Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
run test TestAttacherMountDevice in temp directory
This change fix two unit test:
1. After run command `make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherMountDevice$'`
There is a file leaked in work space:
pkg/volume/csi/vol_data.json
2. make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherUnmountDevice$'
This test fails if it does not run along with TestAttacherMountDevice.
This change fix it.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove the v1alpha1 API
**What this PR does / why we need it**:
In v1.10 and earlier, kubeadm only had the `v1alpha1` API.
In v1.11, kubeadm could read `v1alpha1` configs, but only write `v1alpha2` configs
In v1.12, kubeadm can read `v1alpha2` configs, but only write `v1alpha3` or `v1beta1` configs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/911
Depends on: https://github.com/kubernetes/kubernetes/pull/65776
**Special notes for your reviewer**:
**Release note**:
```release-note
[action required] kubeadm: The `v1alpha1` config API has been removed.
Please convert your `v1alpha1` configuration files to `v1alpha2` using the
`kubeadm config migrate` command of kubeadm v1.11.x
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add healthz check to ensure logging is not blocked
When running the apiserver/controllers in pods, we encountered a docker bug that blocked stdout/stderr (https://github.com/moby/moby/issues/31373)
That in turn blocked flushing logs, which in turn eventually blocked any goroutine that logs anything (which is pretty much all the important goroutines)
This adds a healthz check that logging is not blocked so that healthz indicates something is wrong
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: wait for all errors and successes on podEviction
**What this PR does / why we need it**: This fixes `kubectl drain` to wait until all errors and successes are processed, instead of returning the first error. It also tweaks the behavior of the cleanup to check to see if the pod is already terminating, and if it is to not reissue the pod terminate which leads to an error getting thrown. This fix will allow `kubectl drain` to complete successfully when a node is draining.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @sjenning
**Release note**:
```release-note
NONE
```
#### Reproduction steps
### sleep.yml
```yaml
apiVersion: v1
kind: Pod
metadata:
name: bash
spec:
containers:
- name: bash
image: bash
resources:
limits:
cpu: 500m
memory: 500Mi
command:
- bash
- -c
- "nothing() { sleep 1; } ; trap nothing 15 ; while true; do echo \"hello\"; sleep 10; done"
terminationGracePeriodSeconds: 3000
restartPolicy: Never
```
```
$ kubectl create ns testing
$ kubectl create -f sleep.yml
$ kubectl delete ns testing
$ kubectl drain 127.0.0.1 --force
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Stop using/supporting the v1alpha1 Config API
**What this PR does / why we need it**:
In v1.10 and earlier, kubeadm only had the v1alpha1 API.
In v1.11, kubeadm could read v1alpha1 configs, but only write v1alpha2 configs
In v1.12, kubeadm can read v1alpha2 configs, but only write v1alpha3 or v1beta1 configs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/kubernetes/pull/65628
ref: kubernetes/kubeadm#911
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/assign @timothysc
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to go1.10.3
**What this PR does / why we need it**: updates to build with go1.10.3; see list of changes [here](https://github.com/golang/go/issues?q=milestone%3AGo1.10.3).
We'll probably want to cherrypick this to release-1.11 as well.
**Release note**:
```release-note
Update to use go1.10.3
```
/assign @BenTheElder @cblecker
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add additional authorization check for create-on-update
**What this PR does / why we need it**:
Currently it is possible for a user who is only authorized to update objects to send a PUT request for an object that doesn't currently exist, and if that resource allows create on update, it will all them to create the object. This PR fixes that bug and adds a test case which fails on master, but succeeds when the additional authorization check is done.
/sig api-machinery
/kind bug
/cc @liggitt @lavalamp
**Release note**:
```release-note
LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed.
```
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make template printers a recommended printer
WIP because it needs tests. Apparently there weren't any before.
@juanvallejo open a pull to this branch adding tests for commands that need `--template` support and I'll squash them in.
@liggitt since you think it's widespread, here's an option to make it "normal"
@kubernetes/sig-cli-maintainers
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improved logging message for checking if node is shutdown.
**What this PR does / why we need it**:
The previous error message was "Error getting data for node" which was too broad of a message and not very descriptive. This PR will update it to "Error checking if node is shutdown" so that it is more specific.
```release-note
NONE
```
Fixes defaulting done for commands that default to a specific output
format (such as yaml, json) when a --template flag is provided and no
explicit --output value is given.
Under the above case, these commands will now properly default to
honoring the --template argument given, and default their --output
format to "go-template".
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Mengqi to the list of approvers for strategicpatch
cc @mengqiy
/assign @pwittrock
Replaces #65535
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update priority admission to improve interoperability
Builds on https://github.com/kubernetes/kubernetes/pull/65722
Makes the following adjustments to the priority admission plugin:
* allows creation of pods to include an explicit priority field if it matches the computed priority (allows export/import cases to continue to work on the same cluster, between clusters that match priorityClass values, and between clusters where priority is unused and all pods get `priority:0`)
* preserves existing priority if a pod update does not include a priority value and the old pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value on create being preserved by the admission plugin on update)
This should avoid the failures revealed by the kubectl tests exercising the pod API without any awareness of the priority feature
/sig scheduling
/cc @bsalamat
```release-note
kube-apiserver: the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add lichuqiang as reviewer of persistentvolume controller (for volume scheduling)
Now that I've been working on the storage topology-aware feature for quite a time. Really hope that I can help do some review.
```release-note
NONE
```
/assign @msau42
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix 'kubectl cp' with no arguments causes a panic
**What this PR does / why we need it**:
/kind bug
"kubectl cp" with no arguments causes a panic
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65475
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix 'kubectl cp' with no arguments causes a panic
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bazel: kubelet deb package postinstall step
**What this PR does / why we need it**:
Presently bazel build .deb (kubelet.deb specifically) does not auto-restart after installation. Adding a postinst control file fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
kubernetes/kubeadm#944
**Special notes for your reviewer**:
@chuckha
```release-note
bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation
```
Automatic merge from submit-queue (batch tested with PRs 65719, 65764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix CoreDNS image generation bug
**What this PR does / why we need it**:
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65757
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind bug
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65719, 65764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
juju: Fix upgrade actions not working with resources
**What this PR does / why we need it**:
This fixes an issue with the kubernetes-master and kubernetes-worker charms, where running the `upgrade` action does not actually perform an upgrade when snaps are attached as resources.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/528
**Special notes for your reviewer**:
The underlying issue is that both layer-snap and the kubernetes layers are using `any_file_changed` to look for changes in the resources. This PR fixes it by removing the use of `any_file_changed` in the top-level layers, and implementing our own code for it instead.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65381, 65751). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix smb mount security issue
**What this PR does / why we need it**:
fix smb mount security issue:
user PowerShell Environment Variables to store user input string to prevent command line injection, the env var in PowerShell would be taken as literal values and not as executable vulnerable code, this kind of fix is common for command line injection issue (called: parameterized way)
Originally use go sdk for `New-SmbGlobalMapping` is best solution, while after discussion with Windows team, go API for `New-SmbGlobalMapping` is not ready yet and the new functionality of basic win32 API [NetUseAdd](https://msdn.microsoft.com/en-us/library/windows/desktop/aa370645(v=vs.85).aspx) is not public yet, use [PowerShell with Environment Variables](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1) is also their recommended way.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65750
**Special notes for your reviewer**:
- This is a security issue fix, no behavior change, E2E test of smb mount passes.
- Original logging as `azureMount` is incorrect since this mount_windows is for mount disk & smb, it's a common feature on Windows, not specific to Azure, I will send another PR to fixing all the logging naming issue, anyway it's not related to this security issue. Let's keep this PR simple.
**Release note**:
```
fix smb mount security issue
```
/sig windows
/sig storage
/kind bug
@jessfraz
/assign @jsafrane @msau42
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 65357, 65568). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update aws-sdk to support new region cn-northwest-1
Update aws sdk to support region cn-northwest-1 in China.
**What this PR does / why we need it**:
need newer aws-sdk version to support new region cn-northwest-1
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65357, 65568). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow more fields at root of CRD schema if status is enabled
Fixes https://github.com/kubernetes/kubernetes/issues/65293
Currently, we allow only `properties`, `required` and `description` at the root of the CRD schema when the status subresource is enabled.
We can also include some other fields, even though sometimes they might not make sense (but they don't harm).
The main idea is that when validation schema for status is extracted as `properties["status"]`, validation for status is not lost.
**Release note**:
```release-note
More fields are allowed at the root of the CRD validation schema when the status subresource is enabled.
```
Automatic merge from submit-queue (batch tested with PRs 64599, 65729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: cleanup code and comments
fix golint issues
/kind cleanup
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64599, 65729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix go import
**What this PR does / why we need it**:
Fix go import introduced by #63777.
cc @lavalamp
/assign @sttts
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65040, 65731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove scheduler config deprecated warning as the new component config is still in alpha
**What this PR does / why we need it**:
The new scheduler's component config file (API) is still in alpha. We shouldn't push users to use the alpha feature as it may change in the future and the changes may not be backward compatible.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 65040, 65731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[trivial] fix option help message.
s/andif/and if/
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
leader election: fix dead loop bug
**What this PR does / why we need it**:
bug fix: leader election calling apiserver without time interval. It is a dead loop.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65666
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Read manifest directory in Kubelet immediately to speed up cluster startup in GCE
This eliminated unnecessary 20s on cluster startup.
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Replace GetCoreImage with less error prone functions
**What this PR does / why we need it**:
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#800
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/cc @chuckha
/kind enhancement
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update output format so that it matches actual accepted values
/assign @juanvallejo
**Release note**:
```release-note
NONE
```
Lucas Käldström