Automatic merge from submit-queue
Fix some err message
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47851, 47824, 47858, 46099)
Revert "[Federation] Fix federated service reconcilation issue due to addition of External…"
Reverts kubernetes/kubernetes#45798
Reverting the temporary fix as the problem is fixed in #45869.
with that fix federation also can default ExternalTrafficLocalOnly if not set.
Issue: #45812
cc @MrHohn @madhusudancs @kubernetes/sig-federation-bugs
Automatic merge from submit-queue (batch tested with PRs 47451, 47410, 47598, 47616, 47473)
Revert "Ignore `daemonset-controller-hash` label key in federation before comparing the federated object with its cluster equivalent."
This reverts commit 3530c9ce87.
~This needs to wait for #47258, otherwise federation test won't pass~ (merged)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add NodeInternalIP as a fallback to federation api-server nodeport service
Previously NodeLegacyHostIP was used as a fallback (see #41243) but in 1.7 it was removed (#44830)
Now clusters where nodes have not set ExternalIP can not be used by kubefed to setup federation.
cc @shashidharatd
```release-note
kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services
```
Kubernetes daemonset controller writes a daemonset's hash to the object
label as an optimization to avoid recomputing it every time. Adding a
new label to the object that the federation is unaware of causes
problems because federated controllers compare the objects in
federation and their equivalents in clusters and try to reconcile them.
This leads to a constant fight between the federated daemonset
controller and the cluster controllers, and they never reach a stable
state.
Ideally, cluster components should not update an object's spec or
metadata in a way federation cannot replicate. They can update an
object's status though. Therefore, this daemonset hash should be a
field in daemonset's status, not a label in object meta. @janetkuo says
that this label is only a short term solution. In the near future, they
are going to replace it with revision numbers in daemonset status. We
can then rip this bandaid out.
Automatic merge from submit-queue (batch tested with PRs 45871, 46498, 46729, 46144, 46804)
Fix some comments in dnsprovider
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 36721, 46483, 45500, 46724, 46036)
Federation: Minor corrections in service controller and add a unit testcase
**What this PR does / why we need it**:
This PR fixes few outdated comments in federation service controller and few other minor fixes.
This also adds a unit test case to test federated service deletion.
/assign @quinton-hoole
/cc @marun @kubernetes/sig-federation-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue
Add initializer support to admission and uninitialized filtering to rest storage
Initializers are the opposite of finalizers - they allow API clients to react to object creation and populate fields prior to other clients seeing them.
High level description:
1. Add `metadata.initializers` field to all objects
2. By default, filter objects with > 0 initializers from LIST and WATCH to preserve legacy client behavior (known as partially-initialized objects)
3. Add an admission controller that populates .initializer values per type, and denies mutation of initializers except by certain privilege levels (you must have the `initialize` verb on a resource)
4. Allow partially-initialized objects to be viewed via LIST and WATCH for initializer types
5. When creating objects, the object is "held" by the server until the initializers list is empty
6. Allow some creators to bypass initialization (set initializers to `[]`), or to have the result returned immediately when the object is created.
The code here should be backwards compatible for all clients because they do not see partially initialized objects unless they GET the resource directly. The watch cache makes checking for partially initialized objects cheap. Some reflectors may need to change to ask for partially-initialized objects.
```release-note
Kubernetes resources, when the `Initializers` admission controller is enabled, can be initialized (defaulting or other additive functions) by other agents in the system prior to those resources being visible to other clients. An initialized resource is not visible to clients unless they request (for get, list, or watch) to see uninitialized resources with the `?includeUninitialized=true` query parameter. Once the initializers have completed the resource is then visible. Clients must have the the ability to perform the `initialize` action on a resource in order to modify it prior to initialization being completed.
```
Automatic merge from submit-queue (batch tested with PRs 46239, 46627, 46346, 46388, 46524)
move labels to components which own the APIs
During the apimachinery split in 1.6, we accidentally moved several label APIs into apimachinery. They don't belong there, since the individual APIs are not general machinery concerns, but instead are the concern of particular components: most commonly the kubelet. This pull moves the labels into their owning components and out of API machinery.
@kubernetes/sig-api-machinery-misc @kubernetes/api-reviewers @kubernetes/api-approvers
@derekwaynecarr since most of these are related to the kubelet
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)
[Federation] Add a SchedulingAdapter that can extend the FederatedTypeAdapter and that provides hooks for scheduling objects into clusters.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)
[Federation][kubefed]: Use StorageClassName for etcd pvc
This PR updates kubefed to use the StorageClassName field [added in 1.6](http://blog.kubernetes.io/2017/03/dynamic-provisioning-and-storage-classes-kubernetes.html
) for etcd's pvc to allow the user to specify which storage class they want to use. If no value is provided to ``kubefed init``, the field will not be set, and initialization of the pvc may fail on a cluster without a default storage class configured.
The alpha annotation that was previously used (``volume.alpha.kubernetes.io/storage-class``) was deprecated as of 1.4 according to the following blog post:
http://blog.kubernetes.io/2016/10/dynamic-provisioning-and-storage-in-kubernetes.html
**Release note**:
```
'kubefed init' has been updated to support specification of the storage class (via --etcd-pv-storage-class) for the Persistent Volume Claim (PVC) used for etcd storage. If --etcd-pv-storage-class is not specified, the default storage class configured for the cluster will be used.
```
cc: @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 46394, 46650, 46436, 46673, 46212)
Write "kubectl options" help message to stdout, not stderr
Fix a very minor issue causing `kubectl` to write its help messages to `stderr` instead of `stdout`.
Try this:
`kubectl options | grep log`
It should print only the options related to logging, but right now it prints the entire help menu (since it's printing to stderr).
This patch brings us closer to unix convention and reduces user friction.
~~Another use case (if a user can't remember whether it's `-r` or `-R` for recursion):~~
~~`kubectl patch -h | grep recursive`~~
Update: this patch only affects `kubectl options`. The other commands are working as intended.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45534, 37212, 46613, 46350)
check err
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Previous behavior was to write to stderr (thanks to the fallback system
in the Cobra library), which made it difficult to grep for flags.
For example:
kubectl options | grep recursive
Automatic merge from submit-queue (batch tested with PRs 46252, 45524, 46236, 46277, 46522)
[Federation] Refactor the cluster selection logic in the sync controller
This is intended to make it easier to define the interaction between cluster selection and scheduling preferences in the sync controller when used for workload types.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46450, 46272, 46453, 46019, 46367)
check err
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
When the err in not nil, the podStatus is nil, it is dangerous "podStatus[cluster.Name].RunningAndReady".
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46450, 46272, 46453, 46019, 46367)
Add ClusterSelector to Ingress Controller
This pull request adds ClusterSelector to the Federated Ingress Controller ref: design #29887
This back ports the same functionality from the sync controller (merged pull #40234) in order to make this feature available across all Controllers for the 1.7 release.
cc: @kubernetes/sig-federation-pr-reviews @shashidharatd
**Release note**:
```
The annotation `federation.alpha.kubernetes.io/cluster-selector` can be used with Ingress objects to target federated clusters by label.
```
Automatic merge from submit-queue
[Federation] Move service dns controller to its own package
This PR does nothing but just moves service dns controller code to its own package.
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-federation-pr-reviews
/assign @marun
Automatic merge from submit-queue
Fix typo in test_helper
`CompareObjectMeta` is comparting Name attribute, but
logging Namespace. Looks like a copy/paste error.
Automatic merge from submit-queue (batch tested with PRs 46429, 46308, 46395, 45867, 45492)
deduplicate endpoints before DNS registration
**What this PR does / why we need it**: Multizone clusters will return duplicated endpoints to the federation controller manager. The FCM will then attempt to create an A record with duplicate entries, which will fail. As a result, federated services on multi-AZ clusters don't work right now. This PR deduplicates the endpoint IPs before attempting the DNS record registration.
**Which issue this PR fixes**: fixes#35997
**Special notes for your reviewer**:
I believe there is a lot of refactoring required with multizone federated clusters, most notably with regard to AWS and optimising for ALIAS records rather than A, but this PR will at least allow basic functionality to work.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 44774, 46266, 46248, 46403, 46430)
[Federation] ClusterSelector for Service Controller
This pull request adds ClusterSelector to the Federated Service Controller ref: design #29887 This back ports the same functionality from the sync controller (merged pull #40234).
cc: @nikhiljindal @marun
Dr. Stefan Schimanski