Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve e2e tests of audit logging.
Now test includes:
* Verbs: create, list, watch, delete, get, update, patch.
* Resources: pods, deployments, secrets, config maps, custom resource
definition.
* More fields: user, resource, level, stage, presence of request and
response objects.
Fixes#49653
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update comments in pkg/kubeapiserver/authenticator/config.go
**What this PR does / why we need it**:
Make the comments consistent with the function signatures
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE kube-up] Allow creating/deleting custom network
**What this PR does / why we need it**:
From https://github.com/kubernetes/test-infra/issues/4472.
This is the first step to make PR jobs use custom network instead of auto network (so that we will be less likely hitting subnetwork quota issue).
The last commit is purely for testing out the changes on PR jobs. It will be removed after review.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE.
**Special notes for your reviewer**:
/assign @bowei @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53606, 49361). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Release NodePorts at the end of test cases
**What this PR does / why we need it**:
#49098 reported a flake of HealthCheck NodePort leak and #49099 fixed it. I don't know why I forgot to check other Node Ports in the test cases. Though I haven't encountered such flake yet, it'd be good to release those Node Ports at the end of test cases to avoid flake.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49548
Thanks @kargakis for reporting #49548!
**Special notes for your reviewer**:
/cc @deads2k @freehan
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53606, 49361). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add ApproximatePodTemplateForObject factory method
Makes it possible to get at a pod spec template even if an object is scaled to zero, for use with commands that care about pod templates.
**Release note**:
```release-note
NONE
```
Related downstream patch and use-case: https://github.com/openshift/origin/pull/16379
cc @smarterclayton
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support autoprobing node-security-group for openstack cloud provider
1. Support autoprobing node-security-group
2. Support multiple Security Groups for cluster's nodes
3. Fix recreating Security Group for cluster's nodes
This is a part of #50726
**Special notes for your reviewer**:
/assign @anguslees
/assign @dims
**Release note**:
```release-note
Support autoprobing node-security-group for openstack cloud provider, Support multiple Security Groups for cluster's nodes.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add feature gate for allocatable disk eviction
Issue: #52336
This PR adds the local storage feature gate to local storage allocatable eviction.
cc @kubernetes/sig-node-bugs
/assign @jingxu97 @dchen1107
we should target this for 1.7 if possible.
```release-note
fix a bug where disk pressure could trigger prematurely
```
We were exiting at the first mismatched index, but we want to collect
the diffs for all children. Also, we were assuming diffs existed which
was not always true (and was due to other bugs that we weren't catching
before).
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet/cm: remove unneeded fork of 'cat'
Reading a file in Go is perfectly possible without invoking cat.
I also removed an outdated comment.
This is meant to be a trivial/minor code cleanup, nothing more.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53668, 53624, 52639, 53581, 51215). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
preserve specified destination path
**Release note**:
```release-note
"kubectl cp" updated to honor destination names
```
**Before**
```
$ kubectl cp foo_dir pod_name:/tmp/bar_dir
$ kubectl exec pod_name -it -- /bin/sh
sh-4.2$
sh-4.2$ ls /tmp
sh-4.2$ foo_dir
```
**After**
```
$ kubectl cp foo_dir pod_name:/tmp/bar_dir
$ kubectl exec pod_name -it -- /bin/sh
sh-4.2$
sh-4.2$ ls /tmp
sh-4.2$ bar_dir
```
**Notable changes to `kubectl cp` After This Patch**
- Copying a directory `bar_dir` to an existing directory in the pod will copy the directory itself, rather than just the file contents:
```bash
*Before*
> remote-pod-shell$ ls /tmp
existing_remote_dir
$ kubectl cp ./my/local/awesome_dir mypod:/tmp/existing_remote_dir
> remote-pod-shell$ ls /tmp
existing_remote_dir
awesome_dir
```
```bash
*After*
> remote-pod-shell$ ls /tmp
existing_remote_dir
$ kubectl cp ./my/local/awesome_dir mypod:/tmp/existing_remote_dir
> remote-pod-shell$ ls /tmp
existing_remote_dir
> remote-pod-shell$ ls /tmp/existing_remote_dir
awesome_dir
```
```
*Before*: Directory contents were merged if a local and remote directory shared the same name
*After*: A new name will be honored for the copied local directory on the remote pod.
If a new name was not specified for the local directory being copied, and it shares the
same name as an already-existing directory on the pod, current behavior will follow and
its contents will be added to those of the already-existing directory.
```
```
*Before*: If a trailing slash (e.g. kubectl cp ./local/dir pod:/tmp) was not added to a directory
name in the destination path (...:/tmp vs /tmp/...), when copying to a pod, `kubectl`
would attempt to copy the local directory under the parent of the remote directory
rather than inside of it.
*After*: Slashes do not alter the behavior of the command, or destination of the intended
source file or directory. With a command such as (kubectl cp ./local_dir pod:/tmp),
`local_dir` would be copied inside of <pod:/tmp> (an error is returned if pod:/tmp is
a file).
```
Related downstream bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1469411
@fabianofranz @kubernetes/sig-cli-misc
Automatic merge from submit-queue (batch tested with PRs 53668, 53624, 52639, 53581, 51215). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add extra log and node env metadata support.
This PR:
1) Make log collection logic extensible via flags, so that we could collect more daemon logs in this PR. (e.g. `containerd.log` and `cri-containerd.log`)
2) Add extra node metadata from specified environment variable. (e.g. `PULL_REFS` in prow).
@krzyzacy I'll change the test-infra side soon. Let's discuss whether we should move/copy this code to test infra in your refactoring.
/cc @dchen1107 @yujuhong @abhi @mikebrow
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53668, 53624, 52639, 53581, 51215). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update sample of sample-apiserver
**What this PR does / why we need it**:
Update the yaml files of sample-apiserver
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53668, 53624, 52639, 53581, 51215). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Local e2e test fixes
**What this PR does / why we need it**:
1. Remove tests using TestContainerOutput because they don't wait for unmount
2. Fix scheduling error test to handle updated event msgs.
@kubernetes/sig-storage-pr-reviews
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53597
**Release note**:
NONE
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump kube-dns version used in e2e
**What this PR does / why we need it**: Updates the version of kube-dns used in the e2e network tests.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: ref #53153
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
1. release-in-a-container - Like 'make release' but in a container.
2. cross-in-a-container - Like 'make cross' but in a container.
3. package-tarballs - (NEW) To package tarballs with a docker dependency
'release-in-a-container' is currently only for testing and is not slated to
be used, but may be useful for testing in some scenarios.
'cross-in-a-container' is meant to be run from the kube-cross image alone.
'package-tarballs' is a companion target that runs from a docker image
to package up the tarballs and images (from cross-in-a-container) for a release.
Automatic merge from submit-queue (batch tested with PRs 53204, 53364, 53559, 53589, 53088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Mulligan: Remove deprecated and experimental fields from KubeletConfiguration
Revert "Merge pull request #51857 from kubernetes/revert-51307-kc-type-refactor"
This reverts commit 9d27d92420, reversing
changes made to 2e69d4e625.
See original: #51307
We punted this from 1.8 so it could go through an API review. The point
of this PR is that we are trying to stabilize the kubeletconfig API so
that we can move it out of alpha, and unblock features like Dynamic
Kubelet Config, Kubelet loading its initial config from a file instead
of flags, kubeadm and other install tools having a versioned API to rely
on, etc.
We shouldn't rev the version without both removing all the deprecated
junk from the KubeletConfiguration struct, and without (at least
temporarily) removing all of the fields that have "Experimental" in
their names. It wouldn't make sense to lock in to deprecated fields.
"Experimental" fields can be audited on a 1-by-1 basis after this PR,
and if found to be stable (or sufficiently alpha-gated), can be restored
to the KubeletConfiguration without the "Experimental" prefix.
Related issue: https://github.com/kubernetes/kubernetes/issues/53084
**Release note**:
```release-note
NONE
```
/cc @kubernetes/api-reviewers
Automatic merge from submit-queue (batch tested with PRs 53204, 53364, 53559, 53589, 53088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/api: move *_test.go -> pkg/api/testing
Cleaning up pkg/api, one little step towards pkg/apis/core.
Automatic merge from submit-queue (batch tested with PRs 53204, 53364, 53559, 53589, 53088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Strip tokens from `kubeadm-config` config map
**What this PR does / why we need it**:
When kubeadm 1.8 create a cluster stores a `kubeadm-config` config map with all the info used for initialising the cluster.
This PR removes the kubeadm join token - which is a sensitive information - from this config map.
**Which issue this PR fixes**
[#485](https://github.com/kubernetes/kubeadm/issues/485)
**Special notes for your reviewer**:
This fixes all the subcommands that touch `kubeadm-config` config map, namely:
- kubeadm init
- kubeadm config upload
- kubeadm upgrade
```release-note
kubeadm: Strip bootstrap tokens from the `kubeadm-config` ConfigMap
```
Automatic merge from submit-queue (batch tested with PRs 53204, 53364, 53559, 53589, 53088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cmd: kubectl: remove golint_failures entry
**What this PR does / why we need it**:
`.golint_failures` currently has an entry for `cmd/kubectl/app`. We can lint this package and remove the entry. There is only one `golint` warning; comment on exported function Run should be of the form "Run..."
Fix documentation comment and remove `cmd/kubectl/app` from `.golint_failures`.
**Release note**:
```release-note
NONE
```
/sig cli
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 53204, 53364, 53559, 53589, 53088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
New version number for kubeadm constants.go
**What this PR does / why we need it**:
In kubeadm v1.9 the minimum kubelet & API Server version will be v1.8.0.
```release-note
NONE
```
