Automatic merge from submit-queue (batch tested with PRs 41115, 41212, 41346, 41340, 41172)
Send only cluster domain queries to kube-dns
Queries not involving the cluster domain should be forwarded out (not to kube-dns)
```release-note
none
```
Automatic merge from submit-queue
fix service spec for kube api server
For the auto generated kube api-server service, the service spec re-uses the service port itself. The endpoint is created correctly using public port. Fix the service also because there are some plugin controllers that react to service spec itself.
Before fix:
```
sh-4.2# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 172.17.0.2:8443,172.17.0.2:8053,172.17.0.2:8053 20h
sh-4.2# kubectl get services kubernetes -o json
...
...
"spec": {
"clusterIP": "172.30.0.1",
"ports": [
{
"name": "https",
"port": 443,
"protocol": "TCP",
"targetPort": 443 ## <--- same as port, even if the endpoint really means 8443
},
{
"name": "dns",
"port": 53,
"protocol": "UDP",
"targetPort": 8053
},
{
"name": "dns-tcp",
...
```
After fix:
```
"spec": {
"clusterIP": "172.30.0.1",
"ports": [
{
"name": "https",
"port": 443,
"protocol": "TCP",
"targetPort": 8443 # <-- fixed, now matches the endpoint object
},
{
"name": "dns",
"port": 53,
"protocol": "UDP",
"targetPort": 8053
},
{
"name": "dns-tcp",
``
Automatic merge from submit-queue
Fixes Hazelcast example e2e test
**What this PR does / why we need it**:
This PR fixes the Hazelcast example e2e test
**Special notes for your reviewer**:
It is related to this PR https://github.com/kubernetes/kubernetes/pull/39580
Automatic merge from submit-queue
give nodes update/delete permissions
delete permission is logically paired with create permission (and is used during self-registration scenarios when a node has been restarted and an existing node object has a mismatched externalID)
we already need to scope update nodes/status permission to only let a node update itself, and we would scope these at the same time.
fixes https://github.com/kubernetes/kubernetes/issues/41224
Automatic merge from submit-queue
copy pkg/util/logs to apiserver
This is a copy, not a move. API servers need to be able to init the logs, but so do clients. It would be weird to have the client-side commands depending on the server side logs utilities.
I updated all the server side references, but left the client-side ones.
@sttts @kubernetes/sig-api-machinery-pr-reviews acceptable?
Automatic merge from submit-queue
auto-create the loopback token
Users of the apiserver library have no need to specify particular loopback tokens, we can autogenerate and provision them.
@kubernetes/sig-api-machinery-misc @sttts
Automatic merge from submit-queue
Added kubectl create role command
Added `kubectl create role` command.
Fixed part of #39596
**Release note**:
```
Added one new command `kubectl create role` to help user create a single role from command line.
```
Automatic merge from submit-queue (batch tested with PRs 41319, 41192)
Split informers by internal and external to allow inclusion in client-go
client-go doesn't have any internal clients, so informers which require internal clients can never be included in it. This splits the informer generation into internal and external so we can safely include them.
@kubernetes/sig-api-machinery-misc @ncdc
Automatic merge from submit-queue (batch tested with PRs 41319, 41192)
sync client-go
Straight mechanical sync of client-go after updating apimachinery.
@caesarxuchao @sttts @pwittrock
I tagged it since its straight mechanical.
Automatic merge from submit-queue (batch tested with PRs 41312, 41289)
resolve udevadm from PATH in cinder_util.go
**What this PR does / why we need it**:
When a cinder volume gets attached to a node, the cinder volume plugin calls `udevadm` with an absolute path `/usr/bin/udevadm`. This path is incorrect for recent versions of debian, ubuntu or the hyperkube image on gcr.io where `udevadm` is located at `/bin/udevadm` or `/sbin/udevadm`. A variant of the hyperkube image is used on CoreOS to run kubelet with rkt fly stage 1.
As a result of the failed `udevadm` exec, the `AttachDisk` function in `cinder_util.go` returns an error.
This PR removes the absolute path from the `udevadm` exec. As a result, `udevadm` is resolved by looking it up in `PATH`.
This is consistent with the gce volume plugin, which executes `udevadm` the same way.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29832
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue
updated docs in roundtrip.go to correct names
**What this PR does / why we need it**: updated docs in roundtrip.go to correct names.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41182, 41290)
Fix typo of defualt
Fix typo of defualt introduced in #41274.
**Release note**:
`NONE`
cc @Random-Liu
Automatic merge from submit-queue (batch tested with PRs 41182, 41290)
Add a default storage class for Azure Disk
Part of https://github.com/kubernetes/kubernetes/issues/40071
@jsafrane @colemickens @codablock @rootfs
Automatic merge from submit-queue (batch tested with PRs 41274, 41241)
[Federation] Make federation namespace e2e tests parallelizable.
Because deleteAllTestNamespaces deleted all the e2e namespaces it interefered with other federation namespace tests running in parallel. This change should mitigate the problem and make the tests runnable in parallel.
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 41137, 41268)
Allow the CertificateController to use any Signer implementation.
**What this PR does / why we need it**:
This will allow developers to create `CertificateController`s with arbitrary `Signer`s, instead of forcing the use of `CFSSLSigner`. It matches the behavior of allowing an arbitrary `AutoApprover` to be passed in the constructor.
**Release note**:
```release-note
NONE
```
CC @mikedanese
Automatic merge from submit-queue
Add pod manifest path to local cluster
Added `POD_MANIFEST_PATH` to local cluster up because we are frequently using this flag when testing static & mirror pod during local dev.
Automatic merge from submit-queue (batch tested with PRs 41259, 41260)
kubeadm: changed manifest files to yaml
**What this PR does / why we need it**: Static Pods are currently stored as .json files in /etc/kubernetes/manifests. This PR instead writes them as YAML, as requested by the SIG.
**Which issue this PR fixes**: fixes #https://github.com/kubernetes/kubeadm/issues/153
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41259, 41260)
remove hardcoded ansi color coding for `make help`
to tput so that color coding works in multiple platforms including osx.
**What this PR does / why we need it**:
should try not to use hardcoded ansi escape characters.
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
Fix cluster-cidr flag
**What this PR does / why we need it**:
Fixes the kube-proxy daemonset config when using the `pod-network-cidr flag`. The return value of `getClusterCIDR` should be prefixed with a `-`.
**Special notes for your reviewer**:
None
@luxas
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
Add alternative names for the server binaries to hyperkube
**What this PR does / why we need it**:
Right now one can't swap a server image to the hyperkube image without touching the `command` field in the yaml spec, and that's daunting and leading to extra and unnecessary logic for example in kubeadm.
This makes the hyperkube image directly swappable, so now `/usr/local/bin/kube-*` is a portable first argument (or simply `kube-*` if there's a shell).
**Special notes for your reviewer**:
**Release note**:
```release-note
Align the hyperkube image to support running binaries at /usr/local/bin/ like the other server images
```
@jessfraz @thockin @ixdy
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
BootstrapSigner and TokenCleaner controllers
This is part of https://github.com/kubernetes/features/issues/130 and is an implementation of https://github.com/kubernetes/community/pull/189.
Work that needs to be done yet in this PR:
* [ ] ~~e2e tests~~ Will come in new PR.
* [x] flag to disable this by default
```release-note
Native support for token based bootstrap flow. This includes signing a well known ConfigMap in the `kube-public` namespace and cleaning out expired tokens.
```
@kubernetes/sig-cluster-lifecycle @dgoodwin @roberthbailey @mikedanese
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
Register deepcopy and defaulter funcs for metav1
Houston, we've had a problem here. ObjectMeta had used the reflection fallback path for deepcopy for probably some time.
Remark: my original plan for https://github.com/kubernetes/kubernetes/pull/36412 was/is to rebase that during the master branch freeze for 1.6 and get it merged just before master opens again. Otherwise, I fear it will be rebase hell. With https://github.com/kubernetes/kubernetes/pull/36412 these kind of errors are not possible anymore.
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
fix bug of runServer function in server.go
What this PR does / why we need it:
use parameter network instead of hardcode 'tcp' / the parameter network here is not equal to 'tcp'
**Special notes for your reviewer**:
NONE
**Release note**:
NONE
