Automatic merge from submit-queue (batch tested with PRs 48405, 48742, 48748, 48571, 48482)
dockershim: clean up unused security context code
Most of the code in the `dockershim/securitycontext` package are
unused and can be removed. This PR migrates the rest of the code,
cleans it up (e.g., remove references to kubernetes API objects),
and removes the package entirely.
Automatic merge from submit-queue (batch tested with PRs 48405, 48742, 48748, 48571, 48482)
Removed scheduler dependencies to testapi.
**What this PR does / why we need it**:
When refactor scheduler to use client-go, k8s.io/api, it's also need to remove the dependeny to testapi.
prefer to only include import/BUILD changes for #44188, so created separated PR for other enhancement removal.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partially fixes#44188
**Release note**:
```release-note-none
```
Automatic merge from submit-queue
kubeadm: begin polling for bootstrap cluster info immediately
**What this PR does / why we need it**:
This PR changes the behavior of the `kubeadm` loop that polls the API server waiting for discovery information (`cluster-info`). The previous (inadvertent?) behavior was to sleep for `constants.DiscoveryRetryInterval` (5 seconds) before the first request ([`PollInfinite`](https://godoc.org/k8s.io/apimachinery/pkg/util/wait#PollInfinite) vs. [`PollImmediateInfinite`](https://godoc.org/k8s.io/apimachinery/pkg/util/wait#PollImmediateInfinite)).
After this change, `kubeadm` begins does the first check immediately before it moves into the slower polling mode. This takes around 5 seconds off the average time for a new node to join.
#### Before (~5.5s)
```
root@worker:~# time kubeadm join --token abc.123 192.168.42.10:6443
[...]
real 0m5.523s
user 0m0.112s
sys 0m0.124s
```
#### After (~0.5s)
```
root@worker:~# time kubeadm join --token abc.123 192.168.42.10:6443
[...]
real 0m0.587s
user 0m0.092s
sys 0m0.132s
```
**Which issue this PR fixes**:
**Special notes for your reviewer**:
This is my first Kubernetes PR, so please let me know if it's formatted correctly.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Move performance tests to test/e2e/scalability subdirectory
Following the move to make e2e tests more organized and accountable to the respective SIGs.
cc @kubernetes/sig-scalability-pr-reviews @wojtek-t @gmarek @grodrigues3
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
GCE: Allow empty NETWORK_PROJECT_ID env var
Changes:
1. Adds `GCE_API_ENDPOINT` logic to container-linux as it was added to GCI in #47881.
1. Apply `NETWORK_PROJECT_ID` value to gce.conf only if the env var is set.
/sig network
/area platform/gce
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
Name change: s/timstclair/tallclair/
I changed my name, and I'm migrating my user name to be consistent.
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
share iptables util client within kubenet
reduce the number of goroutine waiting for dbus.
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
Bump event-exporter version
Fixes https://github.com/kubernetes/kubernetes/issues/47914
```release-note
Reduce amount of noise in Stackdriver Logging, generated by the event-exporter component in the fluentd-gcp addon.
```
Automatic merge from submit-queue
remove svg mime type extension
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
I found that [kubernetes requires go version 1.6 or greater](https://github.com/kubernetes/kubernetes/blob/master/hack/lib/golang.sh#L335).
While the [commit](21e47d831b) which adds "image/svg+xml" type for extension ".svg", has been merged to go from version 1.5 to 1.9beta.
So it's safe to remove code ```mime.AddExtensionType(".svg", "image/svg+xml")```.
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)
OpenStack for cloud-controller-manager
**What this PR does / why we need it**:
This implements the `NodeAddressesByProviderID` and `InstanceTypeByProviderID` methods used by the cloud-controller-manager to the OpenStack provider. The instance type returned is the flavor name, for consistency `InstanceType` has been implemented too returning the same value.
```release-note
NONE
```
This is part of #47257 cc @wlan0
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)
add generated clients. modify codegen script
**What this PR does / why we need it**:
Adds in the generated clientsets for the sample apiserver. Modifies the update-codgen script to copy over the client from the generated location. We need it in order to be able to add integrations and unit tests that make use of the clientsets and their fakes.
**Special notes for your reviewer**:
@deads2k @p0lyn0mial hopefully done the correct thing here. Not 100% sure on needing the copy but it seemed what was needed to get the import paths correct?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)
add a regression test for Audit-ID http header
This change add a test for: https://github.com/kubernetes/kubernetes/pull/48492
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
fix system language judging bug in loadSystemLanguage
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
This PR removes some unused code in loadSystemLanguage. Since in code `pieces := strings.Split(langStr, ".")`, even `langStr` is an empty string, `piece` is a slice with one element of empty string, so there is no chance that len(pieces) == 0.
According to these, I think it is OK to remove the unused code in loadSystemLanguage.
According to the discuss we had, finally we decided to use a more accurate way to change the code, using `if len(pieces) != 1` to make the decision.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Allow to specify a node-name instead of relaying in `os.Hostname()`
This is useful where kubelet use the name given by the cloud-provider to
register the node.
Partially fix: kubernetes/kubeadm#64
Automatic merge from submit-queue (batch tested with PRs 46865, 48661, 48598, 48658, 48614)
Fix function names in the comments
This patch fixes function and type names in the comments
in predicates.go.
**What this PR does / why we need it**:
It fixes function and type names in the comments in predicates.go.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
This does not have an issue # because it is a trivial fix.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46865, 48661, 48598, 48658, 48614)
remove extra WriteHeader function
The deleted two functions will be called later in the function
SerializeObject(). Not necessary to call them twice.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46865, 48661, 48598, 48658, 48614)
Move metrics_grabbert to test/e2e
cc @aleksandra-malinowska
Automatic merge from submit-queue
kube-apiserver: tests for aggregation and CRDs via delegation
In our integration tests we do not use the real kube-apiserver setup code, but mock our own. Here I use the actual `cmd/kube-apiserver/app.Run()` func with an testing etcd server. This can test the whole delegation chain of aggregator, apiextensions and kube-apiserver.
Automatic merge from submit-queue
Update heketi dependencies to SHA@53ed62346cbd870d02be06fead8652a8fd6208c6
PR #44174 Requires this api change.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Include leaderelection in client-go;
Fix#39117
Fix https://github.com/kubernetes/client-go/issues/28
This PR:
* includes the leaderelection to the staging client-go
* to avoid conflict with golang's testing package, renames package /testing to /testutil, and renames cache/testing to cache/testframework
```release-note
client-go now includes the leaderelection package
```
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Fix issue when setting fileysystem capacity in container manager
In Container manager, we set up the capacity by retrieving information
from cadvisor. However unlike machineinfo, filesystem information is
available at a later unknown time. This PR uses a go routine to keep
retriving the information until it is avaialble or timeout.
This PR fixes issue #48452
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
proxy/userspace: honor listen IP address as host IP if given
Allows the proxier to be used on an interface that's not the default route,
otherwise hostIP gets set to the default route interface even if that's
not what the user intended.
If listen IP isn't given, falls back to previous behavior.
```release-note
To allow the userspace proxy to work correctly on multi-interface hosts when using the non-default-route interface, you may now set the `bindAddress` configuration option to an IP address assigned to a network interface. The proxy will use that IP address for any required NAT operations instead of the IP address of the interface which has the default route.
```
@kubernetes/sig-network-misc @thockin @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Make kube-proxy's MetricsBindAddress configurable via flag
**What this PR does / why we need it**: From #48600, `MetricsBindAddress` used to be configurable through flag (coupled with `HealthzBindAddress`). But this functionality went away after #44968 separated healthz server from metrics server. This PR adds that functionality back.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
/assign @ncdc
cc @bowei @r0bj
**Release note**:
```release-note
none
```
Automatic merge from submit-queue
Removed mesos as cloud provider from Kubernetes.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47205
**Special notes for your reviewer**:
**Release note**:
```release-note
Move Mesos Cloud Provider out of Kubernetes Repo
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
IPv6 support for getting IP from default route
This is another part of the effort to update ChoseHostInterface() to support
IPv6. In particular, this focuses on the call path, starting from
chooseHostInterfaceFromRoute(), which attempts to find the node IP by
using default route information.
In the original code, routes are collected, and examined to find default
routes. For a default route, the IPs for the associated interface are
checked to see if there is one that is a V4 address, and is not a
loopback, link local, or multicast address. If found, that IP will be
used for the node IP.
With this PR, there are some slight changes to prepare for allowing IPs
from IPv6 default routes. The routes (IPv4 at this time - a subsequent
PR will handle IPv6) are collected as before. If the route is a default
route AND it's GW address is a global unicast address, then the IPs
for the associated interface are checked. This time though, we just pick
the IP that is on the same subnet as the gateway IP.
This ensures it is not a link local, loopback, or multicast address. It
saves time, by nt checking IPs for interfaces that don't have a "global"
default route. It also will ensure the right IP is used, when using both
IPv4 and IPv6 addresses.
For example, if we have eth0 with global IPv4 and IPv6 addresses, and
an IPv6 default route, we want to select the IPv6 address, as it is
associated with the default route.
Another case is that same interface, along with eth1 containing an IPv4
address with a default route. We want to select eth1's IPv4 address,
and not the IPv4 on eth0.
This change adds more UT coverage to several methods, and removes UTs
that are redundantly testing at a higher level. Coverage is slightly
improved.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref #44848
**Special notes for your reviewer**:
This goes along with PR 46044, and will have another PR to the next part.
**Release note**:
```release-noteNONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
fix parse resource in setting selector
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#47718
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
kubeadm: Allows to use versions like 1.6.4 instead v1.6.4
**What this PR does / why we need it**:
As part of issue kubernetes/kubeadm#292 discussion, it
turned out that for users it is not always obvious that
version specification parameter must be in form "vX.Y.Z".
This patch allows to specify it in form "X.Y.Z" and
converts it internally to normal semantic version which
expected in the rest of the code.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm now can accept versions like "1.6.4" where previously it strictly required "v1.6.4"
```
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
add extra args validate
`ExtraArgsCheck` return warnings not errors. because kubeadm may create the newer version control plane, there are new arguments that kubeadm doesn't know.
Automatic merge from submit-queue
kubeadm: Implementing the certificates phase fully
**What this PR does / why we need it:**
This contains implementation of certs phases in kubeadm, which is part of the wider effort of implementing phases in kubeadm, previously in alpha stage.
The original proposal for this activity can be found [here](https://github.com/kubernetes/kubeadm/pull/156/files) and related comments.
Kubeadm phase implementation checklist is defined [here](https://github.com/kubernetes/kubeadm/issues/267)
Common implementation guidelines and principles for all phases are defined [here](https://docs.google.com/document/d/1VQMyFIVMfRGQPP3oCUpfjiWtOr3pLxp4g7cP-hXQFXc/edit?usp=sharing)
This PR implements:
- [x] kubeadm phase certs
- [x] kubeadm phase certs all
- [x] kubeadm phase certs ca
- [x] kubeadm phase certs apiserver
- [x] kubeadm phase certs apiserver-kubelet-client
- [x] kubeadm phase certs sa
- [x] kubeadm phase certs front-proxy-ca
- [x] kubeadm phase certs front-proxy-client
**Which issue this PR fixes:**
none
**Special notes for your reviewer:**
This PR resubmits the work of #45617, and already includes @luxas reviews.
Please note that:
- the API - phase\certs.go - is now totally free by any UX concerns, and implements only the core logic for cert generation.
- the UX - cmd\phase\certs.go - now takes charge of UX commands and kubeadm own's rules for placing certs in the certificate dir (e.g. create only if exists)
Automatic merge from submit-queue
Update labels.yaml
```release-note
NONE
```
Reminder that at some point we need to stop allowing humans to add
labels via github's UI, and instead drive changes through this file.
We'll need to get mungegithub's check-labels munger activated and
a documented policy for all that, so here's a bump in the meantime.
ref: kubernetes/test-infra#2504 (this PR doesn't fix the issue but that's the closest prior art I can find)
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
Added case on 'terminated-but-not-yet-deleted' for Admit.
**What this PR does / why we need it**:
Added case on 'terminated-but-not-yet-deleted' for Admit.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47867
**Release note**:
```release-note-none
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
HTTPExtender: should close resp.Body even when StatusCode not ok
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
close resp.Body even when StatusCode isn't ok
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48402, 47203, 47460, 48335, 48322)
fix kubectl run --env flag
fixes: kubernetes/kubectl#19
cc: @ddcprg
```release-note
`kubectl run --env` no longer supports CSV parsing. To provide multiple env vars, use the `--env` flag multiple times instead of having env vars separated by commas. E.g. `--env ONE=1 --env TWO=2` instead of `--env ONE=1,TWO=2`.
```
Kubernetes Submit Queue