Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ipvs: add addrtype match for nodeport
**What this PR does / why we need it**:
before this PR:
```
-A KUBE-SERVICES -m comment --comment "Kubernetes nodeport TCP port for masquerade purpose" -m set --match-set KUBE-NODE-PORT-TCP dst -j KUBE-NODE-PORT
-A KUBE-SERVICES -m comment --comment "Kubernetes service cluster ip + port for masquerade purpose" -m set --match-set KUBE-CLUSTER-IP dst,dst -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m set --match-set KUBE-CLUSTER-IP dst,dst -j ACCEPT
-A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port with externalTrafficPolicy=local" -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j RETURN
-A KUBE-NODE-PORT -j KUBE-MARK-MASQ
```
after this PR:
```
-A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port with externalTrafficPolicy=local" -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j RETURN
-A KUBE-NODE-PORT -p tcp -m comment --comment "Kubernetes nodeport TCP port for masquerade purpose" -m set --match-set KUBE-NODE-PORT-TCP dst -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "Kubernetes service cluster ip + port for masquerade purpose" -m set --match-set KUBE-CLUSTER-IP dst,dst -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m set --match-set KUBE-CLUSTER-IP dst,dst -j ACCEPT
-A KUBE-SERVICES -m addrtype --dst-type LOCAL -j KUBE-NODE-PORT
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65459
**Special notes for your reviewer**:
manually tested cases:
- ClusterIP distributed to pod on same node
- ClusterIP distributed to pod on other node
- NodePort distributed to pod on same node
- NodePort distributed to pod on other node
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add integration test for scheduler "on PVC add" event handling
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67246
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67274, 67285). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: plumb context for log requests
This allows kubelets to stop the necessary work when the context has
been canceled (e.g., connection closed), and not leaking a goroutine
and inotify watcher waiting indefinitely.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Partially fixes#64315
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix kubelet to not leak goroutines/intofiy watchers on an inactive connection if it's closed
```
Automatic merge from submit-queue (batch tested with PRs 67274, 67285). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move dependency from k/k/pkg/apis/core to staging
**What this PR does / why we need it**:
This PR moves a dependency from with Kubernetes core (k8s.io/kubernetes/pkg/apis/core) to staging
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Helps Fix: Remove Kubectl dependencies on kubernetes/pkg/api and kubernetes/pkg/apis
https://github.com/kubernetes/kubectl/issues/83
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "Update kube::util::ensure-cfssl"
This reverts commit 7a10073e4a.
**What this PR does / why we need it**: this change broke using the cluster scripts without a git checkout of kubernetes in your go path (in CI for other projects we get these from artifact tarballs)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67286
**Special notes for your reviewer**: this unbreaks CI, we'll probably want to follow up with a change that actually uses vendor similar to this soon though.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
End2End tests for DynamicVolumeProvisioning of EBS
**What this PR does / why we need it**:
Add end2end tests to exercise `DynamicProvisioningScheduling` features for EBS. The tests make sure `WaitForFirstConsumer` and `AllowedTopologies` specified in a EBS storage class has the desired effect.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Tests features added to 217a3d8902
**Release note**:
```
NONE
```
/sig storage
/assign @msau42 @jsafrane
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to use debian-base:0.3.2
**What this PR does / why we need it**: uses the fixed debian-base image from #67222.
Also includes a small fix for a bug in the debian-base Makefile that I introduced in that same PR.
This is basically a rehash of #67026.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
macOS and docker for mac don't play nicely with mktemp
**What this PR does / why we need it**:
On macOS mktemp -d drops something in /var/folders, which isn't
shared by default with Docker for Mac. Thus I can't run docker
with that volume mounted to build binaries for test images. So
instead, tell mktemp to use kubernetes/_tmp as its base, which
is what I see some of the hack/verify-* scripts use
I had to use this patch to build images for:
- https://github.com/kubernetes/kubernetes/pull/67030
- https://github.com/kubernetes/kubernetes/pull/67034
- https://github.com/kubernetes/kubernetes/pull/67035
I am _super_ open to a better way of doing this if I missed something
**Special notes for your reviewer**: Kindly make sure this doesn't break
building images on linux
/release-note-none
/sig release
/cc @dims @ixdy
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set kubeadm version as the default version in phase command.
**What this PR does / why we need it**:
In some phase commands which don't use kubernetes version, set kubeadm version as the kubernetes version to avoid get it from internet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/756
**Special notes for your reviewer**:
cc @chrisob
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow running various storage e2e tests on custom images
Ubuntu image is treated as custom image in some e2e tests. We whitelist both ubuntu and custom to run the storage tests.
**Release note**:
```release-note
None
```
/assign @msau42
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure disk create failure due to sdk upgrade
**What this PR does / why we need it**:
fix azure storage account creation failure, this happens only on unmanaged k8s cluster on Azure.
This bug is due to azure-sdk-for-go API change introduced in v1.11:
fbe7db0e3f/services/storage/mgmt/2017-10-01/storage/models.go (L381-L382)
there is a new field `Kind` which is required, so any sdk upgrade from and old version would break the storage account creation since old code won't use `Kind`. I have filed an issue to azure-sdk-for-go: https://github.com/Azure/azure-sdk-for-go/issues/2182
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67234
**Special notes for your reviewer**:
**Release note**:
```
fix azure disk create failure due to sdk upgrade
```
/kind bug
/sig azure
/assign @feiskyer
FYI @khenidak @brendandburns
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove ARCH specific image consideration from e2e tests
Change-Id: I309fec49b030a4d457890f25d2f69e7c641c03fd
**What this PR does / why we need it**:
All e2e test images are now using multi-arch manifests so we should stop
looking up and using images that are specific to runtime.GOARCH
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This allows kubelets to stop the necessary work when the context has
been canceled (e.g., connection closed), and not leaking a goroutine
and inotify watcher waiting indefinitely.
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm join --control-plane main workflow
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm).
With this PR, kubeadm implements the `kubeadm join --control-plane`workflow, as described in the [KEP 0015-kubeadm-join-master.md](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) with the exception of the update of the `kubeadm-config` ConfigMap that will be completed in a following PR as soon as the implementation in the config file will allow it.
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
`kubeadm join` now has the --experimental-control-plane flag that triggers deploy of a new control plane instance on the joining node.
```
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add wait loop for multipath devices to appear
It takes a variable amount of time for the multipath daemon
to create /dev/dm-XX in response to new LUNs being discovered.
The old iscsi_util code only discovered the multipath device
if it was created quickly enough, but in a significant number
of cases, kubelet would grab one of the individual paths and
put a filesystem it on before multipathd could construct a
multipath device.
This change waits for the multipath device to get created for
up to 10 seconds, but only if the PV actually had more than
one portal.
fixes#60894
```release-note
Dynamic provisions that create iSCSI PVs can ensure that multipath is used by specifying 2 or more target portals in the PV, which will cause kubelet to wait up to 10 seconds for the multipath device. PVs with just one portal continue to work as before, with kubelet not waiting for the multipath device and just using the first disk it finds.
```
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CSI plugin now calls NodeGetInfo() to get driver's node ID
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67040
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig storage
@sbezverk @vladimirvivien @saad-ali
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use gcr.io/k8s-testimages/logexporter:v0.1.2.
**What this PR does / why we need it**:
Changes a version of logexporter used in our tests.
Version v0.1.2 contains fixes from https://github.com/kubernetes/test-infra/pull/8978 to help debugging #67120
```release-note
NONE
```
/assign @shyamjvs
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix CRI ListKubeContainers API
**What this PR does / why we need it**:
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
**Which issue this PR fixes**
Fixes: kubernetes/kubeadm#926
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use OWNERS-based labeling for kind/api-change
**What this PR does / why we need it**:
This replaces the following path-label munger config, except
we're using kind/api-change for everything instead of two
different kind/ labels
```
^pkg/api/([^/]+/)?types.go$ kind/api-change
^pkg/api/([^/]+/)?register.go$ kind/new-api
^pkg/apis/[^/]+/([^/]+/)?types.go$ kind/api-change
^pkg/apis/[^/]+/([^/]+/)?register.go$ kind/new-api
```
This fixes https://github.com/kubernetes/test-infra/issues/9007
**Special notes for your reviewer**:
This can be merged independently of us turning path-label off of
mungegithub. While both labeling options are active, they won't
clash, just race.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add UT to RBD volume test of TestGetAccessModes and TestRequiresRemount
**What this PR does / why we need it**:
Add UT to RBD volume test of TestGetAccessModes and TestRequiresRemount
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix get-kube-local.sh 2 wrong parameters.
**bug fix**
1. run ./get-kube-local.sh, and get this error.
> ./get-kube-local.sh: line 60: 2: unbound variable
2. remove duplicate filename in docker run command: `--kubeconfig=${KUBELET_KUBECONFIG}`
**Special notes for your reviewer**:
code detail:
line 88: create-kubelet-kubeconfig "${KUBELET_KUBECONFIG}"
line 59: function create-kubelet-kubeconfig() {
line 60: local destination="${1}"
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove defaulting from shared ComponentConfig types
**What this PR does / why we need it**:
As @deads2k commented in kubernetes/community#2354, we should not register defaults for the shared componentconfig types as it gets very hard for consumer to opt-out of the default defaulting funcs. Instead, the package provides a `DefaultFoo` function the consuming API group can call if it wants to as an opt-in in `SetDefaults_Bar` (where `Bar` wraps `Foo` as a field)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: kubernetes/community#2354
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @sttts @liggitt @deads2k
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Vendor cfssl/cfssljson utilities
**What this PR does / why we need it**:
Vendors the `cfssl` and `cfssljson` tools. Updates `kube::util::ensure-cfssl` to use them.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
fixes#66995, fixes#60070
**Special notes for your reviewer**:
1. Add cfssl/cfssljson ot the required bins for saving
2. Manually cloned/checked out the new dependencies to my gopath. `godep restore` doesn't pull them down because they aren't required or already in the `Godeps.json`. Used @BenTheElder's list here: https://github.com/kubernetes/kubernetes/issues/66995#issuecomment-410594532
3. `hack/godep-save.sh` to add the packages and dependencies to godep
4. Fixed two bugs when building:
a. `golang.org/x/crypto` needed to be updated
b. `github.com/cloudflare/cfssl` needed to be updated to 56268a613a so we can vendor their fork of `crypto/tls`, as we discard their modified vendored stdlib.
5. Update staging godeps
6. Update the `kube::util::ensure-cfssl` to install from vendor
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: recreating resources for immutable fields when force is applied
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66390
**Special notes for your reviewer**:
/assign soltysh juanvallejo
/cc @kubernetes/sig-cli-bugs
**Release note**:
```release-note
kubectl: recreating resources for immutable fields when force is applied
```
This replaces the following path-label munger config, except
we're using kind/api-change for everything instead of two
different kind/ labels
```
^pkg/api/([^/]+/)?types.go$ kind/api-change
^pkg/api/([^/]+/)?register.go$ kind/new-api
^pkg/apis/[^/]+/([^/]+/)?types.go$ kind/api-change
^pkg/apis/[^/]+/([^/]+/)?register.go$ kind/new-api
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
tests: Skips AfterEach step if provider is not supported
**What this PR does / why we need it**:
The BeforeEach step for cluster_size_autoscaling is skipped if
the provider is not gce or gke. The AfterEach step should also
be skipped, since nothing was done.
**Which issue(s) this PR fixes**:
Fixes#67199
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ravi to sig scheduling approvers
**What this PR does / why we need it**:
According to the requirement of Approver at community-membership.md, I meet the following requirements so I'd like to add myself as an approver of scheduler.
I have :
- Authored more than ~40 commits to k/k repository and 22 commits in kube-incubator/descheduler.
- Been co-maintainer on descheduler.
- Been a reviewer for more than 3 months.
- Reviewed/helped in reviewing more than 70 PRs.
- Been helping new contributors in getting upto speed and guide them on performance aspects of the kube-scheduler.
As an approver,
- I agree to only approve familiar PRs
- I agree to be responsive to review/approve requests as per community expectations
- I agree to continue my reviewer work as per community expectations
- I agree to continue my contribution, e.g. PRs, mentor contributors
```release-note
NONE
```
/cc @bsalamat @k82cn @aveshagarwal
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move validation dependency from pkg/apis/core/validation to staging
**What this PR does / why we need it**:
Moves a dependency in metricsutil from `pkg/apis/core/validation` to the staging dependency.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Helps Fix: **Remove Kubectl dependencies on kubernetes/pkg/api and kubernetes/pkg/apis**
https://github.com/kubernetes/kubectl/issues/83
**Special notes for your reviewer**:
```release-note
NONE
```
On macOS mktemp -d drops something in /var/folders, which isn't
shared by default with Docker for Mac. Thus I can't run docker
with that volume mounted to build binaries for test images. So
instead, tell mktemp to use kubernetes/_tmp as its base, which
is what I see some of the hack/verify-* scripts use.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use v1 version of advanced audit policy in kubeadm
audit api version has been updated to v1 #65891
**Release note**:
```release-note
kubeadm uses audit policy v1 instead of v1beta1
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Deduplicate kube-proxy image logic
**What this PR does / why we need it**:
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to generate the image for the manifest.
This PR also removes GetKubeControlPlaneImageNoOverride as it's no longer needed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same
```
1. keep function signature consistent.
implementations of the create-kubelet-kubeconfig function take an apiserver address as the first argument and the destination as the second argument.
2. remove duplicate file name(/kubelet.kubeconfig) in --kubeconfig=${KUBELET_KUBECONFIG}/kubelet.kubeconfig
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ensure ScheduleDSPods respects tainted nodes
- add PodToleratesNodeTaints to ~~nodeSelectionPredicates()~~ checkNodeFitness()
- add integration testcase
Fixes#66348, and would keep the behavior consistent with it was when ScheduleDSPods is disabled.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make the request attributes clearer in forbidden messages
This makes the resource and API group components of a forbidden message explicit (including the "" core API group), to help people trying to match up forbidden errors to required policy changes.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix permissions of qemu-ARCH-static in debian-base and other images
**What this PR does / why we need it**: proper fix for the issue I found in #67215. Some machines (like apparently workstations at Google) have a restrictive umask, so the `qemu-ARCH-static` binaries were getting installed in images without world read/execute permissions, causing utilities like `apt-get` to fail.
There was also a duplicate download/install of these binaries for `debian-iptables`, which further confused the issue. I've since removed that duplicate installation.
Many thanks to @BenTheElder for asking the right question to get me to look at the permissions again.
I haven't pushed any images yet. After merge, I'll build/promote `debian-base:0.3.2`, then update everything to use it, then push some more images, write some more PRs, ...
**Release note**:
```release-note
NONE
```
/assign @tallclair
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixed unsafe type cast in vSphere volume plugin
**What this PR does / why we need it**: Fixes the controller manager panic caused by vSphere volumes being used on the wrong cloud provider.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67218
**Release note**:
```release-note
NONE
```
/assign @saad-ali
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a check for docker version to push fat manifest images
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
This is for adding a check to avoid any corrupted fat manifest creation.
**Special notes for your reviewer**:
@dims @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use const v1.ProtocolTCP replace of string TCP
**What this PR does / why we need it**:
use const v1.ProtocolTCP replace of string TCP
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67161, 67093, 67077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Graduate ResourceQuotaScopeSelectors to beta
All the pre-requisite items listed in the tracker issue, https://github.com/kubernetes/kubernetes/issues/66673, have got merged. Therefore, opening this PR to graduate scope selectors field in the resource quota spec.
**Release note**:
```release-note
Graduate Resource Quota ScopeSelectors to beta, and enable it by default.
```
/cc @derekwaynecarr @deads2k @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 67161, 67093, 67077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
improve kubeconfig file modification time
In cases where there are few destination filenames for a given
amount of contexts, but a large amount of contexts, this patch
prevents reading and writing to the same file (or small number
of files) over and over again needlessly.
**Release note**:
```release-note
Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts
```
cc @deads2k
Bin Lu