the flakes referenced in #51704 were still seen downstream. the current timeout approach is known to be faulty, but fixing the tests has not been prioritized. this increases the timeout sufficiently to avoid flakes in the meantime
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow for listing & watching individual secrets from nodes
This PR:
- propagates value of `metadata.name` field from fieldSelector to `name` field in RequestInfo (for list and watch requests)
- authorizes list/watch for requests for single secrets/configmaps coming from nodes
As an example:
```
/api/v1/secrets/namespaces/ns?fieldSelector=metadata.name=foo =>
requestInfo.Name = "foo",
requestInfo.Verb = "list"
/api/v1/secrets/namespaces/ns?fieldSelector=metadata.name=foo&watch=true =>
requestInfo.Name = "foo",
requestInfo.Verb = "list"
```
```release-note
list/watch API requests with a fieldSelector that specifies `metadata.name` can now be authorized as requests for an individual named resource
```
Using GetFlagString from k8s.io/kubernetes/pkg/kubectl/cmd/util
causes pkg/client/clientset_generated/internalclientset to be pulled
as an external dependency, thus producing larger executable and
increasing the maintainance hell.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 63749, 63961). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a way to pass extra arguments to etcd.
**What this PR does / why we need it**:
It adds a way to pass additional arguments to etcd. They can be used to adjust runtime configuration like heartbeat interval etc.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add a way to pass extra arguments to etcd.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
minor fix for VolumeZoneChecker predicate
storageclass can be in annotation and spec.
```release-note
minor fix for VolumeZoneChecker predicate, storageclass can be in annotation and spec.
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: add SAML token authentication support
**What this PR does / why we need it**:
The vSphere cloud provider currently supports username+password based authentication, this PR adds an option to use token based authentication.
**Which issue(s) this PR fixes**:
Fixes#63209
**Special notes for your reviewer**:
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
**Release note**:
```release-note
vSphere Cloud Provider: add SAML token authentication support
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor cache based manager
This is support to be no-op refactoring. It will only allow to share code between secret and configmap managers.
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Check for NEG healthcheck
**What this PR does / why we need it**:
In `backendMode`, also check for HealthCheck with the same name as BackendService.
**Release note**:
```release-note
NONE
```
Bazel walks through the Kubernetes repo to add vendor targets for OpenAPI generation. `SkippedPaths` is used to skip the paths such as `_examples`. However, it doesn't work as desired, because it matches for `_` at the beginning of the path, so paths like `vendor\..\_example` are picked up by the generator. This PR fixes this.
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Extract connection rotating dialer into a package
**What this PR does / why we need it**: This will be re-used for exec auth plugin to rotate connections on
credential change.
**Special notes for your reviewer**: this was split from https://github.com/kubernetes/kubernetes/pull/61803 to simplify review
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement `kubeadm init diff`
**What this PR does / why we need it**:
Some users want to see the changes `kubeadm` woulda apply before actually running `kubeadm upgrade apply`. This shows the changes that will be made to the static pod manifests before applying them. This is a narrower case than `kubeadm upgrade apply --dry-run`, which specifically focuses on the static pod manifests.
**Which issue(s) this PR fixes**:
Part of [kubeadm/489](https://github.com/kubernetes/kubeadm/issues/489#issuecomment-388974795)
**Special notes for your reviewer**:
**Release note**:
```release-note
adds the `kubeadm upgrade diff` command to show how static pod manifests will be changed by an upgrade.
```
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bzl: cleanup some no longer need visibilities
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Eviction Node e2e test checks for eviction reason
**What this PR does / why we need it**:
Currently, the eviction test simply ensures that pods are marked `Failed`. However, this could occur because of an OOM, rather than an eviction.
To ensure that pods are actually being evicted, check for the Reason in the pod status to ensure it is evicted.
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Minor fixes for kubeadm reset
This set of fixes was proposed by @neolit123 in [PR 63849](https://github.com/kubernetes/kubernetes/pull/63849) review
comments:
- Capitalized output after [reset]
- Used %v format for Go errors
- Fixed spelling: Trying using -> Trying to use
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use 'docker/default' as default seccomp profile for unprivileged PodSecurityPolicy
**What this PR does / why we need it**:
This PR sets the default seccomp profile for unprivileged PodSecurityPolicy to 'docker/default'. This PR is a followup of [#62662](https://github.com/kubernetes/kubernetes/pull/62662). We are using 'docker/default' instead of 'runtime/default' in addons in order to handle node version skew. When default seccomp profile is applied later, we can remove those annotations.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#39845
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix formatting for kubelet memcg notification threshold
/kind bug
**What this PR does / why we need it**:
This fixes the following errors (found in [this node_e2e serial test log](https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-serial/4118/artifacts/tmp-node-e2e-49baaf8a-cos-stable-63-10032-71-0/kubelet.log)):
`eviction_manager.go:256] eviction manager attempting to integrate with kernel memcg notification api`
`threshold_notifier_linux.go:70] eviction: setting notification threshold to 4828488Ki`
`eviction_manager.go:272] eviction manager: failed to create hard memory threshold notifier: invalid argument`
**Special notes for your reviewer**:
This needs to be cherrypicked back to 1.10.
This regression was added in https://github.com/kubernetes/kubernetes/pull/60531, because the `quantity` being used was changed from a DecimalSI to BinarySI, which changes how it is printed out in the String() method. To make it more explicit that we want the value, just convert Value() to a string.
**Release note**:
```release-note
Fix memory cgroup notifications, and reduce associated log spam.
```
