2. fix typos
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
StorageOS: Use VolumeHost.GetExec() to execute stuff in volume plugins
Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates StorageOS volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Mark the volumes as detached when node does not exist
If node does not exist, node's volumes will be detached
automatically and become available. So mark them detached and do not return err.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
#50200
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38947, 50239, 51115, 51094, 51116)
Call Fatalf instead of Errorf when mounter/unmounter is nil in volume tests
If we get a nil mounter or unmounter, a panic will occur. Should call `Fatalf` instead of `Errorf`.
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
gluster: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates GlusterFS volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
**Special notes for your reviewer**:
There are two commits:
* The first one removes unused `plugin.execCommand` (so we don't need to update it to `VolumeHost.GetExec`)
* The second one does the `VolumeHost.GetExec` trick described above.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
FlexVolume: Add ability to control 'SupportsSELinux' during driver's init phase
**What this PR does / why we need it**:
Adds the ability to disable FlexVolume SELinux relabeling for filesystems that don't support it, e.g. fuse
**Which issue this PR fixes**:
This was reported in: https://github.com/lizardfs/lizardfs/issues/581
This is a reworked solution as per feedback from #50548https://github.com/kubernetes/kubernetes/pull/50548#issuecomment-322328679
**Special notes for your reviewer**:
/assign @thockin
/cc @chakri-nelluri @verult @saad-ali
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
nfs: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates nfs volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where the utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
azure: Use VolumeHost.GetExec() to execute stuff in volume plugins
**What this PR does / why we need it**:
This PR updates Azure volume plugin to use `VolumeHost.GetExec()` to execute utilities like mkfs and lsblk instead of simple `os/exec`. This prepares the volume plugin to run these utilities in containers instead of running them on the host + makes the volume plugin more independent and less hardcoded.
See proposal in https://github.com/kubernetes/community/pull/589.
Note that this PR does **not** change place where utilities are executed - `VolumeHost.GetExec()` still leads directly to `os/exec`. It will be changed when the aforementioned proposal is merged and implemented.
To simplify testing, `/sys/bus/scsi/devices/*/model` and `.../vendor` are read using `ioutil.ReadFile` instead of `/bin/cat` in the first commit.
```release-note
NONE
```
@kubernetes/sig-storage-pr-reviews @kubernetes/sig-azure-misc
Automatic merge from submit-queue (batch tested with PRs 51105, 51097, 51110, 50843, 51107)
fibre channel: Remove unused exe interface
**What this PR does / why we need it**:
`execCommand` is not used anywhere, let's remove it and associated `exe` field from several structs.
@kubernetes/sig-storage-pr-reviews
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue