Automatic merge from submit-queue (batch tested with PRs 59276, 51042, 58973, 59377, 59472). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Container Runtime Interface to use enumerated namespace modes
**What this PR does / why we need it**: This updates the CRI as described in the [Shared PID Namespace](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/pod-pid-namespace.md#container-runtime-interface-changes) proposal. This change to the alpha API is not backwards compatible: implementations of the CRI will need to update to the new API version.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
WIP #1615
**Special notes for your reviewer**:
/assign @yujuhong
**Release note**:
```release-note
[action-required] The Container Runtime Interface (CRI) version has increased from v1alpha1 to v1alpha2. Runtimes implementing the CRI will need to update to the new version, which configures container namespaces using an enumeration rather than booleans.
```
This also incorporates the version string into the package name so
that incompatibile versions will fail to connect.
Arbitrary choices:
- The proto3 package name is runtime.v1alpha2. The proto compiler
normally translates this to a go package of "runtime_v1alpha2", but
I renamed it to "v1alpha2" for consistency with existing packages.
- kubelet/apis/cri is used as "internalapi". I left it alone and put the
public "runtimeapi" in kubelet/apis/cri/runtime.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
reopen#58913 Fix TODO move GetPauseImageNameForHostArch func
**What this PR does / why we need it**:
reopen#58913 Fix TODO move GetPauseImageNameForHostArch func,because of I squash to a single commit wrong,so recommit one,and close the #58913
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57683, 59116, 58728, 59140, 58976). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use node-e2e framework for testing cadvisor
**What this PR does / why we need it**:
With cadvisor checked out in your gopath, we can now run cadvisor integration tests: `make test-e2e-node TEST_SUITE=cadvisor`.
This has a number of advantages:
* we can use the same images to test both, configured the same way.
* we will now get cadvisor logs from the integration test.
* we can now use the familiar node-e2e arguments to specify images to test with cadvisor
* no more managing snowflake VMs for cadvisor.
**Special notes for your reviewer**:
cadvisor doesnt currently produce junit* files, so I removed that as a requirement.
This wont actually work until https://github.com/google/cadvisor/pull/1868 is merged as well.
Related issue:
https://github.com/kubernetes/test-infra/issues/190
**Release note**:
```release-note
NONE
```
/assign @Random-Liu
/sig node
/priority important-soon
/kind cleanup
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix PodPidsLimit and ConfigTrialDuration on internal KubeletConfig type
They should both follow the convention of not being a pointer on the internal type.
This required adding a conversion function between `int64` and `*int64`. A side effect is this removes a warning in the generated code for the apps API group.
@dims
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes for HostIPC tests to work when Docker has SELinux support enabled.
**What this PR does / why we need it**:
Fixes for HostIPC tests to work when Docker has SELinux support enabled.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
N/A
**Special notes for your reviewer**:
The core of the matter is to use `ipcs` from util-linux rather than the one from busybox. The typical SELinux policy has enough to allow Docker containers (running under svirt_lxc_net_t SELinux type) to access IPC information by reading the contents of the files under /proc/sysvipc/, but not by using the shmctl etc. syscalls.
The `ipcs` implementation in busybox will use `shmctl(0, SHM_INFO, ...)` to detect whether it can read IPC info (see source code [here](https://git.busybox.net/busybox/tree/util-linux/ipcs.c?h=1_28_0#n138)), while the one in util-linux will prefer to read from the /proc files directly if they are available (see source code [here](https://github.com/karelzak/util-linux/blob/v2.27.1/sys-utils/ipcutils.c#L108)).
It turns out the SELinux policy doesn't allow the shmctl syscalls in an unprivileged container, while access to it through the /proc interface is fine. (One could argue this is a bug in the SELinux policy, but getting it fixed on stable OSs is hard, and it's not that hard for us to test it with an util-linux `ipcs`, so I propose we do so.)
This PR also contains a refactor of the code setting IpcMode, since setting it in the "common options" function is misleading, as on containers other than the sandbox, it ends up always getting overwritten, so let's only set it to "host" in the Sandbox.
It also has a minor fix for the `ipcmk` call, since support for size suffix was only introduced in recent versions of it.
**Release note**:
```release-note
NONE
```
They should both follow the convention of not being a pointer on the
internal type. This required adding a conversion function between
`int64` and `*int64`.
A side effect is this removes a warning in the generated code for the
apps API group.
Automatic merge from submit-queue (batch tested with PRs 57467, 58996). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set generate-kubelet-config-file to true by default.
This should fix the flaky suite.
https://k8s-testgrid.appspot.com/sig-node-kubelet#kubelet-flaky-gce-e2e
@mtaufen /cc @kubernetes/sig-node-bugs
Signed-off-by: Lantao Liu <lantaol@google.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 57467, 58996). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove flaky label from Eviction tests
**What this PR does / why we need it**:
All eviction tests in the flaky suite are no longer flaky. Remove the flaky label to move them from the flaky suite to the serial suite.
I removed the QoS-based memory eviction test since it does not reflect the current eviction strategy.
**Release note**:
```release-note
NONE
```
/assign @mtaufen @Random-Liu
/sig node
/priority important-soon
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 58777, 58978, 58977, 58775). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Skip NoNewPrivileges test when SELinux is enabled
**What this PR does / why we need it**:
A bug in the SELinux policy prevented NoNewPrivileges from working on Docker with SELinux support enabled.
The problem has been fixed upstream (see projectatomic/container-selinux#45)
But hasn't been backported yet (a fix might come in RHEL 7.5)
For now, let's skip the NoNewPrivileges test when SELinux support is enabled in Docker.
Tested:
- Before this commit, the test fails:
```
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux enabled)
• [SLOW TEST:22.798 seconds] (passed)
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when true
• Failure [16.539 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should not allow privilege escalation when false [It]
wait for pod "alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009" to success
Expected success, but got an error:
<*errors.errorString | 0xc4204e26d0>: {
s: "pod \"alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009\" failed with reason: \"\", message: \"\"",
}
pod "alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009" failed with reason: "", message: ""
• [SLOW TEST:26.572 seconds] (passed)
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when not explicitly set and uid != 0
Ran 3 of 257 Specs in 45.364 seconds
FAIL! -- 2 Passed | 1 Failed | 0 Pending | 254 Skipped
Ginkgo ran 1 suite in 49.389123442s
Test Suite Failed
```
- After this commit, the test is skipped:
```
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux enabled)
S [SKIPPING] in Spec Setup (BeforeEach) [12.452 seconds]
S [SKIPPING] in Spec Setup (BeforeEach) [16.298 seconds]
S [SKIPPING] in Spec Setup (BeforeEach) [18.183 seconds]
Ran 0 of 257 Specs in 39.174 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 257 Skipped
Ginkgo ran 1 suite in 43.570630357s
Test Suite Passed
```
- No changes when SELinux is disabled:
```
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux disabled)
• [SLOW TEST:15.013 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should not allow privilege escalation when false
• [SLOW TEST:19.155 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when true
• [SLOW TEST:21.087 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when not explicitly set and uid != 0
Ran 3 of 259 Specs in 38.560 seconds
SUCCESS! -- 3 Passed | 0 Failed | 0 Pending | 256 Skipped
Ginkgo ran 1 suite in 41.937918928s
Test Suite Passed
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
N/A
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Removal of KubeletConfigFile feature gate: Step 1
This feature gate was redundant with the `--config` flag, which already
enables/disables loading Kubelet config from a file.
Since the gate guarded an alpha feature, removing it is not a violation
of our API guidelines.
Some stuff in `kubernetes/test-infra` currently sets the gate,
so removing will be a 3 step process:
1. This PR, which makes the gate a no-op.
2. Stop setting the gate in `kubernetes/test-infra`.
3. Completely remove the gate (this PR will get the release note).
```release-note
NONE
```
This ensures the `ipcs` command from util-linux will be used, which
succeeds when Docker is running with SELinux enabled (while the one from
busybox fails.)
Tested: On a host with Docker running with SELinux enabled:
$ make test-e2e-node REMOTE=true FOCUS="host IPC"
• [SLOW TEST:17.272 seconds] (passed)
[k8s.io] Security Context
when creating a pod in the host IPC namespace
should show the shared memory ID in the host IPC containers
• [SLOW TEST:20.419 seconds] (passed)
[k8s.io] Security Context
when creating a pod in the host IPC namespace
should not show the shared memory ID in the non-hostIPC containers
Ran 2 of 257 Specs in 43.934 seconds
SUCCESS! -- 2 Passed | 0 Failed | 0 Pending | 255 Skipped
Expand the use of "1M" to the corresponding number of bytes, since
support for size suffix was only added to `ipcmk` in util-linux 2.27
which is not yet available in some Linux distributions.
Tested by running `make test-e2e-node` against distributions with ipcmk
that supports and doesn't support the suffix syntax, all of them passed.
A bug in the SELinux policy prevented NoNewPrivileges from working on
Docker with SELinux support enabled.
The problem has been fixed upstream:
https://github.com/projectatomic/container-selinux/issues/45
But hasn't been backported yet (a fix might come in RHEL 7.5)
For now, let's skip the NoNewPrivileges test when SELinux support is
enabled in Docker.
Tested:
- Before this commit, the test fails:
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux enabled)
• [SLOW TEST:22.798 seconds] (passed)
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when true
• Failure [16.539 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should not allow privilege escalation when false [It]
wait for pod "alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009" to success
Expected success, but got an error:
<*errors.errorString | 0xc4204e26d0>: {
s: "pod \"alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009\" failed with reason: \"\", message: \"\"",
}
pod "alpine-nnp-false-aef03e47-0090-11e8-886f-42010af00009" failed with reason: "", message: ""
• [SLOW TEST:26.572 seconds] (passed)
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when not explicitly set and uid != 0
Ran 3 of 257 Specs in 45.364 seconds
FAIL! -- 2 Passed | 1 Failed | 0 Pending | 254 Skipped
Ginkgo ran 1 suite in 49.389123442s
Test Suite Failed
- After this commit, the test is skipped:
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux enabled)
S [SKIPPING] in Spec Setup (BeforeEach) [12.452 seconds]
S [SKIPPING] in Spec Setup (BeforeEach) [16.298 seconds]
S [SKIPPING] in Spec Setup (BeforeEach) [18.183 seconds]
Ran 0 of 257 Specs in 39.174 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 257 Skipped
Ginkgo ran 1 suite in 43.570630357s
Test Suite Passed
- No changes when SELinux is disabled:
$ make test-e2e-node REMOTE=true FOCUS="allow privilege escalation"
(on a host with SELinux disabled)
• [SLOW TEST:15.013 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should not allow privilege escalation when false
• [SLOW TEST:19.155 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when true
• [SLOW TEST:21.087 seconds]
[k8s.io] Security Context
when creating containers with AllowPrivilegeEscalation
should allow privilege escalation when not explicitly set and uid != 0
Ran 3 of 259 Specs in 38.560 seconds
SUCCESS! -- 3 Passed | 0 Failed | 0 Pending | 256 Skipped
Ginkgo ran 1 suite in 41.937918928s
Test Suite Passed
This feature gate was redundant with the `--config` flag, which already
enables/disables loading Kubelet config from a file.
Since the gate guarded an alpha feature, removing it is not a violation
of our API guidelines.
Some stuff in `kubernetes/test-infra` currently sets the gate,
so removing will be a 3 step process:
1. This PR, which makes the gate a no-op.
2. Stop setting the gate in `kubernetes/test-infra`.
3. Completely remove the gate.
The log path test is not expected to pass unless the Docker is using the
JSON logging driver, since that's what the log path is trying to find.
When Docker is using the journald logging driver, there will be no JSON
files in the logging directories for it to find.
Furthermore, when SELinux support is enabled in the Docker daemon,
SELinux will prevent processes running inside Docker containers from
accessing the log files owned by Docker (which is what this test is
trying to accomplish), so let's also skip this test in case SELinux
support is enabled.
Tested:
- With Docker daemon started using --log-driver=journald:
S [SKIPPING] in Spec Setup (BeforeEach) [8.193 seconds]
[k8s.io] ContainerLogPath
Pod with a container
printed log to stdout
should print log to correct log path [BeforeEach]
Jan 3 18:33:44.869: Skipping because Docker daemon is using a logging driver other than "json-file": journald
- With Docker daemon started using --selinux-enabled:
S [SKIPPING] in Spec Setup (BeforeEach) [8.488 seconds]
[k8s.io] ContainerLogPath
Pod with a container
printed log to stdout
should print log to correct log path [BeforeEach]
Jan 3 18:35:58.909: Skipping because Docker daemon is running with SELinux support enabled
- With Docker started using JSON logging driver and with SELinux disabled:
• [SLOW TEST:16.352 seconds] (passed)
[k8s.io] ContainerLogPath
Pod with a container
printed log to stdout
should print log to correct log path
Ran 1 of 256 Specs in 36.428 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 255 Skipped
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Benchmark test non docker specific
**What this PR does / why we need it**:
This will make benchmark test generic to all container runtimes
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58321
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
/cc @Random-Liu
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix policy conflict in the CPU manager node e2e test.
**What this PR does / why we need it**:
After graduation of the CPU manager feature to Beta, the CPU manager `none` policy is ON by default. But when the CPU manager is set to use `static` policy in the node e2e test, there will always be a conflict with the policy checkpointed in the disk. This PR fixes that by deleting the state file where required.
Manually tested in an `n1-standard-4` instance with `Ubuntu 16.04` image on GCP, which is the same machine and image type as one of the configs used in the node e2e tests.
Use the following command to run the test locally:
`make test-e2e-node TEST_ARGS='--feature-gates=DynamicKubeletConfig=true' FOCUS="CPU Manager" SKIP="" PARALLELISM=1`
CC @ConnorDoyle @derekwaynecarr
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add balajismaniam and ConnorDoyle to node-e2e approvers.
**What this PR does / why we need it**:
- Add balajismaniam and ConnorDoyle to node-e2e approvers.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
_Rationale:_ We are maintaining node e2e tests for the CPU manager component, and would also like to help with the rest of review load in this package. Both Balaji and I are approvers for the cpumanager and cpuset packages in the Kubelet container manager.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58216, 58193, 53033, 58219, 55921). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use GinkgoRecover to avoid panic.
See this in the test:
```
I0111 14:28:31.010] panic:
I0111 14:28:31.010] Your test failed.
I0111 14:28:31.010] Ginkgo panics to prevent subsequent assertions from running.
I0111 14:28:31.011] Normally Ginkgo rescues this panic so you shouldn't see it.
I0111 14:28:31.011]
I0111 14:28:31.011] But, if you make an assertion in a goroutine, Ginkgo can't capture the panic.
I0111 14:28:31.011] To circumvent this, you should call
I0111 14:28:31.011]
I0111 14:28:31.012] defer GinkgoRecover()
I0111 14:28:31.012]
I0111 14:28:31.012] at the top of the goroutine that caused this panic.
I0111 14:28:31.012]
I0111 14:28:31.012]
I0111 14:28:31.012] goroutine 1028 [running]:
I0111 14:28:31.013] k8s.io/kubernetes/vendor/github.com/onsi/ginkgo.Fail(0xc421098000, 0xb0, 0xc420da24c8, 0x1, 0x1)
I0111 14:28:31.013] /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/onsi/ginkgo/ginkgo_dsl.go:255 +0xda
I0111 14:28:31.014] k8s.io/kubernetes/vendor/github.com/onsi/gomega/internal/assertion.(*Assertion).match(0xc4220bd700, 0x9e897e0, 0xa123640, 0x0, 0x0, 0x0, 0x0, 0xa123640)
I0111 14:28:31.014] /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/onsi/gomega/internal/assertion/assertion.go:69 +0x1ef
I0111 14:28:31.014] k8s.io/kubernetes/vendor/github.com/onsi/gomega/internal/assertion.(*Assertion).NotTo(0xc4220bd700, 0x9e897e0, 0xa123640, 0x0, 0x0, 0x0, 0xc4220bd700)
I0111 14:28:31.015] /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/onsi/gomega/internal/assertion/assertion.go:43 +0xae
I0111 14:28:31.015] k8s.io/kubernetes/test/e2e_node.deletePodsSync.func1(0xc421485220, 0xc421321680, 0xc421517180)
I0111 14:28:31.015] /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e_node/resource_collector.go:382 +0x320
I0111 14:28:31.015] created by k8s.io/kubernetes/test/e2e_node.deletePodsSync
I0111 14:28:31.016] /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e_node/resource_collector.go:375 +0x9e
```
e.g.: https://storage.googleapis.com/kubernetes-jenkins/logs/ci-cri-containerd-node-e2e-serial/17/build-log.txt
**Release note**:
```release-note
none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add stub device plugin for conformance e2e test
**What this PR does / why we need it**:
Add stub device plugin for conformance e2e test
- extend [device_plugin_stub](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/deviceplugin/device_plugin_stub.go) to support e2e test
- add test suite with this device-plugin-stub
- simulate more use cases by deploying some pods to request these resources
**Which issue this PR fixes**:
fixes#52861
**Special notes for your reviewer**:
@vishh @jiayingz PTAL.
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Alpha: DynamicKubeletConfig] Double check before setKubeletConfiguration
**What this PR does / why we need it**:
Double check the `newCfg` is not equal to the `oldCfg` before we call `setKubeletConfiguration(newCfg)` in `tempSetCurrentKubeletConfig()`.
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubernetes/issues/57701
**Special notes for your reviewer**:
/area kubelet
/sig node
/assign @mtaufen
/cc @vishh @jiayingz @derekwaynecarr @dchen1107 @liggitt
PTAL, Thanks!
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Node e2e non docker specific
Fixes https://github.com/kubernetes/kubernetes/issues/57977.
Make node e2e test generic to container runtimes.
With this change, other than tests with `[Feature:Docker]`, all tests can run against all CRI container runtimes.
Note that this PR also marks cpu manager test as `Serial`, because it restarts kubelet during the test. It doesn't cause problem in regular node e2e suite today, because it is skipped if node has less than 2 CPUs, which is the case for our test environment. /cc @balajismaniam
@yujuhong @mrunalp @feiskyer
/cc @dashpole @balajismaniam @bprashanth Because I addressed your comments.
/cc @kubernetes/sig-node-pr-reviews
**Release note**:
```release-note
none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
e2e node framework can generate a base kubelet config file
Fixes#57980
This allows the e2e node test framework to generate a Kubelet config file containing the defaults it would typically pass to a test via flags, rather than passing these defaults as flags.
```release-note
NONE
```
This allows the e2e node test framework to generate a kubelet config
file containing the defaults it would typically pass to a test via
flags, rather than passing these defaults as flags.
Automatic merge from submit-queue (batch tested with PRs 57532, 57392). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Gke spec tweaks
**What this PR does / why we need it**:
This PR removes two unnecessary requirements for the GKE node image validation spec:
- The "vim" package doesn't need to be installed, as a vim environment is already available and the full "vim" pacakge installation takes some precious disk space.
- The linux headers are not needed for the kubernetes node and cluster tests to succeed, and again, take unnecessary disk space.
**Special notes for your reviewer**:
None.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dynamic config test: use a hyphen between the config name and the unique suffix
These are painful to read right now due to the lack of hyphen.
```release-note
NONE
```
Kubernetes Submit Queue