Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised.
**What this PR does / why we need it**:
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised. Increase code coverage from 76.5% to 81.5%.
<!--
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
-->
**Release note**:
```release-note
NONE
```
\assign @MrHohn
Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Specify DHCP domain for hostname
**What this PR does / why we need it**:
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
new dhcp-domain parameter to be used for figuring out the hostname of a node
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[e2e ingress-gce] Run preshared-cert and backend HTTPS tests with kubemci
**What this PR does / why we need it**:
Make preshared-cert and backside-reencryption tests compatible with kubemci.
Test is currently failing with the symptom described on https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/issues/131#issuecomment-377098544.
@nikhiljindal @g-harmon
/hold
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: fix a panic when createGeneratedObject failed
**What this PR does / why we need it**:
This PR fixed two bugs in the `kubectl run` command.
The first commit fixed a panic that can be reproduced with the following two commands:
```bash
kubectl run --image=alpine hello -- sleep 1d
kubectl run --image=alpine --stdin --tty --attach hello -- /bin/sh
```
When the panic happens, the stack trace is as the following:
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x12f92e6]
goroutine 1 [running]:
k8s.io/kubernetes/pkg/kubectl/cmd.RunRun(0x1890d20, 0xc4207f6210, 0x184e700, 0xc42000c010, 0x184e720, 0xc42000c018, 0x184e720, 0xc42000c020, 0xc42052ef00, 0xc42054f980, ...)
/home/star/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/kubectl/cmd/run.go:328 +0x10b6
k8s.io/kubernetes/pkg/kubectl/cmd.NewCmdRun.func1(0xc42052ef00, 0xc42054f980, 0x2, 0x8)
/home/star/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/kubectl/cmd/run.go:105 +0x144
...
```
The reason for the panic is that the original code didn't handle the error returned by `createGeneratedObject` correctly. See https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/run.go#L281
If the function `createGeneratedObject` fails, the returned `runObject` will be `nil`. At https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/run.go#L328 a nil pointer dereference will happen.
The second problem this PR fixed is a resource leak if both `--rm` and `--expose` flags are provided. The original code used a map (https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/run.go#L280) to trace the created objects. But at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/run.go#L296 the code will overwrite the previously created object with the same key. So at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/run.go#L348 only the service will be deleted. The deployment will be left behind.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/kind bug
/sig cli
Automatic merge from submit-queue (batch tested with PRs 60990, 60947, 45275, 60565, 61091). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix service loadbalancer source range for ipvs proxy mode
**What this PR does / why we need it**:
fix service loadbalancer source range for ipvs proxy mode
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61090
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60990, 60947, 45275, 60565, 61091). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl cp command bug fix
**What this PR does / why we need it**:
when copy file from host to pod like this:
1.kubectl copy /tmp/test-file test-pod:/
2.kubectl copy /tmp/test-file test-pod:
example 1 will fail, example 2 will cause a panic.
This patch fix bugs above.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60564
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60990, 60947, 45275, 60565, 61091). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support multi-container pod for "kubectl logs"
kubectl logs -l will print logs for pods with the same label, however it doesn't support pods with multi containers. This change adds support to it with --all-containers.
Ussage:
$ kubectl logs my-pod --all-containers
$ kubectl logs -laa=bb --all-containers
$ kubectl logs my-pod my-container --all-containers (err: container should not combined with --all-containers)
**Release note**:
```
add --all-containers option to "kubectl log"
```
Fixes:
https://github.com/kubernetes/kubectl/issues/371
Automatic merge from submit-queue (batch tested with PRs 60990, 60947, 45275, 60565, 61091). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add conflict detection feature to apply strategy
- Add DetectConflictor interface on Element level. Implemented it for particular elements.
- If Options.FailOnConflict is enabled, Merge will detect conflict by invoking doConflictDecect for particular element,
returning ConflictError with details.
- Add tests, including use case examples and illustration. For example: list, map, and complicated combination.
**What this PR does / why we need it**:
Apply is being rewritten under pkg/kubectl/apply/strategy based on visitor pattern. The new merge and replace code should check for conflicts between the recorded value and the remote value, and optionally return an error if they do not match with the field and details. A conflict is if the same field is specified in BOTH the recorded and the remote values of an object, but does not match.
**Which issue(s) this PR fixes**:
Fixes#60945https://github.com/kubernetes/kubectl/issues/97
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure reasons end up as comments in kubectl edit.
**What this PR does / why we need it**:
This PR helps making sure that all text in the header of the file is prefixed with `#` when using `kubectl edit` to fix schema validation errors. The problem is best described with an example:
*Before:*
```yaml
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
# mycrd "example-cr" was not valid:
# * []: Invalid value: map[string]interface {}{"apiVersion":"example.com/v1alpha1", "kind":"MyCRD", "metadata":map[string]interface {}{"clusterName":"", "creationTimestamp":"2018-03-09T16:16:41Z", "name":"example-cr", "namespace":"default", "resourceVersion":"12399", "selfLink":"", "uid":"4089f5bd-23b5-11e8-a33f-42010aa40081", "generation":0}, "spec":map[string]interface {}{"size":-1}}: validation failure list:
spec.size in body should be greater than or equal to 1
#
apiVersion: example.com/v1alpha1
kind: MyCRD
```
This obviously won't be accepted as input, the user having to manually add a `#` to the line in the header.
*After:*
```yaml
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
# mycrd "example-cr" was not valid:
# * []: Invalid value: map[string]interface {}{"apiVersion":"example.com/v1alpha1", "kind":"MyCRD", "metadata":map[string]interface {}{"clusterName":"", "creationTimestamp":"2018-03-09T16:16:41Z", "name":"example-cr", "namespace":"default", "resourceVersion":"12399", "selfLink":"", "uid":"4089f5bd-23b5-11e8-a33f-42010aa40081", "generation":0}, "spec":map[string]interface {}{"size":-1}}: validation failure list:
# spec.size in body should be greater than or equal to 1
#
apiVersion: example.com/v1alpha1
kind: MyCRD
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
(None that I am aware of)
**Special notes for your reviewer**:
(None)
**Release note**:
```release-note
Ensure reasons end up as comments in `kubectl edit`.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set leader-elect for kube-scheduler to true
**What this PR does / why we need it**:
Thanks to some great sleuthing by ikruglov!
kube-controller-manager defaults --leader-elect to true. We should
do the same for kube-scheduler. kube-scheduler used to have this
set to true, but it got lost during refactoring in:
efb2bb71cd
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59729
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-scheduler has been fixed to use `--leader-elect` option back to true (as it was in previous versions)
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding integration tests for statefulset
**What this PR does / why we need it**:
Creates a base statefulset integration test framework.
Basic tests added.
**Which issue(s) this PR fixes**:
None
**Special notes for your reviewer**:
Cloned pull/52583 and updated it to work with latest API changes.
**Release note**:
None.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix patch conflict detection in apiserver
Patching conflict for merging list with mergeKey is not determined in the correct way.
```release-note
None
```
Thanks to some great sleuthing by ikruglov!
kube-controller-manager defaults --leader-elect to true. We should
do the same for kube-scheduler. kube-scheduler used to have this
set to true, but it got lost during refactoring in:
efb2bb71cd
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use old resource model in External Metrics API e2e tests
**What this PR does / why we need it**:
Currently e2e tests for External Metrics are failing, because the tests projects are not whitelisted to use new Stackdriver resource model. They will be in a week, but this particular test doesn't have to depend on it.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of Azure standard load balancer and public IP
**What this PR does / why we need it**:
This PR adds a new configure `loadBalancerSku` and `excludeMasterFromStandardLB` to support Azure standard load balancer and public IP.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
First step of #60485
**Special notes for your reviewer**:
This is the first step of #60485, and only VMAS is supported yet. VMSS support will be added in a following PR.
**Release note**:
```release-note
Azure cloud provider now supports standard SKU load balancer and public IP. To use it, set cloud provider config with
{
"loadBalancerSku": "standard",
"excludeMasterFromStandardLB": true,
}
If excludeMasterFromStandardLB is not set, master nodes are also added to the backend of standard LB.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add e2e test for external metrics with Stackdriver
**What this PR does / why we need it**:
Adds e2e tests for external metrics using Stackdriver adapter.
Rename the file to note that these are Stackdriver tests in anticipation of tests running with fake custom metrics apiserver. Refactor the tests to be more structured.
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use handle DeletedFinalStateUnknown objects in function deleteNode
**What this PR does / why we need it**:
fixtodo:ensure len(nodeName) > 0 in function deleteNode
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add namespace name into e2e event verify function
**What this PR does / why we need it**:
Scheduler now events assigned msg with `ns/podname`, but the e2e is still expect `podname` only.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61916
**Special notes for your reviewer**:
cc @Random-Liu @bsalamat
@kubernetes/sig-scheduling-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61482, 61740). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make systemd service name for kubelet use a timestamp in e2e-node tests.
**What this PR does / why we need it**:
This makes it easier to figure out which execution was last when looking at the output of `systemd list-units kubelet-*.service`.
We try to find the name of the /tmp/node-e2e-* directory and use the same timestamp if we can. Otherwise, we just call Now() again, which isn't as nice (as the unit name and directory name will not match) but will still produce unit names that will be ordered when launching multiple subsequent executions on the same host.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
N/A
**Special notes for your reviewer**:
Tested using `make test-e2e-node REMOTE=true` and then checking `systemctl list-units kubelet-*.service` on the target host.
```
$ systemctl list-units kubelet-*.service
kubelet-20180326T142016.service loaded active exited /tmp/node-e2e-20180326T142016/kubelet --kubeconfig /tmp/node-e2e-20180326T142016/kubeconfig --root-dir /var/lib/kubelet ...
kubelet-20180326T143550.service loaded active exited /tmp/node-e2e-20180326T143550/kubelet --kubeconfig /tmp/node-e2e-20180326T143550/kubeconfig --root-dir /var/lib/kubelet ...
```
The units are sorted in the order they were launched.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix summary_test to work when XFS is used under overlay2 and add a check for Delegate=yes missing from docker.service
**What this PR does / why we need it**:
This fixes the summary_test checks to work in cases where:
1. Docker is using overlay2 for its images with XFS as backing filesystem.
1. The systemd unit for Docker does not include Delegate=yes.
The former will break RootFs minimum usage check from summary_test, since it expects _some_ usage even though the upper layer only contains directories that are used as mount points. It turns out the XFS filesystem returns "0" blocks in the stat() result for a directory, so this breaks the test. Fix it by creating a file with some small contents in the test, so that `du` will actually return some usage.
**NOTE**: I introduced this step in the loop part of the function. It works, but maybe it's not the best... Let me know if you think we should do some small cleanup here too, I'd be happy to do that.
Regarding the latter, when `Delegate=yes` is not included in `docker.service`, then systemd might choose not to create Memory and CPU cgroups (actually, any of the resource cgroups) for the unit when it starts it. It's a bit more complicated than that, because it *does* create them if any sibling units need it, so the behavior is a bit hard to control... In any case, here we're checking on it and accepting that we might get a "nil" from cAdvisor in cases where `Delegate=yes` is missing.
Both of these issues can be found on CentOS/RHEL, that's the motivation for the fixes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
N/A
**Special notes for your reviewer**:
/assign dashpole
**Release note**:
```release-note
NONE
```
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
The numbers will only be available when docker.service has its own
memory and cpu cgroups, which doesn't necessarily happen unless the unit
has Delegate=yes configured.
Let's work around that by checking the status of Delegate, in the case
where we are:
* running Docker
* running Systemd
* able to check the status through systemctl
* the status is explicitly Delegate=no (the default)
If all of those are true, let's make CPU and Memory expectations
optional.
Tested: make test-e2e-node REMOTE=true HOSTS=centos-e2e-node FOCUS="Summary API"
This is necessary to show any RootFs usage on systems where the backing
filesystem of overlay2 is xfs.
The current test only created directories (for mount points) in the
upper layer of the overlay. Outside of the mount namespace, only the
directories are visible. When running `du` on those, usually filesystems
will show some usage, but not xfs, which shows a disk usage of 0 for
directories.
Fix this by creating a file in the root directory, outside the volumes,
in order to trigger some disk usage that can be measured by `du`.
Tested: make test-e2e-node REMOTE=true HOSTS=centos-e2e-node FOCUS="Summary API"
Automatic merge from submit-queue (batch tested with PRs 61829, 61908, 61307, 61872, 60100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
node authorizer sets up access rules for dynamic config
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.
I also added some validation to the node strategy, which I discovered we
were missing while writing this.
This PR is based on another WIP from @liggitt.
```release-note
The node authorizer now automatically sets up rules for Node.Spec.ConfigSource when the DynamicKubeletConfig feature gate is enabled.
```
Automatic merge from submit-queue (batch tested with PRs 61829, 61908, 61307, 61872, 60100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use curl instead of wget to fetch the CNI tarball in e2e-node test
**What this PR does / why we need it**:
Curl is more ubiquitous than wget. For instance, the GCE centos-7 and rhel-7 image families ship curl by default, but not wget.
Looking at the shell scripts under cluster/, they tend to use curl more than wget. (The ones that use wget, such as get-kube.sh, try curl first and only fallback to wget if it's not available.)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes running node e2e test on centos-7 or rhel-7 image families provided in GCE.
**Special notes for your reviewer**:
Tested by running node-e2e-test on Ubuntu, COS and CentOS.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61829, 61908, 61307, 61872, 60100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update kube-dns to Version 1.14.9
**What this PR does / why we need it**:
kube-dns version bump for kubeadm will be on a speparate PR.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @rramkumar1 @bowei
**Release note**:
```release-note
Update kube-dns to Version 1.14.9. Major changes:
- Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver.
- Don't generate empty record for externalName service.
- Add validation for upstreamNameserver port.
- Update go version to 1.9.3.
```
Automatic merge from submit-queue (batch tested with PRs 61829, 61908, 61307, 61872, 60100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix comment error
fix comment error
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CRI: define the mount behavior when host path does not exist
**What this PR does / why we need it**:
This PR defines the mounting behavior when host path does not exist in CRI. Specifically,
- If the hostPath doesn't exist (e.g. hostPath volume), runtimes should report errors
- If the specified hostPath is a symlink, runtimes should follow the symlink and mount the real destination to the container
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#52318
**Special notes for your reviewer**:
**Release note**:
```release-note
CRI: define the mount behavior when host path does not exist: runtime should report error if the host path doesn't exist
```
Automatic merge from submit-queue (batch tested with PRs 57658, 61304, 61560, 61859, 61870). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
certs: exclude more nonsensical addresses from SANs
I noticed this when I saw 169.254.* SANs using server TLS bootstrap.
This change excludes more nonsensical addresses from being requested as
SANs in that flow.
Automatic merge from submit-queue (batch tested with PRs 57658, 61304, 61560, 61859, 61870). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixing ingress controller daemonset on k8s < 1.9
**What this PR does / why we need it**:
When we switched to an ingress daemonset, we didn't account for older installs. The api version changed on version 1.9, so anything pre-1.9 needs a different version. This PR makes the api version a template so we can change it depending on the version of k8s installed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/526
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed ingress issue with CDK and pre-1.9 versions of kubernetes.
```
Automatic merge from submit-queue (batch tested with PRs 57658, 61304, 61560, 61859, 61870). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
test: Disable ui dashboard test for gke
The dashboard is disabled on GKE 1.10, the test is failing because it's
not alive. Let's just skip this use-case, and keep a todo that it'd be
nice to enable the dashboard to test it.
**What this PR does / why we need it**:
Disable dashboard test for GKE.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61559
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @mml @konryd
Automatic merge from submit-queue (batch tested with PRs 61904, 61565, 61401, 61432, 61772). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include original error in the error message
**What this PR does / why we need it**:
This PR improves error message by including an initial error into it.
Before this change `hack/test-update-storage-objects.sh` was failing with the following error:
>E0326 19:32:28.511136 31378 server.go:456] Failed to create clientset with KUBE_API_VERSIONS="v1,networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1,networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1". KUBE_API_VERSIONS is only for testing. Things will break.
Now it shows also error cause:
> E0326 19:45:57.186959 18448 server.go:456] Failed to create clientset with KUBE_API_VERSIONS="v1,networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1,networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1,policy/v1beta1": **group admissionregistration.k8s.io has not been registered**. KUBE_API_VERSIONS is only for testing. Things will break.
