Automatic merge from submit-queue (batch tested with PRs 58969, 58970). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix parameter advertise_address should be --advertise-address
**What this PR does / why we need it**:
Not sure how we missed this, the correct param is `--advertise-address`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused test for node auto-repair.
This test is testing GKE only feature and should use different
infrastructure.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#41161
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Hide generated files only on github
**What this PR does / why we need it**:
#54766 and #55114 introduced ability to hide generated files in diffs. It's nice and reasonable in github UI, but locally it's very frequent that author wants to verify the generated changes. This PR modifes `.gitattributes` so that the generated files are hidden only on github, leaving diff-able locally.
/assign @liggitt
@mikekap fyi, since you authored the original PRs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up unused functions and consts
**What this PR does / why we need it**:
Clean up unused functions and consts.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix webhook admission README
There is no target `deploy-only` in the Makefile
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update README.md with punctuation improvements
Added a semicolon on line 10 after "hosts" to improve sentence structure and prevent confusion.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57229, 58907). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Abstract cmd valid args get behind the factory
**What this PR does / why we need it**:
This abstract retrieving the list of handled resources for valid args as a function to follow more conventions.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58903, 58141, 58900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
auth/gcp: configurable scopes for gcp default credentials
**What this PR does / why we need it**:
- add `config.scopes` field comma-separated scope URLs, to be used with Google
Application Default Credentials (i.e. GOOGLE_APPLICATION_CREDENTIALS env)
- users now should be able to set a gserviceaccount key in GOOGLE_APPLICATION_CREDENTIALS
env, craft a kubeconfig file with GKE master IP+CA cert and should be able to authenticate
to GKE in headless mode _without requiring gcloud_ CLI, and they can now use the
email address of the gserviceaccount in RBAC role bindings and _not use Google Cloud IAM at all._
- gcp default scopes now include userinfo.email scope, so authenticating to GKE
using gserviceaccount keys can now be done without gcloud as well.
- since userinfo.email scope is now a default, users who have existing RBAC bindings
that use numeric uniqueID of the gserviceaccount will be broken (this behavior was
never documented/guaranteed). from now on email address of the service account
should be used as the subject in RBAC Role Bindings.
**Release note**:
```release-note
Google Cloud Service Account email addresses can now be used in RBAC
Role bindings since the default scopes now include the "userinfo.email"
scope. This is a breaking change if the numeric uniqueIDs of the Google
service accounts were being used in RBAC role bindings. The behavior
can be overridden by explicitly specifying the scope values as
comma-separated string in the "users[*].config.scopes" field in the
KUBECONFIG file.
```
/assign @cjcullen
/sig gcp
Automatic merge from submit-queue (batch tested with PRs 58903, 58141, 58900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "Change equivalence class hashing function"
Reverts kubernetes/kubernetes#58555
It seems the PR makes some of the scheduler integration tests flaky. We revert it until we find a better fix.
/ref #58881
@resouer, Now that @misterikkit is on leave, it would be great if you could take a look at his PR and see if you can find the root-cause.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58889, 58890). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add e2e tests for GPU monitoring.
Related to kubernetes/features#369.
This is mostly the same code as the default stackdriver test. This would need to be a separate suite because it needs to run with GPUs etc.
**Release note**:
```release-note
NONE
```
/sig instrumentation
/sig testing
/kind enhancement
/assign @vishh @kawych @piosz @jiayingz
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Correct unbound assertions variable error in shell2junit
**What this PR does / why we need it**:
Fixes the following error in the verify job log:
```
W0126 21:47:20.783] hack/make-rules/../../third_party/forked/shell2junit/sh2ju.sh: line 176: assertions: unbound variable
```
Also adds myself as an OWNER to this little forked mess. If I break it, I bought it lol.
**Release note**:
```release-note
NONE
```
/assign ixdy stevekuznetsov
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use SSH tunnel for webhook communication iff the webhook is deployed as a service
**What this PR does / why we need it**:
We are getting the following error when the apiserver connects the webhook on localhost (configured via URL). We should only use the SSL tunnel for the connections to nodes when the webhooks are running as services.
```
I0119 17:41:18.678436 1 ssh.go:400] [4cdf44753cc3705d: localhost:10258] Dialing...
W0119 17:41:18.678483 1 ssh.go:424] SSH tunnel not found for address "localhost", picking random node
I0119 17:41:18.679810 1 ssh.go:402] [4cdf44753cc3705d: localhost:10258] Dialed in 1.398691ms.
W0119 17:41:18.679928 1 admission.go:256] Failed calling webhook, failing closed xxx: failed calling admission webhook "xxx": Post xxx: ssh: rejected: connect failed (Connection refused)
I0119 17:41:18.680346 1 wrap.go:42] POST /api/v1/namespaces/kube-system/pods: (5.725588ms) 500
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubernetes/issues/58779
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver is changed to use SSH tunnels for webhook iff the webhook is not directly routable from apiserver's network environment.
```
/assign @lavalamp @caesarxuchao @cheftako
Automatic merge from submit-queue (batch tested with PRs 58760, 58861). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prefer exact resource name matches to shortname expansions
Prevents a shortname of "pod" or "pods" from taking precedence over an exact resource name match
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Removal of KubeletConfigFile feature gate: Step 1
This feature gate was redundant with the `--config` flag, which already
enables/disables loading Kubelet config from a file.
Since the gate guarded an alpha feature, removing it is not a violation
of our API guidelines.
Some stuff in `kubernetes/test-infra` currently sets the gate,
so removing will be a 3 step process:
1. This PR, which makes the gate a no-op.
2. Stop setting the gate in `kubernetes/test-infra`.
3. Completely remove the gate (this PR will get the release note).
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57500, 58840, 58883). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds breadcrumb to crictl warning
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR adds a breadcrumb to a `kubeadm` preflight check.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#613
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57500, 58840, 58883). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add allowPrivilegeEscalation to kubectl describe psp
**What this PR does / why we need it**:
Add allowPrivilegeEscalation to kubectl describe psp
**Which issue(s) this PR fixes**
Fixes#57974
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57500, 58840, 58883). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make REST mappings for resources a unique list
This ensures the mappings list for resources(shortcuts, plural) unique,
instead of doing multiple requests to server for the same resource.
**What this PR does / why we need it**:
Treat resource shortcuts, plurals the same thing on kubectl side instead of doing multiple requests to servers, and outputs should not duplicate entires.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57498
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updated priority of mirror pod by PriorityClass.
Signed-off-by: Da K. Ma <madaxa@cn.ibm.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58471
**Release note**:
```release-note
Updated priority of mirror pod according to PriorityClassName.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicated check of device path in aws attacher
**What this PR does / why we need it**:
The `devicePath` parameter is already validated in this [code](b7100f1ee7/pkg/volume/aws_ebs/attacher.go (L158)), so no need to check it again in the `for loop` as it won't be modified.
This can make the code clearer.
**Release note**:
```release-note
NONE
```
/sig storage
/kind cleanup
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixing array out of bound by checking initContainers instead of containers
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** : Fixes#58541
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 58783, 58800, 58846). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
runtime-config bug in kube-aggregator
**What this PR does / why we need it**:
kube-aggregator api has upgraded to v1, and introduce a little bug. I have to fix it.
**Special notes for your reviewer**:
/assign @deads2k
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58783, 58800, 58846). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add UT test to openstack_test.go
**What this PR does / why we need it**:
add ut test to toAuth3Options func
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58783, 58800, 58846). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Produce junit results for verify job
**What this PR does / why we need it**:
Junit results may make the verify job clearer, and give us better insights into timings
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixing spaces issue found with tests.
Had some missing parameters for some functions.
**What this PR does / why we need it**:
Fixing charms when setting extra sans on load balancer or master
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/477
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixing extra_sans option on master and load balancer.
```
Automatic merge from submit-queue (batch tested with PRs 55792, 58342). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a metric to track usage of inflight request limit.
This one is tricky. The goal is to know how 'loaded' given apiserver is before we start dropping the load, to so we need to somehow expose 'fullness' of channels.
Sadly this metric is pretty volatile so it's not clear how to do this correctly. I decided to do pre-aggregation to smoothen the metric a bit. In the current implementation the metric publishes maximum "usage" of the inflight is previous second.
If you have any ideas please share.
@smarterclayton @lavalamp @wojtek-t @liggitt @deads2k @caesarxuchao @sttts @crassirostris @hulkholden
```release-note
NONE
```
