Automatic merge from submit-queue (batch tested with PRs 64889, 64897). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't specify a description for Calico CRDs
**What this PR does / why we need it**:
CRDs have lost the "description" field, so as it stands these won't validate. This is needed to allow Calico to function again.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure directory is created for kubelet configuration
**What this PR does / why we need it**:
Ensure directory is present before writing the config file.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64887
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64836, 64890). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds a crictl package for kubeadm installs
Closeskubernetes/kubeadm#811
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR packages crictl into a deb and rpm so we can reference / rely on it in kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#811
**Special notes for your reviewer**:
I think this change doesn't actually deploy the deb, I'll have to port this over to test-infra, but this is the first step.
Also I might need help on the release note
**Release note**:
```release-note
kubernetes now packages cri-tools (crictl) in addition to all the other kubeadm tools in a deb and rpm.
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @luxas @timstclair
Automatic merge from submit-queue (batch tested with PRs 64881, 64885). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix output of `kubeadm migrate config`
The output should always be valid kubeadmapi.MasterConfiguration YAML.
The general problem was that we printed with fmt.Fprintf but it turns out some of the default values have `%`s in them so this caused Go to think we were missing values that we wanted substituted. We don't want to do any substitution here.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR fixes a small bug that cause kubeadm migrate config to print YAML that was not valid.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#904
```release-note
NONE
```
/cc @luxas @timothysc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use repo prefix when generating image names
CI defines its own custom repository. The function responsible
for listing all images now takes this into account.
Closeskubernetes/kubeadm#901
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This fixes ci-cross.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#901
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63905, 64855). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Setup dns servers and search domains for Windows Pods
**What this PR does / why we need it**:
Kubelet is depending on docker container's ResolvConfPath (e.g. /var/lib/docker/containers/439efe31d70fc17485fb6810730679404bb5a6d721b10035c3784157966c7e17/resolv.conf) to setup dns servers and search domains. While this is ok for Linux containers, ResolvConfPath is always an empty string for windows containers. So that the DNS setting for windows containers is always not set.
This PR setups DNS for Windows sandboxes. In this way, Windows Pods could also use kubernetes dns policies.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61579
**Special notes for your reviewer**:
Requires Docker EE version >= 17.10.0.
**Release note**:
```release-note
Setup dns servers and search domains for Windows Pods in dockershim. Docker EE version >= 17.10.0 is required for propagating DNS to containers.
```
/cc @PatrickLang @taylorb-microsoft @michmike @JiangtianLi
CI defines its own custom repository. The function responsible
for listing all images now takes this into account.
Closeskubernetes/kubeadm#901
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Vertical Pod Autoscaler to autoscaling/v2beta1
**What this PR does / why we need it**:
Adds Vertical Pod Autoscaler (https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/vertical-pod-autoscaler.md) to the autoscaling API (which currently has the Horizontal Pod Autoscaler).
This is needed for the Vertical Pod Autoscaler beta.
**Special notes for your reviewer**:
/cc @thockin @mwielgus @DirectXMan12
FYI. changes that add pkg/registry/autoscaling/verticalpodautoscaler/... will follow.
**Release note**:
```Add Vertical Pod Autoscaler to autoscaling/v2beta1.```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: only run kube-proxy on architecture consistent nodes
**What this PR does / why we need it**:
Currently `gcr.io/google_containers/kube-proxy-{.Arch}` is not multi-arch image. We should use `affinity` or `nodeSelector` to only run the pods on the nodes with the matching architecture, like what we've done in `kube-dns`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
partial Fixes#64647
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
kubeadm: only run kube-proxy on architecture consistent nodes
```
Automatic merge from submit-queue (batch tested with PRs 63386, 64624, 62297, 64847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Keep kubectl delete hack for DaemonSet until 1.12
**What this PR does / why we need it**:
As pointed out here: https://github.com/kubernetes/kubernetes/pull/64797#issuecomment-395152965, the server side fix is in 1.11. We're keeping kubectl hack until 1.12 to support 1.11 kubectl + 1.10.0-4 server.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63386, 64624, 62297, 64847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactoring GCE Disk APIs to use generated client
**What this PR does / why we need it**: Improves maintainability and testing of GCE disks code.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62296
Note that `gen.go` and `gen_test.go` are generated files.
I'm planning to do a more extensive refactor that takes advantage of the generated cloud provider mocks, but that'll be in a separate PR and will be a larger change.
/cc @davidz627
/assign @saad-ali
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 63386, 64624, 62297, 64847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Final kubeadm-kubelet integration refactor PR
**What this PR does / why we need it**:
Note: Work in progress
This PR:
- [x] Updates the debs/rpms to do the "right thing" with the new integration flow
- Broken out into https://github.com/kubernetes/kubernetes/pull/64780
- [x] Uploads the `CRISocket` information to the Node object as an annotation
- Broken out into: https://github.com/kubernetes/kubernetes/pull/64792
- [x] Makes the `kubeadm init` / `kubeadm join` flow to be preflight, stop kubelet, write config/env files, daemon-reload, start kubelet
- [x] Renames `.NodeRegistration.ExtraArgs` to `.NodeRegistration.KubeletExtraArgs` as discussed in the SIG meeting
- [x] Adds a `kubeadm upgrade node config` command for fetching the latest configuration and writing it down to the node before upgrading the kubelet
- [x] Makes dynamic kubelet config actually get enabled when the feature gate in kubeadm is specifically opted into by the user
- [x] Fixes misc. minor bugs
- [x] Makes sure `kubeadm init --dry-run` works, so the dry-run functionality works for the kubelet integration as well
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add a new `kubeadm upgrade node config` command
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 63386, 64624, 62297, 64847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Let the garbage collector use json merge patch when SMP is not supported
**What this PR does / why we need it**:
Let garbage collector fallback to use json merge patch when strategic merge patch returns 415. This enables orphan delete on custom resources.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56348
**Special notes for your reviewer**:
This PR is developed based on https://github.com/kubernetes/kubernetes/pull/56595. Ref https://github.com/kubernetes/kubernetes/pull/56606 for more information.
**Release note**:
```release-note
Orphan delete is now supported for custom resources
```
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 64723, 64537). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update istio addon manifest to 0.8
**What this PR does / why we need it:**
Update Istio addon version to latest stable 0.8.0.
Changes from vanilla istio[-auth].yaml include:
- k8s addon Reconcile labels
- add all available Istio addons (grafana)
- mirror docker images to gcr.io
- add auto-injection in default namespace (not reconciled to allow Istio uninstall)
- remove instance counts to prevent addon reconcile reverting any manual scaling
**Release note**:
```release-note
Update version of Istio addon from 0.6.0 to 0.8.0.
See https://istio.io/about/notes/0.8.html for full Isto release notes.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CSI implementation of raw block volume support
**What this PR does / why we need it**:
This PR implements support for block volumes feature.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64722
**Special notes for your reviewer**:
**Release note**:
```release-note
Provides API support for external CSI storage drivers to support block volumes.
```
Automatic merge from submit-queue (batch tested with PRs 64749, 64797). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle deleted DaemonSet properly
**What this PR does / why we need it**:
After kubectl reapers are removed (#63979) and foreground deletion are used, DaemonSet controller may race with garbage collector when it tries to update DaemonSet status of the DaemonSet being deleted.
Here's what happened:
1. Someone/something performs a foreground deletion on a DaemonSet
1. DaemonSet finalizer and DeletionTimestamp are both set
1. DaemonSet history objects (ControllerRevisions) and pods are being deleted by garbage collector; meanwhile, DaemonSet controller tries to update DaemonSet status.
* Updating DaemonSet status requires constructing DaemonSet history objects, to figure out current revision and which pods do/don't belong to current revision
1. When updating DaemonSet status, DaemonSet controller tries to create a DaemonSet history object that matches current DaemonSet spec
1. Garbage collector then tries to delete that DaemonSet history object. And repeat.
Because we can't make DaemonSet pods be deleted before DaemonSet history objects (DaemonSet history objects don't own DaemonSet pods!), we cannot reliably calculate DaemonSet status without history objects anyways. Therefore, we don't update DaemonSet status for DaemonSet being deleted.
Note that the reason why the kubectl delete hack works is because it forces DaemonSet pods to be removed before history objects.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64313
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Don't match DNS versions to K8s versions
**What this PR does / why we need it**:
Some code in kubeadm was designed with the intent, that in the future CoreDNS
and kube-dns versions will match to specific K8s versions. This code is not
functional, since it does not perform any version matching. As of this moment,
no version matching is planned and a lot of boilerplate code is left useless.
The solution is simple - remove the unneeded parts to simplify the flow.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#870
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix kubectl -o
Fix kubectl -o error message:
Before this change:
```
kubectl get pods -o foo
error: unable to match a printer suitable for the output format "" and the options specified: &get.PrintFlags{JSONYamlPrintFlags:(*genericclioptions.JSONYamlPrintFlags)(0x23aa610), NamePrintFlags:(*genericclioptions.NamePrintFlags)(0xc42058b4e0), TemplateFlags:(*printers.KubeTemplatePrintFlags)(0xc4206765e0), CustomColumnsFlags:(*printers.CustomColumnsPrintFlags)(0xc420676620), HumanReadableFlags:(*get.HumanPrintFlags)(0xc4204eb180), NoHeaders:(*bool)(0xc4206fefbc), OutputFormat:(*string)(0xc42058b4d0)}
```
After this change:
```
Kubectl get pods -o foo
error: unable to match a printer suitable for the output format "foo", allowed formats are: json,yaml,name,template,go-template,go-template-file,templatefile,jsonpath,jsonpath-file,custom-columns-file,custom-columns,wide
```
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kubectl will list all allowed print formats when an invalid format is passed.
```
Some code in kubeadm was designed with the intent, that in the future CoreDNS
and kube-dns versions will match to specific K8s versions. This code is not
functional, since it does not perform any version matching. As of this moment,
no version matching is planned and a lot of boilerplate code is left useless.
The solution is simple - remove the unneeded parts to simplify the flow.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 63717, 64646, 64792, 64784, 64800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update cadvisor godeps to v0.30.0
**What this PR does / why we need it**:
cAdvisor godep update corresponding to 1.11
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63204
**Release note**:
```release-note
Use IONice to reduce IO priority of du and find
cAdvisor ContainerReference no longer contains Labels. Use ContainerSpec instead.
Fix a bug where cadvisor failed to discover a sub-cgroup that was created soon after the parent cgroup.
```
/sig node
/kind bug
/priority critical-urgent
/assign @dchen1107
Automatic merge from submit-queue (batch tested with PRs 63717, 64646, 64792, 64784, 64800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reconcile extended resource capacity after kubelet restart.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/64632
**Special notes for your reviewer**:
**Release note**:
```release-note
Kubelet will set extended resource capacity to zero after it restarts. If the extended resource is exported by a device plugin, its capacity will change to a valid value after the device plugin re-connects with the Kubelet. If the extended resource is exported by an external component through direct node status capacity patching, the component should repatch the field after kubelet becomes ready again. During the time gap, pods previously assigned with such resources may fail kubelet admission but their controller should create new pods in response to such failures.
```
Automatic merge from submit-queue (batch tested with PRs 63717, 64646, 64792, 64784, 64800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Upload CRISocket information in kubeadm init/join
**What this PR does / why we need it**:
As a side-effect, `kubeadm join` will become blocking on the kubelet doing the TLS bootstrap. This partially also fixes problems when users run `kubeadm join` and it returns successfully without anything happening as the kubelet is actually unhealthy. If that happens now `kubeadm join` will exit with a non-zero code.
What this PR does is it uploads the CRISocket information to the Node API object as a workaround until we have something like https://github.com/kubernetes/kubernetes/issues/64460 in place that will solve this problem for real. This way we won't lose the CRISocket information which we would otherwise do.
This can be used for `kubeadm upgrade` or `kubeadm reset` in future releases.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Depends on https://github.com/kubernetes/kubernetes/pull/64624
**Release note**:
```release-note
[action required] TODO
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote sysctl annotations to fields
#
**What this PR does / why we need it**:
Promoting experimental sysctl feature from annotations to API fields.
**Special notes for your reviewer**:
Following sysctl KEP: https://github.com/kubernetes/community/pull/2093
**Release note**:
```release-note
The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.
```
**TODO**:
* [x] - Promote sysctl annotation in Pod spec
* [x] - Promote sysctl annotation in PodSecuritySpec spec
* [x] - Feature gate the sysctl
* [x] - Promote from alpha to beta
* [x] - docs PR - https://github.com/kubernetes/website/pull/8804
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: When etcd is listening on all interfaces, set the etcd probe to use loopback
**What this PR does / why we need it**:
When constructing the etcd liveness probe, if the user passes an IPv4 or IPv6 address,
we set the `etcdctl` liveness probe to use the respective IPv4 or IPv6 loopback address for `--endpoints`.
The etcd probe is now always formatted with the https:// protocol and square brackets around the IP (required for IPv6 / compatible with IPv4).
`::1` is now also included in the etcd serving cert SAN by default.
/kind bug
/area kubeadm
/area etcd
/priority important-soon
/sig cluster-lifecycle
/assign @fabriziopandini
**Which issue(s) this PR fixes**
Fixes https://github.com/kubernetes/kubeadm/issues/882
**Special notes for your reviewer**:
```bash
root@vagrant:~# /vagrant/bin/882_kubeadm init --config /dev/stdin << EOF |& tail -n5
etcd:
extraArgs:
listen-client-urls: https://[::]:2379
EOF
I0603 19:52:15.666594 24743 tlsbootstrap.go:50] [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
I0603 19:52:15.671424 24743 tlsbootstrap.go:72] [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
I0603 19:52:15.674607 24743 tlsbootstrap.go:95] [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
I0603 19:52:15.677551 24743 clusterinfo.go:43] [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 listen
spec:
containers:
- command:
- etcd
- --listen-client-urls=https://[::]:2379
- --advertise-client-urls=https://127.0.0.1:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --client-cert-auth=true
- --data-dir=/var/lib/etcd
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 etcdctl
exec:
command:
- /bin/sh
- -ec
- ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
get foo
failureThreshold: 8
initialDelaySeconds: 15
```
**Release note**:
```release-note
kubeadm now configures the etcd liveness probe correctly when etcd is listening on all interfaces
```
Automatic merge from submit-queue (batch tested with PRs 64009, 64780, 64354, 64727, 63650). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Never clean backoff in job controller
**What this PR does / why we need it**:
In https://github.com/kubernetes/kubernetes/pull/60985 I've added a mechanism which allows immediate job status update, unfortunately that broke the backoff logic seriously. I'm sorry for that. I've changed the `immediate` mechanism so that it NEVER cleans the backoff, but for the cases when we want fast status update it uses a zero backoff.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62382
**Special notes for your reviewer**:
/assign @janetkuo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 64009, 64780, 64354, 64727, 63650). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Update cloud provider to use TPU v1 API
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
GCE: Update cloud provider to use TPU v1 API
```
/assign @vishh
/assign @cheftako
