Automatic merge from submit-queue (batch tested with PRs 59879, 62729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openstack: fix orphaned route deletion
This is a follow-up to #56258 which only got half of the work done.
The OpenStack cloud providers DeleteRoute method fails to delete routes when it can’t find the corresponding instance in OpenStack.
```release-note
OpenStack cloudprovider: Fix deletion of orphaned routes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add tests for GlusterFS dynamic provisioner.
This bring up a heketi server pod and the server will be running
in mock mode, the PVC creation should work, however the volume
attachment to a pod and read/write is not part of this test. Due
to the same reason the tests are marked as [fast].
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix duplicate comment in iptables rule for non-local public-port rule
**What this PR does / why we need it**:
When kubernetes creates an iptable rule for "from-non-local public-port"
rule the rule gets created with two identical comment section.
The function `iptablesNonLocalNodePortArgs` creates a list of arguments
for the rule from iptablesCommonPortalArgs function. This function
already appends the arguments for the rules comments and therefore does
not require appending the comment again.
**Special notes for your reviewer**:
I'm actually not a go programmer at all and have no idea how your tests work.
I doubt that my fix will require adjustements on tests but I'm not 100% sure.
If additional work is needed, I would be glad if someone could point it out to me so I can take care of it.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
correct CHANGELOG-1.10.md
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
1.10 CHANGELOG: Fix supported etcd version comparison with K8s v1.9
**What this PR does / why we need it**:
This updates the 1.10 CHANGELOG to correctly state that the supported etcd server version in v1.9 is 3.1.10.
This also corrects the reference to the pull request which updated the etcd version for v1.10.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a bug that headless service without ports fails to have endpoint created.
**What this PR does / why we need it**:
Follow up of https://github.com/kubernetes/kubernetes/pull/47250. Headless service without ports fails to have corresponding endpoint created because endpoint controller deliberately attaches a dummy endpointPort with portNum=0, which will fail API validation check. Error as below:
```
endpoints_controller.go:375] Error syncing endpoints for service "default/XXX": Endpoints "XXX" is invalid: subsets[0].ports[0].port: Invalid value: 0: must be between 1 and 65535, inclusive
```
This PR makes endpoint controller not attach the dummy endpointPort for headless service.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55158, fixes#62440
**Special notes for your reviewer**:
cc @xiangpengzhao
**Release note**:
```release-note
Fix a bug that headless service without ports fails to have endpoint created.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add approvers to pkg/controller/endpoint
**What this PR does / why we need it**:
Promoting reviewers listed in pkg/controller/endpoint to approvers.
/assign @thockin
cc @bowei
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[Prometheus addon] Use StatefulSet
This PR changes prometheus server manifest from deployment to statefulset.
Version label is removed from pods because statefulset disallows updating selectors.
```release-note
NONE
```
/cc @branch @kawych
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move pkg/scheduler/util/testutil.go to pkg/scheduler/testing
**What this PR does / why we need it**:
In the package `k8s.io/kubernetes/pkg/scheduler/util`, we have testutil.go, which has an init() function. Since this package is imported in production code, we are inadvertently running test code in production.
Fortunately (depending on how you look at it) scheduler already has a package called `k8s.io/kubernetes/pkg/scheduler/testing` which would be an appropriate home for these utils.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63269
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
sync code from copy destination
**What this PR does / why we need it**:
sync code from copy destination
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
scheduler: align with ctrl-managers and apiservers, add https+auth in options
This switches the bootstrapping code to use the Options+Config pattern which
allows to compose flag sets and flag logic from reusable components.
This way https+authz+authn support is added to the Options struct (still disabled
for the actual binary, but available for downstreams).
TODOs:
- [x] fix kubeadm
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic for attaching AzureDisk to vmss nodes
**What this PR does / why we need it**:
Azure vmss virtual machine's data disks may be nil (while Azure virtual machine doesn't have the issue) so it will panic controller-manager when attaching new disks.
This PR fixes the issue by adding a check.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Should be cherry picked to v1.10.
**Release note**:
```release-note
Fix panic for attaching AzureDisk to vmss nodes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support containerized kubelet in CI
**What this PR does / why we need it**:
* Adjust hyperkube Makefile to allow HYPERKUBE_BIN to be
specified from outside
* new DOCKER_ROOT variable to specify --root-dir and associated
volume for kubelet to know where docker directory lives
* Save the docker logs when we kill the kubelet container
* Allow customized image for dockerized kubelet and build a Default
image if one is not specified
We should allow a custom build using script we have:
`VERSION="latest" REGISTRY="k8s.gcr.io" hack/dev-push-hyperkube.sh`
to be used quickly using DOCKERIZE_KUBELET. To do this we remove the
hard coded `k8s.gcr.io/kubelet` image and introduce a new environment
variable `KUBELET_IMAGE`.
Note that we are switching to hyperkube from kubelet as we have a quick
and easy script to build hyperkube image and load it into local docker
daemon. This reduces bad hacks like `docker tag
k8s.gcr.io/hyperkube-amd64:<tag> k8s.gcr.io/kubelet:latest` being used
by folks today (see 62057)
* Better cope with PID 0 when running "docker inspect" to look for
the process id for kubelet container
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62718, 62863). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
gcp: add env var to configure enabled controllers in controller-manager
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix problem that ipvs can't work with hostPort
**What this PR does / why we need it**:
Make ipvs proxy mode can work with pods that have hostPort.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61938#60688 and #60305 are related too.
**Special notes for your reviewer**:
IPVS proxier will create dummy device named `kube-ipvs0`, which will maintain all ipvs virtual service address. That means all ipvs maintained clusterIP/externalIP/ingress will be treat as local address.
Then if we have a pod with hostPort, cni will attach this rule to `PREROUTING` chain:
```
KUBE-HOSTPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kube hostport portals */ ADDRTYPE match dst-type LOCAL
```
so if a service have same port with pod's hostport, then this service can't be access.
In this pr, we added `ACCESS` rule for traffic that aim to ipvs virtual service, to prevent those traffic from be blocked by other rules.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubelet `ReadLogs` backward compatible.
`containerLogPathLabelKey` label was added in dockershim since 1.5. 121a91eb12
ContainerStatus.LogPath was added since Kubernetes 1.7. c3b52267ca
I believe it is safe to reply on this field without backward compatibility issue. And `crictl` is using it as well https://github.com/kubernetes-incubator/cri-tools/blob/master/cmd/crictl/logs.go#L88.
With this change, in the future, kubelet `ReadLogs` will be backward compatible as long as the log format is backward compatible.
@feiskyer @yujuhong @kubernetes/sig-node-pr-reviews
Signed-off-by: Lantao Liu <lantaol@google.com>
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 60890, 63244, 60741, 63254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add name output and verb filtering to api-resources
This allows `kubectl api-resources -o name` to be used as input to `kubectl get ...`
to see all resources still existing in a given namespace:
Example:
```sh
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get -o name -n foo
```
Release note:
```release-note
`kubectl api-resources` now supports filtering to resources supporting specific verbs, and can output fully qualified resource names suitable for combining with commands like `kubectl get`
```
Automatic merge from submit-queue (batch tested with PRs 60890, 63244, 60741, 63254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Indicate clusterrolebinding, rolebinding subjects are optional fields
**What this PR does / why we need it**: With this PR, clusterrolebinding and rolebinding subjects are marked optional instead of required. Currently we cannot create clusterrolebinding and rolebinding with subjects are empty using `kubectl create/apply/replace -f`.
```
$ kubectl create rolebinding test --clusterrole view
rolebinding "test" created
$ kubectl get rolebinding test -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: 2018-03-02T06:58:16Z
name: test
namespace: default
resourceVersion: "5606612"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/test
uid: 155c5c29-1de7-11e8-9f6f-fa163ec89f2a
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects: null
$ kubectl get rolebinding test -o yaml | kubectl replace -f -
error: error validating "STDIN": error validating data: ValidationError(RoleBinding): missing required field "subjects" in io.k8s.api.rbac.v1.RoleBinding; if you choose to ignore these errors, turn validation off with --validate=false
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**: This is a same issue with https://github.com/kubernetes/kubernetes/issues/59403. /cc @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60890, 63244, 60741, 63254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Finish wiring PrintFlags
**What this PR does / why we need it**:
This is rebased version of #63055, I don't want to wait for @juanvallejo to return and to unblock myself, and him for next week. I've rebased his PR and will push it forward.
/assign @deads2k
since you "broke" us 😉
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: master count and lease endpoint test
**What this PR does / why we need it**: Adds a test to make sure master count and lease endpoint reconcilers work well together, so we can bump LeaseEndpoint to beta. Based on Jordan's comment https://github.com/kubernetes/kubernetes/pull/58474#issuecomment-369954890.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Issue: #57617
Followup PR: #58474
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/cc @kubernetes/sig-cluster-lifecycle-api-reviews @kubernetes/sig-cluster-lifecycle-api-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove self linker from group info
The self-link is related to RESTStorage, not to the scheme/codec. Also, no one every customized it. This moves it to the single point of use and retains the override potential.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
NONE
```
