Automatic merge from submit-queue (batch tested with PRs 63488, 63496). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve test coverage of Kubelet file utils
Improves from 30.9% to 77.8%.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for arm64 to the registry action of the kuberntes-worker juju charm.
**What this PR does / why we need it**: Add support for arm64 to the registry action of the kuberntes-worker juju charm.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63373, 63338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable GCE/GKE e2e tests for GlusterFS Dynamic Provisioner.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 63373, 63338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Wire ConfigFlags struct through cmdutil.Factory
**Release note**:
```release-note
NONE
```
Continues the Flags struct pattern established with PrintFlags.
Wires ConfigFlags through the client_access_factory
cc @deads2k @soltysh
Automatic merge from submit-queue (batch tested with PRs 62914, 63431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use new dynamic client
Updates kubeadm to use the new dynamic client that simplifies call patterns.
@kubernetes/sig-cluster-lifecycle-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62914, 63431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: fix flake in TestUpdateExistingNodeStatusTimeout
xref https://github.com/openshift/origin/issues/19443
There are cases where some process, outside the test, attempts to connect to the port we are using to do the test, leading to a attempt count greater than what we expect.
To deal with this, just ensure that we have seen *at least* the number of connection attempts we expect.
@liggitt
```release-note
NONE
```
The TestVSphereLogin method still defaults to testing against a real vCenter,
but if the required environment variables are not set, it can test against vcsim.
More tests can be converted to use configFromEnvOrSim(), but can be in follow up PRs.
This refactor is in support of SAML token authentication: #63209
Avoid use of govmomi.Client as it only supports username+password authentication via SessionManager.Login().
Using vim25.Client directly will allow VCP to add other authentication methods,
such as SessionManager.LoginByToken().
Automatic merge from submit-queue (batch tested with PRs 63460, 63481). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove redundant runtime.GOMAXPROCS
Since golang 1.5, `By default, Go programs run with GOMAXPROCS set to the number of cores available;`
If env `GOMAXPROCS `, it uses default `runtime.NumCPU()`. So set again is redundant.
cc @deads2k
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: document how to run sample-apiserver standalone outside the cluster
This PR documents how to run the sample-apiserver outside of a cluster for development.
tl/dr: local client CA with `system:masters` group membership. Then authorization is skipped.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
catch err when Watch testResource failed in func TestWatchCallNonNamespace
**What this PR does / why we need it**:
catch err when Watch testResource failed in func TestWatchCallNonNamespace
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
[#61155](https://github.com/kubernetes/kubernetes/issues/61155)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
the output looks like:
NAMESPACE NAME CREATED AT
default test 2m
Notice that the column CREATED AT 2m makes no sense.
The correct column name here should be AGE.
Which keeps the same with the situation when --server-print=false
This patch fix this.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up Azure clients
**What this PR does / why we need it**:
Follow up of #63278 (Use new Azure SDK APIs for load balancer and public IP operations), clean up all other clients.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Follow up of #63278
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix ipvs firewall rules for loadbalancer type service
**What this PR does / why we need it**:
fix ipvs firewall rules for loadbalancer type service.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62638
**Special notes for your reviewer**:
The original firewall rules for loadblancer type service with sourceRange may looks like:
```
Chain KUBE-FIRE-WALL (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LB-INGRESS-LOCAL dst,dst
KUBE-MARK-MASQ all -- 0.0.0.0/0 0.0.0.0/0 /* mark MASQ for external traffic policy not local */
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER-SOURCE-CIDR dst,dst,src
KUBE-MARK-DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SERVICES (2 references)
target prot opt source destination
KUBE-MARK-MASQ all -- !10.64.0.0/14 0.0.0.0/0 match-set KUBE-CLUSTER-IP dst,dst
KUBE-FIRE-WALL all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER dst,dst
KUBE-NODE-PORT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp match-set KUBE-NODE-PORT-TCP dst
```
Which may result in other loadbalancer type service can't be access.
In this pr, rules of loadbalancer type service with sourceRange specified will be:
```
Chain KUBE-FIRE-WALL (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER-SOURCE-CIDR dst,dst,src
KUBE-MARK-DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain KUBE-LOAD-BALANCER (1 references)
target prot opt source destination
KUBE-FIRE-WALL all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LB-INGRESS dst,dst
KUBE-MARK-MASQ all -- 0.0.0.0/0 0.0.0.0/0 /* mark MASQ for external traffic policy not local */
Chain KUBE-SERVICES (2 references)
target prot opt source destination
KUBE-MARK-MASQ all -- !10.64.0.0/14 0.0.0.0/0 match-set KUBE-CLUSTER-IP dst,dst
KUBE-LOAD-BALANCER all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER dst,dst
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
controller/endpoint: explict log msg when syncing error
explict log msg for retrying sync
Signed-off-by: CuiHaozhi <cuihaozhi@chinacloud.com.cn>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove repeated code
**What this PR does / why we need it**:
Remove repeated code
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add MAX_PODS env allowing kubelet to be max-pods aware.
**What this PR does / why we need it**:
Add MAX_PODS env allowing kubelet to be max-pods aware. This env will be one of the argument of kubelet. By setting this parameter, correct number of pod capacity for the node will be reported.
**Special notes for your reviewer**:
/assign @MrHohn @jpbetz
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add dynamic RESTMapper to ControllerContext and make it generic
Add RESTMapper to ControllerContext and make it generic.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63315, 63383, 63318, 63439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
compute configmap/secret key correctly cross-platform
fixes#61710
```release-note
`kubectl create [secret | configmap] --from-file` now works on Windows with fully-qualified paths
```
Automatic merge from submit-queue (batch tested with PRs 63315, 63383, 63318, 63439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
drive resourcebuilder from kubeconfig, allow scheme specification
This updates the resource builder to work based on a kubeconfig to allow future chaining of flags. It also allow specification of the scheme you want for your actual decoding.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63315, 63383, 63318, 63439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-enable lease reconciler, fix shutdown race
Fixes#63378Fixes#57617
* Fixes the openapi script to wait for the apiserver on shutdown (like all the other scripts do)
* Fixes the apiserver shutdown to not hang forever if the kubernetes service reconciler cannot persist to etcd
* Readds https://github.com/kubernetes/kubernetes/pull/58474 to make the default the lease reconciler
```release-note
kube-apiserver: the default `--endpoint-reconciler-type` is now `lease`. The `master-count` endpoint reconciler type is deprecated and will be removed in 1.13.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix pkg_rpm rules for bazel 0.13+
**What this PR does / why we need it**: next step in addressing https://github.com/kubernetes/kubernetes/issues/63108; we can use the substitutions supported by bazel 0.13+ to get the `pkg_rpm` rules to work properly again.
I've also added a filegroup to allow building all of the RPMs easily with `bazel build //build/rpms`. Note that since these are manual, `bazel build //...` will still skip building them.
**Release note**:
```release-note
NONE
```
/assign @BenTheElder
cc @sigma
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use single struct in internal type to reduce difference with external type
**What this PR does / why we need it**:
This PR reduces the differences between internal and external types by removing leftovers after revert of one of the changes.
**Special notes for your reviewer**:
We had `IDRange` in both types prior 9440a68744 commit (https://github.com/kubernetes/kubernetes/pull/44714) that splitted it into `UserIDRange`/`GroupIDRange`. Later, in c91a12d205 commit (https://github.com/kubernetes/kubernetes/pull/47824) we had to revert these changes because they broke backward compatibility but `UserIDRange`/`GroupIDRange` structs were left in the internal type.
Automatic merge from submit-queue (batch tested with PRs 63421, 63432, 63333). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update tests to be specific about the versions they are testing
When setting up tests, you want to rely on your own scheme. This eliminates coupling to floating versions which gives unnecessary flexibility in most cases and prevents testing all the versions you need.
@liggitt scrubs unnecessary deps.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63421, 63432, 63333). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
slim printer interface down to printing
The printer interface only needs to know how to print. This reduces it's interface to scope it to printing.
@kubernetes/sig-cli-maintainers
@soltysh @juanvallejo you've been active in the area
/assign @juanvallejo
```release-note
NONE
```
Kubernetes Submit Queue