Automatic merge from submit-queue (batch tested with PRs 54327, 54433). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate the SSH Tunneling functionality in API Server
#
**What this PR does / why we need it**:
As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Related to #54076
**Special notes for your reviewer**:
Please see discussion on mailing list:
https://groups.google.com/d/msg/kubernetes-sig-api-machinery/bwJJ93qA99o/pRTVFaIlBAAJ
**Release note**:
```release-note
kube-apiserver: `--ssh-user` and `--ssh-keyfile` are now deprecated and will be removed in a future release. Users of SSH tunnel functionality used in Google Container Engine for the Master -> Cluster communication should plan to transition to alternate methods for bridging master and node networks.
```
As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.
With this change, `ssh-user` and `ssh-keyfile` are now considered deprecated
and we can remove it in the future. This means that SSH tunnel functionality
used in Google Container Engine for the Master -> Cluster communication
will no longer be available in the future.
Automatic merge from submit-queue (batch tested with PRs 52479, 53956). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Register sync proxy rules latency metrics in app level
**What this PR does / why we need it**:
IMO, should may should register proxy metrics in app level instead of in specific proxy mode, e.g. iptables, ipvs, winkernel...
By registering sync proxy rules latency metrics in app level, we can reuse codes among different proxiers.
**Which issue this PR fixes**:
closes#53957
**Special notes for your reviewer**:
@wojtek-t What do you think about it?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: remove the --network-plugin-dir flag
**What this PR does / why we need it**:
This flag has been replaced with `--cni-bin-dir`, and has been deprecated in Kubernetes 1.7.
It is safe to remove in Kubernetes 1.9 according to the deprecation policy.
**Which issue this PR fixes**: fixes#46410
**Special notes for your reviewer**:
/assign @mtaufen @freehan @dchen1107
**Release note**:
```release-note
Remove the --network-plugin-dir flag.
```
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Polymorphic Scale Client
This PR introduces a polymorphic scale client based on discovery information that's able to scale scalable resources in arbitrary group-versions, as long as they present the scale subresource in their discovery information.
Currently, it supports `extensions/v1beta1.Scale` and `autoscaling/v1.Scale`, but supporting other versions of scale if/when we produce them should be fairly trivial.
It also updates the HPA to use this client, meaning the HPA will now work on any scalable resource, not just things in the `extensions/v1beta1` API group.
**Release note**:
```release-note
Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group.
```
Unblocks #29698
Unblocks #38756
Unblocks #49504Fixes#38810
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Warn user if Pod/Service networks will be accessed via proxy.
**What this PR does / why we need it**:
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm will warn users if access to IP ranges for Pods or Services will be done via HTTP proxy.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
addons/dns: changing probes for ANY IP record type
Signed-off-by: André Martins <aanm90@gmail.com>
**What this PR does / why we need it**:
Changes the kube-dns probes to ANY IP record to solve kube-dns probes failures when kubernetes master is running with an IPv6 only address.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51371
/sig network
/area ipv6
Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm should check for bridge-nf-call-ip6tables
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
**What this PR does / why we need it**:
Curently Kubeadm checks that bridge-nf-call-iptables is set to 1, but does not check
for bridge-nf-call-ip6tables. When using IPv6, kubeadm should check that this is set.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53013
**Special notes for your reviewer**:
**Release note**:
```release-note NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm-reset: notify about a non-default certificates directory
**What this PR does / why we need it**:
The `kubeadm reset` command requires super-user access.
When passing non-default path to the `kubeadm reset` command via `--cert-dir `, the user should be at least warned that a non-standard directory is being cleaned completely.
**Which issue this PR fixes**
/approve no-issue
**Special notes for your reviewer**:
If you think that this can be amended (or even improved as a whole) in some way, please let me know.
**Release note**:
```release-note
Make sure that "kubeadm reset" notifies about cleaning the directory specified by "--cert-dir" with a warning.
```
Lubomir I. Ivanov (VMWare)
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
Automatic merge from submit-queue (batch tested with PRs 53809, 54244, 54142). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm/cmdutil.go: improve ValidateExactArgNumber()
**What this PR does / why we need it**:
This patch makes small changes in
ValidateExactArgNumber():
- Use a variable for the length of supported arguments
- Return an error early if the number of valid arguments
exceeds the number of supported arguments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
none
**Special notes for your reviewer**:
none
**Release note**:
```release-note
NONE
```
Lubomir (VMware)
This updates the HPA controller to use the polymorphic scale client from
client-go. This should enable HPAs to work with arbitrary scalable
resources, instead of just those in the extensions API group (meaning we
can deprecate the copy of ReplicationController in extensions/v1beta1).
It also means that the HPA controller now pays attention to the
APIVersion field in `scaleTargetRef` (more specifically, the group part
of it).
Note that currently, discovery information on which resources are
available where is only fetched once (the first time that it's
requested). In the future, we may want a refreshing discovery REST
mapper.
This patch makes small changes in
ValidateExactArgNumber():
- Use a variable for the length of supported arguments
- Return an error early if the number of valid arguments
exceeds the number of supported arguments
Signed-off-by: Lubomir I. Ivanov <lubomirivanov@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme
This serves as
- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
left depenncies.
The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
Automatic merge from submit-queue (batch tested with PRs 53696, 54059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint warnings for useless err checks.
**What this PR does / why we need it**:
This check was recently added to golint.
**Which issue this PR fixes**
Related to #37254
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Duplicate a constant - LabelNodeRoleMaster
**What this PR does / why we need it**:
Per request from @luxas in 53458, to avoid cmd/kubeadm to
depend on pkg/controller/service. Added a comment to make
this clear.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make HPA tolerance a flag
**What this PR does / why we need it**:
Make HPA tolerance configurable as a flag. This change allows us to use
different tolerance values in production/testing.
**Which issue this PR fixes**:
Fixes#18155
**Release note:**
```release-note
Control HPA tolerance through the `horizontal-pod-autoscaler-tolerance` flag.
```
Signed-off-by: mattjmcnaughton <mattjmcnaughton@gmail.com>
The client cert manager uses the most recent cert to request new
certificates. If that certificate is expired, it will be unable to
complete new CSR requests. This commit alters the manager to force
process exit if no further client cert rotation is possible, which
is expected to trigger a restart of the kubelet and either a
re-bootstrap from the bootstrap kubeconfig or a re-read of the
current disk state (assuming that some other agent is managing the
bootstrap configuration).
This prevents the Kubelet from wedging in a state where it cannot make
API calls.
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unit test for cloud-controller-manager
**What this PR does / why we need it**:
Add more unit test for coud-controller-manager
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken links in kubeadm after moving proposals to subdirs
**What this PR does / why we need it**:
fix incorrect links in kubeadm after kubernetes/community#1010
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes/community#918
**Special notes for your reviewer**:
CC @bgrant0607
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53763, 53917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove the old Kubelet TLS Bootstrapping mode
**What this PR does / why we need it**:
As part of 1.9 clean up, remove old TLS Bootstrapping mode.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixeskubernetes/kubeadm#447
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken url
**What this PR does / why we need it**:
I install kubernetes with kubeadm. after kubeadm init, need to install podnetwork with addons. but the output of 'kubeadm init' is to broken url. fix it is available.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53783, 53175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add Priority to admission control
**What this PR does / why we need it**:
Adds Priority admission control to kubeadm for all kubernetes versions > v1.9 alpha.
Related: https://github.com/kubernetes/kubernetes/pull/49322
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubeadm/issues/434
**Special notes for your reviewer**:
**Release note**:
```release-note
Enable Priority admission control in kubeadm.
```
cc @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix pkg/ depends on cmd/ problems
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Partial fix for https://github.com/kubernetes/kubernetes/issues/53341
**Special notes for your reviewer**:
No logic changes, Just moving things around
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52883, 52183, 53915, 53848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE kube-up] Don't provision kubeconfig file for kube-proxy service account
**What this PR does / why we need it**:
Offloading the burden of provisioning kubeconfig file for kube-proxy service account from GCE startup scripts. This also helps us decoupling kube-proxy daemonset upgrade from node upgrade.
Previous attempt on https://github.com/kubernetes/kubernetes/pull/51172, using InClusterConfig for kube-proxy based on discussions on https://github.com/kubernetes/client-go/issues/281.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei @thockin
cc @luxas @murali-reddy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51840, 53542, 53857, 53831, 53702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
refactor NewCmdJoin function
**What this PR does / why we need it**:
refactor NewCmdJoin function to make the code more readable and concision
1、split the function into several small function
2、extract the big variable from the function
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Release note**:
```release-note
NONE
```
