Automatic merge from submit-queue (batch tested with PRs 56520, 53764). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add service.UID into security group name
Related to: #53714
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55893, 55906, 55026). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Test Fix] Mock docker network dependencies and fix filtering bug
This PR only affects the mocked docker runtime, and has no impact on the kubelet.
Issue #53327
When kubernetes creates a pod using the docker shim, it creates a container which contains the pod's network namespace, and then creates containers which specify that namespace.
The current mocked docker does not mock this interaction, and thus allows a container to be created even when the container whose network it is joining does not exist.
This allows the mocked kubelet to end up in a state where the pod does not exist, but a container in the pod does, and this breaks pod deletion.
This fixes the above by only allowing containers to be started if the container whose network it is trying to join is running.
Additionally, this PR fixes a filtering bug where we were incorrectly comparing docker container statuses.
/assign @shyamjvs
can you test this to see if it fixes the issue?
/assign @Random-Liu
for approval after @shyamjvs confirms this works.
Automatic merge from submit-queue (batch tested with PRs 55893, 55906, 55026). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement a priority function that considers pod's resource limits
This PR implement a new priority function `ResourceLimitsPriorityMap` (disabled by default and behind alpha feature gate and not part of the scheduler's default priority functions list) that assigns a lowest possible score of 1 to a node that satisfies one or both of input pod's cpu and memory limits, mainly to break ties between nodes with same scores.
@kubernetes/sig-scheduling-pr-reviews @sjenning @derekwaynecarr
**Release note**:
```release-note
A new priority function `ResourceLimitsPriorityMap` (disabled by default and behind alpha feature gate and not part of the scheduler's default priority functions list) that assigns a lowest possible score of 1 to a node that satisfies one or both of input pod's cpu and memory limits, mainly to break ties between nodes with same scores.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix network value for stats summary for multiple network interfaces
This PR is part of [Heapster #1788](https://github.com/kubernetes/heapster/pull/1788).
The original reason is when there are more than one none `lo`, `docker0`, `veth` network interfaces instead of just one `eth0`, the network interface value is only partial and does not correct. For now, summary stats api only gets the eth0 network interface values.
The original issues about this can be find in [Heapster #1058](https://github.com/kubernetes/heapster/issues/1058) and [Cadvisor #1593](https://github.com/google/cadvisor/issues/1593).
```release-note
Fix stats summary network value when multiple network interfaces are available.
```
/cc @DirectXMan12 @piosz @xiangpengzhao @vishh @timstclair
Automatic merge from submit-queue (batch tested with PRs 56446, 56437). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix unit tests that need openstack
**What this PR does / why we need it**:
Currently the unit tests that depend that they be on running inside an openstack vm fail as no one seem to have run them for a while.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref #56437
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56446, 56437). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix GC sync race condition
Remove faulty diff detection logic from GC sync which leads to a race
condition: If the GC's discovery client is returning a fully up to date
view of server resources during the very first GC sync, the sync
function will never sync monitors or reset the REST mapper unless
discovery changes again. This causes REST mapping to fail for any custom
types already present in discovery.
Fixes https://github.com/kubernetes/kubernetes/issues/56262.
```release-note
NONE
```
/cc @liggitt @caesarxuchao
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fluentd-elasticsearch add-on: Add missing selector to Fluentd DaemonSet
fluentd-es-ds.yaml lacks a `selector` field in its DaemonSet definition, which this PR rectifies.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Return original error instead of negotiation one
**What this PR does / why we need it**:
When the requested type (eg. `text/html`) is not available and we're trying to hit an endpoint to which a user is for unauthorized we'll get 406, instead of 403. The reason for that is that, even if error happens we're trying to match the serializer, which fails and results in swallowing error, instead of returning raw json, for example.
This fix returns raw json for such situations.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add [sig-node] to some unowned e2e_node tests
Follow the SIGDescribe pattern used in test/e2e/foo tests
ref #49161
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove gke from expected providers of audit e2e test.
In case of GKE we don't write logs to the file.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56356, 56435). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix AppArmor upgrade test
https://github.com/kubernetes/kubernetes/pull/52395 Introduced the `unconfined` AppArmor profile, but this feature should not be tested in the upgrade test since it doesn't exist prior to 1.9 (so the test always fails when checking it prior to the upgrade).
Fixes#56422
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56356, 56435). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Wait for controllerrevision informer to sync on statefulset controller startup
Fixes: https://github.com/kubernetes/kubernetes/issues/56355
Needs to be backported to at least 1.8, 1.9 and triaged for impact on 1.9 release
/cc @smarterclayton @kow3ns @enisoc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include ServerName in tls transport cache key
Fixes#56385
```release-note
Fixes server name verification of aggregated API servers and webhook admission endpoints
```
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support VolumeV3 for OpenStack cloud Provider
Currently OpenStack supports Cinder v3 API, let Kubernetes support
it too.
Fix#52877
**Release note**:
```release-note
OpenStack cloud provider supports Cinder v3 API.
```
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update debian-hyperkube-base to 0.7
**What this PR does / why we need it**: this was supposed to be a part of #52744 but was missed in a rebase, I think. Bazel was already using the correct version, but the dockerized releases were not.
**Release note**:
```release-note
NONE
```
/kind bug
/priority important-soon
/assign @rphillips
/cc @luxas @dims
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add CoreDNS as an optional addon in kube-up
**What this PR does / why we need it**:
This PR adds the option of installing CoreDNS as an addon instead of kube-dns in kube-up.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56439
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-up: Add optional addon CoreDNS.
Install CoreDNS instead of kube-dns by setting CLUSTER_DNS_CORE_DNS value to 'true'.
```
Remove faulty diff detection logic from GC sync which leads to a race
condition: If the GC's discovery client is returning a fully up to date
view of server resources during the very first GC sync, the sync
function will never sync monitors or reset the REST mapper unless
discovery changes again. This causes REST mapping to fail for any custom
types already present in discovery.
resource limits are satisfied by the input node's allocatable resources or not.
If yes, the node is assigned a score of 1, otherwise the node's score is not changed.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Modify the judgment conditions
**What this PR does / why we need it**:
It should be a mistakes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56347
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use full gopath for externalTypes
**What this PR does / why we need it**:
Seems like @soltysh has no thread to fix the testing failure and rebase to solve the conflict in #55703. This PR cherry-pick it's commit and supersedes it to avoid the change to be rebase-blocker.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55703
**Special notes for your reviewer**:
/cc @soltysh @sttts @smarterclayton @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reduce memory footprint of admission metrics
Fix#56061
Remove `SummaryVec` from all but the top level metric and reduce buckets for the histogram from 7 to 5.
For a small test cluster, the `Individual Memory Usage: kube-system kube-apiserver-kubernetes-master` grafana metric suggests showed the memory footprint of apiserver at 655MB before this change and 415MB after, suggesting this accounts for the vast majority of the ~200MB of memory increase found in #56061.
```release-note
None
```
