Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle gazelle moving to a new repo
Gazelle moved to a new repo, and out of bazebuild/rules_go. At first I tried the same approach I used for kubernetes/test-infra and just bumped to the new repo. Turns out that version was later than what is used here in kubernetes/kubernetes. Now I'm trying to use a rewritten version of `go_install_from_commit` to support installing packages that aren't available at HEAD
ref kubernetes/test-infra#6075
/priority critical-urgent
https://k8s-testgrid.appspot.com/presubmits-kubernetes-blocking#pull-kubernetes-verify is blocked until this is addressed
This is brittle and really only intended to workaround the fact that
gazelle has moved out of the bazelbuild/rules_go repo to its own
repo. I would rather see this reverted once we move to the same
version of gazelle as used by kubernetes/test-infra
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
local-up-cluster.sh: improve messages when running with ENABLE_DAEMON=true
**What this PR does / why we need it**:
Don't suggest to use `Ctrl+C` or open up another terminal when the script was running with `ENABLE_DAEMON=true`.
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 57292, 56274, 57435, 57438, 57429). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enable podpreset by default in local up cluster
**What this PR does / why we need it**:
This PR enables PodPreset in Admission control and also for that
to work on the apiserver level enalbes the API group
settings.k8s.io/v1alpha1.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57434, 57221, 57417, 57474, 57481). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fabiano no longer a thing
**What this PR does / why we need it**: Removes me from lists of reviewers and approvers.
**Release note**:
```release-note
NONE
```
In 027c8b9ef2, we added code to
move from .dockercfg to config.json file. But we forgot to use
the right secret type and the key to store the base64'ed creds
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: reusable main.go logic, preparation for kube-gen
Split main.go files into plumbing and calls to NewDefaults, AddFlags and Validate. This will allow us to create kube-gen without duplicating much code, at least no generator logic (with the exception of a little loop in client-gen adding the group path to the input dirs).
Automatic merge from submit-queue (batch tested with PRs 55475, 57155, 57260, 57222). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make sure that 'ldflags' are space-safe
**What this PR does / why we need it**:
Recently I met the problem as #56216 described, I download the source-tar of 1.8.5 and run `make` command failed because of invalid ldflag:
`-X k8s.io/kubernetes/pkg/version.gitTreeState=git archive`
Though #56249 has change version string `git archive` to `archive`, i think we should avoid this problem happen again.
cc @ixdy
**Release note**: NONE
Automatic merge from submit-queue (batch tested with PRs 55751, 57337, 56406, 56864, 57347). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add pod-selector kubectl drain
**Release note**:
```release-note
Added the ability to select pods in a chosen node to be drained, based on given pod label-selector
```
This patch adds the ability to select pods in a chosen node to be drained, based on given pod label-selector. Related downstream issue: https://github.com/openshift/origin/issues/17554
Further, it removes explicit, specific, pod-controller check. The `drain` command currently fails if a pod has a controller of a `kind` [not explicitly handled in the command itself](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/drain.go#L331). This causes `drain` to be unusable if a node contains pods managed by third-party, or "unknown" controllers.
Based on [this comment](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/drain.go#L353), the expectation was to fail if a pod's controller was not found for whatever reason. I believe that the `drain` command should not care about the existence of a pod controller. It should only care whether a pod has one, and act according to that controller kind. This solves a downstream bug: https://github.com/openshift/origin/issues/17563
cc @fabianofranz @deads2k @kubernetes/sig-cli-misc
Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use k8s.gcr.io vanity domain for container images
Related issue: https://github.com/kubernetes/release/issues/281
```release-note
Use "k8s.gcr.io" for container images rather than "gcr.io/google_containers". This is just a redirect, for now, so should not impact anyone materially.
Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
```
Automatic merge from submit-queue (batch tested with PRs 54902, 56831, 56702, 56287, 56878). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a comment in hack/lib/version.sh about which tags are used to get the version
The `--tags` flag to `git describe` specifically adds in lightweight tags. This just makes the comment correct.
Alternatively, that flag could be removed from the command, but I think that requires more detailed thinking.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56390, 56334, 55572, 55598, 56563). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add parent PR title to cherry-picked PR title
**What this PR does / why we need it**:
Currently the cherry-picked PR title is like this: `Automated cherry pick of #55558`. This is not so readable when reading from PR list. This PR adds the original title to the cherry-picked PR title. This will make the title a bit long though...
See example: https://github.com/kubernetes/kubernetes/pull/55597
`Automated cherry pick of #55558: Apply taint when a volume is stuck in attaching state on node`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56217, 56268, 56263, 56328, 56200). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
export ENABLE_POD_PP=true to enable Pod priority and preemption
**What this PR does / why we need it**:
Though pod priority and preemption is disabled by default in Kubernetes 1.8, it too many steps if you want to enable the feature manually. It is important to enable it in `local-up` cluster by `export` variable.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#](https://github.com/kubernetes/kubeadm/issues/554)
**Special notes for your reviewer**:
cc @shashidharatd @sttts @lavalamp
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57172, 55382, 56147, 56146, 56158). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make quick-verify: show script names without full paths
**What this PR does / why we need it**:
This PR modifies the output of `make quick-verify` by showing script names without full paths. This simplifies reading its output during debugging session.
Before:
```
FAILED hack/make-rules/../../hack/verify-boilerplate.sh 1s
Skipping hack/make-rules/../../hack/verify-cli-conventions.sh in quick mode
Skipping hack/make-rules/../../hack/verify-codegen.sh in quick mode
Skipping hack/make-rules/../../hack/verify-description.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-device-plugin.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-docs.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-files-remake.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-protobuf.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-runtime.sh in quick mode
Skipping hack/make-rules/../../hack/verify-generated-swagger-docs.sh in quick mode
Verifying hack/make-rules/../../hack/verify-godep-licenses.sh
Checking for 'Godeps/' changes against 'upstream/master'
SUCCESS hack/make-rules/../../hack/verify-godep-licenses.sh 14s
```
After:
```
FAILED verify-boilerplate.sh 1s
Skipping verify-cli-conventions.sh in quick mode
Skipping verify-codegen.sh in quick mode
Skipping verify-description.sh in quick mode
Skipping verify-generated-device-plugin.sh in quick mode
Skipping verify-generated-docs.sh in quick mode
Skipping verify-generated-files-remake.sh in quick mode
Skipping verify-generated-protobuf.sh in quick mode
Skipping verify-generated-runtime.sh in quick mode
Skipping verify-generated-swagger-docs.sh in quick mode
Verifying verify-godep-licenses.sh
Checking for 'Godeps/' changes against 'upstream/master'
SUCCESS verify-godep-licenses.sh 14s
```
**Release note**:
```release-note
NONE
```
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 54410, 56184, 56199, 56191, 56231). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
hack: fix godep license parsing for gopkg.in packages
The script incorrectly thinks that `gopkg.in/square/go-jose.v2/cipher`
doesn't have a license because it parses `gopkg.in/square` as the
root of the repo, even though `gopkg.in/square/go-jose.v2` is the
root.
Add special handling for gopkg.in packages by grep'ing for the
version that gopkg.in appends to the package name.
Extracted from https://github.com/kubernetes/kubernetes/pull/56161
cc @thockin
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-apiserver: enable admissionregistration v1beta1 api by default
We have this enabled in the GCE cluster and in local-cluster-up, but forgot to switch the default. If we want people to use this feature by default in production clusters, we better enable the API.
Moreover, this PR fixes that beta works without alpha.
```release-note
Enable admissionregistration.k8s.io/v1beta1 by default in kube-apiserver.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Dashboard addon to version 1.8.0 and align /ui redirect with it
**What this PR does / why we need it**: In Dashboard 1.8.0 we have introduced a couple of changes (security, settings, new resources etc.) and fixed a lot of bugs. You can check release notes at https://github.com/kubernetes/dashboard/releases/tag/v1.8.0.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Updated Dashboard add-on to version 1.8.0.
- The Dashboard add-on now deploys with https enabled
- The Dashboard can be accessed via kubectl proxy at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
- The /ui redirect is deprecated and will be removed in 1.10
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use `git archive` to produce kubernetes-src.tar.gz when git tree is clean
**What this PR does / why we need it**: uses `git archive` to embed version information in the kubernetes source tarball produced in releases. Due to recent changes, the version information was missing from the source tarball, causing builds from these source tarballs to potentially fail.
This also includes a fix inspired by #56216, since the ld flags in `hack/lib/version.sh` are not space-safe.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56246
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @david-mcmahon
/priority urgent-soon
/sig release
cc @mrueg
Automatic merge from submit-queue (batch tested with PRs 55952, 49112, 55450, 56178, 56151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
New API group for Events.
Fixkubernetes/features#383
cc @shyamjvs
```release-note
Add events.k8s.io api group with v1beta1 API containing redesigned Event type.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Expose single annotation/label via downward API
**What this PR does / why we need it**:
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/annotations-downward-api.md
Support exposing single annotation via both env and volume downward API using the following syntax:
```
metadata.annotations['key']
metadata.labels['key']
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
#31218
**Special notes for your reviewer**:
This PR takes over the work in https://github.com/kubernetes/kubernetes/pull/41648.
**Release note**:
```
A single value in metadata.annotations/metadata.labels can be passed into the containers via Downward API
```
/assign @thockin @vishh
Automatic merge from submit-queue (batch tested with PRs 55545, 55548, 55815, 56136, 56185). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix storageclass unit tests
Before this change, a unit test fails:
```
make test WHAT=k8s.io/kubernetes/pkg/registry/storage/storageclass/storage
```
**Release note**:
```release-note
NONE
```
/assign @saad-ali
/assign @thockin
The script incorrectly thinks that `gopkg.in/square/go-jose.v2/cipher`
doesn't have a license because it parses `gopkg.in/square` as the
root of the repo, even though `gopkg.in/square/go-jose.v2` is the
root.
Add special handling for gopkg.in packages by grep'ing for the
version that gopkg.in appends to the package name.
Automatic merge from submit-queue (batch tested with PRs 51494, 56097, 56072, 56175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubelet flags take precedence over config from files/ConfigMaps
Changes the Kubelet configuration flag precedence order so that flags
take precedence over config from files/ConfigMaps.
See:
https://docs.google.com/document/d/18-MsChpTkrMGCSqAQN9QGgWuuFoK90SznBbwVkfZryo/
Also modifies e2e node test suite to transform all relevant Kubelet flags into
a config file before starting tests when the KubeletConfigFile feature gate is
true, and turns on the KubeletConfigFile gate for all e2e node tests.
This allows the alpha dynamic Kubelet config feature to continue to
work in tests after the precedence change.
fixes#56171
Related: https://github.com/kubernetes/features/issues/281
```release-note
CLI flags passed to the Kubelet now take precedence over Kubelet config files and dynamic Kubelet config. This helps ensure backwards compatible behavior across Kubelet binary updates.
```
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make versioned types for webhook admission config
Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.
@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised. fyi.
```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
configuration:
kind: WebhookAdmission
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /path/to/my/file
```
`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`
Changes the Kubelet configuration flag precedence order so that flags
take precedence over config from files/ConfigMaps.
See issue #56171 for more details.
Also modifies e2e node test suite to transform all relevant Kubelet
flags into a config file before starting tests when the
KubeletConfigFile feature gate is true, and turns on the
KubeletConfigFile gate for all e2e node tests. This allows the alpha
dynamic Kubelet config feature to continue to work in tests after
the precedence change.
Christoph Blecker