Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address
**What this PR does / why we need it**: `--healthz-bind-address` and `--metrics-bind-address` are broken for kube-proxy as they do not allow `ip:port` format, though they claim to support it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Fixes#53754
**Special notes for your reviewer**:
cc @ncdc
**Release note**:
```release-note
Fix kube-proxy flags validation for --healthz-bind-address and --metrics-bind-address to allow specifying ip:port.
```
Automatic merge from submit-queue (batch tested with PRs 59052, 59157, 59428, 59949, 60151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
svcacct: default expiration of TokenRequest
* default expiration seconds to 1 hour
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59052, 59157, 59428, 59949, 60151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Marking CSIPersistentVolumeSource as Beta
**What this PR does / why we need it**:
This PR marks the `CSIPersistentVolumeSource` type as being `Beta`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58718
```release-note
Move CSI PersistentVolumes to Beta
```
Automatic merge from submit-queue (batch tested with PRs 58716, 59977, 59316, 59884, 60117). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ShareProcessNamespace to PodSpec
**What this PR does / why we need it**: This adds an option to the Kubernetes API to configure sharing a process (PID) namespace between the containers in a pod, as described in the [shared pid proposal](https://github.com/verb/community/blob/master/contributors/design-proposals/node/pod-pid-namespace.md).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
WIP #1615
**Special notes for your reviewer**:
Questions for API reviewer:
- [ ] Is the documentation sufficient to describe the new option?
- [x] Does the new field better belong in the security context?
- [x] is prepending "alpha" to json/proto fields the right thing to do?
**Release note**:
```release-note
v1.Pod now has a field to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pick the PriorityClass with the lowest value of priority in case more than one global default exists
**What this PR does / why we need it**:
Please see the referenced issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59987
**Special notes for your reviewer**:
**Release note**:
```release-note
Priority admission controller picks a global default with the lowest priority value if more than one such default PriorityClass exists.
```
/sig scheduling
cc/ @liggitt
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce PodSecurityPolicy in the policy/v1beta1 API group
Types/constants are completely the same as in `extensions/v1beta1` except that they are located outside of the `extensions` API group.
**What this PR does / why we need it**:
This is the first step for migrating PSP-related stuff away of `extensions` group. See #43214 for more information.
Also it related to https://github.com/kubernetes/features/issues/5
**Example**:
```console
$ cat restricted2.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted2
...
$ kubectl create -f restricted.yaml
podsecuritypolicy "restricted2" created
$ kubectl get psp restricted2 -o yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
...
```
**Release note**:
```release-note
The `PodSecurityPolicy` API has been moved to the `policy/v1beta1` API group. The `PodSecurityPolicy` API in the `extensions/v1beta1` API group is deprecated and will be removed in a future release.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Drop init container annotations during conversion
https://github.com/kubernetes/kubernetes/pull/51816/files#diff-0fa94eafdf1c7cd2171c836b53fd6323 removed special handling of init container annotations in API conversion in 1.8
However, older clients (like 1.7 kubectl) still performed that handling in some paths, which would make an object round-tripped through kubectl show up with additional annotations.
Those additions would get flagged as disallowed mutations in some objects.
This change strips init-container annotations during conversion so that old clients sending init container annotations (which are inert in 1.8+) don't trigger validation errors around immutable fields.
Fixes#54816
```release-note
Restores the ability of older clients to delete and scale jobs with initContainers
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support for resource quota on extended resources
**Which issue(s) this PR fixes** :
Fixes#46639#57300 for resource quota support
**Special notes for your reviewer**:
One thing to be determined is if it necessary to Explicitly prohibit defining limits for extended resources in quota, like we did for [hugepages](https://github.com/kubernetes/kubernetes/pull/54292#pullrequestreview-74982771), as the resource is not allowed to overcommit.
**Release note**:
```release-note
Support for resource quota on extended resources
```
/cc @jiayingz @vishh @derekwaynecarr
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move volume scheduling and local storage to beta
**What this PR does / why we need it**:
* Move the feature gates and APIs for volume scheduling and local storage to beta
* Update tests to use the beta fields
@kubernetes/sig-storage-pr-reviews
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59390
**Special notes for your reviewer**:
**Release note**:
```release-note
ACTION REQUIRED: VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release.
```
This is a more accurate name for the condition, as it describes the
status of the Kubelet's configuration.
Also cleans up capitalization of internal names.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove controller-manager --service-sync-period flag
**What this PR does / why we need it**:
This PR removes controller manager --service-sync-period flag which is not used anywhere in the code and is causing confusion
**Which issue(s) this PR fixes**
https://github.com/kubernetes/kubernetes/issues/58776
**Special notes for your reviewer**:
@deads2k this remove the flag as per the discussion on #58776
2 commits
1. one for code change
2. one for auto generated code
**Release note**:
```release-note
1. Controller-manager --service-sync-period flag is removed (was never used in the code).
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove validation failure of Pod priority when the feature is disabled
**What this PR does / why we need it**:
I learned that fields specified in the API should be silently ignored when the feature is disabled. This makes sense as downgrading a cluster would fail otherwise. This PR removes the validation logic that ensures Pod priority is not set when priority feature is disabled.
**Special notes for your reviewer**:
**Release note**:
```release-note
Pod priority can be specified ins PodSpec even when the feature is disabled, but it will be effective only when the feature is enabled.
```
/sig scheduling
ref: #57471
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix all the typos across the project
**What this PR does / why we need it**:
There are lots of typos across the project. We should avoid small PRs on fixing those annoying typos, which is time-consuming and low efficient.
This PR does fix all the typos across the project currently. And with #59463, typos could be avoided when a new PR gets merged.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/sig testing
/area test-infra
/sig release
/cc @ixdy
/assign @fejta
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Disallow PriorityClass names with 'system-' prefix for user defined priority classes
**What this PR does / why we need it**:
This PR changes our Priority admission controller to disallow PriorityClass names with 'system-' prefix for user defined priority classes. Please refer to #59381 for reasons why we need this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59381
**Release note**:
```release-note
Disallow PriorityClass names with 'system-' prefix for user defined priority classes.
```
ref #57471
/sig scheduling
/assign @liggitt
Automatic merge from submit-queue (batch tested with PRs 59580, 58854). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prefer apps/v1 storage for daemonsets, deployments, replicasets, statefulsets
The workload API objects went GA in 1.9. This means we can safely begin persisting them in etcd in apps/v1 format in 1.10.
xref #43214
```release-note
DaemonSet, Deployment, ReplicaSet, and StatefulSet objects are now persisted in etcd in apps/v1 format
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix todo: Move isDecremented to pkg/apis/core/validation
**What this PR does / why we need it**:
fix todo: Move isDecremented in "k8s.io/kubernetes/pkg/apis/core/validation"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
2. If no release note is required, just write "NONE".
-->
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58444, 59283, 59437, 59325, 59449). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update PriorityClassName API doc
**What this PR does / why we need it**: It updates the comment (and hence API doc) for PriorityClassName of PodSpec.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix TODO: moving Driver name check in API validation
**What this PR does / why we need it**:
fix TODO in csi_plugin.go ,moving Driver name check in API validation
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58163
**Special notes for your reviewer**:
**Release note**:
NONE
@vladimirvivien,@jsafrane,@saad-ali
I saw some TODO there and I am very interested in fixing it.
Please let me know if it is not inappropriate to do this.
Automatic merge from submit-queue (batch tested with PRs 52942, 58415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve messaging on volume expansion
- we now provide clear message to user what to do when cloudprovider resizing is finished
and file system resizing is needed.
- add a event when resizing is successful
- Use PATCH both in controller-manager and kubelet for updating PVC status
- Remove code duplication between controller-manager and kubelet for updating PVC status
- Only remove conditions that are managed by resize controller
```release-note
Improve messages user gets during and after volume resizing is done.
```
Automatic merge from submit-queue (batch tested with PRs 55986, 59375, 59334, 59348, 58027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add minimal types for service account TokenRequest API
Adds parts of the types in https://github.com/kubernetes/community/pull/1460. ValidityDuration is omitted because we are still discussing how to surface non-expiring tokens but it should be easy to add in a backwards compatibly.
#58790
@kubernetes/sig-auth-api-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Admit upgrading storage class of pvc from beta annotation to spec field
**What this PR does / why we need it**:
`BetaStorageClassAnnotation` is marked as deprecated so we need to provide an upgrade path from PVC with storage class specified in beta annotation to storage class specified in attribute.
ref: #58147
**Release note**:
```release-note
NONE
```
/sig storage
Automatic merge from submit-queue (batch tested with PRs 58317, 58687, 57872, 59063, 59328). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add deprecation comment to PersistentVolumeReclaimRecycle
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59060
**Special notes for your reviewer**:
**Release note**:
```release-note
Announcing the deprecation of the recycling reclaim policy.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add NominatedNodeName field to PodStatus
**What this PR does / why we need it**:
Today, Scheduler uses an annotation called "nominated-node-name" to mark a preemptor Pod. This annotation helps scheduler know about the Pods that are destined to run on the nodes so that the resources made available by preemption is not allocated to a different Pod. In a recent discussion with @bgrant0607, we learned that we should change the annotation to a field as this field can be used by multiple schedulers and other components that may make scheduling-related decisions (descheduler, auto-scaler, kube-arbitrator, ...).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref #57471
**Special notes for your reviewer**:
**Release note**:
```release-note
Add "nominatedNodeName" field to PodStatus. This field is set when a pod preempts other pods on the node.
```
/sig scheduling
Kubernetes Submit Queue