ip-masq-agent when issuing an iptables-save will read
any configured iptables on the node. This means that
the ip-masq-agent's memory requirements would grow
with the number of iptables (i.e. services) on the node.
Disable ip-masq-agent in GCE
Automatic merge from submit-queue
Fix link to apiextensions client-go example
Fixes link to client-go example for apiextensions-apiserver.
Fixing #47211.
**Special notes for your reviewer**:
When I run `hack/update-staging-client-go.sh`, I get this error:
```
!!! Error in staging/copy.sh:132
Error in staging/copy.sh:132. 'git commit -q -m "Snapshot" > /dev/null' exited with status 1
Call stack:
1: staging/copy.sh:132 main(...)
Exiting with status 1
```
What am I missing here?
/cc @caesarxuchao @sttts
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Fix broken command in registry addon document
**What this PR does / why we need it**:
Fix a command example in registry addon document so it matches the example yaml above.
Automatic merge from submit-queue
Shorten issue template.
**What this PR does / why we need it**:
As discussed on contrib-ex, this shortens the github issue template.
- Be more explicit about sending people to stackoverflow for support
- Add boilerplate for setting an issue as a bug or feature
- Add boilerplate for setting a SIG
- Cut out the rest for brevity.
Automatic merge from submit-queue
Fix the typo in translations' README.md
**What this PR does / why we need it**:
Tiny fix the typo in README file.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
No issues.
Right now the kubelet creates a new csr object with the same key every
time it restarts during the bootstrap process. It should resume with the
old csr object if it exists. To do this the name of the csr object must
be stable. Also using a list watch here eliminates a race condition
where a watch event is missed and the kubelet stalls.
Automatic merge from submit-queue (batch tested with PRs 47906, 47910)
Reduce scheduler CPU request to 75m
On a 1 cpu master we are over budget with CPU requests. Components like npd or cluster autoscaler don't have *any* space to run. We need to reduce some requests.
cc: @gmarek @mikedanese @roberthbailey @davidopp @dchen1107
Don't revert, change boundingdirs in Makefile for deepcopy-gen
manually fix pkg/client/clientset_generated/clientset/typed/core/v1/pod_expansion.go because external policy types are moved now
Automatic merge from submit-queue
Add a spin-loop that waits for RBAC API's availability.
The very first thing that kubefed does when it comes up is run RBAC API discovery. We believe this sometimes fail on new clusters and as a result causes kubefed to assume that the RBAC API doesn't exist. Therefore, we are applying this workaround for now to ensure that the RBAC API is available before running kubefed.
Issue: #47737
**Release note**:
```release-note
NONE
```
/assign @csbell
/cc @dchen1107
/sig federation
Automatic merge from submit-queue
Add aleksandra-malinowska to cluster-autoscaler salt definition owners
@aleksandra-malinowska is working on Cluster Autoscaler so she should be added to reviewers and approvers.
Automatic merge from submit-queue
Reduce Cluster Autoscaler cpu request to 10m
We are super tight on 1 cpu master node. With the recent changes we cannot fit to the master if request is bigger than 10m.
cc: @gmarek @MaciekPytel @aleksandra-malinowska
Automatic merge from submit-queue
Update addons with upstream CVE fixes
**What this PR does / why we need it**: refreshes the kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for the following vulnerabilities:
* CVE-2016-4448
* CVE-2016-9841
* CVE-2016-9843
* CVE-2017-1000366
* CVE-2017-2616
* CVE-2017-9526
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47386 (yay!)
**Special notes for your reviewer**:
**Release note**:
```release-note
Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526.
```
/assign @bowei @MrHohn @Q-Lee @crassirostris @dnardo
/cc @dchen1107 @timstclair
