Automatic merge from submit-queue
Add waiting for node to become schedulable again in Cluster Autoscaler tests
Adding retrying until CriticalAddonsOnly taint is removed.
This fixes the issue where after disabling and fixing node as part of a test scenario, taint was added by a rescheduler and caused subsequent tests to fail.
Automatic merge from submit-queue
don't accept delete tokens that are waiting to be reaped
With garbage collection, it becomes possible (even likely) that we will have finalizers specified on resources before they are reaped. A secret or an SA which has been deleted and is awaiting reaping should not be considered valid. This adds checking for whether those have been deleted.
@kubernetes/sig-auth-misc
```release-note
Previously a deleted service account token secret would be considered valid until it was reaped. Now it is invalid as soon as the deletionTimestamp is set.
```
Automatic merge from submit-queue
Fix broken markdown format in v1.7 CHANGELOG
**What this PR does / why we need it**:
- fix broken markdown format in v1.7 CHANGELOG
- remove those changes which have release notes `NONE`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48325
**Special notes for your reviewer**:
/cc @dchen1107 @caesarxuchao @luxas @idvoretskyi @@calebamiles
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix a typo in deletion log of apiserver
**What this PR does / why we need it**:
I just fix a typo in a log message. Nothing more 😄
**Which issue this PR fixes**
apiserver sometimes log this message "About do delete object from database". It seems that there is a typo for `to`.
```release-note
Fix a typo in apiserver log message
```
Automatic merge from submit-queue
Validate if service has duplicate targetPort
**What this PR does / why we need it**:
Validate if a service has dup targetport
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47222
**Special notes for your reviewer**:
/cc @thockin
@kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Refactor unstructured converter
**What this PR does / why we need it**:
See #48039. Makes it impossible to misuse unstructured converter.
**Which issue this PR fixes**:
Fixes#48039
**Release note**:
```release-note
NONE
```
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 46336, 47643)
Add node e2e tests for runAsUser
**What this PR does / why we need it**:
This PR adds node e2e tests for runAsUser.
**Which issue this PR fixes**
Part of #44118.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Do not fail on error when deleting ingress
Fixes#48239
If the api server or master is unavailable, the test should manually teardown load balancer resources.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Populate endpoints for headless service with no ports
**What this PR does / why we need it**:
- populate endpoints with headless service (thanks @fraenkel for the original PR!)
- allow ports with headless service
- nits
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#32796https://github.com/kubernetes/kubernetes/issues/32796#issuecomment-270462724
**Special notes for your reviewer**:
/cc @thockin @fraenkel
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Allocate clusterIP when change service type from ExternalName to ClusterIP
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#35354#46190
**Special notes for your reviewer**:
/cc @smarterclayton @thockin
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
Securing the cluster created by Juju
**What this PR does / why we need it**: This PR secures the deployments done with Juju master. Works around certain security issues inherent to kubernetes (see for example dashboard access)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
Securing Juju kubernetes dashboard
```
Automatic merge from submit-queue (batch tested with PRs 47850, 47835, 46197, 47250, 48284)
dockershim: checkpoint HostNetwork property
To ensure kubelet doesn't attempt network teardown on HostNetwork
containers that no longer exist but are still checkpointed, make
sure we preserve the HostNetwork property in checkpoints. If
the checkpoint indicates the container was a HostNetwork one,
don't tear down the network since that would fail anyway.
Related: https://github.com/kubernetes/kubernetes/issues/44307#issuecomment-299548609
@freehan @kubernetes/sig-network-misc
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
Write images.json file into artifacts dir
/assign @fejta
/release-note-none
Hi Erick - I picked the wring outputdir first time round ...
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
[Federation] Convert the deployment controller to a sync controller.
This is based off of the work done for the ReplicaSet controller. It extracts out a schedulingAdapter that handles the shared logic between the two controllers.
Targets #40989
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
bazel: update rules_docker and use official busybox base image
**What this PR does / why we need it**: Follow-up of #46820 now that https://github.com/bazelbuild/rules_docker/issues/40 is fixed. Now all images built by bazel should have the same dependencies as those built with the dockerized build system.
We can also stop worrying about updating our .deb dependency.
**Release note**:
```release-note
NONE
```
/release-note-none
/assign @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
iSCSi plugin: Remove redundant nil check
**What this PR does / why we need it**:
This patch is for cleanup of redundant nil check in iSCSI plugin.
This was mentioned at the code review on origin github thread.
https://github.com/openshift/origin/pull/14565
**Which issue this PR fixes**
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46850, 47984)
Enable vmodule support for all components
Support vmodule (via `LOG_SPEC`) for all local cluster components.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46850, 47984)
Update addon-resizer version
Update addon-resizer version and remove the flags that have been deprecated in the new version.
**What this PR does / why we need it**:
ref kubernetes/contrib#2623
**Special notes for your reviewer**:
Need to wait for merging kubernetes/contrib#2623 first.
**Release note**:
```release-note
addon-resizer flapping behavior was removed.
```
Automatic merge from submit-queue
Allow log-dumping only N randomly-chosen nodes in the cluster
This should let us save "lots" (~3-4 hours) of time in our 5000-node cluster scale tests as we copy logs from all the nodes to jenkins worker and then upload all of them to gcs (while we don't need too many).
This will also prevent the jenkins container facing "No space left on device" error while dumping logs, that we saw in runs 12-13 of gce-enormous-cluster.
The longterm fix will be to enable [logexporter](https://github.com/kubernetes/test-infra/tree/master/logexporter) for our tests.
cc @kubernetes/sig-scalability-misc @kubernetes/test-infra-maintainers @gmarek @fejta
Automatic merge from submit-queue
Add type conversion judgment
If do not type conversion judgment, there may be panic.
**Release note**:
```release-note
NONE
```
The loop should use 'continue' not 'break', otherwise removeFinalizer()
not only removes "orphaningFinalizer" from its finalizers list but
also removes others.
This partially reverts commit 2b311fefba.
We drop the changes to the DaemonSet controller but leave the test. By
reverting the changes, we make it easier to return different values of
shouldContinueRunning for intentional predicate failures, rather then
lumping all intentional predicate failures together. The test should
continue to pass after the fix.
