Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cache preferred resources, use in kubectl resource name autocomplete
Fixes#63145
Fixes https://github.com/kubernetes/kubectl/issues/357
Alternative to #61928
* starts to unify preferred resource logic on top of ServerGroups()/ServerResourcesForGroupVersion() methods
* allows indicating a cached list of resources is acceptable when calling `kubectl api-resources` (default is still to rediscover)
* uses `kubectl api-resources` in bash completion
```sh
$ kubectl get [TAB][TAB]
apiservices.apiregistration.k8s.io networkpolicies.extensions
certificatesigningrequests.certificates.k8s.io networkpolicies.networking.k8s.io
clusterrolebindings.rbac.authorization.k8s.io nodes
clusterroles.rbac.authorization.k8s.io persistentvolumeclaims
componentstatuses persistentvolumes
configmaps poddisruptionbudgets.policy
controllerrevisions.apps pods
cronjobs.batch podsecuritypolicies.extensions
customresourcedefinitions.apiextensions.k8s.io podsecuritypolicies.policy
daemonsets.apps podtemplates
daemonsets.extensions replicasets.apps
deployments.apps replicasets.extensions
deployments.extensions replicationcontrollers
endpoints resourcequotas
events rolebindings.rbac.authorization.k8s.io
events.events.k8s.io roles.rbac.authorization.k8s.io
horizontalpodautoscalers.autoscaling secrets
ingresses.extensions serviceaccounts
initializerconfigurations.admissionregistration.k8s.io services
jobs.batch statefulsets.apps
limitranges storageclasses.storage.k8s.io
mutatingwebhookconfigurations.admissionregistration.k8s.io validatingwebhookconfigurations.admissionregistration.k8s.io
namespaces volumeattachments.storage.k8s.io
```
```release-note
NONE
```
This enables a smooth transition to PSP. Today, users would have to
manually set --allow-privileged to true before transitioning to PSP,
which isn't a smooth deprecation path for the flag (we want people
to *stop* setting it). This PR makes the default behavior isomorphic
with what will happen after the flag is removed.
Defaulting --allow-privileged to true should be safe, because it simply
allows a superset of Pods to run (all workloads continue to work).
WRT https://github.com/kubernetes/kubernetes/issues/58010#issuecomment-383264473
the --allow-privileged flag is effectively useless for security, so this
shouldn't be a concern from that perspective.
I also bumped the deprecation timeline in the comment to 1.13.0, so that
we give people the full period of time to stop setting
--allow-privileged, now that the behavior makes it possible to do so.
We had IDRange in both types prior 9440a68744 commit that splitted it
into UserIDRange/GroupIDRange. Later, in c91a12d205 commit we had to
revert this changes because they broke backward compatibility but
UserIDRange/GroupIDRange struct left in the internal type.
This commit removes these leftovers and reduces the differences
between internal and external types.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to latest Gophercloud
**What this PR does / why we need it**:
periodic update to latest gophercloud. The changes are as follows:
6da026c32e...781450b3c4
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use TempDir func in mount_windows_test.go
**What this PR does / why we need it**:
Use `c:\tmp` dir is not correct in windows test, this PR use `ioutil.TempDir("", xx)` to create temp dir instead.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
none
```
/assign @jsafrane @msau42
Automatic merge from submit-queue (batch tested with PRs 63298, 63339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: volume: do not create event on mount success
xref https://github.com/openshift/origin/issues/19497
There is an argument to be made that we should not emit events on volume mount successes. Many pods have lots of volumes that generate lots of events, especially if the pods are short lived (batch, etc). This creates load on the API server and add noise in the events.
Creating events on volume mount failures is obviously a good idea. Seems like the absence of such events or the "Started container" event implies mount success for all volumes.
/sig node
/sig storage
/release-note-none
@smarterclayton @jsafrane @saad-ali
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet - Remove unused code
**What this PR does / why we need it**:
Looks like we have a bunch of unused methods. Let's clean them up
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Pass certificate URLs instead of the certificate structs
**What this PR does / why we need it**:
Simplify callers by passing in only what's necessary - a slice of URLs.
**Special notes for your reviewer**:
/assign @MrHohn
/cc @MrHohn
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61455, 63346, 63130, 63404). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Device-Plugin]: Extend e2e test to cover node allocatables
**What this PR does / why we need it**:
Extends device plugin e2e to cover node allocatable
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/sig node
/area hw-accelerators
/cc @jiayingz @vishh @RenaudWasTaken
Automatic merge from submit-queue (batch tested with PRs 61455, 63346, 63130, 63404). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump kube-openapi dependency
**What this PR does / why we need it**:
Pick up https://github.com/kubernetes/kube-openapi/pull/64
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63218
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig api-machinery
/cc @mbohlool @liggitt
Automatic merge from submit-queue (batch tested with PRs 63258, 63398, 63403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
don't block creation on lack of delete powers
Create and delete aren't the same thing, but the alternatives seem worse. This stops checking for deletion powers on create. You still have to know the UID to create an effective ownerref, so name hunting is unrealistic.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
owner references can be set during creation without deletion power
```
Automatic merge from submit-queue (batch tested with PRs 63258, 63398, 63403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unnessary kubectl conversions
Working with unstructured types means that conversion can be eliminated. This pulls it from places I noticed.
/assign @juanvallejo
@kubernetes/sig-cli-misc
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63258, 63398, 63403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop using Info.Mappings when they may not be present
On a resource builder, you cannot logically have a RESTMapping or a Client if you're running a local action. Reliance on the `info.Client` and `info.Mapping` is a bug we need to fix. This updates the docs and eliminates unnecessary reliance. Other hits I found didn't have `--local` options, so we're safe or had them and and were already broken. I think we'll be able to help them after making our creation flow obvious.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
aws, azure: replace path with filepath
**What this PR does / why we need it**:
This PR replaces usage of `path` with `filepath` as it uses OS-specific path separators.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62916
**Special notes for your reviewer**:
This PR addresses the following volume plugins:
- `pkg/volume/aws_ebs`
- `pkg/volume/azure_dd`
- `pkg/volume/azure_file`
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for CNI on Windows Server 2016 RTM
**What this PR does / why we need it**:
Windows Server 2016 RTM has limited CNI support. This PR makes it possible for the CNI plugin to be used to setup POD networking on Windows Server 2016 RTM (build number 14393).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61939
**Special notes for your reviewer**:
The old mode is not supported and tested on Windows Server 2016 RTM. This change allows the CNI plugin to be used on Windows Server 2016 RTM to retrieve the container IP instead of using workarounds (docker inspect).
CNI support has been added for Windows Server 2016 version 1709 (build number 16299), this patch will just allow the same support for older build numbers.
Windows Server 2016 RTM has a longer lifecycle (LTS) than Windows Server 2016 version 1709.
https://support.microsoft.com/en-us/lifecycle/search/19761 vs https://support.microsoft.com/en-us/lifecycle/search/20311
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use a []string for CgroupName, which is a more accurate internal representation
**What this PR does / why we need it**:
This is purely a refactoring and should bring no essential change in behavior.
It does clarify the cgroup handling code quite a bit.
It is preparation for further changes we might want to do in the cgroup hierarchy. (But it's useful on its own, so even if we don't do any, it should still be considered.)
**Special notes for your reviewer**:
The slice of strings more precisely captures the hierarchic nature of the cgroup paths we use to represent pods and their groupings.
It also ensures we're reducing the chances of passing an incorrect path format to a cgroup driver that requires a different path naming, since now explicit conversions are always needed.
The new constructor `NewCgroupName` starts from an existing `CgroupName`, which enforces a hierarchy where a root is always needed. It also performs checking on the component names to ensure invalid characters ("/" and "_") are not in use.
A `RootCgroupName` for the top of the cgroup hierarchy tree is introduced.
This refactor results in a net reduction of around 30 lines of code,
mainly with the demise of ConvertCgroupNameToSystemd which had fairly
complicated logic in it and was doing just too many things.
There's a small TODO in a helper `updateSystemdCgroupInfo` that was introduced to make this commit possible. That logic really belongs in libcontainer, I'm planning to send a PR there to include it there. (The API already takes a field with that information, only that field is only processed in cgroupfs and not systemd driver, we should fix that.)
Tested: By running the e2e-node tests on both Ubuntu 16.04 (with cgroupfs driver) and CentOS 7 (with systemd driver.)
**NOTE**: I only tested this with dockershim, we should double-check that this works with the CRI endpoints too, both in cgroupfs and systemd modes.
/assign @derekwaynecarr
/assign @dashpole
/assign @Random-Liu
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix test "should fail due to non-existent path" under gce-slow
**What this PR does / why we need it**:
PR #62903 changed error string GetMountRefs() returned, which broke test `should fail due to non-existent path`.
Remove error string check to fix test.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
```
go run hack/e2e.go -- \
--provider=local \
--test \
--test_args="--ginkgo.focus=PersistentVolumes-local.*should\sfail\sdue\sto\snon-existent\spath --clean-start=true"
```
passed now.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
refactor device plugin grpc dial with dialcontext
**What this PR does / why we need it**:
Refactor grpc `dial` with `dialContext` as `grpc.WithTimeout` has been deprecated by:
> use DialContext and context.WithTimeout instead.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix ensure by provider id
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63226
**Special notes for your reviewer**:
cc @adnavare
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
juju: Make kubernetes-master status handling more robust
**What this PR does / why we need it**:
This fixes a charm hook failure that can occur after restarting kubernetes-master units in Juju-based Kubernetes deployments.
This should also hopefully make our status handling in kubernetes-master more robust in general, by making sure all of our `blocked`, `waiting`, and `active` status messages are handled in one place, on hook exit.
**Which issue(s) this PR fixes**:
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/523
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue