Automatic merge from submit-queue (batch tested with PRs 43022, 43078)
Dumb typo in kubeadm instructions
I typo'd chown as chmod in kubeadm instructions. Ugh.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42802, 42927, 42669, 42988, 43012)
[Federation] Fix flakey ingress unit test
The unit test for the ingress controller was previously adding a cluster twice, which resulted in a cluster being deleted and added back. The deletion was racing the controller shutdown to close
informer channels, sometimes resulting in closing an already closed channel. This change ensures that the federated informer clears its map of informers when ``Stop()`` is called to insure against a double close, and fixes the test to no longer add the cluster twice.
Targets #43009
cc: @csbell @kubernetes/sig-federation-bugs
Automatic merge from submit-queue (batch tested with PRs 42802, 42927, 42669, 42988, 43012)
Update Cluster Autoscaler entrypoint
**What this PR does / why we need it**:
Update Cluster Autoscaler manifest file to use new shell wrapper instead of directly calling CA binary (the wrapper is already included in current CA image).
Add params to improve logging.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 42802, 42927, 42669, 42988, 43012)
update to latest version of coreos/go-oidc
Includes updates that enable OIDC with OKTA as a IDP
**What this PR does / why we need it**:
Updates to the latest version of coreos/go-oidc
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # TBD
**Special notes for your reviewer**:
Updates coreos/go-oidc module to include fixes for https://github.com/coreos/go-oidc/issues/137 which prevent OKTA being used as an IDP
**Release note**:
```release-note
NONE
```
cc:/ @ericchiang
Automatic merge from submit-queue
Allow DaemonSet controller to PATCH pods, and add more steps and logs in DaemonSet pods adoption e2e test
DaemonSet pods adoption failed because DS controller aren't allowed to patch pods when claiming pods.
[Edit] This PR fixes#42908 by modifying RBAC to allow DaemonSet controllers to patch pods, as well as adding more logs and steps to the original e2e test to make debugging easier.
Tested locally with a local cluster and GCE cluster.
@kargakis @lukaszo @kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 42940, 42906, 42970, 42848)
Enable RollingUpdates for the fluentd daemonset addon
In anticipation of needing to rev fluentd-gcp image versions in patch releases, we should enable rolling update so the new versions get rolled out in a timely manner.
/cc @ixdy
Automatic merge from submit-queue (batch tested with PRs 42940, 42906, 42970, 42848)
Improve kubeadm init message
Now that we are locking down the insecure port, we should give clearer instructions on how to copy out the root owned admin.conf file, chmod it and use it.
Signed-off-by: Joe Beda <joe.github@bedafamily.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42940, 42906, 42970, 42848)
Move node and event observer helpers to e2e/common
**What this PR does / why we need it**:
Moves existing test helper functions in OIR e2e tests to `test/e2e/common`. These functions wrap informers to help test writers to observe events instead of long-polling for status updates.
For usage examples, see `test/e2e/opaque_resource.go`.
cc @kubernetes/sig-scheduling-misc
**Release note**:
```release-note
NONE
```
The unit test for the ingress controller was previously adding
a cluster twice, which resulted in a cluster being deleted and added
back. The deletion was racing the controller shutdown to close
informer channels. This change ensures that the informer clears its
map of informers when Stop() is called to prevent a double close, and
that the test no longer adds the cluster twice.
Automatic merge from submit-queue
Add fabianofranz as approver for test/e2e/kubectl.go
Adding myself as approver for `kubectl` end-to-end tests.
```release-note
NONE
```
Automatic merge from submit-queue
Fixed incorrect result of getMinTolerationTime.
For the following case, `getMinTolerationTime` should return one; but it returned -1 :
1. for tolerations[0], TolerationSeconds is nil, minTolerationTime is not set
2. for tolerations[1], it's TolerationSeconds (1) is bigger than `minTolerationTime`, so minTolerationTime is still -1 which means infinite.
```
+ {
+ tolerations: []v1.Toleration{
+ {
+ TolerationSeconds: nil,
+ },
+ {
+ TolerationSeconds: &one,
+ },
+ },
+ },
```
Automatic merge from submit-queue (batch tested with PRs 42969, 42966)
kubeadm: update kubeadm banner to beta
**What this PR does / why we need it**: Updates the intro banner for kubeadm, which used to state it is in alpha (but we are going to beta). This also updates the tagged github group (one that no longer exists) to the sig-cluster-lifecycle-misc group.
**Special notes for your reviewer**: /cc @jbeda
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42969, 42966)
kubeadm: fixed warning nil logging
**What this PR does / why we need it**: Fix bug in warning aggregation for preflight checks. Would cause logging like this:
`[preflight] WARNING: %!s(<nil>)`
Will now only append non-nil cases to warning.
**Special notes for your reviewer**: /cc @jbeda
**Release note**:
```release-note
NONE
```
Now that we are locking down the insecure port, we should give clearer instructions on how to copy out the root owned admin.conf file, chmod it and use it.
Signed-off-by: Joe Beda <joe.github@bedafamily.com>
Automatic merge from submit-queue
[Federation] Unjoin only the joined clusters while bringing down the federation control plane.
A few other minor improvements.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
hack/godep-restore.sh: use godep v79 which works
Godep v74 gives me:
```shell
godep: Checking dependency: k8s.io/metrics/pkg/apis/custom_metrics
godep: Dep (k8s.io/metrics/pkg/apis/custom_metrics) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/api/resource) not found
godep: Checking dependency: k8s.io/metrics/pkg/apis/custom_metrics/install
godep: Dep (k8s.io/metrics/pkg/apis/custom_metrics/install) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apimachinery/announced) not found
godep: Checking dependency: k8s.io/metrics/pkg/apis/custom_metrics/v1alpha1
godep: Dep (k8s.io/metrics/pkg/apis/custom_metrics/v1alpha1) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/api/resource) not found
godep: Checking dependency: k8s.io/metrics/pkg/apis/metrics
godep: Dep (k8s.io/metrics/pkg/apis/metrics) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apis/meta/v1) not found
godep: Checking dependency: k8s.io/metrics/pkg/apis/metrics/install
godep: Dep (k8s.io/metrics/pkg/apis/metrics/install) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apimachinery/announced) not found
godep: Checking dependency: k8s.io/metrics/pkg/apis/metrics/v1alpha1
godep: Dep (k8s.io/metrics/pkg/apis/metrics/v1alpha1) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/api/resource) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/clientset_generated/clientset
godep: Dep (k8s.io/metrics/pkg/client/clientset_generated/clientset) restored, but was unable to load it with error:
Package (k8s.io/client-go/discovery) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/clientset_generated/clientset/fake
godep: Dep (k8s.io/metrics/pkg/client/clientset_generated/clientset/fake) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/runtime) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/clientset_generated/clientset/scheme
godep: Dep (k8s.io/metrics/pkg/client/clientset_generated/clientset/scheme) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apis/meta/v1) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/clientset_generated/clientset/typed/metrics/v1alpha1
godep: Dep (k8s.io/metrics/pkg/client/clientset_generated/clientset/typed/metrics/v1alpha1) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apis/meta/v1) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/clientset_generated/clientset/typed/metrics/v1alpha1/fake
godep: Dep (k8s.io/metrics/pkg/client/clientset_generated/clientset/typed/metrics/v1alpha1/fake) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/apis/meta/v1) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/custom_metrics
godep: Dep (k8s.io/metrics/pkg/client/custom_metrics) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/api/meta) not found
godep: Checking dependency: k8s.io/metrics/pkg/client/custom_metrics/fake
godep: Dep (k8s.io/metrics/pkg/client/custom_metrics/fake) restored, but was unable to load it with error:
Package (k8s.io/apimachinery/pkg/labels) not found
godep: Checking dependency: vbom.ml/util/sortorder
godep: Error checking some deps.
2,64s user 2,75s system 11% cpu 47,395s total
```
v79 works.
Automatic merge from submit-queue
Fix taint based pod eviction for clusters where controller manager is not running with allocate-node-cidrs set
Fixes https://github.com/kubernetes/kubernetes/issues/42733
In my cluster, I have not set allocate-node-cidr, and It is causing taint based pod eviction to fail.
@gmarek @kubernetes/sig-scheduling-bugs @davidopp @derekwaynecarr
Automatic merge from submit-queue (batch tested with PRs 41794, 42349, 42755, 42901, 42933)
Fixes kubectl skew test failure when using kubectl.sh
Fixes leftovers from https://github.com/kubernetes/kubernetes/pull/42737.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41794, 42349, 42755, 42901, 42933)
Fix DefaultTolerationSeconds admission plugin
DefaultTolerationSeconds is not working as expected. It is supposed to add default tolerations (for unreachable and notready conditions). but no pod was getting these toleration. And api server was throwing this error:
```
Mar 08 13:43:57 fedora25 hyperkube[32070]: E0308 13:43:57.769212 32070 admission.go:71] expected pod but got Pod
Mar 08 13:43:57 fedora25 hyperkube[32070]: E0308 13:43:57.789055 32070 admission.go:71] expected pod but got Pod
Mar 08 13:44:02 fedora25 hyperkube[32070]: E0308 13:44:02.006784 32070 admission.go:71] expected pod but got Pod
Mar 08 13:45:39 fedora25 hyperkube[32070]: E0308 13:45:39.754669 32070 admission.go:71] expected pod but got Pod
Mar 08 14:48:16 fedora25 hyperkube[32070]: E0308 14:48:16.673181 32070 admission.go:71] expected pod but got Pod
```
The reason for this error is that the input to admission plugins is internal api objects not versioned objects so expecting versioned object is incorrect. Due to this, no pod got desired tolerations and it always showed:
```
Tolerations: <none>
```
After this fix, the correct tolerations are being assigned to pods as follows:
```
Tolerations: node.alpha.kubernetes.io/notReady=:Exists:NoExecute for 300s
node.alpha.kubernetes.io/unreachable=:Exists:NoExecute for 300s
```
@davidopp @kevin-wangzefeng @kubernetes/sig-scheduling-pr-reviews @kubernetes/sig-scheduling-bugs @derekwaynecarr
Fixes https://github.com/kubernetes/kubernetes/issues/42716
Automatic merge from submit-queue (batch tested with PRs 41794, 42349, 42755, 42901, 42933)
AppArmor cluster upgrade test
Add a cluster upgrade test for AppArmor. I still need to test this (having some trouble with the cluster-upgrade tests), but wanted to start the review process.
/cc @dchen1107 @roberthbailey
Automatic merge from submit-queue (batch tested with PRs 41794, 42349, 42755, 42901, 42933)
[Federation][e2e] Add framework for upgrade test in federation
Adding framework for federation upgrade tests. please refer to #41791
cc @madhusudancs @nikhiljindal @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 42642, 42899, 42922)
[Federation] Deployments unaware of ReadyReplicas
The Deployment controller was not propagating ReadyReplicas to underlying clusters causing these errors:
```
Error syncing cluster controller: Deployment.apps "federation-deployment" is invalid: status.availableReplicas: Invalid value: 5: cannot be greater than readyReplicas
```
This was caught in e2e testing and is a 1.6 regression for support that was added in #37959. Without this fix, users will be unable to scale up their deployments.
Automatic merge from submit-queue (batch tested with PRs 42642, 42899, 42922)
Update cadvisor godeps to v0.25.0
Completes #42008, a 1.6 issue.
The cadvisor changes include only a couple minor bug fixes, mainly for the devicemapper storage driver.
cc @dchen1107
```release-note
Disable devicemapper thin_ls due to excessive iops
```
Automatic merge from submit-queue
Invalid environment var names are reported and pod starts
When processing EnvFrom items, all invalid keys are collected and
reported as a single event.
The Pod is allowed to start.
fixes#42583
Automatic merge from submit-queue (batch tested with PRs 41830, 42630)
Arrange for elasticsearch to shutdown cleanly
Kubernetes initiates "graceful shutdown" by sending SIGTERM to pid 1, which
is exactly what elasticsearch is expecting (good!)
The way the existing startup scripts worked however, this signal arrived at
the shell wrapper, not elasticsearch, and the shell wrapper exited,
killing the container immediately (bad!)
Before this change:
```
1 ? Ss 0:00 /bin/sh -c /run.sh
6 ? S 0:00 /bin/bash /run.sh
13 ? S 0:00 \_ /bin/su -c /elasticsearch/bin/elasticsearch elasticsearch
14 ? Ss 0:00 \_ sh -c /elasticsearch/bin/elasticsearch
15 ? Sl 19:18 \_ /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java ... org.elasticsearch.bootstrap.Elasticsearch start
```
After this change:
```
1 ? Ssl 0:29 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java ... org.elasticsearch.bootstrap.Elasticsearch start
```
