Automatic merge from submit-queue
Added missing closing parens to kubectl describe node command
Closing parens was missing in the "Total limits may be over 100%" line. See below:
```
$ kubectl describe node
Name: minikube
...
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.
CPU Requests CPU Limits Memory Requests Memory Limits
...
```
```release-note
Improve kubectl describe node output by adding closing paren
```
Automatic merge from submit-queue (batch tested with PRs 37617, 40197)
dnsprovider: Add direct access to Route53 data
This methods allow us to develop advanced functionality for Route53,
before we add all the functionality to the cross-provider interface.
Use of these methods should be avoided, and adding methods to the
cross-provider interfaces should be preferred.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40828, 40821)
test/images/mount-tester-user: bump base image to 0.8
This PR bumps the base image used by `mount-tester-user` after
https://github.com/kubernetes/kubernetes/pull/40613.
Automatic merge from submit-queue
Bump GCE to container-vm-v20170201
```release-note
Bump GCE ContainerVM to container-vm-v20170201 to address CVE-2016-9962.
```
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
kubeadm: kube-proxy needs to know the pod subnet CIDR
**What this PR does / why we need it**: `kube-proxy` 1.5 has a new flag `cluster-cidr` that isn't specified by `kubeadm`, thus resulting in bug https://github.com/kubernetes/kubeadm/issues/102.
**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/102
**Special notes for your reviewer**:
/cc @luxas @dmmcquay
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
kubeadm: preflight check for incorrect FQDN
**What this PR does / why we need it**: There are a variety of system configuration errors (such as cloud-init bugs when deploying on AWS) which can cause hostname and uname -n to be wrong for a given host. This will cause kubeadm setup to fail in interesting and hard-to-figure-out ways (it doesn't fail until you start trying to set up DNS on the master, for example).
This PR adds a preflight check to test whether or not the server can reach itself using that name. This does not catch the case that the FQDN belongs to a different but valid server, but it would catch some of the cases.
**Which issue this PR fixes** : fixes https://github.com/kubernetes/kubeadm/issues/135
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
Add bootstrap cluster role for external pv provisioners
The set of permissions an external provisioner https://github.com/kubernetes/kubernetes/pull/30285 running as a pod will need. Technically in order to dynamically provision PVs one doesn't need to "update" PVCs or "watch" events but the controller https://github.com/kubernetes-incubator/nfs-provisioner/tree/master/controller we are recommending people use does those things to: set lock annotations on PVCs and watch `ProvisioningSucceeded`/`ProvisioningFailed` events.
Some external provisioners may need additional permissions, for example nfs-provisioner requires "get" access to Services and Endpoints when run "statefully." I think in that case we would recommend creating a new ClusterRole specific to that provisioner, using this as a base?
(This was to be a part of my redo/fix of the external e2e test https://github.com/kubernetes/kubernetes/pull/39545 but I'm submitting it as a separate PR for now due to some issues I had with running nfs-provisioner on gce.)
@kubernetes/sig-auth-misc ?
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440)
move api server no kube dep packages
Simple moves, see commit titles. I did not move the source of the generated swagger, I simply change the destination of the script. I'm ok building a little debt to complete the move.
@sttts
Automatic merge from submit-queue
securitycontext: move docker-specific logic into kubelet/dockertools
This change moves the code specific to docker to kubelet/dockertools,
while leaving the common utility functions at its current package
(pkg/securitycontext).
When we deprecate dockertools in the future, the code will be moved to
pkg/kubelet/dockershim instead.
Automatic merge from submit-queue
add OWNERS for client-go
client-go is the source (not a copy) for the generic client libraries we wrote. This is a copy of the OWNERS file from `pkg/client`.
Automatic merge from submit-queue (batch tested with PRs 40758, 39145, 40776)
Bumps addon-manager to v6.4-alpha.1 for supporting optional ConfigMap
From #40382. Bumps up addon-manager to use v1.6.0-alpha.1 kubectl for the optional ConfigMap feature. Below images have been pushed:
- gcr.io/google-containers/kube-addon-manager:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-amd64:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-arm:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-arm64:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-ppc64le:v6.4-alpha.1
- gcr.io/google-containers/kube-addon-manager-s390x:v6.4-alpha.1
@liggitt @bowei
Automatic merge from submit-queue
kubeadm: Move some code from apiclient.go to the dedicated apiconfig phase
**What this PR does / why we need it**:
Add constants and somewhat refactor the RBAC code as well + some cleanup.
I'm planning to rewrite the code in `setupmaster.go` later, but this PR has only the move of the code for easier reviewing.
**Special notes for your reviewer**:
This is broken out from: https://github.com/kubernetes/kubernetes/pull/40556
**Release note**:
```release-note
NONE
```
@mikedanese @pires @dmmcquay @dgoodwin
Automatic merge from submit-queue (batch tested with PRs 40124, 39216, 40561, 40595, 40735)
Include a dummy src tarball unless PACKAGE_SRC=true is set
**What this PR does / why we need it**: alternative to #40546. I think this will keep the cluster startup scripts happy.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Use full package path for definition name in OpenAPI spec
We were using short package name (last part of package name) plus type name for OpenAPI spec definition name. That can result in duplicate names and make the spec invalid. To be sure we will always have unique names, we are going to use full package name as definition name. Also "x-kubernetes-tag" custom field is added to definitions to list Group/Version/Kind for the definitions that has it. This will help clients to discover definitions easier.
Lastly, we've added a reference from old definition names to the new ones to keep backward compatibilities. The list of old definitions will not be updated.
**Release note**:
- Rename OpenAPI definition names to type's full package names to prevent duplicates
- Create OpenAPI extension "x-kubernetes-group-version-kind" for definitions to store Group/Version/Kind
- Deprecate old definition names and create a reference to the new definitions. Old definitions will be removed in the next release.
Automatic merge from submit-queue (batch tested with PRs 40798, 40658)
genericapiserver: cut off more dependencies – episode 4
Follow-up of https://github.com/kubernetes/kubernetes/pull/40426.
TODO:
- [x] resync client-go before "genericapiserver: cutting off pkg/api deps" when #40426 went in and mirror repos are synched.
approved based on #40363
Automatic merge from submit-queue (batch tested with PRs 40801, 40797)
kubeadm: set maxUnavailable and maxSurge for self-hosted component deployments
**What this PR does / why we need it**: This PR explicitly specifies `kubeadm` self-hosted components deployment update strategy (`RollingUpdateDeploymentStrategyType`) and its parameters (`maxUnavailable` and `maxSurge`).
**Which issue this PR fixes**:
Refs https://github.com/kubernetes/kubernetes/pull/40075#discussion_r97107015
Refs https://github.com/kubernetes/kubeadm/issues/127
**Special notes for your reviewer**: /cc @kargakis @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 40801, 40797)
sync client-go
Our first straight mechanical sync! `client-go/pkg` looks nice and slim, we're authoritative for all other packages.
@caesarxuchao @sttts
Dr. Stefan Schimanski