Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix RC/RS conversion
This fixes some round-trip information loss when representing an RC as an RS. I want to use these conversions in #49429 to eliminate the maintenance burden of duplicated RC code.
@kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow fail close webhook admission
Webhook admission needs to allow failing closed. Even in an alpha state, I don't want to be one DDOS away from having an exposed cluster.
/assign caesarxuchao
/assign sttts
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow */subresource in rbac policy rules
xref #29698
xref #38756
xref #49504
xref #38810
Allow `*/subresource` format in RBAC policy rules to support polymorphic subresources like `*/scale` for HPA.
@DirectXMan12 fyi
```release-note
RBAC PolicyRules now allow resource=`*/<subresource>` to cover `any-resource/<subresource>`. For example, `*/scale` covers `replicationcontroller/scale`.
```
Automatic merge from submit-queue (batch tested with PRs 43661, 54062). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typo in function name.
Also remove a superfluous comment.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43661, 54062). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix#43583 (kubenet: remove code forcing bridge MAC address)
**What this PR does / why we need it**:
*kubenet: remove code forcing bridge MAC address*
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43583
**Special notes for your reviewer**:
**Release note**:
```release-note
```
cc @dcbw @freehan
Automatic merge from submit-queue (batch tested with PRs 47717, 53896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Delete the redundant parameter flag
What this PR does / why we need it:
Delete redundant parameter flag, otherwise the log will be show like:
Warning: path "/var/lib/kubelet/pods/3c6c4869-4d02-11e7-9685-fa163eeda0fa/volumes" does not exist: %!q(MISSING)
thank you!
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme
This serves as
- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
left depenncies.
The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
Automatic merge from submit-queue (batch tested with PRs 53958, 53947). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix PV Recycle issue when running on multi-arch
**What this PR does / why we need it**:
Currently PV Recycle uses image `gcr.io/google_containers/busybox`, which is an amd64 image, not applied for multi-arch , to start pod `"pv-recycler"`. For other non-x86 platforms, like `ppc64le` and `arm64`, the pod cannot get started due to the busybox image.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53942
**Special notes for your reviewer**:
/cc @gyliu513 @mkumatag
/assign @saad-ali @jsafrane
**Release note**:
```release-note
fix PV Recycle failed on non-amd64 platfrom
```
Automatic merge from submit-queue (batch tested with PRs 53872, 53719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azureDisk warns about disk format failure
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53713
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 53965, 54117, 53685). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixing a glog message to not print managed zones when it is empty
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CRI: Add extra information in status functions in CRI.
Fixes https://github.com/kubernetes/kubernetes/issues/53757.
@yujuhong @feiskyer @mrunalp
/cc @kubernetes/sig-node-api-reviews
```release-note
Verbose option is added to each status function in CRI. Container runtime could return extra information in status response for debugging.
```
Automatic merge from submit-queue (batch tested with PRs 53696, 54059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint warnings for useless err checks.
**What this PR does / why we need it**:
This check was recently added to golint.
**Which issue this PR fixes**
Related to #37254
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Increases test coverage for kubelet/kuberuntime
What this PR does / why we need it:
Increases test coverage for kubelet/kuberuntime
#46123
Which issue this PR fixes:
#46123
/assign @feiskyer
Automatic merge from submit-queue (batch tested with PRs 54030, 54041). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adjust replenishmentControllers in resource quota controller
**What this PR does / why we need it**:
Since replenishmentControllers was generated by ctx.InformerFactory, remove "replenishmentControllers []cache.Controller" which is never used, and it is needless to run replenishmentControllers which has ran in "ctx.InformerFactory.Start(ctx.Stop)".
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Provide aggregated validation errors for version and kind
Currently the validation checks is done individually for version and
kind group. For example, if user provided yaml file is missing apiVersion
and kind fields, first they will receive error on apiVersion. Once user
update the file and try to recreate, an error on missing kind is displayed.
The behavior is same for wrong types of the fields.
These errors should be aggregated and displayed.
Examples of current validation:
1
test.yaml is missing apiVersion and kind:
$kubectl.sh create -f /home/sahdev/go/src/bugfixes/test.yaml
error: error validating "/home/sahdev/go/src/bugfixes/test.yaml": error validating data: apiVersion not set; if you choose to ignore these errors, turn validation off with --validate=false
2.
test.yaml is fixed for apiVersion but missing kind:
$kubectl.sh create -f /home/sahdev/go/src/bugfixes/test.yaml
error: error validating "/home/sahdev/go/src/bugfixes/test.yaml": error validating data: kind not set; if you choose to ignore these errors, turn validation off with --validate=false
Examples with aggregated validation:
1.
error: error validating "/home/sahdev/go/src/bugfixes/test.yaml": error validating data: [apiVersion not set, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false
2.
error: error validating "/home/sahdev/go/src/bugfixes/testmix.yaml": error validating data: [apiVersion isn't string type, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false
**What this PR does / why we need it**:
To provide aggregated validations to user for version and kind group.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54098
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54040, 52503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get fallback termination msg from docker when using journald log driver
**What this PR does / why we need it**:
When using the legacy docker container runtime and when a container has `terminationMessagePolicy=FallbackToLogsOnError` and when docker is configured with a log driver other than `json-log` (such as `journald`), the kubelet should not try to get the container's log from the json log file (since it's not there) but should instead ask docker for the logs.
**Which issue this PR fixes** fixes#52502
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed log fallback termination messages when using docker with journald log driver
```
Automatic merge from submit-queue (batch tested with PRs 54040, 52503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
falls back to parse Docker runtime version as generic if not semver
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54039
**Special notes for your reviewer**:
/assign @tallclair @vishh
**Release note**:
```release-note
falls back to parse Docker runtime version as generic if not semver
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not remove kubelet labels during startup
Fixes#54070
```release-note
kubelet: prevent removal of default labels from Node API objects on startup
```
Currently the validation checks is done individually for version and
kind group. For example, if user provided yaml file is missing apiVersion
and kind fields, first they will receive error on apiVersion. Once user
update the file and try to recreate, an error on missing kind is displayed.
The behavior is same for wrong types of the fields.
These errors should be aggregated and displayed.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up kublet secret and configmap unit test
**What this PR does / why we need it**:
These changes are clean-up items to fix confusing code encountered while investigating #52043. No actual bugs are fixed here (except, maybe, correcting unit tests that had actual/expected swapped).
A summary of the changes, as listed in the commit:
* Expected value comes before actual value in assert.Equal()
* Use `assert.Equal()` instead of `assert.True()` when possible
* Add a unit test that verifies no-op pod updates to the `secret_manager` and the `configmap_manager`
* Add a clarifying comment about why it's good to seemingly delete a secret on updates.
* Fix (for now, non-buggy) variable shadowing issue
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51416, 53535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
PodSecurityPolicy: teach fuzzer about fsGroup/supplementalGroups strategies
**What this PR does / why we need it**:
At present, fuzzer for PSP doesn't take into account `fsGroup`/`supplementalGroups` strategies. This PR teach fuzzer about these strategies in order to have ability to catch more possible errors.
**Special notes for your reviewer**:
Let me know if you think that we need to cover more (all?) fields in the PSP.
**Release note**:
```release-note
NONE
```
PTAL @pweil- @sttts
CC @simo5
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48665, 52849, 54006, 53755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Order PSP by name, prefer non-mutating PSPs
Fixes#36184Fixes#23217
Related to #23217
Removes unnecessary mutation of pods:
* Determines effective security context for pods using a wrapper containing the pod and container security context, rather than building/setting a combined struct on every admission
* Does not set `privileged:&false` on security contexts with `privileged:nil`
* Does not set `runAsNonRoot:&true` on security contexts that already have a non-nil, non-0 `runAsUser`
* Does not mutate/normalize container capabilities unless changes are required (missing defaultAddCapabilities or requiredDropCapabilities)
Defines behavior when multiple PSP objects allow a pod:
* PSPs which allow the pod as-is (no defaulting/mutating) are preferred
* If the pod must be defaulted/mutated to be allowed, the first PSP (ordered by name) to allow the pod is selected
* During update operations, when mutations to pod specs are disallowed, only non-mutating PSPs are used to validate the pod
```release-note
PodSecurityPolicy: when multiple policies allow a submitted pod, priority is given to ones which do not require any fields in the pod spec to be defaulted. If the pod must be defaulted, the first policy (ordered by name) that allows the pod is used.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing short names to kubectl help text
**What this PR does / why we need it**:
This PR adds two short names that exist but are not listed in the help text that `kubectl get` produces.
**Special notes for your reviewer**:
🍰
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make HPA tolerance a flag
**What this PR does / why we need it**:
Make HPA tolerance configurable as a flag. This change allows us to use
different tolerance values in production/testing.
**Which issue this PR fixes**:
Fixes#18155
**Release note:**
```release-note
Control HPA tolerance through the `horizontal-pod-autoscaler-tolerance` flag.
```
Signed-off-by: mattjmcnaughton <mattjmcnaughton@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 53106, 52193, 51250, 52449, 53861). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move version-conversion code out of shared kubectl resource package
```release-note
NONE
```
Kubernetes Submit Queue