Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)
Add e2e test for readOnlyRootFilesystem containers
**What this PR does / why we need it**:
This PR adds node e2e test for readOnlyRootFilesystem containers.
**Which issue this PR fixes**
Part of #44118.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)
move sig-node related e2e tests to node subdir
I need help making sure I picked the right ones and/or didn't miss anything.
Potential additions include: `logging_soak.go`, `ssh.go`, `kubelet_perf.go`.
/cc @dchen1107 @vishh @tallclair @yujuhong @Random-Liu @abgworrall @dashpole @yguo0905
Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)
Fix "make help" info
**What this PR does / why we need it**:
fixes some incorrect help info
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46911
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)
Run the update-staging-godeps script inside a docker container
**What this PR does / why we need it**:
This PR moves the update-staging-godeps script to run inside a docker container.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45757
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @ixdy @sttts
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)
[Federation][Kubefed] Support reference document autogeneration for kubefed
This PR is needed to address the documentation issue https://github.com/kubernetes/kubernetes.github.io/issues/2888
Apart from the code auto generation have updated some descriptions for consistency.
**Special notes for your reviewer**:
@kubernetes/sig-federation-misc
cc @madhusudancs @csbell
**Release note**:
```NONE
```
Before this change:
# kubectl run nginx
error: Invalid image name "": invalid reference format
After this change:
# kubectl run nginx
error: --image is required
Automatic merge from submit-queue (batch tested with PRs 49259, 49350)
Add envelope encryption transformer
Essential to implement envelope encryption, using a KEK-DEK based encryption scheme which uses an external root of trust (cloudkms, hardware etc).
* Caches known DEKs.
* Creates a new DEK for each write (most common and recommended way of implementing envelope encryption).
* Relies on an implementation of `envelope.Service` which actually implements the encryption and decryption using the external root of trust.
Essential for #48522
@smarterclayton @jcbsmpsn @cheftako @lavalamp @php-coder @destijl @cjcullen
This PR is generic, and independent of any cloudprovider / cloud / KMS code.
For more context: #48574
Automatic merge from submit-queue (batch tested with PRs 49259, 49350)
update json-patch to fix nil value issue when creating mergepatch
**What this PR does / why we need it**:
When [creating a patch for merge](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/annotate.go#L255), nil value will be considered as different value. This has been fixed and merged in [evanphx/json-patch #45](https://github.com/evanphx/json-patch/pull/45).
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49044
**Special notes for your reviewer**:
/cc @MikeSpreitzer @mengqiy
**Release note**:
```release-note
Fix nil value issue when creating json patch for merge
```
Automatic merge from submit-queue (batch tested with PRs 45040, 48960)
Do not generate warning event on dns search deduplication
In the case that the node is able to use the cluster DNS, `cluster.local` will already be in the node search domains in `/etc/resolv.conf`. The kubelet then parses `/etc/resolv.conf` on the node and combines it with $namespace.svc.$clusterDomain, svc.$clusterDomain, and $clusterDomain to create the pod DNS search domains. clusterDomain is `cluster.local` by default. This causes the code to generate a Warning event visible to the user for _every_ pod:
```
Warning DNSSearchForming Found and omitted duplicated dns domain in host search line: 'cluster.local' during merging with cluster dns domains
```
This is really overkill. IMHO, this should be done in the background with no user level notification or logging at all.
xref https://bugzilla.redhat.com/show_bug.cgi?id=1471198
@derekwaynecarr @eparis @vefimova
Automatic merge from submit-queue (batch tested with PRs 45040, 48960)
Add ceph-common to hyperkube image
**What this PR does / why we need it**:
Adds the ceph-common package to the hyperkube image
Automatic merge from submit-queue
Add some table printer
**What this PR does / why we need it**:
Add table printer for Service resource
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
related to https://github.com/kubernetes/kubernetes/issues/48820
**Special notes for your reviewer**:
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Set external hostname in local-up-cluster
**What this PR does / why we need it**:
If we set --external-hostname, then the api server does not look
in the CloudProviderOptions.DefaultExternalHost method. While we
are at it, let's log an info message, so if there is a failure
the operator gets a hint that they can use --external-hostname
to bypass the lookup in the cloud provider. This will enable us
to set the CLOUD_PROVIDER to openstack for example and not have to
really run api server inside a openstack vm.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Fix bug in cluster/log-dump
We're breaking in case KUBECTL is set as "./cluster/kubectl.sh --match-server-version". Moreover we always are using cluster/kubectl.sh as the default and don't want to do match-server-version for the purpose of logexporter.
Also adding owners file so I'm not blocked for approves while making fixes in log-dump. Besides I'll be able to review fixes sent by others.
/cc @wojtek-t
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Use presence of kubeconfig file to toggle standalone mode
Fixes#40049
```release-note
The deprecated --api-servers flag has been removed. Use --kubeconfig to provide API server connection information instead. The --require-kubeconfig flag is now deprecated. The default kubeconfig path is also deprecated. Both --require-kubeconfig and the default kubeconfig path will be removed in Kubernetes v1.10.0.
```
/cc @kubernetes/sig-cluster-lifecycle-misc @kubernetes/sig-node-misc
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
apimachinery: fail early with deepcopy problems during roundtrip tests
If deepcopy is broken for some type, it's easy to diagnose. This PR let's the roundtrip test to fail early in this case.
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Remove duplicated import and wrong alias name of api package
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#48975
**Special notes for your reviewer**:
/assign @caesarxuchao
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
Update cos-dev image in benchmark tests to cos-dev-61-9759-0-0
Ref: https://github.com/kubernetes/kubernetes/issues/42926
`cos-dev-61-9759-0-0` contains a fix in Linux utility `du` that would affect the measurement of docker performance in kubelet. I'd like to update the benchmark to use the new image.
**Release note**:
```
None
```
/assign @tallclair
/cc @kewu1992 @abgworrall
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
Enhance scheduler cache unit tests to cover OIR in pod spec
/kind test
**What this PR does / why we need it**:
More code coverage. This PR covers the scenario when pod requests opaque-integer-resources and unit test the logic in scheduler which deals with parsing oirs in the pod object and stores the same in node info.
Signed-off-by: vikaschoudhary16 <choudharyvikas16@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
Expose informer constructors
**What this PR does / why we need it**:
See #45939
**Which issue this PR fixes**
Fixes#45939
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
[client-go] Fake Dynamic Client
This commit converts `"k8s.io/client-go/dynamic".Client` to an interface, and implements fake versions of both `ClientPool` and `Client`. This allows components which make uses of these clients to be tested in the same way that clientset-based components can be tested, using the standard `testing.Fake` machinery.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
add reflector metrics
This adds metrics (optionally prometheus) to reflectors so that you can see when one reflector is behaving poorly and just how poorly its doing.
@eparis
```release-note
Adds metrics for checking reflector health.
```
follow the sig-foo-{reviewers,approvers} convention
- rename test-infra-maintainers to sig-testing-approvers
- copy sig-testing-approvers to sig-testing-reviewers
- remove inviduals in test/OWNERS in favor of new aliases
as a result
- rmmh gets test/ approver privileges
- spiffxp gets hack/jenkins/ approver privileges
