Automatic merge from submit-queue (batch tested with PRs 62423, 66180, 66492, 66506, 65242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add user assigned MSI support
**What this PR does / why we need it**:
Adds the support for generating tokens via user assigned MSI.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add myself, Micah to reviewers
**Release note**:
```release-note
NONE
```
Signed-off-by: Nick Turner <nic@amazon.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix computing number of nodes to break in CA e2e unhealthy cluster test.
**What this PR does / why we need it**:
Fixes computing number of nodes to break in the e2e for Cluster Autoscaler acting on an unhealthy cluster.
**Release note**:
```
NONE
```
@MaciekPytel
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add pod UID
**What this PR does / why we need it**:
Add pod UID. The test passes but we'll get error info when run with `GOFLAGS=-v`:
```
E0723 09:18:18.393249 45452 node_info.go:477] Cannot get pod key, err: Cannot get cache key for pod with empty UID
E0723 09:18:18.393440 45452 node_info.go:490] Cannot get pod key, err: Cannot get cache key for pod with empty UID
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url,
not just a path
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix acr could not be listed in sp issue
**What this PR does / why we need it**:
after granting sp access to azure ACR , pull image from ACR would fail, and after wait about 15-30min(or restart kubelet directly), pull image would succeed. Root cause is that `servicePrincipalToken` needs to be refreshed when doing `registryClient.List`, otherwise it will always return empty registry list. Pull image error would be like following:
```
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 8m (x3 over 8m) default-scheduler 0/1 nodes are available: 1 Insufficient cpu.
Normal Scheduled 8m default-scheduler Successfully assigned nginx-server-776564f79c-zhtjk to aks-nodepool1-20881069-0
Normal SuccessfulMountVolume 8m kubelet, aks-nodepool1-20881069-0 MountVolume.SetUp succeeded for volume "default-token-4t7tk"
Normal SuccessfulMountVolume 8m kubelet, aks-nodepool1-20881069-0 MountVolume.SetUp succeeded for volume "pvc-5c1f0521-739f-11e8-9b69-0a58ac1f09c2"
Warning Failed 8m (x5 over 8m) kubelet, aks-nodepool1-20881069-0 Error: ImagePullBackOff
Normal BackOff 8m (x5 over 8m) kubelet, aks-nodepool1-20881069-0 Back-off pulling image "andyacr.azurecr.io/nginx-server:1.0.0"
Warning Failed 8m (x2 over 8m) kubelet, aks-nodepool1-20881069-0 Error: ErrImagePull
Warning Failed 8m (x2 over 8m) kubelet, aks-nodepool1-20881069-0 Failed to pull image "andyacr.azurecr.io/nginx-server:1.0.0": rpc error: code = Unknown desc = Error response from daemon: Get https://andyacr.azurecr.io/v2/nginx-server/manifests/1.0.0: unauthorized: authentication required
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65225
**Special notes for your reviewer**:
After discuss with dong, `registryClient.List` won't be necessary, instead we return `{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}` like aws, gce code logic, it will do the url matching.
I will cherry pick this PR to all supported version, every version has this issue.
**Release note**:
```
fix acr could not be listed in sp issue
```
/sig azure
/assign @feiskyer @khenidak @brendandburns @karataliu
The --docker-disable-shared-pid flag has been deprecated since 1.10 and
has been superceded by ShareProcessNamespace in the pod API, which is
scheduled for beta in 1.12.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use subtest for table units (pkg/scheduler/core)
**What this PR does / why we need it**: Update scheduler's unit table tests to use subtest
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
breaks up PR: https://github.com/kubernetes/kubernetes/pull/63281
/ref #63267
**Release note**:
```release-note
This PR will leverage subtests on the existing table tests for the scheduler units.
Some refactoring of error/status messages and functions to align with new approach.
```
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dry-run: Create feature-gate flag
Creates a feature gate flag for dry-run. Currently, dry-run query parameter is completely blocking all requests, once the feature is implemented, the flag will allow the parameter to pass if enabled.
cc @jennybuckley @deads2k @liggitt @lavalamp
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix volume limit for EBS on m5 and c5 instances
This is a fix for lower volume limits on m5 and c5 instance types while we wait for https://github.com/kubernetes/features/issues/554 to land GA.
This problem became urgent because many of our users are trying to migrate to those instance types in light of spectre/meltdown vulnerability but lower volume limit on those instance types often causes cluster instability. Yes they can workaround by configuring the scheduler with lower limit but often this becomes somewhat difficult to do when cluster is mixed.
The newer default limits were picked from https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/volume_limits.html
Text about spectre/meltdown is available on - https://community.bitnami.com/t/spectre-variant-2/54961/5
/sig storage
/sig scheduling
```release-note
Fix volume limit for EBS on m5 and c5 instance types
```
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Passing `KUBE_TEST_ARGS` variable to make through process environment instead of command line flags
**What this PR does / why we need it**:
Passing `KUBE_TEST_ARGS` variable to make through process environment instead of command line flags.
`$` character has special meaning in `make`, if `KUBE_TEST_ARGS` contains `$`, it cannot be passed to `make test`. Actually, we can simply pass variables to make through process environment. This makes following scenario to work:
```
export KUBE_TEST_ARGS='-run ^TestVolumeBinding$'
make test-integration WHAT=./test/integration/scheduler
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix logs command to be generic for all resources again
--all-containers should not have been allowed as it was because it only worked for pods. This approach does not make sense for a polymorphic command. Rather than roll it back, I'll take the time to make it generic. Because of this and other pods-only options, we now have inconsistencies with the command that should be addressed separately.
@CaoShuFeng
/assign @juanvallejo @soltysh
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Godeps after removing influx tests
When the influx tests were removed, it should have also removed the
influx deps from Godeps. This does that.
See also #66175
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds a build example with KUBE_BUILD_PLATFORMS
**What this PR does / why we need it**:
I didn't manage to find any guides about how to build the specific binary for the specific platform in docs (in this repo and in the community repo). Also it was quite hard for me to follow build scripts. At the end, I found help on the kubernetes-dev channel in Slack:`KUBE_BUILD_PLATFORMS` seems to do what I want. I think, would be great to have it documented somehow: The "Key scripts" section of the build doc seems to be a good place to mention it.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move api rules list under api-approvers-owned package
Additions to this list should be rare and carefully reviewed
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
extend timeout to workaround slow arm64 math
**What this PR does / why we need it**:
The math/big functions are slow on arm64. There is improvement coming
with go1.11 but until such time as that version can be used to build releases,
if a server uses rsa certificates on arm64, the math load for the multitude
of watches over-taxes the ability of the processor and the TLS connections
time out. Retries will also not succeed and serve to exacerbate the problem.
By extending the timeout, the TLS connections will eventually be
successful and the load will drop.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64649
**Special notes for your reviewer**:
This was tested on a Raspberry Pi 3
**Release note**:
```release-note
Extend TLS timeouts to work around slow arm64 math/big
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
indicate which scheme has conflicting data
An oversight when adding scheme origination to error messages. There are a couple state dependent panics which are useful to gain info on.
@sttts
@kubernetes/sig-api-machinery-misc
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump subpath test pod timeout to 5 minutes
Fixes: #66376
It seems that sometimes `Attach` on GCP side can take multiple minutes (when recently detached from another node) and therefore the old timeout of 1 minute is not long enough. 5 minutes is standard elsewhere and seems to be long enough for the long tail of GCE Attach time.
Also the ext4 test was really hard to debug because all the old PD tests call all the pods "pd-injector" and all the volume mounts "pd-volume." Made a change to make that more readable by adding a length 4 random string suffix.
/kind flake
/sig storage
/assign @msau42
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: stop setting UID in the kubelet ConfigMap
**What this PR does / why we need it**: kubeadm: stop setting UID in the kubelet ConfigMap
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubeadm/issues/921#
**Release note**:
```release-note
kubeadm: stop setting UID in the kubelet ConfigMap
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor kubelet node status setters, add test coverage
This internal refactor moves the node status setters to a new package, explicitly injects dependencies to facilitate unit testing, and adds individual unit tests for the setters.
I gave each setter a distinct commit to facilitate review.
Non-goals:
- I intentionally excluded the class of setters that return a "modified" boolean, as I want to think more carefully about how to cleanly handle the behavior, and this PR is already rather large.
- I would like to clean up the status update control loops as well, but that belongs in a separate PR.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors
**What this PR does / why we need it**:
This is a followup PR for https://github.com/kubernetes/kubernetes/pull/64664 to handle errors returned from `.AddToScheme()` in places where they are not handled.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
/cc @sttts
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic printing pods with nominatedNode names
Fixes#66379
```release-note
kubectl: fixes a panic displaying pods with nominatedNodeName set
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update crictl to v1.11.1.
Update `crictl` to v1.11.1 to fix several bugs. Release note: https://github.com/kubernetes-incubator/cri-tools/releases/tag/v1.11.1
@kubernetes/sig-node-pr-reviews @kubernetes/sig-cluster-lifecycle-pr-reviews
@kubernetes/sig-gcp-pr-reviews
Signed-off-by: Lantao Liu <lantaol@google.com>
```release-note
Update crictl to v1.11.1.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not attempt to convert nil object during DELETE webhook admission
Fixes#66412
```release-note
fixes a panic when using a mutating webhook admission plugin with a DELETE operation
```
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present. This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.
Automatic merge from submit-queue (batch tested with PRs 66098, 66389, 66400, 66413, 66378). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a typo in csiPlugin comment
**What this PR does / why we need it**:
Fix a typo in csiPlugin comment.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66098, 66389, 66400, 66413, 66378). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only build generators for building platform
**What this PR does / why we need it**:
The code generator binaries are built using the `hack/make-rules/build.sh` script. If you run a command like `make kubectl KUBE_BUILD_PLATFORMS=darwin/amd64` that passes a `KUBE_BUILD_PLATFORMS` that *doesn't* include the building platform, the code generator binaries will be built on the target platform, but NOT the building platform (which doesn't make sense). Also, if you specify `make cross` it will build the code generators for *all* platforms, which is also unnecessary.
This change ensures that `KUBE_BUILD_PLATFORMS` is an empty string when building the code generators, which ensures that they will only be built for the building platform.
This also fixes an issue when using the linux-based cross build container to target a specific platform other than linux/amd64.
Example command that is broken: `build/run.sh make kubectl KUBE_BUILD_PLATFORMS=darwin/amd64`
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66098, 66389, 66400, 66413, 66378). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Return correct error type and HTTP Status code for operation errors
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66399
**Special notes for your reviewer**:
/assign bowei, zihongz, rramkumar
/cc bowei
**Release note**:
```release-note
GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5.
```
Kubernetes Submit Queue