Automatic merge from submit-queue (batch tested with PRs 49885, 49751, 49441, 49952, 49945)
Fix error format and info for get_test.go
**What this PR does / why we need it**:
Fix error format and info for get_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49885, 49751, 49441, 49952, 49945)
Ignore UDP metrics in kubelet
Updating cadvisor godeps to 0.26.0 for the 1.7 release (#46658) added udp metrics. However, they were not disabled in the kubelet.
This PR disables collection of UDP metrics in the kubelet.
This should be cherrypicked to the 1.7 branch.
cc @dchen1107
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
Add node e2e test for Docker's shared PID namespace
Ref: https://github.com/kubernetes/kubernetes/issues/42926
This PR adds a simple test for the shared PID namespace that's enabled when Docker is 1.13.1+.
/sig node
/area node-e2e
/assign @yujuhong
**Release note**:
```
None
```
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
Enable selfHosted feature flag
**What this PR does / why we need it**:
Enables feature gating for self-hosting on kubeadm
**Which issue this PR fixes**
Continuation of https://github.com/kubernetes/kubeadm/issues/323
**Release note**:
```release-note
Feature gates now determine whether a cluster is self-hosted. For more information, see the FeatureGates configuration flag.
```
/cc @luxas
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
AttachDisk should not call detach inside of Cinder volume provider
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
plugin/pkg/client/auth: add openstack auth provider
This is an implementation of auth provider for OpenStack world, just like python-openstackclient, we read the environment variables of a list `OS_*`, and client will cache a token to interact with each components, we can do the same here, the client side can cache a token locally at the first time, and rotate automatically when it expires.
This requires an implementation of token authenticator at server side, refer:
1. [made by me] https://github.com/kubernetes/kubernetes/pull/25536, I can carry this on when it is fine to go.
2. [made by @kfox1111] https://github.com/kubernetes/kubernetes/pull/25391
The reason why I want to add this is due to the `client-side` nature, it will be confusing to implement it downstream, we would like to add this support here, and customers can get `kubectl` like they usually do(`brew install kubernetes-cli`), and it will just work.
When this is done, we can deprecate the password keystone authenticator as the following reasons:
1. as mentioned at some other places, the `domain` is another parameters which should be provided.
2. in case the user supplies `apikey` and `secrets`, we might want to fill the `UserInfo` with the real name which is not implemented for now.
cc @erictune @liggitt
```
add openstack auth provider
```
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
convert default predicates to use the default
Builds on https://github.com/kubernetes/kubernetes/pull/50019 (lgtm'd already)
This converts the already default field selectors to use the default value. I'll let CI point out the unit test failures for me to chase.
@kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)
Fix storage tests for multizone test configuration.
**What this PR does / why we need it**:
This PR modifies "[sig-storage] Volumes PD should be mountable with (ext3|ext4)" tests to schedule pods in zone, where PD is created.
This is to make the test work in multizone environment.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)
Move the sig-instrumentation test to a dedicated folder
Move the last remaining test to sig-instrumentation folder, also move "metrics" package to the "framework" folder
Related issue: https://github.com/kubernetes/kubernetes/issues/49161
/cc @xiangpengzhao @piosz
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)
Modify e2e.go to arbitrarily pick one of zones we have nodes in for multizone tests.
**What this PR does / why we need it**:
When e2e runs in multizone configuration, zone config property can be empty.
This PR, in that case, overrides an empty value with arbitrarily chosen zone that we have nodes in.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 50091, 50231, 50238, 50236, 50243)
add fieldSelector podIP
**What this PR does / why we need it**:
Currently the `fieldSelector` for `Pod` only support `metadata.name`, `metadata.namespace`, `spec.nodeName`, `spec.restartPolicy` and `status.phase`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50075
**Special notes for your reviewer**:
/cc @wojtek-t @caesarxuchao @justinsb @LiliC
**Release note**:
```release-note
add fieldSelector podIP
```
Automatic merge from submit-queue
fix typo in replenishment_controller.go
**What this PR does / why we need it**:
fix typo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #N/A
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 49868, 50143, 49377, 50141, 50145)
Don't expect internal clientset to be generated for groups without ne…
…w types
Automatic merge from submit-queue (batch tested with PRs 49868, 50143, 49377, 50141, 50145)
Return Audit-Id http response header for trouble shooting
Users can use Audit-Id http response header to grep the audit events in log.
This provides a fast way to find the events in audit.
**Release note**:
```
Audit-Id HTTP header is included in the apiserver responses for audited requests, except some cases when it's not possible, e.g. pods/exec.
```
@sttts @tallclair
Automatic merge from submit-queue
Retry scheduling pods after errors more consistently in scheduler
**What this PR does / why we need it**:
This fixes 2 places in the scheduler where pods can get stuck in Pending forever. In both these places, errors happen and `sched.config.Error` is not called afterwards. This is a problem because `sched.config.Error` is responsible for requeuing pods to retry scheduling when there are issues (see [here](2540b333b2/plugin/pkg/scheduler/factory/factory.go (L958))), so if we don't call `sched.config.Error` then the pod will never get scheduled (unless the scheduler is restarted).
One of these (where it returns when `ForgetPod` fails instead of continuing and reporting an error) is a regression from [this refactor](https://github.com/kubernetes/kubernetes/commit/ecb962e6585#diff-67f2b61521299ca8d8687b0933bbfb19L234), and with the [old behavior](80f26fa8a8/plugin/pkg/scheduler/scheduler.go (L233-L237)) the error was reported correctly. As far as I can tell changing the error handling in that refactor wasn't intentional.
When AssumePod fails there's never been an error reported but I think adding this will help the scheduler recover when something goes wrong instead of letting pods possibly never get scheduled.
This will help prevent issues like https://github.com/kubernetes/kubernetes/issues/49314 in the future.
**Release note**:
```release-note
Fix incorrect retry logic in scheduler
```
Automatic merge from submit-queue (batch tested with PRs 49370, 49481)
continue Fix error format and info for get_test.go
**What this PR does / why we need it**:
continue fix the error info
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49441
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
Automatic merge from submit-queue (batch tested with PRs 49370, 49481)
client-gen: stop embedding of GroupVersion client intfs
It is undefined (or at least uncontrollable) which methods of the clientset apigroup
interfaces are actually inherited. Moreover, there might be nameconflicts between the
accessors and inherited methods. This PR removes the embedding to make it unambiguous.
```release-note
Enforce explicit references to API group client interfaces in clientsets to avoid ambiguity.
```
Automatic merge from submit-queue
Delete unuse err check
**What this PR does / why we need it**:
err has fatal, this err check can't execute.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
thank you ~
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix a bug that --flag=val causes completion error in zsh
**What this PR does / why we need it**:
This PR fixes a bug that flag of syntax like --flag=val causes completion error in zsh.
```
kubectl --namespace=foo g__handle_flag:25: bad math expression: operand expected at end of string
```
This problem is due to [dynamic scope](https://en.wikipedia.org/wiki/Scope_(computer_science)#Dynamic_scoping) of shell variables. If a variable is declared as local to a function, that scope remains until the function returns.
In kubectl completion zsh, `declare -A flaghash` in __start_kubectl() is replaced with `__kubectl_declare -A flaghash` by __kubectl_convert_bash_to_zsh(). As a result of it, flaghash is declared in __kubectl_declare(), and it can not access to flaghash declared in __kubectl_declare() from __handle_flag(). Therefore an error occurs in __handle_flag().
The following is the minimum reproduction code.
```sh
#!/usr/bin/env zsh
set -e
__kubectl_declare() {
builtin declare "$@"
}
__handle_flag() {
local flagname="--namespace="
local flagval="kube-system"
flaghash[${flagname}]=${flagval}
echo "flaghash[${flagname}]=${flaghash[${flagname}]}"
}
__handle_word() {
__handle_flag
}
__start_kubectl() {
__kubectl_declare -A flaghash
__handle_word
}
__start_kubectl
#
# $ zsh reproduction.zsh
# __handle_flag:4: bad math expression: operand expected at end of string
#
# __start_kubectl {
#
# __kubectl_declare {
#
# builtin declare -A flaghash
#
# }
#
# __handle_word {
#
# __handle_flag {
#
# # It is unable to access flaghash declared in __kubectl_declare from here
# flaghash[${flagname}]=${flagval}
#
# }
#
# }
# }
```
The following is the fixed code.
```sh
#!/usr/bin/env zsh
set -e
__handle_flag() {
local flagname="--namespace="
local flagval="kube-system"
flaghash[${flagname}]=${flagval}
echo "flaghash[${flagname}]=${flaghash[${flagname}]}"
}
__handle_word() {
__handle_flag
}
__start_kubectl() {
builtin declare -A flaghash
__handle_word
}
__start_kubectl
#
# $ zsh fixed.zsh
# flaghash[--namespace=]=kube-system
#
# __start_kubectl {
#
# builtin declare -A flaghash
#
# __handle_word {
#
# __handle_flag {
#
# # It is able to access flaghash declared in __start_kubectl from here :)
# flaghash[${flagname}]=${flagval}
#
# }
#
# }
# }
```
https://gist.github.com/superbrothers/0ede4292f6d973f93e54368e227a4902
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixeskubernetes/kubectl#42
**Special notes for your reviewer**:
@mengqiy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Display healthcheck nodeport and other fields in describe service
**What this PR does / why we need it**:
Some fields such as `HealthCheckNodePort` are not displayed currently. This PR fixes it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Update: found this when tracing #49999
**Special notes for your reviewer**:
/sig cli network
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49855, 49915)
Let controllers ignore initialization timeout when creating pods
Partially address https://github.com/kubernetes/kubernetes/issues/48893#issuecomment-318540129.
This only updates the controllers that create pods with `GenerateName`.
The controllers ignore the timeout error when creating the pods, depending on how the initialization progress:
* If the initialization is successful in less than 5 mins, the controller will observe the creation via the informer. All is good.
* If the initialization fails, server will delete the pod, but the controller won't receive any event. The controller will not create new pod until the Creation expectation expires in 5 min.
* If the initialization takes too long (> 5 mins), the Creation expectation expires and the controller will create extra pods.
I'll send follow-up PRs to fix the latter two cases, e.g., by refactoring the sharedInformer.
Automatic merge from submit-queue
kubeadm: Implementing the kubeconfig phase fully
**What this PR does / why we need it:**
This contains implementation of kubeconfig phases in kubeadm, which is part of the wider effort of implementing phases in kubeadm, previously in alpha stage.
The original proposal for this activity can be found [here](https://github.com/kubernetes/kubeadm/pull/156/files) and related comments.
Kubeadm phase implementation checklist is defined [here](https://github.com/kubernetes/kubeadm/issues/267)
Common implementation guidelines and principles for all phases are defined [here](https://docs.google.com/document/d/1VQMyFIVMfRGQPP3oCUpfjiWtOr3pLxp4g7cP-hXQFXc/edit?usp=sharing)
This PR implements:
- [x] kubeadm phase kubeconfig
- [x] kubeadm phase kubeconfig all
- [x] kubeadm phase kubeconfig admin
- [x] kubeadm phase kubeconfig kubelet
- [x] kubeadm phase kubeconfig scheduler
- [x] kubeadm phase kubeconfig controller-manager
- [x] kubeadm phase kubeconfig user
**Which issue this PR fixes:**
https://github.com/kubernetes/kubeadm/issues/350
**Special notes for your reviewer:**
This PR implements the second phases of kubeadm init; implementation of this PR follow the same approach already used for #48196 (cert phases).
Please note that:
- the API - phase\kubeconfig.go - is now totally free by any UX concerns, and implements only the core logic for kubeconfig generation.
- the UX - cmd\phase\kubeconfig.go - now takes charge of UX commands and kubeadm own's rules for kubeconfig files in /etc/kubernetes folder (e.g. create only if not already exists)
- The PR includes also a fix for a regression on a unit test for phase certs introduced by #48594 and few minor code changes in phase certs introduced to avoid code duplication between the two phases.
Automatic merge from submit-queue
Fix typo in test/images/port-forward-tester/Makefile
**What this PR does / why we need it**: the image build fails due to this typo:
```console
$ make WHAT=port-forward-tester
./image-util.sh build port-forward-tester
Building image for port-forward-tester ARCH: ppc64le...
make[1]: Entering directory '[home]/src/k8s.io/kubernetes/test/images/port-forward-tester'
../image-util.sh bin
../image-util.sh: line 22: $2: unbound variable
```
Images already pushed.
**Release note**:
```release-note
NONE
```
/approve no-issue
/assign @mkumatag
Automatic merge from submit-queue (batch tested with PRs 49805, 50052)
remove the temporary file to make the hyperkube image smaller
Remove the temporary file after apt-get install to make the hyperkube image smaller.
Automatic merge from submit-queue (batch tested with PRs 49805, 50052)
We never want to modify the globally defined SG for ELBs
**What this PR does / why we need it**:
Fixes a bug where creating or updating an ELB will modify a globally defined security group
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50105
**Special notes for your reviewer**:
**Release note**:
```release-note
fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group.
```
