Automatic merge from submit-queue (batch tested with PRs 50550, 50768)
Cleanup locking in configz
**What this PR does / why we need it**:
- Reduce scope of lock in `write()` method
- Use the read lock in `write()` method
**Release note**:
```release-note
NONE
```
/kind cleanup
@mikedanese
p.s. looks like the `Set()` method could be removed if the value is accepted as an argument to `New()`. I.e. looks like to code re-sets the value.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make endpoints controller update based on semantic equality
Fixes#50828
Split from https://github.com/kubernetes/kubernetes/pull/45294 for separate review
Currently, endpoints objects containing no subsets are decoded by the go client as subsets:[] (when requested individually) or as subsets:null (when requested in a list of endpoints).
Because the endpoints controller is fed via a lister/watcher, it gets the `subsets:null` version fed to it. The subsets computation then returns an empty slice, which fails reflect.DeepEqual, which triggers a write attempt.
This PR makes the comparison use semantic.DeepEqual to avoid spurious writes.
https://github.com/kubernetes/kubernetes/pull/45294 would remove the inconsistency between lists and individual gets.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Make socket address parsing work on FreeBSD.
**What this PR does / why we need it**:
I am currently in the process of porting Kubernetes to work on FreeBSD. What is interesting is that I am not interested in using Kubernetes to run Docker containers in this case. I happen to be the author of CloudABI, a sandboxing framework that is available on FreeBSD (and other systems). I want to have a cluster management tool for scheduling these sandboxed processes.
Anyway, right now `kubelet` crashes on startup when passing in CRI command line flags, for the reason that it's not able to parse `unix:...` socket addresses. This change fixes this by making the respective Linux-only source file work on FreeBSD as well.
Automatic merge from submit-queue (batch tested with PRs 49869, 47987, 50211, 50804, 50583)
Add ReclaimPolicy field to StorageClass
fix https://github.com/kubernetes/kubernetes/issues/38192, enough people want this imo so going ahead and adding it according to initial suggested design
some considerations:
* No Recycle allowed, Retain (& Delete) only.
* Do we need to gate the field.
* E2E test where a Retain PV is dynamically provisioned is TODO if we agree we want this & this is the way to do it.
* Need a feature repo issue to track docs and stuff for 1.8
**Release note**:
```release-note
StorageClass has a new field to configure reclaim policy of dynamically provisioned PVs.
```
Automatic merge from submit-queue (batch tested with PRs 49342, 50581, 50777)
Device Plugin Protobuf API
**What this PR does / why we need it:**
This implements the Device Plugin API
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
Special notes for your reviewer:
First proposal submitted to the community repo, please advise if something's not right with the format or procedure, etc.
@vishh @derekwaynecarr
**Release note:**
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Rerun init containers when the pod needs to be restarted
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
This fixes#36485
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
fix the typo of errorf info
**What this PR does / why we need it**:
fix the error message of stateful_pod_control_test.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Log name if Azure file share cannot be created
**What this PR does / why we need it**: If the Azure storage provider fails to create a file share, it logs and error message 'failed to create share in account _foo_: _error-msg_'. A user on the Slack azure-sig channel reported an error of "The specified resource name length is not within the permissible limits". This PR adds logging of the name so that this error can be diagnosed in future.
**Which issue this PR fixes**: This was raised on Slack and has not been created as a GitHub issue.
**Special notes for your reviewer**: None
**Release note**:
```release-note
Changed the error log format when creating an Azure file share to include the name of the share.
```
Automatic merge from submit-queue (batch tested with PRs 46317, 48922, 50651, 50230, 47599)
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
**What this PR does / why we need it**:
Fixes#50473
Rationale: since the scheduler handles all resources except CPU as integers, that could just be the default behavior for namespaced resources.
cc @RenaudWasTaken @vishh
**Release note**:
```release-note
Resources outside the `*kubernetes.io` namespace are integers and cannot be over-committed.
```
Automatic merge from submit-queue
Remove kubectl's dependence on schema file in pkg/api/validation.
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl. This move revealed a "hidden" dependence
(a dependence not expressed in a BUILD or make file) from a feature
level test in /hack/make-rules on a kubectl test data file. So this
PR also adds some BUILD rules around the relevant hack targets, to make the
dependence official. A later PR will move the kubectl aspect of this "hack"
test into a kubectl test directory. Leaving it in place for now after establishing
and "official" dependency, since moving the test beyond PR scope. The
test also depends on a small sh file in //cluster, which makes no sense.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Enables the v1beta2 version of the apps API group by default
**What this PR does / why we need it**: Enables the v1beta2 version of the apps API group by default
fixes # #50641
```release-note
apps/v1beta2 is enabled by default. DaemonSet, Deployment, ReplicaSet, and StatefulSet have been moved to this group version.
```
**What this PR does / why we need it**:
Makes functions in validation/schema.go private to kubectl,
further isolating kubectl.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Whenever pod sandbox needs to be recreated, all containers associated
with it will be killed by kubelet. This change ensures that the init
containers will be rerun in such cases.
The change also refactors the compute logic so that the control flow of
init containers act is more aligned with the regular containers. Unit
tests are added to verify the logic.
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Fix for Policy based volume provisioning failure due to long VM Name in vSphere cloud provider
Dummy VM is used for SPBM policy based provisioning feature of vSphere cloud provider.
Dummy VM name is generated based on kubernetes cluster name and pv name. It can easily go beyond
vSphere's limitation of 80 characters for vmName.
To solve the long VM name failure hash is used instead of vSphere-k8s-clusterName-PvName
**Which issue this PR fixes**
https://github.com/vmware/kubernetes/issues/176
**Release note:**
```release-note
None
```
@BaluDontu @divyenpatel @luomiao @tusharnt
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
Remove BUILD reference to removed files: Fix bazel build
**What this PR does / why we need it**:
Bazel build is broken because a pull-request has removed some go files, but not the BUILD references to these file. Update the go files. I've also created an issue in test-infra(https://github.com/kubernetes/test-infra/issues/4083) as this should have been detected earlier
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50061, 48580, 50779, 50722)
move i18n to kubectl/util
Move `pkg/util/i18n` to `pkg/kubectl/util/i18n` per https://github.com/kubernetes/kubernetes/issues/48209#issuecomment-311730681.
This affects kubectl and kubeadm. It should be fine that `kubeadm` depends on `kubectl`.
partially addresses: kubernetes/community#598
```release-note
NONE
```
/assign @apelisse @monopole
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Refactor RBAC authorizer entry points
This change refactors various RBAC authorizer functions to be more flexible in their inputs. This makes it easier to reuse the various components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46927, 50664, 50710)
Remove deprecated command 'kubectl stop'
Fixes https://github.com/kubernetes/kubernetes/issues/11384
I think this is the final step @kubernetes/sig-cli-pr-reviews @kargakis
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Support autoprobing subnet-id for openstack cloud provider
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50769, 50739)
Make removing nodes public for Kubemark controller
The ability to remove a specific node is needed by Cluster Autoscaler to work.
**Release note**:
```
NONE
```
This change refactors various RBAC authorizer functions to be more
flexible in their inputs. This makes it easier to reuse the various
components that make up the authorizer.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Automatic merge from submit-queue (batch tested with PRs 50692, 50727)
remove leaked socket file after unit test
Before this change:
```
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
```
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
Remove packages which aren't relied on by heapster anymore.
**What this PR does / why we need it**:
Do the TODO:
```
// TODO apimachinery remove this empty package. Godep fails without this because heapster relies
// on this package. This will allow us to start splitting packages, but will force
// heapster to update on their next kube rebase.
```
These packages aren't relied on by heapster anymore. This PR removes them. This is a followup of #48410.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #48386#48410
**Special notes for your reviewer**:
/cc @deads2k
/kind cleanup
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 50589, 50558)
remove useless comments
**What this PR does / why we need it**:
remove useless comments
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49103
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Move List (the type) into metav1 but preserve the exposed type
Make a list something that other components can use without depending on the core API. This does not change the public API exposure of `List` (it is still in `v1`) but makes the interface common across both.
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Fix comment of limitranges
**What this PR does / why we need it**:
The comment of limitrages' API seems to be copied from
pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go
with the other implementation code.
It is a little difficult to understand what is the API, then this
PR fixes it.
Currently if user doesn't specify subnet-id or specify a unsafe
subnet-id, openstack cloud provider can't create a correct LoadBalancer
service.
Actually we can get it automatically. This patch do a improvement.
This is a part of #50726
Automatic merge from submit-queue
Use nodePortOp for allocating healthCheck nodePort
**What this PR does / why we need it**: Allocate healthCheck nodePort via nodePortOp so that we won't leak port on failure.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49999
**Special notes for your reviewer**:
/assign @xiangpengzhao @thockin
**Release note**:
```release-note
NONE
```
Before this change:
$ make test WHAT=k8s.io/kubernetes/pkg/master
+++ [0816 11:19:03] Running tests without code coverage
ok k8s.io/kubernetes/pkg/master 27.953s
$ find -type s
./pkg/master/127.0.0.1:2100324511
./pkg/master/127.0.0.1:2100424511
./pkg/master/localhost:8235197834378812860
./pkg/master/localhost:82351978343788128600
./pkg/master/127.0.0.1:2100524511
./pkg/master/127.0.0.1:2100624511
./pkg/master/localhost:1155389051645284688
./pkg/master/localhost:11553890516452846880
vSphere has limitation of 80 characters for vmName.
with vsphere-k8s prefix and "vmdisk.volumeOptions.Name" vmName can become easily bigger than 80 chars.
Used hash funciton just of the "vmdisk.volumeOptions.Name" part as cleanup dummyVm logic depends on prefix "vsphere-k8s"
