Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bad format anchor in CHANGELOG
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
We should update the relnotes associated scripts.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add service latency and secret related conformance annotations
Signed-off-by: Brad Topol <btopol@us.ibm.com>
/sig testing
/area conformance
@sig-testing-pr-reviews
This PR adds service latency and secret related conformance annotations to the e2e test suite.
The PR fixes a portion of #53822. It focuses on adding conformance annotations as defined by the Kubernetes Conformance Workgroup for a subset of the pod based e2e conformance tests.
Special notes for your reviewer:
Please see https://docs.google.com/spreadsheets/d/1WWSOqFaG35VmmPOYbwetapj1VPOVMqjZfR9ih5To5gk/edit#gid=62929400
for the list of SIG Arch approved test names and descriptions that I am using.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add conformance annotations for expansion and service tests
Signed-off-by: Brad Topol <btopol@us.ibm.com>
/sig testing
/area conformance
@sig-testing-pr-reviews
This PR adds expansion and service test conformance annotations to the e2e test suite.
The PR fixes a portion of #53822. It focuses on adding conformance annotations as defined by the Kubernetes Conformance Workgroup for a subset of the pod based e2e conformance tests.
Special notes for your reviewer:
Please see https://docs.google.com/spreadsheets/d/1WWSOqFaG35VmmPOYbwetapj1VPOVMqjZfR9ih5To5gk/edit#gid=62929400
for the list of SIG Arch approved test names and descriptions that I am using.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove federation
This PR removes the federation codebase and associated tooling from the tree.
The first commit just removes the `federation` path and should be uncontroversial. The second commit removes references and associated tooling and suggests careful review.
Requirements for merge:
- [x] Bazel jobs no longer hard-code federation as a target ([test infra #4983](https://github.com/kubernetes/test-infra/pull/4983))
- [x] `federation-e2e` jobs are not run by default for k/k
**Release note**:
```release-note
Development of Kubernetes Federation has moved to github.com/kubernetes/federation. This move out of tree also means that Federation will begin releasing separately from Kubernetes. The impact of this is Federation-specific behavior will no longer be included in kubectl, kubefed will no longer be released as part of Kubernetes, and the Federation servers will no longer be included in the hyperkube binary and image.
```
cc: @kubernetes/sig-multicluster-pr-reviews @kubernetes/sig-testing-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable metadata concealment for tests
**What this PR does / why we need it**: Metadata concealment is going to beta for v1.9; enable it by default in tests. Also, just use `ENABLE_METADATA_CONCEALMENT` instead of two different vars. Work toward #8867.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: none
**Special notes for your reviewer**:
**Release note**:
```release-note
Metadata concealment on GCE is now controlled by the `ENABLE_METADATA_CONCEALMENT` env var. See cluster/gce/config-default.sh for more info.
```
Automatic merge from submit-queue (batch tested with PRs 54112, 54150, 53816, 54321, 54338). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
correct the kubeDeps.Cloud instead of kcfg.Cloud
**What this PR does / why we need it**:
default to hostname if kubeDeps.Cloud == nil not kcfg.Cloud
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54455, 54431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add conformance annotations for proxy and scheduler predicate tests
Signed-off-by: Brad Topol <btopol@us.ibm.com>
/sig testing
/area conformance
@sig-testing-pr-reviews
This PR adds proxy and scheduler predicate related conformance annotations to the e2e test suite.
The PR fixes a portion of #53822. It focuses on adding conformance annotations as defined by the Kubernetes Conformance Workgroup for a subset of the pod based e2e conformance tests.
Special notes for your reviewer:
Please see https://docs.google.com/spreadsheets/d/1WWSOqFaG35VmmPOYbwetapj1VPOVMqjZfR9ih5To5gk/edit#gid=62929400
for the list of SIG Arch approved test names and descriptions that I am using.
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 54455, 54431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Migrate cluster dns test to sig network
**What this PR does / why we need it**:
Just migrate dns relevant e2e test files to sig network.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Ref Umbrella issue #49161
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 53000, 52870, 53569). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fallback to internal addrs in e2e tests when no external addrs available
This change modifies the way that config.NodeIP is selected at the
start of e2e Networking tests such that if no external addresses are
available from the cloud provider (e.g. either no cloud provider being
used [baremetal or VMs], or the provider doesn't have external IPs
configured), then one of the internal addresses is used.
Without this change, the e2e service-related Networking tests will always
panic when config.ExternalAddrs[0] is accessed and the slice is empty.
This change eliminates the panic, and in some setups, the fallback choice
of using an internal address will provide the necessary connectivity
for the e2e Networking tests to access each node.
fixes#53568
**What this PR does / why we need it**:
This change modifies the way that config.NodeIP is selected at the
start of e2e Networking tests such that if no external addresses are
available from the cloud provider (e.g. either no cloud provider being
used [baremetal or VMs], or the provider doesn't have external IPs
configured), then one of the internal addresses is used.
Without this change, the e2e service-related Networking tests will always
panic when no cloud provider is being used, or the cloud provider does
not have external addresses configured.
This change eliminates the panic, and in some setups, the fallback choice
of using an internal address will provide the necessary connectivity
for the e2e Networking tests to access each node.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53568
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53000, 52870, 53569). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow running kube-apiserver without specifing service-cluster-ip-range
**What this PR does / why we need it**:
The flag service-cluster-ip-range has a default value which is not used by kube-apiserver, causing errors when people rely on that default value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52695
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed a bug which is causes kube-apiserver to not run without specifying service-cluster-ip-range
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix issue(#52994)kubectl set resource can not update multi resource i…
…n local
**What this PR does / why we need it**:
Fixes#52994
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix Federation: Google Cloud DNS provider does not handle missing dom…
Fixes https://github.com/kubernetes/kubernetes/issues/51139
Not sure how to fix provider code, submit a pr to google could dns or something ?
also I'm still learning how to setup a federation cluster, will test my code after it finished : )
/assign @quinton-hoole
@kubernetes/sig-federation-bugs @kubernetes/huawei
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move webhook admission to generic apiserver
This builds on https://github.com/kubernetes/kubernetes/pull/54414.
It moves the admission webhook into the generic apiserver. It also allows the injection of a server managed way to override the rest.Config used for a particular service. This makes for an easier point to allow auto-configuration of the kube-apiserver to loopback to itself as a special case for kubernetes.default.svc.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
the generic admission webhook is now available in the generic apiserver
```
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ScaleIO - Ability to specify Secret's name and namespace
**What this PR does / why we need it**:
This PR is to decouple the ScaleIO secret from the same namespace as that of the StorageClass/PVC/PV that uses it (#53619). Currently, authorized non-admin k8s user, who creates volumes, may end up having unauthorized access to ScaleIO secret information. This PR introduces secret parameter that allows specification of secret's namespace.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53619
**Release note**:
```release-note
ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the `secretNamespace` storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value `default`
```
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
The DBusFakeConnection should have locks to prevent races
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added unit test cases for the public methods of pkg/util/taints.go
Added unit test cases for the public methods of pkg/util/taints.go
Fixed#49384, related to #49699
**Release note**:
```
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix strategicpatch swallowed errors
**What this PR does / why we need it**: Fixes four dropped error variables in `apimachinery`.
```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 54593, 54607, 54539, 54105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move deployment e2e test for hash label adoption to integration
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: #52113
**Special notes for your reviewer**: depends on #53918
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54593, 54607, 54539, 54105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add HA feature gate and minVersion validation
**What this PR does / why we need it**:
As we add more feature gates, there might be occasions where a feature is only available on newer releases of K8s. If a user makes a mistake, we should notify them as soon as possible in the init procedure and not them go down the path of hard-to-debug component issues.
Specifically with HA, we ideally need the new `TaintNodesByCondition` (added in v1.8.0 but working in v1.9.0).
**Which issue this PR fixes:**
kubernetes/kubeadm#261kubernetes/kubeadm#277
**Release note**:
```release-note
Feature gates now check minimum versions
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @luxas @timothysc
Automatic merge from submit-queue (batch tested with PRs 54593, 54607, 54539, 54105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure pv crash due to volumeSource.ReadOnly value nil
**What this PR does / why we need it**:
kubelet in agent would crash due to volumeSource.ReadOnly is nil in some condition
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54149
**Special notes for your reviewer**:
#54149 is the issue: volumeSource.ReadOnly is nil, make kubelet in azure agent node crash.
"volumeSource.ReadOnly is nil" could be regarded as `false` value
@rootfs
**Release note**:
```
fix azure pv crash due to volumeSource.ReadOnly value nil
```
/sig azure
Automatic merge from submit-queue (batch tested with PRs 54593, 54607, 54539, 54105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Removed containers are not always waiting
fixes#54499
The issue was that a container that is removed (during pod deletion, for example), is assumed to be in a "waiting" state.
Instead, we should use the previous container state.
Fetching the most recent status is required to ensure that we accurately reflect the previous state. The status attached to a pod object is often stale.
I verified this by looking through the kubelet logs during a deletion, and verifying that the status updates do not transition from terminated -> pending.
cc @kubernetes/sig-node-bugs @sjenning @smarterclayton @derekwaynecarr @dchen1107
```release-note
Fix an issue where pods were briefly transitioned to a "Pending" state during the deletion process.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix the if judge sentences
**What this PR does / why we need it**:
the clean always TRUE so no need if Judge sentences!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54081, 54271, 51783, 54600, 54594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add go flags to go-to-protobuf
Reopened from code-generator repo.
cc: @sttts
Automatic merge from submit-queue (batch tested with PRs 54081, 54271, 51783, 54600, 54594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move getMaxVols function to predicates.go and add some NewVolumeCount…
…Predicate funcs
Signed-off-by: zhangjie <zhangjie0619@yeah.net>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
move getMaxVols function to predicates.go and add some NewVolumeCountPredicate funcs
```
Automatic merge from submit-queue (batch tested with PRs 54081, 54271, 51783, 54600, 54594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove redundant code of checking path
**What this PR does / why we need it**:
Remove redundant code of checking path
the checking is not necessary here,WrapperUnmounter#TearDownAt always do that
func UnmountViaEmptyDir(dir string, host VolumeHost, volName string, volSpec Spec, podUID types.UID) error {
glog.V(3).Infof("Tearing down volume %v for pod %v at %v", volName, podUID, dir)
if pathExists, pathErr := volutil.PathExists(dir); pathErr != nil {
return fmt.Errorf("Error checking if path exists: %v", pathErr)
} else if !pathExists {
glog.Warningf("Warning: Unmount skipped because path does not exist: %v", dir)
return nil
}
// Wrap EmptyDir, let it do the teardown.
wrapped, err := host.NewWrapperUnmounter(volName, volSpec, podUID)
if err != nil {
return err
}
return wrapped.TearDownAt(dir)
}
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Release note**:
NONE
Automatic merge from submit-queue (batch tested with PRs 54081, 54271, 51783, 54600, 54594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unit tests in /pkg/api/v1helper
**What this PR does / why we need it**:
add unit tests in /pkg/api/v1helper
**Which issue this PR fixes** :
ref #49384
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54597, 54593, 54081, 54271, 54600). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: check for illegal container state transition
supersedes https://github.com/kubernetes/kubernetes/pull/54530
Puts a state transition check in the kubelet status manager to detect and block illegal transitions; namely from terminated to non-terminated.
@smarterclayton @derekwaynecarr @dashpole @joelsmith @frobware
I confirmed that the reproducer in #54499 does not work with this check in place. The erroneous kubelet status update is rejected:
```
status_manager.go:301] Status update on pod default/test aborted: terminated container test-container attempted illegal transition to non-terminated state
```
After fix https://github.com/kubernetes/kubernetes/pull/54593, I do not see the message with the above mentioned reproducer.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add some indent in CHANGELOG-1.7
**What this PR does / why we need it**:
in changelogv1.7 there has some indent error and fixed it!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bug in func OnError() of apimachinery in case time moves backwards for any reason
**What this PR does / why we need it**:
in func OnError() of ErrorHandlers in apimachinery
```
func (r *rudimentaryErrorBackoff) OnError(error) {
r.lastErrorTimeLock.Lock()
defer r.lastErrorTimeLock.Unlock()
d := time.Since(r.lastErrorTime)
if d < 0 {
time.Sleep(r.minPeriod - d)
}
r.lastErrorTime = time.Now()
}
```
it is expected to go on sleep for some time if not meet the minPeriod. However, if time happens hops to the past in the process. `d := time.Since(r.lastErrorTime)` would be a negative number, thus, it may sleep a lot longer than we expected.
The period for sleep should be reseted if time hops
**Which issue this PR fixes**
fixes#54236
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[examples.storage/minio] update deploy config version
**What this PR does / why we need it**:
update deploy config version
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
import-verifier: use yaml for inline comments
For iterative cutting of dependencies, we will have temporary execeptions
in hack/import-restrictions.json. In order to document that, comments would
help a lot and using yaml is simple and gives us that.
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[OpenStack]Remove the LbaasV1 of OpenStack cloud provider
The Neutron LbaasV1 has been declared obsolete, LbaasV2 is a
better choice.
So let's remove the codes of LbaasV1, only support LbaasV2.
xref: #52609
Reference OpenStack doc:
https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2.
```
Kubernetes Submit Queue