Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Private mount propagation
This PR changes the default mount propagation from "rslave" (newly added in 1.10) to "private" (default in 1.9 and before). "rslave" as default causes regressions, see below.
Value `"None"` has to be added to `MountPropagationMode` enum in API ("I don't want any propagation at all"), which translates to "private" on Linux. [We did not have use cases for it](https://github.com/kubernetes/community/pull/659#discussion_r131454319), but we have them now.
**Which issue(s) this PR fixes**
Fixes#62397, fixes#62396
**Special notes for your reviewer**:
CRI already has an option for private mount propagation in volumes, however it's called "PRIVATE", while Kubernetes API value is "None". I did not change PRIVATE to NONE to keep the interface stable. See `kubelet_pods.go`.
**Release note**:
```release-note
Default mount propagation has changed from "HostToContainer" ("rslave" in Linux terminology) to "None" ("private") to match the behavior in 1.9 and earlier releases. "HostToContainer" as a default caused regressions in some pods.
```
/sig storage
/sig node
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flaky crd e2e tests
Fixes#62345
/sig api-machinery
/kind flake
/priority failing-test
From the issue:
> All the tests that rely on creating a CustomResourceDefinition are flaky. This is because the test "AdmissionWebhook Should be able to deny custom resource creation" creates a validating webhook, called deny-crd.k8s.io, which denies all crd creations. This is an issue for any other test which will create a crd that gets run in parallel with that webhook test, causing them to fail with the message failed to create CustomResourceDefinition: admission webhook "deny-crd.k8s.io" denied the request: this webhook denies all requests
This PR changes the test webhook image to support handling a new "/crd" path which would accept and deny crd creations based on their labels, only denying if if the object has the label ```"webhook-e2e-test":"webhook-disallow"```, and updates the "AdmissionWebhook Should be able to deny custom resource creation" test to use that label.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62503, 62502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix ingress util for setting TLS spec
**What this PR does / why we need it**:
Fixes an issue with ingress TLS testing. For most tests, we want to only provide one certificate and verify it's being served. In some tests (including a conformance test), a new certificate was added; but only the first certificate was asserted.
This is because the multi-TLS test uses `WaitForIngressWithCert()` while the other tests use `WaitForGivenIngressWithTimeout`.
**Special notes for your reviewer**:
/assign rramkumar1
/cc rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62503, 62502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Node E2E: Remove the simple mount test
There are EmptyDir volume tests in test/e2e/common already. The test
does not add any more coverage.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62466, 62494). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix failed e2e tests for dns configmap
**What this PR does / why we need it**:
Fix DNS configMap e2e tests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62490
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix parsing timestamp in test
Go 1.9 changed the default string format, see https://github.com/golang/go/issues/20876
As discussed there, default format is intended to be readable for humans and can change without warning, so we should probably set the format explicitly when writing status configmap.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62324, 61459, 62475, 62476, 61914). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unnecessary code in ingress upgrade logic
Now that 1.1 is released, fix the TODO.
/assign @nicksardo
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 62324, 61459, 62475, 62476, 61914). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump image in ingress downgrade test
**Release note**:
```release-note
None
```
/assign @nicksardo
Automatic merge from submit-queue (batch tested with PRs 62455, 62465, 62427, 62416, 62411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set slave mount propagation for local provisioner
**What this PR does / why we need it**:
Explicitly set slave mount propagation instead of assuming it's the default mode.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62455, 62465, 62427, 62416, 62411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump GLBC version and remove Unreleased tag from tests
/assign rramkumar1
/cc mrhohn
**Release note**:
```release-note
GCE: Bump GLBC version to 1.1.0 - supporting multiple certificates and HTTP2
```
"--allow-privileged true" is incorrect usage of boolean option.
It means setting '--allow-priviledged' to its default value plus
non-existing subcommand 'true'.
"--allow-privileged false" is even more confusing as it sets
allow-priviledged flag to its default value 'true'
This is true for any boolean command line option.
Fixed this by using correct syntax --allow-priviledged=true
Fixed generating of kubelet command line in addKubeletConfigFlags
function.
Automatic merge from submit-queue (batch tested with PRs 60585, 62398, 62258, 62042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add e2e test for kubedns to forward PTR records to upstream server.
**What this PR does / why we need it**:
Add e2e test for kubedns to forward PTR records to upstream server.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reimplement migrate-if-needed.sh in go
The `migrate-if-needed.sh` script was already partially implemented in go (see the attachlease and rollback sub-dirs), but was still unnecessarily difficult to understand and test. This closely reimplements the original logic but with improved code structure, error handling and testing.
Where possible, go code that was previously executed as separate binaries is now statically linked into a single 'migrate' go cobra CLI app, which is then thinly wrapped by`migrate-if-needed.sh`.
There are numerous additional improvements that need to be made, but will be submitted in future PRs. This PR is focused on achieving parity with the pre-existing functionality and introducing some much needed test coverage, in particular HA cluster upgrade test coverage.
It appears that the `attachlease` and `rollback` go binaries are no longer needed as standalones and so I have consolidated them into the new `migrate` go binary. Other than that, this change aims to be 100% backward compatible.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46903, 61721, 62317). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove the use of storage class beta annotations in e2e tests.
**What this PR does / why we need it**:
Since we are going to remove storage class beta annotations, we'd like to remove the use of it in e2e tests to avoid upgrade test issues when it's finally removed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubernetes/pull/51440#discussion_r180290591
**Special notes for your reviewer**:
This should be cherry-picked to 1.10 as well. https://github.com/kubernetes/kubernetes/pull/51440#discussion_r178919464
/cc @msau42
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46903, 61721, 62317). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Double container probe timeout
in some environments, we see a combination of start latency
and the corresponding effect on sync pod latency causing status
manager to fail to report within the 2 minute window.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62192, 61866, 62206, 62360). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove rkt references in the codebase
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 62192, 61866, 62206, 62360). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add CSI External Components ClusterRole to bootstrapped roles
Added CSI External Components ClusterRole to bootstrapped roles and removed creation from failing e2e test
Fixes: #61781
/sig storage
/kind bug
/assign @liggitt @saad-ali
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61549, 62230, 62055, 61082, 62212). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create StorageClass for each volume binding test case
**What this PR does / why we need it**:
Use a different StorageClass for each test case so that subsequent test cases don't accidentally bind to PVs created in previous test cases. The alternative solution of waiting for all the resources to be fully deleted added a significant amount of time to the test, so I prefer using this storage class approach.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62205
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60197, 61614, 62074, 62071, 62301). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds e2e test for vpxd restart scenario in vSphere Cloud Provider
This PR adds a test to verify Volume access in a situation where VMware vCenter's `vpxd` service is down. The test mainly verifies Volume/file access before, during, and after restarting the `vpxd` service on the vCenter host.
See vmware/kubernetes#373 for more details.
**Reviewers note:** This PR was internally reviewed at vmware/kubernetes#468.
/cc @kubernetes/vmware
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Patch ingress upgrade test logic to take note of SNI support in next glbc release
**What this PR does / why we need it**:
/assign @MrHohn
**Release note**:
```release-note
None
```
