Automatic merge from submit-queue (batch tested with PRs 64695, 65982, 65908). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
switch delete strategy to background deletion
**Release note**:
```release-note
"kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources
```
### Before 1.11.0
- Resources that had client-side reapers in older versions of the client had all of their dependents deleted first. The parent resource itself was deleted *last*. This allowed the command to be re-entrant and was largely an artifact of it **having** to be done that way by a client-side reaper.
### After 1.11.0 (with this PR)
- Resources that previously had client-side reapers are no longer deleted last (after their dependents). They are now instead deleted first. The garbage-collector server-side then deletes any dependents.
- This means that the `delete` command can return, and the parent object can be deleted while child objects still exist.
- This is okay because the child resources are eventually deleted by the garbage collector server-side.
cc @liggitt @soltysh
Automatic merge from submit-queue (batch tested with PRs 63793, 65989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable kubectl proxy to set tcp keepalive
**What this PR does / why we need it**:
Allows setting keepalive period for kubectl proxy.
Fixes#63727
**Special notes for your reviewer**:
/assign @brendandburns
**Release note**:
```release-note
Introduce a new flag `--keepalive` for kubectl proxy to allow setting keep-alive period for long-running request.
```
remove create-on-update logic for quota controller
review: add more error check
remove unused args
revert changes in patch.go
use hasUID to judge if it's a create-on-update
Automatic merge from submit-queue (batch tested with PRs 65902, 65781). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
if loadbalancer section is not defined in cloudconfig, do not init support
**What this PR does / why we need it**: if LoadBalancer section is not defined in cloudconfig, we should not initialize loadbalancer support for openstack cloudprovider.
**Which issue(s) this PR fixes**:
Fixes#65775
**Special notes for your reviewer**:
**Release note**:
```release-note
If LoadBalancer is not defined in cloud config, the loadbalancer is not initialized anymore in openstack. All setups must have some setting under that section
```
Automatic merge from submit-queue (batch tested with PRs 65993, 65986, 65351, 65996, 65985). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-add pkg/generated/bindata.go
**What this PR does / why we need it**: I removed `pkg/generated/bindata.go` in #62432 as it had drifted out-of-date and was automatically generated by `make` and `bazel`.
This broke some downstream users who import `k8s.io/kubernetes`.
It's unclear whether the project intends for `k8s.io/kubernetes` to be vendorable, as there are other generated files which are not saved in the repo, including `pkg/generated/openapi/zz_generated.openapi.go` and `test/e2e/generated/bindata.go`, but `pkg/generated/bindata.go` seems to be a core dependency for current uses.
The new verify check added in #65882 will ensure that this file stays up-to-date.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
This partially addresses #65968. We also need to cherry-pick this to release-1.11.
**Release note**:
```release-note
Re-adds `pkg/generated/bindata.go` to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable.
```
Automatic merge from submit-queue (batch tested with PRs 65993, 65986, 65351, 65996, 65985). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix DeletionTimestamp printing
**What this PR does / why we need it**:
I found a bug that `ObjectMeta.DeletionTimestamp` is not displayed correctly because it's a future time but it uses the time difference until now. So I fixed it by calculating the time difference from now instead of until now.
Before this fix:
```
Name: test-pod-7bd594bd96-hf5kk
Namespace: default
Node: kube-node-2/10.192.0.4
Start Time: Fri, 22 Jun 2018 14:57:09 +0900
Labels: pod-template-hash=3681506852
run=test-pod
Annotations: <none>
Status: Terminating (lasts <invalid>)
Termination Grace Period: 30s
IP: 10.244.3.5
Controlled By: ReplicaSet/test-pod-7bd594bd96
Containers:
...
```
After this fix:
```
Name: test-pod-7bd594bd96-85cdd
Namespace: default
Node: kube-node-2/10.192.0.4
Start Time: Fri, 22 Jun 2018 14:56:44 +0900
Labels: pod-template-hash=3681506852
run=test-pod
Annotations: <none>
Status: Terminating (lasts 2m)
Termination Grace Period: 123s
IP: 10.244.3.4
Controlled By: ReplicaSet/test-pod-7bd594bd96
...
```
Could you consider merging it?
We heavily use preemptible jobs in my company and knowing deletion time and grace periods is really important when jobs trap `SIGTERM` and decide if it should continue to run until the deletion time or just stop immediately.
**Which issue(s) this PR fixes**
N/A
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65993, 65986, 65351, 65996, 65985). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] ILB tests - move t.Parallel() out of for loop
**What this PR does / why we need it**:
Moves `t.Parallel()` to the top of the test case instead of within the for loop. `t.Parallel()` within a `t.Run` block causes the for loop to advance to the next test case - see https://gist.github.com/posener/92a55c4cd441fc5e5e85f27bca008721 for more details.
Verified the fix by running the test multiple times locally, with @smarterclayton 's command `go test ./pkg/cloudprovider/providers/gce/ -test.run=TestEnsureInternalBackendServiceGroups/GetRegionBackendService_failed -count=10`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65883
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @grayluck
Automatic merge from submit-queue (batch tested with PRs 65987, 65962). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix pod worker deadlock.
Preemption will stuck forever if `killPodNow` timeout once. The sequence is:
* `killPodNow` create the response channel (size 0) and send it to pod worker.
* `killPodNow` timeout and return.
* Pod worker finishes killing the pod, and tries to send back response via the channel.
However, because the channel size is 0, and the receiver has exited, the pod worker will stuck forever.
In @jingxu97's case, this causes a critical system pod (apiserver) unable to come up, because the csi pod can't be preempted.
I checked the history, and the bug was introduced 2 years ago 6fefb428c1.
I think we should at least cherrypick this to `1.11` since preemption is beta and enabled by default in 1.11.
@kubernetes/sig-node-bugs @derekwaynecarr @dashpole @yujuhong
Signed-off-by: Lantao Liu <lantaol@google.com>
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 64226, 65880). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Populate NodeAffinity on top of labels for cloud based PersistentVolumes
**What this PR does / why we need it**:
This PR populates the NodeAffinity field (on top of the existing labels) for PVs backed by cloud providers like EC2 EBS and GCE PD.
**Special notes for your reviewer**:
Related to https://github.com/kubernetes/kubernetes/pull/63232
Sample `describe pv` output for EBS with node affinity field populated:
```
kubectl describe pv pv0001
Name: pv0001
Labels: failure-domain.beta.kubernetes.io/region=us-west-2
failure-domain.beta.kubernetes.io/zone=us-west-2a
Annotations: <none>
Finalizers: [kubernetes.io/pv-protection]
StorageClass:
Status: Available
Claim:
Reclaim Policy: Retain
Access Modes: RWO
Capacity: 5Gi
Node Affinity:
Required Terms:
Term 0: failure-domain.beta.kubernetes.io/zone in [us-west-2a]
failure-domain.beta.kubernetes.io/region in [us-west-2]
Message:
Source:
Type: AWSElasticBlockStore (a Persistent Disk resource in AWS)
VolumeID: vol-00cf03a068c62cbe6
FSType: ext4
Partition: 0
ReadOnly: false
Events: <none>
```
/sig storage
/assign @msau42
**Release note**:
```NONE```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Store the latest cloud provider node addresses
**What this PR does / why we need it**:
Buffer the recently retrieved node address so they can be used as soon as the next node status update is run.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65814
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65830, 65780, 65961). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere: set vCenter client UserAgent
**What this PR does / why we need it**:
Setting the client UserAgent makes it easier to identify vCenter sessions
used by the vSphere Cloud Provider. This is useful to remove sessions that
have leaked, such as when a VCP process goes away without calling Logout().
And to test that VCP properly re-authenticates when a session is removed.
Example use:
``` console
% govc session.ls | grep kubernetes-cloudprovider | awk '{print $1}' | xargs -n1 govc session.rm
```
**Special notes for your reviewer**:
Prior to the change, the session UserAgent is listed as `Go-http-client/1.1`, with the change as `kubernetes-cloudprovider/v1.12.0-...`
Format based on the azure provider client User-Agent: ac99da5e3e/pkg/cloudprovider/providers/azure/azure.go (L386-L393)
``` console
% govc session.ls
Key Name Time Idle Host Agent
5217bfbf-ed78-3538-c4f4-137dfdc87d97 VSPHERE.LOCAL\Administrator 2018-07-09 05:26 3m32s 10.0.0.237 kubernetes-cloudprovider/v1.12.0-alpha.0.1990+ac99da5e3e0c0d-dirty
52259ed5-417e-dab4-07bc-f1b01c06f6ce VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-07-09 05:25 4m41s 10.0.0.208 cl/1.0.0
5225b5d4-1c0a-e8e4-887e-5fa46fee0dc2 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:25 old 127.0.0.1 VMware vim-java 1.0
52385c6f-31b5-876e-3e44-35dc7120fe55 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:26 old 127.0.0.1 VMware vim-java 1.0
524b23c3-52b3-2fb8-00d4-914f1b34e9b1 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:25 old 127.0.0.1 VMware vim-java 1.0
524b6a02-0590-0c1b-db95-0d67b2c36875 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:26 1m26s 127.0.0.1 VMware vim-java 1.0
528b6f73-a658-f488-2651-05f3ec182757 VSPHERE.LOCAL\Administrator 2018-07-09 05:28 55s 10.0.0.237 Go-http-client/1.1
52987a71-c671-09e4-6613-ff480aa43882 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:25 old 127.0.0.1 VMware vim-java 1.0
52aa9262-a0c7-a79f-7983-2d3858ecc562 VSPHERE.LOCAL\Administrator 2018-07-09 05:09 . 10.0.0.154 govc/0.18.0
52b270fe-2e84-6209-04ff-f4597846ca79 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:26 old 127.0.0.1 VMware vim-java 1.0
52d7e734-80a9-0887-e6cb-13a92c1e4e30 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:25 old 127.0.0.1 VMware vim-java 1.0
52f5365e-6945-44c6-dc3c-0e3c90444bb0 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:26 old 127.0.0.1 VMware vim-java 1.0
52f58503-4943-e4c7-1d90-a3ec7d16ba71 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:26 old 127.0.0.1 VMware vim-java 1.0
52fd2f13-d1a9-7ff9-b779-c87b1e4e0490 VSPHERE.LOCAL\vpxd-extension-09179ffe-ed51-4dee-91a6-c60162932acd 2018-05-26 16:30 6m46s 10.0.0.208 VMware vim-java 1.0
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65830, 65780, 65961). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
change field selector conversion registration to be strongly typed
the signature of these methods is misleading... they require a group-version-kind
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64664, 65836, 65917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: Remove an extra character from rollout error message
**What this PR does / why we need it**:
Removes an extra character in a `kubectl rollout status` error message.
**Special notes for your reviewer**:
I thought this would be a good first contribution!
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors in generated client scheme
**What this PR does / why we need it**:
Adds missing error handling for schema construction code in generated clientsets.
**Which issue(s) this PR fixes**
Together with #64654fixes#51457.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 65456, 65549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flexvolume in containerized kubelets
Fixes flex volumes in containerized kubelets.
cc @jsafrane @chakri-nelluri @verult
Note to reviewers : e2e tests pass in local containarized cluster.
```release-note
Fix flexvolume in containarized kubelets
```
Automatic merge from submit-queue (batch tested with PRs 65456, 65549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add volume mode field to constructed volume spec for CSI plugin
Add volume mode filed to constructed Volume Spec for CSI plugin
```release-note
Add volume mode filed to constructed volume spec for CSI plugin
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding traffic shaping support for CNI network driver
**What this PR does / why we need it**:
Adding traffic shaping support for CNI network driver - it's also a sub-task of kubenet deprecation work.
Design document is available here: https://github.com/kubernetes/community/pull/1893
**Which issue(s) this PR fixes**:
Fixes #
**Special notes for your reviewer**:
/cc @freehan @jingax10 @caseydavenport @dcbw
/sig network
/sig node
**Release note**:
```release-note
Support traffic shaping for CNI network driver
```
Setting the client UserAgent makes it easier to identify vCenter sessions
used by the vSphere Cloud Provider. This is useful to remove sessions that
have leaked, such as when a VCP process goes away without calling Logout().
And to test that VCP properly re-authenticates when a session is removed.
Example use:
govc session.ls | grep kubernetes-cloudprovider | awk '{print $1}' | xargs -n1 govc session.rm
Automatic merge from submit-queue (batch tested with PRs 65882, 65896, 65755, 60549, 65927). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Avoid printing some service comments in iptables rules
According to some profiles, with large number of endpoints in the system, comments mentioning the service in appropriate iptables rules may be responsible for 40% of all iptables contents.
Given that ~70% of memory usage of kube-proxy seems to be because of generated iptables rules, the overall saving may be at the level of 30% or so.
OTOH, we sacrifise a bit understandability of iptables, but this PR only changes some of iptables that contribute to the most painful rules.
@thockin @danwinship @dcbw - thoughts?
Ref #65441
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve multi-authorizer errors
Fixes#52279
Includes an indication from the RBAC authorizer that it attempted to authorize the request. this reduces confusion when combined with a webhook authorizer that returns specific reasons for rejection
/sig auth
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: avoid read race during logout
**What this PR does / why we need it**:
The `go test -race` will sometimes detect a read race in the vSphere Cloud Provider logout function, causing tests to fail.
**Which issue(s) this PR fixes**:
Fixes#65696
**Special notes for your reviewer**:
The Client nil check was added in 6d1c4a3 , but there was not any
go test coverage of that code path until e22f9ca
**Release note**:
```release-note
none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove --cadvisor-port - has been deprecated since v1.10
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56523
**Special notes for your reviewer**:
- Deprecated in https://github.com/kubernetes/kubernetes/pull/59827 (v1.10)
- Disabled in https://github.com/kubernetes/kubernetes/pull/63881 (v1.11)
**Release note**:
```release-note
[action required] The formerly publicly-available cAdvisor web UI that the kubelet started using `--cadvisor-port` is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet.
```
Automatic merge from submit-queue (batch tested with PRs 65897, 65909, 65856, 65815). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
only need to ignore resources that match discovery conditions
GC and quota controllers ignore resources that are too expensive to manage. In kube this is only events. The incompatible resources should now be excluded on the basis of discovery. We should actually reflect that in the RESTStorage (done for GC for events) and discovery too.
@liggitt
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65838, 65837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
output which pods are a pvc in use when kubectl describe pvc is run
**What this PR does / why we need it**:
This PR implements a feature request to display the pods mounted to a PVC when `kubectl describe pvc` is ran. We need it since the only way to see which pods are bound to a PVC is by checking the volume mounts of each individual pod in the namespace.
Example Output:
```
$ kubectl get pods,pvc
NAME READY STATUS RESTARTS AGE
test-pod 1/1 Running 0 2h
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-pvc Bound pvc-718681dd-70cc-11e7-aa14-42010af00029 100Gi RWO us-east1-b 345d
```
```
$ kubectl describe pvc
Name: elasticsearch-data-elasticsearch-data-us-east1-b-0
Namespace: partners-production
StorageClass: us-east1-b
Status: Bound
Volume: pvc-718681dd-70cc-11e7-aa14-42010af00029
Labels: <none>
Annotations: <none>
Finalizers: [kubernetes.io/pvc-protection]
Capacity: 1Gi
Access Modes: RWO
Events: <none>
Mounted By: test-pod
```
Pods using the PVC are shown with the `Mounted By` field
**Which issue(s) this PR fixes**:
Closes#65233
**Special notes for your reviewer**:
**Release note**:
```release-note
Running `kubectl describe pvc` now shows which pods are mounted to the pvc being described with the `Mounted By` field
```
Automatic merge from submit-queue (batch tested with PRs 65838, 65837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix kubectl cluster-info bug
**What this PR does / why we need it**:
When api-server is not avaiable,` kubectl cluster-info `still prints information like: the cluster is running at ...
This patch fixes this bug
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes: #65817
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add cleanLegacyBindAddr
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65263
**Special notes for your reviewer**:
To fix the issue,
use `activeBindAddrs` map which represents ip address successfully bind to DefaultDummyDevice in the round of sync
use `currentBindAddrs` map which represents ip addresses bind to DefaultDummyDevice from the system
create a function `cleanLegacyBindAddr` to unbind address which is in `currentBindAddrs` map but not in `activeBindAddrs` map
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure storage account creation failure
**What this PR does / why we need it**:
fix azure storage account creation failure
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65845
**Special notes for your reviewer**:
This bug is due to azure-sdk-for-go API change introduced in v1.11:
fbe7db0e3f/services/storage/mgmt/2017-10-01/storage/models.go (L381-L382)
there is a new field `Kind` which is required, so any sdk upgrade from and old version would break the storage account creation since old code won't use `Kind`. I have filed an issue to azure-sdk-for-go: https://github.com/Azure/azure-sdk-for-go/issues/2182
**Release note**:
```
fix azure storage account creation failure
```
/kind bug
/sig azure
/assign @khenidak @feiskyer
cc @brendandburns
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
flatten nested lists for flatten in visitor
Lists which contain lists should themselves be flattened by a flatten call to the resource builder
@kubernetes/sig-cli-maintainers
@soltysh @juanvallejo
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add help description and examples to wait
**Release note**:
```release-note
NONE
```
Adds --help description and examples to the `wait` command.
cc @soltysh
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix `kubectl create priorityclass` failure bug
**What this PR does / why we need it**:
update` kubectl create priorityclass` command's api version.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65685
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean unused function in file pkg/volume/projected/projected.go
**What this PR does / why we need it**:
It was imported by https://github.com/kubernetes/kubernetes/pull/37237
And it is unusable at first place when it was imported
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update --template printer defaulting
**Release note**:
```release-note
NONE
```
Depends on https://github.com/kubernetes/kubernetes/pull/65711
The relevant commit for this PR is the last one (`
fix go-template defaulting for commands w default output format`)
cc @deads2k @soltysh
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fail on rbac resources of non-v1 versions in reconcile
Reconcile only supports rbac/v1 and other resources are skipped. This is good, except that only RBAC resources should really fail. This makes it fail.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
run test TestAttacherMountDevice in temp directory
This change fix two unit test:
1. After run command `make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherMountDevice$'`
There is a file leaked in work space:
pkg/volume/csi/vol_data.json
2. make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherUnmountDevice$'
This test fails if it does not run along with TestAttacherMountDevice.
This change fix it.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add healthz check to ensure logging is not blocked
When running the apiserver/controllers in pods, we encountered a docker bug that blocked stdout/stderr (https://github.com/moby/moby/issues/31373)
That in turn blocked flushing logs, which in turn eventually blocked any goroutine that logs anything (which is pretty much all the important goroutines)
This adds a healthz check that logging is not blocked so that healthz indicates something is wrong
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: wait for all errors and successes on podEviction
**What this PR does / why we need it**: This fixes `kubectl drain` to wait until all errors and successes are processed, instead of returning the first error. It also tweaks the behavior of the cleanup to check to see if the pod is already terminating, and if it is to not reissue the pod terminate which leads to an error getting thrown. This fix will allow `kubectl drain` to complete successfully when a node is draining.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @sjenning
**Release note**:
```release-note
NONE
```
#### Reproduction steps
### sleep.yml
```yaml
apiVersion: v1
kind: Pod
metadata:
name: bash
spec:
containers:
- name: bash
image: bash
resources:
limits:
cpu: 500m
memory: 500Mi
command:
- bash
- -c
- "nothing() { sleep 1; } ; trap nothing 15 ; while true; do echo \"hello\"; sleep 10; done"
terminationGracePeriodSeconds: 3000
restartPolicy: Never
```
```
$ kubectl create ns testing
$ kubectl create -f sleep.yml
$ kubectl delete ns testing
$ kubectl drain 127.0.0.1 --force
```
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make template printers a recommended printer
WIP because it needs tests. Apparently there weren't any before.
@juanvallejo open a pull to this branch adding tests for commands that need `--template` support and I'll squash them in.
@liggitt since you think it's widespread, here's an option to make it "normal"
@kubernetes/sig-cli-maintainers
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improved logging message for checking if node is shutdown.
**What this PR does / why we need it**:
The previous error message was "Error getting data for node" which was too broad of a message and not very descriptive. This PR will update it to "Error checking if node is shutdown" so that it is more specific.
```release-note
NONE
```
Fixes defaulting done for commands that default to a specific output
format (such as yaml, json) when a --template flag is provided and no
explicit --output value is given.
Under the above case, these commands will now properly default to
honoring the --template argument given, and default their --output
format to "go-template".
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update priority admission to improve interoperability
Builds on https://github.com/kubernetes/kubernetes/pull/65722
Makes the following adjustments to the priority admission plugin:
* allows creation of pods to include an explicit priority field if it matches the computed priority (allows export/import cases to continue to work on the same cluster, between clusters that match priorityClass values, and between clusters where priority is unused and all pods get `priority:0`)
* preserves existing priority if a pod update does not include a priority value and the old pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value on create being preserved by the admission plugin on update)
This should avoid the failures revealed by the kubectl tests exercising the pod API without any awareness of the priority feature
/sig scheduling
/cc @bsalamat
```release-note
kube-apiserver: the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add lichuqiang as reviewer of persistentvolume controller (for volume scheduling)
Now that I've been working on the storage topology-aware feature for quite a time. Really hope that I can help do some review.
```release-note
NONE
```
/assign @msau42
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix 'kubectl cp' with no arguments causes a panic
**What this PR does / why we need it**:
/kind bug
"kubectl cp" with no arguments causes a panic
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65475
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix 'kubectl cp' with no arguments causes a panic
```
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Read manifest directory in Kubelet immediately to speed up cluster startup in GCE
This eliminated unnecessary 20s on cluster startup.
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update output format so that it matches actual accepted values
/assign @juanvallejo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65094, 65533, 63522, 65694, 65702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix ipset creation fails on centos. issue 65461
**What this PR does / why we need it**:
remove usage of ipset comment extension because ipset versions on centos 7.x don't support comment yet.
See the issue #65461
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65461
**Special notes for your reviewer**:
The comments for corresponding iptable rules are left untouched.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65348, 65599, 65635, 65688, 65691). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
azure: Add validation of resourceGroup option.
ResourceGroup can be set only on `kind: Managed` disks.
**Release note**:
```release-note
NONE
```
/assign @andyzhangx
Automatic merge from submit-queue (batch tested with PRs 65348, 65599, 65635, 65688, 65691). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a typo error in description
**What this PR does / why we need it**:
fix a typo error in description
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65348, 65599, 65635, 65688, 65691). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typo brance -> brace
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
fix typo brance -> brace
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make various fixes to flex tests and fix some crashes
* Fixes two controller-manager crashes when a flex plugin gets removed from flex directory.
* Also enables e2e tests to run in local clusters and other environments.
* Removes disruptive from flex e2e tests because flex can be installed in a running cluster and does not require kubelet or controller-manager restart anymore.
/sig storage
cc @verult @jsafrane
```release-note
Fix controller-manager crashes when flex plugin is removed from flex plugin directory
```
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make builder tolerant of restmapper failures when it doesn't need answer
@kubernetes/sig-cli-maintainers
The restmapper, category expander, and client are not required for local lookups. Make them late binding functions instead of building and gathering errors early.
/assign @soltysh @juanvallejo
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow override of AllowCreateOnUpdate with new argument to Update
**What this PR does / why we need it**:
Changes the Update function signature to include a new bool which tells storage to override what the UpdateStrategy returns for AllowCreateOnUpdate. This is not exposed to the user, the handler is the one that sets this override value. Eventually the patch handler will set this to true, in order to provide more consistent apply behavior, without changing the existing PUT behavior.
Redo of https://github.com/kubernetes/kubernetes/pull/65075 but on master to reduce number of conflicts when we merge feature-serverside-apply with master.
/sig api-machinery
/cc @apelisse @lavalamp
**Release note**:
```release-note
NONE
```
No release note because this is just an internal change
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Unify log messages in pkg/kubectl/cmd/util/helpers.go
**What this PR does / why we need it**:
Unify a flag fatal message from "err accessing ..." to "**error** accessing ...", follow the word of other messages in _pkg/kubectl/cmd/util/helpers.go_.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Very glad to open my first PR for kubernetes, thanks.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a log param error
**What this PR does / why we need it**:
As the patch shows, it fix a small log param error in pkg/kubectl/cmd/get/get.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 64741, 65484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes docs mismatched with implementation
**What this PR does / why we need it**:
Some document is far different with the implementation, which is really confusing.
Manually fixed them and appended more information.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65412, 65630). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix missing protocol match in ipvs mode
**What this PR does / why we need it**:
fix missing protocol match in ipvs mode. See issue #65574
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65574
**Special notes for your reviewer**:
Tested cases:
- ClusterIP distributed to pod on same node
- ClusterIP distributed to pod on other node
- NodePort distributed to pod on same node
- NodePort distributed to pod on other node
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
skip nic that are in failing state
**What this PR does / why we need it**: this fixes partially #65025. Currently when getting primary NIC for VMSS the provisioning state isn't returned.
**Which issue(s) this PR fixes** : Fixes partially (for VMAS) #65025
**Special notes for your reviewer**:
/assign @feiskyer
**Release note**:
```release-note
skip nodes that have a primary NIC in a 'Failed' provisioningState
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
scheduler: update tests to use sub-benchmarks (pkg/scheduler/cache)
**What this PR does / why we need it**:
Go 1.7 added the subtest feature which can make table-driven tests much easier to run and debug. Some tests are not using this feature.
Further reading: [Using Subtests and Sub-benchmarks](https://blog.golang.org/subtests)
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Setup TLS with CA Cert for vsphere cloud provider
- Extend config to take a path to a CA Certificate
- Use the CA Cert when establishing a connection with the SOAP client
Testing
We provide certs and keys for tests as fixtures, `vclib/fixtures`.
Those were created (and can be regenerated) using `vclib/fixtures/createCerts.sh`.
At the moment it's possible to configure a CA path and at the same time allow insecure
communication between vsphere cloud provider and vcenter. This may
change in the future; we might opt for overwriting the insecure
communication if a CA is configured / log and transparently pass the
arguments to the vcenter command / other. To be discussed.
At the moment the CA is a global level configuration. In other
words, all vcenter servers need to use certificates signed by the same
CA. There might be use cases for different CA per vcenter server; to be
discussed.
**What this PR does / why we need it**:
This PR adds the option of configuring a trusted CA for the communication between the vsphere cloud provider and the vcenter control plane.
**Which issue(s) this PR fixes**:
Fixes#64222
**Special notes for your reviewer**:
**Release note**:
```release-note
- Can configure the vsphere cloud provider with a trusted Root-CA
```
Automatic merge from submit-queue (batch tested with PRs 65188, 65541, 65534). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ipvs: remove duplicated masq rules
Duplicated masq rules are created by current implementation:
```
-A KUBE-NODE-PORT -m comment --comment "mark MASQ for
externaltrafficpolicy=cluster" -j KUBE-MARK-MASQ
-A KUBE-NODE-PORT -j KUBE-MARK-MASQ
```
The last one is always there. So the one inside if statement could
just be removed.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix local volume directory can't be deleted issue
**What this PR does / why we need it**:
Need to add volume mode field to constructed pv spec.
**Special notes for your reviewer**:
I get an issue:
1) kubelet has lots of logs with errors related with volume mode
```
Jun 21 10:31:18 kubelet[19333]: E0621 10:31:18.422321 19333 reconciler.go:179] operationExecutor.NewVolumeHandler for UnmountVolume failed for volume "lv-e57cf589-4658-4881-b125-7b9f35c2c8eb" (UniqueName: "kubernetes.io/local-volume/4103e613-656c-11e8-8c20-74dbd180ddb4-lv-e57cf589-4658-4881-b125-7b9f35c2c8eb") pod "4103e613-656c-11e8-8c20-74dbd180ddb4" (UID: "4103e613-656c-11e8-8c20-74dbd180ddb4") : cannot get volumeMode for volume: lv-e57cf589-4658-4881-b125-7b9f35c2c8eb
Jun 21 10:31:18 kubelet[19333]: E0621 10:31:18.422351 19333 reconciler.go:179] operationExecutor.NewVolumeHandler for UnmountVolume failed for volume "lv-b1e788ac-78eb-4d26-819a-263cef5337ea" (UniqueName: "kubernetes.io/local-volume/4082c1da-656c-11e8-8c20-74dbd180ddb4-lv-b1e788ac-78eb-4d26-819a-263cef5337ea") pod "4082c1da-656c-11e8-8c20-74dbd180ddb4" (UID: "4082c1da-656c-11e8-8c20-74dbd180ddb4") : cannot get volumeMode for volume: lv-b1e788ac-78eb-4d26-819a-263cef5337ea
```
2) The pod is an orphan pod and have the volume directory left at the node
3) Because of the errors, the volume directory will never be deleted
**Release note**:
```release-note
Fix local volume directory can't be deleted because of volumeMode error
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix test failure of truncated time
**What this PR does / why we need it**:
The test of `TestFsStoreAssignedModified` in `pkg/kubelet/kubeletconfig/checkpoint/store` fails in my environment like below.
```
$ make test WHAT=./pkg/kubelet/kubeletconfig/checkpoint/store/
Running tests for APIVersion: v1,admissionregistration.k8s.io/v1alpha1,admissionregistration.k8s.io/v1beta1,admission.k8s.io/v1beta1,apps/v1beta1,apps/v1beta2,apps/v1,authentication.k8s.io/v1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1,authorization.k8s.io/v1beta1,autoscaling/v1,autoscaling/v2beta1,batch/v1,batch/v1beta1,batch/v2alpha1,certificates.k8s.io/v1beta1,coordination.k8s.io/v1beta1,extensions/v1beta1,events.k8s.io/v1beta1,imagepolicy.k8s.io/v1alpha1,networking.k8s.io/v1,policy/v1beta1,rbac.authorization.k8s.io/v1,rbac.authorization.k8s.io/v1beta1,rbac.authorization.k8s.io/v1alpha1,scheduling.k8s.io/v1alpha1,scheduling.k8s.io/v1beta1,settings.k8s.io/v1alpha1,storage.k8s.io/v1beta1,storage.k8s.io/v1,storage.k8s.io/v1alpha1,
+++ [0628 22:53:39] Running tests without code coverage
--- FAIL: TestFsStoreAssignedModified (0.00s)
fsstore_test.go:316: expect "2018-06-28T22:53:43+09:00" but got "2018-06-28T22:53:43+09:00"
FAIL
FAIL k8s.io/kubernetes/pkg/kubelet/kubeletconfig/checkpoint/store 0.236s
make: *** [test] Error 1
```
My environment is
OS: macOS Sierra Version 10.12.6
File System: Journaled HFS+
The error message confused me because the comparing times looked the same in the error log. If we know certain systems truncate times, I think we can just compare less precise times to avoid confusions in tests.
**Special notes for your reviewer**:
N/A
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove kubectl delete hack that handles DaemonSet deletion
**What this PR does / why we need it**: follow up #64847
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
/cc @liggitt @soltysh
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
deprecate --use-openapi-print-columns in favor of --server-print
server-side printing has been supported since 1.10 with identical output for core kubernetes types, support is available for extension API servers since 1.10, and for CRDs since 1.11.
openapi printing is mutually exclusive with server-side printing (you have to fetch full objects to do openapi printing, and table row output to do server side printing)
openapi printing has many downsides:
* it requires fetching/parsing a very large schema on every get request
* it requires complex object extraction logic be built into every client
* it is limited to literal values that appear in the objects
see discussion of long-term direction between these two approaches in https://github.com/kubernetes/kubernetes/pull/53483
/sig cli
@kubernetes/sig-cli-pr-reviews
/assign @pwittrock @soltysh
```release-note
kubectl: --use-openapi-print-columns is deprecated in favor of --server-print
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix out of bounds error on non-64-bit machines
This fixes an out of bounds error when running the controllers on a 32-bit machine
```
W0628 17:52:30.171975 1 node_lifecycle_controller.go:782] Missing timestamp for Node kube-master. Assuming now as a timestamp.
I0628 17:52:30.172115 1 taint_manager.go:205] Starting NoExecuteTaintManager
panic: runtime error: index out of range
goroutine 1740 [running]:
k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler.(*NoExecuteTaintManager).Run.func1(0x165e6000, 0x8, 0x15984100)
/workspace/anago-v1.11.0-rc.3.3+91e7b4fd31fcd3/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler/taint_manager.go:229 +0x1f8
created by k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler.(*NoExecuteTaintManager).Run
/workspace/anago-v1.11.0-rc.3.3+91e7b4fd31fcd3/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/controller/nodelifecycle/scheduler/taint_manager.go:217 +0x27c
```
See https://play.golang.org/p/rIpicHGHtiT for an example of the coercion overflow
/assign @wojtek-t
/kind bug
```release-note
fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bug printing openapi columns
Fixes#65579
```release-note
kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents
```
Automatic merge from submit-queue (batch tested with PRs 65548, 65598). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix comments about default mount propagation
We changed Private to be default mount propagation scheme but never got around to updating
docs and comments.
/sig storage
cc @jsafrane @liggitt
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 60150, 65467, 65487, 65595, 65374). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: feature gate LSI capacity calculation
Currently if `cm.cadvisorInterface.RootFsInfo()` fails, the whole kubelet bails. If `/var/lib/kubelet` is on a tmpfs or bindmount, this can happen (this is the case for some of our CI envs https://github.com/openshift/origin/issues/19948).
We would be able to workaround this, in the short term, by disabling the LSI feature gate if the capacity calculate was protected by the gate, but currently it isn't.
This PR adds the gate check around setting the ephemeral storage capacity.
@liggitt @derekwaynecarr @dashpole
It might be a different discussion about whether or not this should be fatal. If it isn't fatal, seems that it would just prevent pods that had a ephemeral storage request from being scheduled.
/sig node
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "certs: only append locally discovered addresses when we got none from the cloudprovider"
This reverts commit 7354bbe5ac.
https://github.com/kubernetes/kubernetes/pull/61869 caused a mismatch between the requested CSR and the addresses in node status.
Instead of computing addresses in two places, the cert manager should derive its CSR request from the addresses in node status. This would enable the kubelet to react to address changes, as well as be driven by an external cloud provider.
/cc @mikedanese
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for plugin directory hierarchy
**What this PR does / why we need it**:
Add hierarchy support for plugin directory, it traverses and
watch plugin directory and its sub directory recursively.
plugin socket file only need be unique within one directory,
```
plugin socket directory
|
---->sub directory 1
| |
| -----> socket1, socket2 ...
----->sub directory 2
|
------> socket1, socket2 ...
```
the design itself allow sub directory be anything,
but in practical, each plugin type could just use one sub directory.
**Which issue(s) this PR fixes**:
Fixes#64003
**Special notes for your reviewer**:
twos bonus changes added as below
1) propose to let pluginWatcher bookkeeping registered plugins,
to make sure plugin name is unique within one plugin type.
arguably, we could let each handler do the same work, but it requires
every handler repeat the same thing.
2) extract example handler out from test, it is easier to read the code with the
seperation.
**Release note**:
```release-note
N/A
```
/sig node
/cc @vikaschoudhary16 @jiayingz @RenaudWasTaken @vishh @derekwaynecarr @saad-ali @vladimirvivien @dchen1107 @yujuhong @tallclair @Random-Liu @anfernee @akutz
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a nit error in log
**What this PR does / why we need it**:
fix a small error in log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set flag show-kind when getting multiple types
**What this PR does / why we need it**:
Set "--show-kind" flag if requesting multiple resource types.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65375
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve job describe and get output
For get, condense completions and success into a single column, and
print the job duration. Use a new variant of ShortHumanDuration that
shows more significant digits, since duration matters more for jobs.
```
NAME COMPLETIONS DURATION AGE
image-mirror-origin-v3.10-1529985600 1/1 47s 42m
image-mirror-origin-v3.11-1529985600 1/1 74s 42m
image-pruner-1529971200 1/1 60m 4h
```
The completions column can be:
```
COMPLETIONS
0/1 # completions nil or 1, succeeded 0
1/1 # completions nil or 1, succeeded 1
0/3 # completions 3, succeeded 1
1/3 # completions 3, succeeded 1
0/1 of 30 # parallelism of 30, completions is nil
```
Update describe to show the completion time and the duration.
```
Start Time: Mon, 25 Jun 2018 20:00:05 -0400
Completed At: Mon, 25 Jun 2018 21:00:34 -0400
Duration: 60m
```
This is more useful than the current output:
```
NAME DESIRED SUCCESSFUL AGE
image-mirror-origin-v3.10-1529982000 1 1 54m
image-mirror-origin-v3.11-1529982000 1 1 54m
image-pruner-1529971200 1 1 3h
```
```release-note
Improve the display of jobs in `kubectl get` and `kubectl describe` to emphasize progress and duration.
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revendor GCE Go Client
Revendor GCE API go client and switch to use beta neg api in gce cloud provider.
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup verbose cAdvisor mocking in Kubelet unit tests
These tests had a lot of duplicate code to set up the cAdvisor mock, but weren't really depending on the mock functionality. By moving the tests to use the fake cAdvisor, most of the setup can be cleaned up.
/kind cleanup
/sig node
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65453, 65523, 65513, 65560). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
smaller fix about validate EnforceNodeAllocatable error
**What this PR does / why we need it**:
duplicate output messages about validate `EnforceNodeAllocatable` error
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64246, 65489, 65443). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
azure: Move configuration of resource group in storage class.
**What this PR does / why we need it**:
This moves configuration of Azure resource group into storage class. Users can't configure dynamic provisioning in PVCs, because that makes the PVC not portable to other Kubernetes installations, possibly on other clouds.
/sig storage
/assign @andyzhangx
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64246, 65489, 65443). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl convert should not double wrap output in nested lists
@kubernetes/sig-cli-maintainers
@soltysh
```release-note
kubectl convert previous created a list inside of a list. Now it is only wrapped once.
```
Duplicated masq rules are created by current implementation:
-A KUBE-NODE-PORT -m comment --comment "mark MASQ for
externaltrafficpolicy=cluster" -j KUBE-MARK-MASQ
-A KUBE-NODE-PORT -j KUBE-MARK-MASQ
The last one is always there. So the one inside if statement could
just be removed.
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Resolve potential devicePath symlink when MapVolume in containerized kubelet
**What this PR does / why we need it**: Ensures local block volumes will work in case kubelet is running in a container
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65445
**Special notes for your reviewer**: Code is mostly plumbing. If there is a better way to do it, let me know :)
I assume there will be e2e tests for the non-containerized case. I will need to test the containerized case myself, which may take a while.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure disk creation issue when specifying external resource group
**What this PR does / why we need it**:
fix azure disk creation issue when specifying external resource group, after azure disk creation succeeded, it fails to get azure disk state since it's still using original resource group
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65515
**Special notes for your reviewer**:
Together with https://github.com/kubernetes/kubernetes/pull/65443, this feature has been done, I will cherry-pick to prior versions later.
So in the end, we have two ways to make azure disk dynamic provision under an external resource group
- specify `resourcegroup` parameter in azure disk storage class
```
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: hdd
provisioner: kubernetes.io/azure-disk
parameters:
skuname: Standard_LRS
kind: managed
cachingmode: None
resourcegroup: USER-SPECIFIED-RG
```
- specify `volume.beta.kubernetes.io/resource-group` in PVC annotations
```
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-azuredisk
annotations:
volume.beta.kubernetes.io/resource-group: "USER-SPECIFIED-RG"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hdd
```
**Release note**:
```
fix azure disk issue when specifying external resource group
```
/kind bug
/sig azure
@jsafrane @rootfs
Just FYI @khenidak @brendandburns @feiskyer
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add limit to the TokenRequest expiration time
**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63575
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65507, 65508, 65486). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typo in vsphere cloud provider comment
**What this PR does / why we need it**:
Fix typo in code of vsphere cloud provider
As far as I know, it's not purchased by Google right..?
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65404, 65323, 65468). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix cleanup of volume metadata json file.
Create the json file with metadata as the last item, when everything else is ready, so we don't need to clean up the file in all error cases in this function.
Fixes#65322
**Release note**:
```release-note
Fixed cleanup of CSI metadata files.
```
/assign @saad-ali @vladimirvivien
For get, condense completions and success into a single column, and
print the job duration. Use a new variant of ShortHumanDuration that
shows more significant digits, since duration matters more for jobs.
```
NAME COMPLETIONS DURATION AGE
image-mirror-origin-v3.10-1529985600 1/1 47s 42m
image-mirror-origin-v3.11-1529985600 1/1 74s 42m
image-pruner-1529971200 1/1 60m 4h
```
The completions column can be:
```
COMPLETIONS
0/1 # completions nil or 1, succeeded 0
1/1 # completions nil or 1, succeeded 1
0/3 # completions 3, succeeded 1
1/3 # completions 3, succeeded 1
0/1 of 30 # parallelism of 30, completions is nil
```
Update describe to show the completion time and the duration.
Automatic merge from submit-queue (batch tested with PRs 65449, 65373, 49410). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
OpenStack LBaaS fix: must use ID, not name, of the node security group
This is a bugfix for the OpenStack LBaaS cloud provider security group management.
A bit of context: When creating a load balancer for a given `type: LoadBalancer` service, the provider will try to:
(see `pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go`/`EnsureLoadBalancer`)
1. create a load balancer (LB) in Openstack with listeners corresponding to the service's ports
2. attach a floating IP to the LB's network port
If `manage-security-groups` is enabled in controller-manager's cloud.conf:
3. create a security group with ingress rules corresponding to the LB's listeners, and attach it to the LB's network port
4. for all nodes of the cluster, pick an existing security group for the nodes ("node security group") and add ingress rules to it exposing the service's NodePorts to the security group created in step 3.
In the current upstream master, steps 1 through 3 work fine, step 4 fails, leading to a service that's not accessible via the LB without further manual intervention.
The bug is in the "pick an existing security group" operation (func `getNodeSecurityGroupIDForLB`), which, contrary to its name, will return the security group's name rather than its ID (actually it returns a list of names rather than IDs, apparently to cover some corner cases where you might have more than one node security group, but anyway). This will then be used when trying to add the ingress rules to the group, which the Openstack API will reject with a 404 (at least on our (fairly standard) Openstack Ocata installation) because we're giving it a name where it expects an ID.
The PR adds a "get ID given a name" lookup to the `getNodeSecurityGroupIDForLB` function, so it actually returns IDs. That's it. I'm not sure if the upstream code wasn't really tested, or maybe other people use other Openstacks with more lenient APIs. The bug and the fix is always reproducible on our installation.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58145
**Special notes for your reviewer:**
Should we turn `getNodeSecurityGroupIDForLB` into a method with the lbaas as its receiver because it now requires two of the lbaas's attributes? I'm not sure what the conventions are here, if any.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59214, 65330). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Migrate cpumanager to use checkpointing manager
**What this PR does / why we need it**:
This PR migrates `cpumanager` to use new kubelet level node checkpointing feature (#56040) to decrease code redundancy and improve consistency.
**Which issue(s) this PR fixes**:
Fixes#58339
**Notes**:
At point of submitting PR the most straightforward approach was used - `state_checkpoint` implementation of `State` interface was added. However, with checkpointing implementation there might be no point to keep `State` interface and just use single implementation with checkpoint backend and in case of different backend than filestore needed just supply `cpumanager` with custom `CheckpointManager` implementation.
/kind feature
/sig node
cc @flyingcougar @ConnorDoyle
it traverses and watch plugin directory and its sub directory recursively,
plugin socket file only need be unique within one directory,
- plugin socket directory
- |
- ---->sub directory 1
- | |
- | -----> socket1, socket2 ...
- ----->sub directory 2
- |
- ------> socket1, socket2 ...
the design itself allow sub directory be anything,
but in practical, each plugin type could just use one sub directory.
four bonus changes added as below
1. extract example handler out from test, it is easier to read the code
with the seperation.
2. there are two variables here: "Watcher" and "watcher".
"Watcher" is the plugin watcher, and "watcher" is the fsnotify watcher.
so rename the "watcher" to "fsWatcher" to make code easier to
understand.
3. change RegisterCallbackFn() return value order, it is
conventional to return error last, after this change,
the pkg/volume/csi is compliance with golint, so remove it
from hack/.golint_failures
4. refactor errors handling at invokeRegistrationCallbackAtHandler()
to make error message more clear.
Automatic merge from submit-queue (batch tested with PRs 65156, 65448). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] move NEG out of featuregate
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/ingress-gce/issues/274
**Release note**:
-->
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65164, 65258). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Query candidate zones for EBS when zone/zones not passed
**What this PR does / why we need it**:
This PR skips invoking `getCandidateZonesForDynamicVolume` to query EC2 zones of instances when zone/zones is present.
/sig storage
**Release note**:
```
none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
deployment: remove unused parameter 'podMap'
Signed-off-by: zhangjie <iamkadisi@163.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix scheduler config decoding
Fixes#65413
Implements a custom unmarshaler for a single scheduler config type which did not correctly specify JSON tags until https://github.com/kubernetes/kubernetes/issues/65414 is resolved
Adds missing compatibility tests for scheduler extenders back to 1.7
```release-note
Fixes incompatibility with custom scheduler extender configurations specifying `bindVerb`
```
Automatic merge from submit-queue (batch tested with PRs 63773, 65411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Removed unused vars.
Signed-off-by: Da K. Ma <klaus1982.cn@gmail.com>
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
When splitting `snake_case` words, omit the underscore
While we require camelCase by convention for official APIs, CRDs may use
`snake_case`, and the generic describer prints this as `Snake _ Case`. We should print `Snake Case`
Prow is impacted by this for the ProwJob CRD:
```
Decoration _ Config:
Gcs _ Configuration:
Bucket: origin-ci-test
Default _ Org: openshift
Default _ Repo: origin
Path _ Strategy: single
Gcs _ Credentials _ Secret: gcs-publisher-credentials
```
@kubernetes/sig-cli-pr-reviews
```release-note
Using `kubectl describe` on CRDs that use underscores will be prettier.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve scheduler's performance by eliminating sorting of nodes by their score
**What this PR does / why we need it**:
Profiling scheduler, I noticed that scheduler spends a significant amount of time in sorting the nodes after we score them to find nodes with the highest score. Finding nodes with the highest score does not need sorting the array. This PR replaces the sort with a linear scan.
Eliminating the sort results in over 10% improvement in throughput of the scheduler.
Before (3 runs for 5000 nodes, scheduling 1000 pods in a cluster running 2000 pods):
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 20682552 ns/op
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 20464729 ns/op
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 21188906 ns/op
After:
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 18485866 ns/op
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 18457749 ns/op
BenchmarkScheduling/5000Nodes/2000Pods-12 1000 18418200 ns/op
**Release note**:
```release-note
Improve scheduler's performance by eliminating sorting of nodes by their score.
```
Automatic merge from submit-queue (batch tested with PRs 65388, 64995). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add more conditions to the list of predicate failures that won't be resolved by preemption
**What this PR does / why we need it**:
Adds more conditions to the list of predicate failures that won't be resolved by preemption. This change can potentially improve performance of preemption by avoiding the nodes that won't be able to schedule the pending pod no matter how many other pods are removed from them.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add more conditions to the list of predicate failures that won't be resolved by preemption.
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 65388, 64995). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Always create kubeClusterIPSet in ipvs proxier
**What this PR does / why we need it**:
This PR creates the kubeClusterIPSet ipset even if kube-proxy is started without masqueradeAll and clusterCIDR.
This is necessary to masquerade traffic sent to a clusterIP from the host network namespace. The code to do so is actually already present here: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L1220-L1244
However the second else (neither masqueradeAll nor clusterCIDR are set) cannot be used because, before this PR, the initial test `if !proxier.ipsetList[kubeClusterIPSet].isEmpty()` can never return true when masqueradeAll and clusterCIDR are not set because kubeClusterIPSet is empty.
**Which issue(s) this PR fixes**
Fixes#65158
```release-note
Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags
```
**Additional comment**
Issue #65158 is closed because ClusterIP access from the host has already fixed in master, except for the case described here (no masquerade flag). More detail in the issue.
While we require camelCase by convention for official APIs, CRDs may use
`snake_case`, and the generic describer prints this as `Snake _ Case`.
Prow is impacted by this for the ProwJob CRD:
```
Decoration _ Config:
Gcs _ Configuration:
Bucket: origin-ci-test
Default _ Org: openshift
Default _ Repo: origin
Path _ Strategy: single
Gcs _ Credentials _ Secret: gcs-publisher-credentials
```
Automatic merge from submit-queue (batch tested with PRs 65377, 63837, 65370, 65294, 65376). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete should tolerate a failed wait because of missing verbs
The power and ability to delete does not imply the power and ability to watch. We correctly handled missing power (authz), but failed to account for ability (method not supported)
@kubernetes/sig-cli-maintainers
@soltysh
```release-note
Tolerate missing watch permission when deleting a resource
```
Automatic merge from submit-queue (batch tested with PRs 65377, 63837, 65370, 65294, 65376). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix openapi spec: posting a rollback returns a deploymentstatus
**What this PR does / why we need it**:
Fix openapi spec and documentation. Posting a rollback doesnt return a rollback object, it instead returns a deployment status.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref #56591
**Release note**:
```release-note
NONE
```
/sig api-machinery
/sig apps
Kubernetes Submit Queue