Automatic merge from submit-queue (batch tested with PRs 54336, 54470, 54334, 54175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update fluentd-gcp DaemonSet
- Use a dedicated service account to run the fluentd-gcp DS
- Use the certificates in the prometheus-to-sd image rather than mounting the host certs
This PR lets us create a more targeted PodSecurityPolicy for fluentd. (See https://github.com/kubernetes/kubernetes/pull/52367#discussion_r145433354)
```release-note
- fluentd-gcp runs with a dedicated fluentd-gcp service account
- Stop mounting the host certificates into fluentd's prometheus-to-sd container
```
Automatic merge from submit-queue (batch tested with PRs 54336, 54470, 54334, 54175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure disk mount failure on coreos and some other distros
**What this PR does / why we need it**:
azure disk mount failure on coreos due to `/dev/disk/azure` not populated on coreos, and also on some other distros.
After a long time back and forth discussion, I have decided to fix this issue on k8s side. Customers are leaving azure because of this udev issue, you could read details from #50150 . I have verifed the code works well on current coreos on azure.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes#50150: azure_dd: managed disks don't pass "FormatAndMount"
In coreos on azure and some old distros, one udev rule is not applied, which means `/dev/disk/azure` not populated, while current disk detection code logic relies on `/dev/disk/azure`, so it would lead to azure disk mount failure, for more details, pls refer to #50150
**Special notes for your reviewer**:
In v1.6, there is no such issue becuase it's not using /dev/azure/disk to detect the LUN of new disk, so I refer the code logic of v1.6:
https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/volume/azure_dd/vhd_util.go#L59-L66
while from v1.7, it's using /dev/azure/disk, the code logic does not apply to distro which does not have udev rules(/dev/azure/disk), see:
https://github.com/kubernetes/kubernetes/blob/release-1.7/pkg/volume/azure_dd/azure_common.go#L231-L236
**Release note**:
```
fix azure disk mount failure on coreos and some other distro due to udev rule not applied
```
/sig azure
@rootfs @brendanburns @colemickens
@tlyng @karataliu @szarkos
Automatic merge from submit-queue (batch tested with PRs 54336, 54470, 54334, 54175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update kubectl drain command to use policy V1Beta1 instead of unversioned API
**What this PR does / why we need it**:
Removes kubectl dependency on `k8s.io/kubernetes/pkg/apis/policy` by switching to `k8s.io/api/policy/v1beta1`. Part of https://github.com/kubernetes/kubectl/issues/83.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubectl/issues/90
**Special notes for your reviewer**:
/cc @kubernetes/sig-cli-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54336, 54470, 54334, 54175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update openapi bazel build to support vendored build
This is one part (see #54335) of enabling vendoring projects like federation to generate openapi code for k8s.io/kubernetes.
edit: These changes are necessary for a project to correctly generate ``vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go`` for vendored ``k8s.io/kubernetes``. Without the changes, the vendored output location for ``zz_generated.openapi.go`` would be ``k8s.io/kubernetes`` instead of ``vendor/k8s.io/kubernetes`` and the input files would similarly be from ``k8s.io/kubernetes`` instead of ``k8s.io/myproject``.
/sig testing
/release-note-none
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move device plugin related code to pkg/kubelet/cm/deviceplugin/.
**What this PR does / why we need it**:
Move device plugin related code to pkg/kubelet/cm/deviceplugin/.
Inspired by PR 53258 proposed by @dolftax. The code structure looks much cleaner this way and it also makes future code refactoring easier.
While moving device_plugin_handler_test.go from pkg/kubelet/cm/ to pkg/kubelet/cm/deviceplugin/, we can no longer uses cm in its tests because that would cause a cycle dependency. To solve this problem, I moved the main cm GetResources functionality as well as part of the current device plugin handler Allocate functionality into a new device plugin handler function, GetDeviceRunContainerOptions(). This refactoring is also needed by another PR 51895 that moves device allocation into admission phase. Now device plugin handler Allocate() first checks whether there is cached device runtime state and only issues Allocate grpc call if there is no cached state available. The new GetDeviceRunContainerOptions() function simply returns device runtime config from the cached state. To support this change, extended the podDevices struct and checkpoint data structure with device runtime state.
We expect to clean up device plugin interface in follow up PRs. Currently both device plugin handler interface and manager interface are public. This is no longer necessary after this PR given that their code now live in the same package. We should clean up unnecessary public interfaces and functions, and/or consider to merge handler and manager code into a single layer.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
Part of https://github.com/kubernetes/kubernetes/issues/53170 but not fixes it.
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove redundant call to StartLogging in service_controller. Fixes #5…
…4339
**What this PR does / why we need it**:
Removes redundant call to StartLogging introduced in 96b48d4#diff-1f7f903e25ab8bcbc514bb1e532e997e
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
#54339
**Special notes for your reviewer**:
**Release note**:
```release-note
```
- Use a dedicated service account to run the fluentd-gcp DS
- Update prometheus-to-sd from v0.1.3 to v0.2.1
- Use the certificates in the prometheus-to-sd image rather than mounting the host certs
Automatic merge from submit-queue (batch tested with PRs 52868, 53196, 54207). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
eviction/detach test
**What this PR does / why we need it**:
e2e test for detach after a pod is evicted.
**Which issue this PR fixes** : fixes#52676
**Release note**:
```release-note
NONE
```
cc @jingxu97 @copejon
Automatic merge from submit-queue (batch tested with PRs 52868, 53196, 54207). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Check the count of cloud node for LoadBalancer service
If there is no available node for LoadBalancer service, the LoadBlancer
service will become unavailable, we should update service status.
This is part of #53193
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
xref #53193
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52868, 53196, 54207). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow users to configure the service account made available on their nodes
**What this PR does / why we need it**: This allows users (and tests) to configure what GCP service account nodes are given when they are created, to allow users to grant fewer permissions to their nodes via IAM (instead of scopes). Read more about service accounts and scopes here: https://cloud.google.com/compute/docs/access/service-accounts
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53603
**Special notes for your reviewer**:
**Release note**:
```release-note
Allow GCE users to configure the service account made available on their nodes
```
Automatic merge from submit-queue (batch tested with PRs 52003, 54559, 54518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added functionality to replace default kube-dns deployment with a GKE specific one
**What this PR does / why we need it**:
In GKE, we need to use custom kube-dns deployments, which means replacing the default one with the custom. This PR adds the replacement functionality into the relevant configuration scripts.
Release Note:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52003, 54559, 54518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove kubectl create namespace dependencies on kubernetes/pkg/api
**What this PR does / why we need it**:
ref https://github.com/kubernetes/kubectl/issues/83
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52003, 54559, 54518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Load kernel modules automatically inside a kube-proxy pod
**What this PR does / why we need it**:
This change will mount `/lib/modules` on host to the kube-proxy pod,
so that a kube-proxy pod can load kernel modules by need
or when `modprobe <kmod>` is run inside the pod.
This will be convenient for kube-proxy running in IPVS mode.
Users will don't have to run `modprobe ip_vs` on nodes before starting
a kube-proxy pod.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
The kube-proxy IPVS proxier will check if the kernel supports IPVS, or it will fallback to iptables or userspace modes. There is a false negative condition in the check, #51874 addressed that issue.
**Release note**:
```release-note
Load kernel modules automatically inside a kube-proxy pod
```
Automatic merge from submit-queue (batch tested with PRs 54545, 54573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm e2e CI build
**What this PR does / why we need it**:
This fixes kubeadm e2e tests; the tarfile was extracted to the wrong directory in #51250.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes: https://github.com/kubernetes/kubernetes/issues/54330
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@ixdy @pipejakob @kubernetes/sig-cluster-lifecycle-bugs @medinatiger @dims @cmluciano @dixudx
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Delete the parentheses in volumes.go
**What this PR does / why we need it**:
there has only one para so no need the ()
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54399, 54557, 54506). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
hack: rename verify-{staging- -> }imports.sh
The import-verify mechanism is very helpful in restricting imports on a long
way towards splitting out something into a staging repo. Obviously, during
that time it's not about staging repos. This PR renames the verify script
and config for that reality.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add README and LICENSE to staging repos
Addresses https://github.com/kubernetes/kubernetes/issues/54398.
We should use the staging files instead of having some files
authoritative in the external repo. Otherwise, we complicate the
publishing process as it has to know which files come from the latter.
`README.md` and `LICENSE` are authoritative in external repos.
We should move them to staging.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a grammatical problem in a comment
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 54537, 54558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
importverifier: fix isPathUnder for base == path
isPathUnder returned false for base == path, but should return true.
Automatic merge from submit-queue (batch tested with PRs 54537, 54558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Address lint errors on Juju charms
**What this PR does / why we need it**: Two minor code style errors were recently introduced to the Juju charms of CDK. This blocks their build.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 54287, 54503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new interface for scheduling queue
This PR paves the way to add a different data structure (e.g., priority queue) in subsequent PRs, but it does not make any logical or behavioral changes.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
ref/ #54501
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
audit backend run before http server start and register presShutdown …
…hook
**What this PR does / why we need it**:
1. audit backend run before http server start , prevent coming request audit blocking
2. audit backend use preShutdownHook.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54286
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54327, 54433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate the SSH Tunneling functionality in API Server
#
**What this PR does / why we need it**:
As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Related to #54076
**Special notes for your reviewer**:
Please see discussion on mailing list:
https://groups.google.com/d/msg/kubernetes-sig-api-machinery/bwJJ93qA99o/pRTVFaIlBAAJ
**Release note**:
```release-note
kube-apiserver: `--ssh-user` and `--ssh-keyfile` are now deprecated and will be removed in a future release. Users of SSH tunnel functionality used in Google Container Engine for the Master -> Cluster communication should plan to transition to alternate methods for bridging master and node networks.
```
Automatic merge from submit-queue (batch tested with PRs 53051, 52489, 53920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement `kubectl alpha diff` to diff resources
`kubectl alpha diff` lets you diff your resources against live
resources, or last applied, or even preview what changes are going to be
applied on the cluster.
This is still quite premature, and mostly untested.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
Clearly not ready for Release note.
```release-note
NONE
```
kubernetes/community#287
Automatic merge from submit-queue (batch tested with PRs 53051, 52489, 53920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Test gcloud exit status when detecting master for GCE e2e test
e2e tests exit on error, so without testing the exit status of a command its scripted error message will never be printed.
**What this PR does / why we need it**: This prints the intended "could not detect Kubernetes master" error message instead of a stack trace from e2e test
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52474
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53051, 52489, 53920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix todo
**What this PR does / why we need it**:
fix todo
thanks
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix issue(#52244)kubectl describe serviceaccount have redundance null…
… line, we should keep accordance for kubectl describe command
**What this PR does / why we need it**:
close issue #52244
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
tamal