Automatic merge from submit-queue
Enable node authorizer in local-up-cluster
Fixes#49822
Enables the Node authorization mode to ensure the kubelet credential we create has permission to do kubelet-related things. Matches the default authorizers in gce/gke and CI clusters.
Related to the deprecation of the automatic binding of the `system:nodes` group to the `system:node` role on new deployments (https://github.com/kubernetes/kubernetes/pull/49638)
```release-note
`hack/local-up-cluster.sh` now enables the Node authorizer by default. Authorization modes can be overridden with the `AUTHORIZATION_MODE` environment variable, and the `ENABLE_RBAC` environment variable is no longer used.
```
Automatic merge from submit-queue
fix invalid issue link in api conversion
**What this PR does / why we need it**:
When working on #49336, found invalid link `https://github.com/kubernetes/kubernetextensionsssues/39865`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
cc @janetkuo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49533, 49264)
Add test items for pdb describe
**What this PR does / why we need it**:
Add test items for pdb describe
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
ref: #49362
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49533, 49264)
rename stop.go to delete.go to avoid confusion
**What this PR does / why we need it**:
Refer to [comments](https://github.com/kubernetes/kubernetes/pull/46784#issuecomment-317582927) from @foxish and @janetkuo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
xref #46784
**Special notes for your reviewer**:
/cc @janetkuo @foxish
**Release note**:
```release-note
rename stop.go file to delete.go to avoid confusion
```
Automatic merge from submit-queue
Adding option to set the federation api server port if nodeport is set
**What this PR does / why we need it**: Kubefed will deploy the respected services and then it will do a health check. Prior to this patch if the user selects the nodeport a random port is opened. In environments where firewalls are in place this random port selection will cause the health check to fail. With this patch we enable users to designate a specific port, after for example opening it on their firewall.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#46021
**Special notes for your reviewer**:
**Release note**:
```
Kubefed init allows for setting port in Nodeport configuration
```
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Add ext4 and xfs tests to GCE PD basic mount tests
**What this PR does / why we need it**:
Add ext4 and xfs to basic GCE PD mount tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49511
**Special notes for your reviewer**:
**Release note**:
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Lowercases hostname for kubeadm cert slice
**What this PR does / why we need it**:
Previously, unit tests on master were failing due to this error:
```
--- FAIL: TestSubCmdApiServerFlags (0.99s)
certs_test.go:149: APIserverCert.DNSNames[0] is danehans-m-c1kp instead of DANEHANS-M-C1KP
```
The PR fixes the TestSubCmdApiServerFlags test, which uses the OS hostname to compare the apiserver serving cert and fails if the OS hostname is in caps.
**Which issue this PR fixes**: fixes # https://github.com/kubernetes/kubeadm/issues/361
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Enable garbage collection of custom resources
Enhance the garbage collector to periodically refresh the resources it monitors (via discovery) to enable custom resource definition GC (addressing #44507 and reverting #47432).
This is a replacement for #46000.
/cc @lavalamp @deads2k @sttts @caesarxuchao
/ref https://github.com/kubernetes/kubernetes/pull/48065
```release-note
The garbage collector now supports custom APIs added via CustomeResourceDefinition or aggregated apiservers. Note that the garbage collector controller refreshes periodically, so there is a latency between when the API is added and when the garbage collector starts to manage it.
```
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Add a support for GKE regional clusters in e2e tests.
**What this PR does / why we need it**:
Add a support for GKE regional clusters in e2e tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49538, 49708, 47665, 49750, 49528)
Use the core client with version
**What this PR does / why we need it**:
Replace the **deprecated** `clientSet.Core()` with `clientSet.CoreV1()`.
**Which issue this PR fixes**: fixes#49535
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
SuggestClientDelay is returning whether the server has requested that
the client delay their next action. It is *not* about whether the client
should retry the action. Webhook was using it incorrectly, and the
method is now up to date.
Our rules are that code of the error must match code of the response. We
were also not setting the correct reason. This updates the timeout
filter to be consistent with other clients, without changing the error
code (504 is correct). The new message properly indicates the request
may still be running, which the old message did not do.
Automatic merge from submit-queue
Fix Reaper timeout bug
This PR is an fix to the issue [noticed](https://github.com/kubernetes/kubernetes/pull/46468#discussion_r118589512) in a previous PR.
Previous behavior was to calculate a timeout but then ignore it, using `reaper.timeout` instead.
New behavior is to use the calculated timeout for `waitForStatefulSet`, which is passed to the Scaler.
Thanks to @foxish and @apelisse for pointing me in the right direction.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49581, 49652, 49681, 49688, 44655)
Re-enable federated ingress test that was disabled due to a federated service deletion bug.
The details of the bug is described in PR #44626. We believe this bug fixes the flakiness in this test and hence we are re-enabling this test to get some mileage on it. If it turns out to be a problem again we are going to revert this back.
**Release note**:
```release-note
NONE
```
/assign @csbell
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 49581, 49652, 49681, 49688, 44655)
Move the audit e2e test out of the node SIG
It was mistakenly moved to sig-node in https://github.com/kubernetes/kubernetes/pull/48910, but this is an apiserver feature, not a node feature.
/cc @crassirostris
