Setting the client UserAgent makes it easier to identify vCenter sessions
used by the vSphere Cloud Provider. This is useful to remove sessions that
have leaked, such as when a VCP process goes away without calling Logout().
And to test that VCP properly re-authenticates when a session is removed.
Example use:
govc session.ls | grep kubernetes-cloudprovider | awk '{print $1}' | xargs -n1 govc session.rm
Automatic merge from submit-queue (batch tested with PRs 65882, 65896, 65755, 60549, 65927). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Avoid printing some service comments in iptables rules
According to some profiles, with large number of endpoints in the system, comments mentioning the service in appropriate iptables rules may be responsible for 40% of all iptables contents.
Given that ~70% of memory usage of kube-proxy seems to be because of generated iptables rules, the overall saving may be at the level of 30% or so.
OTOH, we sacrifise a bit understandability of iptables, but this PR only changes some of iptables that contribute to the most painful rules.
@thockin @danwinship @dcbw - thoughts?
Ref #65441
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve multi-authorizer errors
Fixes#52279
Includes an indication from the RBAC authorizer that it attempted to authorize the request. this reduces confusion when combined with a webhook authorizer that returns specific reasons for rejection
/sig auth
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: avoid read race during logout
**What this PR does / why we need it**:
The `go test -race` will sometimes detect a read race in the vSphere Cloud Provider logout function, causing tests to fail.
**Which issue(s) this PR fixes**:
Fixes#65696
**Special notes for your reviewer**:
The Client nil check was added in 6d1c4a3 , but there was not any
go test coverage of that code path until e22f9ca
**Release note**:
```release-note
none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove --cadvisor-port - has been deprecated since v1.10
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56523
**Special notes for your reviewer**:
- Deprecated in https://github.com/kubernetes/kubernetes/pull/59827 (v1.10)
- Disabled in https://github.com/kubernetes/kubernetes/pull/63881 (v1.11)
**Release note**:
```release-note
[action required] The formerly publicly-available cAdvisor web UI that the kubelet started using `--cadvisor-port` is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet.
```
Automatic merge from submit-queue (batch tested with PRs 65897, 65909, 65856, 65815). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
only need to ignore resources that match discovery conditions
GC and quota controllers ignore resources that are too expensive to manage. In kube this is only events. The incompatible resources should now be excluded on the basis of discovery. We should actually reflect that in the RESTStorage (done for GC for events) and discovery too.
@liggitt
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65838, 65837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
output which pods are a pvc in use when kubectl describe pvc is run
**What this PR does / why we need it**:
This PR implements a feature request to display the pods mounted to a PVC when `kubectl describe pvc` is ran. We need it since the only way to see which pods are bound to a PVC is by checking the volume mounts of each individual pod in the namespace.
Example Output:
```
$ kubectl get pods,pvc
NAME READY STATUS RESTARTS AGE
test-pod 1/1 Running 0 2h
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-pvc Bound pvc-718681dd-70cc-11e7-aa14-42010af00029 100Gi RWO us-east1-b 345d
```
```
$ kubectl describe pvc
Name: elasticsearch-data-elasticsearch-data-us-east1-b-0
Namespace: partners-production
StorageClass: us-east1-b
Status: Bound
Volume: pvc-718681dd-70cc-11e7-aa14-42010af00029
Labels: <none>
Annotations: <none>
Finalizers: [kubernetes.io/pvc-protection]
Capacity: 1Gi
Access Modes: RWO
Events: <none>
Mounted By: test-pod
```
Pods using the PVC are shown with the `Mounted By` field
**Which issue(s) this PR fixes**:
Closes#65233
**Special notes for your reviewer**:
**Release note**:
```release-note
Running `kubectl describe pvc` now shows which pods are mounted to the pvc being described with the `Mounted By` field
```
Automatic merge from submit-queue (batch tested with PRs 65838, 65837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix kubectl cluster-info bug
**What this PR does / why we need it**:
When api-server is not avaiable,` kubectl cluster-info `still prints information like: the cluster is running at ...
This patch fixes this bug
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes: #65817
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add cleanLegacyBindAddr
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65263
**Special notes for your reviewer**:
To fix the issue,
use `activeBindAddrs` map which represents ip address successfully bind to DefaultDummyDevice in the round of sync
use `currentBindAddrs` map which represents ip addresses bind to DefaultDummyDevice from the system
create a function `cleanLegacyBindAddr` to unbind address which is in `currentBindAddrs` map but not in `activeBindAddrs` map
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure storage account creation failure
**What this PR does / why we need it**:
fix azure storage account creation failure
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65845
**Special notes for your reviewer**:
This bug is due to azure-sdk-for-go API change introduced in v1.11:
fbe7db0e3f/services/storage/mgmt/2017-10-01/storage/models.go (L381-L382)
there is a new field `Kind` which is required, so any sdk upgrade from and old version would break the storage account creation since old code won't use `Kind`. I have filed an issue to azure-sdk-for-go: https://github.com/Azure/azure-sdk-for-go/issues/2182
**Release note**:
```
fix azure storage account creation failure
```
/kind bug
/sig azure
/assign @khenidak @feiskyer
cc @brendandburns
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
flatten nested lists for flatten in visitor
Lists which contain lists should themselves be flattened by a flatten call to the resource builder
@kubernetes/sig-cli-maintainers
@soltysh @juanvallejo
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add help description and examples to wait
**Release note**:
```release-note
NONE
```
Adds --help description and examples to the `wait` command.
cc @soltysh
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix `kubectl create priorityclass` failure bug
**What this PR does / why we need it**:
update` kubectl create priorityclass` command's api version.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65685
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean unused function in file pkg/volume/projected/projected.go
**What this PR does / why we need it**:
It was imported by https://github.com/kubernetes/kubernetes/pull/37237
And it is unusable at first place when it was imported
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update --template printer defaulting
**Release note**:
```release-note
NONE
```
Depends on https://github.com/kubernetes/kubernetes/pull/65711
The relevant commit for this PR is the last one (`
fix go-template defaulting for commands w default output format`)
cc @deads2k @soltysh
Automatic merge from submit-queue (batch tested with PRs 65715, 65786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fail on rbac resources of non-v1 versions in reconcile
Reconcile only supports rbac/v1 and other resources are skipped. This is good, except that only RBAC resources should really fail. This makes it fail.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65628, 65573). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
run test TestAttacherMountDevice in temp directory
This change fix two unit test:
1. After run command `make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherMountDevice$'`
There is a file leaked in work space:
pkg/volume/csi/vol_data.json
2. make test WHAT=k8s.io/kubernetes/pkg/volume/csi KUBE_TEST_ARGS='-run ^TestAttacherUnmountDevice$'
This test fails if it does not run along with TestAttacherMountDevice.
This change fix it.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add healthz check to ensure logging is not blocked
When running the apiserver/controllers in pods, we encountered a docker bug that blocked stdout/stderr (https://github.com/moby/moby/issues/31373)
That in turn blocked flushing logs, which in turn eventually blocked any goroutine that logs anything (which is pretty much all the important goroutines)
This adds a healthz check that logging is not blocked so that healthz indicates something is wrong
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65776, 64896). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: wait for all errors and successes on podEviction
**What this PR does / why we need it**: This fixes `kubectl drain` to wait until all errors and successes are processed, instead of returning the first error. It also tweaks the behavior of the cleanup to check to see if the pod is already terminating, and if it is to not reissue the pod terminate which leads to an error getting thrown. This fix will allow `kubectl drain` to complete successfully when a node is draining.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @sjenning
**Release note**:
```release-note
NONE
```
#### Reproduction steps
### sleep.yml
```yaml
apiVersion: v1
kind: Pod
metadata:
name: bash
spec:
containers:
- name: bash
image: bash
resources:
limits:
cpu: 500m
memory: 500Mi
command:
- bash
- -c
- "nothing() { sleep 1; } ; trap nothing 15 ; while true; do echo \"hello\"; sleep 10; done"
terminationGracePeriodSeconds: 3000
restartPolicy: Never
```
```
$ kubectl create ns testing
$ kubectl create -f sleep.yml
$ kubectl delete ns testing
$ kubectl drain 127.0.0.1 --force
```
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make template printers a recommended printer
WIP because it needs tests. Apparently there weren't any before.
@juanvallejo open a pull to this branch adding tests for commands that need `--template` support and I'll squash them in.
@liggitt since you think it's widespread, here's an option to make it "normal"
@kubernetes/sig-cli-maintainers
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improved logging message for checking if node is shutdown.
**What this PR does / why we need it**:
The previous error message was "Error getting data for node" which was too broad of a message and not very descriptive. This PR will update it to "Error checking if node is shutdown" so that it is more specific.
```release-note
NONE
```
Fixes defaulting done for commands that default to a specific output
format (such as yaml, json) when a --template flag is provided and no
explicit --output value is given.
Under the above case, these commands will now properly default to
honoring the --template argument given, and default their --output
format to "go-template".
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update priority admission to improve interoperability
Builds on https://github.com/kubernetes/kubernetes/pull/65722
Makes the following adjustments to the priority admission plugin:
* allows creation of pods to include an explicit priority field if it matches the computed priority (allows export/import cases to continue to work on the same cluster, between clusters that match priorityClass values, and between clusters where priority is unused and all pods get `priority:0`)
* preserves existing priority if a pod update does not include a priority value and the old pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value on create being preserved by the admission plugin on update)
This should avoid the failures revealed by the kubectl tests exercising the pod API without any awareness of the priority feature
/sig scheduling
/cc @bsalamat
```release-note
kube-apiserver: the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add lichuqiang as reviewer of persistentvolume controller (for volume scheduling)
Now that I've been working on the storage topology-aware feature for quite a time. Really hope that I can help do some review.
```release-note
NONE
```
/assign @msau42
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix 'kubectl cp' with no arguments causes a panic
**What this PR does / why we need it**:
/kind bug
"kubectl cp" with no arguments causes a panic
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65475
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix 'kubectl cp' with no arguments causes a panic
```
