Automatic merge from submit-queue
Add derekwaynecarr to approvers list for test/e2e_node
I am a maintainer and have approve rights in `pkg/kubelet`.
/cc @vishh
Automatic merge from submit-queue (batch tested with PRs 42667, 43923)
Specify a directory for the logs
Switch from hard coded "/tmp" to a user specified location for the logs. Default to "/tmp" to keep the current behavior and not break any current users or jobs.
Automatic merge from submit-queue (batch tested with PRs 42667, 43923)
Adding test to perform volume operations storm
**What this PR does / why we need it**:
Adding new test to perform volume operations storm
Test Steps
1. Create storage class for thin Provisioning.
2. Create 30 PVCs using above storage class in annotation, requesting 2 GB files.
3. Wait until all disks are ready and all PVs and PVCs get bind. (**CreateVolume** storm)
4. Create pod to mount volumes using PVCs created in step 2. (**AttachDisk** storm)
5. Wait for pod status to be running.
6. Verify all volumes accessible and available in the pod.
7. Delete pod.
8. wait until volumes gets detached. (**DetachDisk** storm)
9. Delete all PVCs. This should delete all Disks. (**DeleteVolume** storm)
10. Delete storage class.
This test will help validate issue reported at https://github.com/vmware/kubernetes/issues/71
**Which issue this PR fixes**
fixes #
**Special notes for your reviewer**:
executed test on 1.5.3 release with `VOLUME_OPS_SCALE` set to `5`
Will execute test with the changes made on PR - https://github.com/kubernetes/kubernetes/pull/42422, with the `VOLUME_OPS_SCALE` set to `30`
**Release note**:
```release-note
None
```
cc: @abrarshivani @BaluDontu @tusharnt @pdhamdhere @luomiao @kerneltime
Automatic merge from submit-queue
Fix Judgment code in cycle
The 'i' can not be equal to updateNodeStatusMaxRetries in
updateNetworkingCondition(), and can not get error.
Let's update it.
Switch from hard coded "/tmp" to a user specified location for
the logs. Default to "/tmp" to keep the current behavior and
not break any current users or jobs.
Automatic merge from submit-queue
Update my OWNERS entries.
Not sure why I was set as a reviewer for apimachinery and apiserver stuff. Adding myself to build/.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42325, 43882)
Fix bug of not checking error
Fix bug of not checking error
```release-note
None
```
cc: @shiywang
Automatic merge from submit-queue
Remove unused method from operation_generator
This is only a removal of the GerifyVolumeIsSafeToDetach [sic] method from operation_executor. The method is not called from anywhere, moreover there is a private method named verifyVolumeIsSafeToDetach (which is being used). This looks like a cut&paste mistake that deserves to be cleaned.
```release-note
NONE
```
Automatic merge from submit-queue
refactor getPidsForProcess and change error handling
xref https://github.com/openshift/origin/issues/13262
Right now, failure to read the docker pid from the pid file results in some premature nasty logging. There is still a chance we can get the docker pid from `procfs.PidOf()`. If that fails we should just log at `V(4)` rather than `runtime.HanldeError()`.
This PR refactors `getPidsForProcess()` to wait until both methods for determining the pid fail before logging anything.
@smarterclayton @ncdc @derekwaynecarr
Automatic merge from submit-queue
Make RBAC post-start hook conditional on RBAC authorizer being used
Makes the RBAC post-start hook (and reconciliation) conditional on the RBAC authorizer being used
Ensures we don't set up unnecessary objects.
```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
Automatic merge from submit-queue (batch tested with PRs 43133, 43865)
Upgrade to Hazelcast-Kubernetes 3.8 and updated docs
**What this PR does / why we need it**:
Upgrade to latest hazelcast-kubernetes version the example and update the docs reflecting the latest version
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)
Fix typo
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)
delete etcd socket file for unit tests
This change clean up the environment for etcd3 unit test.
Without this change, "make test" will leave some socket files in
workspace. And these socket files make hack/verify-generated-protobuf.sh
fails.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)
kubeadm: test-cmds for kubeadm completion
**What this PR does / why we need it**: Adding test-cmds for kubeadm completion.
Adding tests is a WIP from #34136
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)
Include pod namespace in PSP 'use' authorization check
Follow up to https://github.com/kubernetes/kubernetes/pull/33080/files#diff-291b8dd7d08cc034975ddb3925dbb08fR341
Prior to this PR, when PodSecurityPolicy admission is active, you must be authorized to use a covering PodSecurityPolicy cluster-wide in order to create a pod. This PR changes that to only require a covering PodSecurityPolicy within the pod's namespace.
When used in concert with mechanisms that limits pods within a namespace to a particular set of nodes, this can be used to allow users to create privileged pods within specific namespaces only.
```release-note
Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the `use` verb on the `podsecuritypolicies` resource within the namespace.
```
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
Don't use global rand for nodeport and IP allocs
Seed it at construction.
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
Bump test coverage for initialresources
**What this PR does / why we need it**:
Increases test coverage for `plugin/pkg/admission/initialresources` to 80.2%.
**Which issue this PR fixes**
https://github.com/kubernetes/kubernetes/issues/39559
**Special notes for your reviewer**:
Some of these features require E2E tests to achieve 100% coverage, the tests here are just unit tests, so I've tried to delineate as much as possible. I also saw that we might be exporting a lot of this to Heapster in the future.
**Release note**:
```release-note
Test coverage for initialresources increased to 80.2% percent.
```
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
accurate hint
accurate hint
same err hint (Error adding network) in one method,cann't position problem
Automatic merge from submit-queue (batch tested with PRs 42379, 42668, 42876, 41473, 43260)
Silence error messages from the docker rmi call we expect to fail
**What this PR does / why we need it**: when we removed `docker tag -f` in #34361 we added a bunch of `docker rmi` calls to preserve behavior for older docker versions. That step is usually a no-op, however, and results in confusing messages like
```
Tagging docker image gcr.io/google_containers/kube-proxy:c8d0b2e7a06b451117a8ac58fc3bb3d3 as gcr.io/kubernetes-release-test/kube-proxy-amd64:v1.5.4
Error response from daemon: No such image: gcr.io/kubernetes-release-test/kube-proxy-amd64:v1.5.4
```
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#42665
**Special notes for your reviewer**: I could probably remove the `docker rmi` calls entirely, though I don't know if folks are still using docker < 1.10. (I think Jenkins still has 1.9.1.)
**Release note**:
```release-note
NONE
```
cc @jessfraz
Automatic merge from submit-queue
Curate owners for pkg/volume/aws_ebs
The previous list was algorithmically generated; applying some curation.
```release-note
NONE
```
Automatic merge from submit-queue
don't wait for first kubelet to be ready and drop dummy deploy
Per https://github.com/kubernetes/kubernetes/issues/43815#issuecomment-290270198, I suggest that we drop both the node ready and the dummy deployment check altogether for 1.6 and move them to a validation phase for 1.7.
I really think we should drop these checks altogether. CreateClientAndWaitForAPI should create a client and wait for the API, not create dummy deployments and wait for nodes to register and be healthy. These are end to end validations and this is the wrong place to do this stuff. We need an explicit final validation phase for this.
```release-note
Fix a deadlock in kubeadm master initialization.
```
Fixes#43815
Automatic merge from submit-queue
Implement API usage metrics for gce storage
**What this PR does / why we need it**:
This PR implements support for emitting metrics from GCE about storage operations.
**Which issue this PR fixes**
Fixes https://github.com/kubernetes/features/issues/182
**Release note**:
```
Add support for emitting metrics from GCE cloudprovider about storage operations.
```
Automatic merge from submit-queue (batch tested with PRs 42662, 43035, 42578, 43682)
Apply [Feature:Volumes] to subset of tests in volumes.go
**What this PR does / why we need it**:
According to [this test doc](https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-tests.md#kinds-of-tests), the `[Feature:xyz]` tag indicates that the tests have a non-default requirements and should not be run in the core suite. Previously all test in _e2e/volumes.go_ were tagged `[Feature:Volumes]` but I believe only six of the tests warrant this tag: iSCSI, GlusterFS, Ceph-RBD, Ceph-FS, vSPhere, and Cinder. The remaining tests (NFS, PD, ConfigMap) do not need the `Feature:` tag.
**Special notes for your reviewer**:
I moved the `[Volume]` tags from the `It`'s to the outer `KubeDescribe` to simplify the `It` text and remove redundancy.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42662, 43035, 42578, 43682)
Selector spreading - improving code readability.
**What this PR does / why we need it**:
To improve code readability in selector spreading.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#42577
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 42662, 43035, 42578, 43682)
[Federation] Fix a typo in the ReplicaSet E2E test: s/extrace/extract/
```release-note
NONE
```
Automatic merge from submit-queue
Print dereferenced pod status fields when logging status update
Before: "Terminated:0xc421932af0"
After:"Terminated:&ContainerStateTerminated{ExitCode:0,Signal:0,Reason:Completed,Message:,StartedAt:0001-01-01 00:00:00 +0000 UTC,FinishedAt:2017-03-07 14:50:48 -0500 EST,ContainerID:docker://bd453bb969264b3ace2b3934a568af7679a0d51fee543a5f8a82429ff654970e,}"
"Ignoring same status for pod" messages already print status fully, these "Status for pod updated" messages should too IMO
```release-note
NONE
```
