Automatic merge from submit-queue (batch tested with PRs 58302, 58782, 58555, 58741). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use containing API group when resolving shortname from discovery
**What this PR does / why we need it**:
kubectl does not use containing API group when resolving shortname from discovery
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58695
**Special notes for your reviewer**:
/assign @liggitt
/cc @nikhita @zjj2wry
**Release note**:
```release-note
use containing API group when resolving shortname from discovery
```
Automatic merge from submit-queue (batch tested with PRs 58302, 58782, 58555, 58741). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change equivalence class hashing function
**What this PR does / why we need it**:
This updates the Pod equivalence class hashing function to hash pod fields which are read by scheduler predicates. Until now, we used a pod's OwnerReference as a shorthand for equivalence, but not all controllers will create homogeneous sets of pods.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
/ref #58222
**Performance impact**:
Hashing is not expensive enough to impact scheduling performance.
|Test|Result|
|---|---|
| Before | `BenchmarkEquivalenceHash-40 200000 7722 ns/op` |
| After | `BenchmarkEquivalenceHash-40 10000 114184 ns/op` |
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 58302, 58782, 58555, 58741). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make it possible to override the driver installer daemonset url from test-infra.
This will enable things like kubernetes/test-infra#6430
/kind enhancement
/sig testing
/sig scheduling
**Release note**:
```release-note
NONE
```
/assign @jiayingz @vishh
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
uniquify resource lock identities
Resource lock identities on the same host were not unique. This keeps the hostname (that's valuable), but also adds a UUID so that you can start a process twice on the same host and not end up with two processes trying to lead.
@kubernetes/sig-api-machinery-bugs @liggitt @smarterclayton
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move multizone e2e to e2e/scheduling from e2e/multicluster
afaik these tests should be the responsibility of @kubernetes/sig-scheduling-pr-reviews instead of @kubernetes/sig-multicluster-pr-reviews.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubectl explain for cronjobs
**What this PR does / why we need it**:
`kubectl explain cronjob` was failing with `error: Couldn't find resource for "batch/v1, Kind=CronJob"` the reason for that is that even though we were getting the group and version from the mapper, we always rewrote it with the default value for a specific group, unless user specified the output version.
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix kubectl explain for resources not existing in default version of API group
```
for review:
/assign @juanvallejo
for approval:
/assign @deads2k
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add list of pods that use a volume to multiattach events
So users knows what pods are blocking a volume and can realize their error.
**Release note**:
```release-note
NONE
```
UX:
* User can get one of following events, depending what other pod(s) are already using a volume and in which namespace they are:
```
Multi-Attach error for volume"volume-name" Volume is already exclusively attached to one node and can't be attached to another
Multi-Attach error for volume "volume-name" Volume is already used by pod(s) pod3 and 1 pod(s) in different namespaces
```
* controller-manager gets always full logs:
* When the node where is the volume attached is known:
```
Multi-Attach error for volume "volume-name" (UniqueName: "fake-plugin/volume-name") from node "node1" Volume is already used by pods ns2/pod2, ns1/pod3 on node node2, node3
```
* When the node where is the volume attached is not known:
```
Multi-Attach error for volume "volume-name" (UniqueName: "fake-plugin/volume-name") from node "node1" Volume is already exclusively attached to node node2 and can't be attached to another
```
/kind bug
/sig storage
/assign @gnufied
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix equivalence cache invalidation of Node condition.
Equivalence cache for CheckNodeConditionPred becomes invalid when
Node.Spec.Unschedulable changes. This can happen even if
Node.Status.Conditions does not change, so move the logic around.
This logic is covered by integration test
"test/integration/scheduler".TestUnschedulableNodes but equivalence
cache is currently skipped when test pods have no OwnerReference.
The test failure is exposed by #58555
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
/ref #58222
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
@kubernetes/sig-scheduling-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Rename package deviceplugin => devicemanager.
**What this PR does / why we need it**:
Fixes#58795
/kind cleanup
Rename package `deviceplugin` to `devicemanager` for consistency.
We already have components named Container manager and CPU manager. The device plugin package similarly contains an interface called `Manager`. The fact that the manager has plugins is somewhat incidental to the purpose of the package itself.
Note that this rename only affects internal API. The external gRPC interface still exports a package called deviceplugin.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet/get-pod-from-path: unused param should be removed
**What this PR does / why we need it**:
I'm sorry that i have not notice this PR has been closed because of the error of test. And, i found it can't reopen again, so i open the other one, thank you!
https://github.com/kubernetes/kubernetes/pull/38184
I am so sorry for trouble with you, PTAL, thank you!
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
testcase to pkg/kubelet/cadvisor/util.go
**What this PR does / why we need it**:
testcase to pkg/kubelet/cadvisor/util.go
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add kawych to Metrics Server owners
**What this PR does / why we need it**:
Add kawych to Metrics Server owners
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Never let cluster-scoped resources skip webhooks
Fix#57964
This allows user write webhooks for cluster-scoped custom resources.
We still need to figure out how to selectively exempt cluster-scoped resources from webhooks to avoid bootstrapping deadlocks. For now, if a deadlock occurs, users can work around by first deleting the webhook configuration, then rebooting the webhook, then re-enabling the webhook configuration.
```release-note
Bug fix: webhooks now do not skip cluster-scoped resources
Action required: Before upgrading your Kubernetes clusters, double check if you had configured webhooks for cluster-scoped objects (e.g., nodes, persistentVolume), these webhooks will start to take effect. Delete/modify the configs if that's not desirable.
```
This moves the equivalence hashing code from
algorithm/predicates/utils.go to core/equivalence_cache.go.
In the process, making the hashing function and hashing function factory
both injectable dependencies is removed.
This changes the equivalence class hashing function to use as inputs all
the Pod fields which are read by FitPredicates. Before we used a
combination of OwnerReference and PersistentVolumeClaim info, which was
a close approximation. The new method ensures that hashing remains
correct regardless of controller behavior.
The PVCSet field can be removed from equivalencePod because it is
implicitly included in the Volume list.
Tests are now broken.
Equivalence cache for CheckNodeConditionPred becomes invalid when
Node.Spec.Unschedulable changes. This can happen even if
Node.Status.Conditions does not change, so move the logic around.
This logic is covered by integration test
"test/integration/scheduler".TestUnschedulableNodes but equivalence
cache is currently skipped when test pods have no OwnerReference.
Automatic merge from submit-queue (batch tested with PRs 58661, 58764, 58368, 58739, 58773). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't bind PVs and PVCs with different access modes.
PVC pre-bound to a PV can bind to the PV only if it has correct access mode. Report an event if it does not and keep the PVC Pending.
++ minor refactoring of `syncClaim`, `isMisMatch` was declared too far away from place when it's used.
/sig storage
/assign @gnufied @rootfs
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 58661, 58764, 58368, 58739, 58773). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE cloud provider] Ensure hosts are updated in EnsureLoadBalancer()
**What this PR does / why we need it**:
From https://github.com/kubernetes/kubernetes/issues/56527, the `EnsureLoadBalancer()` implementation in GCE external LB doesn't always update the hosts (nodes). This PR makes it to do so.
Previously, the only situation where `ensureExternalLoadBalancer()` will not update hosts is when hosts are updated but there is no other changes that trigger target pool update (for which we delete&recreate target pool and hence updates the hosts). So the main change here is detecting that condition and call `updateTargetPool()`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56527
**Special notes for your reviewer**:
Turned out it could be a small change, so I gave it a try.
/assign @nicksardo @bowei
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58756, 58758, 58725, 52799, 58534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add vSphere Cloud Provider vclib tests
**What this PR does / why we need it**:
Additional vSphere Cloud Provider functional tests against vcsim, providing more test coverage without having to run against a real vCenter instance.
Follow up to #55918
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
This set of tests focuses on Datastore, Folder and VirtualMachine types. A couple of TODOs depend on changes to vcsim, I will follow up on those.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58756, 58758, 58725, 52799, 58534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
PSP: improve parsing and validation of SELinux levels
**What this PR does / why we need it**:
At this moment, when we're comparing SELinux levels of PSP and container, we compare them as strings. We don't take into account that categories in a level may be specified in a different order (for example, `s0:c0,c6` is the same as `s0:c6,c0`).
This PR improves handling of SELinux levels by doing logical comparison.
**Special notes for your reviewer**:
Here is the issue in OpenShift tracker from @pweil-: https://github.com/openshift/origin/issues/15627
Relate PR to fixing this in OpenShift: https://github.com/openshift/origin/pull/16432
**Release note**:
```release-note
NONE
```
PTAL @pweil-
CC @simo5
Automatic merge from submit-queue (batch tested with PRs 58756, 58758, 58725, 52799, 58534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
serviceaccount: move service account token functionality to go-jose
This is a non-functional change that makes some of my later work easier.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure config has been created before attempting to launch ingress.
**What this PR does / why we need it**: Ensure config has been created before attempting to launch ingress.
**Release note**:
```release-note
Ensure config has been created before attempting to launch ingress.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
By default block service proxy to external IP addresses.
**What this PR does / why we need it**:
Currently, the Service Proxy on the APIServer allows unrestricted access to any IP address that the APIServer machine can reach. This is likely undesirable in many cases.
Update the service proxy so that it filters Endpoints to only those that have a TargetRef that matches a known Pod.
Fixes https://github.com/kubernetes/kubernetes/issues/58761
**Release note**:
```release-note
By default disable access to external IP addresses from the apiserver service proxy.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update release note links for 1.10
**What this PR does / why we need it**:
Adds link to 1.10 release notes to CHANGELOG.md
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a container type to the runtime manager's container status
**What this PR does / why we need it**:
This is Step 1 of the "Debug Containers" feature proposed in #35584 and is hidden behind a feature gate. Debug containers exist as container status with no associated spec, so this new runtime label allows the kubelet to treat containers differently without relying on spec.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: cc #27140
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
**Integrating feedback**:
- [x] Remove Type field in favor of a help method
**Dependencies:**
- [x] #46261 Feature gate for Debug Containers
Automatic merge from submit-queue (batch tested with PRs 58259, 58664). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support out-of-tree / external cloud providers
**What this PR does / why we need it**:
Currently kubeadm fails in preflight check. We should allow external cloud providers
```
[preflight] Starting the kubelet service
cloudprovider: Invalid value: "external": cloudprovider not supported
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Added support for external cloud providers in kubeadm
```
Renaud Gaubert