Automatic merge from submit-queue (batch tested with PRs 66190, 66871, 66617, 66293, 66891). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change the expected error message in webhook e2e test
Fix#66776.
The timeout error message sent by the apiserver was changed by #66616, which affects 1.12+ apiservers.
The expected error message in e2e test in 1.11 and 1.12 should only contain the common part of the pre-1.12 error message and post-1.12 message, because the upgrade&downgrade tests will run the 1.11 e2e test against 1.12 apiserver, and vice versa.
/sig api-machinery
/release-note-none
Automatic merge from submit-queue (batch tested with PRs 66190, 66871, 66617, 66293, 66891). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Unset CDPATH in build scripts
**What this PR does / why we need it**:
Currently trying to build k8s fails if you have CDPATH set in your env. This is a minor change that allows building k8s without manually unsetting the variable.
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 66190, 66871, 66617, 66293, 66891). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not set cgroup parent when --cgroups-per-qos is disabled
When --cgroups-per-qos=false (default is true), kubelet sets pod
container management to podContainerManagerNoop implementation and
GetPodContainerName() returns '/' as cgroup parent (default cgroup root).
(1) In case of 'systemd' cgroup driver, '/' is invalid parent as
docker daemon expects '.slice' suffix and throws this error:
'cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"'
(5fc12449d8/daemon/daemon_unix.go (L618))
'/' corresponds to '-.slice' (root slice) in systemd but I don't think
we want to assign root slice instead of runtime specific default value.
In case of docker runtime, this will be 'system.slice'
(e2593239d9/daemon/oci_linux.go (L698))
(2) In case of 'cgroupfs' cgroup driver, '/' is valid parent but I don't
think we want to assign root instead of runtime specific default value.
In case of docker runtime, this will be '/docker'
(e2593239d9/daemon/oci_linux.go (L695))
Current fix will not set the cgroup parent when --cgroups-per-qos is disabled.
```release-note
Fix pod launch by kubelet when --cgroups-per-qos=false and --cgroup-driver="systemd"
```
Automatic merge from submit-queue (batch tested with PRs 66190, 66871, 66617, 66293, 66891). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Part 2: Promoting Atomic Writer testcases for Conformance
This PR is the result (part 2) of splitting [this PR](https://github.com/kubernetes/kubernetes/pull/65793) into 2 sections:
1) [This PR](https://github.com/kubernetes/kubernetes/pull/66786), addressing the refactor so eligible-test-for-conformance can use get rid of privileged security context.
2) This specific PR, that addresses the promotion of the Atomic Writer testcases to be in conformance suite.
Changes:
a) promoting Atomic writer volumes tests to be conformance tests.
b) added those tests to appear on golden list (conformance master file)
Automatic merge from submit-queue (batch tested with PRs 66190, 66871, 66617, 66293, 66891). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix nil pointer dereference in node_container_manager#enforceExisting
**What this PR does / why we need it**:
fix nil pointer dereference in node_container_manager#enforceExisting
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66189
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
kubelet: fix nil pointer dereference while enforce-node-allocatable flag is not config properly
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Skip checking when failSwapOn=false
**What this PR does / why we need it**:
Skip checking when failSwapOn=false
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
NONE
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66235, 66908, 66907). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
switch kubectl portfoward to external types
switch the guts of portforward to external types.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66235, 66908, 66907). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
switch rollout history to external
low hanging fruit. The underlying history viewer uses a live lookup with external clients already.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66235, 66908, 66907). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set standard storage class addon mode to "ensure-exists"
**What this PR does / why we need it**:
Change addon mode for standard storage class to `EnsureExists`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66222
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update polymorphichelpers for external types
and updates expose to externals as proof
@kubernetes/sig-cli-maintainers
/assign @soltysh @juanvallejo
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update etcdstorage test to use discovery
1. update etcdstorage test to use discovery
2. switches to use the dynamic client
3. fixes the bug where the server wasn't a complete kube-apiserver
```release-note
NONE
```
/assign @enj @sttts
@kubernetes/sig-api-machinery-pr-reviews
@apelisse a discovery based example.
@yue9944882 you've expressed an interest. The wiring for the server is really hard to use here.
I've also noticed that this doesn't build an equivalent kube-apiserver, but that is proving troublesome. Will follow up with with.
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add methods to apimachinery to easy unit testing
When unit testing, you often want a selective scheme and codec factory. Rather than writing the vars and the init function and the error handling, you can simply do
`scheme, codecs := testing.SchemeForInstallOrDie(install.Install)`
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Run autoscaling tests with expendable pods on GKE
Enable tests using expendable pods on GKE.
```release-note
NONE
```
/cc @MaciekPytel
/sig autoscaling
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix unit test failure: TestNsenterExistsFile
**What this PR does / why we need it**:
Fix unit test failure: TestNsenterExistsFile
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66809
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
At present, `log-file` location of glusterfs client mount is decided
by the plugin, however at times, users/admin want to configure log-file
of gluster fuse client process on their own in some setups. Even though they can pass log-file
mount option through storage class, before this patch glusterfs plugin
always discard it. This patch enable/give preference
to admin supplied log-file mount option if specified in storage class.
If the log-file mount option is incomplete or wrong, plugin fallback to the
location which is carved out by the combination of pvc and pod name.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
Automatic merge from submit-queue (batch tested with PRs 66877, 66066, 66851). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add namespace info for pod in log
**What this PR does / why we need it**:
add namespace info for pod in log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66877, 66066, 66851). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup the Admission Webhook E2E code
**What this PR does / why we need it**:
The current documentation for Admission Webhooks points to the e2e tests as an example.
The code appears to have some legacy configuration left behind. The variables are confusingly named and it lacked comments developers could follow. This is an attempt to clean up some code and make the code more readable to make webhook development easier.
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Generate crictl config for preload as well.
Generate `/etc/crictl.yaml` also when crictl is preloaded.
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
Fix a bug on GCE that /etc/crictl.yaml is not generated when crictl is preloaded.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix some type of CHANGELOG-1.11.md
**What this PR does / why we need it**:
Fix some type of CHANGELOG-1.11.md
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66846, 60552). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding details to Conformance Tests using RFC 2119 standards.
This PR is part of the conformance documentation. This is to provide more formal specification using RFC 2119 keywords to describe the test so that who ever is running conformance tests do not have to go through the code to understand why and what is tested.
The documentation information added here into each of the tests eventually result into a document which is currently checked in at location https://github.com/cncf/k8s-conformance/blob/master/docs/KubeConformance-1.9.md
I would like to have this PR reviewed for v1.10 as I consider it important to strengthen the conformance documents.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typo: scale dowm-> scale down
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64645, 66832). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Detect if GCE PD udev link is wrong and try to correct it
**What this PR does / why we need it**:
udev can miss scsi events and not update device links properly when disks are detached and reattached to the same node in a different order. This PR workarounds the issue by comparing the udev link name, which is the PD disk name, with the scsi disk serial number returned from scsi_id, and prevents mounting of the disk if the link is wrong. It will also run `udevadm trigger` on the disk to try to correct the bad link.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
This fix prevents a GCE PD volume from being mounted if the udev device link is stale and tries to correct the link.
```
Automatic merge from submit-queue (batch tested with PRs 65730, 66615, 66684, 66519, 66510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: add image-gc low/high validation check
Currently, there is no protection against setting the high watermark <= the low watermark for image GC
This PR adds a validation rule for that.
@smarterclayton
Automatic merge from submit-queue (batch tested with PRs 65730, 66615, 66684, 66519, 66510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update attach to use external objs
**Release note**:
```release-note
NONE
```
Updates attach command to use external versions.
cc @deads2k @soltysh
Automatic merge from submit-queue (batch tested with PRs 65730, 66615, 66684, 66519, 66510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
aggregate admin from edit and view to ensure coverage
ClusterRole aggregate has worked quite well. This updates the edit role to be aggregated from a separate edit and view and updates the admin role to aggregated from admin, edit, and view. This ensures coverage (we previously had unit tests, but that didn't work as people aggregated more powers in) and it makes each role smaller since it only has a diff to consider.
@kubernetes/sig-auth-pr-reviews
```release-note
admin RBAC role now aggregates edit and view. edit RBAC role now aggregates view.
```
