Automatic merge from submit-queue
[WIP] Skip resize of nf_conntrack/parameters/hashsize if not necessary
**What this PR does / why we need it**:
Linux does not support writing to `/sys/module/nf_conntrack/parameters/hashsize` when the writer process is not in the initial network namespace
(https://github.com/torvalds/linux/blob/v4.10/net/netfilter/nf_conntrack_core.c#L1795-L1796).
Usually that's fine. But in some configurations such as with https://github.com/kinvolk/kubeadm-nspawn, kube-proxy is in another netns.
Therefore, check if writing in hashsize is necessary and skip the writing if not.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Adding note on how to use datastore cluster for volume provisioning
**What this PR does / why we need it**:
Recently https://github.com/kubernetes/kubernetes/pull/44868 is merged which allows using datastore cluster for static and dynamic PVs.
Sample is required in the Read me file to help user, how they can specify path in the yaml for datastore within cluster.
**Which issue this PR fixes**
fixes # https://github.com/vmware/kubernetes/issues/129
**Special notes for your reviewer**:
@BaluDontu @tusharnt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Use Docker API Version instead of docker version
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#42492
**Special notes for your reviewer**:
**Release note**:
`Update cadvisor to latest head to use docker APIversion exposed by cadvisor`
Automatic merge from submit-queue (batch tested with PRs 45056, 44904, 45312)
Update repo-infra dependency to support multiple upload paths
**What this PR does / why we need it**: pulls in https://github.com/kubernetes/repo-infra/pull/17, which I think will be necessary for integrating the bazel build into e2e CI.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @thockin
Automatic merge from submit-queue (batch tested with PRs 45056, 44904, 45312)
CRI: clarify the behavior of PodSandboxStatus and ContainerStatus
**What this PR does / why we need it**:
Currently, we define that ImageStatus should return `nil, nil` when requested image doesn't exist, and kubelet is relying on this behavior now.
However, we haven't clearly defined the behavior of PodSandboxStatus and ContainerStatus. Currently, they return error when requested sandbox/container doesn't exist, and kubelet is also relying on this behavior.
**Which issue this PR fixes**
Fixes#44885.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
bump(golang.org/x/oauth2): a6bd8cefa1811bd24b86f8902872e4e8225f74c4
As I tackle https://github.com/kubernetes/kubernetes/issues/42654 kubectl's OpenID Connect plugin will start using golang.org/x/oauth2 for refreshing, instead of go-oidc's own hand rolled oauth2 implementation. In preparation, update golang.org/x/oauth2 to include 7374b3f1ec which fixes refreshing with Okta.
We also somehow removed the dependency on `google.golang.org/appengine`. Maybe 8cf58155e4?
cc @kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 45314, 45250, 41733)
CRI: add ImageFsInfo API
**What this PR does / why we need it**:
kubelet currently relies on cadvisor to get the ImageFS info for supported runtimes, i.e., docker and rkt. This PR adds ImageFsInfo API to CRI so kubelet could get the ImageFS correctly for all runtimes.
**Which issue this PR fixes**
First step for #33048 ~~also reverts temporary ImageStats in #33870~~.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45314, 45250, 41733)
Rename //:ci-artifacts rule to //:push-build, and add a deprecated alias
**What this PR does / why we need it**: this rule has a larger scope than just CI artifacts now, so it seems like the name should be updated to match. WDYT?
This is a separate PR to facilitate easy cherry-picking; I'd rather test-infra jobs not need to special-case.
/assign @spxtr @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
kuberuntime: remove the unused network plugin
Network plugin is completely handled by the container runtimes. Remove
this unused field in the kuberuntime manager.
Automatic merge from submit-queue (batch tested with PRs 44309, 45258)
Control visibility of client-go/pkg/api
k8s.io/client-go/pkg/api is going to disappear after https://github.com/kubernetes/kubernetes/issues/44065 is done. We need to add more dependencies on it.
Currently we still have a few visibility exceptions, we need to fix all of them.
The test was originally in docker_manager_test.go (now removed). I
copied and adapated the logic for the new test.
Also move the original test fixtures needed for the test.
Automatic merge from submit-queue (batch tested with PRs 45283, 45289, 45248, 44295)
Azure disk: dealing with missing disk probe
**What this PR does / why we need it**:
While Azure disks are expected to attach to SCSI host 3 and above on general purpose instances, on certain Azure instances disks are under SCSI host 2.
This fix searches all LUNs but excludes those used by Azure sys disks, based on udev rules [here](https://raw.githubusercontent.com/Azure/WALinuxAgent/master/config/66-azure-storage.rules)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45283, 45289, 45248, 44295)
Use docker_bundle rule from new rules_docker repo
**What this PR does / why we need it**: switched to using the new `docker_bundle` rule from `rules_docker` instead of my patched `docker_build` rule. This also brings in some fixes for the docker rules that were missing from my fork.
Additionally, I switched out the `git_repository` rules for `http_archive` rules, since that seems to be recommended by the bazel docs (and might be faster).
Lastly, I updated the `pkg_tar` rules to use my patch, which doesn't prepend `./` to files inside the tarballs.
This one should likely be merged upstream in the near future.
I think this is the last of the changes necessary to have `bazel run //:ci-artifacts` working properly to support using bazel for e2e in CI.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45283, 45289, 45248, 44295)
Remove offending code due to bad rebase
**What this PR does / why we need it**: Fix bug introduced by bad rebasing
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Fixed permissions on namespace actions
closes
**What this PR does / why we need it**: the newly introduced namespace-* actions are failing proof. Setting them as +x resolves proof errors emitting from `charm proof`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/273
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Remove imports of k8s.io/client-go/pkg/api
k8s.io/client-go/pkg/api will be eliminated by #44784, so we need to remove all imports of it.
This PR is large, but mostly simple changes, like:
* using constants defined in the v1 package instead of those in the internal package
* using k8s.io/client-go/kubernetes/scheme.Codecs/Schemes instead of those in k8s.io/client-go/pkg/api
* using `v1.SchemeGroupVersion` instead of `api.Registry.GroupOrDie(api.GroupName).GroupVersion` in tests
* importing `k8s.io/kubernetes/pkg/api` instead of `k8s.io/client-go/pkg/api` if possible
With this PR https://github.com/kubernetes/kubernetes/pull/45159, the only remaining imports of `k8s.io/client-go/pkg/api` are from k8s.io/metrics.
``` bash
$ git grep "\"k8s.io/client-go/pkg/api\"" | grep -v "staging/src/k8s.io/client-go/pkg/api"
staging/src/k8s.io/metrics/pkg/apis/custom_metrics/install/install.go:25: "k8s.io/client-go/pkg/api"
Binary file staging/src/k8s.io/metrics/pkg/apis/custom_metrics/types.generated.go matches
staging/src/k8s.io/metrics/pkg/apis/custom_metrics/types.go:22: "k8s.io/client-go/pkg/api"
staging/src/k8s.io/metrics/pkg/apis/metrics/install/install.go:26: "k8s.io/client-go/pkg/api"
staging/src/k8s.io/metrics/pkg/apis/metrics/types.go:21: "k8s.io/client-go/pkg/api"
Binary file staging/src/k8s.io/metrics/pkg/apis/metrics/v1alpha1/zz_generated.conversion.go matches
Binary file staging/src/k8s.io/metrics/pkg/apis/metrics/zz_generated.deepcopy.go matches
staging/src/k8s.io/metrics/pkg/client/clientset_generated/clientset/fake/clientset_generated.go:24: "k8s.io/client-go/pkg/api"
staging/src/k8s.io/metrics/pkg/client/custom_metrics/client.go:26: "k8s.io/client-go/pkg/api"
staging/src/k8s.io/metrics/pkg/client/custom_metrics/fake/fake_client.go:24: "k8s.io/client-go/pkg/api"
```
Automatic merge from submit-queue
Fix flake in sandbox garbage collection
**What this PR does / why we need it**:
Sorry for introducing a flakiness in #43053: the creation time is not set in `makeGCSandbox`, which caused the garbage collection removes sandboxes randomly if there are more than one dead sandboxes belonging to same pod.
This PR fixes the flakiness in sandbox garbage collection.
**Which issue this PR fixes**
Fixes#45281#45274.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc/ @Random-Liu @shashidharatd @kubernetes/sig-node-bugs
Automatic merge from submit-queue
allow kubectl proxy to handle specified reject methods and default to…
What this PR does / why we need it:
"kubect proxy" command had a bug and was not supporting feature to reject http methods
--reject-methods='POST,PUT,PATCH'
this was due to missing filter for RejectMethods in kubectl/cmd/proxy.go
This PR adds the desired flag, however to retain the current behaviour of "kubectl proxy" the Default Rejected methods are changed from 'POST,PUT,PATCH' to '^$' i.e. none.
Issue not created and no existing issue found
Automatic merge from submit-queue (batch tested with PRs 45272, 45115)
initial types for TPRs
This pull starts creating the types described by https://github.com/kubernetes/community/blob/master/contributors/design-proposals/thirdpartyresources.md . In the initial pull different names were suggested. I've started this pull with `CustomResource.apiextensions.k8s.io`.
The structure begins as a separate API server to facilitate rapid prototyping and experimentation, but the end result will be added to the end of the `kube-apiserver` chain as described in https://github.com/kubernetes/community/blob/master/sig-api-machinery/api-extensions-position-statement.md .
Because it is separate to start (not included in any default server), I don't think we need a perfect name, but I'd like to be close.
@kubernetes/sig-api-machinery-misc @enisoc @smarterclayton @erictune
Automatic merge from submit-queue (batch tested with PRs 45272, 45115)
apimachinery: make explicit that meta.KindToResource is only a guess
All non-test code using `KindToResource` is suspicious and should be fixed with a real RESTMapper.
Automatic merge from submit-queue (batch tested with PRs 45005, 43053)
kubelet: fix sandbox garbage collection
**What this PR does / why we need it**:
Currently, kuberuntime garbage collection can't distinguish just-created sandboxes from failed sandboxes. Especially when the time from sandbox creation to ready is longer than GC's minAge. In such cases, those sandboxes may be garbage collected early before they are ready.
This PR removes `sandboxMinGCAge` and only garbage collect sandboxes when
* they are containing no containers at all
* and not the latest sandbox if it is belonging to an existing pod.
**Which issue this PR fixes**
Fixes#42856.
**Release note**:
```release-note
NONE
```
cc @yujuhong @Random-Liu
Automatic merge from submit-queue (batch tested with PRs 45013, 45166)
CRI: remove PodSandboxStatus.Linux.Namespaces.Network
**What this PR does / why we need it**:
PodSandboxStatus.Linux.Namespaces.Network is not used, so this PR removes it from CRI.
**Which issue this PR fixes**
Closes: #44972
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove PodSandboxStatus.Linux.Namespaces.Network from CRI.
```
/assign @Random-Liu @yujuhong
Automatic merge from submit-queue
Add cinder volume examples
I can not find cinder examples,add in packages examples/volume and examples/persistent-volume-provisioning
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
kubelet/get-pods-from-path: correct description of implemention
**What this PR does / why we need it**:
I find this description does not follow the current implementation, it should be describe like this according to my understanding of the source code.
Automatic merge from submit-queue (batch tested with PRs 45219, 45246)
Fixed misspelled http URL in the cluster-dns example
**What this PR does / why we need it**:
Fixes wrong http URL in the examples/cluster-dns.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
none
**Release note**:
none
Automatic merge from submit-queue
Fix golint verify error
I don't know why CI pass the hack/verify-golint.sh test.
But in my environment I get this:
> staging/src/k8s.io/client-go/util/workqueue/queue_test.go is in package workqueue_test, not workqueue
Errors from golint:
test/integration/apiserver/apiserver_test.go:102:13: should omit type string from declaration of var cascDel; it will be inferred from the right-hand side
Please fix the above errors. You can test via "golint" and commit the result.
!!! Error in hack/verify-golint.sh:98
Error in hack/verify-golint.sh:98. 'false' exited with status 1
Call stack:
1: hack/verify-golint.sh:98 main(...)
Exiting with status 1
This change fix this err in my environment.
**Release note**:
```NONE
```
