Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add UT test for PolicyRuleBuilder
PolicyRuleBuilder is used to construct PolicyRule.
Add UT test to check if its construct is correct.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
not expose object detail when creating TokenRequest
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @liggitt @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check for commands in kubelet command line
**What this PR does / why we need it**:
Kubelet doesn't support subcommands and silently ignores them.
This causes a lot of confusion among users, for example:
Running 'kubelet logs' can produce this output:
```
I0206 16:20:40.010949 5712 feature_gate.go:220] feature gates: &{{} map[]}
I0206 16:20:40.011054 5712 controller.go:114] kubelet config controller: starting controller
...
error: failed to run Kubelet: failed to create kubelet:
misconfiguration: kubelet cgroup driver: "cgroupfs" is different from
docker cgroup driver: "systemd"
```
The output in this case looks like a valid log output. The error is not
caused by incorrectly configured cgroup driver though. It's caused by
the fact that kubelet ignores 'logs' subcommand, so 'kubelet logs' is
essentially the same as 'kubelet': it runs kubelet with the default set
of parameters, including default cgroup driver.
**The fix**:
Added check to prevent kubelet from running if user specifies
subcommands in the command line.
**Which issue(s) this PR fixes**:
Fixes: kubeadm issue 639
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update restmapping to indicate fully qualified resource
The resource of a restmapping is logically fully qualified and we have that value when we construct it. Update the return value so that callers don't have to synthentically create one.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds support for arm64 to microbot example of the kubernetes-worker charm.
**What this PR does / why we need it**: Adds support for arm64 to microbot example of the kubernetes-worker charm.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable bypassing online checks in kubeadm upgrade plan
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR makes `kubeadm upgrade plan` a little nicer to use in an air gapped environment. `kubeadm upgrade plan` now accepts a version and returns that instead of checking the internet.
**Which issue(s) this PR fixes**:
Fixeskubernetes/kubeadm#698
**Special notes for your reviewer**:
I also cleaned up the tests for this section of code by adding formal names for table tests and using `t.Run`.
**Release note**:
```release-note
`kubeadm upgrade plan` now accepts a version which improves the UX nicer in air-gapped environments.
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set names for OpenStack loadbalancer members and monitors
**What this PR does / why we need it**:
This PR sets names for OpenStack loadbalancer members and monitors.
ATM names for members and monitors are empty, making it difficult to identify where they belong.
Healthmonitors will be named `monitor_<lb_name>_<index>` and members
will be named `member_<lb_name>_<index>_<node_name>`.
This naming scheme should in sync with the naming of other LB resources, e.g. pools: `pool_<lb_name>_<index>`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Api server extra args
**What this PR does / why we need it**:
This PR will correctly override the APIServer command with the values found in APIServerExtraArgs. If none are passed in a default set of flags will be used.
This also includes cleaning up tests by using `t.Run` and naming test cases so we know what they are doing. `t.Run` also provides better testing output when coupled with a name.
At some point we stopped using the k8s version to generate this command. It is trivial to add back if we need it later, but since we don't use it now it's best for it to go. This also exposed several test that were identical. Those have been removed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#760
**Special notes for your reviewer**:
I split this into two commits since it's a bit easier to think about like that, but would be fine squashing.
**Release note**:
```release-note
NONE
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove rootscopedkinds from groupmeta
builds on https://github.com/kubernetes/kubernetes/pull/63206
Since, a RESTMapping can only be determined based on a connection to a server, the only thing that needs to know the namespaced-ness of a resource is the code doing the registration. Everything else is derived from that source of truth. This removes the other dangling references and collapses down onto the existing namespaced-ness methods in the strategies backing the stores.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add test for sparse version encoding/decoding
This adds tests that make sure the sparse version encoding and encoding work as callers will expect, with the correct version being picked from the list. I wrote two tests, one a theoretical test not dependent on any API and another practical test using cronjobs which are currently sparse in the registry.
@liggitt turns out that because we find exact matches, sparse versions ought to work out fine.
@smarterclayton I hate that the versioner matches on type. I'll update that separately I think.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add field selector support to delete, label, annotate
**What this PR does / why we need it**:
Builds out field selector support for more bulk commands
**Release note**:
```release-note
kubectl now supports --field-selector for `delete`, `label`, and `annotate`
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubelet: force filterContainerID to empty string when removeAll is true
fixes https://github.com/kubernetes/kubernetes/issues/57865
alternative to https://github.com/kubernetes/kubernetes/pull/62170
There is a bug in the container deletor where if `removeAll` is `true` in `deleteContainersInPod()` the `filterContainerID` is still used to filter results in `getContainersToDeleteInPod()`. If the filter container is not found, no containers are returned for deletion.
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/pod_container_deletor.go#L74-L77
This is the case for the delayed deletion a pod in `CrashLoopBackoff` as the death of the infra container in response to the `DELETE` is detected by PLEG and triggers an attempt to clean up all containers but uses the infra container id as a filter with `removeAll` set to `true`. The infra container is immediately deleted and thus can not be found when `getContainersToDeleteInPod()` tries to find it. Thus the dead app container from the previous restart attempt still exists.
`canBeDeleted()` in the status manager will return `false` until all the pod containers are deleted, delaying the deletion of the pod on the API server.
The removal of the containers is eventually forced by the API server `REMOVE` after the grace period.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove incorrect static restmapper from type registry
A RESTMapping can only be determined by inspecting a server since discovery is the authoritative source of mapping decisions. This removes a deceptive method from the type registry and makes the old logic available for existing tests in a separate, clearly labeled package.
@kubernetes/sig-api-machinery-pr-reviews @kubernetes/sig-cli-maintainers
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63152, 63253). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make dynamic client slightly easier to use and add fakes
Tweaks the dynamic client to make it more "normal" for resources to namespaces. Adds a fake dynamic client.
@kubernetes/sig-api-machinery-pr-reviews
/assign @hzxuzhonghu
/assign @sttts
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl should not have a direct code dependency on controllers
The dependency linkage brings in the scheduler and a lot of unrelated
code. Instead, selectively copy methods that operate on public APIs.
@liggitt
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
scheduler: clean up and simplify equivalence cache locking
**What this PR does / why we need it**:
This is a cleanup of the locking code for equivalence cache. There is no change to the current logic or locking. This PR has a couple of implications, though.
1. It deletes (unreachable) code that could have been used to cache predicate results that consider nominated pods.
2. Callers should no longer lock/unlock the eCache manually, so coordinating that lock with other synchronization is restricted.
**Special notes for your reviewer**:
**Release note**:
<!-- Write your release note:
1. Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
action required".
2. If no release note is required, just write "NONE".
-->
```release-note
NONE
```
/sig scheduling
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 55971, 63307). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revert "fixtodo:validate events on PVCs in integration volume binding test"
This reverts commit 910fd1953e.
Events are not a reliable message bus... they throttle, deduplicate, and drop events over fairly conservative rate limit targets.
This commit caused test flakes, so reverting.
Fixes#63302
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58474, 60034, 62101, 63198). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove Factory from more Run commands
/assign @juanvallejo
**Release note**:
-->
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58474, 60034, 62101, 63198). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix wrong usage of kubelet option
**What this PR does / why we need it**:
"--allow-privileged true" is incorrect usage of boolean option.
It means setting '--allow-priviledged' to its default value plus
non-existing subcommand 'true'.
"--allow-privileged false" is even more confusing as it sets
allow-priviledged flag to its default value 'true'
This is true for any boolean command line option.
Fixed this by using correct syntax --allow-priviledged=true
**Special notes for your reviewer**:
This is a show-stopper for PR #61833
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58474, 60034, 62101, 63198). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
avoid race condition in device manager and plugin startup/shutdown: wait for goroutines
**What this PR does / why we need it**:
Commit 1325c2f worked around issue #59488, but it is still worthwhile to fix the underlying root cause properly.
**Which issue(s) this PR fixes**:
Fixes#59488
**Special notes for your reviewer**:
This is an alternative to PR #59861, which used a different approach. Personally I tend to prefer this one now.
**Release note**:
```release-note
NONE
```
/sig node
/area hw-accelerators
/assign vikaschoudhary16
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: change default reconciler to LeaseEndpoint
**What this PR does / why we need it**:
Graduates the lease-endpoint-reconciler flag to beta, and defaults the endpoint reconciler to LeaseEndpoint instead of MasterCount.
- [x] Default Lease Endpoint Reconciler to on
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57617
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver: `--endpoint-reconciler-type` now defaults to `lease`. The `master-count` reconciler is deprecated and will be removed in 1.13.
```
Automatic merge from submit-queue (batch tested with PRs 59879, 62729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openstack: fix orphaned route deletion
This is a follow-up to #56258 which only got half of the work done.
The OpenStack cloud providers DeleteRoute method fails to delete routes when it can’t find the corresponding instance in OpenStack.
```release-note
OpenStack cloudprovider: Fix deletion of orphaned routes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add tests for GlusterFS dynamic provisioner.
This bring up a heketi server pod and the server will be running
in mock mode, the PVC creation should work, however the volume
attachment to a pod and read/write is not part of this test. Due
to the same reason the tests are marked as [fast].
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
