Automatic merge from submit-queue
Fix skipping - protobuf fields
**What this PR does / why we need it**: fixes the protobuf generator to skip fields with a protobuf tag of `"-"`
Match changes in https://github.com/kubernetes/gengo/pull/19
I couldn't get godeps to work to vendor this change in from gengo, so I made the same edits manually in cmd/libs/go2idl. A task for another day...
@smarterclayton
Automatic merge from submit-queue (batch tested with PRs 39059, 39175, 35676, 38655)
ReplicaSet has onwer ref of the Deployment that created it
**What this PR does / why we need it**:
This enabled garbage collection for ReplicaSets and ensures they are owned by their respective Deployment objects.
fixes https://github.com/kubernetes/kubernetes/issues/33845
This is an initial PR to get feedback. Will update this quickly with unit tests if this seems like in the right direction
Automatic merge from submit-queue (batch tested with PRs 39006, 39078, 37188, 39118)
Cleanup dns
* Remove hostname endpoints annotation (was beta feature)
* Remove references to non-client-go API
* Replaces references to internal kubernetes API with client-go.
Automatic merge from submit-queue (batch tested with PRs 39006, 39078, 37188, 39118)
Fix bug of missing random watch events in the event stream
Fix#39072
Automatic merge from submit-queue
In-cluster configs must take flag overrides into account
**What this PR does / why we need it**: Some flags must override in-cluster configs if provided to `kubectl` inside a cluster.
**Which issue this PR fixes**: Fixes https://github.com/kubernetes/kubernetes/issues/38834
**Release note**:
```release-note
Fixed a bug where the --server, --token, and --certificate-authority flags were not overriding the related in-cluster configs when provided in a `kubectl` call inside a cluster.
```
Automatic merge from submit-queue
remove unneeded authenticator dependencies from genericapiserver
Refactors the authenticator options to remove unneeded dependencies.
@sttts
Automatic merge from submit-queue
extend err info when authorize failed
if rolebinding related to a non-existent role, kubectl get po will return a error.
old result:
```shell
$ kubectl --token=/test get po
Error from server (InternalError): an error on the server ("Internal Server Error: \"/api/v1/namespaces/default/pods\"") has prevented the request from succeeding (get pods)
```
new result (output the reason):
```shell
$ kubectl --token=hi/test get po
Error from server (Forbidden): User "hi" cannot list pods in the namespace "default".: "role.rbac.authorization.k8s.io \"admin-resource-role\" not found" (get pods)
```
test.yaml
```
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: admin-resource-binding
namespace: default
subjects:
- kind: Group
name: test
roleRef:
kind: Role
name: admin-resource-role
```
Automatic merge from submit-queue (batch tested with PRs 39146, 39094)
cleanup last e2e authorization failures
Builds on https://github.com/kubernetes/kubernetes/pull/39080. This adds rbac role bindings during e2e tests for test that use SA permissions to loopback to the API server.
Assigned to me until its ready.
Automatic merge from submit-queue
Make fluentd pods critical
Related to https://github.com/kubernetes/kubernetes/issues/38322
Make fluentd critical so it will be evicted with less probability.
CC @piosz @fgrzadkowski
Automatic merge from submit-queue
Add liveness probe for fluentd-gcp
It's known that fluentd can hung up during execution until manual restart.
Liveness probe fixes this problem in the following way: if no buffer chunks were sent or created in the last 5 minutes, fluentd is hanging and should be restarted.
CC @piosz
Automatic merge from submit-queue (batch tested with PRs 39114, 36004)
Revert #32751 and #35840 in 1.6
Revert backward compatibility hacks (#36004, #32751) that are no-longer needed in release 1.6
@kubernetes/sig-api-machinery @liggitt
Automatic merge from submit-queue (batch tested with PRs 39114, 36004)
assign -998 as the oom_score_adj for critical pods (e.g. kube-proxy)
I also validated this with a testing cluster: Fresh built cluster, and kill kube-proxy pod, etc.
```
root 2660 2643 0 Dec21 ? 00:00:00 /bin/sh -c kube-proxy --master=https://104.198.79.64 --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.180.0.0/14 --resource-container="" --v=4 1>>/var/log/kube-proxy.log 2>&1
root 2667 2660 0 Dec21 ? 00:03:14 kube-proxy --master=https://104.198.79.64 --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.180.0.0/14 --resource-container= --v=4
# cat /proc/2660/oom_score_adj
-998
# cat /proc/2667/oom_score_adj
-998
```
In this pr, I also include a small fix for import cycle issue. The right fix should remove the dependency on qos package from pkg/apis/componentconfig/v1alpha1. But since we plan to cherrypick this pr to both 1.5 and 1.4 (possible), I want touch the source as little as possible.
Partial fix: #38322
Automatic merge from submit-queue (batch tested with PRs 39115, 39111)
Make one of the go2idl unit tests pass in a sandbox.
Not sure how important this is.
Automatic merge from submit-queue (batch tested with PRs 39115, 39111)
Node E2E: Do not use sudo when untar node e2e tar ball.
`sudo tar -x` will [extract files with original file ownership](http://unix.stackexchange.com/questions/264464/sudo-tar-changes-extracted-files-ownership-to-unknown-user), which is not what we want.
This also causes problem to https://github.com/kubernetes/test-infra/issues/1348.
Because in https://github.com/kubernetes/test-infra/issues/1348 we move node e2e runner into a docker container. Inside the container, the user is `root` by default, so the tar ball has `root` ownership.
If we untar the tar ball with `sudo`, it will recover the `root` ownership and the following operation may not have enough permission.
No matter what, we should not recover the file ownership inside the tar ball because:
* We don't care it.
* It may even not exist on the host.
@krzyzacy
Automatic merge from submit-queue
Disable verify-test-owners.sh and make `go vet` more obvious
**What this PR does / why we need it**: I and others keep seeing the verify-test-owners.sh failure and think that's why the PR failed checks. Rather than making verify-test-owners.sh pass with errors, just skip it entirely.
Also print out the `go vet` command we're running, to make that failure more obvious.
cc @k82cn @saad-ali
**Release note**:
```release-note
NONE
```
