Automatic merge from submit-queue
Fix federated config map unit tests
Fixes#41419 and #42847 and possibly other issues in this area.
cc: @nikhiljindal @csbell @perotinus
Automatic merge from submit-queue (batch tested with PRs 43331, 43336)
Mark failing PersistentVolumes:GCEPD tests flaky
Move failing `PersistentVolumes:GCEPD` tests to flaky,
Fixes https://github.com/kubernetes/kubernetes/issues/43200.
PR https://github.com/kubernetes/kubernetes/pull/40609 incorrectly removed the flaky tag.
PR https://github.com/kubernetes/kubernetes/pull/40924 re-added the flaky tag, but did not get all the tests.
This PR marks these as flaky as well:
```
[k8s.io] PersistentVolumes [Volume][Serial] [k8s.io] PersistentVolumes:GCEPD should test that deleting a PVC before the pod does not cause pod deletion to fail on PD detach
[k8s.io] PersistentVolumes [Volume][Serial] [k8s.io] PersistentVolumes:GCEPD should test that deleting the Namespace of a PVC and Pod causes the successful detach of Persistent Disk
[k8s.io] PersistentVolumes [Volume][Serial] [k8s.io] PersistentVolumes:GCEPD should test that deleting the PV before the pod does not cause pod deletion to fail on PD detach
```
CC @copejon @jeffvance @kubernetes/sig-storage-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 43331, 43336)
Do not override KUBERNETES_RELEASE if already set
/assign @ixdy
If the user calls `get-kube.sh` with `KUBERNETES_RELEASE` and `KUBERNETES_RELEASE_URL` already set, continue to use these values.
Automatic merge from submit-queue (batch tested with PRs 42828, 43116)
Apply taint tolerations for NoExecute for all static pods.
Fixed https://github.com/kubernetes/kubernetes/issues/42753
**Release note**:
```
Apply taint tolerations for NoExecute for all static pods.
```
cc/ @davidopp
Automatic merge from submit-queue
Replace out of date security disclosure doc
This document was inconsistent with the process described at https://kubernetes.io/security/, so I replaced its content with a link to the new process.
/cc @liggitt @jessfraz
Automatic merge from submit-queue
Give apiserver full access to kubelet API
the kubelet stats API calls use both GET and POST. POST calls proxied through the API server were getting forbidden because only `get` was allowed.
more broadly, the apiserver is responsible for proxying authorized API calls to the kubelet API... I think this means the apiserver should have access to all verbs on the kubelet subresources.
Fixes#42045
Automatic merge from submit-queue
Use storage.k8s.io/v1 in tests instead of v1beta1
This is trimmed version of #42477 and contains only tests of the new storage API. Together with #43285 it passes all dynamic provisioning tests on my GCE.
I did not change vsphere_utils.go and vsphere_volume_diskformat.go as @divyenpatel runs master vsphere tests with Kubernetes 1.5 - @divyenpatel, did I get it right?
@kubernetes/sig-storage-pr-reviews, @msau42, @ethernetdan
```release-note
NONE
```
The GC expects that once it sees a controller with a non-nil
DeletionTimestamp, that controller will not attempt any adoption.
There was a known race condition that could cause a controller to
re-adopt something orphaned by the GC, because the controller is using a
cached value of its own spec from before DeletionTimestamp was set.
This fixes that race by doing an uncached quorum read of the controller
spec just before the first adoption attempt. It's important that this
read occurs after listing potential orphans. Note that this uncached
read is skipped if no adoptions are attempted (i.e. at steady state).
Automatic merge from submit-queue (batch tested with PRs 43313, 43257, 43271, 43307)
Fix AWS untagged instances
To revert to 1.5 behaviour we need to consider untagged
instances if no clusterID has been specified or found.
Fixes https://github.com/kubernetes/kubernetes/issues/43063
cc @justinsb
Automatic merge from submit-queue (batch tested with PRs 43313, 43257, 43271, 43307)
Remove 'all namespaces' meaning of empty list in PodAffinityTerm
Removes the distinction between `null` and `[]` for the PodAffinityTerm#namespaces field (option 4 discussed in https://github.com/kubernetes/kubernetes/issues/43203#issuecomment-287237992), since we can't distinguish between them in protobuf (and it's a less than ideal API)
Leaves the door open to reintroducing "all namespaces" function via a dedicated field or a dedicated token in the list of namespaces
Wanted to get a PR open and tests green in case we went with this option.
Not sure what doc/release-note is needed if the "all namespaces" function is not present in 1.6
Automatic merge from submit-queue (batch tested with PRs 43313, 43257, 43271, 43307)
In DaemonSet e2e tests, use Patch instead of Update to avoid conflict
Fixes#43310
@marun @kargakis @lukaszo @kubernetes/sig-apps-bugs
Automatic merge from submit-queue
kubectl: Use v1.5-compatible ownership logic when listing dependents.
**What this PR does / why we need it**:
This restores compatibility between kubectl 1.6 and clusters running Kubernetes 1.5.x. It introduces transitional ownership logic in which the client considers ControllerRef when it exists, but does not require it to exist.
If we were to ignore ControllerRef altogether (pre-1.6 client behavior), we would introduce a new failure mode in v1.6 because controllers that used to get stuck due to selector overlap will now make progress. For example, that means when reaping ReplicaSets of an overlapping Deployment, we would risk deleting ReplicaSets belonging to a different Deployment that we aren't about to delete.
This transitional logic avoids such surprises in 1.6 clusters, and does no worse than kubectl 1.5 did in 1.5 clusters. To prevent this when kubectl 1.5 is used against 1.6 clusters, we can cherrypick this change.
**Which issue this PR fixes**:
Fixes#43159
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
e2e: bump the memory limit for kubelet
The test is mainly for monitoring and tracking resource leaks. Bump the
limit to account for variations in different settings.
Automatic merge from submit-queue (batch tested with PRs 42869, 43298, 43285)
Fix default storage class tests
Name of the default storage class is not "default", it must be discovered dynamically.
```release-note
NONE
```
This fixes flake `storageclasses.storage.k8s.io "default" not found` in #43261
Automatic merge from submit-queue (batch tested with PRs 42869, 43298, 43285)
Bumped Heapster to v1.3.0
``` release-note
Bumped Heapster to v1.3.0.
More details about the release https://github.com/kubernetes/heapster/releases/tag/v1.3.0
```
Automatic merge from submit-queue
Fix revision when SetDeploymentRevision
When some oldRSs be deleted or cleared(eg. revisionHistoryLimit set 0), the revision for SetDeploymentRevision is incorrect
Automatic merge from submit-queue
Add retry to monitoring e2e
**What this PR does / why we need it**:
Add retry to monitoring e2e to prevent it from failing because heapster have not yet been started after cluster creation.
@piosz @jszczepkowski
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#43024
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
Update Dashboard version to v1.6.0
**What this PR does / why we need it**:
Updates dashboard addon to latest version. Changelog can be found [here](https://github.com/kubernetes/dashboard/releases/tag/v1.6.0).
**Release note**:
```release-note
Update dashboard version to v1.6.0
```
Automatic merge from submit-queue
Update photon controller go SDK in vendor code.
**What this PR does / why we need it**:
Update photon controller go SDK in vendor code.
**Which issue this PR fixes**:
fixes #https://github.com/kubernetes/kubernetes/issues/43042
**Special notes for your reviewer**:
Can we mark this PR as bug fix and with 1.6 milestone?
Since photon controller is using a new version of this go SDK. Without this change, the current k8s will break with latest released photon controller. Thanks.
**Release note**:
Compatible with Photon Controller v1.1.1 release.
Automatic merge from submit-queue
protobuf generation modifies types.go, which needs to be copied out
This was broken when we moved to the build container, but no one
noticed. Made it so that we get a test error if a field in a registered type has a json tag with no protobuf tag.
Fixes#35486
Automatic merge from submit-queue
construction of GC should not fail for restmapper error caused by tpr
Fix https://github.com/kubernetes/kubernetes/issues/43147.
The issue is that GC will fail its initialization due to an RESTMapper error cause by tpr. This PR lets GC log the error instead of failing.
Automatic merge from submit-queue
Fix polarity of a test in NodePort allocation
The result of this was that an update to a Service would release the
NodePort temporarily (the repair loop would fix it in a minute). During
that window, another Service could get allocated that Port.
Fixes#43233
