Automatic merge from submit-queue
Add finalizers to federated configmaps
Initial commit for finalizers in configmap.
```release-note
Add support for finalizers in federated configmaps (deletes configmaps from underlying clusters).
```
Automatic merge from submit-queue (batch tested with PRs 41115, 41212, 41346, 41340, 41172)
Enable PodTolerateNodeTaints predicate in DaemonSet controller
Ref #28687, this enables the PodTolerateNodeTaints predicate to the daemonset controller
cc @Random-Liu @dchen1107 @davidopp @mikedanese @kubernetes/sig-apps-pr-reviews @kubernetes/sig-node-pr-reviews @kargakis @lukaszo
```release-note
Make DaemonSet controller respect node taints and pod tolerations.
```
Automatic merge from submit-queue (batch tested with PRs 41115, 41212, 41346, 41340, 41172)
Add informers to client-go
Adds informers and listers to client-go so that you can build a controller on it.
@sttts @caesarxuchao @kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue (batch tested with PRs 41115, 41212, 41346, 41340, 41172)
Send only cluster domain queries to kube-dns
Queries not involving the cluster domain should be forwarded out (not to kube-dns)
```release-note
none
```
Automatic merge from submit-queue
fix service spec for kube api server
For the auto generated kube api-server service, the service spec re-uses the service port itself. The endpoint is created correctly using public port. Fix the service also because there are some plugin controllers that react to service spec itself.
Before fix:
```
sh-4.2# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 172.17.0.2:8443,172.17.0.2:8053,172.17.0.2:8053 20h
sh-4.2# kubectl get services kubernetes -o json
...
...
"spec": {
"clusterIP": "172.30.0.1",
"ports": [
{
"name": "https",
"port": 443,
"protocol": "TCP",
"targetPort": 443 ## <--- same as port, even if the endpoint really means 8443
},
{
"name": "dns",
"port": 53,
"protocol": "UDP",
"targetPort": 8053
},
{
"name": "dns-tcp",
...
```
After fix:
```
"spec": {
"clusterIP": "172.30.0.1",
"ports": [
{
"name": "https",
"port": 443,
"protocol": "TCP",
"targetPort": 8443 # <-- fixed, now matches the endpoint object
},
{
"name": "dns",
"port": 53,
"protocol": "UDP",
"targetPort": 8053
},
{
"name": "dns-tcp",
``
Automatic merge from submit-queue
Fixes Hazelcast example e2e test
**What this PR does / why we need it**:
This PR fixes the Hazelcast example e2e test
**Special notes for your reviewer**:
It is related to this PR https://github.com/kubernetes/kubernetes/pull/39580
Automatic merge from submit-queue
give nodes update/delete permissions
delete permission is logically paired with create permission (and is used during self-registration scenarios when a node has been restarted and an existing node object has a mismatched externalID)
we already need to scope update nodes/status permission to only let a node update itself, and we would scope these at the same time.
fixes https://github.com/kubernetes/kubernetes/issues/41224
Automatic merge from submit-queue
copy pkg/util/logs to apiserver
This is a copy, not a move. API servers need to be able to init the logs, but so do clients. It would be weird to have the client-side commands depending on the server side logs utilities.
I updated all the server side references, but left the client-side ones.
@sttts @kubernetes/sig-api-machinery-pr-reviews acceptable?
Automatic merge from submit-queue
auto-create the loopback token
Users of the apiserver library have no need to specify particular loopback tokens, we can autogenerate and provision them.
@kubernetes/sig-api-machinery-misc @sttts
Automatic merge from submit-queue
Added kubectl create role command
Added `kubectl create role` command.
Fixed part of #39596
**Release note**:
```
Added one new command `kubectl create role` to help user create a single role from command line.
```
Automatic merge from submit-queue (batch tested with PRs 41319, 41192)
Split informers by internal and external to allow inclusion in client-go
client-go doesn't have any internal clients, so informers which require internal clients can never be included in it. This splits the informer generation into internal and external so we can safely include them.
@kubernetes/sig-api-machinery-misc @ncdc
Automatic merge from submit-queue (batch tested with PRs 41319, 41192)
sync client-go
Straight mechanical sync of client-go after updating apimachinery.
@caesarxuchao @sttts @pwittrock
I tagged it since its straight mechanical.
Automatic merge from submit-queue (batch tested with PRs 41312, 41289)
resolve udevadm from PATH in cinder_util.go
**What this PR does / why we need it**:
When a cinder volume gets attached to a node, the cinder volume plugin calls `udevadm` with an absolute path `/usr/bin/udevadm`. This path is incorrect for recent versions of debian, ubuntu or the hyperkube image on gcr.io where `udevadm` is located at `/bin/udevadm` or `/sbin/udevadm`. A variant of the hyperkube image is used on CoreOS to run kubelet with rkt fly stage 1.
As a result of the failed `udevadm` exec, the `AttachDisk` function in `cinder_util.go` returns an error.
This PR removes the absolute path from the `udevadm` exec. As a result, `udevadm` is resolved by looking it up in `PATH`.
This is consistent with the gce volume plugin, which executes `udevadm` the same way.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29832
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
updated docs in roundtrip.go to correct names
**What this PR does / why we need it**: updated docs in roundtrip.go to correct names.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41182, 41290)
Fix typo of defualt
Fix typo of defualt introduced in #41274.
**Release note**:
`NONE`
cc @Random-Liu
Automatic merge from submit-queue (batch tested with PRs 41182, 41290)
Add a default storage class for Azure Disk
Part of https://github.com/kubernetes/kubernetes/issues/40071
@jsafrane @colemickens @codablock @rootfs
Automatic merge from submit-queue (batch tested with PRs 41274, 41241)
[Federation] Make federation namespace e2e tests parallelizable.
Because deleteAllTestNamespaces deleted all the e2e namespaces it interefered with other federation namespace tests running in parallel. This change should mitigate the problem and make the tests runnable in parallel.
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 41137, 41268)
Allow the CertificateController to use any Signer implementation.
**What this PR does / why we need it**:
This will allow developers to create `CertificateController`s with arbitrary `Signer`s, instead of forcing the use of `CFSSLSigner`. It matches the behavior of allowing an arbitrary `AutoApprover` to be passed in the constructor.
**Release note**:
```release-note
NONE
```
CC @mikedanese
Automatic merge from submit-queue
Add pod manifest path to local cluster
Added `POD_MANIFEST_PATH` to local cluster up because we are frequently using this flag when testing static & mirror pod during local dev.
Automatic merge from submit-queue (batch tested with PRs 41259, 41260)
kubeadm: changed manifest files to yaml
**What this PR does / why we need it**: Static Pods are currently stored as .json files in /etc/kubernetes/manifests. This PR instead writes them as YAML, as requested by the SIG.
**Which issue this PR fixes**: fixes #https://github.com/kubernetes/kubeadm/issues/153
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
