Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
controller-managers: allow high ports in secure serving validation
Certain operating systems will select high port (>32768) when asked for a free port. This PR changes the validation to allow that.
Like https://github.com/kubernetes/kubernetes/pull/65833, but for controller managers.
```release-note
Allow kube- and cloud-controller-manager to listen on ports up to 65535.
```
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: add stopCh plumbing
Needed for integration testing.
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: create self-signed certs
If secure serving is enabled (not automatically wired yet, but 3rdparties could wire it), create self-signed certs if none are given. Reuses the code from k8s.io/apiserver.
Automatic merge from submit-queue (batch tested with PRs 64911, 65710). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration tests
In analogy to kube-apiserver, this implements a uniform apiextensions-apiserver for integration tests which can be started using customized flags.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: use constant instead of hardcoded path
**What this PR does / why we need it**:
Used DefaultCRISocket constant instead of hardcoded path
/var/run/dockershim.sock
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65822, 65834, 65859, 65631). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add support for reading multiple YAML documents
**What this PR does / why we need it**:
In preparation for splitting the kubelet and kube-proxy componentconfigs out of the MasterConfiguration API struct, add support for reading multiple YAML documents
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: kubernetes/kubeadm#911
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/65776
- [x] https://github.com/kubernetes/kubernetes/pull/65628
- [x] https://github.com/kubernetes/kubernetes/pull/65629
**Special notes for your reviewer**:
Please only review the `Refactor a bit of the config YAML loading code, and support loading multiple YAML documents` commit
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-scheduler: allow high ports in secure serving validation
Certain operating systems will select high port (>32768) when asked for a free port. This PR changes the validation to allow that.
```release-note
Allow kube-scheduler to listen on ports up to 65535.
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**What this PR does / why we need it**:
Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#866](https://github.com/kubernetes/kubeadm/issues/866)
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
kubeadm: Remove usage of `PersistentVolumeLabel`
```
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 65040, 65731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove scheduler config deprecated warning as the new component config is still in alpha
**What this PR does / why we need it**:
The new scheduler's component config file (API) is still in alpha. We shouldn't push users to use the alpha feature as it may change in the future and the changes may not be backward compatible.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Replace GetCoreImage with less error prone functions
**What this PR does / why we need it**:
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#800
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/cc @chuckha
/kind enhancement
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65094, 65533, 63522, 65694, 65702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set leader election client and renew timeout
**What this PR does / why we need it**:
set leader-election client timeout
set timeout for tryAcquireOrRenew
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65090#65257
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get rid of depends on kubectl in kubeadm
**What this PR does / why we need it**:
Get rif of depends on kubectl in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**What this PR does / why we need it**:
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check error when failed to prepull the images
**Special notes for your reviewer**:
return error when failed to prepull the images
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow enabling kubelet serving certificate rotation via flag
allows the server rotation feature to be exercised via flags as well as config file
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add limit to the TokenRequest expiration time
**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63575
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue