Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm - Added initial support for Windows worker nodes to join cluster using kubeadm
**What this PR does / why we need it**:
This PR adds initial support for adding a Windows worker node to a Kubernetes cluster with kubeadm. Also adds Windows build of kubeadm to node build targets.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubeadm/issues/364
**Special notes for your reviewer**:
Depends on #53730
**Release note**:
```release-note
kubeadm: Add support for adding a Windows node
```
Add an import-boss file to inventory what kubectl depends on, so
we can prune this list over time and eventually get kubectl out
of the main k/k repository.
To update this list, You can list the dependencies using:
go list -f '{{ join .Deps "\n"}}' k8s.io/kubernetes/cmd/kubectl | grep
k8s.io/kubernetes | grep -v kubectl | grep -v vendor
Add the generated list of package names to .import-restrictions
file. Then run the hack/verify-import-boss.sh until you have you have
all the packages needed.
Added additional test case that exercises fix#53614 or npe when scaling --replicas=0
Moved creation of clientset and deployment controller objects inside test loop since it's mutated every time an API action happens.
Signed-off-by: John Kelly <jekohk@gmail.com>
Created unit tests for syncRolloutStatus function in the deployment package.
Tests for syncRolloutStatus have brought the overall test coverage of deployment/progress to 82.1%.
Signed-off-by: John Kelly <jekohk@gmail.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Switch kubectl convert back to use legacyscheme and add tests
Revert the change of `convert.go` in #54533.
Add tests for kubectl convert.
Fixes#54873
```release-note
NONE
```
cc: @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 53962, 54708). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prevent successful containers from restarting with OnFailure restart policy
**What this PR does / why we need it**:
This is a follow-on to #54597 which makes sure that its validation
also applies to pods with a restart policy of OnFailure. This
deficiency was pointed out by @smarterclayton here:
https://github.com/kubernetes/kubernetes/pull/54530#discussion_r147226458
**Which issue this PR fixes** This is another fix to address #54499
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
support kube-proxy ipvs mode for kubeadm
**What this PR does / why we need it**:
When using `kubeadm` to build a cluster, you can chose kube-proxy with ipvs mode by add flag `--kube-proxy-mode=ipvs`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52834
**Special notes for your reviewer**:
By default, use `iptables` mode.
**Release note**:
```release-note
NONE
```
Adding support for restarting nginx on the load balancer
Added better support for knowing when certificates are written. This helps the master restart the apiserver appropriately.
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add self-hosted etcd API to kubeadm
**What this PR does / why we need it**:
This PR is part of a larger set that implements self-hosted etcd. This PR takes a first step by adding:
1. new API types in `cmd/kubeadm/app/apis` for configuring self-hosted etcd
2. new Go types in `cmd/kubeadm/app/phases/etcd/spec` used for constructing EtcdCluster CRDs for the etcd-operator. The reason we define these in trunk is because kubeadm cannot import `github.com/coreos/etcd-operator` as a dependency until it's in its own repo. Until then, we need to redefine the structs in our codebase.
**Which issue this PR fixes**:
https://github.com/kubernetes/kubeadm/issues/261https://github.com/kubernetes/kubeadm/issues/277
**Special notes for your reviewer**:
This is the first step PR in order to save reviewers from a goliath PR
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Have we already bumped the minimum supported version to v1.8.0?
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Make it possible to configure volume mounts via the config file
**What this PR does / why we need it**:
Kubeadm mounts host CA certs into api server and controller manager. It uses `/etc/pki` and does not allow for the path to be configurable. This PR adds a default to `/etc/pki` but also allows a user to configure the path in the config file. In the case of using Container Linux, the CAs are located at `/usr/share/ca-certificates`, so without this PR the hardcoded `/etc/pki` path is used and will break, for example, the `--cloud-provider` flag because of missing CAs.
Fixes https://github.com/kubernetes/kubeadm/issues/484
Fixes https://github.com/kubernetes/kubeadm/issues/476
Fixes https://github.com/kubernetes/kubeadm/issues/441
/cc @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Log error when a healthz check fails
**What this PR does / why we need it**:
Currently we only tell a user that a healthz check failed but we don't display the explicit error of the failed check. This is fine, but we should log the error to make debugging easier.
```release-note
Log error of failed healthz check
```
We need the go struct tags `patchMergeKey` and `patchStrategy`
for fields that support a strategic merge patch. For native
resources, we can easily figure out these tags since we know
the fields.
Because custom resources are decoded as Unstructured and
because we're missing the metadata about how to handle
each field in a strategic merge patch, we can't find the
go struct tags. Hence, we can't easily do a strategic merge
for custom resources.
So we should fail fast and return an error.
Automatic merge from submit-queue (batch tested with PRs 46341, 53629). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure file mount limit issue on windows due to using drive letter
**What this PR does / why we need it**:
It's not necessary to use drive letter in azure file mount, correct usage for New-SmbGlobalMapping is like following:
```
New-SmbGlobalMapping -RemotePath $AzureFilePath -Credential $Credential
mklink /D $mountPath $AzureFilePath
```
I removed the `LocalPath` parameter in New-SmbGlobalMapping
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54668
Without this PR, there is a limit(25) for azure file mount number on each node because only 25 drive letters could be used on each windows node, With this PR, there would be no such limit.
**Special notes for your reviewer**:
@PatrickLang
**Release note**:
```
fix azure file mount limit issue on windows due to using drive letter
```
/sig azure
/sig windows
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add unittest for describe secret
**What this PR does / why we need it**:
add unittest for describe secret
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54822, 53561, 54888). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix hook failure in kubernetes-worker charm due to iptables conflict
**What this PR does / why we need it**:
This fixes a hook failure that can occur on the kubernetes-worker charm due to iptable conflicts:
```
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
...
subprocess.CalledProcessError: Command '['iptables', '-P', 'FORWARD', 'ACCEPT']' returned non-zero exit status 4
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Passing `-w 300` to iptables tells it to wait up to 5 minutes to acquire the xtables lock, rather than aborting immediately.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54822, 53561, 54888). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update AWS SDK to 1.12.7
```release-note
Update AWS SDK to 1.12.7
```
This includes support for all the latest goodies - in particular NLB and tagging as part of CreateVolume
cc @micahhausler @gnufied
Issue #54032
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validate apps/v1 DaemonSet selector immutable on updates
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54575
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
The current implementation of `CanUseIPVSProxier()` reads `/proc/modules`
to check whether IPVS related kernel modules can be loaded.
You might get a false-negative when the kernel modules are installed to
the system but haven't been loaded into the kernel.
This patch firstly try to run `modprobe` to load specified kernel
modules, then just log warnings if error occured.
Secondly, it will check loaded kernel modules by reading
`/proc/modules`, return an error if any required module is missing.
This change will not break the compatability of existing implementation.
Running kube-proxy in a container without mounting `/lib/modules` will
cause `modprobe` warnings, but not raise an error if all required modules are
present in the host kernel.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve 'kubectl completion` to override short flags
**What this PR does / why we need it**: This PR improves `kubectl completion` to override short flags in
addition to long flags. I tested this PR in both bash and zsh.
```
# Complete pods name in the `default` namespace
$ kubectl get po nginx-4217019353-<tab>
nginx-4217019353-mw1pk nginx-4217019353-rzw2c
# Complete pods name in the `kube-system` namepace due to overriding the namespace
$ kubectl -n kube-system get po kube<tab>
kube-addon-manager-minikube kube-dns-910330662-l9pwt kubernetes-dashboard-9fbhm
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
improve the relation of ExecInContainer and Exec
keep the relation between ExecInContainer and Exec be consistence with PortForward in streaming server
fix#54903
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes Submit Queue