Automatic merge from submit-queue (batch tested with PRs 61010, 61315, 62268). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix some shadow declaration in cmd package
**What this PR does / why we need it**:
There are some shadow declaration variables used in cmd package.
Release note:
```
NONE
```
Signed-off-by: Lei Gong <lgong@alauda.io>
Automatic merge from submit-queue (batch tested with PRs 61010, 61315, 62268). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make use of clientretry.RetryOnConflict in route controller
**What this PR does / why we need it**:
use the common clientretry.RetryOnConflict instead of ` for i := 0; i < updateNodeStatusMaxRetries; i++ {`
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61010, 61315, 62268). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added test to check object size to the api-server
**What this PR does / why we need it**:
**Which issue(s) this PR fixes**
Helps #47668
**Special notes for your reviewer**:
So incase of `labels` there is a validation of specific label values to be `<63 characters` [here](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go#L89)
But no upper limit on the total size of all labels combined.
So I noticed the following errors while changing the sizes :
a) request size > 1MB `etcdserver: request is too large`
b) request size > 2MB `rpc error: code = ResourceExhausted desc = grpc: trying to send message larger than max `
I have added tests to check for the same, let me know your thoughts.
@sttts @lavalamp @nikhita
**Edit 1 :** Incase of both `labels` and `finalizers` there is no limit on overall object.
`finalizers` too have an upper limit of `253` for each value [here](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go#L136) but no validation on the whole string array size
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create container name after dropped ":" and "@" both separately
When image has ":" after "@", kubectl create deployment fails due to
invalid container name.
This patch changes to create the container name after drooping ":" and
"@" both separately.
Fixes https://github.com/kubernetes/kubernetes/issues/62252
```release-note
NONE
```
When image has ":" after "@", kubectl create deployment fails due to
invalid container name.
This patch changes to create the container name after drooping ":" and
"@" both separately.
Automatic merge from submit-queue (batch tested with PRs 62250, 62251). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix wrong error type when formatting
**What this PR does / why we need it**:
it should be `%v` not `%d`
**Release note**:
NONE
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fully resolve tmpdir in verify-bazel.sh, since it might be a symlink on macOS
**What this PR does / why we need it**: Apparently the system tmpdir is inside a symlink on macOS, which confuses gazelle's symlink logic. By resolving this symlink to the absolute path, we can avoid the issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61986
**Release note**:
```release-note
NONE
```
/assign @cblecker
cc @patrikerdes
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix externaltrafficpolicy=local related ipvs ci case
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61328
**Special notes for your reviewer**:
To realize externalTrafficPolicy=local, but do not affect traffic inside the cluster.
If thie pr got merged, the iptables rules of ipvs proxy mode ESIPP should be like(for loadbalance case):
```
Chain KUBE-FIRE-WALL (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LB-INGRESS-LOCAL dst,dst
KUBE-MARK-MASQ all -- 0.0.0.0/0 0.0.0.0/0 /* mark MASQ for external traffic policy not local */
Chain KUBE-MARK-DROP (0 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000
Chain KUBE-MARK-MASQ (3 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000
Chain KUBE-NODE-PORT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-NODE-PORT-LOCAL-TCP dst
KUBE-MARK-MASQ all -- 0.0.0.0/0 0.0.0.0/0 /* mark MASQ for external traffic policy not local */
Chain KUBE-POSTROUTING (0 references)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOOP-BACK dst,dst,src
Chain KUBE-SERVICES (2 references)
target prot opt source destination
KUBE-MARK-MASQ all -- !10.64.0.0/14 0.0.0.0/0 match-set KUBE-CLUSTER-IP dst,dst
KUBE-FIRE-WALL all -- 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER-MASQ dst,dst
KUBE-NODE-PORT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp match-set KUBE-NODE-PORT-TCP dst
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60900, 62215, 62196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove need for server connections for dry-run create
when running create commands in --dry-run mode, we don't need a server connection or restmapper information
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60900, 62215, 62196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix create job usage
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes the issue mentioned by @MrBlaise in https://github.com/kubernetes/kubernetes/pull/60084#issuecomment-378505504
/assign @juanvallejo
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62231, 44495, 62199). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make priority rest mapper handle partial discovery results
If the delegate restmapper returns partial results, let the priority restmapper find a prioritized entry and propagate the original error
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61183, 58807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add RBAC information to audit logs
Depends on: https://github.com/kubernetes/kubernetes/pull/58806
**Release note**:
```release-note
RBAC information is included in audit logs via audit.Event annotations:
authorization.k8s.io/decision = {allow, forbid}
authorization.k8s.io/reason = human-readable reason for the decision
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Node status be more verbose
**What this PR does / why we need it**:
Improve logging ability of node status so it is easier to debug update of a node status
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add documentation around build reproducibility and SOURCE_DATE_EPOCH
**What this PR does / why we need it**: makes some of our notes about reproducibility a bit more discoverable.
**Release note**:
```release-note
NONE
```
/assign @BenTheElder
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update build documentation about memory required to build Kubernetes on osx to 4.5G
**What this PR does / why we need it**:
To build Kubernetes on osx you now need at least 4.5G of memory configured for Docker.
**Which issue(s) this PR fixes**:
Fixes#62218
**Special notes for your reviewer**:
On an osx I experimented configuring Docker at 0.5GB memory increments. I found that I was unable to successfully build Kubernetes (`make quick-release`) on osx when I configured Docker with 4GB of memory. I was able to build kubernetes after configuring 4.5GB.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62208, 62114, 62144, 60460, 62214). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get namespace and selectors for attach and logs in a common function
**Special notes for your reviewer**:
I've squashed the two places we need to update to be able to get selector and namespace for resource when getting logs or attaching to it.
/assign @juanvallejo @deads2k
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62208, 62114, 62144, 60460, 62214). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't require release tars on kube-down
Fixes#41369
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62208, 62114, 62144, 60460, 62214). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
removes job scaler, continued
Builds on https://github.com/kubernetes/kubernetes/pull/61912 (original commit is there for credit/blame)
This keeps all the updates to the scaler building and all the test and reaper cleanup. It just keeps a fake job scaler around for a different command path and the reaper.
/assign @p0lyn0mial
/assign @soltysh
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62208, 62114, 62144, 60460, 62214). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unreleased tag to http2 test
**What this PR does / why we need it**:
[HTTP2](https://github.com/kubernetes/ingress-gce/pull/146) isn't yet in an Ingress release. Add Unreleased label to disable this test for gci-gke-ingress until Ingress gets a new release.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes restartKubelet in test/e2e_node failure.
Looks like there is some recent change on how we start kubelet service
in test_e2e_node. Fixes restartKubelet() to get right kubelet service
name to cope with the change.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubelet-serial-gce-e2e test failure:
https://k8s-testgrid.appspot.com/wg-resource-management#kubelet-serial-gce-e2e
Thanks a lot to @mindprince for noticing this!
**Special notes for your reviewer**:
**Release note**:
```release-note
```