Automatic merge from submit-queue (batch tested with PRs 45013, 45166)
CRI: remove PodSandboxStatus.Linux.Namespaces.Network
**What this PR does / why we need it**:
PodSandboxStatus.Linux.Namespaces.Network is not used, so this PR removes it from CRI.
**Which issue this PR fixes**
Closes: #44972
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove PodSandboxStatus.Linux.Namespaces.Network from CRI.
```
/assign @Random-Liu @yujuhong
Automatic merge from submit-queue
Add cinder volume examples
I can not find cinder examples,add in packages examples/volume and examples/persistent-volume-provisioning
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
kubelet/get-pods-from-path: correct description of implemention
**What this PR does / why we need it**:
I find this description does not follow the current implementation, it should be describe like this according to my understanding of the source code.
Automatic merge from submit-queue (batch tested with PRs 45219, 45246)
Fixed misspelled http URL in the cluster-dns example
**What this PR does / why we need it**:
Fixes wrong http URL in the examples/cluster-dns.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
none
**Release note**:
none
Automatic merge from submit-queue
Fix golint verify error
I don't know why CI pass the hack/verify-golint.sh test.
But in my environment I get this:
> staging/src/k8s.io/client-go/util/workqueue/queue_test.go is in package workqueue_test, not workqueue
Errors from golint:
test/integration/apiserver/apiserver_test.go:102:13: should omit type string from declaration of var cascDel; it will be inferred from the right-hand side
Please fix the above errors. You can test via "golint" and commit the result.
!!! Error in hack/verify-golint.sh:98
Error in hack/verify-golint.sh:98. 'false' exited with status 1
Call stack:
1: hack/verify-golint.sh:98 main(...)
Exiting with status 1
This change fix this err in my environment.
**Release note**:
```NONE
```
Automatic merge from submit-queue
CHANGELOG.md: update outdated link
I am not sure that if the file was generated automatically.
But I find some links were outdated.
Release note:
NONE
Automatic merge from submit-queue (batch tested with PRs 45120, 45243)
skip integration test when run make bazel-test
we should opt for a seperate target for integration tests. This is breaking @deads2k who is trying to add an integration test in staging.
Automatic merge from submit-queue
Also upload debs to bin/$OS/$ARCH
**What this PR does / why we need it**: the bazel-built debs are used by the kubeadm e2e tests, so upload them too.
https://github.com/kubernetes/kubernetes/pull/44591#issuecomment-298084453
/assign @pipejakob
/cc @mikedanese @spxtr
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45125, 45242)
skip procfs-dependent metrics test if not on linux
**What this PR does / why we need it**: #40774 removed build tags on integration tests, which uncovered the fact that a test in `test/integration/metrics` relies on `procfs`. This PR follows the convention used in `pkg/util/procfs` to gate the test on `runtime.GOOS`
**Release note**:
```release-note
NONE
```
/cc @kubernetes/sig-testing-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 45125, 45242)
Update labels.yaml with sig labels
**What this PR does / why we need it**: Updates labels.yaml to reflect the state of labels in this repo. Consumed by https://github.com/kubernetes/test-infra/blob/master/mungegithub/mungers/check-labels.go to ensure these labels continue to exist.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45239, 45230)
Create a single CA for both client and server certs
**What this PR does / why we need it**:
The following test:
"Certificates API [It] should support building a client with a CSR"
fails with local-up-cluster, but works in the existing CI jobs. This
is because the other CI jobs use a single CA cert while local-up-cluster
can use 2 different sets of CA(s). We need a way to mimic the other
CI jobs (or alternatively change everything to have separate CA's). Just
updating local-up-cluster with a flag seems to be the easy route.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45239, 45230)
Update bazel build to dockerize cloud-controller-manager
**What this PR does / why we need it**: followup to #45154. Also added a comment so that hopefully this sort of followup isn't needed again. :)
**Release note**:
```release-note
NONE
```
/assign @mikedanese @luxas
Automatic merge from submit-queue (batch tested with PRs 40544, 44338, 45225)
[Federation]Update event type
Use EventTypeWarning instead of EventTypeNormal when get failure
Left behind after pr #40296
Automatic merge from submit-queue (batch tested with PRs 40544, 44338, 45225)
Use ObjectGetter Interface instead of clientset.Interface for leaderelection pkg
**What this PR does / why we need it**:
We plan to reuse leaderelection pkg to add leader election function to federation controller manager, but the current implementation uses kubernetes clientset.Interface and federation clientset does not satisfy all the interface methods. It would be better if the leaderelection package use rest.Interface which is also supported by federation clientset.
This pr is to refactor leaderelection pkg to use rest.Interface instead of clientset.Interface
**Special notes for your reviewer**:
This is a sub-task of bigger work to add leader election to federation controller manager as documented in #44283
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Fixes broken link in PodSpec
The PodSpec reference to NodeSelector misses
the `.md` extension in the file.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 45227, 43003, 45231)
kubeadm: move preflight kubelet check
**What this PR does / why we need it**: If you passed the `--skip-preflight-checks` to kubeadm, it would still try to start up the kubelet, which is part of preflight checks. This was causing issues for test-cmds. Now, passing `--skip-preflight-checks` will skip over the kubelet check.
**Special notes for your reviewer**: /cc @luxas @deads2k
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45227, 43003, 45231)
separate discovery from the apiserver
This decouples the API discovery handlers from the core API server code. It separates the code into a new package and clarifies interfaces with existing TPR code.
@kubernetes/sig-api-machinery-pr-reviews
The following test:
"Certificates API [It] should support building a client with a CSR"
fails with local-up-cluster, but works in the existing CI jobs. This
is because the other CI jobs use a single CA cert while local-up-cluster
can use 2 different sets of CA(s). We need a way to mimic the other
CI jobs (or alternatively change everything to have separate CA's). Just
updating local-up-cluster with a flag seems to be the easy route.
Automatic merge from submit-queue (batch tested with PRs 45100, 45152, 42513, 44796, 45222)
apiserver: split endpoint tests from client-go
Use the example apigroup and create its own scheme.
Fixes https://github.com/kubernetes/kubernetes/issues/45209.
Automatic merge from submit-queue (batch tested with PRs 45100, 45152, 42513, 44796, 45222)
[Federation] Generate the secret name in kubefed join.
Addresses part of #42324. A follow-up PR will address annotating Federation resources.
```release-note
Remove the `--secret-name` flag from `kubefed join`, instead generating the secret name arbitrarily.
```
Automatic merge from submit-queue (batch tested with PRs 45100, 45152, 42513, 44796, 45222)
Added InterPodAffinity unit test case with Namespace.
**What this PR does / why we need it**:
Added InterPodAffinity unit test case with Namespace: unit test case for #45098
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # N/A
**Release note**:
```release-note-none
```
Automatic merge from submit-queue
Remove GetClientsetForCluster()
The newClusterClientset() has insteaded of GetClientsetForCluster(),
and GetClientsetForCluster() run wrong. Let's remove it.
Automatic merge from submit-queue
Use munged semantic version for side-loaded docker tag
**What this PR does / why we need it**: rather than using the md5sum of the dockerized binary for each side-loaded docker image, use the semantic version (with `+`s replaced with `_`s) for the side-loaded docker images.
The use of the md5sum for the docker tag dates to #6326 2 years ago. I'm not sure why that was chosen, short of it being fairly unique.
My main motivation for changing this is that it makes building the docker images using Bazel's docker rules easier, since the semantic version doesn't depend on the build output.
An added benefit is that the list of images on a running kubernetes cluster is also more straightfoward; rather than a list of opaque, meaningless hexadecimal strings, you get something that indicates the provenance of the image. It'd also be clearer that all of the images came from the same build.
I was able to start a cluster with this change on GCE using both `make quick-release` and `make bazel-release`.
Note that this change has no effect on the tag that's pushed to gcr.io during releases; that's still controlled via `KUBE_IMAGE_DOCKER_TAG`, though we may want to merge this functionality at some point.
@kubernetes/sig-node-pr-reviews is there any reason to stick with using the md5sum strategy? @dchen1107 do you remember why we went with md5sums originally?
cc @spxtr @mikedanese
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 45077, 45180, 34727, 45079, 45177)
Allow specifying cluster signing ca/key
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 45077, 45180, 34727, 45079, 45177)
Move federated ingress e2e tests that don't pass to serial suite to avoid running it in presubmits.
This is due to a bug described here: https://github.com/kubernetes/ingress/issues/645.
Federated Ingress e2es fail when there is a high load which is pretty common in the presubmit environment when the PR activity is high. So we are disabling these tests to unblock federation presubmits.
**Release note**:
```release-note
NONE
```
/assign @csbell
cc @kubernetes/sig-federation-pr-reviews @nicksardo
Automatic merge from submit-queue (batch tested with PRs 45077, 45180, 34727, 45079, 45177)
Refactor kube-proxy configuration
This is a proof of concept refactoring of the configuration and startup of kube-proxy. Most flags have been removed and replaced by a single config file, specified by `--config`. This is in regards to the component configuration improvement suggestions listed in #32215.
Also during this effort, I discovered that Hyperkube is roughly reimplementing portions of cobra, and that the current cobra command definitions are solely used to generated docs and man pages. I would like to move the individual commands as well as Hyperkube to using cobra, but that is a separate issue and discussion.
cc @mikedanese @liggitt @deads2k @eparis @sttts @smarterclayton @dgoodwin @timothysc
