Packages changed: cri-o haproxy kubernetes (1.18.0 -> 1.18.1) libssh (0.9.3 -> 0.9.4) libtirpc (1.2.5 -> 1.2.6) open-iscsi patterns-microos podman (1.8.2 -> 1.9.0) systemd (244 -> 245) xen (4.13.0_11 -> 4.13.0_12) xfsprogs (5.5.0 -> 5.6.0) === Details === ==== cri-o ==== Subpackages: cri-o-kubeadm-criconfig - criconfig: Require kubernetes-kubeadm-provider to be compatable with multi-version kubernetes packaging - Update apparmor_profile with current cri-o version, bsc#1161056 ==== haproxy ==== - use the "profile profilename /path/to/binary" syntax to make "ps aufxZ" more readable ==== kubernetes ==== Version update (1.18.0 -> 1.18.1) Subpackages: kubernetes-client kubernetes-kubeadm - Declare Kubernetes 1.18.1 as default - Introduce multi-version kubernetes packaging - Remove fix-spn-prefix-added.patch kubeadm-opensuse-flexvolume.patch, kubeadm-opensuse-registry.patch and opensuse-version-checks.patch; Now located in version specific packages. - Rename /usr/lib/sysctl.d/50-kubeadm.conf to 90-kubeadm.conf [boo#1163328] - Dropping all old CaaSP legacy configuration - Update to version 1.18.0: * Drop kubeadm-improve-resilency-CreateOrMutateConfigMap.patch (no longer needed) * Rebase opensuse-version-checks.patch * bump k8s.io/utils package * Simplify dual or single port logic * fix kubectl port-forward for services with explicit local port * Fix the VMSS name and resource group name when updating VMSS for LoadBalancer backendPools. * bump k8s.io utils * Do not reset managedFields in status update strategy * Use discovery to test apply all status * Updating vendored files * Update vendored MountSensitive code for Windows * add unit test for addTopology() * make filteredZones order predictable * Restore orphaning check in gc test * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.0-rc.1 * Fix isCurrentInstance for Windows by removing the dependency of hostname * e2e wait until controller manager pod ready * Add missing article in prominent release note * add testing * add ExternalTrafficPolicy support for External IPs in ipvs kubeproxy * add ExternalTrafficPolicy support for External IPs in iptables kubeproxy * add feature gate ExternalPolicyForExternalIP for the bug fix * Set unschedulable Condition after setting nominated Node * fix logging on e2e metrics grabber test * Fix unbound variable error in gce/configure.sh * CHANGELOG: Update directory for v1.15.11 release * CHANGELOG: Update directory for v1.16.8 release * CHANGELOG: Update directory for v1.17.4 release * Bump Cluster-Autoscaler to 1.18.0 * Removing ConfigMap as suggestion for IngressClass parameters * Remove kubectl column output test * build/release-images.sh: remove possible duplicate targets * Add tolerations with effect "NoExecute" and "NoSchedule" to allow schedule of nodelocaldns pods on node pools with taints * EndpointSlice and Endpoints should treat terminating pods the same * Remove wait.Until for running Kubelet Bootstrap * Bump Cluster-Autoscaler to cluster-autoscaler:v1.18.0-beta.1 * wait until /metrics are ready on e2e test * let image cache do sort on write instead of on read to avoid data * CHANGELOG: Update directory for v1.18.0-beta.2 release * Implement noopWindowsResourceAllocator * Preserve target apiVersion when decoding into unstructured lists * Fix VMSS cache content * kubelet: Also set PodIPs when assign a host network PodIP * e2e: wait for controller manager pod to be ready * Add NodeCIDR for detect-local-mode * Move TaintBasedEvictions feature gates to GA * test: Detect flakes caused by container teardown races on CRI * metaproxier logging for endpoints ipfamily * Add metaproxier unit tests * client-go: update expansions callers * client-go: add context/options to expansions methods * Use go-bindata built from vendor/ * client-go metadata: update callers * client-go dynamic client: add context to callers * /readyz should start returning failure on shutdown initiation * client-go metadata: plumb context * client-go dynamic context * client-go dynamic client: update DeleteOptions callers * client-go dynamic client: pass DeleteOptions by value * Updated files after rebase * Fix expected version for csidriver * Updated CSIDriver references * Moved CSIDriver to GA * generaetd * refactor egress dialer construction code and add unit test * add metrics and traces for egress dials * Parallelize attach operations across different nodes for volumes that allow multi-attach * exit if KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE is set incorrectly * Don't try to create VolumeSpec immediately after underlying PVC is being deleted * Disable HTTP2 while proxying a "Connection: upgrade" request * Allow both GRPC and http-connect mode to be toggled * Checks error for loading audit webhook config to prevent panic * managedfields: Update Apply time if neither object nor managedfields have changed * Bump sigs.k8s.io/structured-merge-diff to v3 * fieldmanager: Add failing test for no-op apply actually writing to etcd * fieldmanager: Move ManagedFields update logic into its own class * Add e2e test for validating JWTs as OIDC tokens * Add Extenders to scheduler v1alpha2 component config * ingress: add alternate resource backend * Work-around for missing metrics on CRI-O exited containers * Renaming: "Change" -> "Add" for consistency with underlying method * Fix queued request accounting, extended queueset test * Disallow use of Plugin or PluginConfig when using Policy * Disallow duplicate PluginConfig in framework creation * Allow container visitor to operate on selected container types * test: Properly detect container runtime flake in e2e test * Update to latest node-cache image * ingress: allow wildcard hosts in IngressRule * Use the v0.0.8 network proxy images * Use versioned autoscaling API group in code-generator examples * dynamic certs: pass valid object to event recorder * dynamic certs: use correct name with event recorder * dynamic certs: do not copy mutex via shallow copy of tls.Config * Bug fix for TM none policy * Start adding tests for verifying correct modes * Check for nil cpuManager * Fix Bazel build * Show kubectl describe ingress error * Hopefully plainer test strings * Implement changes into volume plugins for skipping chown * Update generated files * Define new type for storing volume fsgroupchangepolicy * Fix log formatting for skipper. "INFO" is already logged by Logf, and it wasn't in the format syntax. * kubeadm: deprecate the flag --use-api for cert renewal * Set field manager for kubectl diff --server-side. * Add AnyVolumeDataSource feature gate * Don't log "SHOULD NOT HAPPEN" errors more than once per second * Use the same default namespace across event recorders * kubelet: Clear the podStatusChannel before invoking syncBatch * kubelet: Never restart containers in deleting pods * kubelet: Don't delete pod until all container status is available * kubelet: Preserve existing container status when pod terminated * Test that an always-fail container can't report the pod Succeeded * Add kubectl debug alpha command * Update VolumePVCDatasource to GA for 1.18 * fix scheduler.TestCoSchedulinngWithPermitPlugin and test scheduler.PermitPlugin * Windows specific kubelet flags in kubeadm-flags.env - Uses correct pause image for Windows - Omits systemd specific flags - Common build flags function to be used by Linux and Windows - Uses user configured image repository for Windows pause image * e2e-topology-manager: Wait for SR-IOV device plugin * Utilerrors.Aggregate: Allow using with errors.Is() * Fix GCE PD snapshot flakiness * Generalized NonResourcePolicyRule.NonResourceURLs impl * Promote GMSA to GA * cleanup: move the test of TaintBasedEvictions features to sig-node * client-go: use klog.V(3) for the cert-rotation controller start/stop * Update agnhost to test OIDC validation of JWT tokens * Add FromFile and FromExistingClassName support for SnapshotClass in external storage e2e test * Always include remoteAddr in source IP list for audit (#87167) * Prevent CephFS from logging senstive options * Prevent AzureFile from logging senstive options * Fix MountError Test * Update dep k8s.io/utils to 0a110f9eb7ab * Adding PathType to Ingress * update override behavior for kubectl --tls-server-name * Squash pkg/describe/versioned/ into pkg/describe/ * Support TLS Server Name overrides in kubeconfig file * Provide more verbose empty config error based on the context * Changed kubectl cluster-info dump to not display "Cluster info dumped to standard output" message when output is stdout * Update Cluster Autoscaler version to 1.18.0-gke.0 * cleans up dynamiccertificates package * Add unit tests for IsKubeletClientCSR and IsKubeletServingCSR * Extend client-go csr package to invalidate CSRs based on signerName * bandwidth: use regexp to handle tc output fix newly-added 'chain N' output from 'tc filter show dev XXX' * Hide kubectl.kubernetes.io/last-applied-configuration in describe * Wire --filename flag to exec * Implement simple endpoint slice batching * Make some metrics finer-grained, add dispatch counts, note immediate reject * add a new generic filter goaway * Fix a PodTopologySpread e2e flake * Use GRPC mode for network proxy * Generated API * test/e2e/framework: remove dependencies to internal APIs * move eparis and zmerlynn to cluster/ emeritus_approvers * add bentheelder to cluster/ approvers * Support intermediate certificate in certificate store * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * Add default constraints to PodTopologySpread * Update network proxy to v0.0.7 * stop defaulting kubeconfig to http://localhost:8080 * Add ReloadCertFromDisk flag to rest.Config and to kubeconfig which allows the provided client certificate files to be reloaded from disk (currently on every use) * Enable topology-manager-e2e tests to run on MultiNUMA nodes. * Refactor CPUMananger-e2e-tests so that it be reused by topology-manager-e2e-testsuite. * Improve plugin args JSON tags * Bump csi-driver-host-path version to get fixed block snapshots * Currently SRIOV detection logic is reporting error if it fails to detect SRIOV device on the system. This patch aims to fix the same. * hack/update-vendor.sh * Replaced uber atomic with sync atomic, removed unneded "blank import" * Fix block snapshot tests * Fix unit test to fail with proper final gRPC code * Add unit tests * Call NodeUnstage after NodeStage timeout * Call NodeUnpublish after NodePublish timeout * Add uncertain map state to block volumes * Add context and options to scale client * Add mutex to Topology Manager Add/RemoveContainer This was exposed as a potential bug during e2e test debugging of this PR. * Update TopologyManager Feature Gate: - Alpha to Beta. - True by default. - Remove redundant validation checks. * small cleanup for ipvs readme * validate configuration of kube-proxy IPVS tcp,tcpfin,udp timeout * Adding IngressClass to networking/v1beta1 * Support token authentication for network proxy * test/e2e/:remove // TODO: write a wrapper for ExpectNoErrorWithOffset() * test/e2e/framework/service/:simplify function CreateTCPService * Make sure we fail the job and log more details when it does * Move conformance image to debian:stretch-slim * Remove unused function aggregateGoroutinesWithDelay * Switch to UpdateVMs() for updating VMSS backend address pool * Factor-out metrics related logic from authentication logic. * Use only v1 CRD resources in e2e tests * Fixed golint issues in RBD code * Remove prometheus references from pkg/controller/endpointslice * Add UpdateVMs() for VMSS client to allow update multiple VMSSVMs by sequential sync requests and concurent async requests. * update WithPlugin comment, in case remove function * Refactor: move generic functions of integration test to util directory * refactor volume binder * e2e_node add test for PodOverhead feature * storage: confirm that paging and predicate filtering work together * Address comment and remove if condition * Hide deprecated --server-dry-run for kubectl apply * Update README.md * Update README.md * Promote block volume features to GA * Promote the egressselector API to beta * update kube-controller-manager and kube-scheduler to match kube-apiserver defaults * update map keys api doc with validation requirements * scheduler_perf: do not override throughput labels * extend CRD map and set validation * Deprecate --generator flag from kubectl create commands * fix: remove conflict comment of taint "Value" * Bump CSI hostpath driver * test images: ARG instructions should be first * bazel update * volume scheduler: introduce special string type * volume scheduler: move reason strings into volume code * Added non-randomized tests of matching FlowSchema rules * test images: Skip building manifest list if no image was pushed * more artisanal fixes * deref all calls to metav1.NewDeleteOptions that are passed to clients. * automated refactor * update clients * update client gen * audit webhook use network proxy * pass Dialer instead of egressselector to webhooks * authentication webhook via network proxy * Fix default regular expressions in conformance tests runner * Add OWNERS and testing to external extender/v1 api * Rename --enable-inflight-quota-handler to --enable-priority-and-fairness. * Don't save managedFields if object is too large * Remove global variable dependency from runtimeclass admission * PodOverhead: remove feature gate override in tests * Update PodOverhead feature gate for beta * Move scheduler extender API V1 to staging k8s.io/kube-scheduler * certificates: update controllers to understand signerName field * Add Certificate signerName admission plugins * fix unsupported bug * fix: azure disk remediation issue * test images: Rebases nautilus and kitten images * Image Promoter: Allows images to be pushed immediately after being built * Add signerName field to CSR resource spec * fix: azure file mount timeout issue * register metrics from comp-base * Add block cloning tests * Rename GetTopologyPodAmitHandler() as GetAllocateResourcesPodAdmitHandler(). It is named as such to reflect its new function. Also remove the Topology Manager feature gate check at higher level kubelet.go, as it is now done in GetAllocateResourcesPodAdmitHandler(). * Update to golang@1.13.8 * Device Manager - Update unit tests - Pass container to Allocate(). - Loop through containers to call Allocate() on container by container basis. * Device Manager - Refactor allocatePodResources - allocatePodResources logic altered to allow for container by container device allocation. - New type PodReusableDevices - New field in devicemanager devicesToReuse * CPU Manager - Updates to unit tests: - Where previously we called manager.AddContainer(), we now call both manager.Allocate() and manager.AddContainer(). - Some test cases now have two expected errors. One each from Allocate() and AddContainer(). Existing outcomes are unchanged. * CPU Manager - Add check to policy.Allocate() for init conatiners If container allocated CPUs is an init container, release those CPUs back into the shared pool for re-allocation to next container. * CPU Manager - Rename policy.AddContainer() to policy.Allocate() * Change GetTopologyPodAdmitHandler() to be more general * test images: Temporarely exclude Windows test images * tests: Replaces dnsutils image used with agnhost (part 4) * Fix etcd issues on ARM * kubelet: Avoid sending no-op patches * Setting a Pod's nodeAffinity instead of setting .spec.nodeName directly * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Fix an "index out of bound" issue in scheduler preemption e2e * Update etcd debian base image to v2.0.0 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * add support for single stack IPv6 * Test PodTopologySpread.PreScore instead of internal pre-processing. * Test PodTopologySpread.PreFilter instead of internal pre-processing. * fix the coredns preflight check for unsupported plugins * [refactor] fold PreemptionExecutionPath into the existing top-level SIGDescribe * Add unit test for framework plugin configuration * Fix pkg/controller typos in some error messages, comments etc * Add unit and integration tests for multiple profiles support * fix import formatting in gce_utils.go * gce: remove duplicate patch service method * Add documentation around plugins * Add CHANGELOG/CHANGELOG-1.18.md for v1.18.0-beta.1 * fix: corrupted mount point in csi driver * e2e: avoid setting NodeName for CSI driver deployments * Reorder conditions in FindMatchingVolume to avoid checking NodeAffinity in trivial cases. * Ensure webhook/quota/deny admission comes last * Adding AppProtocol to Service and Endpoints Ports * Improve rate limiter latency logging and metrics * update bazel * Fix a scheduler e2e bug on PodTopologySpread scoring * Update version of GCE PD CSI Driver deployed in tests * Updating OWNERS for Windows+Azure tests * Add show-hidden-metrics-for-version to kubelet * test images: Updates agnhost guestbook * apiextions: add list-type: map|set CR validation * [UseNetworkResourceInDifferentTenant] Fix bug of setting incorrect subscription id on azure network resource clients. * Remove AlgorithmSource from v1alpha2 * Support multiple scheduling profiles in a single scheduler * remote patch.go and patch_test.go files * Add BenchmarkSchedulingWaitForFirstConsumerPVs benchmark * Make sig-scalability reviewers / approvers of cluster/gce * Create OWNERS file for cluster/log-dump * Don't rely on contents of optional Condition fields in CSI mock test * Use servicePatch methods from cloud-provider repo in service-controller * Remove alpha feature test for EvenPodsSpread * kube-proxy: fix confusing default value for healthz and metrics bind address, deprecate healthz-port and metrics-port flag * Use compute v1 api to specify network tier * Fix pkg/registry typos in some error message, variable names etc * scheduler: deprecate deprecated metrics in 1.19 * append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.sh fails for prefixes that contain quotes and = sign. * test: don't use hardcoded pod count for memory limit test * Update the conformance list and doc generation logic * update corefile-migration library to 1.0.6 * update coredns to 1.6.7 * Fix recent context change after rebase * Fix golint issues for `core/v1/validation` * Adding Windows CPU limit tests * Fix cpu resource limit on Windows * scheduler_perf: allow to override the default benchtime * scheduler_perf: describe how to run BenchmarkPerfScheduling manually * Add Profiles to kubescheduler.config.k8s.io/v1alpha2 * kubeadm: modify how component volumes are printed * Default grace period to 0 when --force is used to delete an object * Remove the unsupported CloudProviderBackoffMode from Azure cloud provider config. * Deprecate service annotation service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset * kubeadm: allow creating a cluster with ECDSA keys * Support cluster using network resources (VNet, LB, IP, etc.) across AAD Tenants. * Add e2e session affinity timeout test * Revert "Mark session affinity tests as [Flaky]" * deflake e2e session affinity tests * kubeadm: fallback to a known etcd version if an unknown k8s version is passed * fix test failure * fix: add remediation in azure disk attach/detach * move well known cloud provider taints to k8s.io/cloud-provider/api * Fix: pkg/apis Typos in comments, function name, error message * Fix initialization bug in `FakeImageService` * use ControllerClientBuilder from k8s.io/cloud-provider in cloud-controller-manager * kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster * tests: Create pod for Windows test * Add release-1.18 publishing rules * Fix typos in some error messages, comments * Fix kubectl describe ingress annotations not sorted * fix kubectl create deployment image name * Respect ignore-volume-az option in admission plugin * Refresh discovery server resources for memCacheClient in parallel * Swith to mock clients for route/routetable/networkinterface tests * Refactor handling of local traffic detection. * Enable field management for all new objects * check ip family for node port connectivity test * Instrument DEK cache fill and request inter-arrival times. * fix alias for stack protector kernel config. * e2e-scheduling: add basic PodOverhead test * Fix aws provider to return no error when instance is not found for InstanceExistsByProviderID * Avoid adding labels to nodes in CSI mock driver * Revert "log-dump.sh: allow to dump extra log files" * tests: Fixes Hybrid cluster network test * Fixes for the `No ref for container` in probes after kubelet restart * test/e2e/framework/node/:remove TODO and make some functions private * test images: Adds building README * Image Promoter: Adds Windows build nodes for Windows test images * test images: Use multiple Windows nodes to build images * test images: Adds multiple Windows channels support * test images: Adds Windows support (part 1) * images: Changes the image naming template * images: Configurable BASEIMAGE hierarchy * images: Adds linux/ prefix to BASEIMAGE entries * test images: Bumps image versions * e2e-framework-node: add runtimeclass to dedup code * Update API doc for feature PodTopologySpread (a.k.a EvenPodsSpread) * Moving Windows RunAsUserName feature to GA * fix get-kube authorization headers * update golang.org/x/crypto * test/e2e/framework/log: optimize PrunedStack() * Add tests for egress selector * Add e2e test to test Except clause in NetworkPolicy * vendor network proxy client * Support empty root CA for konnectivity * Network Proxy: GRPC + HTTP Connect with UDS * e2e: topomgr: extend tests to all the policies * Support injecting errors for `FakeImageService` * log-dump.sh: allow to dump extra log files * empty_dir: Check if hugetlbfs volume is mounted with a correct pagesize * kubeadm: optimize the upgrade path from ClusterStatus to annotations * kubeadm: remove `ClusterStatus` dependency * e2e: topomgr: address reviewer comments * fix: check disk status before disk azure disk * Fix typos in apiclient util * Fix golint errors in pkg/controller/garbagecollector * wait for pruned CR to be invisible from API * test: export a fake Azure cloud Via the exported GetTestCloud(), we can reuse the code for the unit tests in Azure related CSI drivers. * Add --dry-run to more kubectl commands. * kubeadm: do not pin unit tests to a version * kubeadm: update constants for 1.18 * Start deprecation process for StreamingProxyRedirects * add logging for csr being approved and issued. * fix data races for other usage of Q * NetworkPolicy e2e test should wait for Pod ready * e2e: topomgr: properly clean up after completion * e2e: topomgr: add multi-container tests * e2e: topomgr: validate all containers in pod * e2e: topomgr: autodetect NUMA position of VF devs * e2e: topomgr: remove single-numa node hack * e2e: topomgr: early check to detect VFs, not PFs * Implement tests for multiple sizes huge pages * Implement support for multiple sizes huge pages * replaced tokenaccessreview with tokenreview * fix data races in scheduler unit tests * Add init containers to dump info * podlogs: include node name in prefix * optimize kubectl version help info * homogenize metrics naming * test images: Image Promoter sed fix * adding response headers * tests: Replaces images used with agnhost (part 4) * Make MetricCollector configurable for scheduler benchmark tests * Switch EndpointSlice to use discovery v1beta1 api * add delays between goroutines for vm instance update * kubemark: move a channel send out of critical section * Don't call delete for already deleted volumes * kubelet: Record kubelet_evictions when limits are hit * Update default cos image to include runc-1.0.0-rc10 * Add more E2E tests for the ../poddisruptionbudgets endpoint * Honor the RevisionHistoryLimit in StatefulSetSpec * run permit plugins in the scheduling cycle * Add a README describing behaviors * Add BuildArgs to interpodaffinity plugin * rest: remove connection refused from the list of retriable errors * Implement ItemBucketRateLimiter * Fix wrong alpha version for ValidateProxyRedirects * Update Go modules * chore: move caches to a separate package * fix incorrect configuration of kubepods.slice unit by kubelet (issue #88197) * test/e2e/node: fix selinux test failure * Present more concrete information about pod readiness * test/e2e/framework:remove unused code and move const * kubeadm config images list: test structured output * kubeadm config images list: implement structured output * kubeadm config images list: update output API * test/e2e/framework:remove TODO and make func private * Add getPublishDir and getVolumePluginDir * Fix route conflicted operations when updating multiple routes together * update bazel configuration * fix: update max azure disk max count * Remove `FilteredNodesStatuses` argument from `PreScore` interface * Clean up --dry-run values. * E2E tests for PodTopologySpread * Error if --local and --dry-run=server are passed * fix shellcheck failures in health-monitor.sh * update stale pause image comment * bump pause to 3.2 in kubectl test data * bump pause to 3.2 in hack/ * bump pause to 3.2 in test/ * Do not dereference qcAPI which maybe nil * added nodeSelector to constrain it to Linux only * rename to sharedLimitWriter * bump pause to 3.2 in kubelet * bump pause to 3.2 in kubeadm * Shrink mutation detection critical section * Version the API Priority and Fairness FieldManager values * Report scheduler_perf integration test kube-scheduler metrics into artifacts dir * fix: get azure disk lun timeout issue * Add deletion interfaces for VM, VMSS and interface clients * e2e: getCurrentKubeletConfig: move in subpkg * Add show-hidden-metrics-for-version to scheduler * Remove optional from core docs for 'Type' (#88029) * Remove deprecated rolling-update command * Extend CPUManager e2e tests to run on MultiNUMA node with/without HT * Change line terminators from CRLF to LF * Fix a bug in e2epod function * Remove PodBackoffMap * Construct http Request using http.NewRequest * Updated test cos image to include runc-1.0.0-rc10 * remove unused manifest-tool rules * switch pause to docker manifest instead of manifest-tool * Create an OWNERS alias for net-driver-approvers * add a changelog note for pause 3.2 * Update Abdullah as the scheduling feature approver * address review feedback * Replace Beta OS/arch labels with the GA ones * Add a event to PV when mount fails because of fs mismatch * remove TODO and use framework.SingleCallTimeout * Remove HardPodAffinityWeight from v1alpha2 * Fix updated pod NetworkPolicy e2e test * Scheduler: Exclude plugin config for empty policy arguments * OWNERS(releng): Remove aleksandra-malinowska from Patch Release Team * OWNERS(releng): Add Branch Managers to release-engineering-reviewers * kubectl cluster-info dump: use file extension according to output format * CHANGELOG: Update CHANGELOG-1.18.md * use network proxy for proxy subresources * Collect some of scheduling metrics and scheduling throughput * test/e2e/framework/util.go:make function LookForString private * e2e: e2e_node: refactor getCurrentKubeletConfig * Fix unit tests * Add CSI block volume directory cleanup * Remove unnecessary calls to GCE API after PD is created. * Remove client cleanup from TestCleanup * Fix impossible condition in test/e2e/framework/resource_usage_gatherer.go * Add CHANGELOG/CHANGELOG-1.18.md for v1.18.0-alpha.5 * Use --dry-run=client,server in kubectl. * Fix gce-cos-master-reboot test * update pause to 3.2 since we changed the build * Move skip method from e2e fw ginkgowrapper to e2e skipper fw * Set up connection onClose prior to adding to connection map * Separate containerd install from config, and other cleanups * Change migrated-to annoation key to follow best practices by removing beta and using 'pv' prefix * Don't show flags in api-versions help * Rename `PostFilter` plugin to `PreScore` * Add ephemeral containers to streamLocation name suggestions * Fix example of kubectl config set-credentials * Remove tautological condition in test/e2e/framework/pod/resource.go * Make Azure clients only retries on specified HTTP status codes * Initialize http Request Header before RoundTrip to avoid panic * Convert volume.TestConfig to use NodeSelection * Pass NodeSelection directly into e2e testsuites so that tests can use them more consistently * Add buffer for GC resync retry to GC e2e tests * Don't set NodeName directly in Pods so that it still goes through the scheduler * kubeadm: update embedded CA in kubeconfig files on renewal * Provide OIDC discovery endpoints * Add CHANGELOG/CHANGELOG-1.15.md for v1.15.10 * proxier: use IPSet from k8s.io/utils/net to store local addresses * userspace proxy: get local addresses only once per sync loop * ipvs proxier: use util proxy methods for getting local addresses * iptables proxier: get local addresses only once per sync loop * update vendor k8s.io/utils to 5f6fbceb4c31 * Add CHANGELOG/CHANGELOG-1.16.md for v1.16.7 * Round times to nearest second before sorting * Avoid running docker specific test in containerd * Add CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Lower server-side apply percentage to 10% * Add RegisterPluginAsExtensionsWithWeight * Fix serializer test * dump docker image list * Delete pod in volume tests * fix: add azure disk migration support for CSINode * kube-proxy filter Load Balancer Status ingress * Add test * Added API Priority and Fairness filter and config consumer * Support for adding test-handler for containerd * add index for pod cacher * add roycaihw to reviewers in apiextensions-apiserver * Use NodeSelector instead of NodeName in hostexec Pod so that the Pod runs through the scheduler * Add missing tag to vSphere storage E2E tests * e2e: topomgr: introduce sriov setup/teardown funcs * e2e: topomgr: use constants for test limits * e2r: topomgr: improve the test logs * e2e: topomgr: better check for AffinityError * e2e: topomgr: reduce node readiness timeout * e2e: topomgr: get and use topology hints from conf * e2e: topomgr: initial negative tests * e2e: topomgr: add more positive tests * e2e: topomgr: add option to specify the SRIOV conf * e2e: topomgr: autodetect SRIOV resource to use * e2e: topomgr: check pod resource alignment * e2e: topomgr: add test infra * e2e: topomgr: explicit save the kubelet config * migrate authenticator and authorizer to Create * remove authn/z.CreateContext expansions * Pass context to tryAcquireOrRenew * Add fast path to node authorizer for node/edge removal * Switch node authorizer index to refcounts * Add configmap->node destination edges to the node authorizer index * Run Windows kubelet stats e2e tests serially because it needs to start many pods on a single node * Use ProxierHealthUpdater directly to avoid panic * Enable field management for all new objects * Add damemi to sig-scheduling owners * Cleanup "slow-path" logic in scheduler Filters * EndpointSliceTracker should track updated resource version * Garbage collector should orphan ControllerRevisions too * kubeadm: remove 'kubeadm upgrade node config' * test/e2e/framework:move functions to test/e2e/scheduling/ * Change devicemanager to implement HintProvider.Allocate() * Change CPUManager to implement HintProvider.Allocate() * Add Allocate() call to TopologyManager's HintProvider interface * Split devicemanager Allocate into two functions * register queue metrics in controller manager * Make DisruptionController eviction tests serial to avoid flakes * add StatusConflict as non-retriable error for disksClient * tolerate when bazel shutdown errors out * Ability to override versions of containerd/runc * Install containerd package depending on CONTAINER_RUNTIME * Add gid to config.toml only when docker group is present * Treat replaced events that didn't change resourceVersion as resync events * cross build pause with buildx * test/ : fix non-ascii characters * manual fixes * generated: update clients * generated: run refactor * update client gen * remove TODO and unused code * Fix non-ascii characters in test/e2e_node and test/network. * add azure disk WriteAccelerator support * kubeadm: remove 'kubeadm alpha kubelet config download' * kubeadm: deprecate --kubelet-version command line option * fix: add non-retriable errors in azure clients * Update with update-bazel.sh script * Staticcheck: vendor/k8s.io/kubectl/pkg/scale|describe/versioned|cmd/top|cmd/util/editor|cmd/top * some manual fixes * generated: update clients * generated: run refactor * update generators * add exponential backoff with reset to reflector * Refine WaitingPod interface * Bump to latest SMD to pick up performance optimizations * Add code to fix kubelet/metrics memory issue. * Fix docker/journald logging conformance * added env var WINDOWS_CNI_STORAGE_PATH and WINDOWS_CNI_VERSION * Do lenient decoding only for kubescheduler config v1alpha1 * Fix non-ascii characters in test/e2e/storage * Ensure bazel is really brought down * LogResult if there is an error * Drop k8s.io/node-api packages * Remove the exponential backoff in NodeGetInfo * Ensure kubectl is available in PATH by explicitly exporting the script * cluster: Add justaugustus as reviewer * Limit number of instances in single update to GCE target pool * Register conversions for kubectl testing types * Support config kubelet provider id for local cluster. * remove bash examples/comments from the v1beta1 and v1beta2 APIs * Make updateAllocatedDevices() as a public method and call it in podresources api * Use longer pod start timeouts for specific tests * use tars instead of debs to build server images * build: Remove references to debs/rpms in BUILD/dependency files * build: Remove deb and rpm build definitions/specs * Remove deprecated fields from kubescheduler.config.k8s.io/v1alpha2 * gce-addons: Make sure default/limit-range doesn't get overridden * Update conformance requirement check * Remove Error log for nil StartTime * Check getNodeInfoError against nil * Revert "Collect some of scheduling metrics and scheduling throughput" * Calling hcsshim instead of docker api to get stats for windows to greatly reduce latency * adding e2e test to ensure it takes less than 10 seconds to query kubelet stats for windows nodes * Add UpdateTwice and UpdateApply benchmarks for fieldmanager * PodTopologySpread excludes terminatingPods when making scheduling decision * Changed comments to match with interfaces method description * Fixed Golint errors in pkg/registry/core/pod * CHANGELOG: Collapse README.md headings in single list * Add some aliases into import-aliases for e2e framework * Re-adding the [[ as per review comment request * Add kubectl diff exit code doc * CHANGELOG: Move changelog, soft-link to top-level, refresh listing * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * fix staticcheck errors in vendor/k8s.io/legacy-cloud-providers/aws. * update generated file * update translation * Explicitly shutdown bazel after the target finishes * add a flag in azure auth module to omit spn: prefix in audience claim * kubelet: Debug pod status output diff is wrong * Check for node IP * python snippets should work on both old and new python versions * Remove references to prometheus is test/e2e * kubeadm: dual-stack validation allow single stack * validate storage cache indexers * Fix non-ascii characters in test/e2e/node/pods.go * Move 'path' package usage to 'path/filepath' * implement backoff manager * Make oidc authenticator audience agnostic * Updating dependency sigs.k8s.io/yaml to version v1.2.0 * add myself to hack/OWNERS * Change HostPath to EmptyDir for VolumeSubpathEnvExpansion e2e tests * Validation for behaviors * Ensure testing credentials are labeled as such * Validate Except of IPBlock for NetworkPolicy spec * Add CHANGELOG-1.18.md for v1.18.0-alpha.3 * reduce overhead of error message formatting and allocation for scheudler NodeResource filter * Fixed code formatting issues discovered by verify-gofmt * Fixed problem in unit test where error expected/actual comparison was not being performed * Removed unneeded newline (moved to end of directory not found message) * Ignore empty or blank string in path when listing plugins * Fixed code formatting issues discovered by verify-gofmt * Autogenerated * Remove unnecessary manual conversions * Added 'No resources found' message to describe and top pod commands * kube-aggregator: increase log level of AggregationController API group logging * kubectl: allow to preselect interesting container in logs * makes unavailableGauge metric to always reflect the current state of a service * Add a fast path for adding new node in node_autorizer. * Update for loop in server image image creation * Add shellcheck disable for set $wrappable * Simplify and improve find/tar lines * Update after review comment * Fix src_tarball packaging * Replace for loop with find command * Update after review * Update after review comments * Fix shellcheck warnings/errors in /build/lib/release.sh * Fix non-ascii characters in test/e2e/common/projected_configmap.go * Add an option to external storage e2es to use a copy of a pre-installed StorageClass * generated: update clients * remove create expansions form authn/z clients * use generated clients instead of expansions for most of authn/z * Enable FC mount options * Add konnectivity log files * Add defaults to pod affinity args * Only set admission review reponse patch type if the patch is not empty * Ensure specified container runtimes are present * Cleanup logging and creation logic of TopologyManager in prep for beta * Update TopologyManager.GetTopologyHints() to take pointers * Update TopologyManager.Policy.Merge() to return a simple bool * Fix bug in TopologManager RemoveContainer() * fix range copy issue * snapshot clientsets pending context migration * Add error check in kubectl proxy on server setup * test images: Adds Image Promoter details in the README * add indexer for storage cacher * fix kubectl drain ignore daemonsets and others * update network-y stuff for supporting ubuntu/bionic as master * Collect some of scheduling metrics and scheduling throughput * use network proxy for aggregator api * Log when client side rate limiter latency is very high * Adds more unit test on Bind extension for the scheduler * add to api repo documentation * Enable selinux tags in make targets * Update OWNERS * WatchBasedManager stops watching immutable objects * Initial example behaviors * Reduce default CPU requirement for konnectivity server * Added server-side print column about FlowSchema referential integrity * Update GCP Windows node image versions * Ineffassign fixes for pkg/volume * test/e2e/framework: remove skip.go and use e2eskipper subpackage * kube-proxy: validate dual-stack cidrs * Restore statefulset conversion that populates apiVersion/kind in volume templates * Switch pager to return whether the result was paginated * Fix pending_pods, schedule_attempts_total was not recorded * Avoid thundering herd on etcd on masters upgrade * Move 'path' package usage to 'path/filepath'. * Ineffassign fixes for pkg/controller and kubelet * Ineffassign fixes for pkg/proxy * Fix comment whitespace * Use standard default storage media type in local-up-cluster * update github.com/docker/libnetwork to c8a5fca4a652 * Extend --dry-run to support string values. * Fix node authorizer index recomputation * kube-proxy: Only open ipv4 sockets for ipv4 clusters * Add namespace mode targeting to dockershim * Generated code for kubelet namespace targeting * Add namespace targeting to the kubelet * fix: missing variadic dots * Allow Action's Matches function to specify a subresource. * Fix backoff retries for AzureFile client * Add disableAvailabilitySetNodes to avoid VM list for VMSS clusters * grammar change for pods status in tests * fix command variable exited with status 1 * Fix non-ascii characters in test/e2e/common/runtime.go * Make schema error log message more useful * Fixed listType annotations for API Priority and Fairness * Autogenerated and build files for kubescheduler.config.k8s.io/v1alpha2 * Copy kubescheduler.config.k8s.io/v1alpha1 files onto v1alpha2 * Clean ups on kubescheduler.config.k8s.io/v1alpha1 files * Move mutating admission into finishRequest * remove client label from healthz metric test * Add GC e2e debug logging * Allow update of onXPN field in fake GCE clients. * remove client label from apiserver request count metric since it is unbounded * Add foreground deletion check to ensure GC is aware of the new custom type * Revert "Merge pull request #87258 from verult/slow-rxm-attach" * Fix back off when scheduling cycle is delayed * Fix preemption race conditions on heavy utilized nodes * cleanup req.Context() and ResponseWrapper * refactor * regenerate clients * update generator * update rest.Request signatures * various context related cleanups to rest.Request * Update GCI_VERSION to cos-77-12371-114-0 as older image is deprecated * e2e dual stack retry getting endpoints * Set cache to nil data when Azure node provisioning state is deleting * cni: Update CNI version to v0.8.5 * volume binder: enable klog flags in test * volume binder: convert to sub-tests * build: Don't attempt to use mirror for CNI plugin downloads * cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni) * Update GCE Windows smoke-test script to work with 1909 nodes. * Update get-build.sh * Attach a new finalizer in GCE ILB creation. * Register RunPodSandbox* metrics * Clarify sha matching etcd release tag * Add apiVersion to involvedObject * Skip default spreading scoring plugin for pods that define TopologySpreadConstraints * fix apiextensions reference in controller/clusterauthenticationtrust * Fixed a failing test on a RBD mount scenario * bump gengo version * add staging directories to import-boss verify script * add import-restrictions to apiextensions-apiserver/pkg/apis,v1 and v1beta1 * update existing import-restrictions files * Cleanup validation for immutable secrets/configmaps * switch log verbosity for cache refresh logs * various context related cleanups to rest.Request * Reduce public methods for DryRunVerifier * Update container hugepage limit when creating the container * Add comments in several hack/*.sh * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * don't specify apiVersion when getting AAD token * Update CHANGELOG-1.17.md * Parallelize attach operations across different nodes for volumes that allow multi-attach * set nil cache entry based on old cache * Refactor operation keys for NestedPendingOperations * add logging before kubelet waiting for cert * Expose k8s types that do not roundtrip and a helper to roundtrip without protobuf * Fix kubectl taint's Complete parsing * bumping agnhost version to 2.10 * adding sidecar injecting webhook * More refinement of comments and parameter names for informers * Add logging to scheduler's event handlers * add comment in several hack/ sh scripts. * Withdraw the change of getting version variable * kubeadm: prevent bootstrap of nodes with known names * `./hack/update-openapi-spec.sh` * Cleanup unused Azure client interfaces * Remove doc reference to godep #782 * Register full object as return type for `DELETE` web services. * fix behaviour of aws-load-balancer-security-groups annotation * fix static check in pkg/volume/flocker * Update copyright date for ingress_utils_test.go * Adds more test cases in TestRunBindPlugins for the scheduler * kubeadm: increase timeouts in the etcd client * kubeadm: handle multiple members without names during concurrent join * test/e2e/framework: handle the case where BeforeEach was never called * brushed up according to review * Updated API Priority and Fairness validation to track change in catch-all priority level * Whitelisting *.pkg.dev for the GCP credential provider * Added relevent approvers and reviewers for gci. * fork out a new global-default from catch-all to handle unclassified traffic * /test/e2e/framework:remove TODO in test/e2e/framework/util.go * Bump dependency github.com/prometheus/client_model@v0.2.0 * Add serathius to sig-instrumentation-approvers * Pin dependency github.com/cilium/ebpf * Bump dependency opencontainers/runc@v1.0.0-rc10 * Fix bug of hack/verify-api-groups.sh * Move IngressFromManifest/IngressToManifest to ingress e2e fw * Move GetPortURL to ingress e2e fw * fixed UT * Fix issue with GCE scripts assuming Python2. * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Adding taint toleration error reasons * Re-enable apply for 50% of requests * Remove use of CustomResourceSubresources feature gate, CRD field clearing * Remove use of CustomResourceWebhookConversion feature gate * Remove use of CustomResourceDefaulting feature gate * Remove use of CustomResourcePublishOpenAPI feature gate * Remove deprecated GA feature gates * Do not serialize internal type, fix roundtrip * update gopkg.in/yaml.v2 to v2.2.8 * Add support for pre-allocated hugepages with 2 sizes * Return the error from copyInto * fix static check errors in vendor/k8s.io/apimachinery/pkg/api/resource * informers: don't treat relist same as sync * Staticcheck: vendor/k8s.io/kubectl/pkg/cmd/exec|config|certificates * Fix numPDBViolations when victims on same node are assigned same PDB * Debugging 87473, printing out the last state of the dependent * add warning on ObjectReference * Add env var(CNI_TAR_PREFIX) for cni install. cni release has changed the prefix, add a var to make this configurable. * don't wait blindly * remove unused layer of loop structure in processorListener::run * rename dynamic cert loading to be more accurate * add dynamic reloading for CSR signing controllers * Move default binding to a plugin * Migrate health monitor from read only port to healthz port * Record overall Filter latency for all nodes in a scheduling cycle. * Remove kubectl run generators * fix static check errors in test/integration/etcd * Delete the sysctl runtime admit handler * Delete TODO to use docker client * Add mergeFilteredHints: - Move remaining logic from mergeProvidersHints to generic top level mergeFilteredHints function. - Add numaNodes as parameter in order to make generic. - Move single NUMA node specific check to single-numa-node Merge function. * Fix CreateVolume signature in comment * Move filterSingleNumaHints call to top level Merge * kube-proxy: fix incorrect log information * Add filterProvidersHints function: - Move initial 'filtering' functionality to generic function filterProvidersHints level policy.go. - Call new function from top level Merge function. - Rename some variables/parameters to reflect changes. * Update filterHints to filterSingleNumaHints: - Change function name - Remove policy parameter (unnecessary) - Update unit test to reflect change * Remove `scheduler/algorithm/priorities` in import-restrictions * Drop the cadvisor test * Enable verify-import-boss check for e2e framework * bump github.com/google/gofuzz * Tweak new names * kubectl-diff: Test return code on failure and changes * Update Structured Merge Diff to V3 * Remove folder pkg/scheduler/algorithm * kubectl-diff: Return non-1 errors on kubectl failures * Default the --enable-cadvisor-endpoints flag to disabled * bumped pause-win to 1.1.0 * fix flaky test * Update CHANGELOG-1.15.md for v1.15.9. * Update CHANGELOG-1.16.md for v1.16.6. * Update CHANGELOG-1.17.md for v1.17.2. * Move GeneralPredicates logic to kubelet. * Deprecate scheduler's framework.plugins.RegistryArgs * Self nominate aojea as sig-network-reviewer * Move scheduler's SchedulerExtender interface to core/extenders.go * Update CHANGELOG-1.18.md for v1.18.0-alpha.2. * Add comments in several hack/verify-*.sh(s-v) * kubeadm: remove the deprecated GA CoreDNS feature-gate * Fix static check failures in test/e2e/instrumentation/logging/stackdriver * Initialize CPUManager containerMap to set of initial containers * Remove GetBinder member and replace it with a method. * Remove unnecessary slow binding test * client-go/cache/testing: add ability to simulate watch disruption * Refactor docker specific oom const out of qos pkg * Update comments and error messages in the CPUManager * Enable bound tokens in local-up-cluster * Fix multinode storage e2e tests for multizone clusters * Base CPUManager state reconciliation on container state, not pod state * Move CPUManager Pod Status logic before container loop * Fix describe of statefulset prints pointer not value * cleanup: delete unused func * fix static check failure in pkg/controller/disruption and pkg/controller/namespace/deletion * staticcheck: pkg/volume/fc, pkg/volume/portworx and pkg/volume/vsphere_volume * Add comments in several hack/verify-*.sh(g-r) * Use e2eskipper package in test/e2e/common/ * Simplified logic around context cancel, removing bugs * Refactored QueueSet configuration into two phases * Added server-side printers for the API object types for API priority and fairness * Use e2eskipper package in test/e2e/framework/ * Fix static check errors in pkg/util/netsh * Add flowcontrol to apiVersionPriorities * Add: promotion for LimitRange defaults test to Conformance * fix staticcheck errors in pkg/controller/daemon. * Unify --cluster-cidr in KCM and CCM * Clean up TODO around running test as sudo * Bump golang/mock version to v1.3.1 * Fixup comments in internalbootstrap * Use new storage clients in Azure cloud provider * Remove Brad Childs from OWNERS * switch to docker command line * Enabling EndpointSlice feature gate by default * Improve error message when diff binary is not in PATH * Creating new EndpointSliceProxying feature gate for kube-proxy * Made internalbootstrap gin up its own Scheme * add crash protection to wait functions that were missing it * dogged insistence on full verbosity * Move Snapshot from nodeinfo/snapshot to internal/cache * Support DryRun in cli-runtime REST Helper. * removed excess blank line * Rename cache's Snapshot to Dump * update generated files * Updating dependency google.golang.org/genproto to version v0.0.0-20190819201941-24fa4b261c55 * Updating dependency github.com/prometheus/client_model to version v0.0.0-20190812154241-14fe0d1b01d4 * Updating dependency google.golang.org/grpc to version v1.26.0 * Updating dependency github.com/gogo/protobuf to version v1.3.1 * delete unused field * Update validation for API Priority and Fairness * Fix staticcheck in pkg/controller/podgc * Add comments in several hack/verify-generated-*.sh * Update aws-sdk-go dependency to v1.28.2 * Implement default queue sort logic as a scheduler plugin * In test framework LoadConfig(), use CurrentContext.Server for TestContext.Host if it is unset. Otherwise, kubectl exec through http/kubectl proxy tests in test/e2e/kubectl/kubectl.go would fail with "--host variable must be set to the full URI to the api server on e2e run" error. With this change, running the following tests can now pass: $ e2e.test --kubeconfig=xxx --ginkgo.focus="should support exec through" * Modify alias of e2e/framework/job to e2ejob * rename some declartions named context in tests * Remove Brad Childs from OWNERS files * Fix golint errors in test/e2e/storage/vsphere * Move ValidateEndpointsPorts() to e2e test * Update CHANGELOG-1.15.md for v1.15.8. * Update CHANGELOG-1.16.md for v1.16.5. * Update bitmask printing to print in groups of 2 instead of all 64 bits * Add snapshot clients based on armclient * Add vmsize clients based on armclient * Add storageaccount clients based on armclient * Add disk clients based on armclient * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * Update TopologyManager single-numa-node logic to handle "don't cares" * Rename TopologyManager test TestPolicyBestEffortMerge for consistency * Cleanup use of defaultAffinity in mergePermutation of TopologyManager * SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run - set resource requests as well * Use reflect.DeepEqual check in policy_test.go * Update "Single NUMA hint generation" expected affinity to nil * Move test case "Two providers, 1 with 2 hints, 1 with single non-preferred hint matching" into specific policy tests * Move test case "Two providers, 1 hint each, same mask, 1 preferred, 1 not 2/2" into specific policy tests * Move test case "Two providers, 1 hint each, same mask, 1 preferred, 1 not 1/2" into specific policy test. * Move test case "Two providers, 1 hint each, no common mask" into specific policy tests. * Move test case "Single TopologyHint with Preferred as false and NUMANodeAffinity as nil" into specific policy tests. * Move test case "Single TopologyHint with Preferred as true and NUMANodeAffinity as nil" into specific policy tests. * Move test case "HintProvider returns empty non-nil map[string][]TopologyHint from provider" into specific policy tests. * Move test case "HintProvider returns -nil map[string][]TopologyHint from provider" into specific policy tests * Move test case 'HintProvider returns empty non-nil map[string][]TopologyHint' into specific policy tests. * Move test case 'TopologyHint not set' into individual policy tests * Restore policy_test.go to upstream Following commits will contain incremental changes to this file to ease review process and ensure all tests are accounted for. * Update checks in mergeProvidersHints: - Initialize best Hint to TopologyHint{} - Update checks. - Move generic unit test case into policy specific tests and updated expected outcome to reflect changes. * Restore original policy none test cases: Mistakenly overwritten in earlier commit * Make mergePermutation generic: - Remove policy parameters to make function generic - Move function into top level policy.go * Refactor filterHints: - Restructure function - Remove bug fix for catching {nil true} - To be fixed in later commit - Restore unit tests to original state for testing filterHints * Make iterateAllProviderTopologyHints generic: - Remove policy parameters to make this function generic. - Move function out of individual policies and into policy.go * Reinstate canAdmitPodResult in policy_none: This is to keep consistency with the other policies. This change may be made across all policies in a future PR, but removing it from the scope of this PR for now. * Edit hints returned from policies and unit tests: - Best Effort Policy: Return hint with nil affinity as opposed to defaultAffinity when provider has no preference for NUMA affinty or no possible NUMA affinities. - Single NUMA Node Policy: Remove defaultHint from mergeProvidersHints. Instead return appropriate TopologyHint where required. - Update unit tests to reflect changes. Some test cases moved into individual policy test functions due to differing returned affinties per policy. * Updates to single-numa-node policy: - Remove getHintMatch method. - Replace with simplified versions of mergePermutation and iterateAllProviderTopologyHints methods - as used in best-effort. - Remove getHintMatch unit tests. * Update unit tests: - Update filterHints test to reflect changes in previous commit. - Some common test cases achieve differing expected results based on policy due to independent merge strategies. These cases are moved into individual policy based test functions. * Update filterHints: - Only append valid preferred-true hints to filtered - Return true if allResourceHints only consist of nil-affinity/preferred-true hints: {nil true}, update defaultHint preference accordingly. * Additional unit tests for Topology Manager methods * Update single-numa-node policy unit tests * Add new functionality for single-numa-node policy: Explanation taken from original commit: - Change the current method of finding the best hint. Instead of going over all permutations, sort the hints and find the narrowest hint common to all resources. - Break out early when merging to a preferred hint is not possible * Return defaultAffinity from PolicyBestEffort: Now that PolicySingleNUMANode is not considered here, return defaultAffinity as was the original case before previous bug fix * Make mergeProviderHints policy-specific: - Remove need to pass policy and numaNodes as arguments - Remove PolicySingleNUMANode special case check in policy_best_effort - Add mergeProviderHints base to policy_single_numa_node for upcoming commit * Update policy_none removing canAdmitPodResult Update unit tests for none_policy Add Name test for policy_restricted * Refactor policy-best-effort - Modularize code with mergePermutation method * Fix ineffectual assignment to CPUSets * Fix golint warning for pkg/util/procfs/procfs_linux.go * test/e2e/framework/rc/:refactor function ByNameContainer * Add comments in several hack/verify-*.sh * move function GetKubemarkMasterComponentResoureUsage * Fix static check failures in test/e2e/instrumentation/monitoring * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * add README.md in hack/ * Add NewFakeKubeRegistry() for testing deprecated metrics. * add comment in hack/update-*.sh * cleanup(scheduler): remove unused function, remove duplicate comment, implement interface * Fix: formatting * Update: podTemplateList name; Fix: initial fetching of PodTemplates * fix golint error in plugin/pkg/auth/authorizer/rbac/bootstrappolicy * Fix: formatting * Fix: formatting * Fix: formatting * Fix: bazel build errors * Promote: Secret patching test * Promote: find Kuberntes Service in default Namespace * Update: formatting, cleanup, ExpectEqual statements * Promote: Namespace patch test * Remove check for empty activePods list in CPUManager removeStaleState * Add proper activePods list in TestGetTopologyHints for CPUManager * preemption: typo cleanup * Update vendor * Add PatchService method in service/helper. * Document the actual git tag the SHA was picked from * Updating dependency github.com/checkpoint-restore/go-criu to version 17b0214 * Updating dependency github.com/coreos/pkg to version 97fdf19 * Updating dependency github.com/elazarl/goproxy to version 947c36d * fix staticcheck errors in pkg/volume/hostpath. * fix static check in cluster/images/etcd-version-monitor * Use new clients in Azure cloud provider * Add virtualmachine clients based on armclient * Add subnet clients based on armclient * Add securitygroup clients based on armclient * Add routetable clients based on armclient * Add route clients based on armclient * Add publicipaddress clients based on armclient * Add loadbalancer clients based on armclient * Add interface clients based on armclient * Fix file name for VMSSVM client * clean node_authorizer code: verb judgement * Clean up commented assertions in tests * Revert "list vm instead of get when getting virtual machine" * remove TODO in test/e2e/framework/skip.go * hack/update-vendor.sh * Remove gonum.org/v1 dependency in code-generator * fix-static:pkg/volume/scaleio/ * Mark session affinity tests as [Flaky] * Fix: formatting * Add integration test for NodeResourceLimits plugin * Add: PodTemplate lifecycle test * Make CustomResourceDefinitionStatus fields optional * Add: ConfigMap lifecycle test * Update CHANGELOG-1.17.md for v1.17.1. * Make sure PDB has observed pods before doing eviction in e2e test * Set managedField probability to 0% * storage e2e: Add context to timeout errors * make request logs greppable * Nominate alculquicondor to sig-scheduling-maintainers * test/e2e/framework:refactor generateWriteBlockCmd due to the same function * Add richer unit tests for OomWatcher * Clean up rkt specific code in `pkg/kubelet/pleg` * Revert "Revert "Add an option to specify kubelet flags for heapster node."" * remove TODO(random-liu): Move pod wait function into this file * Update cri-tools to v1.17.0 * WIP: use e2eskipper package in test/e2e/autoscaling * WIP: use e2eskipper package in test/e2e/cloud * remove TODO in test/e2e/framework/providers/gce/ingress.go * update test data * use e2eskipper package in test/e2e/auth * Use e2eskipper package in e2e/scheduling and e2e/servicecatalog * fix ci-kubernetes-node-kubelet-serial Non-system critical priority classes are not allowed to have a value larger than HighestUserDefinablePriority * e2e/instrumentation:Use e2eskipper package * export changes to mo * modify strings * update po file for kubectl jp translation * kube-proxy unit test FilterIncorrectIPVersion * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Use v1 subjectaccessreview API in controller-manager CSR approver * set test image cloudbuild directory * Split findNodesThatFit into framework and extenders logic * Remove direct use of Snapshot's data structures * Remove scheduler framework dependency on predicates package * Fix a flaky scheduler preemption e2e * Multi arch for nonroot image * Remove unused KUBE_TEST_API logic * Allow embedding logs command * Fix GetPodLogs failures in NetworkPolicy e2e tests * fix staticcheck:pkg/volume/cinder * Fix error-string-capitalization in clientset generator. * fix-static:pkg/volume/emptydir * test/e2e/ui and test/e2e/upgrades:Use e2eskipper package * test/e2e/storage:Use e2eskipper package * e2e/gke_local_ssd.go and e2e/gke_node_pools.go:Use e2eskipper package * Immutable secrets/configmaps tests * Autogenerated * Immutable field and validation * Fix(kubectl): the field of history controllerrevision will be covered by daemonset * updating googleapis/gnostic to v0.1.0 * Update to golang@1.13.6 * test/e2e/windows/:Use e2eskipper package * kubeadm: support automatic retry after failing to pull image * test/e2e/kubectl test/e2e_kubeadm:Use e2eskipper package * e2e/network/: Use e2eskipper package * Remove duplicated ServiceStartTimeout * simplify 1.17 release note for storage * Move from random SHA - update github.com/prometheus/client_model to v0.1.0 * Further tweaking up the wording * update gonum.org/v1/gonum to v0.6.2 * changelog: clarify 1.17 upgrade requirements * updating github.com/smartystreets/goconvey v1.6.4 * update github.com/morikuni/aec to v1.0.0 * Update fieldmanager.go * Ensure a provider ID is set on a node if expected * Update azure_test.go * review: several fixes and addressing comments * add myself as feature approver (for SIG cloud provider) * Fix typo from reseting to resetting * Add some comment to hack/verify-linkcheck.sh * fix staticcheck:pkg/volume/awsebs * clean deprecated apiserver request metrics * remove last part of deprecated metrics * keep apiserver_request_latencies_summary * clean SinceInMicroseconds, convert to SinceInSeconds * remove deprecated metrics of proxy * remove deprecated metrics of dockershim * remove deprecated metrics of apiserver * remove deprecated metrics of scheduler * apply review advice again * remove deprecated metrics of etcd * remove deprecated metrics of kubelet * Image Promoter: Cleans manifest list * e2e/node/:Use e2eskipper package * Fix a flaky e2e test of Job completion * Use e2eskipper package in e2e/apps * fix: typos in comments of admission * clean unused predicate error * Remove scheduler/algorithm/priorities/util package * Add logs of port-forward-tester pod * Add error handling of CloseWrite() * Cleanup scheduler/algorithm/predicates package * Update: comments, searching for secrets in lists * Update Azure owners * fix golint error in pkg/apis/rbac * Remove workaround for RS bug in cmd apps test * refactor(scheduling): remove priorities package * fix nits * create probabilistic SkipNonAppliedManager * Fixed docker.log format * Add: secret data patch check * change Apply signature and move decoding into handlers * Revert "fix flakes on e2e test TCP CLOSE_WAIT timeout" * fix apply --prune to check cli specified namespace * Allow a preloaded gke-exec-auth-plugin * Do not require token secrets when using bound service account tokens * Remove nodes from cache immediately on delete events * feat(scheduling): address disabled plugins in scheduling framework * Remove uses of NodeInfoMap outside of snapshot and cache * Fix kubectl top sort-by cpu and sort-by memory options * move TaintToleration predicate to its plugin * Fix comment * pass through KUBE_BUILD_PLATFORMS to enable build on specified platforms * Add import-aliases check for e2e framework * Add error check for instance insert * Separate skip as framework subpackage * fix staticcheck failures of pkg/util/ipconfig pkg/util/iptables pkg/util/ipvs/testing * fix: remove ErrTopologySpreadConstraintsNotMatch * ipvs proxier README: fix typo * rm errserviceaffinityviolated * Break nodeunschedulable Filter plugins dependency on predicates package * change framework_extension_point_duration_seconds from sampling to always record * Update hostpath and mock csi drivers with latest sidecars * Add VolumeBinder to FrameworkHandle interface * remove test/integration dependency on predicates and algorithmprovider * network proxy with admission wh * remove e2e dependency on scheduler/predicates package * Repair smoke-test for Windows GCE clusters * Update scheduler's RunFilterPlugins to return a plugin to status map * Fix interpodaffinity issue * extend crd openapi e2e timeout to deflake the test, plus small improvements: * Move selector spreading priority code to plugin * Demote Delete Grace Period test to [Flaky] * Use Snapshot.NodeInfoList for listing operations * Enabled reading config files for vsphere e2e tests * Move IsAppArmorSupported() from e2e framework * fix flakes on e2e test TCP CLOSE_WAIT timeout * Cleanup cloud controller manager when closing cluster. * fix a bug that orphan revision cannot be adopted and sts cannot be synced * fix kubectl annotate local error * cleanup(api-machinery): remove unused struct and variable * fix typo * Remove redundant nil check * Add simple explanation to verify-spelling.sh * Break interpodaffinity Filter plugins dependency on predicates package * Image Promoter: Bump timeout limit * Refactor oom watcher to allow greater test coverage * Adding unit tests for kube-scheduler Config Complete() method. * Image Promoter: Remove -it from docker command * token cache: make fetch_total a counter * Add: JSON marshal error failure checking; Fix: formatting * Update: json patch generation * Add: test for finding service from listing all namespaces * Update: test secret contains a default label, secrets are listed via default label, patch payload is marshaled instead of written in raw JSON, secret deleted check; Fix: comments, test namespace usage * Revert "fix flakes on e2e test TCP CLOSE_WAIT timeout" * fix a bug in scheduler's node resource limits score * gofmt reflector.go * Clarified comment on DeltaFIFO::Replace * finished pass over comments on Controller, and commented sharedIndexInformer * A little more comment tweaking for cache.Controller * began turning attention to cache.Controller * Reworded comment on requestedResyncPeriod * Noted divergence between requestedResyncPeriod and resyncPeriod * Started commenting processors * Break volumezone Filter plugins dependency on predicates package * Change PDB tests to use pod conditions instead of phase * fix how we check for node info list consistency * kubeadm: Fix a false positive in a warning * Adding in missing Registry unit tests. * Break serviceaffinity Filter plugins dependency on predicates package * staticcheck:test/integration/master/ * Allow "kubelet --node-ip ::" to mean prefer IPv6 * Break nodelabel Filter plugins dependency on predicates package * staticcheck:test/integration/auth/ * fix kubemark use fake CRI * hollow-node use remote CRI * Remove unused scheduler types * Remove variable EXTERNAL_CLOUD_VOLUME_PLUGIN default value in local-up-cluster.sh * Update: to use framework instead of gomega for testing values * Add: OWNERS file - based off of staging/src/k8s.io/apimachinery/OWNERS * Update: namespaceName value updating order to prevent error expection * Update: formatting, gomega Expect to framework ExpectEqual, framework creation to standard function * Move publish and unpublish counting up in test * Fix: formatting, spelling * use az.List() to check route existence * Add: namespace patch test * Move yaml limit tests to benchmarks * Fix err variable shadowing issue in storage/utils * list vm instead of get when getting virtual machine * allow an SNI cert to be used to respond for a particular IP * move nodeaffinity predicate to its filter plugin * test images: Image Promoter fixes * Move RequestedToCapacityRatio argument processing to its plugin * Require client / server protocols * kubetestgen: improve errors handling * Fix local-up-cluster.sh do not work with non-intree external cloud provider issue. * fix log message error in nodelifecycle * bootstrap flow-control objects * kubeadm upgrades always persist the etcd backup for stacked * rename ExtenderConfig to Extender * Add: test to patch a secret * Break volumerestrictions Filter plugins dependency on predicates package * Break nodevolumelimits Filter plugins dependency on predicates package * Remove `rkt` from container runtime options * Correct comment around which integrations require cadvisor_stats * Remove dead code in fake docker client * Break volumebinding Filter plugins dependency on predicates package * remove unused code and use framework * clarify apiserver bind-address flag usage * fix flakes on e2e test TCP CLOSE_WAIT timeout * addressed comments * fix: correct the mentioned endpointslice manage label name. * fix fake remote CRI * cleanup unused scheduler functions/files * kubeadm: probe address for unspecified ips * Cleanup SetPredicatesOrderingDuringTest due to deprecation of predicates * Cleanup unused parameter of NewGenericScheduler * Break DS controller on scheduler predicates and predicate errors * adding private cluster check * Perform dead storage removal linearly * remove unused code test/e2e/framework/google_compute.go * Kubelet: add a metric to observe time since PLEG last seen * fix staticcheck failures of test/integration/client test/integration/disruption * Fix tests and improve comment on NewDeltaFIFO * Fixed assignment statements * Revised comments about f.knownObjects and added tests for Replace * Merge scheduler's ConfigProducerRegistry into LegacyRegistry * Don't paginate in listwatch * update comments of some funs in scheduling_queue * Remove no longer needed `modifyContainerPIDNamespaceOverrides` * remove TODO in test/e2e/framework/node/resource.go * fix staticcheck of pkg/util/ebtables * Updated comments on internal abstractions in client-go/tools/cache * if no cycle dependency , use framework in test/e2e_node subpackage * Add metrics for VMSS and VMSS clients * Move Azure metrics to a separate package * move functions from e2e/framework/deployment/ to e2e/apps/ and e2e/upgrades * Use new VMSS and VMSSVM client in Azure cloud provider * Add VMSS VM client * Add VMSS client * Addd Azure ARM client with backoff retries * CHANGELOG-1.17: add note about service CIDR bug * Minor nit in error message about feature gate stage * Define algorithm providers in terms of plugins. * Move resource-based priority functions to their Score plugins * Postpone flag warning log to just before it be used. * move funs of framework/volume to e2e/storage * Fix staticcheck failures of test/integration/replicationcontroller * Reword modifications for clarity * e2e: move funs of framework/viperconfig to e2e * clean useless code in client-go test * Skip scheduling the pod if it has been assumed and the pod updates could be skipped. * remove TODO in test/e2e/framework/auth/helpers * Return when removePod failed * Remove Todos for CSR checking * Output test description in TestPreemption * Add error handling for Register() call * Move WaitForFailure() to the test * kubeadm: tolerate whitespace when validating user CA PEMs * Add debugging message to know the pod status * Remove Delete/CreateSyncInNamespace() * Remove `recorder.PastEventf` method * Fixing regex for kubernetes version in kubeadm * Clean up unused variable from unit test. * fix static check failures in component-base/metrics * Update to golang@1.13.5 * refactor(pod log):refactor for container valiate, little cleanup * Switch to new ClientConfig for Azure cloud provider * fix staticcheck failures of test/integration/scale test/integration/serviceaccount test/integration/serving test/integration/volume * Add backoff retry which implements autorest.SendDecorator interface * Fix unit test to run in non-gce environments * Move client config to a separate package * publishing: Update to go@1.13.4 for kubernetes-1.16 * Move podtopologyspread priority logic to its Score plugin * Make CPUManagerCheckpointV2 type an alias of CPUManagerCheckpoint * test images: Adds E2E test image automated build * silence usage when pass bad cmd options * Lock checksum calculation for v1 CPUManager state to pre 1.18 logic * fix: test failures * fix: azure error should not retry on bad reqeust * Fix a typo in interpodaffinity score plugin * feat(scheduling): implement azure, cinder, ebs and gce as filter plugin * Add ipv6 examples for network policy API * Fix ensureStaticIP if name for existed address was changed * proxy: add some interface type assertions * alias kubeadmutil for k8s.io/kubernetes/cmd/kubeadm/app/util * e2e:remove func of framework/replicaset to e2e/upgrades/apps/replicasets.go * Move pod topology spread predicate logic to its filter plugin * fix link in readme * e2e:remove unused func in /test/e2e/framework/autoscaling/autoscaling_utils.go * Cleanup testapi after it has been removed * remove unused code in test/e2e/apps/deployment * Add alias of api/errors in endpointslice.go * remove TODO: Use return type string instead of []string and update func * Add apierrors as alias for k8s.io/apimachinery/pkg/api/errors * Move ServiceAntiAffinityPriority to score plugin * move funcs from test/e2e/framework/job to test/e2e/apps * Improve output of update-openapi-spec.sh when printing logs from file. * feat(scheduling): move csi volume predicates to csi filter plugin * Fixing Potential Race Condition in EndpointSlice Controller. * Use Deployment in sample-apiserver examples * Updating minor grammar errors. * Move CheckNodeUnschedulable predicate to its filter plugin * Move VolumeZone predicate to its Filter plugin * replace grpc.WithDialer which is deprecated * add missing alias of api errors under test * unify alias of api errors under pkg and staging * unify alias of api errors under test * move func EnableAndDisableInternalLB from test/e2e/framework/service to test/e2e/network * Remove unused function NewMetricExporter from e2e test * Deprecate scheduler predicate and priority factory registration * Come out of loop when omitempty is true * fix: azure disk could not mounted on Standard_DC4s/DC2s instances * e2e: move funs of framework/pv to e2e/storage * move nodepreferavoidpods to score plugin * Move ResourceLimitsPriority to its Score plugin * fix shell checks errors in cluster/common.sh * Fix simple typos * update defaultconfig link * Add simple explanation to verify-golint.sh * tighten ceiling for matching-precedence to 10000 * move NoDiskConflict predicate to its filter plugin * Added scheduler algorithm provider registery. * Move RequestedToCapacityRatio to plugins/noderesources * feat: implement node affinity priority as score plugin * add extra group and usage check for bootstraptoken * cleanup scheduler's in-tree plugins registry naming * validation.go: don't clamp the CIDR size calculations * Clean up kube-apiserver reference document * deprecate scheduling_algorithm_predicate/priority_evaluation_seconds * move Taint and toleration predicate to its Score plugin * Deprecate scheduling_duration_seconds Summary metric * Change log level to 3 when --random-fully is not supported * e2e: move funs of framework/deployment/fixtures.go to e2e/apps/deployment.go * fix: remove totalNumNodes from priority metadata * Update modules * Swith to retry.Error for Azure cloud provider * Use retry.Error for all Azure clients * Add retry Error definition * move funcs in replicaset to autoscaling_utils * kubeadm: kube-dns is deprecated and will not be supported in a future version * using string instead of byte * change print log for unity when during kubeadm init * introduce checker for the result of nodeInfo.Node() * Delete unused function from e2e test autoscaling_utils.go * fix kubectl run help image name * If lastTimestamp is not set use firstTimestamp when printing event * feat: implement image locality as score plugin * Move volumebinding predicate to its filter plugin * Add logs for rate limit values * Add unit test for extended ipv4 service IP range * Revert "remove ipallocator in favor of k/utils net package" * Fix staticcheck failures for pkg/proxy/... * Count dropped requests except system previledged group requests. * kubeadm: re-enable kubelet version check test in preflight * Change Azure global rate limit to per client * format test file * Add unit tests for pkg azure/auth * Remove ineffective calls in toUnstructured * Added back the flag to trigger examining all Filters in the scheduler. * fix azure cloud provider bug when lb specified in other resource group * bump k8s.io/utils version * Reuse converter in crdHandler#getOrCreateServingInfoFor * Cleanup failedPredicateMap from generic_scheduler.go * move inter pod affinity predicate logic to its Filter plugin * kubeadm: use bind-address instead of address * On OpenRC ServiceIsActive should not report true if no such service exists * Deprecate AlwaysCheckAllPredicates in scheduler Policy API * apiserver: add localhost to alternateDNS for IPv6 * Add simple reference to synopsis of kube-scheduler * fix apply set last applied namespace * hack/local-up-cluster: modify cloud provider launch to work with aws * Revert "Merge pull request #86376 from xieyanker/kubemark_deployment" * update to use e2e-up.sh instead of kubetest * Add instructions about how to use kubetest to bring up e2e test cluster * Update subnet mask calculation for compatibility with future VNIC changes * Bump Ginkgo module to release version * Bump Ginkgo to support building on riscv64 arch * swap over kube-apiserver manifest to use livez and readyz * Expect NodeUnpublish calls when NodePublish is called * move NodeLabel predicate logic to its Filter plugin * InterPodAffinity Priority as Score plugin * move NodeLabel priority logic to its Score plugin * Add klueska as an approver in test/e2e_node/OWNERS * Return error instead of panic when cpu manager starts failed. * update fluentd to 1.8.0 / fixed gemfile / fixed shellcheck lint problems by using xarg * Update README.md * kubenet: replace gateway with cni result * Revert pull request #85879 "hollow-node use remote CRI" * Sample apiserver: Avoid etcd listening on DNS result for "localhost" * Isolate kubectl test-cmd plugin tests * rename _count to _total in a few metrics * Fix golint failure not contained in .golint_failures * chore: port azure disk csi code to upstream * Fix cpu manager e2e test typo * It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. * Add a config option to azure cloud provider for the pre-configured loadbalancers * Adds PreProcessor and PostProcessor functions for modifying apply behavior * Define workloads specs by YAML * Wait for resizing condition * Allocate map when out points to nil map * remove personal kind.yaml that was added accidentally * Revert "promote e2e tests for taint-tolerations in predicates" * prevent blocking wait in cert reloading * Autogenerated * Remove DefaultConvert * Add CHANGELOG-1.18.md for v1.18.0-alpha.1. * change kubemark from ReplicationController to Deployment * Moves visitedUids and visitedNamespaces (used for pruning) into ApplyOptions * extract PreInitRuntimeService from NewMainKubelet * Adopt kubeadm and kubeproxy unit test after new config field added. * Move patch functionality for apply into its own file. * Moved prune functionality into its own file. * Refactored some apply printing functionality; removed unneeded count and objs variables * Created GetObjects() method for ApplyOptions and integrated into apply * Cloud node controller: Only call once into cloud provider * Split cronjob tests, so they don't interfere * Deal with auto-generated files: - Update bazel by hack/update-bazel.sh - make update * Add show hidden flag to kube-proxy * improves watch and report e2e test to also check IsResourceExpired since the API can return both errors (Gone, Expired) * fix: azure data disk should use same key as os disk by default * Deprecate PredicateMetadata * registered nodeports and noderesources prefilters * Use private master IP in GCE kubemark tests * cleanup(kubectl taint): fix Errorf and comment error, and remove unnecessary bool flag * Add klueska as an approver in pkg/kubelet/cm/OWNERS * support configuration of kube-proxy IPVS tcp,tcpfin,udp timeout * Allow kube-proxy iptables mode to support dual-stack, with the meta-proxier. * Add test cases for a helper function in controller manager * Refactor `kubectl proxy` command to have similar design pattern as other kubectl commands. * Check FileInfo against nil during walk of container dir path * Changes Visit() to Infos() in apply to keep slice of objects * Mark '[sig-apps] CronJob should delete successful/failed finished jobs with limit of one job' flaky * Mark '[sig-scheduling] PreemptionExecutionPath runs ReplicaSets to verify preemption running path' flaky * Job completed event added * Make e2e scale updates unconditional * suffix InSeconds to cacheTTL for clearification * Fix up the sub-test style * Add UID precondition to kubelet pod status patch updates * Add debugging for delete grace period e2e flake * auth: add metrics to token cache * Mark GCEPD test flaky * Update wardle e2e image * Build sample-apiserver image using kubernetes 1.17 / go 1.13 * Disable excessive logging in scheduler plugins * code-gen: fix argument type for plural exceptions * fix staticcheck faulures in 'cmd' pkg * fix misspelling in comment * networkPolicy validation ipv6 unit tests * kms: use negative cachesize value to disable caching * test/e2e: move funcs from test/e2e/pod to other folders * Deal with auto-generated files: - Update bazel by hack/update-bazel.sh * Deprecated metrics under /metrics/resource/v1alpha1 * Add new endpoint for resource metrics. * Fix staticcheck failures for test/images * Move service affinity predicate logic to its plugin. * e2e: move funs of framework/gpu to e2e_node * e2e: move funs of framework/deviceplugin to e2e_node * e2e: move funs of framework/job to e2e/upgrades/apps/job * e2e: move funs of framework/metrics to e2e_node * Promote StartupProbe to beta for 1.18 * fix: formating and typo * fix: address test failure and review comments * Add util function to merge resource lists * Add "kubectl describe node" resource tests * Add huge page usage stats to kubectl describe node * Update go version in go.mod * fix: add unit tests for truncate long subnet name on lb ip configuration * fix: should truncate long subnet name on lb rules * addons: elasticsearch supports automatically setting the advertise address * podfitsresource metadata as prefilter * Update semantics of EvenPodsSpread metadata object * Move EvenPodsSpread metadata computation logic as a PreFilter Plugin * add unit test * e2e: support long CSI driver names * cache ttl is configurable * [auth]Change example in can-i to apps instead of extensions * e2e: move funs of framework/statefulset to e2e/apps & e2e/upgrades * compatibility tests for default provider and mandatory filters * Fix build break - Hyperkube image needs kubelet/kubectl * Update addon permissions * Prune server-side print exemption list * Update generated files * Update storage hash to use ingress type for cross-group comparison * Use openapi fixture for server-side apply tests * Delete ReplicationControllerDummy * Remove references to unserved types * Remove ability to re-enable serving deprecated APIs * Remove testapi * Remove testapi use from pkg/api/testing * Remove use of testapi codecs, selflink, resourcepath functions * Install APIs directly for tests * wrap host ports metadata in a prefilter. * Don't report deletion of attached volume as warning * doc: remove Draven from test package reviewers * fix broken link: https://kubernetes-csi.github.io/docs/Drivers.html * fix staticcheck failures of test/e2e/manifest * move funcs from test/e2e/framework/replicaset to test/e2e/apps * Add getting Storage Quantity to ResourceList * Move added info and status stack trace to the end of line. * test/e2e/: use framework.Equal() replace gomega.Expect(...).To(gomega.BeTrue()|BeFalse()) * Clean up conformance tar test data * e2e-topology-manager: Fix bazel tests * Remove priority execution paths in favor of score plugins * remove ds dependeny on scheduler metadata * deprecate scheduler's FailureReason * e2e-topology-manager: Fix package name * e2e-topology-manager: fixes for gofmt * [WIP] e2e-topology-manager: Initial commit for E2E tests * inter-pod affinity prefilter * Upload containerd logs to stackdriver * Do not swallow timeout in manageReplicas * Add an interface to return scheduler framework instance * kubeadm: add basic validation around kubelet.conf parsing * Extend authorization benchmark * code-generator: update BUILD * code-generator: expose plural exceptions via flag * Add a unit test guarantees ClearState will fully clear a collector. * feat: remove several feature gates in 1.18 * fix: remove TaintNodesByCondition feature gate in daemon controller * add hwdef as a reviewer of hack * move test/e2e/framework/lifecycle/ test/framework/cloud/gcp * Ensure that error is returned on NodePublish * promote SataQiu to an approver of test and test/e2e/framework * Make sure critical pod in the preemption test is always cleaned up. * Set core_pattern to an absolute path. * Pass initial set of runtime containers to the CPUManager at startup * Move CPUManager Checkpoint restoration to Start() instead of New() * Update top-level CPUManager to adhere to new state semantics * Update CPUManager policies to adhere to new state semantics * Change CPUManager state to key off of podUID and containerName * Extend makePod() helper in CPUManager to take PodUID and ContainerName * Fix bug in parsing int to string in CPUManager tests * Move containerMap out of static policy and into top-level CPUManager * Update CPUmanager containerMap to allow removal by containerRef * Change CPUManager containerMap to key off of (podUID, containerName) * Update CPUmanager containerMap to also return a containerRef * Move CPUManager ContainerMap to its own package * persist deployed DNS configuration during kubeadm upgrade * fix log format string * expose the clientConfig to consumers trying to build custom clients against the kubeapiserver * dump information for all namespaces related to the test * allow configuration of customized AfterEach functions for all tests * Increase Burst limit for discovery client * Update CHANGELOG-1.16.md for v1.16.4. * Update CHANGELOG-1.15.md for v1.15.7. * Update CHANGELOG-1.14.md for v1.14.10. * Clarify intstr.IntValue() behavior * change CounterVec to use Counter in the Kubelet's Pod Lifecycle Event Generator * client-go: update INSTALL.md to include semver tags * e2e: move funs of framework/service to e2e/network * test/e2e_node/:use framework.Equal() instead of using gomega.Expect(bool).To(gomega.BeTrue(),explain) * Revert "Add an option to specify kubelet flags for heapster node." * test/e2e/storage : use framework.Equal() replace gomega.Expect(...).To(gomega.BeTrue(),...) * Eliminate running paths of Predicates in scheduler * fix staticcheck failures of e2e/storage/utils e2e/storage/vsphere * Ensuring kube-proxy does not mutate shared EndpointSlices * shared authenticator lookups * vendor golang.org/x/sync/singleflight * Added alejandrox1 to test/approvers * Adds tests * Generates boilerplate code * Adds the algorithm implementation for the Configurable HPA * Adds validation rules and proper defaults * Introduces all API changes needed for Configurable HPA PR * Fix inter-pod affinity scheduler benchmarks * change FakeWatcher.Stopped to be a private field, as read it directly may cause Read/Write conflict race * fix potential memory leak issue in processing watch request * fix staticcheck failures of e2e/storage/drivers e2e/storage/testsuites * e2e: remove unused method in e2e/framework/log * e2e: move funs of framework/kubelet to e2e/scheduling * Drop v1.15.0 API test data * Add v1.17.0 API compatibility data * Revert "staging/publishing: temporarily disable publishing tags" * Add kind/flake issue template * Update v1.17.0 CHANGELOG to match final draft * optimize required inter-pod affinity * Update CHANGELOG-1.17.md for v1.17.0. * Increasing LoadBalancerPollTimeout from 15 to 22 minutes * update RBAC rules in e2e aggregator test * e2e storage: fix type in comment * Make error message and service message more clear * e2e storage: improve instructions for external driver testing * Add serathius to metrics-server OWNERS file * Remove cluster-monitoring * update total_limit_size * update fluentd-es-configmap * fluentd add port promtheus and health check * es add readiness and liveness health check * e2e: remove unused method in e2e/framework/autoscaling. * invoke getTypedVersion() instead of direct runtime call * Return all predicate failures instead of the first one * move funs of framework/deployment to e2e/apps * updated fluentd to 1.7.4 + plugin updates and switch to debian buster * fix static check in kubectl/pkg/cmd/annotate. * move unwanted console output out of versiongetter. * Fix broken SELinux detection * fix staticcheck failures of test/e2e/storage * kubectl oidc auth-provider: include cluster address in cache key * slim down some lister expansions * ping kmsplugin gentely when in good state * Changed Kubelet client and serving cert TTL/Expiry certs to use gaugefunc for calculating time remaining. * Ensuring EndpointSlices are not used for Windows kube-proxy implementations * kubelet: guarantee at most only one cinfo per containerID * optimize preferred pod affinity * kubectl/drain: add option skip-wait-for-delete-timeout * staging/publishing: temporarily disable publishing tags * correct invalid urls * fix staticcheck in test/integration/apiserver * Fix IPv6 addresses lost issue in pure ipv6 vsphere environment * Add cache for VMSS. * Add an option to specify kubelet flags for heapster node. * kubeadm: Throw an error if the currentContext does not exists * Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made * inject remoteRuntime to kubelet dependency * kubectl change podSecurityPolicy group * promote e2e tests for taint-tolerations in predicates * remove two unused metrics * Two bug fixes: (1) at least log something out if we fail to register our health check, (2) actually register a prometheus metric. I delete the deprecated metric in this block because there isn't any point to it, since no one can be broken by changing a metric that doesn't get collected * Fix nil pointer dereference in the azure provider * disable node deletion detach test * Add current chairs to component base approvers * expect node to be recreated with the same name * When running `kubectl drain` in dry-run, list warnings and pods that would be deleted. * Deflake kubectl custom printing test * Include cloud/gcp in e2e.test * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Revert "kubeadm: don't check if image exists before pulling" * bazel update * e2e storage: add compile test for public TestSuite API * e2e storage: public API for testsuites, support CSIInlineVolume type for generic resource * Removing conditional check * Included CSINode describer * increase LRU cache size 8x for authorization webhook * added benchmarks for preferred (anti)pod affinity * test/e2e/auth: Fix static check failures * Run all csi-hostpath containers as privileged * Refactor kubelet component config lenient path decoding * add hack/verify-typecheck-providerless.sh * typecheck support setting tags, skipping test code, and ignoring directories * fix staticcheck in test/e2e/network/ * Convert ExpectEqual(err, nil) to ExpectNoError(err) * fix: typo Snapshoting to Snapshotting * fix staticcheck in pkg/printers * Revert "Use ExpectEqual test/e2e_node" * Update GCE Windows startup scripts for TPM-based authentication * Sync the status of static Pods * remove framework dependency from framework sub-package kubectl * moved WriteFileViaContainer and ReadFileViaContainer to kubectl_utils * remove CheckFileSizeViaContainer from framework * move KubectlCmd out of utils into its own package * Use typed errors for special casing volume progress * remove max pods from e2e test * scheduler benchmark: allow to override bench prefix * Fix Cpu Requests priority Windows. * Fix waiting for logexporter log fetching processes * Deleted extra 'phase' in command example * Create kubemark cluster as private * fix staticcheck errors in legacy-cloud-providers/azure * Cleanup converter * Fix bug in ignoring untypes conversions * Cleanup old-style conversions * Cleanup metav1 conversions * run `hack/update-bazel.sh` * Enhance error message for failed controlplane init * fix golint check in test/e2e_node/runner/remote * `kubectl create clusterrolebinding` creates rbac.authorization.k8s.io/v1 object * hollow-node use remote CRI * handle registry merge error * Utilize Context with timeout in gce_instances.go * Rename PodDisruptionsAllowed to DisruptionsAllowed in type PodDisruptionBudgetStatus * kubectl/drain: add disable-eviction option * Utilize Context with timeout in GCE operations * optimize anti-affinity predicate * Address PR comment * Revert "Fix shellcheck failure in log-dump/log-dump.sh" * Update checks.go * [generated] bazels and vendor/modules.txt * santize codegen scripts * s/apiextensions/apiextensionsv1/ for all imports in k/k * switch to v1 crd * Be more agressive acquiring the iptables lock * fix staticcheck failures of test/e2e/upgrade * Deflake delete grace period e2e * Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Deflake pod readiness e2e * Enable hidden custom collectors when calling SetShowHidden(). * All stable collector should be tracked in registry. * The descs in a stable collector should be tracked by a map instead of slice. * add PredicateFunc for configmap * Use ExpectEqual test/e2e_node * use ExpectEqual of framework in test/e2e/storage * Fix golint issues in test/e2e/lifecycle/ * Fix func VerifyLatencyWithinThreshold() to local * cmd/kube-controller-manager: fix staticcheck warning * apimachinery: fix bugs in a Test function * add err handling in gce/gci * Replace the hostname in the fluentd config file even if the file exists * Add test cases to verify kubelet & kube-proxy can recover if being killed accidentally * Adds initial unit tests for tablegenerator.go * Use GCS bucket for crictl on windows. * Add defaulting logic for EncryptionConfiguration. * make scheduling queue start before the scheduler starts and stops after the scheduler stops * update scheduler benchmarks to be more representative * kubeadm: set cluster name on the controller manager * update gopkg.in/yaml.v2 to v2.2.7 * Ensure that metadata directory is not created if secret is not found * Handle the case of remounts correctly * Rename MarkVolumeMountedOpts to MarkVolumeOpts * Change interface of SetUp function * Change signature of MountDevice function and remove MountDeviceWithStatusTracking * Refactor NodeStage function * Add tests for verifying in-progress state * Update generated files * Add code to handle Setup With Status tracking * Implement return status codes * Ensure webhook backend requests are not artificially rate-limited * Make sure PodExistsInVolume does not uses uncertain volumes * Add code to mark volume as uncertain * Add code for introducing uncertain state of mounts * fix: replace TrimLeft with TrimPrefix and TrimRight with TrimSuffix * Make APIService.spec.service optional in the openapi v2 spec * Cleanup default conversions * Cleanup metav1 conversions * Use new-style conversions in default conversions * Optimize:remove unnecessary judgment * fix staticcheck in test/e2e/cloud/ * Use expect equal test/e2e/upgrades * remove Kubeadm-env file overwrite from apply and node command * kubeadm: Improve resiliency in CreateOrMutateConfigMap * kubeadm: use correct IP family for etcd localhost * Log error when writing checkpoint fails * Remove nodes slice in loop of takeByTopology * optimize scheduler's UpdateNodeInfoSnapshot * Nominate liu-cong to be sig-scheduling reviewer. * Switch addon resizer to 1.8.7 * Remove stale comment re making apiserver common names dynamic * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * Fix comment typo * fix golint failures of test/e2e_node/remote * rm -rf staging/src/k8s.io/apiextensions-apiserver/pkg/client * Fix NetworkPolicy PolicyTypes validation * Update go-winio module version from 0.4.11 to 0.4.14 * fix: padded base64 encoded docker auth field * All check for instanceID * apiextensions: filter required nullable to workaround kubectl validation * use framework refactor code in test/e2e/common * drop KUBE_TIMEOUT in test/cmd/kubeadm.sh * setting kubemark node labels * fxing kubemark node labels * Deal with auto-generated files: - Update bazel by hack/update-bazel.sh * Add ClearState() API to Desc. Add create() API for Desc Add annotatedHelp fields to Desc. * Add kind/deprecation to pull request template * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * use ExpectEqual of framework in test/e2e/autoscaling/ * Fix iscsi refcounter in the case of no Block iscsi volumes * catch the exception raised in Remove-HnsPolicyList * update cadvisor dependency to v0.35.0 * stop spamming the log on failures with full objects * remove redundant definition of the defaultProvider in the scheduler * Move hostdns.conf out of cni directory. * Add containerd windows support on GCE for test. * export scheduler.Snapshot function, needed for cluster autoscaler integration * Reduce unnecessary Set in updateAllocatedDevices * Deal with auto-generated files: - update bazel by hack/update-bazel.sh * correct invalid urls in CHANGELOG file * Refactor custom collector unit test. * use framewoek in test/e2e/cloud * e2e: use log functions of core framework on pv, testfiles and volume sub packages * Adding KubeProxyConfigMap19 checking in test-e2e-kubeadm * Clarify client-go issue location (#85464) * pkg/master: Fix static check failures * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * kubeadm: simplify discover/token and add detailed unit tests * Enable update-bazel.sh outside of GOPATH * Delete client node selector during volume creation * add applyto tests for controller configs * fix kube-apiserver poststarthook additions to avoid duplicating them * Fix benchmark artifact parsing. * fixup kubectl test * Attach runtimeclass printer * Attach resourcequota printer * Improve rolebinding/clusterrolebinding printers * Add webhook printers * Add CSINode/CSIDriver printers * Switch TableGenerator/TableConvertor interfaces to metav1 * Fix AWS eventual consistency of AttachDisk * test/e2e/apimachinery: fix staticcheck warning * Extend Registerable interface with FQName() and track collector by name. * lazyInit accepts fqName when init. * kubeadm: Group centric component configs * Flip CSIMigrationOpenStack flag to be beta and off by default * fix golint issues in test/e2e_node * fix broken link:https://kubernetes.io/docs/concepts/overview/object-management-kubectl/ * Use plugin name for filtering metrics * Fix PVC condition check for offline resizing * add test coverage with kubectl get components * modify the error url of autoscaler * Switch storage version to use v1.CSINode in 1.18 * Fix resource version precondition on pod delete * Add RainbowMango to onwer list of metrics stability framework. * Rename Azure driver to Azure Disk driver * add myself to sig-network-approvers * Fix HTTP readiness/liveness probes for local node * Add support for new dual-stack flags for kubernetes-controller- manager in kubeadm: - node-cidr-mask-size-ipv4 - node-cidr-mask-size-ipv6 * don't error if set-resources patch is empty * kubeadm: update image pull tests * fix etcd version check error on ARM * kubeadm: don't check if image exists before pulling * refactor: incorporated the review comments * Revert "remove redundant `source` in shell" * Deep copying EndpointSlices in reconciler before modifying them. * make elasticsearch discovery supports IPv6 * apimachinery: Fix Dropped Test Error (#85427) * removed comments referencing akse * kubectl/drain: Add context support * Provided a mechanism to re-register hidden metrics. * refactor(golint): lint fixes for iptables test file * Hi San Diego (#85424) * Added rest client metrics for client TTL and rot. (#84382) * Fix kubectl conversions * Output port as number in error message * Fix GKE upgrade test. * Update CHANGELOG-1.17.md for v1.17.0-rc.1. * kubeadm: add a upgrade health check that deploys a Job * Dump namespace if the namespace could not be cleaned up * stop_kubemark * fix broken link :https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md * fix broken link :https://github.com/kubernetes/community/blob/master/contributors/devel/cri-validation.md * Revert "kube-proxy: check KUBE-MARK-DROP" * Print nominated pods on the node when dumping scheduler cached NodeInfo * generalize solution * add pod info when failing to add pod to queue * check service status value returned by EnsureLoadBalancer * Promote a TCP probe test to Conformance * better comments * Fix a bug in port-forward: named port not working with service * misc fixes * Set default value for TEST_CLUSTER_LOG_LEVEL and KUBE_GCE_INSTANCE_PREFIX * fix kubemark output error * Add public documentation for kubelet/apis/config * Set node cidr mask size ipv4/ipv6 config * fix 1-12 number urls * add cofyc as local volume owner * Sets HostNetwork to False for tests which do not require it * apiserver: add Retry-After header to response when apiserver is shutting down * client-go: add connection refused to list of transient errors * upgrade api-version to fix azure file AuthorizationFailure * kubelet/network: add sig-network-approvers to OWNERS * Fix device plugin generator script * use context to check client closed instead of http.CloseNotifier in processing watch request * SafeSysctlWhitelist: add net.ipv4.ping_group_range * chore(gofmt): go format fix * [pkg/auth/nodeidentifier/default_test.go]: fix testing error message typo * Fix golint issues in pkg/kubelet/events/event.go * Remove the derprecated API RawRegister from stability framework * chore(lint): removing the iptables pkg * chore(lint): lint fix in /pkg/util/iptables * chore(lint): fix iptable.go file lint * Wait for kubelet & kube-proxy to be ready within 10s * Support Azure Stack dynamic environments * Plumb test state through to fake volume host creation for error handling * Fix grammar: have -> has * Tolerate unset $GOBIN * added yliaog to OWNERS * Test writing configurations with numeric names * tests: Removes [LinuxOnly] tag from a few tests * Add tests for kubeproxyconfig * Add componentconfig package testing files * Migrate Kubemark to distroless * Enable snapshottable e2e test for csi pd driver * kubeadm: reset raises warnings if it cannot delete folders * proxier: improve node topology event handler logic * remove redundant `source` in shell * use ExpectEqual in /e2e/auth * add ut for scheduler framework * Fix a comment typo in legacyNodeRoleBehaviorFeature * e2e: move LogFailedContainers out of e2e test framework util.go * fix-staticcheck in /test/e2e/windows * Move suites.go to e2e package * Remove e2e/framework/profile_gatherer.go * Add support for GOBIN to generate-groups.sh. * Included FSType in CSI volumes * Clean up cluster-service label from calico-policy-controller * Reduce visibility of prometheus libs * Deal with auto-generated files: - Update bazel by hack/update-bazel.sh * Add flag for which to show hidden metrics to kube-controller-manager * fix the defect in the shell scripts * Add matthyx to sig-node-reviewers * Hide kubelet metrics that have been deprecated in 1.14 * remove unused func * refactor events utils in e2e * Fix golint failures * modify dockerID to containerID * Add johnbelamaric as conformance code reviewer/approver * Fix shellcheck failure in log-dump/log-dump.sh * Fix golint issues in pkg/apis/batch/validation * Fix golint issues in pkg/registry/.../storage * Fix golint issues in pkg/util/sysctl/testing * kubelet: rename HTTPGetter interface * Allow usage of consts and variables for stable metrics in static analysis * Fix golint failures for pkg/kubelet/config/... * Variables collides with imported package name * fix kubelet failed to start on setting hugetlb limits in non-exist cgroup dir cause by kubelet startup be interrupted on setting list of cgroups In the 'cgroupManagerImpl.Exists' not check&recreate the hugetlb cgroup dir. Then setting the limits in non-exist cgroup dir will cause kubelet start failed. * kubelet: add certificate rotation error metric * Replace nginx image with agnhost in sig-node pods tests * correctly handle resetting cpuacct in a live container * Drop version from static openapi json file * simplify volume zone checker * Log mvcc revision compaction as warning * Fix validation for metav1 fuzz targets. * fix syntax error in test * Fix error in periodic resyncs description * Clarify that OnUpdate can mask delete and recreate * Declare constants in pods test as const * ignore image err when docker image has been cleaned up * [k8s.io/sample-controller/controller.go]: fixup minor typo * Centralizes images into agnhost (part 4) * Fix golint errors * Add support for builtin modules in kube-proxy * kubectl: remove unreachable code * Fix etcd-version-monitor readme and yaml file. * Update Calico to v3.8.4 * Bind kube-dns containers to linux nodes to avoid Windows scheduling * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * Bind metadata-agent containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * Bind dns-horizontal containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * update CRI to support hugepages * hostport return error when claim SCTP type port * healthz: instrument root healthz requests for metrics * Clalify how to contribute to kubectl book * cri_stats_provider: do not consider exited containers when calculating cpu usage * Shorten health check timeout for AWS NLB with externalTrafficPolicy: Local * Fix typo * Added e2e test to verify zone support across datacenters in the same vCenter * remove stateCheckPeriod * Bumped the number of times a node tries to lookup itself * Report api request throttling at v=3 * fix path to prow size plugin - Remove unused kubernetes-extra subpackage (for sources, use zypper si kubernetes-kubeadm with Source Repo enabled) - Tweak GOFLAGS for openSUSE, add -buildmode=pie - Increase _constraints to require 9GB of HDD storage - Update to version 1.17.4: * Removing kubectl get output e2e test * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * fix get-kube authorization headers * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Enable selinux tags in make targets - Introduce new packaging structure for smoother rolling upgrades [boo#1161289] - kubelet.sh replaces /usr/bin/kubelet for selecting correct version of kubelet - sysconfig.kubelet-kubernetes adds new KUBELET_VER sysconfig variable for defining new version of kubelet - Update to version 1.17.3: * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes - Do not use upstream default volume-plugin-dir only for openSUSE (bsc#1162093) - Update to version 1.17.2: * [1.17] No-op whitespace fix to CHANGELOG-1.17 to trigger a new 1.17 build * Add/Update CHANGELOG-1.17.md for v1.17.1. * Drop version from static openapi json file * Update to golang@1.13.5 * Revert reflector changes from PR #83520 from 1.17 * Fix IPv6 addresses lost issue in pure ipv6 vsphere environment * Fix unit test to run in non-gce environments * fix: azure disk could not mounted on Standard_DC4s/DC2s instances * Use legacyscheme's types rather than testapi ones * Fix nil pointer dereference in the azure provider * Add unit test for extended ipv4 service IP range * Revert "remove ipallocator in favor of k/utils net package" * It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. * Allocate map when out points to nil map * fix: azure data disk should use same key as os disk by default * Check FileInfo against nil during walk of container dir path * Add UID precondition to kubelet pod status patch updates * Add cache for VMSS. * Fix build break - Hyperkube image needs kubelet/kubectl * Include cloud/gcp in e2e.test * Do not swallow timeout in manageReplicas * Sync the status of static Pods * Increase Burst limit for discovery client * Update v1.17.0 CHANGELOG to match final draft * Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made * Fix broken SELinux detection * Add/Update CHANGELOG-1.17.md for v1.17.0. * Kubernetes version v1.17.1-beta.0 openapi-spec file updates * Deflake kubectl custom printing test * Move hostdns.conf out of cni directory. - Add kubeadm-opensuse-flexvolume.patch so kubeadm uses same path as kubelet (bsc#1084766) - Increase memory _constraints for ppc64le to avoid build failure w/ kubernetes version 1.17.0 "defaulter.go:288] cannot import package..." - Exclude ppc64 - Add patch for kubeadm: Improve resiliency in CreateOrMutateConfigMap kubeadm-improve-resilency-CreateOrMutateConfigMap.patch - Update to version 1.17.0: * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Switch addon resizer to 1.8.7 * Deflake pod readiness e2e * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Fix iscsi refcounter in the case of no Block iscsi volumes * Ensure webhook backend requests are not artificially rate-limited * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * fix: padded base64 encoded docker auth field * apiextensions: filter required nullable to workaround kubectl validation * update cadvisor dependency to v0.35.0 * Bumped the number of times a node tries to lookup itself * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * Fix GKE upgrade test. * Use plugin name for filtering metrics * Provided a mechanism to re-register hidden metrics. * Deep copying EndpointSlices in reconciler before modifying them. * Set node cidr mask size ipv4/ipv6 config * Revert "kube-proxy: check KUBE-MARK-DROP" * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.1. * Initialize FeatureGate map for KubeProxy config. #1929 * Fill in default node cidr mask size when dual stack is not enabled * apiextensions: fixup go-openapi constructor invocations * hack/pin-dependency.sh github.com/go-openapi/validate v0.19.5 * apiextensions: add items+type integration test * fix multiple node cidr masks in providerless build * add providerless tag to vsphere volume code * add providerless tags to new awsebs code * fix providerless build post-CSI migration * Plumb authorization webhook version from CLI to config * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Addon Manager: Fix parsing KUBECTL_EXTRA_PRUNE_WHITELIST * Remove metric be hidden log temporarily. * apiextensions: freeze & doc supported v1.16 OpenAPI formats * fix stress test: it's not doing anything * Skip Node printing in kubectl column test * fix nasty bug * inline GC in expiring cache * Add single-item list/watch to delegated authentication reader role * add comments for compatibility * Disabling EndpointSlice feature gate by default * apiextensions: ratcheting update validation for atomic item of set list-type * apiextensions: factor out predicate iterator in validation * Fix label mutation in endpoints controller * Reverting managed-by-setup annotation * Jump out of spec translation early if the spec is not migratable. Unit tests work after all! * Add CSINodes to AttachDetachControllerRecovery test * Panic on error when creating fake volume host, add a TODO to clean up later * De-race some CSI unit tests that were initializing the plugin manager?ger (and plugins) twice. Set some const variables earlier to support node info manager initialization and wait for initialization to complete before finishing plugin setup. * Update attachdetach-controller role to include permissions to get, list, and watch csinodes for CSIMigration * Flip CSIMigration and CSIMigrationGCE to Beta * kubeadm: Use only stdout when calling kubelet for its version * apiextensions: validate that list-type set has atomic items * apiextensions: clarify validation errors * apiextension: clarify what atomic means * Remove pkg/util/mount (moved out of tree) * kubeadm: use the right name for the no validator function * e2e: promote CRD defaulting test to conformance test * service topology: remove redundant API validation for local external traffic policy * Increase cache size for endpointslices. * pager.go: Don't set ResourveVersion on subsequent List calls * Add logic for translating zone/zones/allowtopologies * Autogenerated files * Flip CSIMigrationAWS flag to be beta and off by default * kube-proxy: sync rules when current node labels change detected * Service Topology implementation * Add API for feature gate ServiceTopology * Restrict mirror pod owner references (#84657) * Allow multiple node cidr masks in cm * Revert "Enable snapshot e2e test for csi pd driver" * Update inline volume translated PV Name to be unique per disk so that staging paths are unique * Separate staging/publish and unstaging/unpublish logics for block * Change publish path for CSI block volume per pod * Disable in-tree plugins migrated to CSI * Brushed up fairqueuing package * Split CustomBlockVolumeMapper and CustomBlockVolumeUnmapper * Refactor BlockVolumeMapper and BlockVolumeUnmapper interface * Move test inputs for EncryptionConfiguration tests into testdata. * migrate token cache to cache.Expiring * Add an expiring cache for the caching token authenticator * Avoid constructing table printer on every componentstatus request * Add support for --runtime-config=api/beta=false, --feature-gates=AllBeta=false * update pd csi driver controller manifests * Ensuring EndpointSlice controller does not start when feature gate or API are disabled * Use CSINodes v1 API in scheduler * Enable snapshottable e2e test for csi pd driver - add pd driver manifests - modify snapshottable test case * Move RegisterNodeFlags() to e2e_node test * Fix --resource-version handling in kubectl * rename PluginConfigArgs to AlgorithmConfigArgs * Change mount.NewOSExec to utilexec.New * Change getDeviceMajorMinor to use unix.Stat * Fix error messages in operation_generator.go * Remove remaining empty file in unmapBindMountDevice * Rename IsBindMountExist to IsDeviceBindMountExist * Remove klog for output error instead return err with context * Improve comments for volume path hanlder and volume.go * Check and return error first in IsSymlinkExist and IsBindMountExist * Move MapBlockVolume call to operation_generator and add UnmapBlockVolume * Make descriptor lock per pod and release it per pod * Change globalMapPath to bind mount from symlink * Check error return from closing connection * Update debian-iptables image digests for v12.0.1 build * Update debian-iptables iptables-wrapper script * Update debian-iptables image digests for v12.0.0 build * Add mode-detecting iptables wrappers to the debian-iptables image * Update debian-base image digests for v2.0.0 build * Bump debian-base to buster * add table convertor to componentstatus * add retry to etcd operations * Specify a port range to ILB firewall rule create. * Renamed FeatureGate RequestManagement to APIPriorityAndFairness * Regenerated pb.go for flowcontrol/v1alpha1 * updated generated files * applied gofmt * Identify cluster scope by a boolean field rather than a special namespace * Enabled discrimination on target namespace * Include *intstr.IntOrString in API compatibility tests * refactor apparmor utils in e2e * Correct the checking of robinIndex * Updating kube-proxy to support new EndpointSlice address types * pkg/kubeapiserver: fix staticcheck warning * pkg/client: fix staticcheck warning * Hide scheduler metrics that have been deprecated in 1.14 * Hide apiserver metrics that have been deprecated in 1.15 * add DeleteOptions conversion * Hide apiserver metrics that have been deprecated in 1.14 Update E2E test accordingly. * test(cr::update): add corresponding tests * add unit tests * remove disk locks per vm * tests: Adds large requests tests * Promoting EndpointSlices to beta * Update dependency vmware/govmomi to v0.20.3 * Update bucket for scheduler framework latency histograms. * Retire mount.Exec for k8s.io/utils/exec * guard kubeadm dependencies on k8s.io/kubernetes * Wait for terminating pods to be deleted * Add TODOs for removing invalid e2e dependencies * Strip nullable for Server-side apply * Update structured-merge-diff to latest version * Update CHANGELOG-1.16.md for v1.16.3. * Update CHANGELOG-1.14.md for v1.14.9. * Update CHANGELOG-1.15.md for v1.15.6. * report cache mises in cached token authenticator benchmark * Refactored PriorityLevelConfiguration * make client authentication optional for test kube-apiserver * Revert "76093 restructure LICENSES file generation" * Revert "76586 Add generated license files" * Increase cache size for leases * Remove an infinite poll * Store topology spread constraints in metadata with labels.Selector * fixed golint errors in pkg/apis/extensions register.go and types.go * Fixed lint and staticcheck oversights * Continue removing file in ManagerImpl#removeContents * kubeadm: enable kubelet client certificate rotation on primary CP nodes * Convert volume binder to use CSINode GA * Expand unit tests for topology translation in csi-translation-lib * Use CSI translation lib in VolumeBinderPredicate * Convert zones to volume topology in CSI translation lib * dynamic reload cluster authentication info for aggregated API servers * add RequiresExactMatch for label.Selector * Add Reset() API to stability framework * Hide proxy metrics that have been deprecated in 1.14 * Added overlooked BUILD files * fix wrong link * Brushing up queueset * Remove memory resource constraint * Windows: Fixes termination-file mounting for containerd * scheduler: make algorithm source an option * Use log functions of core framework on e2e/storage/utils * Add startupProbe result handling to kuberuntime * feat(scale): update CR in UpdatedObjectInfo impl * feat: graduate ResourceQuotaScopeSelectors to GA * Add comments to explain golang.org replace directives * Remove unused func and struct from pod.go * Hide metrics that have been deprecated in 1.14 * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Add metrics flag to show hidden metrics to kube-apiserver * Add common flag validation functionality shared by kube-binaries * 76586 Add generated license files * vsphere: check if volume exists before create * Remove unused function from e2e framework rest.go * 76093 restructure LICENSES file generation * serve hns.psm1 StackdriverLogging-v1-9.exe GetGcePdName.dll from GCS * Pass InformerFactory instead of indivisual informers in scheduler configuration logic * fix vmss dirty cache issue * Amend service controller code/test regarding finalizer GA * Promote service load balancer finalizer feature gate to GA * BUILD files * Relax namespace restriction for critical pods * Replaces modifying node object with returning a map of labels - Adds label to update flow so can be picked up by an existing node * Fix incorrect message on describe netpol * Move functions from e2e/framework/util.go Part-4 * allow individual ca bundles to be empty in union * update coredns version to 1.6.5, update manifest and corefile-migration version * Adding e2e tests covering EndpointSlice and Endpoints Controllers * bump vendor of corefile-migration lib to 1.0.4 which support migration of coredns up to version 1.6.5 * bump coredns version and update manifest * Add scheduler plugin execution duration metric. * create utilities inspecting server TLS certs * review changes - *Locked updates * Splitting IP address type into IPv4 and IPv6 for EndpointSlices * review changes * Updated NewSnapshot interface to accept a NodeInfoMap instead of lists of nodes and pods * fairqueuing implementation with unit tests * Quick steps for generating hyperkube image * Merging selectors for spreading into one * remove global variable dep in admission * tests: Replaces guestbook with agnhost equivalent * Promote WebhookAdmissionConfiguration to v1 * kubeadm: Amend the hyperkube deprecation change * AdmissionConfiguration v1 * Promote resource quota admission configuration to v1 * Eliminate couple unnecessary conversions * client-go/tools: Docs: Clarify what's "old" core/v1 and what's "new" events/v1beta1 * Removed clientset param from InjectContent * Remove argument "cs clientset.Interface" from testFlexVolume * Removed 2nd arg "cs" from TestVolumeClient * fixtures.go: Removed unused parameter "client" in testVolumeContent() * utils.go: Changed bashExec to shExec, bash not guaranteed. * test/e2e: Reduce need to use local kubectl * modify url https://github.com/kubernetes/kubernetes/pull62853 to https://github.com/kubernetes/kubernetes/pull/62853 * kube-proxy/ipvs get local addr just once per sync * modify istio url:https://istio.io/news/2018/announcing-0.8/ to https://istio.io/news/2018/announcing-0.8/ * alpha certs tries to read in-cluster config * Convert scheduler to use CSINode GA * Update hostpath CSI driver manifest * Enable volume limits e2e tests for CSI hostpath driver * Promote volume limits to GA * Ensure that Node lease has OwnerReference set * Fix data race in client-go UpdateTransportConfig * Remove unnecessary judgment * remove system validators package from kubeadm and use k8s.io/system-validators instead * - Delete backing string set from a threadSafeMap index when the string set length reaches 0. * generated * Switch kubelet/aggregated API servers to use v1 subjectaccessreviews * Switch kubelet/aggregated API servers to use v1 tokenreviews * Azure: Filter disks with ToBeDetached flag from attach/detach- UT * Azure: Filter disks with ToBeDetached flag from attach/detach * Remove plugin watching of deprecated directory {kubelet_root_dir}/plugins and support for CSI V0 in accordance with deprecation announcement in https://v1-13.docs.kubernetes.io/docs/setup/release/notes/ * adjust token cache benchmarks to get more accurate behavior * Moving WindowsRunAsUserName to beta * Check that endpoint has subset before accessing first subset * remove factory.Config struct and NewFromConfig * make Configurator.Create return a Scheduler * Removed unused method from e2e test framework * Add MetadataProducerFactory for predicates * Plumb configured acceptContentType to client config * kubeadm: Deprecate hyperkube use * alpha certs skip missing files * close scheduler kube-apiserver * publishing: bump Go versions in rules * Update Bazel * Fix RS informer handlers and handling expectations on delete * fix kubectl diff panic * move bindVolumes behind RunPermitPlugins * VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests * Always negotiate a decoder using ClientNegotiator * test: Exit early during resource helper test * test: kubectl unit tests should be using codecs without conversion * test: Set RateLimiter via client config vs direct casting * dynamic: The dynamic client no longer needs a special cased watch * test: Watch should fail immediately on negotiate errors * Create a shim for Codecs that handles client duties * Detect watch protocol errors via an e2e test for apimachinery * Remove deprecated-dynamic client * pkg/credentialprovider: fix staticcheck warning * Fix a typo in pkg/controller * Fix golint issues in pkg/registry/core/service/storage * kubeadm: always use a short timeout for clientset creation * Handle error return from allocatePodResources * Fix golint issues in pkg/apis/autoscaling/validation (#85041) * Print progress updates to stdout and publish to URL * kubeadm: remove the deprecated "--cri-socket" flag for "upgrade apply" * kubeadm: use the secure ports for kube-scheduler and kcm health checks * Fix golint issues in pkg/apis/policy * Fix golint issues in pkg/apis/authorization * set default percentageOfNodesToScore in kube-scheduler back to 0 (maning adaptive) * kubeadm: fix skipped etcd upgrade on secondary cp nodes * added nodeSelector: beta.kubernetes.io/os: linux * kubetestgen implementation * Support specifying a custom subnet for ILB ip * Adding new label to indicate what is managing an EndpointSlice * let standalone npd use kubelet credentials * Move stackdriver startup block after HNS stabilizes. Stackdriver is not functional if metadata-server doesnt respond. At this stage of the init script, metadata server is available * update github.com/docker/libnetwork to f0e46a7 - which bumps it's dependency to github.com/vishvananda/netlink to v1.0.0 * update github.com/vishvananda/netlink to v1.0.0 * Remove potential Goroutine leak in kubeadm wait.go * Update test logic to simulate NodeReady/False and NodeReady/Unknown events correctly * Add translation logic for EBS storage class fstype parameter * Move functions from e2e framework util.go * Enable verify-import-aliases check in CI * Add unit test to catch scheduler's node order evaluation regressions * unit tests * fix a panic when ipam tries to allocate an out of range pre-existing cidr * add featuregate inspection as admission plugin initializer * Add error detail * Remove unused function from e2e framework util.go * Add appProtocol to EndpointSlice.Port * Remove leftover factory directory * noderestriction: update node restriction unit tests to use stable instance-type label * Set TypeSetter in get print flags, like we do everywhere else * scheduler: max attachable volume predicate should also check stable instance-type label * cloud node controller: apply stable instance-type label with backfill to existing nodes * kubelet: add unit tests for backfilling stable os/arch/zone/region/instance-type labels * kubelet: apply both beta and stable instance-type label * api/core/v1: add stable node instance-type label * Move mount/fake.go to mount/fake_mount.go * move exec files back * copy exec file to preserve history * Move password retrieval to openstack_test.go * Remove json-iterator depth patch * bump github.com/json-iterator/go v1.1.8 * Autogenerated * Correctly autogenerate conversions for autoscaling v2beta2 * Revert changes to WaitForStableCluster in scheduler e2e test * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector and mark metrics with ALPHA. * Add envs for configuring hollow-node resource usage. * fixing docker fake client InspectExec * feat(scheduler): convert InterPodAffinity to score plugin * pkg/apis: fix staticcheck warning * typo list-type s/associative/map/ * flowcontrol rest storage implementation * clean up PriorityFunction * Add testcases covering large valid patches * fix race condition when attach/delete disk * Add NewLazyMetricWithTimestamp() API to stability framework. * Aggregate mulitple NodePreference custom priorities to a single score plugin. * test/e2e: check both beta and zone label for getting cluster zone * pkg/util/node: update GetZoneKey to check both beta and GA labels * kubelet: set both deprecated Beta and GA labels for zone/region topology from the cloud provider * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector for kubelet * node controller: set both deprecated Beta and GA labels for Zone/Region topology * core/v1: update well known labels for zones/regions to topology.kubernetes.io/zone and topology.kubernetes.io/region, mark beta labels as deprecated * fix: return NodeScore in even pods spread priority * Stop Watching when there is encoding error * Setting Hostname from Pods on EndpointSlice to match Endpoints behavior. * Add --certificate-key flag to token create * Set go version in fluentd-elasticsearch addon * Limiting the scope of new kubectl get e2e tests to decrease flakiness * close the kube-apiserver for taint tests * allow a verifyoptionsfunc to indicate that no certpool is available * Fix the import aliase nodev1beta1 * e2e_kubeadm: fix missing suite --test* flags * make azure fail if feature gates are not registered * update to version 7.3.2 * bumping up log level for not updated node * Update e2e framework WaitForStableCluster function * Add reclaimPolicy,volumeBindMode,allowVolumeExpandsion to kubectl get storage class * feat(scheduler): remove deprecated pattern in scheduler priority * Migrate CheckServiceAffinity custom predicate to Filter plugin * Add CustomCollectAndCompare to testutils which especially for custom collector Add GetRawDesc() to Desc. * json unmarshal coded error at function applyJSPatch() * Check for terminated reason appropriate for containerD and dockershim * adding pods lister * update k8s.io/kube-openapi to 30be4d16710a * Changed unmount function for subpath with dirs * Added test case for subpath mount with file * Renamed function * Changed test case to use `filepath.Walk` * Unmount subpath should only scan the first level dir * pkg/controller: fix staticcheck warning * delete unused func in latencies.go * Restrict visibility of prometheus to enforce usage of k8s.io/component-base/metrics * Fix record_command suppression of test errors * Fix run_kubectl_sort_by_tests * Fix run_pod_tests * Fix assert methods * e2e: Fix error where pods not logged * e2e: remove unused KubectlVersion function from framework/util * tests: Fixes tests for Windows (containerd, RunAsUserName) * Use framework.ExpectEqual() in unit test * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector to stablility framework * kubeadm: fix an issue with the kube-proxy container env. variables * Added new test, fixed existing tests. * Create ILB firewall name with prefix "k8s-fw". * feat: update interpod affinity priority with map reduce pattern * remove extra white spaces in v1.16 CHANGELOG * add deprecation warning for alpha.service-controller.kubernetes.io/exclude-balancer label in v1.16 CHANGELOG * hack/update-vendor.sh * hack/lint-dependencies.sh * bump golang/x/... dependencies * bump github.com/go-openapi/jsonpointer v0.19.3 * bump kazel, bazel, gazelle * Update build to go1.13.4 * Fix hack/pin-dependency.sh for go1.13 * Fixup integration tests for TLS1.3 * Move e2e_node flag copy into TestMain * opt out of module mode for builds * Remove unused skip functions * remove featuregate hard requirement from azure legacy cloudprovider * panic in featuregate if a requested feature is unknown * delete EqualPriority priority function, and make registering it a no op * Updating EndpointSlices to use PublishNotReadyAddresses from Services. * Fix apiserver to advertise IPv6 endpoints if bound to IPv6 * skip deployment update if migration fails * Fix storage e2e clean up * add close server missing from serviceaccount test * remove clusterauthentinfo configmap if it is too large * remove exist client hooks * publish cluster authentication trust via controller * Ensure devicemanager TopologyHints are regenerated after kubelet restart * fix golint error * Drop cmd/hyperkube * Script based hyperkube * validates non-resoruce-url * Remove Framework dependency on nodeinfo snapshot * e2e: add defaulting test * apiextensions-apiserver: promote defaulting to GA * Eliminate some default conversions * added --reserved-cpus kubelet command option * Correct spelling mistakes * kubeadm: use versioned component configs * Revert "enabling fluentd on kubemark" * refactor autoscaling utils in e2e * Add sig-scalability-approvers/reviewers as kubemark approvers/reviewers * feat: convert selector spread priority to score plugin * enable profiling by default in the scheduler * Fix watch test to expect Expired instead of Gone * Fix migration tranlation library for ebs * bazel files * Move out const strings in pkg/scheduler/api/well_known_labels.go * e2e: Provide more helpful error output for failing test * Move functions from e2e/framework/util.go Part-2 * add service selector cache in endpoint controller and endpointSlice controller * Stop create hidden metrics for custom metrics * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Add collector UT, and it's also an example for custom collector * Provides API for create const metric * Provides register apis for custom collector * Provide custome collector interface and default implementation * Extend prometheus.Desc * tracking nodes with pod with affinity * tests: Fixes minor agnhost error * bump CSI version to 1.2.0 * Mark rbac v1beta1 and v1alpha1 deprecated * Change scheduler ComponentConfig fields to nilable * Support comments in hack/.golint_failures * Aggregate mulitple NodePreference custom priorities to a single score plugin. * Validate scheduler configuration from config file * Write scheduler configuration from config file * Fix golint issues in pkg/kubeapiserver * Make GCE PD Access Mode reflect readonly status when translating an inline read only volume * Modify the status code number to HTTP status semantics * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Ensure CPUManager TopologyHints are regenerated after kubelet restart * Ensure health probes are created for local traffic policy UDP services on Azure * Convert multiple node label predicates to be a single filter plugin. * add event to remove and reject waitingpods * Fix typo in error reporting in graceful shutdown test * Add some more comments to GetTopologyHints() in the devicemanager * Sync all CPU and device state before generating TopologyHints for them * Abstract removeStaleState from reconcileState in CPUManager * fix golint failures of pkg/security/apparmor * expose PredicateMetadataProducer in generic scheduler * restrict max string length in log * use time.Until instead of t.Sub(time.Now()) * Promote NodeLease feature to GA * remove github.com/pborman/uuid * Move funcs of suites.go to e2e.go * migrate callers to g/g/uuid * Build: Use a better filter on find * Fix a TaintBasedEviction integration test flake * Move json,yaml,jsonpath printers to correct locations * Fix golint issues in test/e2e_kubeadm * Isolate configuration of etcd related parameters into a separate function. * Fix golint issues in pkg/controller/volume/persistentvolume/options * Revert "Make writing file via container in tests sync for real this time by enclosing multiple commands in quotes" * support URI SANs in local signer * refactor into seperate authority package * don't use cfssl in signer * also fix nil panic in lease and add tests for #84729 * Add benchmark test to compare EvenPodsSpreadPriority and SelectorSpreadPriority * Switch debugger configuration fields to pointers * Prevent panic due to Annotations being nil map * Additional mount comments * Change wardle API group to wardle.example.com * Modularize TopologyManager policy Merge() tests * Move TopologyManager TestPolicyMerge() to shared test file * Abstract TopologyManager Policy Merge() tests into their own function * Fix comments in TopologyManager * Move function from top-level TopologyManager to best-effort policy * Add Merge() API to TopologyManager Policy abstraction * Globalize a few TopologyManager functions * Pass a list of NUMA nodes to the various TopologyManager policies * Make restricted TopologyManager policy inherit from best-effort policy * Break TopologyManager.calculateAffinity() into more modular functions * Added LessThan() and IsEqual() methods for TopologyHints * vendor github.com/google/go-cmp/cmp/cmpopts * remove dependency on cfssl * Validate custom priority policy config. * Set user agent for e2e consistently * simplify check for IPv6 in kubelet. * feat: add SSE+CMK support for azure disk * change directory permissions from 0755 to 0750 * remove hack/e2e.go * Bumpd NodeProblemDetector * Move funcs of nodeutil to cloud/nodes.go. * Refactor the process to get ip address of loopback interface * Use log functions of core framework on test/e2e/framework/kubelet * cmd:fix staticcheck warning * Autogenerated * Add tags for autogenerating conversions for Option types * Add conversion function to pointer metav1.Time * deprecate cleanup-ipvs flag * Add linux selector to kube-proxy yaml. * autogen files * Fixes error in go_pkg() * manual API changes and code refactoring * Adding e2e test to ensure kubectl get output is using custom columns when desired. * Refactor tests for configure-helper.sh by moving environment config to testdata. * Updated usage of certificate.Manager to use new rotation metric * Make writing file via container in tests sync for real this time * Move functions from e2e/framework/util.go * Optimizing some format problems (#82983) * Do some Kubectl optimizations suggested by the golangci linter * Move json/yaml printer tests to correct location * scheduler: improve some comments and validation messages * fix log and annotation :cidr mask size must be <= node mask * Move funcs of create.go to e2e/storage * publishing: fix typo in rules * cmd/kubeadm/app: fix staticcheck warning * Moves test to new print_flags_test.go * Move small test back to printers_test.go * Skip GetPodNetworkStatus when CNI not yet initialized * Rename test/data directory to testdata * Added rotation metric to certificate manager * Remove checks for PodShareProcessNamespace feature gate * adding test for retrying MarkPodsNotReady * MarkPodsNotReady retry fix * Cleaned up skip functions from e2e framework * Update k8s.io/utils dependency to latest * Ensure EndpointSlice exist if Endpoint is unchanged * Grab init containers logs in e2e tests * feat: add azure disk encryption(SSE+CMK) support * log the reconstructed device and add break * Don't use hardcoded /go GOPATH in benchmark-dockerized.sh * Add lenient decoding path for v1alpha1 kube-scheduler config * Add serathius to sig-instrumentation-reviewers * test/e2e: AddOrUpdateAvoidPodOnNode/RemoveAvoidPodsOffNode: retry when conflict hit during annotation update * feat: make prioritizeNodes private function of genericScheduler * publishing: add 1.17 rules * publishing: remove 1.13 rules * Results of running update scripts: update-openapi-spec * Use log functions of core framework on test/e2e/freamwork/psp.go * Migrate EvenPodsSpread Priority as Score plugin in map/reduce style * Fix rebase issue * Dump GKE windows test logs via diagnostics tool * Force file sync after writing file via container and wait for pod to disappear after removal in test * Change the way of synchronization in staging/.../apiserver stopAllDelegates will signal other functions to stop updating, instead of acquiring a Mutex and never unlock it * Move the common logic of checking for kms-plugin's version into gRPC client interceptor. * Add davidz627 as owner of pkg/volume/csi * Update bazel * Add scheduler cache size metrics * Fixing EndpointSlice port validation * Add HTTP 410 (Gone) status code checks to reflector and relist with RV='' * Only put un-filtered pod in podDeleteList * fixes crd per-version validation field path * propagate proxy env var to kube-proxy * fixes for tests to pass with FIPS compiler * Make k8s.io/kubernetes dependency policy explicit * RequestedToCapacityRatio as score plugin * delete nodeinfo lister * Autogenerated * tags * Cleanup clientcmd conversion * Add lenient decoding path for v1alpha1 kube-proxy * fix build failure after azure go sdk upgrade * Update Azure/azure-sdk-for-go * adding api spec change and generated files in staging * Expose filteredNodes to func PriorityMetadataProducer * Fixes staticcheck failures and golint failures * Update generated files * Add mirror pod e2e test * Inject owner references into mirror pods * update-vendor.sh; updates modules files * moved Pull-InfraContainer to the last * Moves kubectl get subcommand to staging * delete unused cache * switched to use the pause image served from gcr * Update priorities to use SharedLister instead of using the snapshot directly * Update etcd.sh to use v3 endpoint * Use DNS_SERVER_IP as --cluster-dns in all cases. * Add conformance-behavior-approvers to OWNERS_ALIASES * Adding owners file for Endpoint controller utils * switch cni plugin download to be from gcs bucket * Delete extraneous CHANGELOG-*.md files on branch. * Kubernetes version v1.18.0-alpha.0 openapi-spec file updates * retain corefile when migration fails * Cancel context to make sure all plugins are cancelled when each schedule finishes * Fix typo in admission webhook * golint changes * If an iptables proxier sync fails, retry after iptablesSyncPeriod * BoundedFrequencyRunner: add RetryAfter * Make sure score plugins are executed when no priority configured * e2e: share /dev with host in hostpath driver deployment * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Remove directly reference to Prometheus * move test specific functions from rc_util.go * [generated] ./hack/update-all.sh * adding validation * copy-pasted internal model w/ field-tags pruned * non-generated api models misc * external api models * Remove unused functions in framework.go * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Introduce GaugeFunc to stability framework * Update default etcd server to 3.4.3 * improve error handling in cloud node controller * Fix a double lock in test/utils * Fix a data race in registrytest * Prevent 2 goroutines from being leaked if proxy hangs * Handle expired errors with RV>0 in pager, don't full list if 1st page is expired * Avoid going back in time in reflector framework * bazel and gofmt fixes * Fix golint errors in pkg/credentialprovider/gcp * Convert attach-detach controller to use v1.CSINode * Update tests to use v1.CSINode * Kubelet creates v1.CSINode * Move feature gate to GA * generated files * Add CSINode to storage/v1 * Add unit test for scheduler custom policy redeclaration validation * removed powershell-yaml module dependency * kubeadm-validators: bump the latest validated Docker version to 19.03 * Autogenerated * Cleanup conversions * e2e storage: bump revision of sidecars and driver * kubeadm: always add a flex volume path for the controller-manager * add a fallback for kube-scheduler when events.k8s.io is disabled * Adds Windows build information as a label on the node * fix TestInterPodAffinity case * better HostExec - separate stdout and stderr - return command exit code - remove kubectl dependency * Remove prometheus references in test/integration * refactor(*): fix comparison to bool constant, return redundant * Update bootstrappolicy RBAC rules for migration to lease API * Migrate components to EndpointsLeases leader election lock * When schedule begins, run snapshot before prefilter plugins * unit test: TestAdmitUnderNodeConditions * use HostExec and sets.String * simplify global mount points check * Add e2e test to check for filesystem volume device mount cleanup * support local volume with block source reconstruction * Change DescribeItem to local func * kube-proxy: check KUBE-MARK-DROP * reject pods when under disk pressure * Update GetMountRefs comments * move funcs of expect.go to e2e/common * Change FuzzTime to FuzzTimeStrict for naming consistency * Kubectl certificate signing: fix certificate deny message (#84400) * Fix metrics will be hidden in current minor release issue. * remove reference to promhttp in kubelet * Convert NodeLabelPresence custom predicate to filter plugin. * Apply feature gates in scheduler policy api compatibility test * Update PredicateMetadataProducer to accept a scheduler SharedLister instead of nodeinfomap * Update GCE PD CSI Driver YAMLS to v0.6.0 for testing. Enable Raw Block tests * Change all scheduler's Node and Pod list/lookups to be from the snapshot rather than the cache. * Separate e2enetwork from e2e core framework * Handle bazel >= 0.25 in stable metric static analysis * Pass list of files through stdin to avoid hitting ARG_MAX on some environments * Adds some basic READMEs to some of the test images * add status.podIPs in downward api * Building peer-finder on s390x * Fixing comments FuzzDurationStrict and FuzzMicroTimeStrict * Dynamic SNI certificates * Remove Alpha feature Mount Containers * set config.BindAddress to IPv4 address "127.0.0.1" if not specified * Generated code for PodShareProcessNamespace GA * Promote feature PodShareProcessNamespace to GA * Fix deployment e2e test at scale * Run hack/update-generated-protobuf.sh for XMapType * Run hack/update-openapi-spec.sh for XMapType * Add validation for XMapType * Optionally run e2e pod as privileged for SELinux * rename scheduler fake listers * Enable cAdvisor ProcessMetrics collecting * Fix incorrect whitespaces plural * feat: remove suspendedDaemonPods from daemon controller * Add note on the applicability of --grace-period * Move PokeUDP() to e2e service subpkg * Feature-gate CSINode and CSIDriver informer starts * default back to original summary behavior due to prom version bump * Pin dependencies and update vendors * Resolve uncompatibility from update: etcd CAFile -> TrustedCAFIle * Replace github.com/coreos/etcd by go.etcd.io/etcd * Adding FQDN address type for EndpointSlice * kubeadm: remove commented test * drop CRD spec.scope default value in doc (#84271) * Autogenerated code * Cleanup explicitly registered functions * refactored completed metric test refactor for assert * Add strict deserialization for kubelet component config * Add event for pvc in case node expansion fails * Remove wrappers around storage-related listers in the predicate * modify detach timeout to be csiTimeout * tests: Adds guestbook app subcommand in agnhost * change kubelte nodeInfo to nodeLister * Improve iptables logging * Clarify startupProbe e2e tests * Fix service sanity check after jig.ChangeServiceType * Require exact match when calling Get method within fake clientset * Remove obsolete CSI RBAC roles * Avoid registering manual conversion twice * kubeadm: remove ObjectMeta from output.BootstrapTooken * Add XMapType to the extensions API * remove the extra space added * Fix base image discrepancy when building kubemark. * Add integration test for serving cert rotation * Dynamic serving certificate * Do not list apiextensions.k8s.io/v1beta1 in discovery when disabled * Prefer CRD v1 for internal clients * Feature-gate RuntimeClass informer starts * Feature-gate PDB informer starts * feat: remove WaitForCacheSync from scheduler factory * refactored counter_test to use assert statements and renamed variables for consistency * remove reference to promhttp in etcd-version-monitor * interpod affinity prioritize * Adding initial EndpointSlice metrics. * Move CheckLimitsForResolvConf to Kubelet#syncLoop * Update bazel * Use strict unmarshaling for metav1 fuzz targets * Move funcs of networking_utils to e2e network * Forbid label updates by nodes through pod/status * Move TranslateIPv4ToIPv6() to e2e scheduling test * Fix failing service test * Move CreatePodOrFail() * Add Scheduler validation check for redeclared plugin configs * Fix shellcheck failures SC2251 * Fix shellcheck failures SC2128 * Fix shellcheck failures SC2034 * move nodeinfo/snapshot.go into its own package * Bump shellcheck to v0.7.0 * Add an authn cache benchmark * add option to skip verifying kubelet certificates for logs * add cache read type prefix for const * switch system priority class to versioned (v1) api * Fix golint errors in pkg/apis/apps * wire up a means to dynamically reload ca bundles for kube-apiserver * Pod GC controller - use node lister * Allow pod-garbage-collector to get nodes * Make e2eservice.CheckAffinity wait longer, to avoid flakes * pkg/util/workqueue/delaying_queue: export contructor with custom clock * add dynamic cabundle from file * feat: graduate ScheduleDaemonSetPods to GA * Use v1 CRD deletion endpoints in e2e tests * Add permit_wait_duration_seconds metric for scheduler. * Fix timeouts for networking tests in large clusters * fixed node search starting point * support local volume block mode reconstruction * Addon Manager: Fix bug in generate_prune_whitelist_flags * Drop job from scale description * address some comments * Ignore staticcheck again for tableprinter.go * Updates module dependencies due to moving tabwriter.go * Updates file to reference cli-runtime printer package * Removes duplicate TabWriter. Several updates to reference the one remaining TabWriter in cli-runtime. * Moves tableprinter.go and tabwriter.go to cli-runtime/pkg/printers. Copies PrintOptions to cli-runtime/pkg/printers. * Register new explicit conversions * Autogenerated files * Explicit conversion generator * Create Slice string to bool pointer conversion * Create tags for explicit conversion * Increase ClaimProvisionTimeout to 7 minutes * Revert "move hostPID tests to common" * Adds test TestTemplateSuccess (from TestPrinters) * in pkg/controller/service rename service_controller.go to controller.go * fix golint errors in pkg/controller/service * separate listers into their own package * update getmetadata to use unsafe read * Use sigyaml for the metav1 fuzz targets * Move template printer error test to correct location template_test.go * Moves TestTemplatePanic to correct location of template_test.go * Moves TestTemplateStrings to correct location of template_test.go * add allowunsafe read * Update CHANGELOG-1.17.md for v1.17.0-alpha.3. * remove ipallocator in favor of k/utils net package * Comment out an e2eservice sanity check for now * Plumb dynamic SNI certificates * Add mtls support to add/remove-replica * BoundedFrequencyRunner: fix tests * Few improvements to cloud nat * Improve selector * Lower AWS DescribeVolume frequency * Fix volumeMode retrieval when BlockVolume feature is off * Fix startup probe test by checking updated values * feat: remove CheckNodeMemoryPressure/DiskPressure/PIDPressure/Condition predicates * Revert "Disable local block volume reconstruction test" * Upgrade all node pools for gke upgrade test. * set default value of KUBE_MASTER_URL to empty * etcd health check key should have proper prefix * Log the error even if closeFn crashes * Add fuzz targets for Duration, MicroTime, and Time * Extract PodPhase map outside Less func * rename metric for apiserver request terminations and reword corresponding documentation * Ensure script saves results even when tests fail * Add timeout info to kubectl drain logging * Issue 83458:Changed the return check for GetNodeInfo * filter plugin for cloud provider storage predicate * Fix sanity-checking of LoadBalancer services in e2eservice.TestJig * fix windows performance counter father information failed on Non-English environment * Add a metric to track number of scheduler prioritizing goroutines * Add a metric to track number of scheduler binding goroutines * Return an error when zone info is not found. * Fix typo in k8s.io/client-go/tools/cache/index.go * Add an event to pvc when node expand successfully * Stop register to prom registry from legacyregistry * deployment: Ignore namespace termination errors when creating replicasets * job: Ignore namespace termination errors when creating pods or jobs * daemonset: Ignore namespace termination errors when creating pods * replicaset: Ignore namespace termination errors when creating pods * serviceaccount: If namespace is terminating, ignore create errors * endpoints: If namespace is terminating, drop item immediately * namespace: Provide a special status cause when a namespace is terminating * Push context up to cloud node controller. * rename FilterPlugin NodeResources * storage: Deleting a namespace while spec.finalizers pending should not error * Traverse OwnerReference maps more efficiently * kubelet: Record preemptions similarly to evictions * Close the file after reading in verifydependencies#main * remove unused meta and rename lablance_allocated * LeastRequestedPriority/MostRequestedPriority/BalancedResourceAllocation as Score plugins * feat: remove FakePDBLister * feat: implement node unschedulable as a filter plugin * feat(scheduler): replace several algorithm listers with client listers * Refactor scheduler's framework permit API * Remove CSINode from scheduler cache. * feat: update taint nodes by condition to GA * remove hostnetwork from hostpath csi manifest * Clarify the role for SupportedSizeRange * migrate EvenPodsSpread Predicate to Filter plugin * Use --stamp flag in bazel builds * Add note about addon-manager image location * Update to use go1.12.12 * Move LaunchHostExecPod() to e2e network * create an ordered list of nodes instead of iterating over the tree * Use frameworkHandle to get listers * Added go-fuzz target for json serializer Encode/Decode. * Update glbc.manifest to v1.6.1 * Add Namespace to e2eservice.TestJig, make all methods use jig namespace and name * Make e2eservice.TestJig methods return errors rather than failing * Call jig.SanityCheckService automatically after changes * Create benchmarks for ToUnstructured/FromUnstructured. * [migration phase 1] MatchInterPodAffinity as filter plugin * Bugfix kube-proxy README file to list ipvs modules * Convert error messages to use event recorder remove mix protocol validation remove check nil * Clean-up and additional test cases for socket-mask unit test. * feat: several cleanups in the scheduling package * Remove an unneccessary e2eservice.TestJig method * kubectl drain: avoid leaking goroutines * remove usage of the test/test_owners.* files * Use single kms-plugin mock in unit and integration tests. * Relocate tableprinter tests (#84027) * Prefer to delete doubled-up pods of a ReplicaSet * TestGetPodsToDelete: Use field names in test cases * Fix indent in cherry_pick_pull script * GeneralPredicate as plugin config * cleanup unnecessary func parameters in genericScheduler methods * [migration phase 1] CSIMaxVolumeLimitChecker as filter plugin * Plumb dynamic serving certificates * Check PV volumeMode in kubelet even when block feature is off * Tweak use of caching objects * Do not bind block PV/PVCs when block feature gate is off * Prune inactive owners from cmd/kube-controller-manager/OWNERS. * Update Cluster Autoscaler version to 1.16.2 * feat(scheduler): implement node affinity as score plugin * Ensure TaintBasedEviction int test not rely on TaintNodeByConditions * optimize comments on exported constants (#83875) * Add kubectlPath flag to e2e_node.test * make sure filters are executed when no predicates configured * feat(scheduler): use context in the scheduler package * Move CreateNginxPod() to specific e2e * add myself to typecheck / go-srcimporter owners, move rmmh to emeritus * Update release notes for 1.14.8 to reflect AWS bugfix * Fix AWS block volume reconstruction to be like file * Add incoming pod metrics to scheduler queue. * Revert "kubeadm: enable kubelet certificate rotation on primary CP nodes" * wire dynamic tlsconfig up to apiserver * set backup value to ensure connections against kubelets eventually close * choose a more unique request timeout default * Flush data cache during unmount device for GCE-PD in Windows * add insecurebackendproxy * stop removing cni directories as they aren't installed by kubeadm * kubeadm: enhance certs check-expiration to show the expiration info of related CAs * Change node name to env value of HOSTNAME_OVERRIDE * Bump default NodeStatusReportFrequency to 5m * fix errors * Traverse resources before giving no name error * move service helpers to k8s.io/cloud-provider * e2e: remove duplicatd test suites * tests: Extends agnhost netexec udp buffers * Swtich nodelifecyclecontroller to coordination/v1 * Autogenerated * Promote WatchBookmarks feature to GA * Cleanup printer test package. * Removes unnecessary/irrelevant tests * Adds missing tests. * Updates tests to expect metav1.TableRows instead of string, since this is what the "print" functions return. * Moves tangential tests into another file. * add fuzzing targets for sig-yaml and yaml.v2 * Amend CHANGELOG-1.16.md for v1.16.2 * Reworking kube-proxy to only compute endpointChanges on apply. * Updated COS version to M77 * Fix proto.Merge of IntOrString type * Update CHANGELOG-1.16.md for v1.16.2. * Bump bbolt to v1.3.3 * Remove update-storage-objects.sh * framework: Fix a goroutine leak bug in resource_usage_gatherer.go * Update CHANGELOG-1.15.md for v1.15.5. * Update CHANGELOG-1.13.md for v1.13.12. * Update CHANGELOG-1.14.md for v1.14.8. * fix string trim func isBackendPoolOnSameLB in azure * add tombstoones handle for pdb * fix account key getting logic in azure * kubeadm: use strings in TestTokenOutput * Fix memory and timer leak in work queue * Add crictl windows binaries to workspace * Disable local block volume reconstruction test * Rename dashboard-controller.yaml to dashboard-deployment.yaml * Update CHANGELOG-1.17.md for v1.17.0-alpha.2. * fix: scheduler perf test with pod informer * This adds context from for cloud calls for Kubelet. * fix kubectl delete semantic error * remove duplicate function * Add metrics for scheduler framework. * release: lib: revert docker_registry to constant k8s.gcr.io * Hash keys used in cached token authenticator * move scheduler cache ListNodes interface to snapshot * Remove check causing informers to miss notifications * Update Calico to v3.8.3 * Removes pkg/registry/core/secret/storage from golint failures * Support dynamically set log level for kube-scheduler * bump metrics server version o v0.3.6 * Adds --prefix flag to the kubectl log command * feat(scheduler): implement NodePreferAvoidPods as score plugin * enabling fluentd on kubemark * modify error output in cniNetworkPlugin * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh - Update vendor by hack/update-vendor.sh * Remove direct reference to prometheus from apiserver/pkg/storage/value. * Add information from Lease to kubectl describe node * using pod pointers in node lifecycle controller * fix bug of kubelet flag * Upgrade to etcd server 3.3.17 * [migration phase 1] VolumeZoneChecker as filter plugin * Check error return from snapshot Restore * Add warning when --certificate-key is set and --control-plane is not. * Prune inactive owners from cloud-provider related OWNERS files. * Prune inactive owners from api-approver owned OWNERS files. * Prune inactive owners from autoscaling related OWNERS files. * Prune inactive owners from pkg/credentialprovider/* OWNERS files. * Prune inactive owners from pkg/kubelet/* network related OWNERS files. * Prune inactive owners from pkg/controller/* network related OWNERS files. * Prune inactive owners from pkg/* misc api-machinery related OWNERS files. * Prune inactive owners from pkg/volume/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/apiserver/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/client-go/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/sample-controller/OWNERS. * Prune inactive owners from test/e2e/framework/providers/vsphere/OWNERS. * Remove direct references to prometheus from transformation_testcase.go * feat: implement imagelocality as a score plugin * [migration phase 1] PodFitsHostPorts as filter plugin * [migration phase 1] PodFitsResources as framework plugin * move factory package to scheduler * Prune inactive members from cluster/* OWNERS files. * update staticcheck_failures * test/e2e: move GKE/GCE tests from /lifecycle to /cloud/gcp * test/test_owners.csv: remove sig-cluster-lifecycle ownership * Replaced sortable list with native golang slice. * Prune inactive members from OWNERS_ALIASES. * Add CHANGELOG-1.17.md to CHANGELOG.md * clean up for component-base/metrics * [migration phase 1] PodMatchNodeSelector/NodAffinity as filter plugin * fix inconsistent comment in device plugin api * fix staticcheck in test/e2e/common directory * Rename e2e framework functions used locally * Remove test_verify from e2e framework package * [migration phase 1] NoDiskConflict as filter plugin * Move Initialized() to e2e framework util * Rename Generate[Read|Write]FileCmd()s * Move jbeda to emeritus status. * Amending the GMSA e2e test to allow it to run against Windows-only clusters * move PodPreemptor to scheduler * generated * Upgrade to etcd 3.3.17 * Fix crash in kubectl drain * Isolate the logic related to the configuration of kube-apiserver into a separate script. * Fix package name of psp on e2e framework * Mark 'wait until preStop hook completes the process' flaky * apiextensions: npe panic in structural schema unfold * add the ability for dynamic header names in delegated authentication * feat(scheduler): expand node score range to [0, 100] * bump k8s.io/utils to pickup bug fix for rangesize * Address staticcheck failures for test/e2e/lifecycle/bootstrap * Add RainbowMango to sig instrumentation reviewers * [migration phase 1] Implement CheckVolumeBinding as a filter plugin * Improve IPVS Module loader logic * adding support for kubemark --node-labels flag * [migration phase 1] PodFitsHost as filter plugin * fixing sed separator * Revert #83735: Update etcd client to 3.3.16 * chore(*): update election example (#82821) * Fixed bug in TopologyManager with SingleNUMANode Policy * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Introduce promhttp.HandlerFor to metrics stability framework * Add more tracing steps in generic_scheduler * feat(scheduler): expose SharedInformerFactory to the framework handle * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Refactor UT with testutil from k/k. * kubelet e2e: run resource monitor only if the actual number of nodes is * e2e test for dualstack phase2 * Implemented taints and tolerations priority function as a Score plugin * Improve 'No resource limits' message * kubeadm: add warning about 'upgrade apply/plan --config' * Add per-pod metrics for scheduler. * Audit of test/* OWNERS files * made scheduler cache and volume binder available when instantiating factories for default plugins * Gofmt. * Topology manager aligns pods of all QoS classes. * Add sig-node-approvers alias * Improve efficiency of csiMountMgr.GetAttributes * Validation: len is measured in bytes * fix static check failures * Update etcd client to 3.3.16 * feat(apiserver): add user-agent and remote info into trace log for endpoints handlers. * Validate AgnhostPod readyness status in e2e tests * Introduce sig-instrumentation aliases in OWNERS_ALISES and simplify OWNERS files * Optimize NegotiateMediaTypeOptions * Update munnerz/goautoneg dependency * kubeadm: remove OutputFlagSpecified from PrintFlags * Promote VolumeSubpathEnvExpansion feature gate to GA * Remove e2e/common package usage in volumemode testsuite * Use latest node-cache version with stubdomain fix. * remove direct references to prometheus/testutil from kubelet/metrics * eliminate direct references to prometheus * Introduce CollectAndCompare to testutils * fix unsafe JSON construction * Fixed bug in TopologyManager with SingleNUMANode Policy * Use log functions of core framework on test/e2e/storage/testsuites/topology.go * feat: feat: change the `pod_preemption_victims` to Histogram * Drop framework.GetReadySchedulableNodesOrDie * Switch admission webhook config manager to v1 * remove the no-op plugin that we used as an example plugin in default registry * Address `staticcheck` failures for `test/e2e/node/...` * Update test/e2e/storage for new GetReadySchedulableNodes stuff * feat: add pod initial/max backoff duration to config API * More work on shuffle sharding utils * Add shuffle sharding utils and tests * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Refactor TestRunningPodAndContainerCount with metrics testutil * tag test that taints a node as disruptive * pluralize error metric name * Add RepairVolumeHandle to the csi translation struct * increase auth cache size * Don't log about deleting non-existent affinity entries in userspace OnEndpointsAdd * Addressed comments * CHANGELOG-1.16.md: add note about etcd client bug with IPv6 addresses * pkg/apis/policy: Fix "informatio" -> "information" comment typo * Remove unused method reciever for CSITranslator * Add podCgroup to process kill events to allow for correlation * Use consistent short name for receivers * Added alejandrox1 as test/* reviewer * move util/metrics to component-base * Deal with auto-generated files. Update bazel by hack/update-bazel.sh; Update vendor by hack/update-vendor.sh; * Refactor metrics test from kube-schedule queue. * cmd: fix spelling mistake * Added PredicateMetadata and PriorityMetadata as CycleState to the framework * feat(scheduler): create metadata and addPod/removePod for migration * Making iptables probability more granular in kube-proxy. * Log error from AddIndexers in NewAttachDetachController * Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin. * Up minimum go version to 1.12.4 * Remove the assumption of pod cidr of /24 in the gce window node start up script. * Add unit test for function getSizeRangesIntersection * feat(e2e): refactor hard-coded provision size * Add a new --sort-by flag to kubectl api-resources command * Add known issue to release notes for 1.14.7 * Expose Shutdown func for EventBroadcaster * kubeadm: delete boostrap-kubelet.conf after TLS bootstrap on init * kubeadm: add means to create Node objects via the API client * Mark startupProbe test as NodeAlphaFeature and fix podClient instanciation * Fix attachment of just detached AWS volumes * kubeadm: write boostrap-kubelet.conf during init * Complete output of docker info * typos in old changelogs releases * fix generated-kubelet-plugin-registration * Initial deprecation of kubeadm v1beta1 apis * fix gofmt and golint failures * run hack/update-vendor.sh * Verify metadata schema when decoding unstructured objects in resource builder * update bazel BUILD files * Move pkg/kubelet/pluginregistration and deviceplugin * Show the complete docker info command * Overriding CA file should override skip TLS and CA data * remove the repeat word in documents * Remove stale comment about resyncPeriod * tests: Simplifies image pulling tests * update internal error message * Log the error return from store.Delete * feat(scheduler): expose kubernetes client in framework handle * cleanup v1 event expansion. * Refactored e2e-test-framework util.go * kubeadm: renew certificates on "upgrade node" by default * kubeadm: use CertificateRenewal constant for "upgrade apply" * fix golint errors for pkg/master, together with cheftako * Added the first predicate as a filter plugin: PodToleratesNodeTaints. * Bump dependency github.com/godbus/dbus@v19 (2ff6f7ffd60f) * Bump dependency github.com/coreos/go-systemd@v19 (95778df) * Rename cgroupsystemd.Manager to LegacyManager * Bump dependency syndtr/gocapability@v0.0.0-20180916011248-d98352740cb2 * Bump dependency opencontainers/selinux@v1.3.1-0.20190929122143-5215b1806f52 * Bump dependency github.com/mrunalp/fileutils@7d4729fb36185a7c1719923406c9d40e54fb93c7 * Bump dependency opencontainers/runc@v1.0.0-rc9 * add mtaufen to cluster/gce owners * Requesting Review/Approve privileges for cluster/OWNERS * Move heap into its own internal package * Modified the name of the Extensions method in the scheduler's framework. * vendor: update gomega to v1.7.0 * Fix kube-proxy healthz server for proxier sync loop changes * Add jpbetz as reviewer of api-machinery code * Move privilege e2e test to common * Cleanup reflection usage in framework creation * Fix `test/integration/kubelet` staticcheck failures * remove Get/Set node condition dependency for the ccm controllers * Better distinguish the two kinds of proxy health check servers * refactor tlsConfig creation for secure serving * Reconstruct block PV name in all volume plugins * Fix volume map path during reconstruction * eliminate direct references to prometheus * Test global block directory in reconstruction tests * Return proper error message when BindPodVolumes fails * don't add extra variable for searches * improve explanatory comment about trailing dots in searches * feat(scheduler): scale the extender output in generic scheduler * feat(scheduler): rename PluginContext to CycleState * Allow users to use custom tags * nodeipam-controller:fix static check failures * 127.0.0.1-as-advertise-address * pkg/util/iptables: add Dan Winship to OWNERS * Cap the number of managedFields entries for updates at 10 * Refactor fieldmanager to be more modular * Add klueska as reviewer for CPUManager and devicemanager * Dedupe logging for PD SetUpAt and added a slow SetVolumeOwnership warning * check that N job pods succceeded instead of exactly N pods existing and succeeding * Remove hyperkube from release artifacts * Refactor scheduler.New so that all framework-related parameters are passed as options * Avoid unnecessary identifier computations * Cache encoder for auditlog backend * Clean up TODOs * Remove Prometheus addon and it's tests * Test token output * kubeadm token list: implement structured output * Add internal kubeadm output API * Ability to set up additional, bigger nodes during tests * create new api group output.kubeadm.k8s.io * Reset default namespace deletion timeout to 5 minutes * feat(scheduler): use reflect to reduce the similar pattern * Limit YAML/JSON decode size * Add CHANGELOG-1.17.md for v1.17.0-alpha.1. * Fix double counting issue for request metrics on timeout. * move PodConditionUpdater to scheduler * Update CHANGELOG-1.16.md for v1.16.1. * move hostPID tests to common * Check the return value from store.Update * bump gopkg.in/yaml.v2 v2.2.4 * Remove block volume capability from GCE PD CSI Driver because not supported in v0.5.2 * iptables.Monitor: don't be fooled by "could not get lock" errors * fix metrics-server rbac * Bump version of event-exporter and prometheus-to-sd. * adding pods to MarkPodsNotReady parameters * adding pods to DeletePods parameters * make test pass * Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" * feat(scheduler): remove MaxPriority in the scheduler api * kubectl: remove usage info from bad flag error msg * IP validates if a string is a valid IP address * Fix typo in docstring of DeepEqual * Bump nfs provisioner version to v2.2.2 * Use same 'minimum resource version' semantics both when watch cache is enabled and disabled * Run block tests for gce-pd csi driver. Improve skip block test function name * Revert "Bugfix: remove PV dir when umount raw block device" * Fix sig-node test by adding back the numNodes * bazel update * e2e log: move back to framework, part II * .github: add guineveresaenger and mrbobbytables as reviewers * e2e log: Ginkgo 1.10.1 fixes stack skip * e2e log: consistent logging of stack backtrace and failure, part II * e2e log: skip log.Failf in stack information * e2e log: fix full stacktrace with Ginkgo 1.10.0 * kubeadm: add test to detect panics when given certain feature gates * Add link to release notes documentation to PR template * Clean up sig-auth OWNERS_ALIASES * Check whether mirror pod is ciritical in managerImpl#evictPod * remove redundant quota.V1Equals * bazel and codegen files * refactor scheduler extender related API * Don't leak a go routine on panic * Switch from admission-control flag to enable-admission-plugins * A consistent interface for plugin extended functionality * add ability to authenticators for dynamic update of certs * Fix staticcheck failures in `test/utils/...` * add ability to pre-configure poststarthooks for apiservers * fix wrong test in generic-resources.sh * generated * explain lack of finalizer ordering in godoc * Update symlink warning * Use pod + nsenter instead of SSH in mount propagation tests * 1.18 entry in etcd map * Fix shellcheck failures in cluster/validate-cluster.sh * Creating function for preflight check. * Allow ipv6 urls in GetPortURL() * Change XPN firewall change message, should be required by security admin. * Convert predicates/priorities configurations to a framework plugin configs. * custom retry strategy in GenericWebhook * Remove deprecated scalability tests * Merge attach and detach common func * bump versions for v1.17 cycle * adding fakeGetPodsAssignedToNode * Cache serializations * CachingObject * scheduler: make getVolumeLimits a function instead of a method * Implement support for CacheableObject * Fix transformObject to work with CacheableObject. * CacheableObject test * Implement Encoder.Identifier() method * Add Identifier method to GroupVersioner interface * Extend interfaces to support CacheableObject * e2e: on aws, tag volumes we want the cluster to mount * Add bazel by hack/update-bazel.sh * Introduce testutil package to support metrics testing. * complete pkg/scheduler/util unit tests * Only kill process where killing failed during previous iterations * Fix host reuse for e2e tests * Update bazel by hack/update-bazel.sh * Migrate etcd version monitor to metrics stability framework * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus * Update bazel and vendor by hack/update-bazel.sh and hack/update-vendor.sh * scheduler: code clean up for predicates/metadata * Remove direct reference to Prometheus. * Removal of kubernetes error dependancies * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus from openstack * Fix dynamic kubelet config init order * Delegate topology hint gen to CPU manager policy * Update e2e testing nodePort service listening on same port but different protocols * Add nil checks for Azure CSI translation * Use imageutils instead of hardcoded image paths * Refactor CSI Translation Library into a struct that is injected into various components to simplify unit testing in future * test/e2e: Delete test namespaces asynchronously * Upgrade Calico to 3.8.2 * E2E: Add missing Bootstrap() call * Deflake TestWatchBasedManager * Fix golint issues in pkg/util/env * Fix help text in kubectl top -h * scheduler: handle error of podSpreadCache.removePod method * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus.Label for vsphere * Update bazel by hack/update-bazel.sh * Remove direct reference to prometheus.Label for scheduler * replace bytes.Compare() with bytes.Equal() * Cleaned up skip* functions from framework/util.go * Fix aggressive VM calls for Azure VMSS * Address PR comment * Update service controller to prevent orphaned public IP addresses * Use log functions of core framework on [r-u] * using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env * add a known issue in 1.16 for kube-scheduler * Enable strict serializer with codec factory * using online instead to fix kubelet service failed with wrong number of possible NUMA nodes * Improve error message for projected tokens when API is not enabled * add test to show generic pod count counts all pods * Bugfix: remove PV dir when umount raw block device * migrate leader election to lease API * add comment explaining why we remove trailing dots in searches * Bump addon-resizer to 1.8.6 * Remove direct reference to prometheus.Label from metrics API. * use log functions of core framework * feat(scheduler): consolidate ScoreWithNormalizePlugin into ScorePlugin * A mapping from predicates/priorities to pluing configuration. * Only detecting stale connections for UDP ports in kube-proxy. * Update to use go1.12.10 * Prune should respect namespace * Update crictl to v1.16.1. * Apply current parses the yaml object 3 times * Add tests and benchmarks for endpoints and node * Fix golint errors in pkg/apis/core (#82919) * Properly close the file in makeFile * Fix typo * using short flags instead with validate * kubeadm: update OWNERS for 1.16 * bump k8s.io/utils to pickup ipallocator changes * Optimize GetControllerOf method * Use pod + nsenter instead of SSH in block volume tests * Adding lifecycle to RC, RCSet, Deployment, and Job testutils * Modify test so that +genclient:nonNamespaced tag is exercised * Corrected the pod reporting and messages * fix cpumanager reconcileState without sourceready * Plumb context to webhook calls * Propagate context to ExponentialBackoff * Fix a new staticcheck issue. vendor/k8s.io/apiextensions-apiserver/pkg/controller/finalizer/crd_finalizer.go:167:2: this value of crd is never used (SA4006) * Fix staticcheck issues: Dealing with unused functions/variables/types. (staticcheck U1000) Dealing with value never used issue. (staticcheck SA4006) Dealing with concurrency issue. (staticcheck SA2002 SA4010) Remove packages from staticcheck failure files: apiextensions-apiserver * fix default daemonset update strategy * Remove unnecessary sorting for highestSupportedVersion * Fixing EndpointSlice kubectl output * Allow disruptive conformance tests and marks 2 * Adding owners for EndpointSlice controller * Remove unnecessary traversal of pod.Status.Conditions * Stop building the kubernetes-test mondo tarball * Add e2enode.GetRandomReadySchedulableNode, replace some uses of framework.GetReadySchedulableNodesOrDie * Add e2enode.GetBoundedReadySchedulableNodes, replace some uses of framework.GetReadySchedulableNodesOrDie * Fix up e2enode.GetReadySchedulableNodes, replace many uses of framework.GetReadySchedulableNodesOrDie * An interface that allows pre-filter plugins to update their pre-calculated. * Move GetPodPriority from /scheduler/util to /api/pod * Propagate context to Authorize() calls * Add context-propagating CreateContext methods to *Review clients * Run hack/update-bazel.sh * Add support for type checking Unstructured via GVK in reflector * remove trailing dots from the parsed searches from host resolv.conf * Fix bug The statefulset have duplicate revision after resource was updated * fix Security Context should run with an image specified user ID * to use existing validating function * Update bazel by hack/update-bazel.sh Update vendor by hack/update-vendor.sh * Migrate prometheus bucket functionality to metrics stability framework. * Migrate stability level handle functionality overall metrics package * Handle metrics.StabilityLevel default value better. Provide a method setDefault() to StabilityLevel type. Update bazel by hack/update-bazel.sh * Updating EndpointSliceCache sort function to be significantly faster. * Use ipv4 in wincat port forward * Rename package socketmask to bitmask. * auth/cloud-platform is a superset of devstorage. * Fix staticcheck failures for scheduler packages * Fix staticcheck failures for pkg/scheduler/... * Fix the cluster role for typha horizontal scaler. * Updated ContextData and PluginContext with Clone methods. * Copy PrettyPrintJSON to core framework * Add strict serializer to codec factory in kube-proxy * Add KUBE_COVER_REPORT_DIR to specify coverage output dir. * make namespace-lifecycle controller more responsive * Update go mod hcsshim version to fix the kube-proxy issue cannot access service by self nodeip:port on windows * Add known issue for informer-gen for packages with dots * use vmss instance view expansion and azure-sdk v33.1.0 * Update codegen violation rules * Update generated code * Add example3.io:v1 to update-codegen.sh * Add example3.io * Revert "Updated COS version to M77" * Wrap promethues.Labels to stability framework. * fix: remove reportingInstance field in eventKey. * informer-gen: allow package names containing dots * fix docker_build_opts bound variable * Bump metrics-server version to v0.3.5 * Bump k8s.io/klog to v1.0.0 * Use log functions of core framework on test/e2e/upgrades This makes sub packages of e2e test upgrades to use log functions of core framework instead for avoiding circular dependencies. * Use log functions of core framework on test/e2e/autoscaling This makes sub packages of e2e test autoscaling to use log functions of core framework instead for avoiding circular dependencies. * hack/local-up-cluster.sh: ability to configure auth webhooks * using echo to print args * clean up code for scheduler * cleanup unused function * Fix EndpointSliceController service deletion processing * Remove unused func GetPersistentVolumeClaimVolumeMode * Minor cleanup of jsonFallbackEncoder * feat: bump github.com/prometheus/procfs to v0.0.2 * feat: bump github.com/prometheus/client_model to v0.0.0-20190129233127-fd36f4220a90 * feat: bump github.com/beorn7/perks to v1.0.0 * feat: bump github.com/prometheus/client_golang to v0.9.4 * feat: bump github.com/prometheus/common to v0.4.1 * Remove unreachable error check in RBDUtil#cleanOldRBDFile * Offical kubernetes dashboard should schedule to linux node * Come out of loop when RPC_STAGE_UNSTAGE_VOLUME is found * Fix golint failures of pkg/kubelet/status/... * Check error return from WaitForCacheSync * Bind kube-proxy containers to linux nodes to avoid Windows scheduling * fix(pkg): delete unused var or const * Remove some unused codes in stateful_set_utils.go * storage E2E: test drivers must have DNS-1123 names * use scheduler.Option in initTestSchedulerWithOptions * use scheduler.New in createConfiguratorArgsWithPodInformer * change compatibility_test struct, remove ExpectedPolicy * validate scheduler policy instead of the decoded policy in compatibility_test * remove factory.NewConfigFactory in compatibility test * Rename testCleanup to driverCleanup * add topology e2es to storage testsuite * Fix kubectl panic when handling invalid error. * Replace hyperkube with apiserver for binary path guess * docs: add comments for action. * fix map assignment to entry in nil map,when use --feature-gates in kubeadm * Register DeleteOptions conversion functions * Minor apis/meta cleanup * simplify regexp with raw string * Use framework.ExpectNotEqual() * fix(test): delete unused unused var or const * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Move PodPriorityResolution e2e to integration * WithAuthentication should wrap WithMaxInFlightLimit * Improve fieldmanager tests and benchmarks * Allow relaxing deleted pods checking in RC runner * Refactor the scheduler's configuration logic. * Defer the removal of labelAlphaNodeRoleExcludeBalancer to 1.18 * Fixed a scheduler panic on PodAffinity * Benchmark test for PodAffinity * TokenCleaner#evalSecret should enqueue the key * Update 1.16 CHANGELOG with introduction of feature EvenPodsSpread * eviction processing refactor * fix cni timeout * Clean up redundant post-finalizer deletions * Add a couple simple conversions * replaced logs in validators to be warnings * Fix pre pull of images in DiskPressure tests * delete unused var * Fix closing of dirs in doSafeMakeDir * Remove redundant setting. * Fix wrong comments and inaccurate logs in endpointslice_controller * Add .bazelversion file * Fix typo in v1.16 CHANGELOG * cleanup test code in upgrades and autoscaling pkg * Break out of loop when NodeHostName is found * Modified the Filter interface to pass in nodeinfo instead of node name. * exclude kms provider from health check * Convert tbe e2e to integration test * Drop v1.14.0 API test data * Add v1.16.0 API compatibility data * Update CHANGELOG-1.14.md for v1.14.7. * Update CHANGELOG-1.15.md for v1.15.4. * fix shellcheck in cluster/gce/config-common.sh * Update CHANGELOG-1.13.md for v1.13.11. * Update CHANGELOG-1.16.md for v1.16.0. * Do not query the cloud if PV has all the labels * Refactor and clean up e2e framework utils. This patch handles test/e2e/framework/pv_util.go file * fix rbd info when return warning information * Add version logging to kubemark * Return error when failed to get storage class * uses the API instead to fixemptyDir volumes pod should support shared volumes between containers * fix kubectl run --generator=xxx bug * Add metrics of authentication overall latency. Add alpha tags to authentication_attempts explicitly. * Fix static failure for package: staging/src/k8s.io/code-generator * Fix reinvokation test flake by isolating webhooks and markers * Bump github.com/heketi/heketi to c2e2a4ab7ab9 * Fix Errorf arguments in tests * dump namespace object in e2e when it doesn't get deleted * Support kube-dns stubDomains in nodelocaldns * Consolidate UID and GID * Only set ipv4/ipv6 routes when there is corresponding CIDR. * Correct the error variable for releasing CIDR * Compact memory before requesting huge pages * Add iptables.Monitor, use it from kubelet and kube-proxy * remove unused variables in scheduler api types * Move flag parse to main func from init() * autogenerated * IntOrString conversions * Remove unneded/bad conversion * fix compiling failure: execvp: /bin/bash: Argument list too long * update process name to fix pod infra containers oom-score-adj should be -998 and best effort container's should be 1000 * feat(scheduler): use api server to watch scheduled pods * fix error package name and rename struct * remove pkg/version and some of redundant copies of it * Updated COS version to M77 * Allow upgrade test to run on all cloudproviders * Metrics for ratelimited count * fix auth import statement * validations: for negative PVC storage size don't report "must be >= 0" * reference cherry pick process in hack script * kubeadm --service-cluster-ip-range supports a comma seperated list of service subnets. * Adjust nginx lb timeout in tests * fix static check failures in staging pkg * rm unnecessary return * Update bazel by hack/update-bazel.sh * optimize gc_controller.gcTerminated * del unuse var in pkg/controller * Migrate prometheus bucket functionality to metrics stability framework. * Migrate prometheus bucket functionality to metrics stability framework. * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to metrics stability framework. * local-up-cluster kube-proxy terminated error * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to metrics stability framework. * Check the length of recorder.invocations * Drop iptables firewalld monitoring support * e2e: test that both kube-proxy and kubelet recover after iptables flush * use log funcs of core framework in the auth, kubectl and windows pkg * replace with * add-err-handling-in-images/etcd/migrate * use log func in test/e2e/apimachinery * add or fix some errors return statements and ineffassign * expose and use an AddHealthChecks method directly on config * skip e2e tests that run on multi node cluster and require node independent volume for the drivers that does not support node independent volumes, like hostpath * Fixes static check failures in test/e2e_node/* * Updates to resolve shellcheck issues Removed hack/lib/test.sh from /hack/shellcheck_failures Removed and }s to satisfy shellcheck SC2004 Added double quotes to satisfy shellcheck SC2086 Converted array reference to access all elements to satisfy shellcheck SC2128 Updates to satisfy shellcheck SC2143 Updates to satisfy shellcheck SC2178 & SC2124 Updates to satisfy shellcheck SC2128 Updates to satisfy shellcheck SC2207 * Allow v1 review versions in 1.17+ * Added a noop plugin to make sure we have the dependencies worked out for the default registry of the scheduler framework. * Update CHANGELOG-1.16.md for v1.16.0-rc.2. * Verify the response audience matches one of apiAuds * Fixed an issue where duplicate containerPorts where not allowed across different address families * use log func in test/e2e/network * apiextensions: add integration test for not publishing non-structural CRDs * Fix TestBlockMapperMapDeviceNotSupportAttach informer sync race * Update golang scientific notation using hack/update-gofmt.sh * fix kubelet status http calls with truncation * Split fieldmanager with interface * Support running custom nodelocaldns yaml in gce. * Only publish openapi for structural schemas * Promote lease API test to Conformance * Omit openapi properties if spec.preserveUnknownFields=true * Ensure conversions are registered for metainternalversion codecs * migrate scheduler api types to sized integers * replace 200 with http.StatusOK * fix: azure disk detach failure if node not exists * kubeadm: preserve order of user specified apiserver authorization-mode * adding lock to node data map * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to kube-metrics. * Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs. * Fix iptables version detection code to handle RHEL 7 correctly * Always set content-type & nosniff * Add note on the role of BenchmarkSimpleCache * Refactor FieldManager tests to make them simpler * Replacing deprecated seccomp. * Adding recommendations from tallclair. * Fix identation issue. * Update .in and .sed files. * Harden kube-dns to run with less privileges. * Add johnbelamaric as conformance approver * Fix ipv6 ip allocation method for standard lb * Make API constants constant * Scheduler PreBind plugins are currently allowed to return Unschedulable status, which should not according to the KEP and comments. * Check the error return from AddPlugin * Propagate and honor http.ErrAbortHandler * Break out of the loop when active endpoint is found * Add wrapper to metrics stability framework for prometheus buckets functionality * Add unit test for RS to correctly handle expectations on recreate * Exec probes should not be unbounded * Add 16MB limit to dockershim ExecSync * Add LimitWriter util * Fix EvaluatedNodes in ScheduleResult * Expose etcd metric port in tests * MOD:fix spelling errors * MOD:fix spelling errors * need to use local variable so that pluginNameToConfig map can keep correct contents * Remove duplicate logging * test: add cases to test that no images present on node or kubelet's NodeStatusMaxImages flag is set to 0. * Added OWNERS file for Topology Manager * Modify the log of kube-proxy * change envelope transformer to return status error for better monitoring * Regenerate specs * Remove alpha status from ManagedFields * dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode * Update CHANGELOG-1.16.md for v1.16.0-rc.1. * adding yastij as a reviewer for the runtimeclass admission controller * add apigroup to the data source when using kubectl describe pvc * 'imagetag' -> 'image' in edit set command examples * Log all executed iscsiadm commands * test: fix liveness pod * fix: handling unpadded base64 encoded docker auth field * add line break in kubeadm upgrade logging message * remove packages in hack/.staticcheck_failures which are passing staticcheck * Fix typos in KeyUsage constant names * Continue with remaining volumeAttached's in VerifyVolumesAreAttached * Remove me from OWNERS for GCI * Avoid encoding from competing goroutines * Nominate alculquicondor to scheduler reviewers * Generated files * Export UserInfo conversion, use authnv1.UserInfo in audit * log-dump: make logging clearer * remove packages in hack/.staticcheck_failures which are passing staticcheck * fix some ineffassigns * e2e_kubeadm: fix command flags description * tests: Replaces Redis image with Agnhost * endpoints: fix admission test types * fix some missing errors return statements * fix ineffassign * kubelet: refactor server containerLogs test to table driven test * feat: remove EnableAggregatedDiscoveryTimeout feature gate * feat: remove GCERegionalPersistentDisk feature gate * feat: remove PersistentLocalVolumes feature gates * Return proper Kind in error for Cacher * Update comment for syncHandler * Fix licenses * Match label and fields selectors in ComponentStatus List API * init check for cloud node controller * Check cache is synced first before sleeping * Handle pod addition / removal errors * fix indentation with 'kubectl describe node' * Encryption config: correctly handle overlapping providers * Added alejandrox1 as test/e2e/framework reviewer * squash: reaction to comments * add conditions for remaining object totals during ns termination * Create LoadBalancer in nginx ingress tests * kubeadm: code clean up * Clarify retry.RetryOnConflict docs * Restore retry.RetryOnConflict docs, fix up retry.OnError docs/naming * Fix reviewer typo. * use log functions of core framework in the 'test/e2e/storage/*' * fix a typo in cmd/kube-apiserver. * Promote PQDN for services DNS e2e to Conformance * Move from regexp to csv string * clean up test code * inline e2eservice.CreatePausePodDeployment into tests * Move a bunch of totally non-jiggy code out of e2eservice.TestJig * Enable block tests for Cinder * update spelling mistakes * Add e2e test for kubectl describe cronjob * Remove dead code used only in tests * fix(scheduler): remove the defer function cost * refactor: replace all calls to os.Exit() / CheckErr(). * Avoid conflicting log message when AddPodToVolume encounters error * Add comment for testing 100+ CPU usage * Bump gonvml module and remove CGO dependency. * test: fix azure disk test failure * Cleanup staticcheck from staging/src/k8s.io/client-go/tools/cache. * test: fix azure disk e2e test failure * Repaire incorrect ip version event * Remove unused func IsProxyLocked * Add unit test for DisruptionController retry logic * pkg/kubelet: fix uint64 overflow when elapsed UsageCoreNanoSeconds exceeds 18446744073 * add identification for particular certificate controllers * fix regex for go file, make it more accurate * replace time.Now().Sub with time.Since * openstack: do not delete LB in case of security group reconciliation errors * Update security contacts for kubectl * fix shellcheck failure in gci/flexvolume_node_setup.sh * volume scheduling: move metrics code into a separate pkg * Don't require any resources in race test * Mark Ceph tests as serial * hack/boilerplate/bolierplate.py: format python file according to PEP8 guidelines * fix shellcheck failures of cluster/addons/addon-manager/kube-addons.sh * fix golint failures of pkg/kubelet * e2e test: Label all nodes in pod anti-affinity test. * Fix description of diff flags. * Add debug info to kubectl e2e * Use Key() in Path composition * Fix a static check failure in controller-manager * Fix retry logic in DisruptionController * Move Update Apply conflict test to field manager test * Early return after sending to errCh in Options#eventHandler * clean-up shared metrics code and remaining references (component-base's copy is a drop in replacement) * Add new flag for whitelisting node taints * Adding termination grace period to Deployment, RC, RCSet, and Job * Add LinuxOnly tag to e2e testing session affinity * Kubenet can't fail fast on teardown * delete extra comma * Add IPv6 support to kubenet hostport * Fix broken link. * Use log functions of core framework on test/e2e/scheduling * Reword the comment for ServiceIPRange * Remove default service cidr * Updated stripFieldsTest to be run with update instead of apply * Made some spelling & grammar edits to the README * Remove Client#ClusterAvailable from interface * replace iteration with hashmap in *state_of_world * Typo fix: binded -> bound * Take the context as the first argument of Schedule * Fix sync pod log format and a func typo. * Rewrite tests for tableprinter.go * Reduce redundant Nodes().List() call * Reduce indents of DumpAllNamespaceInfo() * Explicitly handle returned error values in admission metrics_test * fix wrong typo stoageMap to storageMap * Cleanup UT test data after test done. * fix shellcheck failure in test/image/image-util.sh * Moved managed fields validation to server-side apply * Remove recursion in waitForVolumeDetachmentInternal * Break out of loop when finalizer is found * add myself to util metrics owners * replace factory.NewConfigFactory with scheduler.New in volumescheduling * Update ConfigMap test * add logicalhan to reviewers for api-machinery directories * remove blank lines * Add a method to TestContext to check if is IPv6 * use log functions of core framework * use log funcs of core framework in the test/e2e/scalability and test/e2e/cloud package * cleanup test code in lifecycle, servicecatalog and ui package * Fix typo in kubectl describe docs * Typo fix: EptyDir -> EmptyDir * fix typo in pkg * Remove unnecessary factory layer * Fix typo in EnableInf*l*ightQuotaHandler flag * Remove duplicated log. * feat: remove factory.Config from mustSetupScheduler * feat: use scheduler.New instead in createSchedulerConfigurator * Fix static failure from package: vendor/k8s.io/kube-aggregator * added override for sd testing env in event-exporter yaml * aws: sort addresses of multiple interfaces correctly * Add support for preemptible instances in node-e2e * fixed typos in kubectl book * Apply will fail with managed fields + tests * fixed a typo in kubectl book * Apply zero TerminationGracePeriodSeconds to preemption victims * remove runtime.VersionedObject from universal apimachinery * Fix Container exit message lost due to FallbackToLogsOnError is not compatible with ContainerCannotRun * Drop hyperkube use from local-up-cluster.sh * Add -s to du commands to not traverse other file systems * Fix golint failures of pkg/kubelet/qos * feat: remove deprecated include uninitialized flag * remove apiserver loopback client QPS limit * Fix informer-gen to honor nonNamespaced tag * Fix link to moved Docker image * very minor grammar fix in 10-kubeadm.conf ('generate' instead of 'generates') * removed duplicated kubectl get * removed extra hyphen in kubectl book * Fix log level for runtime error in kubelet.go * Add benchmarks for yaml marshaling and unmarshaling * Delete the redundant define test * Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" * correct the return information in scheduler.go * fix typos in if statememnt in /test/e2e_node * spelling error 'doen't' * fix syntactic error in kuberuntime_manager.go-2 - Convert changes file to proper UTF-8 format: new version of RPM are getting strict in interpreting files. - Update to version 1.16.3: * kubeadm: fix skipped etcd upgrade on secondary cp nodes * Add testcases covering large valid patches * json unmarshal coded error at function applyJSPatch() * Stop Watching when there is encoding error * Remove HostPathV0 tests in preparation for removal in 1.17. This is so that upgrade tests dont fail when support for v0 drivers are removed in k8s 1.17 * add cache read type prefix for const * update getmetadata to use unsafe read * add allowunsafe read * Flush data cache during unmount device for GCE-PD in Windows * add a fallback for kube-scheduler when events.k8s.io is disabled * modify detach timeout to be csiTimeout * fix windows performance counter father information failed on Non-English environment * bump metrics server version o v0.3.6 * Bump metrics-server version to v0.3.5 * rename metric for apiserver request terminations and reword corresponding documentation * pluralize error metric name * Fix double counting issue for request metrics on timeout. * Do not bind block PV/PVCs when block feature gate is off * Return an error when zone info is not found. * Use --stamp flag in bazel builds * Update to use go1.12.12 * Update Cluster Autoscaler version to 1.16.2 * add tombstoones handle for pdb * Amend CHANGELOG-1.16.md for v1.16.2 * Fix proto.Merge of IntOrString type * Bump to etcd 3.3.17 and bbolt v1.3.3 * Add/Update CHANGELOG-1.16.md for v1.16.2. * Kubernetes version v1.16.3-beta.0 openapi-spec file updates * release: lib: revert docker_registry to constant k8s.gcr.io * Remove check causing informers to miss notifications * auth/cloud-platform is a superset of devstorage. * Remove e2e/common package usage in volumemode testsuite * Mark startupProbe test as NodeAlphaFeature and fix podClient instanciation - Update to 1.16.2 included: * fixes for bsc#1152861 * bump gopkg.in/yaml.v2 v2.2.4 (CVE-2019-11253) - Ensure that BPPFS is mounted before starting kubelet (bsc#1146991) - Update to version 1.16.2: * apiextensions: npe panic in structural schema unfold * Fix dynamic kubelet config init order * Fixed bug in TopologyManager with SingleNUMANode Policy * Merge pull request #83102 from feiskyer/fix-too-many-calls * Address PR comment * Update service controller to prevent orphaned public IP addresses * Limit YAML/JSON decode size * bump gopkg.in/yaml.v2 v2.2.4 * Add/Update CHANGELOG-1.16.md for v1.16.1. * Kubernetes version v1.16.2-beta.0 openapi-spec file updates * Don't leak a go routine on panic * using online instead to fix kubelet service failed with wrong number of possible NUMA nodes * Update go mod hcsshim version to fix the kube-proxy issue cannot access service by self nodeip:port on windows - Update to version 1.16.1: * Deflake TestWatchBasedManager * Update to use go1.12.10 * remove apiserver loopback client QPS limit * Use ipv4 in wincat port forward * Update codegen violation rules * Update generated code * Add example3.io:v1 to update-codegen.sh * Add example3.io * informer-gen: allow package names containing dots * Update cluster autoscaler version to 1.16.1 * Fix ipv6 ip allocation method for standard lb * fix map assignment to entry in nil map,when use --feature-gates in kubeadm * Fix closing of dirs in doSafeMakeDir * Fixed a scheduler panic on PodAffinity * TokenCleaner#evalSecret should enqueue the key * Only set ipv4/ipv6 routes when there is corresponding CIDR. * Add/Update CHANGELOG-1.16.md for v1.16.0. * Kubernetes version v1.16.1-beta.0 openapi-spec file updates * expose and use an AddHealthChecks method directly on config * fix: azure disk detach failure if node not exists * Exec probes should not be unbounded * Add 16MB limit to dockershim ExecSync * Add LimitWriter util * Encryption config: correctly handle overlapping providers * Check cache is synced first before sleeping - Update to version 1.16.0: * Add/Update CHANGELOG-1.16.md for v1.16.0-rc.2. * fix kubelet status http calls with truncation * Expose etcd metric port in tests * Only publish openapi for structural schemas * Omit openapi properties if spec.preserveUnknownFields=true * Fix iptables version detection code to handle RHEL 7 correctly * Propagate and honor http.ErrAbortHandler * Updated stripFieldsTest to be run with update instead of apply * Moved managed fields validation to server-side apply * Apply will fail with managed fields + tests * Regenerate specs * Remove alpha status from ManagedFields * Add/Update CHANGELOG-1.16.md for v1.16.0-rc.1. * Update Cluster Autoscaler version to 1.16.0 * Fallback to schemaless apply behavior for custom resources with unhandled schemas * Improving GCE cluster up logic for EndpointSlice Controller * Add read-only rbac for csinodes to cluster-autoscaler * Update cluster-autoscaler image to v1.16.0-beta.1 * Update kubernetes dev setup instructions * Update client-go install instructions * Fix wrong command in e2e agnhost utility function * Fix filter plugins are not been called during preemption * Adding a nil check in endpointslicecache * Simplify etcd image version usage in kubeadm * Add etcd image version to kubeadm * Ensuring endpointslice controller starts up as part of cluster up when all alpha feature gates are enabled * kubeadm: Fetching kube-proxy's config map is now optional * Prevent resultPod.Status.ContainerStatuses from being empty. * Add dns capability to GCE window cluster * rebase * Add comment * Adding ENABLE_STACKDRIVER_WINDOWS * Install and start logging based on kube env * Add/Update CHANGELOG-1.16.md for v1.16.0-beta.2. * Update CHANGELOG-1.16.md for v1.16.0-beta.2. * Fixing bugs related to Endpoint Slices * kubelet e2e: defer the close to after the error check * skip recording inputs & outputs in fake script plugin when CNI_COMMAND=VERSION * bump metrics-server version to v0.3.4 * in GuaranteedUpdate, retry on precondition check failure if we are working with cached data * test * Make sure loadbalancer service is deleted before exiting the test * fix namespace termination conditions to be consistent and correct * Ensure the KUBE-MARK-DROP chain in kube-proxy mode=ipvs * Add integration test for webhook client auth * Plumb service port, URL port to webhook client auth resolution * Search client auth with and without port * Update NodeSSHHosts to support clusters with some public nodes * add ready plugin to dns tests * kubeadm: Form correct URL for IPv6 in HTTPProxy check * Remove symlink support from kubectl cp * Register all volume plugins in kubemark * persistentvolume-controller: fix data race of non-deepcopied objects in fake client * Allow typha-cpa to get apps/deployments * e2e log: fix time stamp normalization in unit test * Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible * using const instead * test(runtimeclass): add e2e tests for runtimeclass scheduling * Ensure backend is ready in listing webhook e2es * Honour "nbf" claim if present in ID token * Make CRD conversion e2e tests robust in non-aggregator-routing clusters * Make admission webhook e2e tests robust in non-aggregator-routing clusters * Make CRD admission webhook e2e work in parallel test environments * Add readiness probes to CRD/Admission webhook pods * Fix failure running `make build test` in cluster/images/etcd * Update default etcd server to 3.3.15 for kubernetes 1.16 * promote crd discovery e2e to conformance * Adding kubectl support for EndpointSlice * Add support for konnectivity service to the etcd3 client. * update cAdvisor godeps to v0.34.0 release * Add /readyz endpoints to converter/webhook test image * Move HostUtil to pkg/volume/util/hostutil * Add discovery docs crd e2e test * use the existing request info * use the same context for aggregated and proxy requests * add temporary feature gate to allow disabling aggregated discovery timeout * add env var to allow disabling the aggregated discovery timeout * add a timeout for proxying discovery requests * Single-numa-node Topology Manager bug fix * Added Single NUMA Node Policy which ensure resource are aligned on a single NUMA node * Update CanAdmitPodResult() in TopologyManager to take a TopologyHint * fix nit * run hack/update-vendor.sh * Remove defaulting for x-k8s-list-type * Update generated * Fix validation and add many tests * Use CRD validation field in server-side apply * Update kube-openapi version * fixed golint error * Adding EndpointSlice RBAC for node-proxier/kube-proxy * ipvs dualstack: generated items * create meta-proxy for proxy-mode=ipvs (dualstack) * Adding EndpointsAdapter for apiserver EndpointSlice support * Added support for ILB Global Access * startupProbe: make update * startupProbe: Test changes * startupProbe: Kubelet changes * startupProbe: API changes * Fix Windows disk usage metric measurement * wire up the webhook rejection metrics in webhook handlers * test * add webhook rejection metrics * add /livez as a liveness endpoint for kube-apiserver * Promote admission webhook e2e tests to conformance * webhook-e2e: add denying CR update test case, check CR patch and * Fixed comment to refer to the right int accessor for Quantity * Update semantics to set Preferred field in TopologyHint generation * Write the Stackdriver config separately from the installation. * bazel update * e2e logging: disable brittle output test * Promote CRD e2e tests to conformance * Update NPD addon to use v0.7.1 * Update CPUManager topology helpers to accept multiple ids * Update RuntimeClass E2E expectations * cmd/kubeadm: remove "rpc/status" from import-restrictions * vendor: update with "update-vendor.sh" script * k8s/apiextensions-apiserver/test/integration: block etcd client creation until connection is up * test/integration: block etcd client creation until connection is up * kubeadm/app/util/etcd: : block etcd client creation until connection is up * cluster/.../etcd/migrate: block etcd client creation until connection is up * Update running_pod_count and running_container_count metric * Add !providerless tag * Adding an e2e test on GMSA support * Fix out of bounds error in timeout tests * bump coredns version in kubeadm to 1.6.2 * Remove kubectl log * update dependencies file * hardcoded check sha of corefile tool * Add pre pull of e2e images after DiskPressure test * Fix static check errors * Use k8s.io/utils package * Update modules for openstack staging. * Fix linting errors on provider staging * Move Openstack provider to staging * Add devicemanager tests for TopologyHint consumption * Consume TopologyHints in the devicemanager * Add devicemanager tests for TopologyHint generation * Generate TopologyHints from the devicemanager * Added stub support for Topology Manager to Device Manager * Change Topology.NUMANode in device plugin interface to a repeated field * Update generated files * generated * apiextensions: merge openapi spec ignore path conflict * add a test to make sure the CRD OpenAPI path and defintion are protected * Add tests for namespace status conditions * Add status conditions to namespaces * fix(kubectl): all-namespaces flag being ignored by ToBuilder() in builder_flags.go * use directly DeletionHandlingMetaNamespaceKeyFunc from client-go * Adds visitor test for traversal errors * Adding EndpointSlice support for kube-proxy ipvs and iptables proxiers * Migrate the e2e provisioner container image to a different location. * Move kubectl cp back to k/k * azure support for ipv6 and dual stack services(excluding ILB) * Adding EndpointSlice controller * Graduating Windows GMSA support to beta * crd-e2e: check watch observes CR modified events; use WatchUnsafe * fix semantics of the rejected label in webhook metrics * Fix broken link to api-conventions doc. * kubeadm: fix a bug where the kubelet cert rotation was turned off * Regenerate openapi-spec * Fix bug in CPUManager with setting topology for policies * Make ServerSideApply beta, and enable by default (on the server) * Rename --experimental-* flags to --* for server-side apply * serviceaccounts: Add JWT KeyIDs to tokens * Use http/1.1 in apiserver->webhook clients * Plumb NextProtos to TLS client config, honor http/2 client preference * Enable the RuntimeClass admission controller on GCE & CI * api: Loosens RunAsUserName validation * add checksum * group imports properly * migrate kube-proxy metrics to stability framework * migrate controller-manager metrics to stability framework * Make webhook benchmarks parallel * add some documentation around the metrics stability migration changes for clarity * migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework * Add authentication metrics: overall failure and error count * Use log functions of core framework on sub [p-s] * phase 2: generated items * Fail fast with TopologyManager on machines with more than 8 NUMA Nodes * Add NUMA Node awareness to the TopologyManager * phase 2: ipam filter secondary service cidr * Phase 2: service and endpoint processing * phase 2: api types + defaulting + validation + disabled fields handling * Tombstone the former Fields field by commenting the old entry * Move the IsMasterNode function to tests and mark it Deprecated * Cleanup staticcheck issues for package in client-go. * Node lifecycle controller should use a label for excluding nodes * Service controller should begin moving away from node-role labels * Add a feature gate for legacy node-role behavior * [Framework] Add UnschedulableAndUnresolvable status code * fix: prevent overriding of certain kubelet security configuration parameters if the user wished to modify them. * migrate scheduler metrics endpoint to metrics stability framework * e2e storage: read/write + read-only ephemeral inline volume test, data sharing * e2e storage: wait for pod deletion * e2e storage: multi-volume and multi-pod tests for inline ephemeral volumes * e2e storage: check NodeUnpublishVolume in csi-mock tests * e2e storage: enable testing of ephemeral inline volumes with hostpath CSI driver * e2e storage: synchronize .yaml files with latest upstream releases * Add e2e test for volume limits * Bump NPD version to v0.7 for GCI * generated * storage: make CSIInlineVolume a beta feature * storage: make tests independent of CSIInlineVolume default * Update CRD docs * Support PluginWatcher in Windows * Remove myself from reviewers across the repo so that PRs are no longer assigned to me by blunderbuss. * gce staticcheck fixes * Update vendor k8s-cloud-provider and google API * Disable tracking manged fields on scale sub-resource * Add issue to TODO * Update round-trip compatibility test * Regenerate all * Add new FieldsType to clarify the format of Fields * Rename TopologyHint.SocketAffinity to TopologyHint.NUMANodeAffinity * Update CPUManager to include NUMANodeID in CPUTopology * Updated the godoc on the CRD API types to follow conventions * Cache the discovered topology in the CPUManager instead of MachineInfo * Skip deleting custom resource instances that overlap with storage for built-in types * add comment about explicitly registering grpcprom client metrics * add some documentation around the metrics stability migration changes for clarity * add stability level to aggregator metrics and drop blank line in cmd file * migrate kube-apiserver metrics to stability framework * Re-implement AWS test driver interfaces * extending RequestedToCapacityRatio priority function to support resource bin packing of extended resources * Rename mount.IsBind to mount.MakeBindOpts * remove dependency to pkg/features on service controller package * derive node CSR hashes from public keys * Refactoring pod related functions from pv_util to pod pkg * Generated docs for ephemeral containers API * Improve API documentation for ephemeral containers * Enable CSI e2e tests for volume expansion * Graduate volume expansion to beta * Factor PassiveClock out of clock.Clock * Add discovery docs webhook e2e test * aggregator: add metric for openapi regeneration * kubeadm Json6902 Patches * storage: fix CSIInlineVolume round-trip test * apiextension: add metric for openapi regeneration * aggregator/apiextensions: v(2) log why OpenAPI spec is regenerated * delete lo network when TearDownPod to avoid CNI cache leak * DNS e2e tests differentiate between IP family * Make TestContext.IPFamily global for parallel testing * apiextensions: always set lastTransitionTime when CRD condition changes * remove slice dependency * run hack/update-bazel.sh * Update kubectl polymorphic logs helper for ephemeral containers * Change the seven blanks to ` {7}` in the regex, so it will be more readable. * apiextensions: set 'metadata.generation: 1' during read from etcd if not set * use log functions of core framework * fix test/e2e/gke_node_pools.go * Add a helper function to decode scheduler plugin args * Correct func name WithBuildMetadata * revert wrongly replaced log function ginkgo.Fail * kubectl: take pod overhead into account * generated * remove test cases disabling the gates * bump the CRD feature gates to GA and lock the defaults * Add types to StatefulSetUpdateStrategyType constants * Remove conflict logic from PodTolerationRestriction * Fix toleration comparison & merging logic * Updating log after framework code refactor * Remove ndots check as it doesn't apply to windows * Run hack/update-bazel * Change custom DNS test to use ipconfig instead of resolv.conf * Add e2e DNS tests to windows tests * Adding discovery/v1alpha1 API for EndpointSlices * Bump cluster proportional autoscaler to 1.7.1 * e2e/network: add service hairpin test * Split defaultPrintHandler from handlerEntry in table printing * Improve error message on server-side apply conflicts * add cache-control headers to kube-apiserver * Move MakeFile/Dir from HostUtil to host_path vol * schedule code clean: using string prefix instead of MarkDeprecated * Internalize mount.Interface.IsMountPointMatch * apiextension: fixup defaulting tests * Utilize reflectorMutex in LastSyncResourceVersion * apiextension: promote defaulting to beta * Cleanup ginkgo.Fail calls from the e2e test framework * Add support for vSphere volume mount/attach on Windows * Use preferred import packages for test/e2e * e2e logger test: handle paths in Kubernetes CI * bazel update * e2e: consistent failure logging * e2e: unit test for logger.go and ginkgowrapper.go * Use log functions of core framework on test/e2e/apps * Clean up staticcheck issues. * apiextension: ratcheting validation of unpruned defaults * publishing: add missing deps for 1.16 branch * e2e_kubeadm: use log functions of core framework * v1beta1: bugfix in Event struct definition * fix typo in build/platforms.bzl * Correct comment in CertOrKeyExist * Remove watching Endpoints of Headless Services * Tolerate ending slash when running staticcheck * Updated comments in wait.go * generated * Mark v1beta1 admissionwebhook and crd types as deprecated * Use cached selectors/client for webhooks * Add admission benchmarks * Let webhook accessors construct client/selectors once * apiextensions: remove preliminary committed openapi packages * kube-aggregator: remove preliminary committed openapi packages * Clean up staticcheck issues for gce. Dealing with deprecated issues. (staticcheck SA1019) Dealing with error discard issue. (staticcheck SA4006) Dealing with context overwritten issue. (staticcheck SA4009) Dealing with unused functions. (staticcheck U1000) Remove gce from staticcheck failure list * Enable the RuntimeClass admission controller for scheduling * apiextension: prune default values in storage * apiextension: complete validation of meta data defaults * apiextension: reject x-kubernetes-embedded-resource with empty properties * apiextension: fix go-openapi validation error path at the root * apiextension: fix structural additionalProperties in ToOpenAPI() * Fix failing test * Use log functions of core framework on sub p* * allow an apiserver to only serve http1 * Add tests * Only update managedFields on update if it already exists * Move PrintPerfData to the test * generated * tests * mutating webhook: audit log mutation existence and actual patch * Add --include-test-files flag to verify-import-boss * Add test for HTTPExtender.IsInterested * tests: Adds RunAsUserName tests * Update PrintOptions to more appropriate GenerateOptions in some cases * hack/pin-dependency.sh k8s.io/gengo 26a664648505d962332bda642b27306bc10d1082 * Remove nsenter impl from pkg/vol/util * feat(scheduler): move node info snapshot out of internal package * moving podInformer to node controller scope * kube-proxy: improve logging around network programming latency SLI. * Add ephemeral container to GetPodVolumeNames test * fix upgrade checks * update scale client to support non-namespaced resources * Add dropDisbledFields() to service * kubeadm: fix static check failures * Fix devicePath for raw block expansion * Replace time.Sleep with poll.wait in admission e2e tests * test(scale): fix tests * fix: patch the Scale subresource if no precondition was given * fix-typo-cmd/kubeadm/app/util/config/initconfiguration.go * Make container removal fail if platform-specific containers fail * Use log functions of core framework on sub [j-l] * Don't overwrite PVC with nil/empty object returned by failed Update * Adding TooMany error type * Switch to v1 for admission and CRDs for all api-machinery e2e tests * s/nolegacyproviders/providerless/ * Use log functions of core framework on [d-i] * hack/update-bazel.sh * make it possible to start kube-api-server and kube-controller-manager without legacy cloud provider flags * make it possible to build kubelet without legacy cloud providers * add build tags to legacy provider code and make it possible to build kube-controller-manager without any legacyproviders or without particular legacy providers * Drop Azure/go-autorest from pkg/controller * Use log functions of core framework on p* * Included resizing for CSI-based block volumes. * Fix golint issues in pkg/apis/apps and pkg/apis/apps/validation * feat: use PreBind instead of Prebind in the scheduling framework * feat: use PostBind instead of Postbind in the scheduling framework * feat: use PreFilter instead of Prefilter in the scheduling framework * Split HostUtil functionality into its own files * Change GenerateTable parameter PrintOptions to GenerateOptions * Remove decorateTable() from TableGenerator * kubeadm: print the stack trace of an error for klog level v>=5 * move testfiles back * copy testfiles to hostutil dir * move files back to mount * copy mount files to hostutils * Promote VolumePVCDataSource to beta for 1.16 * remove the ipvs checks from the preflight checks * move WaitForCacheSync to the sharedInformer package * Cleanup: fix typo in flag help message * check that the recorded event is not nil on refreshExistingEventSeries * apimachinery: hide 'suppressing panic for copyResponse' error' in ReverseProxy * removed equivalence cache tests * apiextensions: builder for OpenAPI v3 * apiextensions: move openapi schema builder and merge code into package * Add e2e test for Lease API * Remove all skips from admission and CRD e2e tests that will be promoted to conformance * Add fast path to podFitsOnNode * Remove dead code * Renaming strict policy to restricted policy Restricted policy will fail admission of guaranteed pods where all requested resources are not available on a single NUMA Node * bazel update * Do not cleanup node lease namespace in e2e setup suite * Omit nil or empty field when calculating hash value * drop unused check * add legacyBinding for non-Named Binding Creater * check pod name with that in pod eviction object * check pod name with that in binding object * populate object name for admission attributes when CREATE * fix cluster/images/conformance/go-runner/tar_test.go * Fix cloud reported hostname being overridden if nodeIP set * Add hex108 as a scheduler reviewer * add SataQiu to hack/ approvers * feat: update runtime class admission plugin * Skip spec.volumes mount/map test if no SSH * GCE/Windows: use "return" as "continue" for ForEach-Object * Fix windows kubectl log -f. * Check service finalizer on upgrade test and fix-up test cases * Finish implementation of stable metrics static analysis * promote the remainingItemCount field to beta * mv HasMountRefs from mount pkg to vol/util * Remove watching Endpoints of Headless Services * move ShuffleStrings to pkg/proxy * Dump the stacktrace while an error occurs * Un-blacklist pkg/kubelet for staticcheck * add client-go as a dep of component-base * duplicate migrated variants of shared metrics into component-base * Cleanup more static check issues (S1*,ST*) * Clean up error messages (ST1005) * Clean up deprecated references * Fix misc static check issues * Remove dead code from pkg/kubelet/... * Make sure no op updates don't affect the resource version * move version logic directly into the component-base, to simplify legacyregistry logic * Fix flaky hugepages tests by decreasing page count * removing redundant code * Close leaking files in `conformance/walk.go` * fix: azure disk name matching issue * disable staticcheck on a few more packages * Update google.golang.org/genproto to c66870c02cf8 * Update github.com/coreos/etcd to v3.3.15 * Update google.golang.org/grpc to v1.23.0 * fix static check for test/e2e/framework * Fix verb reporting in metrics * controller:volume fix static check failures * Update existing node lease with retry. * Check error return from Scheme.Convert * Use lesser of context or webhook-specific timeout in webhooks * Remove check for addIPv6Checks which evaluates to true * Use framework functions under test/e2e/node/ * Add tests for newly exposed drain code * Use log functions of core framework on [c-n] * Promote service load balancer finalizer to beta and enable by default * kubeadm: support any kernel version newer than 3.10 * generated * mark CRD .status.conditions as optional * tests: Skips Windows-unrelated tests on Windows * test images: Updates image building process README * Use non-default container port and scoped port vars in webhook e2e tests * staticcheck follow-up to address late feedback * bump coredns to 1.5.0 * add coredns migration support to upgrade.sh * fixes a bug that connection refused error cannot be recognized correctly * Use VisitContainers instead of directly accessing pod container fields * update dependencies * Fix returning logs from ephemeral containers * update build dep * move the corefile backup into a single configmap with a corefile-backup data key * Move RunNormalizeScorePlugins and ApplyScoreWeights into RunScorePlugins; Also add unit tests for RunScorePlugins. * Optimize internal data structure of EvenPodsSpread * Add Benchmark test for EvenPodsSpread predicate * removed awk from kubeadm reset * Fix CRD v1 release note * Plumb context to admission Admit/Validate * plumb client-specified request timeout to context * chore: add reviewer of csi-translation-lib * Add/Update CHANGELOG-1.16.md for v1.16.0-beta.1. * Update CHANGELOG-1.16.md for v1.16.0-beta.1. * kubeadm: do not use github.com/blang/semver in app/preflight * don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier * test images: Adds README containing image building process * fix: add kind parameter in CSI migration * Log the error return from dir removal * fix: trim new line for azure storage account name * Refactor NewXXXPlugin in framework_test to avoid package variable and do some other refactor * Bump agnhost image version to 2.5 * Update e2e tests to use CRD v1 API * pod-overhead: utilize pod overhead for cgroup sizing, eviction handling * Add static analysis verify script * Delete duplicate resource.Quantity.Copy() * Bump golang.org/x/tools version for staticcheck compat * Vendor staticcheck * Leave Windows Defender enabled for clusters on GCE * accept dial timeout in webhook e2e * Update structured-merge-diff to latest version * Fix e2e for block volume expansion * Group update managedFieldsEntries by manager name * inject transformer prefix into metric * Split printer tests into table generation then table printing * Split HumanReadablePrinter struct into generator and printer structs * add delete to gaugeVec, histogramVec, summaryVec since kubelet requires it * provider/azure: Fix load balancer distribution constants * Update vendor for Azure API bumps * Update Azure imports to latest API versions * Add messages for framework.Expect* in volumeMode tests * Speed up block volume e2e test by checking events * Check the error return from listener close * Rename WaitTimeoutForPodEvent to WaitTimeoutForEvent and move it to common/events.go * Fix Test for kubeadm/app/util/net.GetHostname * Update CHANGELOG-1.14.md for v1.14.6. * Update CHANGELOG-1.15.md for v1.15.3. * Update CHANGELOG-1.13.md for v1.13.10. * Update the PR template for latest 'additional documentation' enhancements * change GetVolumeName log level * Add/delete load balancer backendPoodID in VMSS. * add delete to counterVec wrapper, since we require it in the kubelet * lock the mutation of the create boolean for safety * fix typo * fix: disk not found issue in detaching azure disk * fix: detach azure disk issue using dangling error * convert EndpointNamespace showing string rather than pointer * Remove boolean waitForComponentRestart which is always true in upgradeComponent * Use v1 admissionregistration APIs in e2e * Fix in kube-proxy for sctp ipset entries * Upgrade ConversionReview e2e test image to also support v1 * ConversionReview v1 * Fix GCE typo in test output * swap BenTheElder for rmmh in typecheck / go-srcimporter reviewers * remove unnecessary ignore * FlattenListVisitor now continues traversal on errors and returns an aggregate error * remove unused jenkins scripts * update hack/jenkins/README.md * check clusterCIDR after occupy serviceCIDR * Don't track syncProxyRules runtime if not running * Bump nfs-provisioner to include GetReference fix * Demote HPA tests from release-blocking * Demote regular resource tracking tests from release-blocking * Add benchmark for updates and get with/without server-side apply * Drop GetPods from ActualStateOfWorld * implement request cancellation in token transport * generated * CRD v1: require structural schema for v1 * CRD v1: switch integration tests with defaulting to v1 * CRD v1: require valid openapiv3 types * CRD v1: limit 'default' use to v1 * CRD v1: require schema * Move HandleFlags to e2e package * Modify dns e2e to individualise GCE specific dns checks into seperate e2e * Only advertise supported patch types * ignore agnhost binary * Fix handling empty result when invoking kubectl get * Delete agnhost binary * use factory.Config fields directly in scheduler struct * Removes conflicting Quobyte tenant test error from API validation * Get location and subscriptionID from IMDS when useInstanceMetadata is true * Results of running update scripts: update-openapi-spec * Update GetTopologyHints() API to return a map * Initialize flags to support extra flags * replace ping with connect in msg * use agnhost image * update go to 1.12.9 * Add log.go back to core of e2e test framework * Disable kubelet restart tests for file volmode * Skip preprovisioned and inline volume tests if driver supports dynamic provisioning. * kubeadm: use etcd's /health endpoint for it's liveness probe * Lint Azure imports * Update vendor for Azure dependencies * Update Azure/azure-sdk-for-go and Azure/go-autorest modules * updated kubeadm reset wording to be more clear * Add e2e tests for CSI PVCDataSources * buildPortsToEndpointsMap should use flattened value type * aggregator: add myself to approvers * Move ConfirmStatefulPodCount to e2e test * CRD v1: disallow spec.preserveUnknownFields=true * CRD v1: combine webhookClientConfig and conversionReviewVersions under webhook struct * CRD v1: drop spec.scope default * CRD v1: drop top-level version, validation, subresources, additionalPrinterColumns fields * CRD v1: change JSONPath to jsonPath * CRD v1: install/register types * CRD v1: copy v1beta1 types to v1 * Taints and tolerations e2e test re-work * cleanup: fix typos in rbd_util.go * cleanup: fix typos in error message in e2e test * error config attachable plugin * add the ability to migrate coredns configmap * error config attachable plugin * remove defaultedInternalConfig fromr kubeadm * fix error set csiplugin attachable * Fix panic when errors are nil * Add test for unused volumes * Skip unused volumes in VolumeManager * Refactor makeMountsMap into GetPodVolumeNames * Add http response code 503 to check. * kubeadm-kustomize-ux * [kubernetes/kubeadm] fix minor nil issues in kudeadm code * fix some typos in recycle_test.go * Make drain library more reusable * Propagate error from NewEtcd * Lowercase first letter of chainable errors in PVC protection controller * Add live list of pods to PVC protection controller * Upgrade AdmissionReview e2e test image to also support v1 * Bump vertical autoscaler to v0.8.1 * Add instruction for "Application Default Credentials" * fix shellcheck failures in hack/test-integration.sh and hack/verify-test-featuregates.sh * Add admission e2e tests for untested stable operations * fix some typos in testing.go * kube-proxy: do not export network programming latency for deleted enpoints. * feat: use schedulerapi.MaxPriority instead of hard-coded int * feat(scheduler): return error when score is out of range * Promote e2e verifying service type updates * do not publish openapi for a schema containing bad types * Add CRD e2e tests for list, delete collection, and status sub-resource operations * Handle error correctly in kubee-proxy command * Fix malformed port in vsphere cloud provider test * Add CPUManager tests for TopologyHint consumption * Consume TopologyHints in the CPUManager * Add CPUManager tests for TopologyHint generation * Generate TopologyHints from the CPUManager * Add IterateSocketMasks() function to socketmask abstraction * Fix up failing boilerplate test * Update to go 1.12.8 * fix azure load balancer update dns label issue * Fix default scheduler crash if scheduler extender filter returns a not found node * change deprecatedVersion type to string for static analysis parsing ease * Add service reachability polling to avoid flakiness * Update vendor * Pin golang.org/x/net to cdfb69a * Remove fail argument from ReadOrDie() * Move GetGPUDevicePluginImage to the test * Move ProxyRequest to kubelet e2e fw * resource: cleanup helpers_test.go * kube-eviction: use common resource summation functions * resource: modify resource helpers for better reuse * bump go-grpc-prometheus since 1.2.0 actually exposes the metrics * kubeadm: add v1.17 to the list versions that map to etcd version * Re-Generate k8s.io/apimachinery/pkg/util/sets * Update k8s.io/gengo to 955ffa8fcfc983717cd9de5d2a1e9f5c465f4376 * storage: add test for ValidateCSIDriverUpdate * storage: check CSIDriver.Spec.VolumeLifecycleModes * storage: validate CSIDriver.Spec.VolumeLifecycleModes * storage: generated files for CSIDriver.Spec.VolumeLifecycleModes * storage: introduce CSIDriver.Spec.VolumeLifecycleModes * kubelet: add eviction counter to metrics * rename healthz methodNames to be more consistent w/ present day usages * Fix event when Cinder volume can not be expanded when in-use * use image in statefulset too * Hide bearer token in logs * Address review comments * proxy/ipvs: test cleanLegacyService with real servers * run ./hack/update-vendor.sh * Kubernetes version v1.17.0-alpha.0 openapi-spec file updates * kubectl: eliminate unnecessary blank ending line (#81229) * Delete extraneous CHANGELOG-*.md files on branch. * add missing import required by build scripts * Use RWMutex in watchBasedManager * [k8s.io/client-go]fix typo in eventseries_test.go method * Fix flaky test TestPreemptWithPermitPlugin * Introduce cache for APIServices * Replace self defined const StatusTooManyRequests with http.StatusTooManyRequests. * Remove algorithm.NodeLister from scheduler interface * Update csi-provisioner and snapshotter to get selflink fix * remove alias until we can get the proper alias in place * Update docs for service/endpoints port names * Propagate error from NewREST * proxy/ipvs: remove unused constant rsGracefulDeletePeriod * add logicalhan as approver on component-base/metrics * Error code incorrectly hidden in recordEvent * Update CSI hostpathplugin to include cloning fix * Return 503 for custom resource requests during server start * Revert "Toleration priority function score computation" * kubeadm: cleanup unnecessary slice initialization statements * cleanup: proxier.go error message fix * Inline/simplify two used-only-once service test helper functions * Replace self defined const StatusTooManyRequests with http.StatusTooManyRequests. * adds an integration test for double deletion with a custom finalizer * placeholders for follow-up PR on kustomize UX * kubeadm-kustomize-core * publishing: remove rules for release-1.12 branch * publishing: add rules for release-1.16 branch * Implement stable metric validation and verification * Modify the logic to discover corresponding errors. * Fix conflicted cache when the requests are canceled by other Azure operations * changes the way `gc` detect that an object needs to be deleted * Fix Azure client requests stuck issues on http.StatusTooManyRequests * Add service annotation for specifying load balancer's pip with name. * Fix logging message during unmounting * tests: Fixes DNS tests for Windows * Add missed status code description in comment. * Add DataSource to PVC describe * doc: add Draven as a reviewer to test package * Set runtimeState when RuntimeReady is not set or false * Remove runDeployment() from e2e test * Fix a bug in the IPVS proxier where virtual servers are not cleaned up even though the corresponding Service object was deleted. * Remove unused BusyBoxImage * Remove core dependency from endpoints e2e fw * Remove core dependency from deployment e2e fw * Return CR validation errors as field errors * Autogenerated files * Scheduler should terminate when it looses leader lock * Rename HostUtils.GetFSGroup to HostUtils.GetOwner * Deprecate the hyperkube support for cloud-controller-manager * Rename HostUtils.ExistsPath to PathExists * Rename mount.NewOsExec to mount.NewOSExec * Update generated files * Introduce topology into the runtimeClass API * Add iptables restore failure metrics * kubeadm --pod-network-cidr supports a comma separated list of pod CIDRs. This is a necesary change for dual-stack. * Update kubeproxy config validation to support list of comma separated pod CIDRs. Dual-stack feature must be enabled for the validation to be done. * add validation for CNI config before loading and fix some typo * reduce kubelet getting node lease * Experimental ILB support * kubeadm: the permissions of generated CSR files are changed from 0644 to 0600 * remove iSCSI volume storage cleartext secrets in logs * Fix node port service reachability test for nodes running on localhost * Add load balancer cross resource group settings to config. * fix: use Create for attach/detach disk * make hostpath configurable for test * feat(scale): add Patch method to ScaleInterface * feat: cleanup pod critical pod annotations feature * Fix two race issues in scheduling_queue_test * Use the escalate verb for clusterroleaggregator rather than cluster-admin permissions * expose ability to register native prometheus collectors * Fix most linting issues in pkg/util/mount * remove redundant reviewers in test/OWNERS * promote andrewsykim to approver in test/OWNERS * Changed comment on ScaledValue (#79738) * Remove unnecessary serializer override for CRD status, test proto requests on CRD status * fix: update provisional delay seconds to 10s * fix: reduce the number of pods and volumes * fix: use workqueue to speed up of volume binding tests * feat: add logs to volume binding test * Add `gen_openapi` target to top-level Makefile. * kubeadm: Fix some documnetation errors * Adjust test case for a new command line parameter * Update to latest klog 0.4.0 * pinned cadvisor to a latest commit * Use events to speed up the test * Add test for mismatched usage of filesystem/block volumes * publish path parameter * kubeadm: remove dependency on pkg/kubeapiserver/authorizer/modes * fix kubeadm version def.bzl * Remove printOnce() on e2e tests * Constant time password comparison * Rename MetricsForE2E for golint failure * Added info requested in review of #77636, and more * Refactor validation options * Move CRD approval validation into validation package * feat: use named array instead of score array in normalizing score * remove dead code: pkg/api/resources * changed IsCriticalPod to return true in case of static pods * Lower verbosity level for some useful scheduler logs; Also add node resource info when pod is scheduled on node. * generated * update github.com/json-iterator/go to v1.1.7 * Update the Windows node image 1809 version to 0709 * also deprecate --cloud-provider-gce-lb-src-cidrs flag from kube-apiserver * add scheduling utils * move volume scheduling tests * audit & admission: associate annotation with audit level * Fix a racing issue in FakeFilterPlugin * Update CHANGELOG-1.16.md for v1.16.0-alpha.3. * update dependencies to include k8s.io/utils/inotify * fix linting issues * use k8s.io/utils/inotify instead of github.com/go-sigma/inotify * Ensure tests which rely on SSH behavior are skipped if unavailable * [TOB-K8S-027] Fix Incorrect isKernelPid check * [TOB-K8S-025] Incorrect docker daemon process name in container manager * Update WORKSPACE to fix symlink permissions * Fix symlinks in bazel-release * autogenerated files * Deprecate SelfLink + featuregate for setting it * Fix GetReference function * Add stub support for TopologyManager to CPUManager * Make nodeList schedulable * Add IPv6 support to e2e GlusterDynamicProvisioner * Get network-proxy working with GCE. * Test webhooks with and without watch cache enabled * Update configMap data checking * modify the spelling errors * Support cross resource group load balancer. * Reduce indents of resource_usage_gatherer * generated * Limit v1 webhooks to None and NoneOnDryRun side effects classes * kubeadm e2e networking test for dual-stack podSubnet check. * Promote NodePort service creation e2e test to conformance * [e2e] Add verbose to reachability test commands * Implement CodecFactoryOptions allowing clients to opt-in to Pretty encoders and Strict Decoders (#76805) * Scope e2e webhooks to avoid cross-test interference * Add security notices to changelogs * Fix golint failures of pkg/registry/core/event * Fixed a racing issue in scheduler UT * Drop cloud-controller-manager artifacts from k/k release * Validate CSI Inline Migration unconditionally * Setup directories for Metrics validation and verification KEP * Test more replicas than spec. * fix typos in create_namespace.go * Refine TestFilterPlugin * Fix error collides with imported package name * kubeadm: fix name of CA spell error * Update function for data inequality verification * Return error returned by CSINode Get if initialization failed * cleanup: fix log message error in test case * Bumped log level of CSI driver de-registration to match registration handler * cleanup: fix typo "contstruct" -> "construct" * Add davidz627 to testing manfiests csi owners * Bump GCE PD CSI Driver testing manifests to v0.5.2-gke.0 for volume limits fix * Moved e2e boilerplate to framework * Upgrade to latest k8s.io/utils * Replace string concatination with trace fields * Add trace to webhook invocations * Added import restrictions file to e2e framework * Simplify checking in getMinTolerationTime * fix: use %q instead of %v in scheduling framework * Add CHANGELOG-1.16.md to CHANGELOG.md * fixup: correct file name in log message * cleanup: remove package csi duplicated error log * Update CHANGELOG-1.15.md for v1.15.2. * Update CHANGELOG-1.14.md for v1.14.5. * Update CHANGELOG-1.13.md for v1.13.9. * Add limit of stored errors * fix shellcheck failure in cluster/test-e2e.sh * Fix example urls * Move docker specific const to dockershim. * kubeadm: use EnsureCertificateAuthorityIsEmbedded() for file discovery * Re-import api/core/install for init function * Fixed pull-kubernetes-verify issues * Fix suggestions, track removed library in bazel * Fix golint failures in some pkg/kubelet packages * kubeadm: enable secure serving for the kube-scheduler * Fix comment on dropPodStatusDisabledFields method * Simplify VisitContainers pattern in volumemanager populator * migrate scheduler options to resourceName & resourceNamespace * Fix verify-generated-files to error on untracked files * Make Overhead validation unconditional * Preserve existing ephemeral containers on update, validate unconditionally * update generated files * Allow kubectl to attach to an ephemeral container * add unit tests for attacher DisksAreAttached and BulkDisksAreAttached * Toleration priority function score computation I think, if a pod doesn't have any tolerations, we don't prefer node without taints to the one which has taints in https://github.com/kubernetes/kubernetes/blob/master/pkg/scheduler/algorithm/priorities/taint_toleration.go#L29, so there is no point in testing that particular functionality. The side effect of the above is, since we're going round-robin in every scheduling cycle sometimes we're choosing first node and in the next cycle we'd move onto next node(where taints are not being applied), so it's causing problem unnecessarily * Omit namespace when kubectl get is for the cluster * Remove NormalizeScore plugin set from config API. * increase timeout for maximum-startup-sequence-duration to decrease probability of a flake * Reduce GCE PD Attach Limits by 1 because Node Boot Disk counts as 1 attached disk * Disable gzip compression in core control plane components * Allow gzip compression to be disabled from rest.Config * Change order kubelet starts containers * Unexport kubectl cmd profiling * Added comment after invoking ensureLoadBalancer * Wait for pods to be running before eviction starts * Moved nil check inside AlphaFeatureGate.Enabled * Updated comment about ImplementedElsewhere * Setting log level to 4 since default is 2 or 3. * Added comment on how to use ImplementedElsewhere * Fixed review comments, lint. * fixed error message * addressed review comments * Add a new error type in cloud.go * skip ilb creation if subsetting is enabled. * Handle ImplementedElsewhere error in service_controller * unit test * Add a defer to kubelet boostrap token deletion * Update copyright years * added latest tag * fixed whitespaces * updated fluentd to 1.6.3 * Fix registry for prometheus-to-sd * Rename cacheWatcher#stop * kubeadm: simplified returns * publishing: remove redundant rules for kubectl * handle joinControPlaneDoneTemp.Execute errors * feat: update multiple files in e2e node with framework helpers * Fix shellcheck failures in hack/verify-test-featuregates.sh * fix: update run filter plugin for consistency * feat: implement "post-filter" extension point for scheduling framework * Fix admissionreview doc typos * Don't supress the node update error while logging * Update .golint_failures to reflect code move to staging * Update generated * RawExtension.Raw json:"-" * Update vendor modules to reflect code move to staging * Update test data to reflect code move to staging * Add IPv6 support to preserve source pod IP test * Generated * Clarify accepted versions skew requirements, update field documentation * AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 * AdmissionReview: Install/register * Move nil check for mapperPlugin earlier in reconstructVolume * Update gofmt * Update BUILD files reflecting code move to staging * Refactor e2e tests * Add in-line filesystem volumes to MakeSecPod * Don't create mounter when reconstructing block volume * Move disruptive tests to testsuites and add ones for block volume * Add ConfigMap patch e2e test with validation step * test images: Adds version and bind-tools to agnhost * Adde 9.0.2 to CHANGELOG.md * Update import statements to reflect code move * Move pkg/kubectl/cmd/{command} to staging * EvenPodsSpread: integration test * iptables: simplify version handling * kube-proxy: drop iptables version check * fix-certs-generation-for-external-etcd * iptables: don't do feature detection on the iptables-restore binary * prune owners * Only output json format from tests when building junit reports * kubeadm reset: replace Errorf with Warningf * Update kube-addon-manager to v9.0.2. * Typo fix: DaemonsSet->DaemonSet * Fix selflinks in tests * Fix selflinks in events tests * csi: Fix socket extension comment * Remove Configurator interface * Return early in ApplyScoreWeights if there are no scores * Make discovery wait for a finite time * Refactor and clean up e2e framework utils, this patch handles test/e2e/framework/kubelet_stats.go file * Update predicates to use cached CSINode in scheduler * Add independent cache for CSINode in scheduler * Fix some unreasonable places int csi ut * Fix host path test clean up * Print ephemeral containers in kubectl describe * add flag concurrent-statefulset-syncs to kube-controller-manager (#79169) * cleanup: log message typo fix * fixed golint issues. * update codedellemc/goscaleio * Fix failing service e2e due to execPod IP unavailability * kubeadm: update the supported version for 1.16 * kubeadm: apply a number of _test fixes * doc: fix couple of issues for the doc of agnhost * add secret back to the workqueue with delay time, avoid expired bootstrap tokens not being deleted * Adding support for Azure Stack ADFS case. * fix some log typos in csi_mounter.go cleanup: remove logging duplicated error message fix error msg, include err in new returned errors. Signed-off-by: ethan * Use default skuname shared Azure Disk * do not return error, when the ds is not found * Nominate Abdullah Gharaibeh to scheduler maintainers. * Use ExpectEqual in test/e2e_node/[a-d] * Unit test endpoints controller service deletion * Update compatibility fixture data: * Update generated * Use raw bytes in metav1.Fields instead of map * Don't delete service endpoints when a generic error occurs * vendor gotest.tools/gotestsum * Switch to json test output * `kubectl get` does not count binaryData keys on ConfigMap * Fix license script to handle single-segment packages * Add GetKernelVersion to ipvs.KernelHandler interface * Add code check for framework.ExpectEqual() * Remove duplicate scheduler anti-affinity preemption e2e * Refactor pkg/kubectl/conditions.go to remove file * clean GeneralPredicates code * Fix registry for PrometheusDummyExporter * apiextensions: 404 if request scope does not match crd scope * When PVC is invalid, don't count volumes in scheduler predicate * Don't count unrelated volumes in scheduler predicate * update RSA keys to 2048 bits * Fix unexpected line end in override flags * Run ginkgo in foreground, elminiate wait & pgrep * Move pkg/kubect/explain to staging * Use framework.ExpectEqual() under test/e2e_kubeadm * Refactor pkg/kubectl/{scale.go|rollingupdater.go} for move to staging * Refine watcher count calculation * Move pod related functions file in test/e2e/framework/util.go to its sub direcotry * Move pkg/kubectl/proxy to staging * proxy/ipvs: refactor TestNodePort to use test tables * Removed unsed return values of createResourceQuota * Fix tag for github.com/gogo/protobuf * proxy/ipvs: refactor TestClusterIP to use test tables * Fix hanging webhook error checking * Add NormalizeScore extension point for scheduler framework. * Upgrade Calico to 3.7.4 * Move pkg/kubectl/generate to staging * Convert e2e webhook tests to use v1 API * Determine system model for windows nodes * Move pkg/kubectl/cmd/util/openapi/OWNERS to staging * Refactor kubectl retrieve logs test to use agnhost * scheduler: make ApplyFeatureGates() stateless * upgrade repo infra to f85734f673056977d8ba04b0386394b684ca2acb * Move pkg/kubectl/interfaces.go to testing * Move pkg/kubectl/polymorphichelpers staging * Kubeadm FG for dual-stack was introduced in #80145. This PR progagates the kubeadm FG to the individual k8scomponents on the control-plane node. * apiextensions: add scope tests * split coredns dependency to decouple kubeadm and kube-up * Pop expired watchers in case there is no update * Update CHANGELOG-1.16.md for v1.16.0-alpha.2. * report error message when reset scheduler metrics in e2e test * Log an error when kube-scheduler fails to update the condition of the pod. * add options for name and namespace of leaderelection object * Use ErrorChannel to communicate errors during parallel execution in interpod_afiinity. * Use bigger keys for RSA-PSS, default for TLS 1.3 * Move pkg/kubectl/metricsutil to staging * Update vendor * Update structured merge-diff version * Debug values when test fail * Store key in TimestampedEntry * fix: do not allow nil Callbacks functions * Move pkg/kubectl/cmd/util and subdirs to staging * Update github.com/docker/distribution to v2.7.1 * Fix/Add comments on cadvisor implementations * Update logexporter version. * feedback 1 * Fix the public IP getting issues for VMSS nodes * change node-lease-renew-interval to 0.25 of renew-duration * Provision vSphere volume as per selectedNode * Move pkg/kubectl/apply and subdirectories to staging * TopologyManager: Fix rename best-effort policy files * support args for newrc funcs * kube-proxy in ipvs mode use ipvs to redirect traffic * update guide to make the command works as expected * e2e_node: clean up non-recommended import * delete the pods from unschedulable queue only when Add succeeds * Remove final file from pkg/kubectl/util * Move pkg/kubectl/cmd/util/openapi to staging * AdmissionReview: copy v1beta1 to v1 * fix-file-discovery * kubeadm networking related tests. * podSubnet check: if a podSubnet is specified in kubeadm-config then the e2e test will check that pod-cidrs of individual nodes fall within this range. * serviceSubnet check: if a serviceSubnet is specified in kubeadm-config then the e2e test will check that the kubernetes service created in the default namespace got a service IP from the configured range. * delete-bootstrap-kubelet.conf * autogenerated * Refactor and clean up e2e framework utils, this patch handles test/e2e/framework/psp_util.go file * Update misleading comemnts for HandleCrash * 1. Fix lint errors for the whole directory staging/src/k8s.io/client-go/tools/cache; 2. Remove staging/src/k8s.io/client-go/tools/cache from .golint_failures; 3. Fix some typo from comments. * fix snapshotter rbac rules * [eps-priority] auto-gen files * EvenPodsSpread: optimize Priority logic * EvenPodsSpread: Benchmarking Priority function * EvenPodsSpread: weigh constraints individually * EvenPodsSpread: minor enhancement on printing out priority score * EvenPodsSpread: Make some funcs in predicates pkg as public * EvenPodsSpread: Core Priority logic * EvenPodsSpread: Define a new Priority * Add message which shows how much CPU used * Remove duplicated check in ObserveEventAfterAction * Move pkg/kubectl/version to staging * Add a field 'RequiredAccessModes' to the driver info object that is propagated to pvc creation * fix building test/e2e_node/ with bazel 0.28.1 * Fix error message of ListTargetHTTPSProxies * kubelet: add UID to kubelet_container_log_filesystem_used_bytes metric * Allow aggregate-to-view roles to get jobs status (#77866) * Check error return from GetPodKey * Promote taint-based eviction e2e tests to Conformance * Move pkg/kubectl/describe to staging * Fix error handling issue in kubeadm upgrade * Un-[Slow] a bunch of networking tests * Assign OWNERS for pod integration tests * Avoid echoing request URL in proxy error * build: Add Release Engineering OWNERS * second iteration * Add tests for proactive init Container removal in the CPUManager static policy * Add tests for new containertMap type in the CPUManager * Proactively remove init Containers in CPUManager static policy * Retry metadata requests in get-credentials and valid-storage-scope * Don´t translate to IPv6 empty addresses * Bump kube-addon-manager's version to v9.0.2 * PVC protection controller: get rid of PVC leaks * fix pv controller not find pv for pvc provisioning * Moves pkg/kubectl/util/i18n to staging * Add annotation to disable tcp reset on SLB service * Bug fix: Set enableTcpReset of lb rules to true for Azure Standard Load Balancer * Change Socket to Node Change Node from int in TopologyInfo to type NUMANode which is an int * use correct format verb * Device Plugin API change to include Topology Info in Devices * e2e_kubeadm: clean up non-recommended import * fix typos in csi_attacher.go * Allow customize registry name of base and release images * Kubectl user exec should accept zero-length environment values #652 (#78875) * Add ipv6 support to the e2e kubectl tests * document API guarentees and deprecation policies for cloud config files * Update pkg/volume/portworx OWNERs * vendor: update for libopenstorage/openstorage to v1.0.0 * OWNERS: api-approvers should be approvers on cri-api * Regenerate * Fix pkg-names script that doesn't select files properly * Update gogo/protobuf to latest version * Update custom-serialization code to go backward * Fix some golint failures * Move some pkg/kubectl into polymorphichelpers * Unify secret and configmap triggers * Document and improve defaulting for MakePersistentVolume, dedupe some manual PV creations * hostport: Don't masquerade localhost-to-localhost traffic * Move pkg/kubectl/drain to staging * updated Bazel files * e2e storage: csi-mock tests for ephemeral inline volumes * CSI: allow drivers that can handle persistent and ephemeral volumes * e2e: remove unused ShortName from external driver definition * Promote resourceQuota e2e verifying 'object count quota' and 'quota scope' to Conformance * Refactor nested loop in getTPMapMatchingSpreadConstraints * Clarify IP family meaning * Update TODO * kubeadm: handle ResetClusterStatusForNode errors * Remove unused package //pkg/util/normalizer * Optimize Schedule by querying nodes only when needed. * Fix leader election in kube-addon manager * Revert "e2e: Skip multi-node PV test when pods scheduled on the same node" * Rename 'preferred' TopologyManager policy to 'best-effort' * Report error when iscsiadm fails during detach * add reciprocal note about keeping manifests in sync * fix kube-proxy manifest * Fix review comments, will squash later. * Move pkg/kubectl/apply.go to staging * fix typos in pv_controller.go * Move pkg/kubectl/apps to staging * Refactor and clean up e2e framework utils, this patch handles test/e2e/framework/perf_util.go * doc: nominate Draven to scheduler reviewers. * Promote job completion after failure e2e test to Conformance * Promote job pod orphaning/adotion e2e test to Conformance * Add benchmarks for serializing PodList * EvenPodsSpread: update addPod() logic to match individual constraint * fixup: address comments * EvenPodsSpread: Preemption UT on generic_scheduler * EvenPodsSpread: Supports Preemption (addPod) * EvenPodsSpread: Supports Preemption (removePod) * Store config args instead of config factory in test context * Remove NodeLister from Scheduler Configurator * Move pkg/kubectl/util to staging * Check whether metricObj can be converted to *v1beta2.MetricValueList * Corrected Cinder typos. * Add service reachability test util function and e2e fixes * EvenPodsSpread: update 'selfMatch' logic * fixup: address comments * EvenPodsSpread: UT on genericScheduler.Schedule() * EvenPodsSpread: Core Predicate logic * EvenPodsSpread: Define a new Predicate * Generated code for Ephemeral Containers in kubelet * Add support for ephemeral containers to the kubelet * Fix es 7.x.x initial cluster formation * kubeadm: add forgotten error check * cleanup: log message typo fix * Regenerate _example informers packages * fix wrong spells in events.go * fix typos in kubelet.go * fix: return empty string when status is nil * Add 'apiserver_watch_events_sizes'. * Add unit test for iSCSI refcounter * add protection for reserved API groups * Add new refcounter for iSCSI volumes * Add _example & test for a hyphenated API group * informer-gen: use correct PackageName computed from input parameters * Autogenerated files * Add simple batching to endpoints controller * Fix detachment of deleted volumes * Updates to container manager and internal container lifecycle to accommodate Topology Manager * Fix error overrided when saveVolumeData occurs error * Use scheduler cache in affinity priority functions * bugfix: panic log params in the construct method when maxInterval is less than minInterval * Update the CleanupAndExit field for the Options and the OnServiceSynced for the ServiceHandler comment * Use v1helper.GetPersistentVolumeClaimClass for compatibility * Optimize logic in EvenPodsSpread API validation * fix lint * Changed to use cmd for getting system uuid * Remove recursion in csiAttacher#waitForVolumeAttachmentInternal * add ipv6 support to the hostport/HostIP e2e test * e2e: add a function to map IPv4 in IPv6 * Move to getMachineInfo() * Dedupe all Make PVC API object functions into the one MakePersistentVolumeClaim to rule them all * Add migration shim for VerifyVolumesAreAttached and BulkVolumeVerify * Enable windows ntfs e2e storage tests for aws driver * Add support for windows to AWS EBS * Add unit test * e2e: Autodetect the IP family of the cluster * Set the systemUUID for windows nodes * proxy/ipvs: Compute all node ips only once when a zero cidr is used * proxy/ipvs: Only compute node ip addresses once per sync * Add doc that plugins in binding cycle should not use NodeInfoSnapshot() * Remove ExecutionHook API changelog entry * fix grammar err * use correct format verb * Fix potential panic in nodeGetVolumeStatsV1 * Send a reject message to permit plugin when preempting a WaitingPod * fix kubemark e2e test script * EvenPodsSpread: match selector of each constraint independently * [eps-pred-meta] auto-gen files * fixup: fix comments and use a channel to pass err * EvenPodsSpread: refactor "chained" utils * EvenPodsSpread: refactor topologyPairsPodSpreadMap * EvenPodsSpread: PredicateMetadata initilization * GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook * refactors to kubernetes cp command * gofmt * address comments * refactors to kubernetes CP command * Add CSIDriver creation factory to e2e framework * add link of kubeadm config doc * Generated code for ephemeral containers integration tests * Add integration tests for ephemeral containers * Fix retry issues when the nodes are under deleting on Azure * Generated code for ephemeral containers API * Add Ephemeral Containers to the Kubernetes core API * Rename DebugContainers feature to EphemeralContainers * Fix some error messages * Report NodeNotInitialized error when providerId is empty string * Fix csi attacher unit tests using t.Run() * use ExpectEqual in density_test.go * Record metrics when framework returns unschedulable error * make util/retry more generic * Pod e2e for reading last line can flake if pod runs to completion * cleanup: fix some log and error capitalizations * Use HTTPS as etcd-apiserver protocol when mTLS is enabled * bump smd * fix breaking change * Change default PVC AccessModes to RWO in test framework * add ability for gce to bulk verify attached disks * Drop "pod_name" and "container_name" metric labels * kubeadm: remove dependency on pkg/util/procfs * Add events to dswp * Cleanup versioning serializer * Remove unneded directory * kubeadm: remove dependency on pkg/kubeapiserver/authorizer/modes * Fix golint failure in pkg/util/netsh/testing/ * kubeadm should always fall back to client version when there is any internet issue * Remove unwanted string converstion in metrics errors * Calling Unreserve plugin before recordSchedulingFailure in case of binding failure * Cleanup comments in TopologyManager socketmask abstraction * EvenPodsSpread: regenerated API compatibility data * EvenPodsSpread: auto-gen files * EvenPodsSpread: api changes * feat: move service_util to separated package * Surface error returned by LoadConfig * fix gofmt * Updated dependencies: BUILD/modules.txt * Update all imports to scheme in staging * Moved files from pkg/kubectl/scheme to staging * fix parameterization of test error message * Make kubelet report usageNanoCores for node on Windows * Register Kubelet server metrics * Cleanup kubelet authz tests & make explicit * Update csi hostpath driver in e2e * implement functionality to return all found instances * Add package level And/Or calls to TopologyManager socketmask abstraction * Add NewEmtpySocketMask() call to TopologyManager socketmask abstraction * gce: configure: use 'amd64' in kube core images manifest * Set score plugin's weight to 1 if it is not set * Improve readability for image manager tests * Rename TriggerPublisherFunc as IndexerFunc * Precheck score plugins' weight when initializing * Update the topologymanager to error out if an invalid policy is given * Update the cpumanager to error out if an invalid policy is given * Update CHANGELOG-1.15.md for v1.15.1. * Fix error log issue, remove OrDie suffix in methods naming * Refactor and Move node related methods to framework/node package * Revert "feat: cleanup pod critical pod annotations feature" * Fix code block for kubectl book. * Fix of review comments. Will squash later. * Don't expect pod to stay up during node upgrade * Update generated * Make changes to integrate new version * Update smd and kube-openapi version * Skip unnecessary operations if diff is less than 0 * build: bazel: release tars should use arch in the name * fix panic in ResourceLocation in case of empty pod ip list * Handle error return from MetaNamespaceKeyFunc * Revert "Promote pod autoscaling" * correct testname for existing E2E for testing backoff limit for jobs * correct testname for E2E related to active deadline in jobs * kubeadm: get rid of dependency on pkg/util/node * Windows: Sets the effective SecurityContext's RunAsUserName * Run code generation for new field * Windows: Adds RunAsUserName field in WindowsOptions * Fixes TestScorePlugin flakiness. * make node lease renew interval more heuristic * Update deprecated diff.ObjectGoPrintDiff method * Fix shellcheck failures in test/cmd/l.*.sh * Fix shellcheck failures in test/cmd/d.*.sh * Add OWNERS for generated openapi spec package * The implementation of Filter extension for the new framework * Add CHANGELOG-1.16.md for v1.16.0-alpha.1. * Topology Manager Implementation based on Interfaces * fix pkg/controller/volume/expand/pvc_populator.go * Update unit test with expected query parameters * Add supportedMountOptions for GCE PD CSI Driver tests * Add passthrough for MountOptions for NodeStageVolume for CSI * Remove unnecessary string() from policy_none * Fix placement of test in conformance.txt * remove function apply-encryption-config in configure-helper * Skip unnecessary copy of Selector * pod-overhead: autogenerated code for scheduling changes * scheduler: add pod Overhead support for requests * remove sudo from storage tests * Remove duplicate requestInfoResolver * Log warning if config labels deletion returns false * release: generate release docker tag with default values * remove kube-aggregator/pkg/client/* * Nominate Huang-Wei to scheduler reviewers. * kube-proxy: change buckets used by NetworkProgrammingLatency * Fixed build files. * Use error channel to capture first error. * Update generated files update generated protobufs * HPA scale-to-zero for custom object/external metrics * Fix iSCSI storage plugin cleanup in block volumes * Score plugin for the scheduling framework. * make taint.ToString() consistent with the reverse parsing logic * Tolerate the case if `related` event is nil * Avoid RbdDiskManager's DetachDisk never execute again * Check return value of LabelSelectorAsSelector in describe * Simplify trigger functions in cacher * kubeadm: use local copy of kubectl's version package * Fix no audit policy by default in hack/local-up-cluster.sh * Fix error shadowing error for createPDWithRetry so failures return actual error * move getInstancesByName logic to helper function * Create C:\tmp if DNE * release: accept empty KUBE_DOCKER_IMAGE_TAG * Promote API metadata return value * remove github.com/kardianos/osext * Propagate error from creating cacher and storage decorators up * Add patch method for container images * Run gofmt * Add test for ContainerStats * Add tracing to GetContainerStats * Fix compile on non windows linux systems * Removed duplicate code * Fix flaky test TestBindPlugin * Revert "Revert "Add Bind extension point of the scheduling framework"" * Rename unused variable * Run gofmt * [kubeadm] Adds json struct tags to exposed API types * kubectl/docs/book: bump lodash from 4.17.5 to 4.17.13 * Fix kubelet watches to propagate all options * cleanup: remove useless code * Remove manual conversions for ListOptions * Fix imports, Formatting of text * delivery event non blocking firstly * Bump Go version for release-1.14 to 1.12.5 * Bump Go version for release-1.13 to 1.11.5 * Adds kubeadm feature-gate for dual-stack (IPv6DualStack). Issue: #1612 * Bugfix: csi raw block that does not need attach mounted failed * Promote StatefulSet Replica scaling * fix: rename RegisterPriorityFunction2 to RegisterPriorityMapReduceFunction * Drop -r for variable within loop * openapi: add list_type_missing violations after bump * apiserver: make changes to integrate new structured-merge-patch * Run update-vendor.sh * Don't print non-error (blank lines in this case) to stdout, and don't print blank lines for empty resources * Adjust redis matching strings * Remove GBRedisSlave image * Use docker official redis images * bazel: add openapi generation for non-main spec and fix main spec * Bump(k8s.io/kube-openapi): aggregator: merge x-kubernetes-group-version-kind slices * feat: use scheduler.New in daemonset integration test * feat: use channel instead of mutex in scheduling predicates * cluster: configure: load images and add tags with no arch * proxy/ipvs: increase log level for graceful termination * Update vendor * openapi: commit low-change code-gen+sample-apiserver specs * apiextensions: update OpenAPI spec with v1beta1 meta types * Makefile.generated_files: build code-generator+sample-apiserver OpenAPI schemas * sample-apiserver: add openapi spec * apiextensions: exclude newly added openapi from hack/update-codegen.sh * code-generator: call openapi-gen from generate-internal-groups.sh * kubeadm/*/phases/init/certs,kubeconfig: add "kubernetes-version" flag * Break out of inner loop when newQuantity is negative * Update pd csi driver images to most recent stable * kubeadm: cleanup unnecessary k8sVer parameter for GetStaticPodSpecs * kubeadm: support fetching configuration from the original cluster for 'upgrade diff' * Add ImageFSInfo, ContainerStats, and ListContainerStats impl for linux to dockershim * Add explicit warning for deprecation of Cinder and ScaleIO volume providers * Fix golint failure in pkg/quota/v1/evaluator/core * Register WatchEvents metric * Make service "no endpoints" test use agnhost connect * move scheduler to use v1beta1.events * Add josephburnett to podautoscaler OWNERS. * Added code for e2e tests for network policy. * Autogenerated files * Migrate WatchBookmarks to Beta * Enable watch bookmarks in reflector * Add `docs` section to pull request template * sample-controller: add note about fetching deps in README * Fix scripts to not rely on codegen scripts being executable * Update testname to match requested case * Fix case and update to follow RFC2119 * Update revision number for the image * Remove support for etcd2 from cluster/images/etcd image * Wait for StackdriverLogging service to stop before restarting it. * Update to go 1.12.7 * add myself and lbernail as IPVS approvers * Remove deprecated --containerized flag in kubelet * improve error messages for verifydependency * Limit the read length of ioutil.ReadAll in `pkg/kubelet` and `pkg/probe` * Add davidz627 (David Zhu) to Approvers for OperationExecutor and GCE PD * use klog.Error instead of klog.Errorf when had no format * Fixes mount/unmount paths for migrated inline volumes. Some minor fixes for GCE specific inline migrated volumes * Move volume_expand tests to storage e2e testsuites * release lib: docker save remove special name for amd64 * Avoid truncating long log messages * mark dashboard tests [Feature:Dashboard] * Use metadata informers instead of dynamic informers in controller manager * Rename metadata.NewConfigOrDie to be consistent * Switch the garbage collector to use metadata client and protobuf * add rbac for events.k8s.io apiGroup to system:kube-scheduler * execute hack/update-codegen.sh, sync updates * add check when qps > 0 but burst <=0 * Add support for HA kubemark * Rename PluginOption to Option * keep processing other nodes for the nil node error * Add check to reduce orphaned volume * removed make-symlink flag and corresponding code in hyperkube * Remove support for KUBEMARK_MASTER_COMPONENTS_QPS_LIMITS * Update testname and fix typo * Update Conformance test Metadata * chore: make some func as public in azure provider * Added custom error message when wrong file is provided with KUBECONFIG (#78185) * Populate API version in synthetic authorization requests * feat: cleanup pod critical pod annotations feature * Return the error from validateOverhead in RuntimeClass#Validate * Return 400 on invalid patch requests * clean up and fix nits * tests: Fixes jessie-dnsutils image build * Generated * Add defaulting tests * Add mutatingwebhook validation tests * Require webhook names to be unique in v1 * Remove default admissionReviewVersions in v1, make required in validation * Remove default sideEffects in v1, make required in validation * Change default timeout to 10 seconds * Change default matchPolicy to Equivalent in v1 * Add EntryType * move jbeda to emeritus * add wojtek-t and yastij as approvers/reviewers for events package * move zmerlynn to emeritus * Switch the namespace controller to use the metadata client * Add fake client, informer factory, and lister to metadata client * Fake ObjectReaction should handle PartialObjectMetadata special * reference paths to update to bump dependencies * Changed to use select-object to filter the log properties * feat: use framework.ExpectNotEqual in e2e test * Remove redundant provisioning tests * Remove redundant tests * Add block volume support to InjectContent / TestVolumeClient * Refactor TestVolumeClient and InjectContent into common function * kubeadm: cleanup the code about cobra * Ignore pending pods. * Migrate kubemark to e2e-up/e2e/down scripts. * Hollow-node should use separate client for heartbeats. * Deployment Controller - don't copy pods in getPodMapForDeployment * flush current namespace when resources are not found * Avoid conflicts with other cobra auto completion * Remove incorrect ampersand in front of AverageValue in describeHorizontalPodAutoscalerV2beta2 * cancel process node if error occurs * Fix projected volume test clean up * Fix 'concurrency' logs typo * Promote pod autoscaling * Add timestamp to the docker test logs * add failedJobsHistoryLimit to successfulJobsHistoryLimit test * add e2e test for cronjob failedJobsHistoryLimit * Add benchmarks for FieldManager handling * promote bentheelder to build/ approver * enable token review when openapi is generated * Add comments as to why we force python2 * apiserver: add --shutdown-delay-duration to keep serving until LBs stop serving traffic * More consistent env var handling in vsphere e2e test * removed flaky watch code and added NewIndexerInformerWatcher * Allow hack/lint-dependencies.sh to skip golang.org/x/... deps, verify in verify-vendor.sh * Use O_CLOEXEC in util packages * Use O_CLOEXEC for volume subpath util * Use EPOLL/O_CLOEXEC in evicition notifier * If volume in delete request does not exist, return success. * make kubectl --raw consistent for create, update, get, delete * Add micro-benchmark for DeploymentController.getPodMapForDeployment method * kubectl book: added a leading slash to apis path * Remove unnecessary return value check * update caddy vendor dependency to v1.0.1 * kubeadm: move klog.InitFlags into app/kubeadm.go * kube-cross makefile add REGISTRY * Handle error return from http.NewRequest() * Remove unused aggregator ca key * Refactored metrics-related functions from framework/metrics_util.go * Revert Provide resource version in error if available * update code documentation to reflect change in status * Add e2e test for downward API with host network * Fix golint failures in pkg/proxy * apiaggregation available controller should only hit required endpoint * Remove unintended ampersand in front of in.Current.AverageValue * For windows, use exec.Command instead of syscall.Execve. * Remove the TODO for container name matching * Remove dead code from csi_client * Remove use of HugePages feature flag in test * update code docs around old todo that is not going to happen * fixed a typo in kubectl book * Change default failurePolicy to Fail in v1 * Install/register v1 admission registration types * Copy v1beta1 to v1 admission registration types * aggregator: wire OpenAPI correctly into PrepareRun flow * Cleanup: Audit log and error capitalization * use ExpectEqual under e2e/autoscaling * apiserver: chain delegated PrepareRun * Update CHANGELOG-1.14.md for v1.14.4. * Update CHANGELOG-1.13.md for v1.13.8. * Replace KubeDescribe with ginkgo.Describe in e2e/kubectl * Trace step should be at the end of calls rather than the begin. * Add node status report frequency to kubemark config * fix incorrect hpa status * use framework.ExpectEqual for tests * fix: use schedulerCache instead of podlister in config factory * Update CHANGELOG-1.12.md for v1.12.10. * feat: use framework.ExpectEqual instead of should * e2e: use framework.ExpectEqual() for test/e2e/lifecycle * Return MetricsError with ErrCodeNotSupported code * Remove panic in storage and add log * Provide resource version in error if available * correct kubectl cp argument order * add fakes for events package, add startEventWatcher to event interface * Use ExpectEqual in e2e/scalability * apiextensions: remove hacks around nullable * update CHANGELOG * Fix wrong indentation in shell * Use framework.ExpectEqual() for e2e/cloud tests * staging file fix lint error: receiver name should not be an underscore and rename * fix: golint error of clientgo * e2e: use framework.ExpectEqual() for test/e2e/network * Populate DisruptedPods field for non-dry run * Add go-runner to the list of e2e test targets * build_defs/pkg/make_deb.py needs python2 * e2e: Skip multi-node PV test when pods scheduled on the same node * update Bazel * e2e: avoid mandatory command line flags * Extender bind should respect IsInterested * feat: use framework.ExpectEqual in storage e2e test * e2e: fix full path support when reading viper config file * e2e: use framework.ExpectEqual() for test/e2e/node * Remove duplicate error messages * Fix descriptions of kubeadm * Closing stopCh when pod_store is not created * correct the CHANGELOG-1.11.md-fix-2 * etcd: Add comment re: SELinux * etcd: Change perms in Makefile, not Dockerfile * etcd: Ensure etcd binaries are world executable * Use framework.ExpectEqual() under e2e/scheduling * Get the pdb when conflict instead of relisting * Use ExpectEqual in e2e/common * Use ExpectEqual in e2e/auth * feat: use framework.ExpectEqual in upgrades and windows e2e test * feat: use framework.ExpectEqual in servicecatalog e2e test * Making sure we handle error on http.NewRequest(). * Use ExpectEqual under apps * cleanup bespoke ipv6 checking in kubeadm * etcd: Allow Makefile to be used on SELinux systems * Remove lazy provide from credential provider and kubelet (#79674) * clean up: node dropDisabledFields * Audit policy test * Allow kube-apiserver to test the status of kms-plugin. * consolidate etcd version * Test kubectl with x-kubernetes-preserve-unknown-fields * Output boolean for AllowPrivilegeEscalation * client-go: update installation instructions to reflect v12.0.0 release * etcd: Ensure etcd binaries are world executable * correct the CHANGELOG-1.12.md * edit google dns hostname * consolidate coreDNS version to ease dependency bump * updated fluentd to 1.5.1, es & kibana to 7.1.1 * Fix HA setup logic * Address couple of issue on image build for ARM arch * Add MASTER_NODE_LABELS * correct flag order in make-help * clean up redundant conditiontype OutOfDisk * add e2e for dualstack * kubelet: fix ip reporting for downward api * Fix golint failure in pkg/kubelet/dockershim/network/cni * Use ExpectEqual in e2e/kubectl * Updated github.com/gogo/protobuf from SHA to nearest-pinnable tag (v1.0.0), as part of dependency management cleanup: #79234 * call unreserve plugin before record event * Use ExpectEqual under e2e/apimachinery * Pass desiredPods to CleanupPods * Update gophercloud vendor dependency to v0.1.0 * kubeadm: run MemberAdd/Remove for etcd clients with exp-backoff retry * Create a service account Getter when TokenRequest is enabled * Hack PatchNodeStatus() to override the patch type on Status.Addresses * Document the problem with Node.Status.Addresses and strategic merge patch * generated items * vendor updates * updated publishing rules * kubenet for ipv6 dualstack * Add a metadata client to client-go that can read PartialObjectMetadata * release lib: save release docker tag in tarfile * RuntimeClass-admission: fixup comment, simplify nested ifs * kubelet: add allowed sysctl to KubeletConfiguration * correct the CHANGELOG-1.15.md * cri types changes * route controller + azure v6 routes * node ipam controller for ipv6 dualstack * api: dropDisabledFields * types modifications + conversion + conversion testing * IPv6DualStack ALPHA feature * Omit obtaining the lock when adding Nodes in newNodeTree * There are various reasons that the HPA will decide not the change the current scale. Two important ones are when missing metrics might change the direction of scaling, and when the recommended scale is within tolerance of the current scale. * Removed diplicated info row in v1.12.7 * Add public functions to define CSI external tests * Move etcd/util to etcd3/ * Utilize RWMutex for efficient backoff operations * Enable feature gate and kubelet flags for Topology Manager * Make AuthorizeClientBearerToken actually return if authn or authz is nil * Fix publishing x-kubernetes-preserve-unknown-fields working with kubectl * Remove unnecessary ETCD_CA_KEY check * quote container name in container already use error matching * Adds an optional golang runner to the conformance test image * Fix ordering settings in verify bazel * kubelet: add CNI cache dir option and plumb through to CNI and kubenet * move to libcni 0.7.0 * vendor: update containernetworking/cni to v0.7.1 * Cloud provider AWS library should query instance by ID when possible * kubelet: ensure stable order for images in node status * Modify kube-up to support cluster without nodes. * Move population of expectedUIDs outside lock * kubeadm: prevent PSP blocking of upgrade image prepull * Update autogenerated files * Move etcd/testing to etcd3/testing * kubeadm: don't use the Docker SDK in util/system/docker_validator* * Clear valueWatchers instead of removing every entry using a loop * Use Join instead of concat it manually in cephfs. * Add 'apiserver_watch_events_total' metric. * refactor: use controller.FilterActivePods in framework e2e test * Simplify the check of presence of labels in createPods * Deprecate scalability tests * Drop unnecessary claim parameter from PersistentVolumeController#updateBindVolumeToClaim * Update vendor * Update azure-sdk-for-go/services/network to 2018-08-01 * Update vendor * Update azure-sdk-for-go/services/containerregistry to 2018-09-01 * Check the correct value of Quantity in GetResourceRequest * Fix TestUnreservePlugin * Fix a bug that StatefulSet applies the revision incorrectly * improve error msg for predicate meta data * Add mattjmcnaughton as sig-node-reviewer * Autogenerate code * fixed a typo in kubectl book * agnhost: add connect subcommand * Add ability to output watch events from kubectl get * Allow YAML printer to separate multiple printed objects * followup of 79262 to cleanup PodPriority leftover * v1.15.0 API compatibility data * fix hack/update-vendor.sh array expansion * iptables proxier: fix comments for LB IP traffic from local address * Fix cgroup hugetlb size prefix for kB * Update dependency sirupsen/logrus * Update dependency opencontainer/runc * Move APIObjectVersioner * Move etcdtest to testing * Cleanup util file * Move metrics to etcd3 and clean up * Update dependencies BUILD/go.mod/go.sum * Add client-side status object handling * Fix AWS DHCP option set domain names causing garbled InternalDNS or Hostname addresses on Node * fix: predicates read nodes from scheduler cache * Remove internal object printing from kubectl * Updated import statements to reflect move to staging * Move pkg/kubectl/validation to staging * Fix closing of dirs in doSafeMakeDir * Remove unnecessary variable declaration * fix: change timeout value in csi plugin * Adding an if statement to check the number of worker nodes available before running a test that needs 2 nodes. * update openapi-spec * remove finailzers * Remove tests/e2e/scalability from the list of golint failures * Add missing CSINodeInformer when creating ConfigFactoryArgs * Fix golint failures related to docs * Fix golint failures for test/e2e/scalability * Remove dead metrics in etcd code * Default resourceGroup should be used when value of annotation azure-load-balancer-resource-group is empty string * automatically tag tests in test/integration/* as integration * Remove unnecessay call to findNewReplicaSet * supress libseccomp pkg-config errors * fix shellcheck failures in test/e2e_node/conformance/run_test.sh * kubeadm: fix bug for --cri-socket flag processing logic * add unit tests for azure_loadbalancer_test.go * Replace buzybox and pause pod image with agnhost * runtimeclass-admissioN: add owners file * update import-restrictions * Only create one pod per gpu node in E2E test * Add tests for podspec and podtemplatespec default changes * Remove duplicate error messages from cli commands * update vendor * Move pkg/util/logs to staging and update ref * update vendor * Move pkg/util/slice and update refs * Re-add kubectl docs to kubectl staging * Removes test-cmd inappropriate dependency on kubectl * Update BUILD files * Update imports for the files moved to staging * Move pkg/kubectl/util/fieldpath to staging * Use coordination v1 API * Fixed clock.fakeTimer.Stop and Reset * Fix client-go request benchmark * ? fix the KEP-kube-scheduler link * handling OptimisticLockError in kubelet * Run sidecars for csi-mock as privileged * Don't leak ssh connections * Short-circuit the evaluation of `cpuFraction` and `memoryFraction` * tests: Clarifies agnhost's entrypoint-tester's usage * Centralizes images into agnhost (part 3) * Bump gopkg.in/check to v1.0.0-20180628173108-788fd7840127 * Bump objx to v0.2.0 * Bump easyjson to v0.0.0-20190614124828-94de47d64c63 * Bump pty to v1.1.5 * Bump govalidator to v0.0.0-20190424111038-f61b66f89f4a * Bump purell to v1.1.1 * Bump go-openapi dependencies to preferred version * kubelet: retry pod sandbox creation when containers were never created * Fix service controller not release loadBalancer issue in corner case. * hack/boilerplate: added regex to strip Python shebang * Remove monopole from root OWNERS * block not allowed node labels on kubelet * Updated BUILD dependency to use staging * Removes unused BUILD file * Move pkg/kubectl/util/certificate to staging * kubeadm: update OWNERS for 1.16 * tests: Replaces images used with agnhost (part 3) * Updates to dependencies including go.mod, go.sum, and BUILD files * Move pkg/kubectl/util/resource to staging * add defaul latest tag as well * tests: Fixes agnhost logs-generator usage * Add generated proto files * Fix typo in network policy ingress rule * apiserver: store httplog in context * apiserver: don't log stack trace on /healthz error * fix hack/lib/version.sh shellcheck failures * remove dead KUBE_TEST_API_VERSIONS from test-integration * refactor: add reset method to all test plugins * Updates to dependencies including go.mod, go.sum, and BUILD files * Removes unused BUILD file * Move pkg/kubectl/util/qos to staging * Add benchmark for scheduling of pods with PVs * Migrate TaintManager to use watch for listing pods instead of expensive listing pods call. * Fix CRD validation error for 'items' field * fix KubeletConfiguration apiVersion * fix shellcheck failures in cluster/restore-from-backup.sh * Restore early return for podSpecHasContainer * clarify elastisearch script as bash * fix hack/lib/init.sh shellcheck failures * fix hack/lib/swagger.sh shellcheck failures * Conformance walker should handle nested/adjacent Describes * Moving pkg/kubectl/util/storage to staging * Fixed and clarified comments and parameter names in index.go (#77633) * Update link in pull request template * crd-handler: level-trigger storage recreation and fix a race * Dependency changes * Update imports after moving util/event to staging * Move pkg/kubectl/util/event into staging * Add ipv6 support to the DNS e2e tests * move images from gcr.io to quay.io * Add ipv6 support to the e2e guestbook test * Increase Network Policy tests coverage * update vendor * Move pkg/util/rbac to staging and update refs * Update go.mod, go.sum, and BUILD dependencies * Update import statements to reference code moved to staging * Move pkg/kubectl/util/hash to staging * Generated build file for alwayspullimages * Return all errors in alwayspullimages.Validate() * flowcontrol context aware and fix request may hang issue * fix hack/make-rules/make-help.sh shellcheck failures * Replace HTTP compression with an inline handler * Set API compression feature gate to Beta * Add unit tests for CSI predicate * Update scheduler to use volume limits from CSINode * Update nodeinfomanager to store volume limits in CSINode * Auto-generated code for volume limits API * Add volume limits API changes * Update doc.go in staging/src/k8s.io/ * Remove the OutputFormatType and OutputFormatArgument fields as they are no longer used. * move jws to k8s.io/cluster-bootstrap * add IPv6 support to the e2e PreStop test * Use WithOption to implment scheduler register * Refactor statefulset e2e tests * kubeadm: add --control-plane-endpoint flag * Add Policy None for Topology Manager * hack: fixed issues from previous refactor PR * feat: cleanup feature gates for CSIPersistentVolume * Revert "Skip ILB creation on GCE if neg annotation is present" * remove misterikkit from scheduler maintainers * printer: fix a nil pointer dereference * Updated publishing dependencies rules * Updates to dependencies including go.mod, go.sum, and BUILD files * Updated imports for util/deployment * Moved pkg/kubectl/util/deployment to staging * Fix max port value to 65535 * Add env var(CNI_STORAGE_PATH) for cni storage path. * document KUBE_ROOT in util.sh * fix hack/verify-no-vendor-cycles.sh shellcheck failures * fix hack/pin-dependency.sh shellcheck failures * fix hack/update-vendor.sh shellcheck failures * add kube::util::list_staging_repos * automatically set clinkopts * update libssecomp-golang to v0.9.1 * add sleep 5 before exponential backoff in waitUntilVolumeAvailable * Fix --watch-only of a single item with table output * Add kubectl get/list/watch tests for table output * Test humanreadable table output * Fix short buffer error in get test * Update CHANGELOG.md * Updated publishing dependencies rules, import-restrictions * Update go.mod, go.sum, and BUILD file dependencies * Removes unused BUILD file * Move pkg/kubectl/util/podutils to staging * kubeadm: Retire MarshalClusterConfigurationToBytes * kubeadm: Stop using //pkg/util/normalizer * publishing: use deps in replace directive in rules * kubeadm: cleanup ExperimentalControlPlane and ExperimentalUploadCerts * fix: Use correct function to remove etcd member * Pass registry parameter to scheduler instead of global singleton * Add support for writing out of tree custom scheduler plugins * change from milli bytes to bytes in ephemeral-storage resource limits * Drop unused dependencies * github.com/kr/text v0.1.0 * gopkg.in/natefinch/lumberjack.v2 v2.0.0 * github.com/hashicorp/hcl v1.0.0 * github.com/gorilla/websocket v1.4.0 * github.com/google/uuid v1.1.1 * github.com/BurntSushi/toml v0.3.1 * fix test/e2e_node/gubernator.sh shellcheck failures * use kube::util::md5 for update-vendor-licenses.sh * copy kube::release:md5 to kube::util::md5 * Add ipv6 support to [sig-apps] StatefulSet e2e test * feat: cleanup feature gates for KubeletPluginsWatcher * feat: remove several GA features flag * feat: cleanup PodPriority features gate * Respect Allocation IDs * ipvs proxy: add unit test for udp graceful termination * Switch test manifests to apps/v1, remove beta workloads calls * Stop serving apps/v1beta1, apps/v1beta2, and deprecated extensions/v1beta1 resources by default * kubectl attach test: wait for input before proceeding * Move KubeletPodResources to the Beta section * Revert "Add Bind extension point of the scheduling framework" * Use RWMutex to improve locking for serviceCache * e2e: remove framework.Failf * fix typo heathcheck * publishing: fix rules for kubectl * Adds kubectl logo images * added comment * updates based off reviews * update to remove unused test * updated tests to prevent false positive * seperation of network calls when getting version * Update heketi vendor dependency to v9.0.0 * Update BUILD files for container helper * Create helpers for iterating containers in a pod * kubeadm: cleanup command output * service controller: if targetPort has changed will process by cloud-provider * feat: remove several types in runtime serializer * Add stub device plugin for e2e tests * Remove redundant initilization for service controller * Do not delete an incorrect pod when replacing a mirror pod * Refactored runtime.Object helper functions into subpkg * enable ability to show hidden metrics * hack/update-vendor.sh * Move pkg/util/printers to staging and update refs * kunsupported cgroup setup causes kubelet to emit a warning rather than exiting * Moved pkg/kubectl/util/term, pkg/kubectl/util/templates, pkg/kubectl/util/interrupt, and pkg/kubectl/util/interrupt to staging * add myself to sig-network-reviewers * add import-alias for k8s.io/kubernetes/pkg/scheduler/apis/config/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/proxy/apis/config/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/resourcemetrics/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/podresources/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/pluginregistration/v1beta1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/pluginregistration/v1alpha1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/pluginregistration/v1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/deviceplugin/v1beta1 * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/deviceplugin/v1alpha * add import-alias for k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1 * add import-alias for k8s.io/kubernetes/pkg/controller/apis/config/v1alpha1 * add import-alias for k8s.io/api/storage/v1beta1 * add import-alias for k8s.io/api/storage/v1alpha1 * add import-alias for k8s.io/api/storage/v1 * add import-alias for k8s.io/api/settings/v1alpha1 * add import-alias for k8s.io/api/scheduling/v1beta1 * add import-alias for k8s.io/api/scheduling/v1alpha1 * add import-alias for k8s.io/api/scheduling/v1 * add import-alias for k8s.io/api/rbac/v1beta1 * add import-alias for k8s.io/api/rbac/v1alpha1 * add import-alias for k8s.io/api/rbac/v1 * add import-alias for k8s.io/api/policy/v1beta1 * add import-alias for k8s.io/api/node/v1beta1 * add import-alias for k8s.io/api/node/v1alpha1 * add import-alias for k8s.io/api/networking/v1beta1 * add import-alias for k8s.io/api/networking/v1 * add import-alias for k8s.io/api/imagepolicy/v1alpha1 * add import-alias for k8s.io/api/extensions/v1beta1 * add import-alias for k8s.io/api/events/v1beta1 * add import-alias for k8s.io/api/core/v1 * add import-alias for k8s.io/api/coordination/v1beta1 * add import-alias for k8s.io/api/coordination/v1 * add import-alias for k8s.io/api/certificates/v1beta1 * add import-alias for k8s.io/api/batch/v1beta1 * add import-alias for k8s.io/api/batch/v1 * add import-alias for k8s.io/api/autoscaling/v1 * add import-alias for k8s.io/api/authorization/v1beta1 * add import-alias for k8s.io/api/authorization/v1 * add import-alias for k8s.io/api/authentication/v1beta1 * add import-alias for k8s.io/api/authentication/v1 * add import-alias for k8s.io/api/auditregistration/v1alpha1 * add import-alias for k8s.io/api/apps/v1beta2 * add import-alias for k8s.io/api/apps/v1beta1 * add import-alias for k8s.io/api/apps/v1 * add import-alias for k8s.io/api/admission/v1beta1 * add import-alias for k8s.io/api/admissionregistration/v1beta1 * Fix the creation of load balancer policy for the NodeIp when NodePort specified is same as service Port * Fix golint issues in pkg/kubelet/secret * Fix golint issues in pkg/kubelet/prober/results * Fix golint issues in pkg/kubelet/prober * updating github.com/go-bindata/go-bindata to v3.1.1 * Sample controller: Init flags * compiled in a package level var * allow importing k8s.io/klog * auto-generated * Add Bind extension point of the scheduling framework * refactor bootstrap token utils * Clean up selft-set node labels * Fix review comments to use ${} * change sed to ${SED} in local-up-cluster.sh * Obtain readyzLock once in installReadyz * Replace mapfile with kube::util::read-array * autogenerated code update based in new plugin * add RuntimeClass admission controller plugin * introduce RuntimeClass admission controller * Fix mutating webhook test image 'addlabel' to update existing labels instead of clobbering * Close auditStopCh if SecureServing encounters error * Update CHANGELOG-1.15.md for v1.15.0. * Move soltysh back to approvers * Update Sig-Apps OWNERS in places that were missed in #76669 * kubeadm: improve the kubeconfig file validation phase * Dropping unused dependencies * updating github.com/miekg/dns to v1.1.4 * updating github.com/spf13/cast to v1.3.0 * updating gopkg.in/yaml.v2 to v2.2.2 * updating gopkg.in/square/go-jose.v2 to v2.2.2 * updating github.com/stretchr/testify to v1.3.0 * updating github.com/spf13/viper to v1.3.2 * updating github.com/spf13/pflag to v1.0.3 * updating github.com/spf13/jwalterweatherman to v1.1.0 * updating github.com/spf13/cobra to v0.0.4 * updating github.com/spf13/afero to v1.2.2 * refactor: replace framework.Failf with e2elog.Failf * Pass updated deployment for comparison of replica count * Output the nvidia gpu information in the E2E test. * Make the check strict to use ExpectNoError() * pod-overhead: autogenerated code updates * pod overhead: drop from RuntimeClass base on feature-gate * pod-overhead: add Overhead to RuntimeClass internal type * pod-overhead: add Overhead to RuntimeClass * pod-overhead: drop from PodSpec based on feature-gate * pod-overhead: add Overhead to PodSpec internal type * pod-overhead: add Overhead to PodSpec * pod-overhead: Introduce PodOverhead feature gate * Minor change: delete unused constant from service controller * e2e: fix return value of WaitForPodsWithLabelRunningReady * Redundant call to WithAll in NewWaitFlags * Fix golint failures of test/e2e/storage/testsuites * kubeadm: cleanup deps on pkg/version * Move node related methods to framework/node package * Close watcher early for volume detachment * The default-http-backend for handling 404 pages will now point to 404 handler with prometheus integration and provides metrics related to requests per second and the duration of responding to the requests for various percentile groupings. Please check https://github.com/kubernetes/ingress-gce/blob/master/cmd/404-server-with-metrics/README.md for details about the 404-server-with-metrics. * add readyz endpoint for kube-apiserver readiness checks * Refactor online volume resize unit tests * kubelet_stats: fix potential e2e crash dereferencing CPU * kubeadm: cleanup deps on pkg/master/ports * tests: Replaces images used with agnhost (part 2) * move initsystem to kubeadm * Update the comments on how to check disk conflict * re-named conformance test name for pod creating with CPU and memory resources * Add unit tests for azure_controller_common.go and azure_controller_standard.go * tests: Fixes Windows image pulling tests * Remove selected IP from backup-volfile-servers list to avoid warning in mount logs. * rundir attribute was missing for some new integration test cases * fix kubelet can not delete orphaned pod directory when the kubelet's root directory symbolically links to another device's directory * Fix shellcheck faulures in test/cmd * test images: Removes linux/ prefix from agnhost BASEIMAGE * Add interface for registerable metrics which does not have any private methods * fix golint failure in e2e/common/util.go * remove duplicate comment in e2e/common/sysctl.go * Remove unused ServiceController.loadBalancerName method * use reflect.deepEqual for noop object comparison * use noopRegistry for default global legacy prom registry and expose an http handler * Create SECURITY.md for GitHub security policy page * Removed deprecated --resource-container flag from kube-proxy. * Add kubeletstatsv1alpha1 as the preferred alias for k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1 * verify import aliases * correct the CHANGELOG-1.13.md * correct the CHANGELOG-1.14.md * Ignore cgroup pid support if related feature gates are disabled * Code cleanup for for probe/http * Remove unnecessary loop for lowering expectations * Fix CHANGELOG-1.15.md bad format * fix golint failures for pkg/volume/scaleio and pkg/volume/storageos * add m00nf1sh as approver/reviewer in aws provider * Add ExpectEqual() to e2e framework * updating github.com/russross/blackfriday to v1.5.2 * updating github.com/robfig/cron to v1.1.0 * updating github.com/opencontainers/selinux to v1.2.2 * updating github.com/opencontainers/image-spec to v1.0.1 * updating github.com/opencontainers/go-digest to v1.0.0-rc1 * updating github.com/onsi/gomega to v1.5.0 * updating github.com/onsi/ginkgo to v1.8.0 * updating github.com/mvdan/xurls to v1.1.0 * updating github.com/mitchellh/go-wordwrap to v1.0.0 * updating github.com/mistifyio/go-zfs to v2.1.1+incompatible * updating github.com/mholt/caddy to v1.0.0 * updating github.com/mattn/go-shellwords to v1.0.5 * updating github.com/magiconair/properties to v1.8.1 * updating github.com/kr/pretty to v0.1.0 * updating github.com/json-iterator/go to v1.1.6 * updating github.com/jonboulle/clockwork to v0.1.0 * updating github.com/google/gofuzz to v1.0.0 * updating github.com/golang/mock to v1.2.0 * updating github.com/godbus/dbus to v4.1.0+incompatible * updating github.com/go-bindata/go-bindata to v3.1.1+incompatible * updating github.com/fatih/camelcase to v1.0.0 * updating github.com/evanphx/json-patch to v4.2.0+incompatible * updating github.com/emicklei/go-restful to v2.9.5+incompatible * updating github.com/cyphar/filepath-securejoin to v0.2.2 * updating github.com/cpuguy83/go-md2man to v1.0.10 * updating github.com/coreos/go-semver to v0.3.0 * updating github.com/client9/misspell to v0.3.4 * Fix for build failure - viper now uses ConfigFileNotFoundError * Remove dot import from e2e test and replace with framework.ExpectNoError * Fix file permissions for non executable files * Run verify-test-code on all e2e tests * Cleanup e2e_node test style * Increase load balancer timeout in test cases * Refactor pkg/util/mount to be more reusable * Add HEAD fixtures * Add v1.14.0 fixtures * Add missing API groups to compatibility test * kubeadm: Don't use "//pkg/apis/core".Resource helper * Fix nil pointer * link scripts in build/README.md * kubeadm: Replace ValidateDNS1123Subdomain * kubeadm: Don't use RBAC helpers * fix: make azure disk URI case insensitive * Modify klog Warning 'The resourceVersion for the provided watch is too old' to Info. * Remove returned value of func handleCreateEvent * Clean up node-problem-detector configuration for GCI * Updated code with gofmt * kubectl config set hangs on some invalid property names #415 * Enable cadvisor ProcessMetrics collecting. * ipvs: fix string check for IPVS protocol during graceful termination * tests: Combine Linux / Windows image pulling tests * tests: Replaces images used with agnhost (part 1) * tests: Sets MaximumNArgs for agnhost subcommands to 0 * Updates agnhost README and Dockerfile files * Updates agnhost image version in documentation * test images: Centralizes images into agnhost (part 1) * Don't dereference nil pointer in conflicts * test images: Refactors agnhost image * Adding metrics to nfs driver * Fix spurious .sock files running envelope unit tests * Correct a typo * hack/make-rules/test.sh: run all staging unit tests * do not delete pods whose deletiontimestamp != nil * Replaced klog with an error wrapper * homogenize min-request-timeout for cr handler * Centralizes images into agnhost (part 2) * update to go 1.12.6 * get-kube-binaries: use GCE token to fetch artifacts from GCS * [e2e] move Failf from e2e/framework to e2e/framework/log * add more tests on clearing managedFields * Do not add non-PersistentVolume to return value for pvAssumeCache#ListPVs * unit tests for the volume plugin name that's used inside GeneratedUnmapVolumeFunc for csi migration on/off scenarios * Return early when mount ref is determined * Inverted error handling to ensure server-side apply does not fall back on client-side apply when there is an error * Add more backward compatible access mode logic to remove ReadOnlyMany access mode when ReadWriteOnce,ReadOnlyMany specified * prefilter extension point implementation. * cache mutation detector: use correct diff function * fix stability level annotation for counter vec * Update gpu device plugin to better support Vulkan workloads * Fix typos. * apiextensions: simplify default value pruning test * apiextensions: only clone on !s.XEmbeddedResource * apiextensions: add unit test for x-kubernetes-preserve-unknown-fields with additionalProperties * Suppress irrelevant jq error message when propagating pinned dependencies * remove vendored code * Remove ovirt/cloudstack/photon cloud providers * apiextensions: fix variable name * apiextensions: add items+additionalProperties test coverage for objectmeta.Validate * Check correct error for cleanup * added defer keyword to wg.Done() in logs.go * Remove return value of mergeHealthChecks. Simplified HC equivalence check. * Fix typo in node lifecycle controller * fix volumecreate comments * rename and change aws backoff vars * tag some release-blocking tests taking over 5min as [Slow] * kubeadm: fix minor typo in a comment * use klog.Info instead of klog.Infof when had no format * Force using Go Modules in README.md * Fix reserved cgroup systemd * Remove experimental note for ipvs in kube-proxy arguments * Fix keep the watcher open for too long * Use no-priority best-effort pod as the preemptor in BenchmarkGetPodsToPreempt * preload metrics for legacyregistry for backwards compatibility * Allow master nodes to be accessed from private ips * Remove unwanted newlines in glusterfs driver * Promote existing E2Es for hostport/HostIP resolution to conformance * New E2E to verify pods are deleted after Job deletion * fix typo in probe.go * Calling PatchAction on typed objects should work correctly * update CHANGELOG-1.14.md * Fix spelling of test name * enforce the interface relationship between ServicePort and BaseServiceInfo * Fix kubeadm service-cidr mapping to service-cluster-ip-rage for kube-controller-manager. * Modify firewall rules names to make them shorter. * fix some golint failures of pkg/registry * Add integration test for propagationPolicy=Orphan GC * Bug fix: remove etcd related issues in bazel-test-integration * Simplify func ConstructVolumeSpec * remove todo in pkg/ssh * [e2e] Make meaningful service name in test * Add more approvers/reviewers to cluster/gce/windows * Support image status by ID. * Create-update-delete-deployment example using dynamic package * Sort kubeadm CLI default params for component config API objects * merge common funcs * Change quoting format * Fix shellchecks in test/cmd/{b,c}.*.sh * Fix return value for ExtractFieldPathAsString * Remove inner loop for finding MinReclaim in ParseThresholdConfig * Fixed some minor errors in openapi * Enable resize in default gce storageclass * Fix verify-shellcheck comments * Enable API operation log on conformance job * Iterate through thresholds in managerImpl#synchronize * Move test/e2e use to v1 APIs * Remove redundant assignment to volumeAttachment * Add readme for API compatibility data * Add helper script to regenerate API compatibility data * Remove dead codes * kubelet: add sjenning to kubelet subdirectory owners files * 74900, kubectl logs selector supports tail=-1 * Use Mutex for synchronization in imageCache * Use go standard library for common bit operations * kubeadm:fix typo in controlplane.go * change aws encryptedCheck to exponential backoff * Remove pod UID from volumeMount, we can get it elsewhere * Rename pkg/volume/util/quota -> pkg/volume/util/fsquota * Adding test cases to make sure objectSelector works for CRD * fix typo in /pkg/kubelet/container * kubeadm: improve kubelet-config-x.y ConfigMap logic * fix golint failures of pkg/kubelet/prober pkg/kubelet/secret * Add references of registry and image from imageutils * Remove unnecessary string() * kubeadm: apply deterministic order on certificate phases * Check limits for resolve conf outside the loop * Skip tests is fstype is xfs and node distro is gci, cos, or windows * Continue admitting the pod regardless of return value from killPodFunc * Unstructed helpers: document lack of slice syntax * remove unused events in event.go * Refactored pod-related functions from framework/util.go * Avoid unnecessary concatenation of errors * fix typo in /test/integration * fix: assign default value for pod.Status.StartTime in TestSelectNodesForPreemption * delete TODO: remove when we stop supporting the legacy group version * Update SECURITY_CONTACTS with current PSC * hack: refactored code in update_owners.py * fix a mistake in CHANGELOG-1.14.md * fix some mistakes in changelog * Change to EnableHTTPS in kube-apiserver options * Fix golint issues in pkg/kubelet/stats/log_metrics_provider.go * Fix golint issues in pkg/kubelet/client * Use reservoir sampling to select one host from priority list * Fix nil pointer dereference in metrics value calculator. * Call getKubeletSandboxes first in containerGC#evictSandboxes * Break out of loop when currentRevision is found in defaultStatefulSetControl#getStatefulSetRevisions * Fix typo * Updated node.go using update-gofmt.sh * change BeTrue to Equal or BeNumerically in cronjob e2e test * get rid of the redundancy field in kube-proxy option * Add missing TestMain() functions * Cleanup math/rand package usage * Add documentation about "non-zero requests" * fix flexvol stuck issue due to corrupted mnt point * enrich oom event message info * ignore failed pods to not stuck rolling update daemonset * fix golint errors in test/e2e/storage/utils * Narrow down the lock * fix golint failures of pkg/kubelet/configmap pkg/kubelet/custommetrics * kubelet: include init containers when determining pod QoS * kubelet: lookup node address for external provider if none is set * Fix shellcheck failures in test/cmd/g.*sh * fix golint failures of pkg/util/parsers pkg/util/sysctl pkg/util/system * pkg/util/workqueue: delete deprecated metrics * Promote e2e verifying DNS resolution for o pod's fqdn, hostname and subdomain * Clean up pkg/cloudprovider/providers/openstack. * pkg/util/workqueue/prometheus: fix double registration * fix shellcheck failures in /hack/make-rules/test.sh * Add readiness probe for Kibana * fix shellcheck failures in /hack/make-rules/clean.sh,test.sh,vet.sh * Allow version field in the title to be changeable * mark deprecated kubelet-read-only-port * add warning log for csr controllers * Check error return from Update * creating instance groups in parallel * Fix message of failed sync * Updated pkg node BUILD for new lib inclusion * Fix for kube-proxy to wait for some duration for the node to be defined * Update CHANGELOG-1.14.md * Promote security context NodeConformance tests to Conformance suite * tests: creates HostPath pods as unprivileged * fix error 'coresponding' * fix typo: "inidvidual"-> "individual" * Remove unnecessary map in cleanupHistory * Remove unwanted `else` block from statefulset controller. * enable multipod e2es for intree volumes * Bug fix 72757.Removed deprecated label kubernetes.io/cluster-service * apiserver: Update a comment * Fix shellchecks follow the `${var:?}` pattern * Stop testing containerized kubelet in e2e-node * Improve windows home directory selection * rm unused judgement * remove redundant words 'the' in comment * fix cp time stamp is in the future error * Set ProviderID when running kubemark node * add a test case for HostnameOverride * when SessionAffinityConfig is different, enqueueService in update Service handler * Adjust node_exporter CPU params - Drop obsolete cve-2019-9512-and-cve-2019-9514.patch - Drop obsolete fix-cgroup-kubeadm.patch - Update to version 1.15.4: * Omit openapi properties if spec.preserveUnknownFields=true * Ensure all conditions for publishing openapi are satisfied in kubectl e2e tests * [kubectl cp] Reorder symlinks to prevent path escapes * in GuaranteedUpdate, retry on precondition check failure if we are working with cached data * test * Remove usage of kubectl log in tests * Fix windows kubectl log -f. * Fix kubectl e2e test * fix: azure disk name matching issue * Add/delete load balancer backendPoodID in VMSS. * fix: disk not found issue in detaching azure disk * fix: detach azure disk issue using dangling error * Removes conflicting Quobyte tenant test error from API validation * Fix panic when errors are nil * Add/Update CHANGELOG-1.15.md for v1.15.3. * Kubernetes version v1.15.4-beta.0 openapi-spec file updates * Only advertise supported patch types * Update generated protobufs * Update golang/x/net dependency * update go to 1.12.9 * Fix malformed port in vsphere cloud provider test * Fix up failing boilerplate test * Update to go 1.12.8 * Fix a bug in the IPVS proxier where virtual servers are not cleaned up even though the corresponding Service object was deleted. * remove iSCSI volume storage cleartext secrets in logs * fix: use Create for attach/detach disk * Fix events test * Fix GetReference function * Fix Azure client requests stuck issues on http.StatusTooManyRequests * Fix conflicted cache when the requests are canceled by other Azure operations * Continue admitting the pod regardless of return value from killPodFunc * gofmt * address comments * fix gofmt * Make kubelet report usageNanoCores for node on Windows * Update the Windows node image 1809 version to 0709 * Skip tests is fstype is xfs and node distro is gci, cos, or windows * Do not delete an incorrect pod when replacing a mirror pod * Fix the public IP getting issues for VMSS nodes * Validate CSI Inline Migration unconditionally * add unit tests for attacher DisksAreAttached and BulkDisksAreAttached * implement functionality to return all found instances * move getInstancesByName logic to helper function * add ability for gce to bulk verify attached disks * Don't expect pod to stay up during node upgrade * Add/Update CHANGELOG-1.15.md for v1.15.2. * Kubernetes version v1.15.3-beta.0 openapi-spec file updates * Reduce GCE PD Attach Limits by 1 because Node Boot Disk counts as 1 attached disk * Update kube-addon-manager to v9.0.2. * kubeadm: update the supported version for 1.15 * kubeadm: apply a number of _test fixes * Register Kubelet server metrics * Return MetricsError with ErrCodeNotSupported code * quote container name in container already use error matching * feedback 1 * fix-file-discovery * autogenerated * Fix nil pointer dereference in metrics value calculator. * make node lease renew interval more heuristic * Add supportedMountOptions for GCE PD CSI Driver tests * Add passthrough for MountOptions for NodeStageVolume for CSI * Update unit test with expected query parameters * Remove manual conversions for ListOptions * Bugfix: csi raw block that does not need attach mounted failed * Update publishing/rules to go 1.12.7 * Update to go 1.12.7 * kunsupported cgroup setup causes kubelet to emit a warning rather than exiting * Fix the creation of load balancer policy for the NodeIp when NodePort specified is same as service Port * Fix cgroup hugetlb size prefix for kB * Fix a bug that StatefulSet applies the revision incorrectly * printer: fix a nil pointer dereference - cve-2019-9512-and-cve-2019-9514.patch: * bsc#1147142: CVE-2019-9512 and CVE-2019-9514 (http2: limit number of queue from an attacker) - kubelet: only start after we have network, else if kubelet starts to early it could get confused and never recovers [bsc#1143813] - Relax kubeadm requirements. Kubeadm accepts working with a previous version of kubelet and this is important for performing upgrades. See https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/ - Previous update to version 1.15.2 fixed: * bsc#1144507: CVE-2019-11249 (incomplete fixes for CVE-2019-1002101 and CVE-2019-11246) * bsc#1142423: CVE-2019-11247: kubernetes: mistaken allowing access to cluster resources - Add opensuse-version-checks.patch to use kubic.opensuse.org to control container control plane downloads - Update to version 1.15.2: * refactors to kubernetes cp command * refactors to kubernetes CP command * apiextensions: 404 if request scope does not match crd scope * apiextensions: add scope tests * Add/Update CHANGELOG-1.15.md for v1.15.1. * Kubernetes version v1.15.2-beta.0 openapi-spec file updates - Updating to 1.15.1 fixed bsc#1135927 - Update to version 1.15.1: * apiaggregation available controller should only hit required endpoint * kubeadm: run MemberAdd/Remove for etcd clients with exp-backoff retry * skip test if the server does not serve extensions/v1beta1 since this is deprecated * use apps/v1 instead apps/v1beta1 since that is deprecated - issue 79533 * fix: change timeout value in csi plugin * edit google dns hostname * Test kubectl with x-kubernetes-preserve-unknown-fields * There are various reasons that the HPA will decide not the change the current scale. Two important ones are when missing metrics might change the direction of scaling, and when the recommended scale is within tolerance of the current scale. * Fix closing of dirs in doSafeMakeDir * Fix publishing x-kubernetes-preserve-unknown-fields working with kubectl * Fix AWS DHCP option set domain names causing garbled InternalDNS or Hostname addresses on Node * kubeadm: fix bug for --cri-socket flag processing logic * fix kubelet can not delete orphaned pod directory when the kubelet's root directory symbolically links to another device's directory * Add HEAD fixtures * Add v1.14.0 fixtures * Add missing API groups to compatibility test * Move KubeletPodResources to the Beta section * Default resourceGroup should be used when value of annotation azure-load-balancer-resource-group is empty string * kubelet: retry pod sandbox creation when containers were never created * fix flexvol stuck issue due to corrupted mnt point * crd-handler: level-trigger storage recreation and fix a race * fix KubeletConfiguration apiVersion * kubeadm: improve kubeadm command output * Ignore cgroup pid support if related feature gates are disabled * fix: Use correct function to remove etcd member * Add/Update CHANGELOG-1.15.md for v1.15.0. * Kubernetes version v1.15.1-beta.0 openapi-spec file updates - Change VolumePluginDir to writable location so containers could install their drivers there - kubeadm-opensuse-registry.patch: change on openSUSE the default registry for the control-plane containers to registry.opensuse.org/kubic - kubelet.tmp.conf: split kubelet part out of kubernetes.tmp.conf to fix file conflict problems during upgrade and avoid creation of unneeded system users. - Add --volume-plugin-dir so dir would be exposed through api - Don't create rckubeadm symlink, we don't have a kubeadm service - kubeadm does not need kubernetes-common - Don't build hyperkube binary on openSUSE, we need single binaries for the containerized control plane. - Add fix-cgroup-kubeadm.patch backported from MASTER/1.15.1 to get kubeadm working with cgroups again - Update to version 1.15.0: * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.15.md#v1150 * Drop git-upstream.patch * The default Go version was updated to 1.12.5 * kubeadm upgrade now renews all the certificates used by a component before upgrading the component itself, with the exception of certificates signed by external CAs. User can eventually opt-out of certificate renewal during upgrades by setting the new flag --certificate-renewal to false. * kubeadm still generates RSA keys when deploying a node, but also accepts ECDSA keys if they already exist in the directory specified in the --cert-dir option. * kubeadm now implements CRI detection for Windows worker nodes * Added --image-repository flag to kubeadm config images. * kubeadm: The kubeadm reset command has now been exposed as phases. * kubeadm: Improved resiliency when it comes to updating the kubeadm-config configmap upon new control plane joins or resets. This allows for safe multiple control plane joins and/or resets. * kubeadm: Bumped the minimum supported Docker version to 1.13.1 * Reverted the CoreDNS version to 1.3.1 for kubeadm * kubeadm: Fixed the machine readability of kubeadm token create --print-join-command * kubeadm alpha certs renew --csr-only now reads the current certificates as the authoritative source for certificates attributes (same as kubeadm alpha certs renew). * kubeadm: You can now delete multiple bootstrap tokens at once. * util/initsystem: Added support for the OpenRC init system * Default TTL for DNS records in kubernetes zone has been changed from 5s to 30s to keep consistent with old dnsmasq based kube-dns. The TTL can be customized with command kubectl edit -n kube-system configmap/coredns. * Communication between the etcd server and kube-apiserver on master is now overridden to use HTTPS instead of HTTP when mTLS is enabled in GCE. - Update to version 1.14.1: * Avoid panic in cronjob sorting * fix-kubeadm-upgrade-12-13-14 * kubeadm: fix "upgrade plan" not working without k8s version * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md#v1141 - Fix go 1.12.1 BuildRequires - Reformat spec file with spec-cleaner - Remove references to 'is_susecaasp' macro in spec file - Remove unused config files related to previous version of CaaSP - Update to version 1.14.0: * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md * kubeadm now auto detects which CRI runtimes are available * bump required minimum go version to 1.12.1 (strings package compatibility) * Restore machine readability to the print-join-command output - Remove obsolete patch kubeadm-Support-Kernel-5.0-gh74355.patch - Remove obsolete patch make-e2e_node-run-over-distro-bins.patch - Add kubeadm-Support-Kernel-5.0-gh74355.patch so kubeadm supports Kernel 5.0+ - Update to version 1.13.4: * kubeadm: fixed nil pointer dereference caused by a bug in url parsing * remove stale OutOfDisk condition from kubelet side * Adds deleting pods created by DaemonSet assigned to not existing nodes. - Update to version v1.13.3 * Update to go1.11.5 * kubeadm: add back --cert-dir option for kubeadm init phase certs sa * kubeadm: explicitly wait for etcd to have grown when joining a new control plane * kubectl: fixed an issue with "too old resource version" errors continuously appearing when calling kubectl delete * Fix scheduling starvation of pods in cluster with large number of unschedulable pods * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#changelog-since-v1132 - Remove source conditionals for CaaSP - Make Kubernetes package re-usable for CaaSP once again * Add apiserver, config, controller-manager, kubelet, kubelet-config.yaml, proxy, scheduler - Update to version v1.13.2 * Fix a race condition in which kubeadm only waits for the kubelets kubeconfig file when it has performed the TLS bootstrap, but wasn't waiting for certificates to be present in the filesystem * kubeadm: fix a possible panic when joining a new control plane node in HA scenarios * kubeadm: fix a bug when syncing etcd endpoints * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1132 - Update to version v1.13.1 * Minor bugfixes * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1131 - By removing do-not-gc-sle-kubic-images.patch in the previous commit, we fixed bsc#1111341 (container-feeder no longer used) - Update to version v1.13.0 * kubeadm now GA * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#urgent-upgrade-notes - Drop obsolete do-not-gc-sle-kubic-images.patch (container-feeder no longer used) - No longer require cri-tools to perfectly match k8s version - Update to version v1.12.3 - CVE-2018-1002105: Fix critical security issue in kube-apiserver upgrade request proxy handler - Update _constraints to latest requirements - Update to version v1.12.0 * API - "dry run" functionality, which enables users to see the results of a particular command without persisting those changes * Azure - Adding Azure Availability Zones support to cloud provider * Azure - Supporting Cross RG resources (disks, Azure File and node [Experimental]) * CLI - new plugin mechanism, providing a library with common CLI tooling for plugin authors and further refactorings of the code. * cluster-lifecycle - Improved CRI handling, airgapped and offline support, certificate handling, and HA improvements * node - graduated the PodShareProcessNamespace feature from alpha to beta. This feature allows a pod spec to request that all containers in a pod share a common process namespaces. * scheduling - improving performance and reliability of the scheduler * storage - promoted the Kubernetes volume topology and dynamic max volume count features to beta * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md - Remove obsolete build-with-debug-info.patch - Configure br_netfilter and sysctl for kubeadm automatically (gh#kubernetes/kubeadm#1062) - Make crio default, docker as alternative runtime (boo#1104821) - Configure kubernetes CRI runtime with $runtime-kubeadm-criconfig packages - Remove /etc/sysconfig/kubelet, now provided by $runtime-kubeadm-criconfig packages - Remove custom config files, introduce upstream equivalents - Disable rpmlintrc checks for all architectures, not only x86_64 - Remove rich dependencies to avoid problems with build tooling - Require cri-tools to be equal or greater than current k8s version, but less than the next major k8s version - Require cri-tools for kubeadm there are a few calls to crictl in the kubeadm codebase - Switch to go 1.10 Kubernetes requires go1.10.2 or greater - drop bsc1095131-cadvisor-btrfs-walk-volumes.patch it is no longer needed as it is in the vendor codebase - Previous fix (update to version 1.11.1) was including fixes for bsc#1118198 and bsc#1118260 (CVE-2018-1002105) introduced in version 1.10.11 - Update to version 1.11.1: * Revert "Automated cherry pick of #65313: Adds cri-tools as a dependency to kubeadm deb/rpms" * Always mark gke-exec-auth-plugin executable * Don't delete pkg/generated/bindata.go in make clean * fix bug for garbage collection * Adding generated files * Removes defaulting of CSI fsType to ext4 * kubeadm: run kube-proxy on non-master tainted nodes * ensure rs pod cleanup happens * ensureInternalBackendServiceGroups inserts InstanceGroup links, not nodes * move t.Parallel() out of for loop * switch delete strategy to background deletion * Generate pkg/generated/bindata.go for release-1.11 * Don't gitignore pkg/generated/bindata.go * verify-generated-files: ensure git tree is clean * Add script to verify generated files * Fix pod worker deadlock. * Remove unnecessary spaces ahead of custom yaml. * Add a helper function to customize K8s addon yamls and use it to customize Calico addons on GKE. * A few cleanups (remove duplicated env vars & unnecessary comments) on yaml files. * Update Calico addon yamls to make it work for both 2.x and 3.x. versions. * Update to go1.10.3 * Update to rules_go 0.10.5 * re-make print flags composeable for sophisticated callers * fix go-template defaulting for commands w default output format Fixes defaulting done for commands that default to a specific output format (such as yaml, json) when a --template flag is provided and no explicit --output value is given. * make template printers a recommended printer * Fix truncating and buffering backends integration. * set EnableHTTPSTrafficOnly in storageAccount creation * update priority admission for interoperability * Build file generated * Add priority to defaultOn plugins list * Fix RunAsGroup. * pause image should be arch agnostic * adds post install step to kubeadm deb built by bazel * Adds cri-tools as a dependency to kubeadm deb/rpms * GC: remove CRD and APIService from ignored resources * fix azure storage account creation failure * Always create kubeClusterIPSet * fix 'kubectl cp' with no arguments causes a panic * Update output format so that it matches actual accepted values * fix ipset creation fails on centos. issue 65461 * Reload systemd config files before starting kubelet. * azure: Add validation of resourceGroup option * Remove scheduler config deprecated warning as the new component config is still in alpha * Change our tests to ensure that critical system pods are created in the system namespace * Autogenerated files * Limit usage of system critical priority classes to the system namespace * Allow custom manifests in GCP master setup * fix azure disk issue for external resource group * azure: Move configuration of resource group in storage class. * fix comments * specify external resource group in ResizeDisk * add external resource group support for azure disk * skip nic that are in failing state * Bug fix: Should allow alias range size equals to max number of pods * 2 * apiserver: do not print feature gates for glog v=0 * add scrape port to service * Set pod priority on kube-proxy by default * Fix comments about default mount propagation * Fix out of bounds error on non-64-bit machines * Fix bug printing openapi columns * BUGFIX: must use ID, not name, of the node security group when adding rules to it * Insert human curated 1.11 release notes and set current version * Add/Update CHANGELOG-1.11.md for v1.11.0. * Kubernetes version v1.11.1-beta.0 openapi-spec file updates * Update Rescheduler's manifest * Fix cleanup of volume metadata json file. * Fix UnmountDevice with deleted pod. * Fix some log issues in flexvolume * fix scheduler client construction from configuration files * etcd: reuse leases for keys in a time window * update NPD version to v0.5.0 for gci * Add a GPUClusterDowngrade test. * Add/Update CHANGELOG-1.11.md for v1.11.0-rc.3. * Add /home/kubernetes/bin into sudoers path, so that `sudo crictl` works. * Fix scheduler config decoding * Pass cluster_location argument to Heapster * Add/Update CHANGELOG-1.11.md for v1.11.0-rc.2. * Remove optimization from getWork in resourcequota/controller.go * special-case template printing in get.go * Change prometheus versions from latest to tag * Have the /rootfs rw for containerized node e2e * make sure delete waiting doesn't re-evaluate the resource lists * Remove item from taint manager workqueue on completion * Revert "Automated cherry pick of #65189: fix paths w shortcuts when copying from pods" * update cadvisor godeps to v0.30.2 * Split scheduler latency metric to fine-grained steps * Add/Update CHANGELOG-1.11.md for v1.11.0-rc.1. * stop returning invalid json fields in CRD OpenAPI schemas * bump(k8s.io/kube-openapi): 91cfa479c814065e420cee7ed227db0f63a5854e * fix paths w shortcuts when copying from pods * fix scheduler port boundary to match detection * Update crictl to v1.11.0. * Fix a changelog entry in v1.11 * Fix kubeadm unit tests relying on internet access * use the release-1.11 branch by default * Update CHANGELOG-1.8.md for v1.8.14. * Cluster Autoscaler 1.3.0 * kubeadm: Fix a small config upgrading issue with .CloudProvider * cri-tools deb: Rename cri_tools to the correct cri-tools * kubeadm: Fix a bug where skipping all preflight checks wouldn't activate the kubelet * Move service account key file arg to the service-account controller options * kubeadm: Make the environment file writing happen on upgrade as well * Use kubernetes image repo for coredns * Fix kubeadm init/upgrade --dry-run mode * Update Cluster Autoscaler to v1.3.0-beta.2 * decode crd objectmeta properly * apiextensions: fix concurrent map access copying items' ObjectMeta in Unstructured * Fix check for CRD watch priming * fix schema for kubeproxyconfig/v1alph1 * make json serializer case sensitive * vendor the latest json-iterator * Use context with timeout instead of context.Background * Wait a minimum amount of time for polling operations * Update tests to reflect that kubeadm taints should not override node taints * vendor: update hcsshim to v0.6.11 * Readding summary metrics * Revert "Fixing scheduling latency metrics" * Start plugin watcher after initialization of all kubelet components * Added PV GET api rule to external-provisioner * Fix kubeadm taints to not override existing node taints * Re-use private key after failed CSR * fix iptables_test typo * Replace manifest-tool with docker manifest command * Add kms-plugin-container.manifest to release manifest tarball. * mark kubectl wait as experimental * Compute avg and quantiles of scheduler throughput in density test * autogenerated * kubeadm: Fix a couple of small-ish bugs for v1.11 * kubeadm - fix local etcd grpc gateway * Increase logexporter timeout and add debug logs * Adding scale error retries * daemon: add custom node indexer * kubeadm - local etcd configuration bugfixes * Issue 63622 - Flaky e2e/aggr test. * Limit the mounted directory to cluster-autoscaler/ * fix eviction event formatting * fix memcg fd leak * update cadvisor godeps to v0.30.1 to revert cadvisor#1916 * fix-kubeadm-pull-log * Cluster Autoscaler 1.3.0-beta.1 * volume: decrease memory allocations for debugging messages * fix field removal in mutating admission webhooks * Disambiguate a comment * improve memory footprint of daemonset simulate * Limit access to configmaps * dockershim/network: add dcbw to OWNERS as an approver * Create system:cluster-autoscaler account & role and introduce it to CA start-up script * fix a bug of wrong parameters which could cause token projection failure * Don't specify a description for Calico CRDs * re-enable memcg for testing on gce * Ensure directory is created for kubelet configuration * Fix output of `kubeadm migrate config` * Revert "Add validation code for the Vertical Pod Autoscaler API." * Revert "Auto-generated code for the Vertical Pod Autoscaler API." * Revert "Add Vertical Pod Autoscaling API to the autoscaling group." * Add/Update CHANGELOG-1.11.md for v1.11.0-beta.2. * Update CHANGELOG-1.11.md for v1.11.0-beta.2. * Use repo prefix when generating image names * Adds a crictl package for kubeadm installs * Fix setup of configmap/secret/projected/downwardapi * Add clarification for Windows DNS setup flow * Revert "Fix Windows CNI for the sandbox case" * autogenerated * Add a 'kubeadm upgrade node config' command and finish up the kubelet integration work * Add TODO for removing kubectl DaemonSet deletion hack * Revert "Remove hack in kubectl delete that handles DaemonSet deletion" * Remove myself from sig-cli OWNER alias * Add validation code for the Vertical Pod Autoscaler API. * Auto-generated code for the Vertical Pod Autoscaler API. * Add Vertical Pod Autoscaling API to the autoscaling group. * Update CHANGELOG-1.10.md for v1.10.4. * kubeadm: Don't match DNS versions to K8s versions * kubeadm: When etcd is listening on all interfaces, set the etcd probe to use loopback * auth: standalone kubelets shouldn't start a token manager * disable process scheduler metrics * update cadvisor godeps to v0.30.0 * Remove hack in kubectl delete that handles DaemonSet deletion * Skip updating status for DaemonSet being deleted * Generated code for gce_disks refactor * Refactored disk cloudprovider methods to use generated client; Refactored gce_disks unit tests; Removed unused gce_op.go and associated unit tests. * autogenerated * Switch to Beta * sysctls: create feature gate to track promotion * Run make update * kubeadm: Upload CRISocket information and hence make kubeadm join blocking * Fix standalone dockershim. * Reconcile extended resource capacity after kubelet restart. * Promote sysctl annotations to API fields * CSI implementation of raw block volume support * Rate limit only when an actual error happens, not on update conflicts * Set GCE PD attachable volume limit based on machineType * Inject ContainersReady * Generate ContainersReady condition * add ContainersReady condition * kubeadm: Update the dropin for the kubelet in v1.11 * document per-field advice for dynamic Kubelet config * coredns to use gcr.io repo * kubeadm lowercases all domain names passed as additional SANs * Fix kubeadm for v1alpha1 configs * apiextensions: allow Description in the root schema for subresources * fix kubectl -o * housekeeping: improved language used in ISSUE_TEMPLATE.md * Fix quota sync * Create new variable for each iteration step * Provision interface change * kubectl cp support colons-in-filename * Dynamic provisioning allowed topologies scheduler work * Run CoreDNS container only with CAP_NET_BIND_SERVICE, drop all other (root) privileges. Run filesystem of container and config in read-only mode. * Fix panic while provisioning Azure security group rules * remove deprecated option '--enable-custom-metrics' * generated files * Setup docker options according to windows security context * Setup windows security context in CRI * Add security context for Windows containers * API changes for Topology aware dynamic provisioning * implement service account token projection * Add support for enforcing read only host paths in PSPs. * staging godep update * Test job backoffLimit correctly * Add mbohlool to apiextensions-apiserver reviewer list * Update dependency * Update GCE cloud provider to use Cloud TPU v1 API * Bazel BUILD fixes * Modify security profile for proxy * Fix the handling of untagged images * Update generated bazel * New labelmanager package * update golang/protobuf to v1.1.0 to satisfy CSI v0.3.0 hard requirement * Adding CSI driver registration * coredns to gcr.io repo * Update container-storage-interface/spec vendor to v0.3.0 (and related dependencies) * Introduce priority class in the resource quota * Add gpu cluster upgrade test. * trigger kubelet sync pod on reconciliation * Generate pod ready status with readiness gates * Only mount subpath as readonly if specified in volumeMount * Fix panic caused by no cloudprovider in test * Kubeadm-initialised kubelet uses provided hostname if present * Bazel artefacts * Fix test tag on dynamic config tests * Never clean backoff in job controller * Remove event handler to satisfy alpha tests * apimachinery: do not fuzz ObjectMeta.{Labels/Annotation} with empty keys * kubeadm: use nodeselector instead of affinity in kube-dns * kubeadm: use nodeSelector to only run kube-proxy on architecture consistent nodes * Replace glog.Info{f,ln} with fmt.Print{f,ln} * Log policy name from pod security policy * add WithAudit admission decorator * support AddAnnotation in admission attributes * Allow parametrization of RequestedToCapacityRatio priority function via policy config * Register RequestedToCapacityRatioPriority priority function * add NON_MASTER_NODE_LABELS to config-test.sh * Code clean up * Refactor of GenerateMapDeviceFunc to delegate Map call to volume plugin. * azuredisk size grow feature * support netd on k8s * kubeadm: Set the kubelet `--resolv-conf` flag conditionally on init * Updated generated files * API updates for Cinder Volumes to support for user specified Secrets in the future * Clarify --hostname-override and --cloud-provider interaction * printers: add deepcopy tests to generated tables * conversions: don't mutate in.ObjectMeta.Annotations * printers: fix json types ? int64 is only allowed integer * apply global flag "context" for kubectl config view * Avoid deadlock in gc resync if available resources change during sync * Updated integration test. * Eanbled schedule DaemonSet Pods by default scheduler. * Updated helper funcs to use nodename. * Address comments in #64006. * Set deployment security profile to docker/default * Update istio addon manifest to 0.8 * GC fallback to jsonmerge patch when SMP is not supported * validation and feature gate * make update * add ReadinessGates in pod spec * Implement kubelet side changes for writing volume limit to node * Implement volume plugin changes for volume limits * Implement scheduler changes for volume limits * Implement API changes needed for dynamic volume limits * Add metrics for envelop transformer: transformation_operation_count transformation_failures_count envelope_transformation_cache_misses_count data_key_generation_latencies_microseconds data_key_generation_failures_count * Add wait.PollImmediateUntil * apimachinery: adapt ObjectConvertor invariant * client-go: make exec auth and auth provider mutually exclusive * generated: * client-go: promote exec plugin support to beta * clientauthentication: add v1beta1 API version * GitRepo command hardening * Validate git args are not flags prior to mounting * apiextensions: add ObjectMeta schema validation and pruning * Replace openapi Fake with kube-openapi version * fix the verify job * Increase timeout * Add feature gate for kubelet plugin watcher * Update pod phase documentation * CSI fix for gRPC conn leak, test updates * Add netd as an addon for GKE. * Revert "Remove rescheduler and corresponding tests from master" * fix bug excludeCIDRs was not assign in func NewProxier * add debugging for aggregator flake * Update CHANGELOG-1.11.md for v1.11.0-beta.1. * Add/Update CHANGELOG-1.11.md for v1.11.0-beta.1. * Quote shell variable expansion * Update bazel. * Update unit test. * Proxy container streaming in kubelet. * disable memcg for testing prior to 1.11 release * Rename online resizine feature gate * openapi: Remove FakeClient from testing library * Kubeadm/k8s version mismatch is now a skippable error * cloud node controller: improve error handling for node registration * remove extra "../" when copying from pod to local * Add tallclair to milestone maintainers * autogenerated * Add unit tests for the new Bootstrap Token objects and functions * kubeadm: Initial refactor of the Bootstrap Tokens. Add the new API objects, add/move helpers and start using the new flow in the code * Move helper funcs and constants to the client-go Bootstrap Token package from kubeadm * code-gen: support running from anywhere * Save kubeadm manifest backup directories * Use default seccomp profile for GCE manifests * Add ipvs module loading logic to gce scripts * Move pkg/scheduler/schedulercache -> pkg/scheduler/cache * Mount the kubeletConfigPath rw when running containerized node e2e tests * implement kubelet side online file system resize for volume * kubeadm uses its own scheme instead of kubectl scheme * remove unused code in kubeadm error.go * use subtest for table units (pkg/master) * Support dynamicly set logging verbosity * svcacct: validate min and max expiration seconds on TokenRequest * generated: update generated API files * core v1: deprecate the gitRepo volume type * Add TLS support to exec authenticator plugin * add a flag to control the cap on images reported in node status * [gce provider] More wrappers for alpha/beta backend service * add utils for pod condition * make update * fix unit tests using Patch in fake client * add Patch support in fake kubeClient * change kubelet status manager to use patch instead of put to update pod status * include patch permission for kubelets * add utils to patch pod status * autogenerated * dns record scale test * apiserver: update tests to use sub-benchmarks (aes_test.go) * kubeadm: conditionally set the kubelet cgroup driver for Docker * Fix error message to be consistent with others * Parallelize taint manager * e2e test for block volume provisioning * apiserver: update tests to use sub-benchmarks (secretbox_test.go) * Fixing scheduling latency metrics * remove unused parameter in func buildFakeProxier * Promote watch e2e test to conformance * autogenerated * kubeadm: Add a 'kubeadm config migrate' command * Possible cipher suites values and tls versions in help for apiserver and kubelet * add api for service account token volume projection * remove ipvs feature gateway * remove unused status per TODO * Build files generated * Phase out rescheduler in favor of priority and preemption * Modified regional PD test to fetch template name from GCE * Remove direct and indirect streaming runtime interface. * Add dry-run to auth reconcile * Deprecate the in-tree keystone plugin * e2e node: mark pod cgroup test as [NodeConformance] * update set selector to use resource builder flags * cleanup some dead kubectl code and narrow scope of helpers * fix dynamic kubelet config tests * node e2e: fix the missing square brackets * Correctly apply request transforms with flattened resource builder * Add dynamic environment variable substitution to subpaths * Add probe based mechanism for kubelet plugin discovery * Auto-generated files * create coredns and kube-dns folders * autogenerated * Update unit tests to use the new NodeRegistration object * kubeadm: Move .NodeName and .CRISocket to a common sub-struct * add resource builder flags * client-go: start fresh with owner file * fix the delete result being used * services must listen on port 443 * apiextensions-apiserver: add establishing controller to avoid race between established and CRs actually served * include rollout object name in cli message * Add block volume support to internal provisioners. * client-go: document README exception in .github/PULL_REQUEST_TEMPLATE.md * Declare wait flag in way consistent with other deletion flags * DaemonSet internals are still in extensions * Add daemonset when to getReplicasFromRuntimeObject when cleaning objects in e2e * Allow AWS EBS volumes to be attached as ReadOnly. * Increase the timeout when waiting for the job to be gone * remove unnecessary factory delegation for RESTClientGetter method * Fix GKE Regional Clusters upgrade tests * kubeadm: Use loadPodSpecFromFile instead of LoadPodFromFile * UX improvement for preflight check for external etcd client certificates * Fix bug with scheduler throughput variable pass-by-value * e2e/storage: central argument handling * move filename flags to genericclioptions * move resource builder flags to genericclioptions * Update generated files * apiextensions-apiserver: add columns to CRD spec * fix azure file size grow issue * Remove Generators from Factory * move scaleClient from factory * ccm: recognize InstanceNotFound from InstanceID * Restore InstanceNotFound comment & logic * collapse into one factory * kubeadm: do not use --admission-control for the API server * Improve the help of kubeadm completion * Wait for PODs ready after scale up * Run cluster-autoscaler+GPU e2e tests for all gpu types * bump(github.com/evanphx/json-patch): 94e38aa1586e8a6c8a75770bddf5ff84c48a106b * Remove unused limit writer. * [gce provider] Update auto-generated codes * [gce provider] Add more wrapper for securiti policy * Adding a shutdown script that would enable handling preemptible VM terminations gracefully in GCP environment * Fix nodeport repair for ESIPP services * Fix DsFromManifest() after we switch from extensions/v1beta1 to apps/v1 in cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml. * remove gce_address_fakes.go from BUILD file * Remove some unnecessarily gendered pronouns in comments * mocks must return true in order to trigger err * use fakeGCECloud instead of gce address fakes * Remove initializer test Initializers are alpha, broken and a subject for removal. They don't work well with finalizers and the previous hack present in deployment and replicaset reapers was just hiding this problem. * Handle DaemonSet removal the old way * Remove kubectl reapers * Remove feature tags from e2e test for resize * Fix breaking volume resize e2e tests * Move volume resizing to beta * Prepulls images by default * fix parsing 'crictl pods -q' output * disable PersistentVolumeLabel admission controller by default * remove CrictlChecker from preflight checks * Should use `hostProcMountinfoPath` constant in nsenter_mount.go. * Ensure that only IPs are used as node addresses in OpenStack LBs * Revert "Change default min-startup-pods value" * Measure scheduler throughput in density test * Move Ceph server secret creation to common code. * fix toleration validation invalid error * Update feature warning for log rotation flags. * simplify else * Rename and add unit test for ImageSizes * HandleError include the type of the error object * Move SuggestedPodTemplateResources from factory to set_resources * Fix hasClusterTag to actually get behavior we want * Update nvidia-gpu-device-plugin to apps/v1 and use RollingUpdate updateStrategy. * fix space-vs-tab indent on comment line * Pull gke-exec-auth-plugin binary on Nodes * Resurrect lost log line * Remove signal handler registration from pkg/kubelet * kubeadm: rename the `kube-dns` phases addon * MapString* should return empty string for String() when null * Use default seccomp profile for flutend-elasticsearch addon * Use default seccomp profile for DNS addons. * graduate DynamicKubeletConfig feature to beta * Run hack/update-all.sh * Expose openapi schema to handlers * Update version of k8s.io/kube-openapi * add PST to main SECURITY_CONTACTS as formality * fix describer tests * move Describer from factory * Trigger function for secrets * update manifest * apiextensions: cleanup test/integration helpers * apiextensions: unify multi- and mono-versioned test helpers * pv_controller change for provisioning * Add dynamic provisioning process * cache update for dynamic provisioning * Add reason message logs for non-exist resources * apimachinery: remove unused UnstructuredObjectConverter * replace `__internal` with runtime.APIVersionInternal * resourcequota return StatusError when timeout * Always masquerade node-originating traffic with a service VIP source ip * Fix Windows CNI for the sandbox case * Add unit tests for findRule() * Add verbose logs for azure cloud provider * Check LoadBalancingRulePropertiesFormat for azure load balancers * Move unrelated methods from the factory to helper * Optimize the lock which in the RunPredicate * fix bugs that break processing when printing errors occur in kubectl * fix kubectl set subject --all option invalid bug * add metadata to kubelet eviction event annotations * Update function hasClusterTag to fix issue #64230 * kubeadm: Improve the kubelet default configuration security-wise * conformance: normalize the test names * Moving Regional PD e2e tests to regular test suites * apiextensions: reduce verbose logs in removeDeadStorage * apiextensions: make CreateNewCustomResourceDefinition return created CRD * Explictly enable cgo when building kubectl for darwin from darwin * Add KUBE_CGO_OVERRIDES env var to force enabling CGO * prevent zero for leader election timeouts * Do not use DeepEqual to compare slices in test. * autogenerated * kubeadm: Refactor the .Etcd substruct in the v1alpha2 API * Update generated files * Add clarification for GA in Version Priority sorting * add test: verify kubelet.config.Restore only happen once * apiextensions: extract orthortogonal behaviour from nopConverter * move rollbacker from the factory * move Pauser and Resumer from the factory * move more CanBeExposed from factory_client_access * do some code clean for cloud-controller manager * Nsenter unit tests * Pass Nsenter to NsenterMounter and NsenterWriter * Created directories in /var/lib/kubelet directly. * Split NsEnterMounter and Mounter implementation of doBindSubpath * Refactor doBindSubPath into smaller functions: * Change SafeMakeDir to resolve symlinks in mounter implementation * Enhance ExistsPath check * Allow EvalSymlinks target not to exist. * Add GetMode to mounter interface. * add missing flag for kubeadm config images pull command * Use DeleteOptions.PropagationPolicy instead of OrphanDependents (deprecated) in kubectl * Fix incorrectly set resource version in List * should not ignore err when convert controllermanagerconfiguration api * Validate cgroups-per-qos for windows * Fixes fsGroup check in local volume in containerized kubelet. Except this, it also fixes fsGroup check when volume source is a normal directory whether kubelet is running on the host or in a container. * Correctly identify types served in the kube-apiserver openapi doc * add colon separators to improve readability of test names * fix the e2e node helpers that let tests reconfigure Kubelet * re-reorder authorizers (RBAC before Webhook). * Add warnings about cache invalidation. * autogenerated * kubelet: Move RotateCertificates to the KubeletConfiguration struct * extend configmap tests to include CoreDNS * add dynamic config metrics * Generated files * CRD versioning with no-op converter * Do not bypass same version unstructed conversion if it is a list * CRD versioning validation and defaulting * CRD versioning - types change * e2e/auth: Expect apps/v1 Deployment calls in audit test. * Set explicit labels/selector for apps/v1 Deployment/RS. * test/integration: Use apps/v1 Deployment/ReplicaSet. * test/e2e: Use apps/v1 Deployment/ReplicaSet. * kubectl: Use apps/v1 Deployment/ReplicaSet. * Use apps/v1 in Deployment controller. * Stub out BackendService check in Ingress upgrade test. * Add Logf message for skipped succeeded pods * Remove some completed TODOs * move f.Command out of the factory * log bad format git version * remove portsforobject from factory * add a discarding printer for testing and delegation * generated * add wait * generated * switch rbac to external * ipvs lb local session affinity * Added unit tests to sample-controller * Simplify the volume util by v1helper. * Allow env from resource with keys & updated tests * add volumeName in getVolumeSpecFromGlobalMapPath * e2e: Remove flaky from CSI E2E test * autogenerated * kubeadm: Write kubelet config file to disk and persist in-cluster. Also write runtime environment file and fixup the kubelet phases command * test/e2e/common: Add NodeFeature or NodeConformance tags * kubectl use its own logs * auto generated file * load kernel modules required by IPVS in kubeadm * Rename Du() to DiskUsage() for more expressive * convert Duration into seconds by go library function * fix kubectl get --show-kind * test/e2e/common: add NodeConformance tag to all Conformance tests * generated * test/e2e_node: Add NodeFeature tags to non-conformance tests * Re-tag benchmark tests * test/e2e_node: mark more tests with [NodeConformance] * test/e2e_node: Add Node-exclusive feature tags to existing tests * test/e2e_node: Add [NodeConformance] to tests tagged [Conformance] * mark ServerAddressByClientCIDRs as optional * move updatepodspecforobject out of factory * kubeadm-upgrade: add unit tests for the diff command * kubelet: fix checkpoint manager logic bug on restore * kubeadm-upgrade: small improvements to diff * remove LabelsForObject and ResolveImage from factory * Update CHANGELOG-1.9.md for v1.9.8. * correct test logging package stackdrvier -> stackdriver * move PrintOptions to genericclioptions * remove API dependency on printers * When creating ext3/ext4 volume, pass -m0 to mkfs in order to disable the super-user-reserved blocks, which otherwise defaults to 5% of the entire disk. * dynamic Kubelet config reconciles ConfigMap updates * Fix running e2e tests with completed kube-system pods * remove unused gc code * Update CHANGELOG-1.10.md for v1.10.3. * Add optional flag of node port range * add block device support for azure disk * kubeadm: Remove .ImagePullPolicy * autogenerated * kubeadm: Remove .AuthorizationModes in the v1alpha2 API * add formatAndMount unit test on Windows * Don't support marshalling using the v1alpha1 version in kubeadm v1.11 * Update bazel * Fix cyclic dependency of apiserver test for OpenAPI test * Dump Stack when docker fails on healthcheck * remove one duplicated unit test * Kubelet config: Validate new config against future feature gates * Generated files * Sort API Services by Kube-Version order * Fix error message in Equalities.DeepEqual * kubeadm: APIServerExtraArgs should override defaultArguments * Bump grpc max message size for docker service * autogenerated bazel * Add testdata that supports the unit tests testing the kubeadm API types * Add roundtrip, defaulting, upgrading and validation unit tests for the kubeadm API types * generated * Add GET PATCH support for two /status: * Raise error on duplicate name in kubeconfig * remove knob of equiv class in perf test * Fixing wrong unit test naming * Use Dial with context * Refactor test utils that deal with Kubelet metrics for clarity * sort on non-tabular output * Fix TestSchedulerWithVolumeBinding to avoid setting predicate ordering. It is causing data race condition as predicate ordering is changing global variable predicatesOrdering. Infact this test does not require any special predicate order and should work on default predicate ordering as far as VolumeScheduling feature is enabled. * Graduate CRIContainerLogRotation to beta * move additional methods from factory * remove unused code of (pkg/scheduler) * fix event ref determination for apigroups * Add environment variable to control truncating backend. * Tolarate negative values when calculating job scale progress * uses a more resilient way to get branch name from version * kubeadm: crictl reset commands fixes * Add SELinux support to CSI * kubectl: add aggregation rule support to clusterrole * Allow for system metrics discovery in Custom Metrics - Stackdriver Adapter test * kubeadm: Restrict imports from pkg/client/clientset_generated/internalclientset * kubeadm: Add local copy of LeaseEndpointReconcilerType * Handle TERM signal to reduce pod terminating time. * new event exporter config with support for new stackdriver resource types * fix formatAndMount func issue on Windows * [e2e ingress-gce] Implement Skip() for ingress upgrade test * auto generated file * modify kube-controller manager config struct to adapt option change * modify cloud-controller manager config struct to adapt option change * [kube-controller manager]get rid of GenericControllerManagerOptions sub-struct * [cloud-controller manager]get rid of GenericControllerManagerOptions sub-struct * remove kube-proxy and kube-scheduler from pkg_kubectl_cmd_util_CONSUMES_BAD group * Update ipvs docs --- check the prerequisite * kube-proxy should not depend on kubectl * construct a new CloudControllerManagerConfiguration struct for cloud-controller manager * gce provider: point to hack/update-cloudprovider-gce.sh in doc * gce provider: add wrapper for security policy * autogenerated * Only override objects from informer when version has increased. Add more logging and tests to volume scheduler. * move type setting into an optional layer above normal printing * add protection for missing apiversion so we never serialize a bad object * remove versioned printer * Results of running update scripts: update-openapi-spec update-federation-openapi-spec * Add kubernetes license to credential manager * Add unit test for secrets flag in config file * Add secrets flag in vcp config and modify vcp to use nodemanger connect method * Modify nodemanager to use credentials from secret * Add credentials manager unit test in vSphere Cloud Provider * Add credentials manager in vSphere Cloud Provider * Add update credentials function in vclib * add myself as an approver in various auth related directories * Wait for pod deletion instead of termination * kubeadm - fix upgrades with static pod etcd * pkg: kubelet: remote: increase grpc client default size * Add a 'kubeadm config print-default' command * Move all logic for NodeConfiguration unmarshal to the dedicated package * autogenerated files * Cluster Autoscaler 1.2.2 * increase timeout in TestCancelAndReadd * autogenerated * kubeadm: Remove the never-used .Etcd.SelfHosted field * kubeadm: Avoid unneeded dependencies by not using GetFlagString * start splitting polymorphic functions out of the factory * fix error tests due to version bumping of etcd and supported k8s * Bump etcd version based on k8s version to 1.10.X => 3.1.12, 1.11.X => 3.2.18, 1.12.X => 3.2.18 * Remove v190alpha3 * Rename v180AndAboveKubeDNSDeployment to KubeDNSDeployment * remove v190 from kubeadm in v1.11 cycle * Update kubeadm's minimum supported kubernetes in v1.11.x to 1.10 * update factory interface to overlap with lower RESTClientGetter * kubectl: fix Flatten() when used without Latest() * Add GetSELinuxSupport to mounter. * WatchingSecretManager * Refactor ConfigMapManager * fix little bug in kube-scheduler options * Add a way to pass extra arguments to etcd. * Fix SkippedPaths * Add Pod stats for Windows containers * Init ipvsInterface only when ipvs modules are present * Add fs status for Windows containers * Add log stats for Windows containers * update bazel * remove request context.WithUID * Delete extraneous CHANGELOG-*.md files on branch. * Kubernetes version v1.12.0-alpha.0 openapi-spec file updates * Add strategy description for 'kubectl describe sts' command * Fix PDB preemption tests. * test clusterip * check for NEG healthcheck with correct name * Generated docs * Add a `kubeadm upgrade diff` command * Extract connection rotating dialer into a package * diff: Fix broken `Local()` logic * bzl: cleanup some no longer need visibilities * Bazel artifacts * Adds a kubeadm config images pull command * Additional test coverage for kubectl/cmd/cp * move ConfigFlags to pkg/kubectl/genericclioptions * autogenerated * kubeadm: Remove the .PrivilegedPods configuration option * kubeadm: Remove the .CloudProvider configuration option * storageclass can be in annotation and spec * Ignore golint failure for v1alpha2, as the failing code is autogenerated * Remove e2e test for cAdvisor running in the kubelet, as it's deprecated and gonna be removed * Add initContainers into completion suggestions for kubectl logs/attach * autogenerated * autogenerated move to reference the v1alpha2 API inside of kubeadm * Refactor cache based manager * Change default min-startup-pods value * kubeadm: Register and support loading the v1alpha2 API types * kubeadm: Add duplicated v1alpha2 API types * Auto-calculate allowed-not-ready-nodes in test framework * Enable checking whether ipvs modules are built-in or not * Setup dns servers and search domains for Windows Pods * abstract duplicated code in ipvs proxier * Revert enable PodPreset admission and also enable settings.k8s.io/v1alpha1 api resource * Revert "Openstack: register metadata.hostname as node name" * Revert "Split out the hostname when default dhcp_domain is used in nova.conf" * Revert "Specify DHCP domain for hostname" * gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup * Remove unnecessary roundtripping in get.go * Autogenerated code * Fix fakeclient List * Update CHANGELOG-1.8.md for v1.8.13. * remove single use, non-polymorphic helpers from factory * Move to a structured status for dynamic Kubelet config * kubeadm - set CoreDNS FeatureGate to true by default * bump coredns to GA in kubeadm * Prevent nodes from updating taints * apiextensions: only create patch reference object for smp path * Disable the public cadvisor port by default * update bazel * vSphere Cloud Provider: update vmware/gomvomi godeps * vSphere Cloud Provider: add SAML token authentication support * NFS support for default storage * make TestGetServerGroupsWithTimeout more reliable * Use runtime/default as default seccomp profile for unprivileged PodSecurityPolicy * kubeadm preflight check for IPv4 and IPv6 forwarding * autogenerated bazel * generated * stop generating service deletecollection * Minor fixes for kubeadm reset * Decrease default node schedulable timeout in e2e framework * kubeadm: Handle config loading only in one place, and only use the internal version of the API internally. Fix bugs * restore old cached client behavior * move cached_discovery to client-go/discovery * Fix bootstrap roles to allow list/watch secrets/configmaps from nodes * Requires single name for list and watch * scheduler: remove nested retry loops * Revert "Revert "scheduler: align with ctrl-managers and apiservers, add https+auth in options"" * Clean stackdriver sinks when reached limit * Add comments for ipset entries in kube-proxy - fix * fix ut * pass stop channel to node-controller * Still use `docker ps` for docker health monitoring. * Enable CUSTOM_INGRESS_YAML to replace the glbc manifest * Adding details to Conformance Tests using RFC 2119 standards. * cleanup kubectl apiresources * kubeadm - fix external etcd upgrades * Support kubeadm upgrade with remote etcd cluster * Build files generated * Switch to beta * Update e2e to use priorityClass beta * Actually support service `publishNotReadyAddresses` * Refactor kubeadm config list-images * remove decoder from name printing * kubeadm: Contact the kubelet on its healthz port 10248 instead of its readonly port * Sort arguments before joining them, for reproducible return string * print result object from kubectl taint correctly * apiserver: Fail if dry-run query param is specified * Remove layer:status per review * Update status handling and retry network status poking, per review * autogenerated bazel * Stop installing kubeadm types in the generic, legacy scheme * check for new backend naming scheme * kubeadm: Use the API machinery for marshalling * client-go: remove dep on pflag * Retry certificate approval on conflict errors * Add e2e test to verify that GPU pool is not scaled up if GPUs are not requested by pods * kubeadm - do not generate etcd ca/certs for external etcd * switch to versioned objects only for set * Track number of registered watchers in apiserver * remove unused PrintFlags.Scheme * [prometheus addon] Add filter on image in tests to remove pod timeseries * Rename kubeadmapiext to the more explicit kubeadmapiv1alpha1 * e2e/storage: parameterize container images * apiextensions: normalize CR validation to return multiple errors * fix review comments * use subtest for table units (pkg/printers) * fix missing flag value bindings in kubectl * Avoid copying aggregated admin/edit/view roles during bootstrap * Control exactly what we use in kubeadm * Generated * Move scheduling api to beta * register client-go auth plugins for e2e * Adds initial Korean translations for kubectl * Removed unused namespace in UT helper func. * kubeadm-init: update note about failing containers * validation: improve ProjectedVolume validation errors * validation: allow multiple errors in Volume validation test * Fix bad sleep - int as duration * Added documentation of how client-go interfaces with custom controller code * Tests for kubeadm marshal utilities * Generated artefacts * Deprecate photon cloud provider * fail printing on internal obj * Use apimachinery for serialising kubeadm MasterConfiguration * Update generated artefacts * log error for os.NewComputeV2 * Revisit the OWNERS file for kubeadm * fix dynamic client name * Move uncordon to after the node is ready * generated * Add GET PATCH support for crd status * Add InstallPathHandler which allows for more then one path to be associated with health checking. * Add support for GCP charm * Fix kubectl auth can-i exit errcode * Revert "authz: nodes should not be able to delete themselves" * move old dynamic client to deprecated-client * add subresource support for the dynamic client * update describer to use dynamic client * fix typo * Add comments for ipset entries in kube-proxy * [fluentd-gcp addon] Pass region in seperate field * fix typo: peirodically->periodically * Update generated bazel * Use simple cache instead of LRU * sample-apiserver admission wait for informer sync before serving * Reuse existing CA cert path for kubelet certs * kubeadm - add preflight warning when using systemd-resolved * Update comments and UT to remove /66 restriction * Add Patch method to GA Backend Services * Add 'system-cluster-critical" to kubeadm control plane pods. * remove legacyscheme dep from printFlags * Add cluster autoscaler tests for pods requiring GPU * Add framework.GetReadyNodesIncludingTaintedOrDie * Add way to request GPUs in tests via RCConfig * move resource builder to generic options * cleanup TODO comments from PrintFlags wiring * Basic E2E tests for kubeadm * fix message output for import verifier * remove kube/kube deps from resourcebuilder * Adds kubeadm images command * Bump down to cos-stable-65 in config-test * wrap restclientgetter with match version option * construct resource.Builder from kubeconfig flags * update generated files * Promote CustomResourcesSubresources to beta * Make node restriction admission pod lookups use an informer * Make discovery refresh period less aggressive * use subtest for table units * Remove 20x factor in garbage-collector qps * 6capiextensions: handle CRD conflict errs in integration tests * Cleanup DaemonSet after each integration test. * remove unused variables on pkg/controller/serviceaccount/serviceaccounts_controller_test.go pkg/controller/endpoint/endpoints_controller_test.go * kubeadm-init: add details about --token * Use absolute path for KUBECTL default in local up cluster * Make aggregator e2e test resilient to unrelated API group changes * kubeadm: add test coverage to completion.go * kubeadm: add GetSupportedShells() to completion.go * category expansion can only come from the server * move category expansion types to restmapper package * Uncordon the node after upgrade * Remove ExtraArgs kubeadm preflight check * Improve coredns upgrade path * Rename Add/Delete to *Reference * Improve where we load builds from for kubeadm upgrade jobs * Refactor cachingSecretManager * push ToRESTMapper down a layer * don't block e2e namespace cleanup checks on metrics.k8s.io API group * e2e: add a tooling argument to differentiate tooling * Fix typo in envelope transform error message * clean unused code in restmapper_test.go * Run FSGroup tests by default. * apiextensions: allow "required" at root with status subresource * Fix issue #63183 that pods on different nodes mount Ceph RBD PVC stuck on ContainerCreating. * Fix iSCSI and RBD UnmountDevice with mount containers. * add SetMaxResource for Resource * Fix unit tests for new interfaces * Do not check vmSetName when getting node IP * Run resource discovery in parallel * fix a small mistake in function getFieldMeta * Add test about host path type * add IsLikelyNotMountPoint test on Windows * generated * Bump kube-openapi dependency * Fix cgroup names in node_container_manager_test. * eviction test ensures failed pods are evicted * explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap * simplify api registration * generated * Build image size map upon node info updates * Push fat manifest for multi-arch images * should return error when has no RequestInfo * use IOStreams for cli commands * generated * move client based restmappers to client-go * stop pretending that we have statically known shortcuts * adding support for VM name with extra Separator String * [CustomResourceSubresources] fix status subresource * cleaning up load balancer resources * Bump Heapster to v1.5.3 * Refactor hard code in rest_test.go * fix IsLikelyNotMountPoint func on Windows * Deprecate in-tree OpenStack cloud provider * [e2e ingress-gce] Change ingress-upgrade test to not check for number of instances * add memcg notifications for allocatable cgroup * workspace mirror: add trailing newline to urls list * run buildifier on build/workspace_mirror.bzl * rm GetStandardPrinter * remove printer helpers * Close all kubelet->API connections on heartbeat failure * Always track kubelet -> API connections * Apply pod name and namespace labels for pod cgroup for cadvisor metrics * Improve test coverage of Kubelet file utils * Enable GCE/GKE e2e tests for GlusterFS Dynamic Provisioner. * default the ignorenotfound for delete when selecting objects * vsphere: update bazel * vsphere: fallback to vcsim for testing authentication * Rename VSphereConnection.GoVmomiClient -> Client * vsphere: use vim25.Client directly to support token authentication * Add support for arm64 to the registry action of the kuberntes-worker juju charm. * update garbage collection to use the new dynamic client * when get CRD resources with --server-print=true the output looks like: * remove redudant runtime.GOMAXPROCS * Cleanup Pods in TestNominatedNodeCleanUp. * fix ipvs fw * Check nodeInfo before ecache * fix annotation of APIGroupInfo * Don't panic is admission options is nil * remove repeated code * Use IP_ALIAS_SIZE to calculate and update IP_ALIAS_SIZE. Error added when ip-alias is not enabled when IP_ALIAS_SIZE is not empty. * wire config flags through factory * Add conversion to properly parse query parameter propagationPolicy * begin building a config flags struct * Add MAX_PODS_PER_NODE env allowing kubelet to be max-pods aware. * cleanup eviction events * Add host path type in kubeadm config * udpate some examples to use external types * simplify resource builder usage * change deprecated Kubelet --allow-privileged flag default to true * Update autogenerated files. * Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type. * compute configmap/secret key correctly cross-platform * slim down printer interface * Fix bash completion with --all-namespaces * Switch kubectl resource completion to discovery * Fix typo in volume_stats.go * use new dynamic client * Fix CSI volume detach when the volume is already detached. * fixed golint error on redundant if * fix fake clients and unit tests * use new azure clients * cleanup unnecessary channels in azure clients * Allow api-resources to return cached data * Make ServerPreferred[Namespaced]Resources logic and caches consistent * Collect logs for health monitor services. * Install and use crictl in gce kube-up.sh * Update to go1.10.2 * Update to latest Gophercloud * Pass certificate URLs instead of the certificate structs * Revert "scheduler: align with ctrl-managers and apiservers, add https+auth in options" * Allow fetching bootstrap-kubeconfig from VM metadata * Fix e2e "When checkpoint file is corrupted should complete pod sandbox clean up" * [Device-Plugin]: Extend e2e test to cover node allocatables * don't block creation on lack of delete powers * dep: run godep save again * use TempDir func in mount_windows_test.go * stop using Info.Mappings when they may not be present * remove unnessary kubectl conversions * PR #62903 changed error string GetMountRefs() returned, which broke test `should fail due to non-existent path`. Remove error string check to fix test. * Use default seccomp profile for addons * Make openapi spec generation wait for the apiserver on shutdown * Let the kubernetes service reconciler timeout on shutdown * Update error assertation * apiserver: change default reconciler to LeaseEndpoint * run ./hack/update-bazel.sh * modify outdate link * Revert "apiserver: change default reconciler to LeaseEndpoint" * juju: Make kubernetes-master status handling more robust * don't reuse resource builder in describe * ensure diff output includes the portion that differs * Maintain index of high-cardinality edges in node authorizer graph * clean up vertex/edge deletion * Decorator for Create should be called on out, not obj * Update CHANGELOG-1.11.md for v1.11.0-alpha.2. * Add metric for throttled requests in AWS * add some comment message * iptables: add timeout when checking rules * dep: upgrade k8s.io/utils * Use the logging agent's node name as the metadata agent URL. * Add necessary explanation for container log rotation. * add UT test to PolicyRuleBuilder in file ./pkg/apis/rbac/helpers_test.go * 1.fix kubectl get * --all-namespaces namespace miss error 2.also add a test case modified: pkg/kubectl/cmd/get/get.go modified: hack/make-rules/test-cmd-util.sh * not expose object detail when creating TokenRequest * Add more volume types in e2e and fix part of them. * Bump kube-openapi dependency * Implements distributed OIDC claims. * WIP: Correct kill logic for cgroup processes * Ratchet to bazel 0.13.0+ * update restmapping to indicate fully qualified resource * adds support for arm64 to microbot example of the kubernetes-worker charm * Expand ability of ResourceID * kubelet: volume: do not create event on mount success * gcp: allow non-bootstrap kubeconfig * update tests to be specific about the versions they are testing instead of floating * remove rootscopedkinds from groupmeta * Use a []string for CgroupName, which is a more accurate internal representation * add test for sparse version encoding/decoding * get the resource.Info out of the conversion business * update etcd to skip kinds, not resources so we can use a live mapping * acknowledge that creation of a restmapper can fail and that we cannot have a default * remove incorrect static restmapper * gce: plumb --kubelet-certificate-authority flag to apiserver * kubelet: fix warning message to not print pointer addrs * kubelet: force filterContainerID to empty string when removeAll is true * GCE PD plugin now prevents attaching a regional PD PV with pdName of a regular PD * Fix pkg_rpm rules for bazel 0.13+ * Remove unused code * remove unnecessary encoder * Remove Factory from more Run commands * Remove event recorder TODO * Add set image test for sparse API group resource * Revert "fixtodo:validate events on PVCs in integration volume binding test" * Return attach error to A/D controller. * Add version/group usage and example to kubectl get * apiserver: change default reconciler to LeaseEndpoint * fix commands running crictl * Generated artefacts * Capitalize acronyms in AWS metrics-related code * add fake dynamic client * make dynamic client slightly easier to use * [prometheus addon] Fix missing storage class in alertmanager PVC * clean unused variables * Update bazel * scheduler: add https+authn+authz to options, set to nil for now * scheduler: align plumbing with controller-manager and apiservers * controller-manager: unify address flag description to listen on all interfaces * controller-manager: make InsecureServingOptions/Config re-usable * run make update * Fix fake clients and unit tests * Use new Azure SDK APIs for load balancer and public IP operations * Fix panic for attaching AzureDisk to vmss nodes * Rename func to ensureNodeExistsByProviderID * Supported matchField for NodeAffinity. * move pkg/scheduler/util/testutil.go to pkg/scheduler/testing * remove format operation in WaitForAttach * Add RESTMapper to ControllerContext and make it generic for controllers * fixup! Make scheduler cache generation number monotonic to avoid collision * Make kubelet `ReadLogs` backward compatible. * Hide EquivalenceCache mutex from users. * Rename exported methods on EquivalenceCache. * Simplify logic in podFitsOnNode. * Remove predicateResults map from podFitsOnNode. * Add RunPredicate to EquivalenceCache. * Deprecate repair-malformed-updates flag, move object meta mutation into BeforeCreate * Make scheduler cache generation number monotonic to avoid collision * Use cloudprovider.NotImplemented in AddSSHKeyToAllInstances * Report node DNS info with --node-ip * finish wiring PrintFlags * master count and lease endpoint tests * remove self linker from group info * Add name output and verb filtering to api-resources * replace filepath with path due to pre-formatted volumeName * divide statically known typer from dynamically derive restmapper * Move path management from e2e_node to common test/utils directory * Generated artefacts * Bump QPS on namespace controller * remove unnecessarily flexibiliy to simplify the resource builder * apiserver: document how to run sample-apiserver standalone outside the cluster * stop anonymously including types in resource struct so we can track usage * remove versioning interface * Update CHANGELOG-1.10.md for v1.10.2. * fix curl header * add accept for ipvs * Fix ensure by provider id * Update pvc_protection_controller.go * fix bug in dynamicResourceClient.UpdateStatus should encode * clean duplicate test function * make use of simple dynamic client in test * This bring up a heketi server pod and the server will be running in mock mode, the PVC creation should work, however the volume attachment to a pod and read/write is not part of this test. Due to the same reason the tests are marked as [fast]. * Also update CRI to indicate runtimes should not update empty CIDR * Check CIDR before updating node status * Simplify vmset acquirement logic * Collapse onto request scope convertor * Fix govet error * kubelet: logs: do not wait on following terminated container * Fixes fake client generation for non-namespaced subresources * passthrough readOnly to subpath * Add myself to sig-scheduling maintainers/approvers list. * remove unnecessary else clauses * kubeadm-token: search for existing kubeconfig files * tighten .Info for kubectl to avoid unpredictable conversion * rest mappings cannot logically be object converters * Add other prometheus monitoring components * Enable bypassing online checks in kubeadm upgrade plan * generated * stop duplicating preferred version order * update describe command opts struct * remove hardcoded list of resources * remove KUBE_API_VERSIONS * Correctly override args with APIServerExtraArgs * Add level to remote client glog. * add checks validation MinRequestTimeout of ServerRunOptions * Improve Azure disk operations for vmas and vmss * Remove incomplete uint64 support from JSON unmarshaling * kubectl should not have a direct code dependency on controllers * Add tests for resourceVersion precondition failures on patch * Do not schedule pod to the node under PID pressure. * collapse patch conflict retry onto GuaranteedUpdate * Update vendors for client-go * Use new clients in Azure Disk volume * Use new clients in Azure credential provider * Use new clients in azure cloud provider * Upgrade virtualmachin/disk/storageaccount client to use new SDK * Upgrade Azure Go SDK to v14.6.0 * Revert "Revert "Revert revert of equivalence class hash calculation in scheduler"" * Limit access to core/api/v1 inside of client-go * restclient should not depend on api/core/v1 * client-go should not take a dependency on the v1 api lightly * report outputFormat in PrintFlags err * kubeadm: accept 'Y' and 'y' as reset confirmation * wire printflags through additional cmds * wire PrintFlags through get cmd * move "get" cmd pieces to cmd/get * support simultaneous kubadm --v and --config * Check for old NodeInfo when updating equiv. cache. * Add IsUpTodate() to Cache interface. * Test race condition in equivalence cache. * Add pointer comments * Create a go_bindata bazel macro * Remove pkg/generated/bindata.go from the repo * bazel: generate pkg/generated/bindata.go at build time * Update provisioner to v0.2.1 container * also fix the quick-release * runhack/update-staging-godeps.sh * Refactor the patch handler for readability * Revert "Revert "gce: move etcd dir cleanup to manifests"" * upgrade dep json-iterator/go to fix #62742 * [prometheus addon] Add readme * generated * core v1 API requires autoscaling/v1 to serve the Scale endpoint * update code generator * eliminate indirection from type registration * add easy to use dynamic client * update more commands for iostreams * kubeadm: add test coverage to join.go * kubeadm: use the helper NewValidJoin() in join.go * kubeadm: prompt for confirmation when resetting a master * Generated changes * Revert "gce: move etcd dir cleanup to manifests" * version typo fix * refactor device plugin grpc dial with dialcontext * Hack for testing until test-infra/pull/7846 merges * remove useless alwaysAdmit in apiserver test * Register Prometheus etcdmetrics only for apiserver * Clean up and remove unused deps * add warnings for docker-only flags * mark APIServiceSpec.CABundle optional * Added more UT for invalid case. * -Remove TODO comment of GetNonzeroRequests function * Fix race between stopping old and starting new endpoint * avoid duplicate status in audit events * Tag pkg_rpm rules as manual * Fix discovery default timeout test * Update libcontainer to include PRs with fixes to systemd cgroup driver * Add field selector support to delete, label, annotate * Remove examples directory * Fix hpa-use-rest-clients help text * Set names for OpenStack loadbalancer members and monitors * dockershim/sandbox: clean up pod network even if SetUpPod() failed * Fix qosReserved json tag (lowercase qos, instead of uppercase QOS) * replace request.Context with context.Context * [kubeadm] Fix Etcd Rollback * [kubeadm] Add etcd L7 check on upgrade * [kubeadm] Modify the kubeadm upgrade DAG for the TLS Upgrade * [kubeadm] Update test-case, fix nil-pointer bug, and improve error message * [kubeadm] Implement etcdutils with Cluster.HasTLS() * gce: move etcd dir cleanup to manifests * Support containerized kubelet in CI * replace path with filepath * Prepull etcd before an upgrade * Fix IP_ALIAS_SUBNETWORK env var assignment in GCE setup * Removed e2e test on empty NodeAffinity. * bind externalIP and lb IP * fix a error in serviceaccount validate. This error is a human-writing error. Small as it is, it could cause recreate Object validate through bug. This patch fix it. * clean up unused code fakeRL in requestinfo_test.go * Update CHANGELOG-1.8.md for v1.8.12. * fixtodo:validate events on PVCs in integration volume binding test * renable nodeipam in kube-controller-manager * Bump minimum required go version to 1.10.1 * generated codes. * Added MatchFields to NodeSelectorTerm. * [e2e ingress-gce] Fix race condition for appending services and ingresses * e2e: save raw profiles too * Fix bash command for liveness probes in the metadata agents. * Remove unnecessary typer from create/update handlers * Add unit test for configure-helper. * Fix scheduler Pod informers to receive events when pods are scheduled by other schedulers. * Added test for scheduler informers * remove confusing flexibility for metadata interpretation * Make integration test etcd store unique * Use BootID instead of ExternalID to check for new instance * Bump kube-dns version for kubeadm upgrade * Update upgrade/downgrade images for ingress-gce * remove repeated resourceversion * When bootstrapping a client cert, store it with other client certs * juju: Use k8s.gcr.io url for arm64 ingress image * Timeout on instances.NodeAddresses cloud provider request * Remove METADATA_AGENT_VERSION config option * Whitelist CronJob for kubectl apply --prune * add warnings on using pod-infra-container-image for remote container runtime * avoid dobule RLock() in cpumanager * Support nsenter in non-systemd environments * autogenerated files * make API.ControlPlaneEndpoint accept IP * PR #59323, fix bug and remove one api call, add node util dependency to cloud controller * Fix dockershim e2e * avoid calling Handles twice * fix typo: mutating validating admission should be distinguished * kubelet: fixup QOSReserved json tag * [kubeadm] Implement ReadStaticPodFromDisk * [kubeadm] fix mirror-pod hash race condition * Add unit tests for gce loadbalancer internal. * Fix upgrade to Kubernetes v1.9.3+ * Add a GCS mirror to WORKSPACE URLs. //hack:update-mirror updates it. * Always Start pvc-protection-controller and pv-protection-controller * authz: nodes should not be able to delete themselves * provide standard iostream struct for commands * kubelet: fix flake in TestUpdateExistingNodeStatusTimeout * loopback webhook integration test * Honor existing CA bundle and TLS server name in webhook client * ensure tls server name is used in transport * distinguish custom dialers in transport cache * Ensure service routing resolves kubernetes.default.svc correctly * Filter unavailable commands in help * Deprecate kubectl rolling-update * Set a default request timeout for discovery client * Manage Metadata Agent Config with Addon Manager * Change Capacity log verbosity in node status update * remove uneeded discovery flexibility * -Fix the name could cause a conflict if an object with the same name is created in a different namespace * Add node authorizer contention benchmark * Check all backends for vmss and standard instances * e2e test forwarding externalname dns lookup to upstream nameservers. * aggregate objs before printing in apply cmd * Only count mounts that are from other pods * Fix ILB issue updating load balancers * fix formatting for memcg threshold * make describers more generic from the CLI * Add CHANGELOG-1.11.md for v1.11.0-alpha.1. * Add support to resize Portworx volume * build/rpms: fix kubeadm rpm * final record flag cleanup * Change docker/default to runtime/default * gcp: add env var to configure enabled controllers in controller-manager * simplify the client cache * wire print flags through apply cmd * Exclude keys containing empty patches in the final patch * Update CHANGELOG-1.9.md for v1.9.7. * unpack dynamic kubelet config payloads to files * Bring StorageObjectInUseProtection feature to GA * Export RBAC validation functions * reset resultRun to 0 on pod restart * Remove InfluxDB from default cluster monitoring * [Prometheus addon] Use StatefulSet * Update github.com/stretchr/testify to v1.2.1 * kubectl stops rendering List as suffix kind name for CRD resources * use recordFlags * remove flags deprecated in 1.5 * Update all script to use /usr/bin/env bash in shebang * read openstack auth config from client config * fix ipvs delay on sync rules * Add support of zero nodes in vmss * [prometheus addon] Use secure kubelet port * Add standard LB support to Azure vmss * Move vmset checking back to vmsets * Make pod status to "Running" if there is at least one container still reporting as "Running" status * fix csi data race in csi_attacher_test.go * Use shorter timeout if possible. * check error when parse field failed * regenerate fakes * generate code that passes go vet * Update upgrade message Fixes: https://github.com/kubernetes/kubeadm/issues/672 * Remove request context mapper * Add awly as reviewer in several subtrees * CSI test refactor to be more easily extensible for more plugins when there are more tests * use record flags * fix up record flags * apiserver: move patch tests to their own file * Add integration test for disable preemption * autogenerated * rename ExternaID to something that is obviously deprecated * boring * remove last usage of external ID * wire pritnflags through run cmd * kubeadm: Mount additional paths inside apiserver/controller-manager for working CA root * Add volumenameprefix tests for glusterfs dynamic provisioner. * we should use Infof when we are using format string * Add k8s.io/apiserver/CONTRIBUTING.md * [prometheus addon] Add OWNERS file * ensure we delete orphaned routes with matching next-hops only * fix error message of TokenRequest * This patch add a new parameter called `snapfactor` to glusterfs storageclass. This is an optional parameter and value should fall into the range of 1-100. When set the thin pool calculation respect this snapfactor and create a thinpool accordingly. * add metrics to cinder * self sign certs when ServerTLSBootstrap is disabled * clean up *.properties files * Report events to apiserver in local volume plugin. * Auto generated BUILD files. * Refactor kubeadm api validation. * Lower UsageNanoCores boundary in summary api test. * Fix extra-log flag for node e2e. * Bump GLBC manifest to v1.1.1 * add @andrewsykim to OWNERS for cmd/cloud-controller-manager,pkg/controller/cloud,pkg/cloudprovider * encapsulate IP counter in X, parallelize lb tests * generated changes * Add default generation tags * Add contribex to github template owners * Fix kubectl describe cronjob * Fix NPD preload. * Update kazel to include openapi tag detection fix * Update generated bazel * Add write-config-to to scheduler * Link to vulnerabilitiy disclosure process from the issue template * Remove unneeded deps from vendor * Log webhook request error * bzl: build --config unit should build with race enabled * Use a dynamic RESTMapper for admission plugins * Adding kube dns to kubemark * fix route deletion * Update addon manifests to use policy/v1beta1 and grant permissions in policy API group. * Generated files * sample-apiserver: add v1beta1 with advanced conversion example from v1alpha1 * wording * Not validating front proxy CA Key when using External CA. * Fix anti-affinity issue that caused a pod to be considered a match if any of the terms matched (as opposed to all terms matched) * add CaoShuFeng as a reviewer of kube-apiserver * fix "kubectl create --raw" * remove PodPreset and enable scheduling.k8s.io/v1alpha1 for Priority * Use filepath.Clean() instead of path.Clean() * add generate file * update comments for local volume * allow user to scale default backends * Addressed reviewer comments * begin adding record flags struct * add delete flags * update delete, replace, run cmds * Fix kubelet flags. * Add binding error message for volumeMode:Block unsupported case * Increase max requests inflight limits in gce for very large clusters * Instrument transformer.go with latency metrics. * kubelet: move QOSReserved from experimental to alpha feature gate * Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver. * remove parallel * kubelet: add configuration to optionally enable server tls bootstrap * Move podsecuritypolicy registry to policy package. * Set kubemark default verbosity to 4 * Show deprecated kube-apiserver flags * Capture API call logs from kubemark apiserver * Autocalculate ALLOWED_NOTREADY_NODES based on NUM_NODES * Add ConnectionReset, InternalError, etc also as retryable API errors * Support groups (organizations) to be specified in client cert. * Fix garbled code in kubeadm output * add andyzhangx as Reviewer * fix devicePath update issue in Azure WaitForAttach func * Fix machineID getting for vmss nodes when using instance metadata * Make 'pod' package to use unified checkpointManager * Node-level Checkpointing manager * Fix use visible files creation for windows * Allow a test suite reusing framework to register namespaces to delete * Clean unused error type variable The function which invoked this variable was removed by https://github.com/kubernetes/kubernetes/pull/58725/ * Fix an issue in inter-pod affinity predicate that cause affinity to self being processed incorrectly * fix some bugs inside csi unit test TestAttacherMountDevice * Add test to ensure anti-affinity matches against all terms * kubeadm preflight: check socket path if defined otherwise check docker * Make x-kubernetes-print-column print handling opt-in * 1.10 CHANGELOG: Fix supported etcd version comparison with K8s v1.9 * Prevent virtual infinite loop in volume controller * Fix docker run flags and kubelet flags for containized kubelet: * Removed no-empty validation of nodeSelectorTerm.matchExpressions. * unhide deprecated Kubelet flags * update godeps to use latest pflag * Enforce not using newer kubeadm to upgrade older kubeadm * Adds migrations to the kubeadm upgrade phase config * update-bazel * Add comments, t.Parallel() * have fakeLoadbalancerService take lb type as argument * tests for EnsureLoadBalancer, EnsureLoadBalancerDeleted * refactor - create new apiService per test. encapsulate resource create/delete checks. * Add GCE-PD CSI Driver test to E2E test suite * Remove podpreset in local up cluster * Add ability to specify port for kubeadm `API.ControlPlaneEndpoint` * provision Kubelet config file for GCE * sarapprover: remove self node cert * Fix volume node affinity to OR node selector terms * root OWNERS: escape backslashes * Run hack/update-all.sh * Add --ipvs-exclude-cidrs flag to kube-proxy. * Update webhook client config docs regarding service ports * kubeadm: Make kube-proxy tolerate all taints * begin wiring printopts through complete commands * Fixing FULL_REGISTRY assignment * CSI - Apply fsGroup volume ownership when pv not readOnly * Volunteer for local-up-cluster related files * Include API calls in apiserver logs for tests * Test e2e prometheus addon * Add prometheus addon * Disable pod preemption by config * auto generated file * Fix ingress util handling of TLS * split up the component config into smaller config * split KubeControllerManagerConfiguration into fewer options struct * Node E2E: Remove the simple mount test * Addressed reviewer comments * Fix bug for headless services without ports * Fix failed e2e tests for dns configmap. * Move all create subcommands to its own subdirectory * use standard interface functions for printers * Use OWNERS filters to give approval to ixdy for Bazel build changes * Add msau42 to approvers for volume scheduling * cleanup resources created by run --rm * Update CHANGELOG-1.10.md for v1.10.1. * Remove clusterName flag, just use config file * enable token auth for kubelets in GCE * Fix duplicate comment in iptables rule for non-local public-port rule * Remove unnecessary code in ingress upgrade logic * Bump image in ingress downgrade test * avoid race condition in device manager and plugin startup/shutdown * local-up-cluster: fix kube-proxy featureGates configuration * local-up-cluster: warn about failing processes * local-up-cluster: avoid "No such process" messages when cleaning up * make mikedanese owner of CertRotation features * Update e2e test with private mount propagation * Fix PodStore to wait for being initialized * fix nsenter GetFileType issue * Fix parsing timestamp in test * Fix wrong usage of kubelet options * Add private mount propagation to API. * allow higher burst * Cluster Autoscaler 1.2.1 * fix nodeport FORWARD chain * fix kubeadm-731 * fixes failing job back off test * Ensure expected load balancer is selected for Azure * Improve performance of affinity/anti-affinity predicate * Bump etcd default server version to 3.2.18 * Moved sync pod on Node logic to func. * Add approver for pkg/controller/endpoint * Explicitly set etcd --snapshot-count to 10000 to match etcd 3.2 default * kazel: skip third_party/etcd.* * Increase CPU limit to 1000 millicores to support 100kb/s throughput. * Bump GLBC version and remove Unreleased tag from tests * godeps: remove github.com/kr/pty after #62360 * update bindata after #61817 * Refactor subpath reconstruction tests to use util test * Fix flaky crd e2e tests * Revert "Bugfix for erroneous upgrade needed messaging in kubernetes worker charm." * Remove hostNetwork and hostPID from nvidia-gpu-device-plugin manifest. * Add e2e test for forwarding PTR records to upstream nameserver. * optional field removed in test * kuberuntime: logs: reduce logging level on waitLogs msg * Set slave mount propagation for local provisioner * add keys to unkeyed literals * Remove the default clustername, and make it optional in api * Add --cluster-name to kubeadm * Update generated files. * PSP: move internal types from extensions to policy. * Update bazel BUILD files * Move the kubelet network package down to dockershim * Move hairpin mode logic to dockershim * Remove outdated network plugin code * autoscaler support for CoreDNS * hack/test-update-storage-objects.sh: don't build a binary that the script doesn't use. * kubeadm: surface external etcd preflight validation errors * Fix subnet cleanup logic when using IP-aliases with custom subnets * Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" * fix custom resource definition validation * Disable some newly added loadbalancer tests for large clusters * Updated Readme for Azure (OIDC) auth provider * add myself to apiserver owners * Generate bindata through make * Reorder makefile sections * Don't support `go build` any more. * Remove 'teststale' * Simplify static build, rely on go's cache * Set GOCACHE (1.10) as a subdir of GOPATH * kubelet: remove unused code * Generated build files * Add support for AWS charm * Add basic generator for apps/v1 deployment * pkg/kubeapiserver/options: update Bazel files * oidc authentication: Required claims support * gce: enable all apis when AllAlpha=true * export unstructured helper function nestedFieldNoCopy and add unit tests * Implemented truncating audit backend * Enable CloudKMS Plugin deployment. * Reimplement migrate-if-needed.sh in go * A test we always skip should not be a conformance test * CustomResources: in OpenAPI spec allow additionalProperties without properties * add statefulset scaling permission to admins, editors, and viewers * add UT test for rollout_pause.go file modified: pkg/kubectl/cmd/rollout/BUILD new file: pkg/kubectl/cmd/rollout/rollout_pause_test.go modified: build/visible_to/BUILD * Move check and import * local-up-cluster.sh: support preserving etcd optionally * Auto generated BUILD files. * Remove the use of storage class beta annotations in e2e tests. * should use time.Since instead of time.Now().Sub * add tests for GetFileType * fix incompatible file type checking on Windows * clean unused function modified: pkg/controller/volume/persistentvolume/scheduler_binder_test.go * Remove isNotDir error check * Create StorageClass for each volume binding test case * Fix umask to actually intended behavior. * Added CSI External Components ClusterRole to bootstrapped roles and removed creation from failing e2e test * Update ingress.go * Patch ingress upgrade test logic to take note of SNI support in next release. * Fixes kubeadm upgrade plan output * Addresses review comments * Updating kubemci remove-clusters e2e test to check for error in output string * Adding a release note in 1.10.0 for kubemci failure * Add ingress e2e test for multiple TLS (SNI) support * add myself for sig-cli related stuff as reviewer * remove deprecated ObjectMeta ListOptions DeleteOptions * Add note on upgrading cluster by kubeadm. * update network policy describe * Fix resize test for Regional Clusters * Fix restart nodes tests for Regional Clusters * Fix dns autoscaling test for Regional Clusters * not return 500 status code for insufficient quota * Re-generate clientsets * Let the caller handle the error * Fix some shadow declaration in cmd package * Extract validateNodeIP test to node status test file. * Remove the workaround of heapster panic * Added test to check object size * Create container name after dropped ":" and "@" both separately * fix wrong error type when formatting * fix grammar mistake * remove default fsypte in azure disk * add one placeholder for err in scheduelr.go * fix comments * update build and s/where/which * add ut * remove unnecessary TODO in test/e2e/network/service.go * spec.SchedulerName should be spec.schedulerName in kube-scheduler help * Handle partial group and resource responses consistently * fix graph test sorting * Add wildcard toleration to nvidia-gpu-device-plugin. * Add documentation around SOURCE_DATE_EPOCH * Fully resolve tmpdir in verify scripts, since it might be a symlink on macOS * Update memory required to build kubernetes on osx to 4.5G * Fix create job usage * Get namespace and selectors for attach and logs in a common function * use memory.force_empty before and after eviction tests * update PrintFlags#Complete to receive string template * add unreleased tag to http2 test * Remove rkt references in the codebase * Make priority rest mapper handle partial discovery results * Pass 2: k8s GCR vanity URL * wire printflags through set cmds * Remove need for server connections for dry-run create * remove IsAbs validation on local volume * Correct the returned message * Add support to ingest log entries to Stackdriver against new "k8s_container" and "k8s_node" resources. * Fix getting logs from daemonset * Fix IP-alias subnet creation logic * Make the test TestCRIListPodStats pass for Darwin and Windows * apiserver: cancel context on timeout in WithTimeoutForNonLongRunningRequests * Update bazel * kubectl: add JSON fallback codec to cope with more strict stock versioning codec * apimachinery duct tape: handle empty unstructured GV in versioning codec gracefully * apimachinery duct tape: in versioning codec avoid conversion roundtrip for same GVK * apimachinery: normal conversion code path for Unstructured in ConvertToVersion * Update generated files * admission/webhook: fix panic from empty response in mutating webhooks * admission/webhook: refactor to webhook = generic-webhook + source + dispatcher * Fix resize nodes tests for Regional Clusters * Capture kernel logs in example fluentd.conf * Use pause manifest image * accelerators: remove Accelerators from feature gates * Don't require release tars on kube-down * Use provided node object in volume binding predicate * Run hack/update-codegen.sh * code-gen: allow specifying custom resync periods for certain informer types and switch to functional option pattern for SharedInformerFactory * Update OWNERS labels for cluster-lifecycle and scheduling * begin wiring printflags through set cmds * move http2 test into ingress context. use helper method * Add http2 <-> https conversion test * use echoserver 1.10 * Change 'Mac OS X' to 'macOS' in build/README.md * Update CHANGELOG-1.8.md for v1.8.11. * Updating kubemci remove-clusters e2e test to use --force to remove from all clusters * When using custom network with IP-alias, use the former's subnet for the latter too * segregate job scaling from everything else * Update the stackdriver agents yaml to include a deployment for cluster level resources * fix typo that redefines variable and breaks code * fluentd-elasticsearc addon: allow graceful shutdown in fluentd-es image. * apiserver: enforce shared RequestContextMapper in delegation chain * Fix disruptive tests for GKE regional clusters * Fix kubectl bindata * Put nil back into switch * Wait longer in pod cleanup * Fix a bug in Deployment controller when comparing templates * fix generated bindata * Add test to verify preempt ignore * Moving test images under volumes-tester/ceph and volumes-tester/nfs * Fix daemon-set-controller bootstrap RBAC policy * juju: Set apiserver advertise-address to kube-control ingress address * Fixes restartKubelet in test/e2e_node failure. Looks like there is some recent change on how we start kubelet service in test_e2e_node. Fixes restartKubelet() to get right kubelet service name to cope with the change. * Fixing ip address leak in kubemci e2e tests by always cleaning up cloud resources * Adding a kubemci e2e test to verify that single and multicluster ingresses can exist together * Migrating test images to gcr.io/kubernetes-e2e-test-images * support merging multiple SMP into one patch * Update COS version in Kubernetes GCE default and test * Remove crassirostris from owners and reviewers * Fix when privileged is set. * Retry node pool deletion in autoscaling tests. * Configure the default channel to 1.10/stable * Update CHANGELOG-1.7.md for v1.7.16. * Remove GPU label during upgrade if needed * Support typed nils; test empty Unstructured is not mutated * removes job scaler * Add subnet-id annotation for openstack cloud provider * Remove check for items * Make UnstructuredContent return contents without mutating the source * remove unused function getEncodedPod in etcd_helper_test.go * check for commands in kubelet command line * fix typo * use common clientretry.RetryOnConflict * run update bazel * add test case for request context mapper * optimize requestcontext: use RWMutex and atomic.Value * deduplicate server startup code in tls integration test * make kube-apiserver ServerRunOptions setdefault and Validate before use * fixtodo:generate an event for a missed starting window * Adding a test for kubemci remove-clusters * Make FAIL_SWAP_ON warning message clear * Fixes incorrect atomic usage * Added downgrade notice * Cleanup CRD/CR confusion in webhook e2e tests * Adding an e2e test for verifying https-only annotation with kubemci * Update image for ingress downgrade test * Detach bug fix * Update GLBC manifest to v1.0.1 * Narrow interface consumed by scale client * oidc authentication: email_verified claim is not required for JWT validation * wire through humanreadable flags * Add support for arm64 to juju charms. * Don't quit without printing API latencies in density test if it failed * Introduce multimaster clusters support to e2e framework for GKE * add e2e case for crd webhook * apiserver's webhook admission use its own scheme * Ensure /etc/hosts has a header always - Fix conformance test * kubeadm: Introduce controllable timeout on join * Setup default cni dir correctly * add TestGeneration in customresource/etcd_test.go * check error when create failed and fix the conditional judgment * Add support for multiple certificates to targetproxy * Delete in-tree support for NVIDIA GPUs. * remove pvc node affinity update check since beta NodeAffinity is immutable * Fix go vet errors * Update gofmt for go1.10 * *: godep generated code * Update godep in vendor * Work on master and worker to accomodate the new kind of gpu support * Getting error from GetFirewallRule and checking it to fix multicluster ingress test * Update tests. * Update code for new SDK. * Support custom test configurations * Rev the Azure Go SDK. * Cleanup the use of ExternalID as it is deprecated * remove kube-apiserver option that is always force to true * Seperate timer durations for expectEvent and expectNoEvent * Add e2e test for CRD Watch * CRI: update documentation for container logpath * fix local volume issue on windows * default use kube-system namespace as policyConfigmapNamespace * fix localport open - ipvs part changes * fix localport open - iptables part changes * remove rktnetes related code * add unit test for new function AnnotationsNeedUpdate * fixtodo:rsDeepCopy only when sizeNeedsUpdate or annotationsNeedUpdate * Updated README for ipvs. * Use typed events client directly * Restore show-kind function when printing multiple kinds * init annotations if it is nil to fix kubemci e2e test failures * fix flag message about TokenRequest * update bazel * Stop() for Ticker to enable leak-free code * Update bazel * Use initTest for integration to start scheduler * Use feature gate in integration * remove usless arguments of startControllers * Make certificate approve/deny no-op if CSR is already approved * controller/endpoint: explict log msg when syncing error * fix ipvs esipp * Tolerate 406 mime-type errors attempting to load new openapi schema * Fix dockershim CreateContainer error handling. * Build files generated * Include volume count while doing balanced resource allocation * Bump godep version to v80 * Update to use go1.10.1 * Add Ignorable flag to extender * Avoid data races in unit tests * Updating multicluster test to ensure that controller only creates instance groups * Add volume spec to mountedPod in actual state of world * Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised. * Expose kubelet health checks using new prometheus endpoint * Move istio-injection label to default namespace * certs: only append locally discovered addresses when we got none from the cloudprovider * [e2e ingress-gce] Run preshared-cert and backside-reencryption tests with kubemci * Set leader-elect for kube-scheduler to true * Use old resource model in External Metrics API e2e tests * Add kawych to OWNERS of instrumentation e2e tests * some updates * Add support of Azure standard load balancer and public IP * Fix comment in CRI run_as_group. * remove unused code in securitycontext * automatic plugin discovery should trigger plugin init only for the relevant plugin * use handle DeletedFinalStateUnknown objects in function deleteNode * fix patch conflict detection in apiserver * Specify DHCP domain for hostname * In summary_test, make Docker cpu/memory checks optional if unavailable. * In summary_test, create a file outside the test volume too. * Add namespace name into e2e event verify * tools/clientcmd: Remove gopass import * Don't change GOPATH or PATH in a script lib * Remove kube::util::go_install_from_commit * Vendor kazel * Vendor gazelle * [kubeadm] Bump kube-dns to 1.14.9 * Return error in mount_unsupported for unsupported platforms * Update Istio addon to 0.6.0 and mirror images in gcr * Remove ActiveDeadlineSeconds from watch e2e test * Make systemd service name for kubelet use a timestamp in e2e-node tests. * Add e2e test for external metrics with Stackdriver * Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don't generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3. * fix flaky integration tests * Use range in loops; misc fixes * fix pr No. from 517326 to 57326 * Revert "Enable partial success in fluentd-gcp" * Add support for CNI on Windows Server 2016 RTM * set right Content-Type for configz * Ensure ControllerManagerExtraArgs take precedence over generated args * Support overriding the --node-cidr-mask-size arg passed to kube-controller-manager * correct CHANGELOG-1.10.md * Fix spurious whitespace in messages from sh2ju. * Deduplicate identical typecheck errors between platforms. * certs: exclude more nonsensical addresses from SANs * remove AlphaStorageNodeAffinityAnnotation const * Resources prefixed with *kubernetes.io/ should remain unscheduled if they are not exposed on the node. * Adding integration tests for statefulset * Fix 61854, skip for short tests * Fixing ingress controller daemonset on k8s < 1.9 * Add retry to AssertCleanup * Add e2e test for service session affinity. * Add ixdy, luxas, and mikedanese as OWNERS of hyperkube image * add udev to hyperkube and bump versions * Use relative path for creating socket files * Fixing whitespace issue in kubernetes-master * Allow curl --max-time to be configurable * make reapers tolerate 404s on scaling down * fix comment error * fix format and typo of NodeAllocatableCgroups * update bazel and gofmt * use filed NodeAffinity instead of annotation for scheduler * add test for some function * fix chinese syntax * Remove alpha annotation for volume node affinity * LoadBalancerStatus make use of generated deep copy method * Update CHANGELOG-1.10.md * avoid resource leak when both `--rm` and `--expose` are specified * Ensure -o yaml populates kind/apiVersion * kubectl: fix a panic when createGeneratedObject failed * when copy file from host to pod like this: 1.kubectl copy /tmp/test-file test-pod:/ 2.kubectl copy /tmp/test-file test-pod: example 1 will fail, example 2 will cause a panic. This patch fix bugs above. * Display extended resources in node allocated resources * Add CRI container log format support back. * fix cephfs fuse mount bug when use is not admin * Add pod deletion to subpath tests, and subpath as file with container restart * wire through template PrintFlags * remove beta annoucement for out-of-tree cloud provider feature * apiexstension-apiserver: test cr finalization and deletion * Update generated files. * Critical pods shouldn't be restricted to kube-system * Fix incorrect changelog - dynamic kubelet config is not beta * Use curl instead of wget to fetch the CNI tarball in e2e-node test * Remove references to rkt from shell scripts in cluster/ and hack/. * Update Godeps after removing rkt. * Remove rktnetes code * Split out the hostname when default dhcp_domain is used in nova.conf * node authorizer sets up access rules for dynamic config * Deprecate PSP-related types in extensions/v1beta1 in favor of policy/v1beta1. * Update bazel rules * pkg/util/pointer: Update `int` pointer functions * autogenerate files * fix RC to RS * Enable partial success in fluentd-gcp * Include original error in the error message. * pv controller clean code * check error when json.Unmarshal failed * fix changelog * Support multi-container pod for "kubectl logs" * add lb source test * ipvs loadbalance * delete some unused code * Marks 1.10 as the current release * Only check hash labels of non-adopted resources in integration tests * Stop checking hash labels of adopted resources in e2e tests * Remove unused Deployment util functions * Add in human curated release notes for 1.10 * Update CHANGELOG-1.10.md for v1.10.0. * Deployment to stop adding pod-template-hash labels/selector on adoption * Add support for setting a custom rate limiter in gce cloud provider * Skip volume unit tests that don't work on osx. * Unit tests for external load balancer. * removes custom scalers from kubectl * Update event-exporter image * Pod deletion can be contended, causing test failure * Increase service endpoint test timeout * Double container probe timeout * wire through custom-column print flags * wire through name/success print flags * Increase cpu/mem thresholds for c-m in density test * Revert "Increase fluentd rolling-upgrade maxUnavailable to large value" * validate authorization flags in BuiltInAuthorizationOptions.Validate * use status.Errorf instead of Deprecated func grpc.Errorf * Turn server-print on by default in kubectl * fix hostport checking for initContainers since they run in sequential order * clean up output-version * remove deprecated -a * Use inclien func to ensure unlock is executed * Implement verbosity feature for kubeadm init * Patch for #61632, add `/etc/sysconfig/kublet` and supporting wiring. * Added e2e test for local-volume provisioner that does not create PV for discovered non-bind-mounted filesystem. * Support completion for kubectl apply view/edit-last-applied * Add a sceneo UT test to TestMustRunAsOptions * Revert "Revert revert of equivalence class hash calculation in scheduler" * Adds e2e test for the VMware vpxd restart scenario * run hack/godep-restore.sh && hack/godep-save.sh * Update to gazelle 0.10.1 * Remove all upstream BUILD, BUILD.bazel, and WORKSPACE files from vendor/ * Fix #61363, Bounded retries for cloud allocator. * remove knownAlphaFeatures, only store input features. * Removing the always pull policy on this image. * update-godep-licenses.sh: various fixes and cleanups. * verify-cli-conventions.sh: use $(..) instead of `..`. * verify-godeps: change redirection order. * cluster/gce: fix checks for empty strings. * cluster/gce: fix shell return value comparison. * pkg/util/verify-util-pkg.sh: fix shell return value comparison. * Updated e2e lv-provisioner image to v2.1.0 * Add conflict detection feature to apply strategy * include node internal ip as additional information for kubectl * Clarify runtime behavior for symlinked and non-exist hostPath * escape literal percent sign when formatting * add kubectl config view --raw example help user use * Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure * Use RaceFreeFakeWatcher in ObjectTracker * Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS * Use O_PATH to avoid errors on Openat * Enable AESGCM encryption of secrets in etcd by default. * Cluster Autoscaler 1.2.0 * test: Disable ui dashboard test for gke * Performance tests and fix for IPAM controller. * e2e:Enable CSI tests * Update GCP fluentd configmap for GKE node journal logging * Remove validation of Alpha Feature Gates * meta/v1: check error from json.Unmarshal() * Do not consider pods being deleted in the same namespace for spreading purposes for service anti-affinity priority similar to selectorspread priority. * Fix minor error in the 1.10 release note. * wire through json/yaml print flags * update metrics to true like it is for kube-apiserver * Add @x13n to fluentd-gcp OWNERS * Replace "golang.org/x/net/context" with "context" * Increase fluentd rolling-upgrade maxUnavailable to large value * Fix ha_master test: ignore stderr from 'gcloud' (warnings etc) * Fix master replication util for gce clusters - populate cluster-location.txt * Remove max-pods param from config-test.sh * Add verification of supported service tags * move the const to the place it should be * cluster/update-storage-objects.sh: Fix to ignore deleted objects * Revert "add rolling update daemonset existing pod adoption integration test" * Fix `PodScheduled` bug for static pod. * Use inner volume name instead of outer volume name for subpath directory * Bump image for ingress downgrade test * Remove wildcard matching of no-op test webhooks * Increase API watch test timeout to avoid flakes. * Fix help text for cpu manager * Adding rramkumar1 and MrHohn as reviewer & approver to pkg/test * Support --dry-run in kubectl patch command. * Fix condition for using network unavailable taint in cloud_cidr_allocator * Fixing kubemci conformance test * Make advanced audit output version configurable. * Update CHANGELOG-1.9.md for v1.9.6. * Update staging godeps * Get rid of duplicate VerifyPodStartupLatency util in node density tests * Capture different parts of pod-startup latency as metrics * Use a random unused port for these e2e tests. Do not use port 80 to avoid conflict with other important pods that might be listening on 0.0.0.0:80. * add --from-file flag to docker-registry secret * Add a configuration step to make the test work on GKE * Clearing out the client-ca-file option in case it exists on the snap from long ago. * Autogenerated changes. * PSP: godoc fixes and improvements. * Use consistent bash variable syntax * Add support of specifying service tags for Azure cloud provider * Bump cfssl to be compatible with Go 1.10 * `--force` only takes effect when `--grace-period=0` * remove invalid resource replicationControllers * add myself for sig-cli reviewer * Print object should be updated which may cause potential bug. This patch fix this. modified: pkg/kubectl/cmd/create_clusterrole.go modified: pkg/kubectl/cmd/create_role.go * fix a error in return value modified: pkg/registry/rbac/validation/rule.go * etcd client add dial timeout * switch to scale subresource when describe hpa replicas * remove kube-apiserver unused storage-version flag * this patch do tow things: 1.add dry-run flag for create job subcommand 2.add cmd-util test for create job subcommand modified: pkg/kubectl/cmd/create_job.go modified: hack/make-rules/test-cmd-util.sh * Add UT Test to TestAttacherUnmountDevice * --show-all is inert in v1.11 * Change pods memory boundary. * Fix comments and some small fixes * Grammar and spelling update * Changing admission controller settings to match https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use * Add COPYING file name as valid license file * hack/update-bazel.sh * ReplicaSet: Use apps/v1 RS in integration test. * ReplicaSet: Use apps/v1 RS in e2e test. * Add e2e test for Custom Metrics API with new Stackdriver resource model and External Metrics API. * disable DaemonSet scheduling feature for 1.10 * Generated changes * RoundTrip tests in the k8s/api repository * remove unused code * check etcd servers by a random order * Make `test-cmd` work with OS-X tooling * the err has checked in TearDownAt func/kind bug * Use function aws.Int64Value replace of deprecated function orZero * catch err when Watch testResource failed in func TestWatchCallNonNamespace * remove unused rls-ca-file flag * fix isnotfound * return error if get NodeStageSecret and NodePublishSecret failed * fix failed verify misspell err * Fix broken link * fix sorting taints in case the sorting keys are equal * Update CHANGELOG-1.10.md for v1.10.0-rc.1. * prevent conformance test failure in DIND scenario * Check apps/v1 StatefulSet available before starting its controller * ReplicaSet: Use apps/v1 RS in kube-controller-manager. * ReplicationController: Use apps/v1 ReplicaSet in conversion layer. * ReplicaSet: Use apps/v1 for RS controller. * remove todo suggesting to add the cronjob start time * remove todo to consider adding the cronjob name as a label * Fix job's backoff limit for restart policy OnFailure * Update Cluster Autoscaler version to 1.2.0-beta1 * Remove 'system' prefix from Metadata Agent rbac configuration * Stabilize openstack_test when running against real cloud * vendor: Update github.com/evanphx/json-patch * Add test for FailedGetExternalMetric * bump spf13/cobra(c439c4): Terminate the stripping of flags when -- is found * apiserver: add warning about not trusting authz of aggregator * Bump Heapster to v1.5.2 * add e2e test * Log rbac info into advanced audit event * add unit test for PVC conditions describer * fix kubectl apply error message * Suppress error message from grep by removing in the end as it is wrongly interpreted as a file. * cluster/gce/list-resources.sh: also list stackdriver logging sinks * provide easy methods for direct kubeconfig loading from bytes * Refactor disruptive tests to use more volume types * Add myself for sig-cli related stuff as approver * Use charm env in actions to get have charmhelpers available * Fix the 404 error * respect fstype in Windows for azure disk * update-translations.sh: use kube::util::ensure-temp-dir instead of static path. * build-ui.sh: use kube::util::ensure-temp-dir instead of static path. * remove outdated comments * fix sorting tolerations in case the keys are equal * remove DNS service from kubectl comformance test * add unit test for func parsePorts and validate * Instrument transformer.go with latency metrics. * Support new NODE_OS_DISTRIBUTION 'custom' on GCE * remove unused code authenticator/password/allow * fix a small error in description modified: pkg/kubectl/cmd/create_job.go * Add volumemetrics for ISCSI Plugin. * remove unnecessary TODOs in meta.go * Remove deprecated paramter "authorization-rbac-super-user" * return NodeStageVolume/NodePublishVolume error if operation failed * fix todo:add function getFailContainer to report which containers failed the pod * Document that endpoints is only plural in resource aliases * add rolling update daemonset existing pod adoption integration test * Pod comparer should count pods in scheduling queue * Fix error handling in gc e2e test * Node status be more verbose * Correct spelling * `GetExternalMetricReplicas` ignores unready pods * Add missing binaryData field to the ConfigMap Hash * pkg/printers: Support base64 decode in kubectl go-template * add Get/Set methods, mutex on instanceGroupAttrs. * move shared test cluster vars into method + type * test ensureInternalBackendService, ensureInternalBackendServiceGroups * expect no error when correct resources already exist. DeleteWrongResources -> ClearPreviousResources * test that deleting twice does not throw error * rename to _test.go, update-bazel, comments * Fix Issue #61123, call syncer.Update on add event. * test updateInternalLoadBalancer * hooks for updating healthchecks, firewalls, regional backendservices * test ensureInternalLoadBalancer and ensureInternalLoadBalancerDeleted * add hooks to add, remove, insert instances from instancegroups * isolate logic to be shared with internal lb tests into separate file * Fix strategy name in the error messages. * kubectl get psp: modify header to show PRIV instead of DATA for column with privileged flag. * Add Troubleshooting sections to Heapster and Metrics Server addons documentation * remove the outdated TODO * stop using AlwaysAdmit admission * remove unused func NewNamespacedNameFromString * remove hack/test-cmd.sh: make is the main build tool * pkg/api/unversioned related cleanup * fix little * remove check d >= 0 since go 1.8 is no longer supported on master branch * remove unused pkg unversioned * fix bug in apiserver.k8s.io install * don't do attach and deatch when volume status is error * remove dead code in kubelet * Simplify authenticator configuration initialization * fix validation for dev gcloud * Grant sig leads feature approval powers * Add e2e test for watch * distinguish which labels belong to resource * Roundtrip test helper for external types * resource-name not present in the URL for list,watch,deletecollection * add UT for validatePSPRunAsUser * build: fix building with spaces in directory names. * Added e2e test for local volume provisioner discovery of new mountpoints while running. * Disabled CheckNodeMemoryPressure and CheckNodeDiskPressure predicates if TaintNodesByCondition enabled. * cronjob_remove_getNextStartTimeAfter * Ensure reasons end up as comments in kubectl edit. * log enabled admission controller in order * Remove invalid comments in unit tests * IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode * `exec` away the shell for node-problem-detector * Add cache comparison for pods and pdbs * Scheduler cache comparer * Use inline func to fix deadlock * Improve PodSecurityPolicy group validate error message on out-of-range group IDs * fix for openstack member cleanup for multiple port cases * [advanced audit]fix comment about throttle burst * add kubectl api-resources command * move enum into function local * include file name in the error when visiting files * update bazel * userspace: move udp echo server to proxier_test.go * fix TODO: test more SetType * Improve debug curl command * add unit test for function FeatureGateSetFromMap and FeatureGateString * remove unused htpasswd * fix boilerplate checker of kubernetes/kubernetes * regenerated all files and remove all YEAR fields * add boilerplate.generatego.txt and let all code-generators use it * [PATCH] Use nodename as key * move openHostPorts and closeHostPorts into a common struct * Add an alias `update` for subcommand `enable` * Add test case for kubelet phase command * Auto generated docs. * Auto generated BUILD files. * Add phase command for dynamic kubelet configuration in kubeadm. * flag value bindings for kubectl apply commands * Admit BestEffort if it tolerates memory pressure. * add unit test for function ParseKindArg and ParseGroupKind * Support snapshotting a scheduler cache * client-go/util/cert go_library shouldn't depend on testdata * translate hack/e2e.go -v to --verbose-commands * Bugfix for erroneous upgrade needed messaging in kubernetes worker charm. * kubeadm: add better test coverage to token.go * `GetObjectMetricReplicas` ignores unready pods * kubeadm: add better test coverage to reset.go * Typo in IT translation * remove some not used imports from python codes * remove unused hack/lookup_pull.py * remove --service-account-private-key-file in v1.11 * kubeadm: Add writable parameter to *ExtraVolumes init config * pwittrock requested removal; add pwittrock team members to sig-cli-maintainers * refresh eviction interval periodically * Fix local cluster leaking memory. * Allow system critical priority classes in API validation * autogenerated files * subtract inactive_file from usage when setting memcg threshold * modified * move EtcdServersOverrides to EtcdOptions flags validate * Update Gluster image * Add grace period to volume_io tests * Add pod cleanup timeout * Fix Ceph RBD image * Fix data race in node lifecycle controller * apiserver clean code * Refactor controller-manager: turn Serve func into handlerchain builder * Do not create dangling legacy symlink if the new symlink to container logs does not exist. These dangling legacy symlink are removed by kube runtime gc, so it's better if we do not create them in the first place to avoid unnecessary work from kube runtime gc. * Suppress error message from grep when checking whether a subnet has a secondary range or not. * Remove potential sources of flakes for kms_transformation_test.go. * Change to fix logging * align cpu/mem for fluentd-gcp to fluentd-es plus cpu cap * pkg/volume/nfs/nfs.go: correct error messages. * add some uts in helpers for CRD * Fixe golints of equiv class * Update generated files * Use const in equiv class * [PATCH] Fix equiv. cache invalidation of Node condition. * ignore the loopbackdevice error, or the rbd volume will not get detached * fix non-nil ptr struct convert * fix references and golint failures * Update bootstrap policy fixture data * Remove example change to seperate repo * Update generated types * Fix golints in extender * Add preemption in scheduler extender * Auto-create system critical prioity classes at API server startup * kubeadm: add better test coverage to version.go * deep copy fake client actions to avoid accidental mutation * Instrument transformer.go with latency metrics. * Fix iSCSI image * fix some ineffectual assignments and misspellings for the package of 'pkg/kubelet/volumemanager' * Make sh2ju use awk instead of bc. * Indicate clusterrolebinding, rolebinding subjects are optional fields * fix the bad err * fix todo: use a better way to keep this label unique in the tests * Adding details to Conformance Tests using RFC 2119 standards. * kubelet: make --cni-bin-dir accept a comma-separated list of CNI plugin directories * kubenet: accept a list of CNI binary plugin paths * cni: convert "vendor" option to multiple plugin binary search paths * cni: clarify bin/conf directory variable names * delete unused variable * move persistentvolume to storage package * supplement for the fix of issue: https://github.com/kubernetes/kubernetes/issues/60366 * Update IPVS doc * log an error message when imageToRuntimeAPIImage failed * Add UT test to TestMax if equal scenario * remove docker-email from required args for "create secret docker-registry" * remove filtering by instance state * Fix: remove keyword defer in the loop * Regenerate files * fix persist typo * fix visible typo * clean up unused const in node_lifecycle_controller.go * flag value bindings for kubectl attach/convert/delete/drain/edit/exec commands * implement begin-port+offset port range parsing * fix glog.Info in volumn_host * remove redundant fake discovery code * Remove invalid TODOs in kubeadm constants. * flag value bindings for kubectl create/get/set commands * Remove val and ok in Storageos * Do not log unchanged message if a format other than 'name' is specified * make read from channel other than stdout non-fatal * Allow including both podSelector and namespaceSelector in a NetworkPolicyPeer * Factor out duplicated NetworkPolicy validation code * Add UT test in qos if pod has one container * remove deprecated initresource admission plugin * Upgraded to apps/v1 and removed rollback example * fix the typo error due to the comments * Support completion for kubectl cp * clean testprinter after commit: https://github.com/kubernetes/kubernetes/pull/60117 * Add validation of apiserver-advertise-address * kubectl: delete dead package * kubeadm/phases: small grammar improvements * sample-controller: generate UpdateStatus for Foo resource * sample-controller: add status subresource support * update bazel: adds new vclib test * vSphere: Minimize property collection via Finder * podtolerationrestriction: fix informer race in test * Log warning message when failed to remove rbd lock * Add jingax10 as both reviewer and approver in cluster/gce. * Add test for scheduler:VolumeCountConflicts * Adding metrics server * Change HAIRPIN_MODE back to hairpin-veth * fixes #54017, remove deprecated --mode flag * fixes document grammar * Disable image GC when high threshold is set to 100 * Disable ImageGC when high threshold is set to 0 * Include more information when multiple security groups are tagged * fix help message of kubeconfig * fix #40123: add a periodical polling to update pod config * optimize DefaultTolerationSeconds admission controller * Respond to reviewer comments * Add instructions on how to debug a crashed pod * more concise to merge the array * add description of pvc condition for kubectl describe command * fix incorrect logic in glusterfs.go#canSupport * remove method NewCronJobControllerFromClient * fix assert.Equal argument order * fix todo: use the ServiceTestJig replace of service * check taints when allocating CIDR for the cloud * fix spelling error in comment and log * clean one redundant comment of rbd.go * add-ut-for-legacyLogSymlink * add ut for kuberuntime-gc * sync code from copy destination * kubectl: make error with resource list prettier * Update glusterfs-storageclass.yaml * Replace error string with const * fix error message about DeleteOptions * code refactor * small nit in the annotations * new testcase helpers_linux.go * remove duplicated validation from podsecuritypolicy * Disable session affinity for internal kuberntes service * Fix bad column alignment when using custom columns from OpenAPI schema * reduce garbage_collector test cases running time * prevent the same path load multiple times * remove punctuation from the end of an error string * Fix typo, grammar, punctuations and formatting * Fix to avoid REST API calls at log level 2. * add validation in kubectl create if no file in directory - Fix kubelet-config.yaml by adding authentication and authorization section - Include kubectl-rpmlintrc and kubelet-config.yaml files into kubernetes.spec and kubectl.spec - Get the commit id from the obsinfo file. This way this is automatic and we don't have a regression of bsc#1065972 - Move deprecated options to kubelet-config.yaml for kubelet service * add file kubelet-config.yaml - Add kubectl.spec file so we can create the kubectl package separetely (fix bsc#1097473 and bsc#1101010 and fate#325820) - Use the full path to the plugin dir follow up for bsc#1084766 - Update to version 1.10.5+32ac1c9073b132b8ba18aa830f46b77dcceb0723: * bump(github.com/evanphx/json-patch): 94e38aa1586e8a6c8a75770bddf5ff84c48a106b * fix formatAndMount func issue on Windows * add formatAndMount unit test on Windows * pkg: kubelet: remote: increase grpc client default size * pkg: kubelet: remote: increase grpc client default size to 16MiB * Fix panic while provisioning Azure security group rules * Fix job's backoff limit for restart policy OnFailure * Never clean backoff in job controller * Test job backoffLimit correctly * Rate limit only when an actual error happens, not on update conflicts * Kubernetes version v1.10.5-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.10.md for v1.10.4. * Add gpu cluster upgrade test. * Skip updating status for DaemonSet being deleted * Update GCE cloud provider to use Cloud TPU v1 API * Update dependency * Skip Sysctl tests against v1.11.0-alpha.0 and newer * Remove all upstream BUILD, BUILD.bazel, and WORKSPACE files from vendor/ * Update to gazelle 0.10.1 * Vendor gazelle * Vendor kazel * Remove kube::util::go_install_from_commit * Don't change GOPATH or PATH in a script lib * Update kazel to include openapi tag detection fix * Cherry pick of #64255: fix field removal in mutating admission webhooks * Fixed taints being applied to master if NoTaintMaster is true * Create cluster-autoscaler role and introduce it to CA start-up script * Fix setup of configmap/secret/projected/downwardapi * kubeadm - increase upgrade manifest timeout * Add kms-plugin-container.manifest to release manifest tarball. * Add RBAC policy rules for csi-external-provisioner and csi-external-attacher * Wait a minimum amount of time for polling operations * Use context with timeout instead of context.Background * use the latest json-iter * make json serializer case sensitive - Fix volume detection under btrfs (bsc#1095131) when the kubelet directory is not a subvolume, we need to go back within the file system until we reach the subvolume path, otherwise kubelet will refuse to start this has previously been a warning and is promoted to a fatal error since k8s 1.10 * adds bsc1095131-cadvisor-btrfs-walk-volumes.patch - Update to version 1.10.4+5ca598b4ba5abb89bb773071ce452e33fb66339d: * Only mount subpath as readonly if specified in volumeMount * CSI fix for gRPC conn leak, test updates * Fix extra-log flag for node e2e. * Fix kubelet flags. * properly skip cadvisor proxy test * DaemonSet internals are still in extensions * Fix DsFromManifest() after we switch from extensions/v1beta1 to apps/v1 in cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml. * Update nvidia-gpu-device-plugin to apps/v1 and use RollingUpdate updateStrategy. * Fix nodeport repair for ESIPP services * Wait for the job to be removed * Fix CSI volume detach when the volume is already detached. * Return attach error to A/D controller. * Add SELinux support to CSI * Add GetSELinuxSupport to mounter. * Fix GKE Regional Clusters upgrade tests * fix azure file size grow issue * Wait longer in pod cleanup * Add retry to AssertCleanup * Fix incorrectly set resource version in List * Add unit tests for findRule() * Add verbose logs for azure cloud provider * Check LoadBalancingRulePropertiesFormat for azure load balancers * kubeadm - do not generate etcd ca/certs for external etcd * Implement Skip() for ingress upgrade test * Prevent 1.10 e2es testing deprecated CAdvisorPort in 1.11 * etcd client add dial timeout * Add/Update CHANGELOG-1.10.md for v1.10.3. * Add a way to pass extra arguments to etcd. * Kubernetes version v1.10.4-beta.0 openapi-spec file updates * new event exporter config with support for new stackdriver resource types * kubeadm: surface external etcd preflight validation errors * Wait for pod deletion instead of termination * gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup * Don't panic is admission options is nil * log error for os.NewComputeV2 * unhide deprecated Kubelet flags * update godeps to use latest pflag * Update libcontainer to include PRs with fixes to systemd cgroup driver * Always Start pvc-protection-controller and pv-protection-controller - Update to version 1.10.3+2bba0127d85d5a46ab4b778548be28623b32d0b0: * Use inclien func to ensure unlock is executed * Add environment variable to control truncating backend. * Implemented truncating audit backend * fix formatting for memcg threshold * Cluster Autoscaler 1.2.2 * kubeadm - fix external etcd upgrades * Revert "Openstack: register metadata.hostname as node name" * Revert "Split out the hostname when default dhcp_domain is used in nova.conf" * Revert "Specify DHCP domain for hostname" * Support kubeadm upgrade with remote etcd cluster * Cherrypick: Enable CUSTOM_INGRESS_YAML to replace the glbc manifest * fix commands running crictl * Close all kubelet->API connections on heartbeat failure * Always track kubelet -> API connections * Avoid copying aggregated admin/edit/view roles during bootstrap * renable nodeipam in kube-controller-manager * Backport MAX_PODS_PER_NODE env from #63114 to 1.10 * Remove check for hash label and selector mutation. This is deprecated in future releases and breaks upgrade tests. * Check successfully assigned event message for 1.10 and 1.11. * fix status subresource * generated * Cherrypick kube-openapi changes * Improve where we load builds from for kubeadm upgrade jobs * Use the logging agent's node name as the metadata agent URL. * Bump Heapster to v1.5.3 * adding support for VM name with extra Separator String * passthrough readOnly to subpath * PR #62903 changed error string GetMountRefs() returned, which broke test `should fail due to non-existent path`. Remove error string check to fix test. * Show deprecated kube-apiserver flags * Fix dockershim CreateContainer error handling. * IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode * Update 1.10 test gpu_util.go to use the 1.10 nvidia-gpu device-plugin yaml. * Add/Update CHANGELOG-1.10.md for v1.10.2. * Kubernetes version v1.10.3-beta.0 openapi-spec file updates * Fix race between stopping old and starting new endpoint * Add unit test for configure-helper. * Revert "revert resource disablement, 1.10" * Refactor subpath reconstruction tests to use util test * Added more UT for invalid case. * Removed e2e test on empty NodeAffinity. * Remove METADATA_AGENT_VERSION config option * Fix Etcd Rollback * Add etcd L7 check on upgrade * Modify the kubeadm upgrade DAG for the TLS Upgrade * Update test-case, fix nil-pointer bug, and improve error message * Implement etcdutils with Cluster.HasTLS() * Implement ReadStaticPodFromDisk * fix mirror-pod hash race condition * test: Disable ui dashboard test for gke * Fix bash command for liveness probes in the metadata agents. * Make integration test etcd store unique * loopback webhook integration test * generated * fixup on dirty reverts * Revert "refactor resource_config.go thoroughly and remove useless code in registry" * Revert "remove support enable-disable api resources" * Revert "pass APIEnablement through apiserver chain" * Fix upgrade to Kubernetes v1.9.3+ * avoid dobule RLock() in cpumanager * Manage Metadata Agent Config with Addon Manager * Detach bug fix * Fix ILB issue updating backend services * add metrics to cinder * Fix subnet cleanup logic when using IP-aliases with custom subnets * Fix IP-alias subnet creation logic * When using custom network with IP-alias, use the former's subnet for the latter too * respect fstype in Windows for azure disk * Move istio-injection label to default namespace * Update Istio addon to 0.6.0 and mirror images in gcr * Enforce not using newer kubeadm to upgrade older kubeadm * Adds migrations to the kubeadm upgrade phase config * Generated build files * Bump GLBC manifest to v1.1.1 * Removed no-empty validation of nodeSelectorTerm.matchExpressions. * Fix volume node affinity to OR node selector terms * Use local provisioner version that uses beta API * Honor existing CA bundle and TLS server name in webhook client * ensure tls server name is used in transport * distinguish custom dialers in transport cache * Ensure service routing resolves kubernetes.default.svc correctly * fix devicePath update issue in Azure WaitForAttach func * Fix use visible files creation for windows * Fix machineID getting for vmss nodes when using instance metadata * Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver. * CSI - Apply fsGroup volume ownership when pv not readOnly * Update e2e test with private mount propagation * Add private mount propagation to API. * Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" * remove default fsypte in azure disk * fix comments * remove IsAbs validation on local volume * Ensure expected load balancer is selected for Azure * Fix daemon-set-controller bootstrap RBAC policy * Fix flaky crd e2e tests * fix nsenter GetFileType issue * Increase cpu/mem thresholds for c-m in density test * Fix PodStore to wait for being initialized * Add/Update CHANGELOG-1.10.md for v1.10.1. * Kubernetes version v1.10.2-beta.0 openapi-spec file updates * Cluster Autoscaler 1.2.1 * Use relative path for creating socket files * add tests for GetFileType * fix incompatible file type checking on Windows * Add support to ingest log entries to Stackdriver against new "k8s_container" and "k8s_node" resources. * Fix umask to actually intended behavior. * Switch to k8s-1.10 branch of the installer in release-1.10 branch. * Add wildcard toleration to nvidia-gpu-device-plugin. * Fix resize test for Regional Clusters * Fix restart nodes tests for Regional Clusters * Fix dns autoscaling test for Regional Clusters * Fix resize nodes tests for Regional Clusters * Fix disruptive tests for GKE regional clusters * Introduce multimaster clusters support to e2e framework for GKE * return error if get NodeStageSecret and NodePublishSecret failed * Cleanup CRD/CR confusion in webhook e2e tests * add e2e case for crd webhook * apiserver's webhook admission use its own scheme * Specify DHCP domain for hostname * Use provided node object in volume binding predicate * Update the stackdriver agents yaml to include a deployment for cluster level resources * fix typo that redefines variable and breaks code * fix local volume issue on windows * avoid resource leak when both `--rm` and `--expose` are specified * kubectl: fix a panic when createGeneratedObject failed * Add CRI container log format support back. * Update GLBC manifest to v1.0.1 * Fix Issue #61123, call syncer.Update on add event. * Fix #61363, Bounded retries for cloud allocator. * Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don't generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3. * Tolerate 406 mime-type errors attempting to load new openapi schema * Restore show-kind function when printing multiple kinds * Backport etcd.manifest fixes for HA clusters from #61241 to 1.10 * add udev to hyperkube and bump versions * Removed detailed internal storage metrics * Add pod deletion to subpath tests, and subpath as file with container restart * Ensure -o yaml populates kind/apiVersion * Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure * e2e:Enable CSI tests * Add/Update CHANGELOG-1.10.md for v1.10.0. * Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS * Support new NODE_OS_DISTRIBUTION 'custom' on GCE * Kubernetes version v1.10.1-beta.0 openapi-spec file updates * Update event-exporter image * Use O_PATH to avoid errors on Openat * Cluster Autoscaler 1.2.0 * Fix `PodScheduled` bug for static pod. * Remove 'system' prefix from Metadata Agent rbac configuration * Bump Heapster to v1.5.2 * Use inner volume name instead of outer volume name for subpath directory * disable DaemonSet scheduling feature for 1.10 * Add/Update CHANGELOG-1.10.md for v1.10.0-rc.1. * Update CHANGELOG-1.7.md for v1.7.15. * Update CHANGELOG-1.8.md for v1.8.10. * Update CHANGELOG-1.9.md for v1.9.5. * Added network-unavailable tolerations for hostNetwork=true. * Wait for only enough no. of RC replicas to be running in testutil * Patch glbc manifest to use version 1.0.0. Also add rate limiting flags * Fix cpu cfs quota flag with pod cgroups * Fix a bug where malformed paths don't get written to the destination dir. * Fix e2e tests for emptydir * Prevent garbage collector from attempting to sync with 0 resources * Add AUTOSCALER_ENV_VARS to kube-env to hotfix cluster autoscaler * Add unit test TestGarbageCollectorSync * Fix creation of subpath with SUID/SGID directories. * Bump fluentd-gcp-scaler version * Added unscheduable taint. * Fix issue with race condition during pod deletion * Fixes 'Zone is empty' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters * Fail the ingress test if it timesout getting address for IP address * Bump fluentd-gcp-scaler version * Fix deprecated gcloud compute networks --mode switches. * Backoff only when failed pod shows up * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.4. * Update CHANGELOG-1.10.md for v1.10.0-beta.4. * fix kubectl_filedir completion * Updates kubeadm default to use 1.10 * Use pod UID as cache key instead of namespace/name * Increase apiserver mem-threshold in density test * Fix subpath e2e tests on multizone cluster. * Add atomic writer subpath e2e tests * Detect backsteps correctly in base path detection * Exclude commas when pulling the tag out of the git export-subst format string * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.3. * Update CHANGELOG-1.10.md for v1.10.0-beta.3. * Add missing container-runtime "remote" option * Add missing v1.7.14 release note entries. * Add missing v1.9.4 release note entries. * Find most recent modified date for fluentd buffers recursively. * Update CHANGELOG-1.7.md for v1.7.14. * Update CHANGELOG-1.9.md for v1.9.4. * Update CHANGELOG-1.8.md for v1.8.9. * kubelet initial flag parse should normalize flags * fix show-all option description modified: pkg/kubectl/cmd/util/printing.go * set readOnly for CSI mounter * fix option --audit-webhook-initial-backoff * reduce nesting * Fixes the races around devicemanager Allocate() and endpoint deletion. * Bump to etcd 3.1.12 to pick up critical fix * Make admission webhooks work in custom apiservers. * [e2e service] Fix CleanupGCEResources for regional test * use temp kubeconfig for fake factory * match KindFor first * [e2e service] Fix gke failure: move apiserver restart validation logic into util * Revert "Use quotas in default performance tests" * Use grpc to improve the CPU utilization of the logging agent. * Fix use of "-w" flag to iptables-restore * Revert "[Test change - don't merge] Skip load test" * Fix upgrade tests for GKE Regional Clusters * Fix broken gke regional logging test. * added missing error check * Get external IP for azure standard nodes * Check whether it is running locally when UseInstanceMetadata * Make admission webhooks not ignore scheme * Fix default auditing options. * Increase verbosity of frequently printed logline in scheduler_binder * Make log audit backend configurable in GCE * [Test change - don't merge] Skip load test * Rollback etcd server version to 3.1.11 due to #60589 * Task 2: Schedule DaemonSet Pods by default scheduler. * auto check the current year * [e2e service] Refine apiserver restart logic * Update cadvisor to v0.29.1 * Vendor newest GCP Go client * Update CHANGELOG-1.10.md for v1.10.0-beta.2. * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.2. * Change regional PD cloud provider references to use the beta API * Mark reconstructed volumes as reported InUse * Avoid reallocating of map in PodToSelectableFields * Add OWNERS file to test/typecheck/ * Add cblecker to test/ approvers * purge all the -v references from e2e.go * log enabled admission controller in order * Use cert util to get cert data. * Auto generated BUILD files. * Remove 1.8-1.9 upgrade codes of kubeadm * Add sys/windows/svc to vendor * Add support for binaries to run as Windows services * Setting REMOUNT_VOLUME_PLUGIN_DIR for COS images in kube-env * Update Kubelet command option description for IPv6 * Add retrying to audit logging e2e tests * Create fake /etc/hosts for conformance test * Bump Cluster Autoscaler to 1.1.2 * Fixing e2e CSI test, II * Run hack/update-all.sh * Prevent webhooks from affecting admission requests for webhooks * Fix DaemonSet e2e test for OnDelete * fix test failure and delete unused code * Pass in etcd TLS credentials during migrate and rollback * Bump etcd server patch version to 3.2.16 * Fixing e2e CSI test * oidc: add rithujohn191 as a reviewer * Run server-side print tests only on k8s 1.10+ * Fix initializing watch cache * [fluentd-gcp addon] Fix passing location to event exporter * Add e2e test for deletion * Add feature gate for subpath * Add subpath e2e tests * Lock subPath volumes * Add unit tests for parseConfig * Enable maximumLoadBalancerRuleCount config for azure yaml config file * Fix broken useManagedIdentityExtension for azure cloud provider * Update documentation for azure-shared-securityrule * Code cleanup: group consts togather * Update liveness probes to exec etcdctl /w mTLS for kubeadm etcd static pods * Generate client certificates for healthchecking kubeadm etcd static pods * Update README.md of sample-apiserver. * Promote LocalStorageCapacityIsolation feature to beta * Swithcing to Official CSI 0.2.0 tag * improve daemonset's retry creating failed daemon pods e2e test * requires string input * Update gazelle to latest to fix vendoring issue * Expect NetworkTier not to be set as GCE value (all uppercase) * Cap max number of nodes to use for local PV e2e tests * Remove mapping to /host/lib from fluentd-gcp container. * increase amount of memory filled by memory allocatable eviction test * kubelet: notify systemd that kubelet has started * bump(6644d4): spf13/cobra: support bash completion for aliases * Fix a grammatical error in a comment * update Mount propagation version in comment * Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation * Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859 * Add support for `make verify WHAT=typecheck`. * Add selector to DaemonSet in newDaemonSet function so that the v1 apis function for e2e * Add //test/e2e/... and //test/integration/... to //build/visible_to:COMMON_testing * I forgot the fact that the DevicePlugin test itself restarts Kubelet for testing purpose. Move that test back to Serial but constructs a smaller test without kubelet restart that we may run during presubmit. * Do not count failed pods as unready in HPA controller * Add retries to resource deletions in testing framework * remove anti-affinity * Add buffering to the log audit backend * Added dashboard banner passthrough to GCE kube-up. * Increase loging verbosity for deleting stateful set pods * Update CHANGELOG-1.7.md for v1.7.13. * remove "scale job" from help info * fix warning info format * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.1. * Update CHANGELOG-1.10.md for v1.10.0-beta.1. * add remount logic for azure file plugin * API Changes for RunAsGroup and Implementation and e2e * Only install etcd for verify tests that need it. * Set default vmtype to standard if not set * Relax time tolerance on KMS test, limit to platforms with unix sockets available * fix todo:Get rid of this duplicate function IsRetryableAPIError in favour of the one in test/utils * add m1093782566 to milestone maintainer since he is a PM member on behalf of SIG-Network * improve get description * Check nil error in IsProbableEOF() * Remove spxtr from various OWNERS files. * Adds daemonset conformance tests * Add integration test for server side printing * Add missing table converters for server side printing * run update bazel * remove unused rest/versions.go * cloud-controller-manager get /healthz instead of calling restclient.ServerAPIVersions to wait for apiserver being healthy * Fix stackdriver logging test * remove gcloud docker -- since it's deprecated * update the relevant BUILD file * Add node-e2e test for ShareProcessNamespace * add TestUpdateStatus for horizontalpodautoscaler * Added unscheduable node UT for DaemonSet. * add unit test case for nodenames comparison * generated * client-go: add an exec-based client auth provider * gce: add support for enabling TokenRequest feature * Allow update/patch of CRD while terminating * Update godeps * Update unit tests and bazel files * Setup docker hostconfig for windows containers * Setup windows container config to kubelet CRI * enable IPVS feature gateway by default since it's already beta * Support cluster-level extended resources in kubelet and kube-scheduler * implement token authenticator for new id tokens * svcacct: move getters to use an external clientset * Fix typos * Switch to a dedicated CA for kubeadm etcd identities * Code Cleanup * Fix kubectl completion so that file names are listed * Adding Data Encryption Key (DEK) Key Encryption Key (KEK) integration tests via KMS Plugin Mock. * Update kubectl e2e test manifests to apps/v1 * Changing Flexvolume plugin directory on COS in GCE to a durable directory * Ensure status bar displays full progress. * Ensure generated files are present before typechecking. * Add test/typecheck, a fast typecheck for all build platforms. * Fix build tag for grpc_service_unix_test.go. * Vendor golang's go/types to include a fix for CGo typechecking. * Move linux-only getProxyMode tests to a linux-only file. * Add a few "+build linux" tags where appropriate. * Make a few code paths compile cleanly with 32-bit Go. * Remove unused variables (only assigned to) from test code. * Refactor common parts of scheduler_perf into reusable utils * Temporary fix for LeaderElect for kube-scheduler * Auto-updated BUILD files * [kube-proxy] Mass service/endpoint info functions rename and comments * [kube-proxy] Unit test for unmatched IP version * [kube-proxy] Harden change tracker and proxiers for unmatched IP versions * [kube-proxy] Make the import name of utilproxy consistent * [kube-proxy] Add more IP version related utils * [kube-proxy] Move ipv6 related funcs to utils pkg * [kube-proxy] Move Service/EndpointInfo common codes to change tracker * Use consts defined in api instead of defining another ones. * Run hack/update-bazel.sh * E2E: add tests for PSP from the "policy" API Group. * sh2ju.sh: suppress `which` command output when gdate not found in $PATH. * Fixed log calls in VolumeManager * Fix nested volume mounts for read-only API data volumes * Include EOF errors also as retryable errors * Validate path in external metric name * Implement external metrics in HPA * Add external metrics client to HPA rest client * Remove old featureGate flag * update bazel * update import * Make Scale() for RC poll-based until #31345 is fixed * update golint_failures * move fs into seperate directory to break cycle import * merge util into one file * Extract volumepathhandler into seperate directory * Extract recycler client into seperate directory * Volume deletion should be idempotent * clean up example unit test * fix nodenames slices comparison para. * Add Cloud TPU v1alpha1 API dependency * Update device plugin e2e_node test to not changing Kubelet config as DevicePlugins feature is enabled by default now. * GCE: support Cloud TPU API in cloud provider * Delete the Redundant define tc * Add scheduling.k8s.io to the known groups for audit logging on GCE. * Remove passing packages from hack/.golint_failures * Run hack/update-all.sh * Remove dep-reviewers * don't (remote) cache release-tars * Update code generators * run hack/update-staging-godeps.sh * run hack/godep-save.sh * Update gengo version * Remove cassandra example * Adding beta feature flag for regional PDs. * Added MountDevice/UnmountDevice pass-through to NodeStageVolume/NodeUnstageVolume for CSI Volume Plugin. Added related unit tests. Vendored CSI Spec to HEAD * Increase timeout of integration tests * fix bug where character devices are not recognized * Update gke nvidia-gpu-device-plugin to the latest version that supports both v1alpha and v1beta1 device plugin versions. Re-enables nvidia-gpus e2e test after verifying the test passes now. * rbac: allow system:node role to make TokenRequests for all service accounts * noderestriction: restrict nodes TokenRequest permission * auth: allow nodes to create tokones for svcaccts of pods * Add CPU/Memory pod stats for CRI stats. * Let image manager return a copy of image list. * promote GC e2e tests to conformance tests * Update to use Stackdriver Agent image. * bzl: fix update-bazel.sh * Adding dummy and dummy-attachable example Flexvolume drivers; adding DaemonSet deployment example * Reduce number of pods created for local PV stress test * Add myself to dep-approvers OWNER alias * Differentiate between target and target average value * auth: reregister auth providers * Better PROXY_LOG and verbosity in the command line * Use feature-gates command line for kube-proxy * fix static checks * update bazel * auto generated codes * userspace part changes * ipvs part implementation * iptables part implementation * create netwowrk interface util * validate nodeport-addresses * add nodeport-addresses flag for kube-proxy * don't use storage cache during apiserver unit test * Add external metrics client * Use rbd-nbd if present for rbd volume map and unmap operations, if rbd fails. * hack/lib/protoc.sh: don't split find-binary output. * hack/lib/util.sh: remove shadowed case statements. * hack/lib/util.sh: do not iterate over ls output. * hack/lib/util.sh: improve staging api finding. * hack/lib/util.sh: add double quotes. * hack/lib/init.sh: prevent splitting in 'dirname' result. * hack/lib/golang.sh: use double quotes. * hack/lib/golang.sh: do not split on array items. * hack/lib/golang.sh: split strings into arrays safely. * Fix regional clusters startup * update aws plugin for block support * adjust filtered object test to reflect old weird behavior * Revert "fix resource filter for generic printers on get" * Add support for external metrics in kubectl * Move retry-based updates to a different pkg * Return missing ClusterID error instead of ignoring it * Add clusterid tags to the instances in AWS tests * Use quotas in default performance tests * Update Dashboard version to v1.8.3 * add --experimental-server-print tests * remove default priority cache in Priority admission controller * Fix registry flunder and fisher strategy method names to a standard * statefulset validate collisionCount * fix package name error modified: plugin/pkg/admission/priority/admission.go modified: plugin/pkg/admission/priority/admission_test.go * Delete two same if in photon_pd * Conformance: Add StatefulSet tests. * Added local storage e2e test for VolumeMode: block * vendoring latest version of google-api-go-client * Run hack/update-bazel.sh * Use `Int32Ptr` function from utils instead of self-written versions * add unit test for static pod name generation * kubeadm create token using config file * autogenerated files * correct the expected value in plugintest * Move kubelet flag generation from the node to the client, and pass the kubelet flags through a new variable in kube-env (KUBELET_ARGS). * tokenrequest: tokens bound to pods running as other svcaccts * Added unschedulabe predicate. * Support Running local-up-cluster in CI * Update vendor spf13/cobra to fix completion error in bash 3 * CSI code changes * vendor files update * Partial revert to fix local-up-cluster.sh * CRD should have server side printing * Add tests for Deployments Recreate strategy when there are pods in terminal state present * Fix Deployment with Recreate strategy not to wait on Pods in terminal phase * FIX the os.Stat() func in volume file/kind bug * fix references * Delete the two same if in func TestPlugin * fix "make test" * kubectl: flag value bindings for common utils * move storageclass/setdefault into pkg/admission/storage * flag value bindings for kubectl label/patch/taint/top commands * fix cli example * fix device name change issue for azure disk * kubeadm: use localhost for API server liveness probe * Add Local PV stress test * adding replication-type in GCE PD parameters * Made a couple API changes to deviceplugin/v1beta1 to avoid future incompatible changes: - Add GetDevicePluginOptions rpc call. This is needed when we switch from Registration service to probe-based plugin watcher. - Change AllocateRequest and AllocateResponse to allow device requests from multiple containers in a pod. Currently only made mechanical change on the devicemanager and test code to cope with the API but still issues an Allocate call per container. We can modify the devicemanager in 1.11 to issue a single Allocate call per pod. The change will also facilitate incremental API change to communicate pod level information through Allocate rpc if there is such future need. * add comments * Update autogenerated docs * Fix typos * Change SANs for etcd serving and peer certs * Add more test cases for volume binding in the scheduler * Secure etcd API /w TLS on kubeadm init [kubeadm/#594] - Generate Server and Peer cert for etcd - Generate Client cert for apiserver - Add flags / hostMounts for etcd static pod - Add flags / hostMounts for apiserver static pod * integration: refactor, cleanup, and add more tests for TokenRequest * autogenerated api changes * k8s csi code change * api changes * expunge the word 'manifest' from Kubelet's config API * update GCE plugin for block support * Allow TTLs to be plumbed through to webhook authn/authz in gce scripts. * Revert "Allow env to be updated via specific key in resource" * Include generated files * Introduce External Metrics API * update generated files * Add Categories to CRD spec * generated code * Update e2e and integration to use apps/v1 for DaemonSet * Update versioned portions of kubectl to use apps/v1 with DaemonSet * Fix golint warning * Enable PV protection test by default * handle Table response in client * Only run connection-rejecting rules on new connections * simplify kubectl testing factory * apiserver: fix testing etcd config in preparation for etcd 3.2.16+ * dockershim: Return Labels as Info in ImageStatus. * generated * Add a metric exposing number of objects per type * Autoscaler e2e - fix getting initial pool size * Fix grammar and log issue in volume cache code * fix freespace for image GC * [kube-proxy]enhance kubeproxy init flag * clean up sysctl code * initialize all known client auth plugins * Remove conntrack entry on udp rule add. * Add e2e test for configurable pod resolv.conf * More unit test for configurable pod resolv.conf * remove unused function negotiate() and writeYAML() * Reuse the "min*Nodes" slices to save the GC time. * Disable mount propagation for windows containers * generated: bazel * Make Service storage a wrapper around other storages * fix proxy mode comment message * fix proxy mode comment message in v1alpha1 * kms: rename KMSService to KeyManagmentService * add description of mount options to StorageClass describe printer * Add node e2e test for log rotation. * Generated code * Use container log manager in kubelet * Add kubelet container log manager * fix new typos when rebasing * add spelling checking script * vendor misspell * fix typo and remove inaccurate TODO * Refactor tests * Discovery client and aggregator downloader use /openapi/v2 endpoint * clean up KubeletConfigOk condition construction * add me to iptables/kube-proxy reviewers * gce: allow extra addons to be sourced form a url * generated files * multi-zone PD e2e tests * Remove k8s prefix from gcr.io/k8s-ingress-gce-image-push repo * godeps: bump go-openapi * Fixes for HTTP/2 max streams per connection setting * examples/podsecuritypolicy: add owners. * Add smart retries to resource creations in testing framework * Fix incorrectly formatted URL * Results of running update scripts: update-openapi-spec update-federation-openapi-spec * Update description for valid reclaim policies * backoff runtime errors in kubelet sync loop * Update the DaemonSet controller to use the apps/v1 API * Remove subnet size restriction for IPv6 * Introduce buffered audit backend * Run hack/update-bazel.sh * Modify PodSecurityPolicy admission plugin to additionally allow authorizing via "use" verb in policy API group. * update generated files * add subresources for custom resources * update cadvisor godeps and ignore per-cpu metrics * Namespace should support table printing * bump coredns feature gates to beta * update version and manifest * Fix nsenter on Mac * Validation for HPA external metrics * Remove ClientSetForVersion & ClientConfigForVersion from factory * Modify tests * Autogenerated code for HPA external metrics * Add external metric type to HPA API * Remove unnecessary return parameter from NewCmdTopPod * Add kubectl create job --from=cronjob/ * Fixes #47538: Add functionality for manually creating a Job instance from a CronJob * deprecate --show-all * remove metrics client factory method * Add CSI volume attributes generated API code * Make CSI volume attributes first class * Allow env to be updated via specific key in resource * Fix passing gcloud command output to error check * Improves backoff policy in JobController * Unset CDPATH in build script to fix path generation * Review #1 * update bazel * kube-proxy make use of generic apiserver profiling * kube-scheduler make use of generic apiserver profiling * controller-manager make use of generic apiserver profiling * Avoid explicit mention of glusterfs in error strings. * Cleanup node type checking for azure nodes * add lock before detaching azure disk * Get dirFsInfo from docker image filesystem * Set FsId and usedBytes for windows image file system * Add GetDiskFreeSpaceEx and export winstats.StatsClient * set default enabled admission plugins by official document * Set shared PID namespace mode based on PodSpec * remove f.PrintObjectSpecificMessage * Build files generated * Critical pods priorityClass addition * fix todo: add validate method for &schedulerapi.Policy * DevicePlugins feature is beta in 1.10 release * Document k8s.gcr.io/etcd image upgrade/downgrade support * Introduce some plumbing which makes it possible to specify which ingress image to upgrade to for the upgrade test * Extracting common logic related to integration testing of storage transforms. * Make the `Unschedulable Queue` interface private * Change printDeprecationWarning to use fmt.Fprintf instead of glog * Deprecate kubectl scale job * add support for /token subresource in serviceaccount registry * Update kubectl describe to print out PV node affinity * Test cases to verify container log stats * Minor improvements to scheduling queue * Bump dependencies for build tag fixes bump github.com/vmware/govmomi/vim25 to HEAD bump bitbucket.org/bertimus9/systemstat to HEAD * remove unneeded factory codec methods * bump(go-openapi/validate): d509235108fcf6ab4913d2dcb3a2260c0db2108e * [e2e ingress-gce] Reduce numExtraLarge to 99 * Generated code for Shared Process Namespace * Fix kubectl describe for priority class objects. * Kubernetes API for Shared Process Namespace * Deprecate KubeletConfiguration flags * adding new tag bumping SHA * Remove Feature from StorageProtection E2E tests as Storage Protection feature is brought into beta. * StorageProtection Brought to Beta in 1.10 Release * readme update for fluentd-gcp-scaler * collapse printing paths * Introduce e2e test for Metadata Agent * Remove pkg/client/unversioned * Pass location parameter to event exporter. * Make sure node pool is deleted in autoscaler e2e tests. * Return information about which int tests failed in the summary - followup * Fix getting pool size in autoscaling e2e tests * [fluentd-gcp addon] Update event-exporter * Migrate deviceplugin api from v1alpha to v1beta1 * Invoke PreStart RPC call before container start, if desired by plugin * Adding per container stats for CRI runtimes * fix resource filter for generic printers on get * rename StorageProtection to StorageObjectInUseProtection * Improve scheduling queue's logic * add deployment proportional scaling e2e test * [e2e ingress-gce] Bump num of ingresses for scale test * cloud: don't require application default credentials to run unit tests * returning an empty array instead of returning an array with empty string for kubemci get status * autogenerated * remove deprecated /proxy paths * fix running with no eviction thresholds * Delete unused ForwardingRule fakes * Use shared variable names. Define hooks on mock objects * Move shared variables and fakeGCECloud method to top * Define hooks for inserting Forwarding Rules and Addresses in all versions * Move and make exported lbScheme types into cloud/constants.go * Move NetworkTiers into cloud/constants.go * Add test for wrong networktier resource deletion * svcacct: make token authenticator fully generic * Disallow setting both alpha and beta PV nodeAffinity Allow setting PV nodeAffinity if previously unset * Bump addon-manager to v8.6 * Test cases fix after path expansion * bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43 * bzl: use --local_test_jobs * Drop init container annotations during conversion * Fix device unmap for non-attachable plugin case * cleanup printers some more * Add new openapi endpoint in aggregator server * Bump kube-openapi to add new openapi endpoint * Reformat and update error strings. * Fix race in healthchecking etcds leading to crashes * Increase allowed lag for ssh key sync loop for tunneler * Fix grammar eror of azure cloudprovider * Remove unused code and modify tests to include set based selector * glusterfs: refer to upstream gluster documentation * glusterfs: fix a comment typo * glusterfs: Remove an outdated comment about GB vs GiB * Fix typos in configmaplock * Update generated files. * Update examples to use PSPs from the policy API group. * Introduce PodSecurityPolicy in the policy/v1beta1 API group. * AllowVolumExpansion field to describe printer. * Add cluster-location to GCE instance attributes * autogenerated files * Changed API doc * autogenerated files * refactor kubeadm join command generation * dockertools: disable MemorySwap on Linux * Removed newlines from e2e log statements. * Fixing CSI E2E test * collect metrics on the /kubepods cgroup on-demand * Taint node when it under PID pressure. * Add API docs for multiple PriorityClasses marked as globalDefault * Updated comments to correct flag of taint. * Generated files * Volume node affinity enforcement * Add new volume-scheduler cluster role to scheduler * Add VolumeNodeAffinity to PersistentVolumeSpec * Pick the PriorityClass with the lowest value of priority in case more than one global default exists * Do not add kubeconfig while running kubemci * Fix e2e node setKubeletConfiguration helper * Don't assume SG is for ELB; pass tags directly * Pass ProjectRouter to mocks * Require boilerplate on Bazel Skylark source files * Autogenerated: hack/update-bazel.sh * Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies * Move ipvs module loading logic * [e2e ingress-gce] Enhance cleanup logic for pre-shared-cert test * Updating code to use TempDir in manifest test * bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b * oidc authentication: generate testdata and delete old test packages * oidc authentication: switch to v2 of coreos/go-oidc * svcacct: default expiration of TokenRequest * Add code and yaml for Istio as an addon * Refactor k8s core csi bits for CSI Spec 0.2.0 * Updating vendor file and dependency * Add myself to owner aliases * Allow Metadata Agent to get and list resources * Bump default Metadata Agent version * reevaluate eviction thresholds after reclaim functions * Split self-signed cert and CA * add an admission decorator chain * Revert "add node shutdown taint" * Add quotas to density and load tests * use prometheus-to-sd 0.2.4 and fluentd-gcp-image 2.0.16 * Move code only used by gce out of common.sh and into gce/util.sh. * Add AWS cloud provider option for IAM role * Updating kubemci e2e test to not add kubeconfig flag for get-status * Remove extraneous CHANGELOGS on the 1.10 branch. * wait for bound pvc metric updated before validating * collect ephemeral storage capacity on initialization * Index PVs by StorageClass in assume cache * Fix pod scheduled. * Change the strategic-merge-patch link to https://git.k8s.io/community/contributors/devel/strategic-merge-patch.md * [e2e ingress-gce] Add test for backside re-encryption * In etcd-version-monitor, Remove grpc labels used only in etcd 3 format when translating metric back to 3.0 format * Use consts as predicate name in handlers * Log the command line flags * Add cloud-provider policies to be applied via addon mgr * cluster/images/hyperkube: Fix typo in Dockerfile for aggregator symlink * Add deprecation notices * Re-add OWNERS files to Godeps/vendor dirs * Enforce OWNERS file in Godeps and vendor dirs * Add cblecker to dep approvers * kubelet: revert the get pod status * Update reviewers for sig-scheduling. * code review: create err chan via helper * gke-certificates-controller: rm -rf * Avoid call to get cloud instances * Add some more tests for routes. * enable mutating and validating admission webhook by default on gce and centos clusters setup by kube/cluster-up.sh * Add a reviewer to addon-manager * Enable mount propagation tests by default * Update build deps for Bazel and zz_generated * Add configuration item to allow kubeadm join to use a dns name pointing to control plane * Container Liveness probe InitialDelay time increased to accomodate slow machines * Rework volume manager log levels * update -o name format to kind.group/name * fix fluentd-gcp-scaler to look at correct fluentd-gcp version * Clean-up not needed method. * Fix cluster autoscaler test to support regional clusters. * Store labels and fields with object * csi: Remove stale volume path * Process existing cloud nodes in CCM * Fix the broken link in Markdown * Try longer to fetch initial token. * Rename ConfigOK to KubeletConfigOk * Standardize on KUBE_PROXY_MODE (not KUBEPROXY_MODE) * apiserver: fix some typos from refactor * Move the kubeletconfig v1alpha1 API to beta, rename to kubelet.config.k8s.io * force node name in generated static pod name lowercase * kubelet: revert the status HostIP behavior * Kubernetes version v1.11.0-alpha.0 openapi-spec file updates * trivial change to fix test issue * Improve comments for kubelet * Partial revert of fb5caac2da063cd5e992e2c9fda5b0bf30776871 * Update to latest gophercloud/gophercloud * Check if netstat or iproute2 is available * Pipe error message from openapi/swaggerspec verify checks to stderr * kubeadm: Demote controlplane passthrough flags to phases alpha * Correct error strings and variable name. * fixing diskIsAttached func * kubectl port-forward support resolving service port to target port, and support Service as resource type * Add jsafrane as AWS approver. * vendor caddy * Fix DownwardAPI refresh race. * Add retries to PrepareNodes utility function * Fake docker-client assigns random IPs to containers * Add golang.org/x/tools/benchmark/parse godep. * update-bazel.sh * Save benchmark data in perfdash-friendly format. * add e2e test for bound/unbound pv/pvc count metrics * add number measurement for bound/unbound pv/pvc * cmd/controller-manager: add OWNERS for generic controller-manager code * Fix instanceID for vmss nodes * Addressed jeffvance's review comments * rename func ValidatePodSecurityContext to ValidatePod * Secure Kubelet's componentconfig defaults while maintaining CLI compatibility * fix README for admission webhook test image * kubemark using cobra commands * Addressed review comments * Add vmType checking in Azure disk controller common * deprecate kubelet's cadvisor port * fix json tag on Azure.config * use caddy for translation * improve tests * add federations translation * kube-dns configmap translate * Configuration changes * fix markdown formatting for test image * Add criSocket to kubeadm MasterConfiguration manifest * WIP - create read/writer rate limiter * juju: Fix broken ingress after upgrade-charm * Remove unused DeltaFIFO compressor argument to NewDeltaFIFO * Add started state to the processor to protect against double starts * Add a test case for the race in #59822 * Avoid hook errors when effecting label changes. * removing production code usage from e2e tests code * Upload container runtime log to sd/es. * local-up-cluster.sh should be conformant out-of-the-box * add reviewers to util/mount * kubectl port-forward allows using resource name to select a matching pod * libffi-dev dependency added in fluent-es-image Dockerfile to solve the docker build error * Remove duplicated definition of ResourceList in Metrics API * Add criSocket to kubeadm NodeConfiguration manifest * hack/update-codegen.sh: fix finding api names. * hack/update-codegen.sh: fix finding items in an array. * hack/update-codegen.sh: split string into array robustly. * Don't create no-op iptables rules for services with no endpoints * run update bazel * pass listener in integration test to prevent port in use flake * Increase timeout on waiting on cluster resize in autoscaling tests * staging: add boilerplate header * hack/grab-profiles.sh: fix typos in error strings and variables. * hack/grab-profiles.sh: bash script cleanups. * hack/grab-profiles.sh: use double quotes in trap. * hack/grab-profiles.sh: fix typo in variable name. * Update generated files * controller-manager: add authz/n to options, nil by default * controller-manager: add SecureServingOptions * apiserver: make SecureServingOptions and authz/n options re-usable * controller-manager: switch to config/option struct pattern * Review #2 * Review #1 * Fix: change basic auth password should keep admin in masters group * Detect CIDR IPv4 or IPv6 version to select nexthop * Fix typos * add --go-header-file to use kube boilerplate * code-generator: add boilerplate header * Remove myself (timothysc) from OWNERS files on areas that I do not actively maintain. * Dynamic client support subresource create/get/update/patch verbs * bazel: update busybox digest to latest (~1.28.0) * Add etcd 3.x minor version rollback support to migrate-if-needed.sh * bazel: update digest for debian-iptables-amd64 * Bump GLBC to 0.9.8-alpha.2 and change back to --verbose * Ignore 0% and 100% eviction thresholds * Auto-generated files for CustomPodDNS Beta API * Promote configurable pod resolv.conf (CustomPodDNS) to Beta * kubelet: check for illegal phase transition * compare Pods by UID, not by name and namespace * Remove unused getClusterCIDR() * kubeadm: add configuration option to not taint master * Fix #59601: AWS: Check error code returned from describeVolume * Remove /ui/ redirect * use new account generation method for blob disk * Add unit tests for mapLoadBalancerNameToVMSet * Map correct vmset name for internal load balancers * Fix godeps for client-go * Fix unit tests for vmss * update azure API for auth * Add azure disk support of vmss * Use new clients for vmss cache * Update Azure GO SDK to v12.4.0-beta * Update vmss fake clients * Update vmss client to new version * Abstract disk operation interfaces in VMSet * Use full instanceID as lun lock key * Add unit tests for extractVmssVMName * fix typo, this let's us -> this lets us * format some import statements in scheduler pkg * Requesting new credentials when node names change * Fix kubelet PVC metrics using a volume stats collector. * Add ipset binary for IPVS, context: https://github.com/kubernetes/kubernetes/issues/57321 * fix some syntax related errors * Make command-line flag --feature-gates compatible * Update fuzzer to reflect FeatureGates type change. * Auto generated files. * Migrate FeatureGates type of kube-proxy from string to map[string]bool * create storage account if necessary when create azure file pvc * Update README.md * remove unused function printIndentedJson and printAllPods in test/integration/scheduler * New github id - FengyunPan -> FengyunPan2 * util/goroutinemap code cleanup * Adjust unit tests for vmss * Use generic cache for vmss * auto-generated * fix all the typos across the project * Use SeekStart, SeekCurrent, and SeekEnd repalace of deprecated constant * fix deleting dummy device error in kube-proxy.log when run cluster in local * fix "destroying ipset" error in kube-proxy.log when run cluster in local * some typo * Check etcd port instead of process name * taint also node controller * nit: remove CSI plugin from ProbeExpandableVolumePlugins * Add tests for schedulercache * release local ephemeral storage resource when removing pod * Autogenerated BUILD changes * Adding kubemci e2e test for conformance * Extend timeout to deal with pkg/master flake. * Update CHANGELOG-1.8.md for v1.8.8. * juju: Fix kube-proxy failing to identify local endpoints * Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName. * Enable Audit Logs Behind a Feature Gate * Update CHANGELOG-1.9.md for v1.9.3. * vSphere test infrastructure improvement and new node-unregister test * Autogenerated files * Refactor volumehandler in operationexecutor * fix --watch on multiple requests * Bump GLBC version to 0.9.8-alpha.1 * devicemanager testing: time out sooner * Update Kubeadm proxy handling for IPv6 * Workaround patch using cached version in TestPatch * CSI - Auto-generated code updates * CSI - Marking CSIPersistentVolumeSource Beta * Disable symbol resolution by pprof in profile-gatherer * Print stderr from go tool pprof in profile gatherer * Remove bootstrap kubelet config on reset * Enable scaling fluentd-gcp resources using ScalingPolicy. * Add HTTPProxyCheck for API servers * devicemanager testing: dynamically choose tmp dir * Add error handling and new tests * correct the ConstructVolumeSpec func path value * update bazel BUILD * Pass pod labels to controller revision * ipvs part changes * iptables proxier part changes * proxy endpoints part changes * proxy service part changes * Avoid race condition when updating equivalence cache. * kubeadm: Support imagePullPolicy option in the kubeadm init configuration file * remove unused function in pkg/controller/replicaset/replica_set_test.go * Task 0: Added Alpha flag for NoDaemonSetScheduler feature. * Bury KubeletConfiguration.ConfigTrialDuration for now * bazel: support using SOURCE_DATE_EPOCH to override date * Update azure_loadbalancer.md * fix incorrect logic in canSupport * [e2e ingress-gce] Scale test to measure ingress create/update latency * Pass pvc namespace and annotations to Portworx Create API * Update endpoint value in test code * Rename and restructure local PV tests * Add cache for route tables * Add cache for network security groups * Add cache for load balancer * Add cache for virtual machines * New unit tests for timedCache * Make azure cache general for all objects * Create pkg/kubelet/apis/deviceplugin/v1beta1 directory. * Add a new environment variable to the startup scripts called KUBE_PROXY_MODE * Remove unnecessary summary api call. * Update cadvisor to 6116f265302357cbb10f84737af30b1f13ce2d6c * remove CAdvisorPort from KubeletConfiguration * make context the first arg in AddInstanceHook/RemoveInstanceHook * generate mocked methods with context as the first arg, because golint * Adding benchmarks to envelop encryption integration tests * Cleanup and add category doc * Fixes the regression of GCEPD not provisioning correctly on alpha clusters. * Add 'none' option to EnforceNodeAllocatable * dockershim: don't check pod IP in StopPodSandbox * Mark kubemark images w/ random tags to avoid race b/w runs * Unify image registry value in kubemark setup scripts * kubelet: add support for pod PID namespace sharing * validation_test.go: move test cases for AllowPrivilegeEscalation option from TestValidatePodSpec to TestValidateSecurityContext. * Add node e2e to verify hugepages feature * Add shyamjvs to cluster/images/kubemark/OWNERS * Fix bug with profile-gathering waitgroup in scale tests * Skip TestRoutes when there are no vm(s) * Extract instantiation of cloud provider * AWS: Do not ignore errors from EC2::DescribeVolumee in DetachDisk * return a more human readable error message if mount an unformatted volume as readonly * add more error logs in kubectl run * update staging godeps * Collect prometheus metrics for custom resources * client-gen: remove base input dirs * fix using defer in loop in cors test * run update bazel staging-dep * add wait ready for mutating/validating webhook configuration * admission registration use shared informer instead of poll * add node shutdown taint * Add apiserver profiling to our scalability tests * fix describe when allocatable CPU/Memory is 0 * Fix golint errors in `pkg/scheduler` based on golint check * Set instanceID to azure resource ID format while useInstanceMetadata is enabled * Change critical pods? template to use priority * Enable golint for `pkg/scheduler` * return error if New-SmbGlobalMapping failed in azure file mount * Route verify-godep-licenses output to stderr * Route verify-godeps output to stderr * Route verify-boilerplate output to stderr * Route verify-gofmt output to stderr * Route verify-bazel output to stderr * Switch to k8s.gcr.io vanity domain * Add useInstanceMetadata param back in Azure cloud provider * Revert "add number measurement for bound/unbound pv/pvc" * Moved validation to the API side * run hack/update-all.sh * add test case * audit support wildcard matching subresources * Add verify script for kms generated file * Change provider ID to uuid * Add generated script for kms api pb file * Remove configfile for kms in encryption config * Update for review comments * Only support unix socket for kms gRPC, also add Version method * Fix verify error and address review comments * Update kms provider config for gRPC client service * Add gRPC client service for envelope transformer * Remove experimental keystone authenticator * run update-bazel.sh, lint on mock.go * verify no extra RS was created when re-creating a deployment * Add mountpoint as CRI image filesystem storage identifier. * remove newline before err checks. address pr comments * use getInstanceByName to check for node presence, instead of DeleteInstance) * Cleanup of ipvs utils * test updateExternalLoadBalancer removes nodes * check firewall creation + deletion for healthcheck firewall * fix deployment's collision avoidance mechanism * Handle fetch of container logs of error containers during pod termination * Create short name for cronjob * isolate node creation into separate function, address PR comments * Disallow PriorityClass names with 'system-' prefix for user defined priority classes * vclib: enable VM disk attach test * godep: update vmware/govmomi * Move workload registries to apps package * cleanup * Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT * remove mapper dependency - PrintSuccess * Allow passing request-timeout from NewRequest all the way down to actual request * Indicate endpoint subsets are an optional field * Return information about which int tests failed in the summary * clean up unused function GetKubeletDockerContainers * fix todo: use selector.DeepCopy replace of hard code * add keyring parameter in Ceph RBD provisioner * devicemanager: increase code coverege of endpoint's unit test * Reimplement 2 tests using fakeexec * Enable HPA tests on large clusters * Remove duplicated comment * Increment CRI version from v1alpha1 to v1alpha2 * Update kubelet for enumerated CRI namespaces * Switch CRI NamespaceOption from bools to enums * Remove provisioner configuration from info message. * delete unused generated file * abstract proxy servicePort and endpoints * auto generated items * regenerated files * add k8s:conversion-gen to internalversion * Change log format: replace () to [] * simplify the if logic * Removed unnecessary test code. * Make kubelet flags of kube-up.sh configurable. * autogenerated files * Update PriorityClassName API doc * add AddInstanceHook mock method, test insertion of new instace * check presence of healthcheck * test loadbalancer resources created & deleted * Move shared load balancer variables out of test.lb update/delete tests * Add TestEmsireExternalLoadBalancer test * remove a todo which is out of date * Fix to register priority function ResourceLimitsPriority correctly. * fix TODO: moving driver name check in API validation * Use SetInformers method to register for Node events. (#449) * [e2e ingress-gce] Plumb the Logger interface and avoid assertion in util functions * Initial local PV block device plugin checkin. * Ensure euqiv hash calculation per schedule * test: bump timeout on //pkg/master * authentication: remove TokenRequest from authentication.k8s.io/v1beta1 * Better timeout in slower virtual machines * svcacct: move claim generation out of TokenGenerator * kube-scheduler: Use default predicates/prioritizers if policy config does not specify them * Add context to all relevant cloud APIs * IPv6: Ensure calculated node CIDR size for pod subnets is valid * Fix flaky AdmissionWebhook e2e-crd tests * move makeHostUrl to gce_instances (only used there) * use comparable host path instead of full url when creating a targetpool * split docker-logins logic into 2 handlers * fix apply --force w/ invalid AND conflicting resource * Update generated code * Update etcd version from 3.1.10 to 3.2.14 when upgrading a K8s cluster to use IP aliases. * Document kubeadm API * Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface. * kubectl: cannot set --all and --selector at the same time * StorageOS support for containerized kubelet and mount options * Update storageos api dependency to 0.3.4 * fix golint warnings in daemon controller * Fix RBAC permissions for metadata agent. * add unchedule information to kubectl describe node * make sure mounter not nil and fix some typo * add testapigroup of apimachinery to go-to-protobuf * Remove defaultV18AdmissionControl in 1.10 cycle * Ensure public IP removed after service deleted * fix invalid match rules for advanced audit policy * fix typo in kubeadm * Ensure daemon opts are in effect before docker login * Refactor and add some tests. * clean temporary para for require-kubeconfig * Fix typo: constucts -> constructs * Fix TestPlugin func has two same if code/kind bug * clean up code * Use direct struct comparison, not reflection * Scheduler is not able to read from config file if configmap is not present * Equiv class volume fixes * Test ports are covered by firewall * Fix the wrong comment in cri constants. * Fix local PV node affinity tests and only run once * bzl: make integration tests actually work * certs: allow cert controller to delete csrs * Clarify that ListOptions.Timeout is not conditional on inactivity * Patch ingress upgrade test to ignore checking certain GCP resources * Redesign and implement volume reconstruction work * Ability to run an external binary instead of hyperkube cloud-controller-manager * Add comments about potential race in delta fifo. * Fix StatefulSet set selector bug * Add GCE instance UpdateNetworkInterface API to beta. * autogenerated * add minimal types for service account TokenRequest API * Use beta instead of alpha GCE Compute API to add an alias range to an instance. * Remove --service-sync-period flag which was not in use * kubelet ignores hugepages if hugetlb is not enabled * Revert "Add self anti-affinity to kube-dns pods" * Don't recycle PVs that are used by a pod * Pass pod informer to PV controller * add example for kubectl config unset, this will help user use * fix todo:Move function readinessCheck to util * add kube-root for file directory * core/v1 should be first in discovery order * build: fix a logic error in shell script. * Update kubeadm supported etcd version to 3.2.14 in 1.10 * Ignore OWNERS file in verify-godeps * Add OWNERS for translations folder * Add unit test for endpoint allocate * Add OWNERS for third_party folder * Add OWNERS for Godeps and vendor folders * Use `blkid` to get fs type of device. * Adding volume metrics support for vSphere Cloud Provider * Fix golint for openstack and cinder packages * fix typo in client-go * Remove resources that were moved to kubernetes/examples repo * refactor NsenterWriter to utilize pkg/util/nsenter * run hack/update-all.sh * add Annotations to audit event * When using the bootstrap cert, update the store * Cap how long the kubelet waits when it has no client cert * Add Annotations from the deviceplugin to the runtime * Regenerate the deviceplugin protobuf file * Add annotations to the deviceplugin API * Remove comment from Cluster Autoscaler manifest * fix todo: migrate to use framework.AddOrUpdateLabelOnNode/framework.RemoveLabelOffNode replace of updateNodeLabels * fix typo in cluster * Reformat log to show more details * fixing node labels for random tests invocation * Update etcd server version to 3.2.13 * Sort firewall params * Remove validation failure of Pod priority when the feauter is disabled * autogenerated files * Replace nominateNodeName annotation with PodStatus.NominatedNodeName in scheudler logic * nodelifecycle: set OutOfDisk unknown on node timeout * patch cmd/kubeadm/test/cmd/BUILD for bazel 0.10 * Promote v1alpha1 meta to v1beta1 * Use `blkid` to get fs type of device. * Add mwielgus and MaciekPytel to GCE owners * Cluster Autoscaler 1.1.1 * Add Terminating state to PVs * Cleaning up loopback removal process * Add e2e test for PV protection * fix irregular descriptive docs * Introduce apiserver profile-gathering library in testing framework * Conversion from typed to unstructured should set GVK * delete duplicate function for getting volume source * fix the format for github error * fix TODO:change to a api-server watch * Configurable etcd quota backend bytes * kubeadm init: skip checking cri socket in preflight checks * Move MountPropagation to beta. * Fix typo in CHANGELOG-1.10.md. * initialize ipvs proxy owners file * fix todo: Move isDecremented to pkg/apis/core/validation * update bazel * check ErrorNotFound in netlink.go to fix cross build error * Add tests for pkg/serviceaccount. * update bazel BUILD * fix review comments * validate ipset entry before adding in ipvs proxier * validate entry in ipset * validate set in ipset * refactor ipset interface AddEntry() * add basic functionality deployment integration tests * [e2e ingress-gce] Retrieve the correct health check resource * Update CHANGELOG-1.10.md for v1.10.0-alpha.3. * bumping timeouts for apiserver communication. * suggest using describe cmd to list pod containers * kubelet: only register api source when connecting * Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node. * Add IPv6 to ref page descriptions. * [GCE Ingress e2e] Add test for pre-shared certificate * Revert "fail earlier on discovery failures" * Ensure that the runtime mounts RO volumes read-only * cluster/gce: remove salt comments from manifests * cluster: remove kube-registry-proxy * cluster: remove unreferenced vars * cluster: remove unused kubelet token * cluster: delete image staging * cluster: remove some cvm stuff * cluster: remove unused functions * gce: delete opencontrail vars * Fix typos * Fix typo * Expose etcd compaction interval param for kubemark apiserver * Add UT test TestCheckOpenStackOptsfunc * Auto generated BUILD files. * Update test framework featuregates type. * fix a typo in pkg/cloudprovider/providers/azure/azure_loadbalancer.go * Fix typo (a -> an) * fix a typo in pkg/apis/core/fuzzer/fuzzer.go * Make predicate errors more human readable * Add GCE ingress test case for modified health check * kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address * Elaborate deprecation warning * fix typo in package apiserver * aesgcm - passing * add upstream * use node-e2e framework for testing cadvisor * Update Calico to version v2.6.7 * Fix cross-build breakage after #58174 * Disable JUnit-style reporting for benchmark script * Adding lower() to kubernetes master's usage of allow-privileged. * remove alpha when running cloud-controller-manager with hyperkube * Fixing issue with capitalization causing odd behaviors for allow-privileged configuration option. * Expose etcd compaction time via environmental variable in GCE * refactor kube-aggregator api group install * Add policy for pv protection controller * Add PV protection controller * existing PV controller changes * reuse PVC protection admission plugin for PV protection * Rename PVCProtection feature gate so that PV protection can share the feature gate with PVC protection * Change feature gate PreRelease to Beta * Use v1beta1 VolumeAttachment * update all * PVC Protection E2E Tests for Failed Scheduling * sample-controller: document minimum kube version * Add Beta VolumeAttachment API * Add call to addCredentialProviderFlags * Do not use ifupdown commands * reopen #58913 Fix TODO move GetPauseImageNameForHostArch func * fix the format for github error * modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go * Use `blkid` to get fs type of device. * Build Kubernetes binaries with valid Semantic Version * codeClean-merge-logfAndFailnow-to-fatalf * fix rebase error * Fix typo and comments * Ensure IP is set for Azure internal loadbalancer * fix some typos in filters * Update tests to use the hostexec:1.1 image * e2e test: use sleep to wait in hostexec * Fixes ci-ingress-gce-upgrade-e2e * Client ca post start hook now checks if the system namespace already exists before creating it. * cloudprovider/openstack: fix bug the tries to use octavia client to query flip * Change manifest file perms to remove execute * Autogenerated files * Add NominatedNodeName to PodStatus * Fixing upgrade charm failing if upgrading from an old enough charm(pre Nov 2017). * Fix PodPidsLimit and ConfigTrialDuration on internal KubeletConfig type * Add deprecation comment to PersistentVolumeReclaimRecycle * Add crds as CustomResourceDefinition shortname * Add test/fix for ErrShortBuffer edgecase * Make eviction manager work with CRI container runtime. * When installing vendored godep, ensure that it's in path * Remove unneeded code * Remove port from HTTPProxyCheck * Reset DeferredDiscoveryRESTMapper before use * Don't go get godep in jenkins scripts * initial work for azure file grow size implementation * Fix race condition in fake runtime test. * remove some unused functions in validation.go * Add UT test to openstack and two para in configFromEnv * deprecate insecure http flags and remove already deprecated public-address-override * Correct the URL of openstack and make test case more detail * Add detailed err in ensure docker process error * fix mistaken info print * Remove setInitError. * Add HyperVContainer feature gates * Add experimental hyperv containers support on Windows * [GCE] Set --kubelet-preferred-address-types on apiserver by default * fix portallocator comments * Update to go1.9.3 * Update bazelbuild/rules_go to support go1.9.3 * Fix flaky AdmissionWebhook e2e tests. * Support GetLabelsForVolume In OpenStack * Generate cri apis automatically * Add windows config to CRI * Skip rescheduler test. * update e2e test for resourceQuota support on extended resources * resourceQuota support for extended resources * Forcing get_node_name to continue searching for a node name if the returned list of nodes doesn't include this one. * Set generate-kubelet-config-file to true by default. * Perform resize of mounted volume if necessary * CRI: Add a call to reopen log file for a container * Add more tests. * Improve messaging on resize * Fix setting qps in density test. * removes the remainder from ScalerFor method * Fix pod sandbox privilege. * pkg: kubelet: do not assume anything about images names * Kubelet flags take precedence * correct typo in HorizontalPodAutoscaler status condition * Removal of KubeletConfigFile feature gate: Step 3 (final) * remove dead prefix field * fix parameter advertise_address should be --advertise-address * Remove unused test for node auto-repair. This test is testing GKE only feature and should use different infrastructure. * remove --tls-ca-file which had no effect * remove dead testing code * Fix TC resource Leak * Expose default service IP CIDR in apiserver * pass listener in apiextentions-apiserver test to prevent port in use flake * use info instead of infof when no format * add RequireKubeConfig back for pull-kubernetes-e2e-kops-aws * run update bazel * code cleanup in integration framework * The TODO has been completed, so remove the comments * Only rotate certificates in the background * Fix self link for cluster scoped custom resources * fix webhook admission README * refactor resource_config.go thoroughly and remove useless code in registry * fix GetCustomResourceListerCollectionDeleter comments * remove support enable-disable api resources * fix `make quick-verify` * Revert "Change equivalence class hashing function" * kubelet: remove the rktshim directory * Fix pod security policy capability test. * Add e2e tests for GPU monitoring. * Add brackets and quotes where needed * Contain variable names in shell2unit Also correct unbound assertions variable error on line 176 * Add cblecker to shell2junit OWNERS You break it, you bought it. * Add in godeps verification for hack/lib/ and build/ * Split ClientConfigFor() * fix url parsing for staging/dev endpoint * Update CHANGELOG-1.10.md for v1.10.0-alpha.2. * Adds breadcrumb to crictl warning * csi: Update version comparison model * Mark ServiceProxyAllowExternalIPs feature as deprecated * Add deprecated stage of feature gates * Add a metric to track usage of inflight request limit. * Clean up unused functions and consts * Make REST mappings for resources a unique list * mini fix about typo * Prefer exact resource name matches to shortname expansions * Prefer apps/v1 storage for daemonsets, deployments, replicasets * Revert "Remove changes on SECONDARY_RANGE_NAME." * fix some log param error modified: pkg/cloudprovider/providers/vsphere/vsphere_util.go modified: pkg/controller/certificates/cleaner/cleaner.go modified: pkg/controller/volume/pvcprotection/pvc_protection_controller.go modified: pkg/volume/azure_dd/azure_mounter.go * Remove changes on SECONDARY_RANGE_NAME. * Only run verify-staging-godeps if staging/godeps are touched * fix runtime-config bug in kube-aggregator * Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132. * Fixing spaces issue found with tests. Had some missing parameters for some functions. * Tag multi-az cluster volume e2e test with sig-storage * Add allowPrivilegeEscalation to kubectl describe psp * Add storage-backend configuration option to kubernetes-master charm. * Change flags to variables so that they can be passed through make * Set KUBE_JUNIT_REPORT_DIR on dockerized test * Fix unset variables in shell2junit * Produce junit results for verify job * Use ipc-utils container in HostIPC tests. * Add new e2e-test container to export ipcs from util-linux * Refactor handling of IpcMode for the actual container * Don't assume ipcmk command supports size suffix. * Make it possible to override the driver installer daemonset url from test-infra. * Skip NoNewPrivileges test when SELinux is enabled * Move multizone e2e to sig scheduling path * Fix adding FileContentCheck * Fix kubectl explain for cronjobs * fixing array out of bound by checking initContainers instead of containers * Add UT test to openstack_test.go * remove unused func in FakeConfigurator of scheduler * Rename package deviceplugin => devicemanager. * serviceaccount: handle jwt flow specific validation in seperate validator struct * serviceaccount: check token is issued by correct iss before verifying * Use GlobalMemoryStatusEx to get total physical memory on Windows node * use containing API group when resolving shortname from discovery * Fix equivalence cache hash tests. * Move equivalence class hash code. * Change equivalence hash function. * Add benchmark for equivalence hashing. * Fix equiv. cache invalidation of Node condition. * fix neg e2e test * Increase KUBE_PARALLEL_BUILD_MEMORY to 40G. * Tag Security Group created for AWS ELB with same additional tags as ELB * Adding downgrade test for ingress-gce * Fix bug in dockerized benchmarking script * Created bootstrap logic for vSphere test * Removal of KubeletConfigFile feature gate: Step 1 * selinux/mustrunas_test.go(TestMustRunAsValidate): add more test cases to improve code coverage. * selinux/mustrunas_test.go(TestMustRunAsValidate): make PSP SeLinux options configurable. * selinux/mustrunas_test.go(TestMustRunAsValidate): rename a member to make its meaning obvious. * Update autogenerated files. * PSP: when comparing categories in SELinux levels, ignore its order. * bump version of addon manager * Ensure config has been created before attempting to launch ingress. * switch hyper to cobra * Create benchmark results file before writing to it * kube-apiserver flag --admision-control is deprecated, use the new --enable-admission-plugins * Add list of pods that use a volume to multiattach events * Don't bind PVs and PVCs with different access modes. * run update code-gen * remove newline after range * Add preferred self anti-affinity to kube-dns pods * Make the pause image a manifest list * add e2e test for bound/unbound pv/pvc count metrics * Distinguish service unavailable errors in client-go * By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access. * move service account signing to using go-jose * resource version parsing should all be in one place * godep: vendor gopkg.in/square/go-jose.v2/jwt * Use SSH tunnel for webhook communication iff the webhook is deployed as a service * Add some more azure unit tests. * vclib: update bazel * vclib: add VirtualMachine tests * vclib: add Folder tests * vclib: add Datastore tests * vclib: add test constants for use with vcsim * Add better event handling for deleted Pods * generated * add apiregistration v1 * Adding network spaces support for kubeapi-load-balancer. * update if statement * Adding network spaces support for kubernetes-master. * Update README.md with punctuation improvements * Return ServiceUnavailable error consistently from proxy * Skip unavailable services during e2e remaining content check * Wait for healthy extension server before registering APIService * Checked node.Unscheulable in Toleration predicate. * Add a e2e test for binary data in configmap * run a full round trip scenario * generated code and docs * Add support for binary file in configmap * Add a container type to the runtime labels * Openstack: Fill size attribute for the V3 API volumes * update bazel BUILD * ignore no such address error when unbind ip for IPVS service * Fix possible panic when getting primary IPConfig * Reduce verbose logs * Expose the generate stub for compute API * Fix logs message formating * Fix non-interface type ErrResourceNotFound on left * Remove salt configuration from the fluentd-gcp configuration. * Add additional unit tests. * fix invalid admission name LimitPodHardAntiAffinityTopology * Update Instances to use generated code * Improve the upgrade test for ingress. * Add gce-ingress e2e test for sync failure case * Force use of Makefile for update * kubectl: Use metrics-server for kubectl top commands * Fixing some flake8 issues * Refactor gcp.go methods for testability, add tests * Use correct pv annotation to fetch volume ID. * Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size. * Don't run godep restore in jenkins verify * don't stop informer delivery on error * Use backup location to load cloud config for OpenStack * Support out-of-tree / external cloud providers * ref -> $ref * run update bazel and staging-godep * pass APIEnablement through apiserver chain * Hide generated files only on github * fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation. * fix the wrong err print of assumepod * Updated priority of mirror pod by PriorityClass. * Use /proc/net/nf_conntrack. * bugfix(mount): lstat with abs path of parent instead of '/..' * Fix autoscaler deployment bug * fix userid validation * Update unavailable aggregated APIs to 503s instead of 404s * Remove op field as it is no longer needed * Moved func WaitForPersistentVolumeClaimBeRemoved Among Other WaitFor Functions * Kubelet provides an updated and complete status of local-static Pods * GCE: invalid location was used in regional and zonal operations * Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value * sync code from copy destination * Update NEG to use generated code * Fix master regex when running multiple clusters * [e2e util] Remove static IP functions based on gcloud * Fixes some typos/spaces in the GCE cloudprovider * Resulting generated code * Add logging in all generated GCE calls * Generate bindata.go and k8s.mo * dockershim: clean up the legacy interface * switch to new detect-exeptiions plugin release 0.0.9 * use original pos filenames again * dockershim: call DockerService.Start() during grpc server startup * Fix all the unit tests and update the bazel files * dockershim: remove the use of kubelet's internal API * A couple of more changes: 1) revert the changes on assigning subnetwork_url from selfLink as it may break if using an overrided api endpoint; 2) update etcd version to the latest. * Bump metadata proxy to v1.9 * Send correct resource version for delete events from watch cache * generated * Never let cluster-scoped resources skip webhooks * fix provider-id bad param in local-up-cluster * Adding support for changing default backend and nginx container images * Make IsConnectionReset work with more error implementations. * GCE: Check that the key is valid for each call * GCE: Fix Valid() to check for proper region/zone names * return reason for allowed rbac authorizations * tolerate more than one gvklist item * generated * add options for min tls levels * Skip log path tests when they are expected to fail. * Benchmarking script pretty-prints results into a separate file * Show all the annotations in ingress rules * updated iamge & configmap versions * updated fluentd configmap with 1.1.0 compatible version * Remove github.com/juju/ratelimit * Switch from juju/ratelimit to golang.org/x/time/rate * Remove Saturation() from rate limiter interface * updated fluentd-es-image to use fluentd 1.1.0 * Changing where the charm gets network addresses in order to support network spaces. * Clean up error messages for pre-bound PVCs. * Fix typo * make kube-apiserver admission flag disable other plugins * kubeadm: Allows to specify custom flag values for control plane components * Fix UpdatePodWithRetries inline documentation * Add Namespace to glusterfs custom volume names. * use GetUniqueVolumeNameFromSpec instead of implementing it manually * Update TargetPool to use generated code * Openstack: register metadata.hostname as node name * testcase to pkg/kubelet/cadvisor/util.go * Update Zones to use generated code * Update bazel * Update Routes to use generated code * run update bazel * update admission test cases * refactor admission flag: add two admission flags and make plugins auto in recommended order * Uncomment the call to upgrade.sh * Remove getOldSecurityGroupName() from OpenStack cloud provider * Get windows kernel version directly from registry * fix event message when processing loadbalancer update * Minior changes on comments. * Minior changes on comments. * A couple of minior changes: a) fetch the subnetwork url from subnets describe command rather than compose it from env vars; b) explicit specify etcd version env vars before running upgrade.sh to avoid prompt. * Add liggitt to hack approvers * add pkg/util/ipset OWNERS file * Remove ignoring of object not found on deletion * Fix reference to Items in internal load balancer * Update bazel * Update Forwarding rules to use generated code * Update bazel * Update Firewall to use generated code * Update bazel builds * [GCE cloud provider] external lb - move target pool operation into its own function * [GCE cloud provider] Update hosts in EnsureLoadBalancer() * Update TargetProxy to use generated code * Update e2e test utils with the new interfaces * Update InstanceGroup to use generated code * Update Certs to use generated code * Update Healthcheck to use generated code * Update BackendService to use generated code * Update UrlMap to use generated code * Update Addresses to use generated code * Use the pkg_tar wrapper from kubernetes/repo-infra * Bump bazelbuild/rules_go and kubernetes/repo-infra to tip * Add multi-vc configuration for e2e tests * Update cluster addon Calico to v2.6.6 * Remove apiVersion from scheduler extender example configuration * CHANGELOG: feature flag is "AdvancedAuditing" not "AdvancedAudit" * Update code for GCE cloud provider * Add handling for method that use Pages() to retrieve results * Fix flake8 lint error in kubernetes-master charm * Update CHANGELOG-1.9.md for v1.9.2. * trace patch operations * uniquify resource lock identities * Update generated code * Enable privileged containers for apiserver and controller * make the kubelet cobra command complete * handle scheduler without exposed ports * Ability to specify OS_* variables for OpenStack configuration * Add apiserver metric for number of requests dropped by 'inflight-request' filters. * make the controller manager create and use a valid cobra command * admit upgrading storage class of pvc from beta annotation to spec field * run update bazel * upgrade to apps/v1 deployment * fix some typos in comments * Promote SS to apps/v1 * Fix loading structured admission plugin config * Surface error loading admission plugin config * fix a little typo in BalancedResourceAllocation * remove duplicated check of device path in aws attacher * kubeadm: remove Initializers (still in alpha) from admission control * Enable --external-cloud-volume-plugin/--provider-id for local-up-cluster * Update gce call to use wrapper in gce_loadbalancer_external * inject 60 second interval in deployment rollout * new testcases to util.go * configurable scopes for gcp default credentials * Better check for GCE VM * apps api is now stable, use it * Add deprecation warnings for rktnetes flags * Update release note links for 1.10 * kubelet: imagegc: exempt sandbox image * Adding support for custom TLS ciphers in api server and kubelet * client-go: fix bootstrap token imports * Rework method of updating atomic-updated data volumes * low hanging fruit for using cobra commands * bump addon version in makefile * Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set * Track run status explicitly rather than non-nil check on stopCh * Update comments for getting and removing loopback device at iSCSI,FC,RBD * Reduce Metrics Server memory requirement * handle uniquified holder identities * set fsGroup by securityContext.fsGroup in azure file * hack/update-swagger-spec.sh(cleanup): fix signal handler to really cleanup etcd and minor improvements. * create auto-gen files * Add generic Bootstrap Token constants and helpers to client-go * Delete redundant symbols * Recheck if transformed data is stale when doing live lookup during update * Add get volumeattachments support to Node authorizer * Plumb versioned informers to authz config * Fixed spelling of Promethus to Prometheus * improve error message for expired tokens * remove duplicated import * Update CHANGELOG-1.8.md for v1.8.7. * fail earlier on discovery failures * Allow version arg in "kubeadm upgrade apply" optional * remove flaky label from eviction tests * Change default volume source to regular emptydir for e2e volume servers * hack/update-swagger-spec.sh: when API server fails to start, show the last lines of logs. * cluster: delete saltbase * cluster: remove gce dependencies out of salt * cluster: remove centos dependency on saltbase * azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request * say which lease is being acquired * Call Dial in blocking mode * Regenerating code of fake clientset * fix(fakeclient): write event to watch channel on add/update/delete * fix azure TestGetInstanceIDByNodeName data race * Benchmark non docker specific * move prometheus init to k8s.io/apiserver/pkg/endpoints/metrics/metrics.go * bump(gopkg.in/yaml.v2): 670d4cfef0544295bc27a114dbac37980d83185a * auto generated code * Add fsType for CSI * Add support for submitting/receiving CRD objects as yaml * Return correct error when submitting patch in unsupported format * Add error helpers and constants for NotAcceptable and UnsupportedMediaType * Add more unit tests * Fix azure fake clients: use pointers * Rename filenames for clear * Convert nodeName to lower case for vmss instances * Create Conformance document to display all tests that belong to Conformance suite * Log message at a better level * Limit all category to apps group for ds/deployment/replicaset * csi: Fix versioning error message * Fix comparison of golang versions * remove outdate package * Return the correct set of supported mime types for non-streaming requests * Update generated files * admission: do not leak admission config types outside of the plugins * cmd/kube-apiserver/app/aggregator.go: add comments for explaining the group/version fields. * Add script to run integration benchmark tests in dockerized env * Review fixes * Show findmt command output in case of error * kubectl scale: support Unstructured objects * unstructured helpers: print path in error * remove invalid and useless functions from unit test * Extend the ListNextResults methods with the resource group and instrument them * Remove unused code in UT files in pkg/ * use shared informers for TokenCleaner controller * Rename func name according TODO * add ut for localhost nodeport * fix nodeport localhost martian source error * fix some bad url * Updated PID pressure node condition. * Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9 * cluster: move logging library to hack/ * periodically flush writer * cluster: remove support for cvm from gce kube-up * cluster: remove kube-push * fix typeos in cloud-controller-manager * -Add scheduler optimization options, short circuit all predicates if one predicate fails * Added metrics for preemption victims, pods preempted and duration of preemption * Improved readability for messages being logged * Remove vmUUID check in VSphere cloud provider * Remove salt support for providers that no longer exist. * Check grpc server ready properly * Use the bazel version check function from bazel-skylib * Revert "Rewrite go_install_from_commit to handle pkgs that aren't in HEAD" * Install gazelle from bazelbuild/bazel-gazelle instead of rules_go * Adjust the Stackdriver Logging length test * Bump runc to d5b4a3e * Bump fluentd-gcp version * hack/generate-bindata.sh: make output cleanly by suppressing pushd/popd output. * Fix endpoint not work issue * The lbaas.opts.SubnetId should be set by subnet id. * add KUBE_ROOT in directory * Instrument the Azure API calls for Prometheus monitoring * the changes introduced in this commit plumbs in the generic scaler into kubectl. * Use GinkgoRecover to avoid panic. * Use linux commands instead of docker commands. * Build files generated * Metrics for predicate and priority evaluation * use shared informers for BootstrapSigner controller * fix a typo * update generated code * Set pids limit at pod level * Get the node before attempting to get its Alias IP ranges * Fix CHANGELOG urls for release 1.9.1 * Removing Flexvolume feature tag in e2e tests and alpha tag in Flex path arguments because Flexvolume is now GA. * Fix golint errors on test/e2e/e2e.go * Fixing logs for cri stats * bump(k8s.io/kube-openapi): a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3 * remove OpenAPI import from types * [FC Plugin] Create proper volumeSpec during ConstructVolumeSpec * Add kawych to Metrics Server owners * add hostPorts to pod describer * remove provides which has been deleted * fix windows ut for proxy mode * Fixed crash when path has multiple leading slashes * Update bazel. * Add custom volumename option to GlusterFS dynamic PVs. * Remove the deprecated vagrant kube-up implementation. * Add e2e test logic for device plugin * Add zouyee as a reviewer for the cluster/centos directory. * Don't rewrite device health * fix ipvs proxy mode kubeadm usage * add number measurement for bound/unbound pv/pvc * integration: add retries to node authorizer tests * Add `cloud` for the generated GCE interfaces, support structs * Fix quota controller worker deadlock * Create a feature flag for sharing PID namespace * remove support for container-linux in gce kube-up * Fix cadvisor flag registration for cross build * remove deprecated photon controller * added fluent-plugin-detect-exceptions plugin to fluentd-es-image * Fix policy conflict in the CPU manager node e2e test. * Mark kubelet PID namespace flag as deprecated * manuallly handle encoding and decoding in the scale client * move detach out of os volumes attach * generated code for iSCSI plugin change * Block volumes Support: iSCSI plugin update * fix for local-up-cluster.sh bad cloud_config_arg * added fluent-plugin-detect-exceptions plugin to fluentd-es-image * fixed some bad url * Fix bug:Kubelet failure to umount mount points * Add volID based delete() and resize() if volID is available in pv spec. * Add azClientConfig to pass all essential information to create clients * typo of errUnsuportedVersion * Fix lint and bazel * Clean up azure rateLimiter and verbose logs * Add wrappers for azure clients * Remove options.md, which is outdated and doesn't contain any useful information. * Move common functions together * All Kubelet flags should be explicitly registered * Revert "no need delete endpoint explicitly in endpoint controller" * Update generated code to stable order * hack/ scripts to keep the generated code in sync * cmd/kubectl: fix broken error formatting for run * Remove glog dependency in the generator * Fix gofmt * Ignore golint failures for bad compute API names * Clean up documentation. * BUILD * Hand written unit test for exercising the mock * Special custom code for handling the Projects resource * Generated code (see gen/main.go for the source) * support interfaces for the generated code * code generation * long running operation support * documentation * Implementation of the compute "filter" handling for List() * "meta" type descriptions used for code generation * Support utilities * Remove aws from the cluster/ directory. * Remove the empty vsphere directory from cluster/ * Let mutating webhook defaults the object after applying the patch sent back by the webhook * Treat staging repos as authoritative for all files * Remove unnecessary docker specific logic in node e2e test. * Add getCRIClient and set default values for CRI related flags * removed deprecated libvirt-coreos kube-up/ from cluster * remove deprecated openstack heat * removed deprecated windows install script from cluster * make controller port exposure optional * [kubeadm] Bump kube-dns to 1.14.8 * Move some old security controls to KubeletFlags and mark them deprecated * etcd client: add keepalive * kubeadm: more random tokens * Add volumemetrics for glusterfs plugin. * Handle Unhealthy devices Update node capacity with sum of both healthy and unhealthy devices. Node allocatable reflect only healthy devices. * Make code generators log to stderr by default * Refactor retry logic away from updateCIDRAllocation() * Fix vm cache in concurrent case * [Kubectl] Update RunCreate to follow more conventions * Fix exists status for azure GetLoadBalancer * Update spec dependency to point to 0.1 tag * run update bazel and staging-godep * refactor customresource handler * remove unnecessary function getBuggyHostportChain * fix rbd ConstructVolumeSpec bug * update apiserver key/crt with a long expire time * Abstract cmd valid args get behind the factory * Refactor HostIP predicate algorithm * Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup. * Renews cached NodeInfo with new vSphere connection * enable on-demand metrics for eviction * generated: update staging godeps * client-go: remove import of github.com/gregjones/httpcache * Add vSphere Cloud Provider simulator based tests * Update vmware/govmomi godeps * Allow oadm drain to continue w ds-managed pods w local storage * pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. * include kube-dns deployment check * Bump fluentd-gcp image used to 2.0.13 * Add gnufied as AWS approver. * Add jsafrane as util/mount approver. * Fixed TearDown of NFS with root squash. * Enable support for etcd3 * Add support for cloud-controller-manager in local-up-cluster.sh * Containerized kubelet is no longer experimental * remove deplicate func * Add CustomResourceValidation example in sample-controller * add remount logic if original mount path is invalid * fix csi attach ut print * fix csi mounter ut print * use danglingerror * Fix build and test errors from etcd 3.2.13 upgrade * Update staging deps for etcd 3.2.13 version bump * Version bump to grpc-gateway v1.3.0 * Version bump to grpc v1.7.5 * Version bump to etcd v3.2.13 * tiny fix * fix populateDesiredStateOfWorld bug for attach/detach controller * Fix Typo in apiserver README * forbid unnamed context * Add test coverage for metrics/utilization.go * use sets.String to replace slice when sort []string * update bazel * remove useless service watch in APIServiceRegistrationController * Adding support for Block Volume to rbd plugin * Make sure is not nil * Add proxy_read_timeout flag to kubeapi_load_balancer charm. * fix typos in kubectl pkg * Do not set BaseURI again * add folder named custom in gce * Fix scheduler refs in BUILD files. * Move scheduler code out of plugin directory. * Update kube-dns to 1.14.8 * Remove dependency on v1 API in base credential provider * Remove mikedanese from kubeadm owners since he's no longer actively working on the project. * Kubeadm: clean up MarshalToYamlForCodecs * Fix local e2e test with changed error message * Use existing subnetwork of forwarding rule * Fix errors in Heapster deployment for google sink * Re-add nodecontroller OWNERS file * Removing duplicate import * Add RESTClient Custom metrics empty test * Small improvement of showKind get * Enable list option modification when create list watch * Fix a broken link in the fluentd-elasticsearch addon README * Add fake clients * Add generic interface for Azure clients * Add FailedPostStartHook error message. * Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1 * fix-bug: version info should be printed when failed to execute 'kubectl apply -f XXXXX' * fix bug of swallowing missing merge key error * e2e node framework can generate a base kubelet config file * Changed return of empty string to raise an exception as it should have been from the beginning. * Split the NodeController into lifecycle and ipam pieces. * Fix ExternalAddress parsing problem under IPv6 * Update CHANGELOG-1.9.md for v1.9.1. * dockershim: bump the minimum supported docker version to 1.11 * Fixing typo in e2e test variable * Update pause container version to 3.1 * Minor commenting fixes for Azure Disk Controllers from CR * Allow kubectl set image/env on a cronjob * refactor function CalculateAntiAffinityPriority by using map/reduce pattern * fix possible panic * Add workaround for removing VMSS reference from LB * Update Azure GO SDK to v12.1.0 * Remove comments in get-kube.sh that imply support for environments that were removed long ago. * update bazel * remove hard coding Namespace * fixed the some typo in eviction_manager * delete the unused function in kubectl * Return actual error when backoff fails * fix-binary-check-cephfs * Clarify error messages in HPA metrics * Auto generated BUILD files * Add kubeproxyconfig round trip test * Move local PV negative scheduling tests to integratiom * validate admission-control param * Honor make variable OUT_DIR. * Make ConfigOK status messages more human readable by including the API path to the object instead of the UID * periodically check whether assigned kubelet config should become last-known-good * Avoid error on closed pipe * Invalidate resource requirements on extended resources with only request set. * Improve comments for Azure Blob Disk Controller * Move DefaultMaxEBSVolumes constant into scheduler * Add myself in kubeadm reviewers * More default fixups for Kubelet flags * Bump fluentd-gcp version * unify the print of pod metadata * prefer /dev/disk/azure/scsi1/ over by-id for azure disk * Double check before setKubeletConfiguration * Remove unused command waitfordetach from flex volume driver * Remove VirtualMachineClientGetWithRetry * Pass RecommendedConfig into ExtraAdmissionInitializers * Simplify extra initializer logic * Remove exists return value from getVirtualMachine * Update generated files * Run godep-save.sh and update-staging-godeps.sh * ignore nonexistent ns net file error when deleting container network * Update gengo version * RBD Plugin: Fix comments and remove unnecessary locking code. * [PSP] always check validated policy first for update operation * fix expand panic * format error message and remove duplicated event for resize volume failure * Optimizing the implementation of the error check for PriorityClass * Split auth related config for Azure * remove /k8s.io/kubernetes/pkg/kubectl/testing * Run update-api-reference-docs.sh. * Removing bootstrapper related e2e tests * Bump metadata proxy and test versions * Generate specs after fixing typo in documentation. * Fix typo in field description. * Update to latest gophercloud * Add 'exec' in all saltbase manifests using '/bin/sh -c'. * kube-proxy: fix field name comments & json tags * Configurable liveness probe initial delays for etcd and kube-apiserver in GCE * Do not time-out profiler requests. * remove redundant deleting endpoint explicitly in endpoint controller * edit line138 * create ipvs clusterIP rules in onlyNodeLocalEndpoints mode * Bump Metrics Server to version v0.2.1 * Regenerate all generated code * Add generated runtime and generated device plugin to update-all * fix type error in cteate Memory Threshold Notifier * Update boilerplate for 2018 * Print the full path of Kubeconfig files. * [garbage collector] fix log info * add test for syncvirtualServer * Add more verbose logs * Update CHANGELOG-1.7.md for v1.7.12. * Improve the error message. * fix ipvs virutal server update * add fake.DeleteRealServer UT * Modify ipvs real server equal * Fix vmss listing for Azure cloud provider * remove unused input param * process pvc watch deletion event miss in expand-controller * optimize volumeResizeMap lock * Use the regionless mirror alias * Updated local-volume boostrapper/provisioner e2e test for new config format * Use GA API for managing addresses * Add 'ProviderID' to the output of kubectl describe node.... * fix local up cluster startup flag bug * update bazel build files * Remove useInstanceMetadata param from Azure cloud provider * Remove redundant sleep from ReRegistration unit test case * Reduce VirtualMachineScaleSetsClient#List calls * Fix typo of compute.VirtualMachinesClient * Replace --init-config-dir with --config * Fix TestCadvisorListPodStats failure under mac/darwin * kubeadm: set kube-apiserver advertise address using downward API * Add owners file for test images * Add OWNERS file to pkg/bootstrap/api * Auto generated BUILD files. * Refactoring ValidateUsages for for bootstrap tokens. * Fix PodCIDR flag: defaults come from the object, not as literal args to the flag function * some code change * bump pflag * update vendor spf13/cobra to enforce required flags * update kubeadm validation test to fix test error * validate --hairpin-mode in kubelet config * fix wrong hairpin-mode value * Fix kubeadm upgrade unit test failure. * Support multiple scale sets in same cluster * Update DNS version in kubeadm of 1.10 cycle. * Switch go binaries from (hacky) static to pure Go * Update helper scripts to find binaries in new bazel-bin paths * Use race="off" mode instead of disabling race feature * Autogenerate BUILD files * Bump rules_go to 0.8.1 * remove dead code in pkg/api * [quota controller] remove extra queue.Add() * Fix a race in the endpoint.go * Use multi-arch pause image for tests * Revert back #57278 * metrics: make IMPLEMENTATIONS.md and CONTRIBUTING.md authorative in k/k * Revert k8s.gcr.io vanity domain * Fix AWS NLB delete error * Rewrite go_install_from_commit to handle pkgs that aren't in HEAD * Expose all GCE cloud proivder services versions, not just the GA API * Disable the DNS autoscaler test in large clusters. * Add cache for VirtualMachinesClient.Get in azure cloud provider * use /dev/disk/by-id instead of /dev/sd* for azure disk * Add fake clients for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient * Add generic interface for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient * add error string reference * rename key * dynamic config test: use a hyphen between the config name and the unique suffix * Performance improvement for affinity term matching. * Changing ingress from manually scaling rc to a daemon set. * Refactor kubelet config controller bootstrap process * add podtolerationrestriction config to scheme * Requeue unobserved nodes in attemptToDelete * Allow integration test timeout override. * Avoid array growth in FilteredList. * Update vendor of google.golang.org/api repo * Update CHANGELOG-1.8.md for v1.8.6. * Avoid string concatenation when comparing pods. * fix incorrect comment * Fixed typos and made documentation more consistent * add eventratelimit config to scheme * RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one. * hack/local-up-cluster.sh: improve messages when script was running with ENABLE_DAEMON=true * Ensure dependents are added to virtual node before attemptToDelete * Fixed space/tab indentation * Get automatically created subnetwork if none is specified * Merge 3 resource allocation priority functions * [kubelet]fix unstandardized function name, rename new() to newSourceFile() * Fix a bug in validating node existence. * Print/return the text from a number of errors that were silent before. * Update nfsprovisioner image to v1.0.9 to fix annotation race with pv controller * Auto generated BUILD file * Cleanup api service before namespace deletion. * iscsi: set node.startup to manual * Send an event just before the Kubelet restarts to use a new config * Add scheduler benchmark tests for affinity rules. * Set a minimum b.N for scheduler_perf benchmarks. * Add code-of-conduct.md to staging repos * gce: reorder authorizers * Move multizone volume tests to separate file and update multizone volume tests to only allow gce and gke * Update cluster-roles.yaml * Update policy.go * Update code-of-conduct.md * Fix problem accessing private docker registries * security_context_test.go(TestVerifyRunAsNonRoot): add more test cases. * Add custom metrics e2e test with two metrics. * Even better * Much better * reason key should exist * Evicted pods should respawn * client-go: Fix broken TCP6 listen for port forwarding * using consts to refer to predicate names * test: e2e: support NFS test on overlayfs * Renamed func name according to TODO. * cleanup useless functions and variables * update bazel BUILD * fix ipvs/proxier_test.go compile error * add tests in ipvs/ipset_test.go * Add '/version/*' to the system:discovery role, since that's what the open api spec says. * fix a typo * node_e2e: do not return error if Docker's check-config.sh fails * Refactor service controller to common controller pattern * update bazel BUILD * replace syscall with sys/unix pkg * fix todo in 'ipvs/proxier.go' * implement fakeIPSet in ipset util * Support passing kube-scheduler policy config * Deprecate the alpha Accelerators feature gate. * add semver metadata regex * fabiano no longer a thing * Collect all the assorted image URLs from e2e tests in one place * check function return err * improve code comment * Revert "Version bump to etcd v3.2.11, grpc v1.7.5" * apimachinery: fix typos in README * Use old dns-ip mechanism with older cdk-addons. * Add --retry-connrefused to all curl invocations. * Pointing juju charms to 1.9 * printFlexPersistentVolumeSource: fix format. * log error when error occur in CleanupLeftovers() * Do not require the linux headers to be installed. * Do not require the vim package to be installed * Move output and url checks under raw flag condition * apimachinery: remove dead code from roundtrip tester * add Dong Liu as approver and add OWNERS in credentialprovider * Build and push 3.1.11 etcd image * Revert "Add --retry-connrefused to all curl invocations." * Add a version string to pause.c * Add more validate conditions when run kubectl get with --raw * Minor lint fix * fix typos * cleanup useless functions in pkg/quota/evaluator/core/services.go * Update CoreDNS version and Corefile. * Auto generate BUILD files. * Use apps/v1 API in kubeadm. * Add azure owners * Cacher stopLock should be unlocked * e2e: CSI Volume tests * using RoundUpToGB function directly * Fix build and test errors from etcd 3.2.11 upgrade * Update staging deps for etcd 3.2.11 version bump * Version bump to grpc-gateway v1.3.0 * Version bump to grpc v1.7.5 * kubeadm upgrade: fix unit test * Version bump to etcd v3.2.11 * adds generic scaler to kubectl * Add CHANGELOG-1.10.md for v1.10.0-alpha.1. * e2e_node: use newer util-linux * e2e_node: use mktemp when building nsenter on trusty * add watch to requirements for quota-able resources * Add PodSecurityPolicy OWNERS * Add comment to gce config files advising to not use empty scopes * Seperate loop and plugin control * e2e test layout changes for vsphere (#398) * Remove hard-coded pod-controller check * implementing predicates ordering * Fix garbage collector when leader-elect=false * gcloud docker now auths k8s.gcr.io by default * Use k8s.gcr.io vanity domain for container images * wait for kubedns to be ready * Abstract some duplicated code in the iptables proxier * add --pod-selector opt kubectl drain * Fix Stackdriver Logging e2e tests * add deads to quota owner * If minimum mig size is 0, resize to 1 before running test * Add --retry-connrefused to all curl invocations. * Use GetDryRunFlag to keep consistent * Add test for Cider ExpandVolume * Reduce CPU and memory requests for Metrics Server Nanny * add not found error for ipset set and entry delete * Fix minor err in kubeadm * fix accessmode mapping error * Fix LB lint errors * remove useless function hasHostPortConflicts * Auto generated BUILD files. * Remove kube-proxy 1.8 configmap and daemonset manifests in kubeadm. * PVC Protection Alpha Feature E2E Tests * Propagate error up instead panic * Restrict url check conditions when creating with --raw * Look for requested resources in the Requests * update bazel BUILD * add fake ut * test get node IP * add pkg/util/ipvs OWNERS file * correct the annotations in container_manager.go * reapplied the changes after merge * minor fixes * get rg inside 'ensure' methods * delete pip by matching name and rg * annotate service with resource group * Allow use resource ID to specify public IP address in azure_loadbalancer * kubeadm: Only check for well-known files in preflight * COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming. * Fix GCE CreateVolume allocates in chunks of GiB incorrectly * remove unuse code in cloudprovider * [cloudprovider]should reuse code rather than rewrite it * Refactor TestPodContainerDeviceAllocation to make it readable and extensible * Don't create PSP binding when RBAC is not enabled * Add vikaschoudhary16 as reviewer in pkg/kubelet/cm/deviceplugin * fix magic string for runtime type * fix ipvs proxier nodeport * bump netlink version because of we need to use new version RouteListFiltered * Record volumeID in GlusterFS PV spec. * Update kubeadm's minimum supported kubernetes to 1.9. * remove white space on glogs * Fixed kubelet error message to be more descriptive. Added Attach success event for help in debugging. * Update CHANGELOG-1.9.md for v1.9.0. * Fix a typo and improve some documentation. * Do not use AddCleanup * Autogenerated code * Update detach logic for block volume if devicePath is empty * Pointed to community/contributors/guide/README.md * Use pod nanny configured with ComponentConfig in Metrics Server * Use pod nanny configured with ComponentConfig in Heapster * Fix format string in describers. * Register metav1 types into samplecontroller api scheme * remove FilterFunc and use SelectionPredicate everywhere * Remove unused well_known_labels in kubeadm. * Generated files * Process cluster-scoped owners correctly * make sure that 'ldflags' are spaces safe * update bazel * add admission into RecommendedOption * typo wrong, not "namespace", but "secretName" * Remove mutation from pvc validation * Improve error messages and comments in KubeAdm. * refactored mount, attach, resize operation's so that all failures generate events and event generation is more consistent. * generated: revendor * pkg/controller/bootstrap: update jose package * Use an s390x default-http-backend * Add e2e test for custom metrics with Prometheus and Stackdriver * Reduce CPU request of Dasboard addon * remove dependency from cobra, only use option test init flag * Adding myself as a reviewer to aws credentialprovider * Adding myself as a reviewer to aws cloud provider * Raise RBAC DENY log level * Refactor flex pv to allow secret namespace * gce: split legacy kubelet node role binding and bootstrapper role binding * Move 'DefaultTerminationGracePeriodSeconds' into a separate const group * GCE: bump COS image version to cos-stable-63-10032-71-0 * Modified local-volume provisioner e2e tests to use bind mounts * kubectl: point info url to user guide overview * Schedule Calico components even on tainted nodes * Fix admission metrics tests * Fix NLB icmp permission duplication * Test probe for redirect endpoint * added more description for flag '--watch-cache-sizes' to make the format of the flag clearer. * update staging godeps * Update debian setup script to match GCI. * allow convert to default on a per object basis * make quota reusable * expose special storage locations for downstream consumption * fix incorrect log * replace ConfigFast with ConfigCompatibleWithStandardLibrary * add benchmark for ConfigCompatibleWithStandardLibrary * fixed typo in kubeadm/v1alpha1/defaults.go * Kubectl: Move no-headers flag get out of for loop * bump(github.com/json-iterator/go): 13f86432b882000a51c6e610c620974462691a97 * auto generated file * enhance kube-schedule init flag * Fix unit tests * Add load balancer implementation of vmSet * Initialize vmSet based on vmType setting and call vmSet interface instead of azureClient * Add availability sets implementation of VMSet interface * Add scale set implementation of VMSet interface * Add a general VMSet interface for both scale sets and availability sets * Define default role for full kubelet API access * Enhance proxy mode validation * added defaults for --watch-cache-sizes description. * make kube-dns addon optional * Check ns setup error during e2e * Extend YAMLDecoder Read tests * Add VolumeMode in GlusterFS PV spec. * Remove trailing commas from test-swagger.json * Add tests for accept content-type fallback * Add e2e test for when a webhook does not return. * gce: tighten up perms on kube-env * Fixes issue#392. * check for empty label before assigning * apilb template writes a log file to /var/log/nginx.*.log and not into the nginx directory where the log rotation is setup. Adding a log rotation file for these logs. * Display apiGroups before resources in PolicyRule * remove useless validation from pod's resourcequota admission * remove internal version api from apply * ignore images in used by running containers when GC * check and set promiscuous mode with netlink because vishvananda/netlink already supports it * Sort default cidrs for reproducible builds * Fix YAMLDecoder Read behaviour * remove dead code * typo * Make AWS attach/detach operations faster * examples: Make messages more informative * LimitRange ignores objects previously marked for deletion * Remove unused federation docs * Remove unused ScrubDNS interface from cloudprovider * Remove ExternalTrafficLocalOnly from kube_feature gate * Reword double negative; link to readme * HugePages feature is beta in 1.10 release * Convert scheduler_perf tests to use subtest. * Add xfsprogs to hyperkube baseimage * Decrease the number of completions for flaky test * Bump fluentd-gcp version * fix rbd volume plugin ConstructVolume * enable flexvolume on Windows * Remove unused code in pkg/api/,pkg/apis/ * refactor getting uninitialized in kubectl get * old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go * Use gcloud beta instead of alpha for alias ops. * Update kube-up.sh * Add resource limits to prometheus-to-sd to guarantee qos * Improve etcd-version-monitor metrics proxying, add etcd 3.1 gprc metric support * Add ConnorDoyle as approver in /pkg/kubelet/cm. * Limit number of pods listed as master liveness check. * enable podpreset by default in local up cluster * Update CHANGELOG.md * Fix a comment in hack/lib/version.sh about which tags are used to get the version. * use gnu-cp in building etcd image * Update the comments on webhook failure policy. * Drop using cloud provider to set host address feature * Typo * update type-check to use printers.PritnHandler * ensure PrinterForCommand is consumed through cmdutil.Factory * remove dead code in lifecycle admission * also check pod securityContextt hostNetwork in exec admission controller * Ensure PVL controller is next pending initializer before labeling the PV * Remove useless error * Use hostname for CCM resource lock id * warn if kubectl create with extra argument * outdent err block * Hit ILB endpoint in ILB e2e test * Use struct key for TLS cache * Update systemstat9 to allow compilation on OSX * Set NON_MASQUERADE_CIDR in gce/config-test * fluentd-elasticsearch add-on: Improve README * Fix typo * rename mustrunas to capabilities * Remove hacks added for mesos * Simple code and typo fixed. * Move some tests to use go sub-test * Fix issue #390 * Add e2e test for volume resizing * Fix typo in test comment. * Cleanup for service API validation * fix wording in kube-scheduler warning * Fix flake8 error * Add job controller test verifying if backoff is reseted on success * kube-apiserver: fix runtime-config flag docs * should not ignore return messages from wait function * remove deadcode * remove unnecessary condition judgement * Fix a typo in kubectl/diff cmd long description. * Auto generated BUILD files. * Move some kubelet constants to a common place. * fix error typo of rbd volume teardown * use rbac client with explicit version * Revert changes in sync.go and sync_test.go as the error it intends to resolve becomes transient. * Add rbac policies for NetworkPolicy * Add hyperkube to make quick-release * Fix session out issue while creating volume and error message coming up while attaching the volume * Remove do-restart states * Change Auto-Repair e2e test tags. * Update bazel * conversion-gen: add godocs for peer dirs * client-gen: use --output-package instead of --clientset-path * code-gen: uniform reusable main.go logic * remove extra level check of glog * return error when create azure share failed * new testcase to cgroup_manager_linux.go * fix typo * Heap is not thread safe in scheduling queue * relax server list option, set Blackhole field * Heketi documentats incorrectly about sizes in GBs * validate container state transitions * security_context_test.go(TestVerifyRunAsNonRoot): remove unused variables. * Fixed typo * Addressing Comments from Code Review * add better error handling for unstructured helpers * Handling the case of an upgrade from a non-rolling master with resource change * update bazel BUILD * remove winkernel dead test code * change default azure file/dir mode to 0755 * should check the return value of os.DiskIsAttached * cleanup useless functions * Improve handling of snap resources * kubelet: include runtime error in event on CreatePodSandbox failure * WIP: extend node e2e test suite with containerized Kubelet * fix binary check for glusterfs.go * The change in channels will be caught config change after the upgrade. * fix bad output format for attaching pods * fix scheduling queue unit test * use ListByResourceGroup instead of List() * auto-generated BUILD file * completely remove the option to use auto-detect * update bazel BUILD file * test ipvs proxy mode when feature gateway set * Change `GCEDiskAlphaAPI` to `DiskAlphaAPI` * Fix master upgrade cornercases * e2e: test containers projected volume updates should not exit * use policy client with explicit version * use authentication client with explicit version * fix bug when cloud is nil * Do not log trailing whitespace. * test ipvs proxy mode when feature gateway unset * refactor canUseIPVSMode and test it * client-gen: separate input-base logic from CustomArgs * client-gen: clarify clientset-api-path * fix spaces around the / * Cpu manager reconclie loop can restore state * Log actual return code, not the default value. * clean up failure domain from InterPodAffinityPriority * fix typo and adjust import sequence * e2e: Only create PSP if RBAC is enabled * should check return err * Validate IPVSConfiguration only when IPVS mode is enable. * Add parent PR title to cherry-picked PR title * Add test case for validate kube-proxy configuration. * Improve kubeadm validation unit test coverage. * Merge PR #56260 again. * Add -s (--slient) option to curl. * A couple of more changes. Specifically, a) make the same changes to master-helper.sh for gci as container-linux.sh does; b) revert changes to sync.go and sync_test.go. * use core client with explicit version * Send events on ip and port allocator repair controller errors * admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value. * admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value. * Use file store utility for device plugin check-pointing * Remove redundant code in container manager. * export ENABLE_POD_PRIORITY_PREEMPTION=true to enable Pod priority and preemption * Remove unused directories. * Smoke test for OpenAPI paths in the test server * update IPVS readme * fix comment about PodAffinityTerm in api * put pod controllerref to metadata * fix binary check for nfs.go * wrong number of args in apiserver/pkg * Minor cleanup in kubeadm. * Add test case for RunCreateToken * Remove PVCLister and use informer directly. * Skip pods that refer to PVCs that are being deleted * Retry on adding secondary ranges to a subnet. * declare in front * Change wording in OpenStack Provider * Add a missing ) to glog.Waringf. * fix typos in this file * Synced the changed made in PR #56260. * HugePages require cpu or memory * missing format args in apiserver/pkg/endpoints * Use batch client with explicit version * Addressed bowei's comments. * Add NODE_LOCAL_SSDS_EXT to config-test * return routes for unknown next hops * CPU Manager panics on state initialization error. * Add balajismaniam, ConnorDoyle node-e2e approvers * hack: fix godep license parsing for gopkg.in packages * Lowecasing the hostname on the known nodes entry * use extensions client with explicit version * Fix typo. * refactor(service-controller/gce/ensureInternalBackendService): delete unused variable * add more test case in TestValidateStatefulSet * Lowercase hostnames when used as node names in k8s * Trying to make error message similar to what is expected in tests * remove useless const * make quick-verify: make the output a bit more readable by showing script names without full paths. * Fix test failure in sync_test.go. * pkg/controller/garbagecollector/garbagecollector.go: fix string format. * add mount options for azure disk * exponential backoff with timeout * fix ci problems * fix some errors * Using exponential backoff instead of linear * modify some wording * probeAttachedVolume improvement in Cinder * delete useless params containerized * some test enhance, comments enhance and duplicate code reduce * Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE. * Add docker-logins config to kubernetes-worker * make k8s support cephfs fuse mount * Auto generated BUILD files. * Remove kubeadm fuzzer from api testing * remove dead code * refactor kubectl autoscale to use the new generator * Use structured generator for kubectl autoscale * Update for cronJob * Replace type switches in Rollback with Visitor pattern * fix download link for fedora libvirt vagrant box * kubelet summary api test updates * CPU manager no-op policy is on by default. * Create sig-autoscaling-maintainers alias * Remove incorrect dead code. * Fix version indication for ServiceNodeExclusion * Fix a typo in kubeadm/GetEtcdPodSpec * Use `sets` instead of `for` statement in "IsValidAuthorizationMode" * httpserver should be close since the issue has been fixed * Added nodeAffinity in validation error msg. * remove unused code in pkg/apimachinery * pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function. * add UT for apk/apis/core/toleration.go * fix comment typo and use wait.Forever * Kubectl explain now also prints the Kind and APIVersion of the resource * NC should log the whole node condition. * bug(cli):fix kubectl rollout status not recoginze resource namespace * add UT for testapi.go * CreateContainerSecurityContext: rename; modify its arguments intead of returning a copy. * CreatePodSecurityContext: rename; modify its arguments instead of returning a copy. * remove internal version api from kubectl label command * remove internal version api from kubectl annotate command * add more ipv6 support in userspace proxier * move pod-check forward * Simplify the sorting codes * add apiServerCertSANs case for test GetAltNames * update BUILD * Use Error with no value format and fix typo error messages * add unit test for replicaset * add unit test for statefulset * kubeadm: Utilize transport defaults from API machinery for http calls * Append --feature-gates option iff TestContext.FeatureGates is not nil * Make StatefulSet report an event when recreating failed pod * #50598: Added NodeAffinity test case for nodeShouldRunDaemonPod * #50598: Formatted code using gofmt * Fix autoscaling API documentation * Update daemon_controller_test.go * #50598: Removed obsolete volume mount in TestNodeShouldRunDaemonPod * #50598: Added more test cases for nodeShouldRunDaemonPod * Fix protobuf generator for aliases to repeated types * Use []byte in place of string in envelope.Service. * Fix a typo in NewManager function * refactor method to pkg/util/node * Fix Makefile doc for quick-release * The printing level for node updated failed info should be used WARNING type * Add complementary unittest for kubectl logs * COS: Keep the docker network checkpoint * Update Quobyte API * Should use Fatalf while need to format the output * Bugfix: Update AddNodeaHandler error logs * delete archive * Correct TestUpdatePod comment * Allow Ceph server some time to start * allow setting --cgroup-parent for docker run commands * remove unused comment * fix defer * Fix typo * fix the bad code comment * small tfix in cmd factory comment * fix broken link * git: Use VolumeHost.GetExec() to execute stuff in volume plugins * fix incorrect comparison in /pkg/volume error message * Fix typo in comment * fix the typo of wtih * delete unused const - Fix bsc#1084766 * override volume plugin dir * create /var/lib/kubelet as k8s tmpdir - Require kubernetes-kubelet for kubeadm (bsc#1084765) - Update to version 1.10.2+81753b10df112992bf51bbc2c2f85208aad78335: * Bump Heapster to v1.5.2 * Remove 'system' prefix from Metadata Agent rbac configuration * Use O_PATH to avoid errors on Openat * Update event-exporter image * Kubernetes version v1.10.1-beta.0 openapi-spec file updates * Support new NODE_OS_DISTRIBUTION 'custom' on GCE * Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS * Add/Update CHANGELOG-1.10.md for v1.10.0. * e2e:Enable CSI tests * Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure * Ensure -o yaml populates kind/apiVersion * Add pod deletion to subpath tests, and subpath as file with container restart * Removed detailed internal storage metrics * add udev to hyperkube and bump versions * Backport etcd.manifest fixes for HA clusters from #61241 to 1.10 * Restore show-kind function when printing multiple kinds * Tolerate 406 mime-type errors attempting to load new openapi schema * Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don't generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3. * Fix #61363, Bounded retries for cloud allocator. * Fix Issue #61123, call syncer.Update on add event. * Update GLBC manifest to v1.0.1 * Add CRI container log format support back. * kubectl: fix a panic when createGeneratedObject failed * avoid resource leak when both `--rm` and `--expose` are specified * fix local volume issue on windows * fix typo that redefines variable and breaks code * Update the stackdriver agents yaml to include a deployment for cluster level resources * Use provided node object in volume binding predicate * Specify DHCP domain for hostname * apiserver's webhook admission use its own scheme * add e2e case for crd webhook * Cleanup CRD/CR confusion in webhook e2e tests * return error if get NodeStageSecret and NodePublishSecret failed * Introduce multimaster clusters support to e2e framework for GKE * Fix disruptive tests for GKE regional clusters * Fix resize nodes tests for Regional Clusters * Fix dns autoscaling test for Regional Clusters * Fix restart nodes tests for Regional Clusters * Fix resize test for Regional Clusters * Add wildcard toleration to nvidia-gpu-device-plugin. * Switch to k8s-1.10 branch of the installer in release-1.10 branch. * Fix umask to actually intended behavior. * Add support to ingest log entries to Stackdriver against new "k8s_container" and "k8s_node" resources. * fix incompatible file type checking on Windows * add tests for GetFileType * Use relative path for creating socket files * Cluster Autoscaler 1.2.1 * Kubernetes version v1.10.2-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.10.md for v1.10.1. * Fix PodStore to wait for being initialized * Increase cpu/mem thresholds for c-m in density test * fix nsenter GetFileType issue * Fix flaky crd e2e tests * Fix daemon-set-controller bootstrap RBAC policy * Ensure expected load balancer is selected for Azure * remove default fsypte in azure disk * Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" * CSI - Apply fsGroup volume ownership when pv not readOnly * Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver. * Fix machineID getting for vmss nodes when using instance metadata * Fix use visible files creation for windows * fix devicePath update issue in Azure WaitForAttach func * Ensure service routing resolves kubernetes.default.svc correctly * distinguish custom dialers in transport cache * ensure tls server name is used in transport * Honor existing CA bundle and TLS server name in webhook client * Use local provisioner version that uses beta API * Fix volume node affinity to OR node selector terms * Removed no-empty validation of nodeSelectorTerm.matchExpressions. * Bump GLBC manifest to v1.1.1 * Generated build files * Adds migrations to the kubeadm upgrade phase config * Enforce not using newer kubeadm to upgrade older kubeadm * Update Istio addon to 0.6.0 and mirror images in gcr * Move istio-injection label to default namespace * respect fstype in Windows for azure disk * When using custom network with IP-alias, use the former's subnet for the latter too * Fix IP-alias subnet creation logic * Fix subnet cleanup logic when using IP-aliases with custom subnets * Fix ILB issue updating backend services * Detach bug fix * Manage Metadata Agent Config with Addon Manager * avoid dobule RLock() in cpumanager * Fix upgrade to Kubernetes v1.9.3+ * Revert "pass APIEnablement through apiserver chain" * Revert "remove support enable-disable api resources" * Revert "refactor resource_config.go thoroughly and remove useless code in registry" * fixup on dirty reverts * generated * loopback webhook integration test * Make integration test etcd store unique * Fix bash command for liveness probes in the metadata agents. * test: Disable ui dashboard test for gke * fix mirror-pod hash race condition * Implement ReadStaticPodFromDisk * Implement etcdutils with Cluster.HasTLS() * Update test-case, fix nil-pointer bug, and improve error message * Modify the kubeadm upgrade DAG for the TLS Upgrade * Add etcd L7 check on upgrade * Fix Etcd Rollback * Remove METADATA_AGENT_VERSION config option * Removed e2e test on empty NodeAffinity. * Added more UT for invalid case. * Revert "revert resource disablement, 1.10" - Update to version 1.10.0+fc32d2f3698e36b93322a3465f63a14e9f0eaead: * delete unused const * fix the typo of wtih * Fix typo in comment * fix incorrect comparison in /pkg/volume error message * git: Use VolumeHost.GetExec() to execute stuff in volume plugins * fix broken link * small tfix in cmd factory comment * fix the bad code comment * Fix typo * fix defer * remove unused comment * allow setting --cgroup-parent for docker run commands * Allow Ceph server some time to start * Correct TestUpdatePod comment * delete archive * Bugfix: Update AddNodeaHandler error logs * Should use Fatalf while need to format the output * Update Quobyte API * COS: Keep the docker network checkpoint * Add complementary unittest for kubectl logs * The printing level for node updated failed info should be used WARNING type * Fix Makefile doc for quick-release * refactor method to pkg/util/node * Fix a typo in NewManager function * Use []byte in place of string in envelope.Service. * Fix protobuf generator for aliases to repeated types * #50598: Added more test cases for nodeShouldRunDaemonPod * #50598: Removed obsolete volume mount in TestNodeShouldRunDaemonPod * Update daemon_controller_test.go * Fix autoscaling API documentation * #50598: Formatted code using gofmt * #50598: Added NodeAffinity test case for nodeShouldRunDaemonPod * Make StatefulSet report an event when recreating failed pod * Append --feature-gates option iff TestContext.FeatureGates is not nil * kubeadm: Utilize transport defaults from API machinery for http calls * add unit test for statefulset * add unit test for replicaset * Use Error with no value format and fix typo error messages * update BUILD * add apiServerCertSANs case for test GetAltNames * Simplify the sorting codes * move pod-check forward * add more ipv6 support in userspace proxier * remove internal version api from kubectl annotate command * remove internal version api from kubectl label command * CreatePodSecurityContext: rename; modify its arguments instead of returning a copy. * CreateContainerSecurityContext: rename; modify its arguments intead of returning a copy. * add UT for testapi.go * bug(cli):fix kubectl rollout status not recoginze resource namespace * NC should log the whole node condition. * Kubectl explain now also prints the Kind and APIVersion of the resource * fix comment typo and use wait.Forever * add UT for apk/apis/core/toleration.go * pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function. * remove unused code in pkg/apimachinery * Added nodeAffinity in validation error msg. * httpserver should be close since the issue has been fixed * Use `sets` instead of `for` statement in "IsValidAuthorizationMode" * Fix a typo in kubeadm/GetEtcdPodSpec * Fix version indication for ServiceNodeExclusion * Remove incorrect dead code. * Create sig-autoscaling-maintainers alias * CPU manager no-op policy is on by default. * kubelet summary api test updates * fix download link for fedora libvirt vagrant box * Replace type switches in Rollback with Visitor pattern * Update for cronJob * Use structured generator for kubectl autoscale * refactor kubectl autoscale to use the new generator * remove dead code * Remove kubeadm fuzzer from api testing * Auto generated BUILD files. * make k8s support cephfs fuse mount * Add docker-logins config to kubernetes-worker * Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE. * some test enhance, comments enhance and duplicate code reduce * delete useless params containerized * probeAttachedVolume improvement in Cinder * modify some wording * Using exponential backoff instead of linear * fix some errors * fix ci problems * exponential backoff with timeout * add mount options for azure disk * pkg/controller/garbagecollector/garbagecollector.go: fix string format. * Fix test failure in sync_test.go. * make quick-verify: make the output a bit more readable by showing script names without full paths. * remove useless const * Trying to make error message similar to what is expected in tests * Lowercase hostnames when used as node names in k8s * add more test case in TestValidateStatefulSet * refactor(service-controller/gce/ensureInternalBackendService): delete unused variable * Fix typo. * use extensions client with explicit version * Lowecasing the hostname on the known nodes entry * hack: fix godep license parsing for gopkg.in packages * Add balajismaniam, ConnorDoyle node-e2e approvers * CPU Manager panics on state initialization error. * return routes for unknown next hops * Add NODE_LOCAL_SSDS_EXT to config-test * Addressed bowei's comments. * Use batch client with explicit version * missing format args in apiserver/pkg/endpoints * HugePages require cpu or memory * Synced the changed made in PR #56260. * fix typos in this file * Add a missing ) to glog.Waringf. * Change wording in OpenStack Provider * declare in front * Retry on adding secondary ranges to a subnet. * Skip pods that refer to PVCs that are being deleted * Remove PVCLister and use informer directly. * Add test case for RunCreateToken * Minor cleanup in kubeadm. * wrong number of args in apiserver/pkg * fix binary check for nfs.go * put pod controllerref to metadata * fix comment about PodAffinityTerm in api * update IPVS readme * Smoke test for OpenAPI paths in the test server * Remove unused directories. * export ENABLE_POD_PRIORITY_PREEMPTION=true to enable Pod priority and preemption * Remove redundant code in container manager. * Use file store utility for device plugin check-pointing * admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value. * admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value. * Send events on ip and port allocator repair controller errors * use core client with explicit version * A couple of more changes. Specifically, a) make the same changes to master-helper.sh for gci as container-linux.sh does; b) revert changes to sync.go and sync_test.go. * Add -s (--slient) option to curl. * Merge PR #56260 again. * Improve kubeadm validation unit test coverage. * Add test case for validate kube-proxy configuration. * Add parent PR title to cherry-picked PR title * Validate IPVSConfiguration only when IPVS mode is enable. * should check return err * e2e: Only create PSP if RBAC is enabled * fix typo and adjust import sequence * clean up failure domain from InterPodAffinityPriority * Log actual return code, not the default value. * Cpu manager reconclie loop can restore state * fix spaces around the / * client-gen: clarify clientset-api-path * client-gen: separate input-base logic from CustomArgs * refactor canUseIPVSMode and test it * test ipvs proxy mode when feature gateway unset * Do not log trailing whitespace. * fix bug when cloud is nil * use authentication client with explicit version * use policy client with explicit version * e2e: test containers projected volume updates should not exit * Fix master upgrade cornercases * Change `GCEDiskAlphaAPI` to `DiskAlphaAPI` * test ipvs proxy mode when feature gateway set * update bazel BUILD file * completely remove the option to use auto-detect * auto-generated BUILD file * use ListByResourceGroup instead of List() * fix scheduling queue unit test * fix bad output format for attaching pods * The change in channels will be caught config change after the upgrade. * fix binary check for glusterfs.go * WIP: extend node e2e test suite with containerized Kubelet * kubelet: include runtime error in event on CreatePodSandbox failure * Improve handling of snap resources * cleanup useless functions * should check the return value of os.DiskIsAttached * change default azure file/dir mode to 0755 * remove winkernel dead test code * update bazel BUILD * Handling the case of an upgrade from a non-rolling master with resource change * add better error handling for unstructured helpers * Addressing Comments from Code Review * Fixed typo * security_context_test.go(TestVerifyRunAsNonRoot): remove unused variables. * validate container state transitions * Heketi documentats incorrectly about sizes in GBs * relax server list option, set Blackhole field * Heap is not thread safe in scheduling queue * fix typo * new testcase to cgroup_manager_linux.go * return error when create azure share failed * remove extra level check of glog * code-gen: uniform reusable main.go logic * client-gen: use --output-package instead of --clientset-path * conversion-gen: add godocs for peer dirs * Update bazel * Change Auto-Repair e2e test tags. * Remove do-restart states * Fix session out issue while creating volume and error message coming up while attaching the volume * Add hyperkube to make quick-release * Add rbac policies for NetworkPolicy * Revert changes in sync.go and sync_test.go as the error it intends to resolve becomes transient. * use rbac client with explicit version * fix error typo of rbd volume teardown * Move some kubelet constants to a common place. * Auto generated BUILD files. * Fix a typo in kubectl/diff cmd long description. * remove unnecessary condition judgement * remove deadcode * should not ignore return messages from wait function * kube-apiserver: fix runtime-config flag docs * Add job controller test verifying if backoff is reseted on success * Fix flake8 error * fix wording in kube-scheduler warning * Cleanup for service API validation * Fix typo in test comment. * Add e2e test for volume resizing * Fix issue #390 * Move some tests to use go sub-test * Simple code and typo fixed. * Remove hacks added for mesos * rename mustrunas to capabilities * Fix typo * fluentd-elasticsearch add-on: Improve README * Set NON_MASQUERADE_CIDR in gce/config-test * Update systemstat9 to allow compilation on OSX * Use struct key for TLS cache * Hit ILB endpoint in ILB e2e test * outdent err block * warn if kubectl create with extra argument * Use hostname for CCM resource lock id * Remove useless error * Ensure PVL controller is next pending initializer before labeling the PV * also check pod securityContextt hostNetwork in exec admission controller * remove dead code in lifecycle admission * ensure PrinterForCommand is consumed through cmdutil.Factory * update type-check to use printers.PritnHandler * Typo * Drop using cloud provider to set host address feature * Update the comments on webhook failure policy. * use gnu-cp in building etcd image * Fix a comment in hack/lib/version.sh about which tags are used to get the version. * Update CHANGELOG.md * enable podpreset by default in local up cluster * Limit number of pods listed as master liveness check. * Add ConnorDoyle as approver in /pkg/kubelet/cm. * Improve etcd-version-monitor metrics proxying, add etcd 3.1 gprc metric support * Add resource limits to prometheus-to-sd to guarantee qos * Update kube-up.sh * Use gcloud beta instead of alpha for alias ops. * old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go * refactor getting uninitialized in kubectl get * Remove unused code in pkg/api/,pkg/apis/ * enable flexvolume on Windows * fix rbd volume plugin ConstructVolume * Bump fluentd-gcp version * Decrease the number of completions for flaky test * Add xfsprogs to hyperkube baseimage * Convert scheduler_perf tests to use subtest. * HugePages feature is beta in 1.10 release * Reword double negative; link to readme * Remove ExternalTrafficLocalOnly from kube_feature gate * Remove unused ScrubDNS interface from cloudprovider * Remove unused federation docs * LimitRange ignores objects previously marked for deletion * examples: Make messages more informative * Make AWS attach/detach operations faster * typo * remove dead code * Fix YAMLDecoder Read behaviour * Sort default cidrs for reproducible builds * check and set promiscuous mode with netlink because vishvananda/netlink already supports it * ignore images in used by running containers when GC * remove internal version api from apply * remove useless validation from pod's resourcequota admission * Display apiGroups before resources in PolicyRule * apilb template writes a log file to /var/log/nginx.*.log and not into the nginx directory where the log rotation is setup. Adding a log rotation file for these logs. * check for empty label before assigning * Fixes issue#392. * gce: tighten up perms on kube-env * Add e2e test for when a webhook does not return. * Add tests for accept content-type fallback * Remove trailing commas from test-swagger.json * Add VolumeMode in GlusterFS PV spec. * Extend YAMLDecoder Read tests * Check ns setup error during e2e * make kube-dns addon optional * added defaults for --watch-cache-sizes description. * Enhance proxy mode validation * Define default role for full kubelet API access * Add a general VMSet interface for both scale sets and availability sets * Add scale set implementation of VMSet interface * Add availability sets implementation of VMSet interface * Initialize vmSet based on vmType setting and call vmSet interface instead of azureClient * Add load balancer implementation of vmSet * Fix unit tests * enhance kube-schedule init flag * auto generated file * bump(github.com/json-iterator/go): 13f86432b882000a51c6e610c620974462691a97 * Kubectl: Move no-headers flag get out of for loop * fixed typo in kubeadm/v1alpha1/defaults.go * add benchmark for ConfigCompatibleWithStandardLibrary * replace ConfigFast with ConfigCompatibleWithStandardLibrary * fix incorrect log * expose special storage locations for downstream consumption * make quota reusable * allow convert to default on a per object basis * Update debian setup script to match GCI. * update staging godeps * added more description for flag '--watch-cache-sizes' to make the format of the flag clearer. * Test probe for redirect endpoint * Fix NLB icmp permission duplication * Fix admission metrics tests * Schedule Calico components even on tainted nodes * kubectl: point info url to user guide overview * Modified local-volume provisioner e2e tests to use bind mounts * GCE: bump COS image version to cos-stable-63-10032-71-0 * Move 'DefaultTerminationGracePeriodSeconds' into a separate const group * gce: split legacy kubelet node role binding and bootstrapper role binding * Refactor flex pv to allow secret namespace * Raise RBAC DENY log level * Adding myself as a reviewer to aws cloud provider * Adding myself as a reviewer to aws credentialprovider * remove dependency from cobra, only use option test init flag * Reduce CPU request of Dasboard addon * Add e2e test for custom metrics with Prometheus and Stackdriver * Use an s390x default-http-backend * pkg/controller/bootstrap: update jose package * generated: revendor * refactored mount, attach, resize operation's so that all failures generate events and event generation is more consistent. * Improve error messages and comments in KubeAdm. * Remove mutation from pvc validation * typo wrong, not "namespace", but "secretName" * add admission into RecommendedOption * update bazel * make sure that 'ldflags' are spaces safe * Process cluster-scoped owners correctly * Generated files * Remove unused well_known_labels in kubeadm. * remove FilterFunc and use SelectionPredicate everywhere * Register metav1 types into samplecontroller api scheme * Fix format string in describers. * Use pod nanny configured with ComponentConfig in Heapster * Use pod nanny configured with ComponentConfig in Metrics Server * Pointed to community/contributors/guide/README.md * Update detach logic for block volume if devicePath is empty * Autogenerated code * Do not use AddCleanup * Fix a typo and improve some documentation. * Update CHANGELOG-1.9.md for v1.9.0. * Fixed kubelet error message to be more descriptive. Added Attach success event for help in debugging. * remove white space on glogs * Update kubeadm's minimum supported kubernetes to 1.9. * Record volumeID in GlusterFS PV spec. * bump netlink version because of we need to use new version RouteListFiltered * fix ipvs proxier nodeport * fix magic string for runtime type * Add vikaschoudhary16 as reviewer in pkg/kubelet/cm/deviceplugin * Don't create PSP binding when RBAC is not enabled * Refactor TestPodContainerDeviceAllocation to make it readable and extensible * [cloudprovider]should reuse code rather than rewrite it * remove unuse code in cloudprovider * Fix GCE CreateVolume allocates in chunks of GiB incorrectly * COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming. * kubeadm: Only check for well-known files in preflight * Allow use resource ID to specify public IP address in azure_loadbalancer * annotate service with resource group * delete pip by matching name and rg * get rg inside 'ensure' methods * minor fixes * reapplied the changes after merge * correct the annotations in container_manager.go * add pkg/util/ipvs OWNERS file * test get node IP * add fake ut * update bazel BUILD * Look for requested resources in the Requests * Restrict url check conditions when creating with --raw * Propagate error up instead panic * PVC Protection Alpha Feature E2E Tests * Remove kube-proxy 1.8 configmap and daemonset manifests in kubeadm. * Auto generated BUILD files. * remove useless function hasHostPortConflicts * Fix LB lint errors * fix accessmode mapping error * Fix minor err in kubeadm * add not found error for ipset set and entry delete * Reduce CPU and memory requests for Metrics Server Nanny * Add test for Cider ExpandVolume * Use GetDryRunFlag to keep consistent * Add --retry-connrefused to all curl invocations. * If minimum mig size is 0, resize to 1 before running test * add deads to quota owner * Fix Stackdriver Logging e2e tests * add --pod-selector opt kubectl drain * Abstract some duplicated code in the iptables proxier * wait for kubedns to be ready * Use k8s.gcr.io vanity domain for container images * gcloud docker now auths k8s.gcr.io by default * Fix garbage collector when leader-elect=false * implementing predicates ordering * Remove hard-coded pod-controller check * e2e test layout changes for vsphere (#398) * Seperate loop and plugin control * Add comment to gce config files advising to not use empty scopes * Add PodSecurityPolicy OWNERS * add watch to requirements for quota-able resources * e2e_node: use mktemp when building nsenter on trusty * e2e_node: use newer util-linux * Add CHANGELOG-1.10.md for v1.10.0-alpha.1. * adds generic scaler to kubectl * Version bump to etcd v3.2.11 * kubeadm upgrade: fix unit test * Version bump to grpc v1.7.5 * Version bump to grpc-gateway v1.3.0 * Update staging deps for etcd 3.2.11 version bump * Fix build and test errors from etcd 3.2.11 upgrade * using RoundUpToGB function directly * e2e: CSI Volume tests * Cacher stopLock should be unlocked * Add azure owners * Use apps/v1 API in kubeadm. * Auto generate BUILD files. * Update CoreDNS version and Corefile. * cleanup useless functions in pkg/quota/evaluator/core/services.go * fix typos * Minor lint fix * Add more validate conditions when run kubectl get with --raw * Add a version string to pause.c * Revert "Add --retry-connrefused to all curl invocations." * Build and push 3.1.11 etcd image * add Dong Liu as approver and add OWNERS in credentialprovider * apimachinery: remove dead code from roundtrip tester * Move output and url checks under raw flag condition * Do not require the vim package to be installed * Do not require the linux headers to be installed. * log error when error occur in CleanupLeftovers() * printFlexPersistentVolumeSource: fix format. * Pointing juju charms to 1.9 * Add --retry-connrefused to all curl invocations. * Use old dns-ip mechanism with older cdk-addons. * apimachinery: fix typos in README * Revert "Version bump to etcd v3.2.11, grpc v1.7.5" * improve code comment * check function return err * Collect all the assorted image URLs from e2e tests in one place * fabiano no longer a thing * add semver metadata regex * Deprecate the alpha Accelerators feature gate. * Support passing kube-scheduler policy config * implement fakeIPSet in ipset util * fix todo in 'ipvs/proxier.go' * replace syscall with sys/unix pkg * update bazel BUILD * Refactor service controller to common controller pattern * node_e2e: do not return error if Docker's check-config.sh fails * fix a typo * Add '/version/*' to the system:discovery role, since that's what the open api spec says. * add tests in ipvs/ipset_test.go * fix ipvs/proxier_test.go compile error * update bazel BUILD * cleanup useless functions and variables * Renamed func name according to TODO. * test: e2e: support NFS test on overlayfs * using consts to refer to predicate names * client-go: Fix broken TCP6 listen for port forwarding * Evicted pods should respawn * reason key should exist * Much better * Even better * Add custom metrics e2e test with two metrics. * security_context_test.go(TestVerifyRunAsNonRoot): add more test cases. * Fix problem accessing private docker registries * Update code-of-conduct.md * Update policy.go * Update cluster-roles.yaml * Move multizone volume tests to separate file and update multizone volume tests to only allow gce and gke * gce: reorder authorizers * Add code-of-conduct.md to staging repos * Set a minimum b.N for scheduler_perf benchmarks. * Add scheduler benchmark tests for affinity rules. * Send an event just before the Kubelet restarts to use a new config * iscsi: set node.startup to manual * Cleanup api service before namespace deletion. * Auto generated BUILD file * Update nfsprovisioner image to v1.0.9 to fix annotation race with pv controller * Print/return the text from a number of errors that were silent before. * Fix a bug in validating node existence. * [kubelet]fix unstandardized function name, rename new() to newSourceFile() * Merge 3 resource allocation priority functions * Get automatically created subnetwork if none is specified * Fixed space/tab indentation * Ensure dependents are added to virtual node before attemptToDelete * hack/local-up-cluster.sh: improve messages when script was running with ENABLE_DAEMON=true * RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one. * add eventratelimit config to scheme * Fixed typos and made documentation more consistent * fix incorrect comment * Avoid string concatenation when comparing pods. * Update CHANGELOG-1.8.md for v1.8.6. * Update vendor of google.golang.org/api repo * Avoid array growth in FilteredList. * Allow integration test timeout override. * Requeue unobserved nodes in attemptToDelete * add podtolerationrestriction config to scheme * Refactor kubelet config controller bootstrap process * Changing ingress from manually scaling rc to a daemon set. * Performance improvement for affinity term matching. * dynamic config test: use a hyphen between the config name and the unique suffix * rename key * add error string reference * Add generic interface for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient * Add fake clients for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient * use /dev/disk/by-id instead of /dev/sd* for azure disk * Add cache for VirtualMachinesClient.Get in azure cloud provider * Disable the DNS autoscaler test in large clusters. * Expose all GCE cloud proivder services versions, not just the GA API * Rewrite go_install_from_commit to handle pkgs that aren't in HEAD * Fix AWS NLB delete error * Revert k8s.gcr.io vanity domain * metrics: make IMPLEMENTATIONS.md and CONTRIBUTING.md authorative in k/k * Revert back #57278 * Use multi-arch pause image for tests * Fix a race in the endpoint.go * [quota controller] remove extra queue.Add() * remove dead code in pkg/api * Bump rules_go to 0.8.1 * Autogenerate BUILD files * Use race="off" mode instead of disabling race feature * Update helper scripts to find binaries in new bazel-bin paths * Switch go binaries from (hacky) static to pure Go * Update DNS version in kubeadm of 1.10 cycle. * Support multiple scale sets in same cluster * Fix kubeadm upgrade unit test failure. * fix wrong hairpin-mode value * validate --hairpin-mode in kubelet config * update kubeadm validation test to fix test error * update vendor spf13/cobra to enforce required flags * bump pflag * some code change * Fix PodCIDR flag: defaults come from the object, not as literal args to the flag function * Refactoring ValidateUsages for for bootstrap tokens. * Auto generated BUILD files. * Add OWNERS file to pkg/bootstrap/api * Add owners file for test images * kubeadm: set kube-apiserver advertise address using downward API * Fix TestCadvisorListPodStats failure under mac/darwin * Replace --init-config-dir with --config * Fix typo of compute.VirtualMachinesClient * Reduce VirtualMachineScaleSetsClient#List calls * Remove redundant sleep from ReRegistration unit test case * Remove useInstanceMetadata param from Azure cloud provider * update bazel build files * fix local up cluster startup flag bug * Add 'ProviderID' to the output of kubectl describe node.... * Use GA API for managing addresses * Updated local-volume boostrapper/provisioner e2e test for new config format * Use the regionless mirror alias * optimize volumeResizeMap lock * process pvc watch deletion event miss in expand-controller * remove unused input param * Fix vmss listing for Azure cloud provider * Modify ipvs real server equal * add fake.DeleteRealServer UT * fix ipvs virutal server update * Improve the error message. * Update CHANGELOG-1.7.md for v1.7.12. * Add more verbose logs * add test for syncvirtualServer * [garbage collector] fix log info * Print the full path of Kubeconfig files. * Update boilerplate for 2018 * fix type error in cteate Memory Threshold Notifier * Add generated runtime and generated device plugin to update-all * Regenerate all generated code * Bump Metrics Server to version v0.2.1 * create ipvs clusterIP rules in onlyNodeLocalEndpoints mode * edit line138 * remove redundant deleting endpoint explicitly in endpoint controller * Do not time-out profiler requests. * Configurable liveness probe initial delays for etcd and kube-apiserver in GCE * kube-proxy: fix field name comments & json tags * Add 'exec' in all saltbase manifests using '/bin/sh -c'. * Update to latest gophercloud * Fix typo in field description. * Generate specs after fixing typo in documentation. * Bump metadata proxy and test versions * Removing bootstrapper related e2e tests * Run update-api-reference-docs.sh. * remove /k8s.io/kubernetes/pkg/kubectl/testing * Split auth related config for Azure * Optimizing the implementation of the error check for PriorityClass * format error message and remove duplicated event for resize volume failure * fix expand panic * [PSP] always check validated policy first for update operation * RBD Plugin: Fix comments and remove unnecessary locking code. * Update gengo version * ignore nonexistent ns net file error when deleting container network * Run godep-save.sh and update-staging-godeps.sh * Update generated files * Remove exists return value from getVirtualMachine * Simplify extra initializer logic * Pass RecommendedConfig into ExtraAdmissionInitializers * Remove VirtualMachineClientGetWithRetry * Remove unused command waitfordetach from flex volume driver * Double check before setKubeletConfiguration * prefer /dev/disk/azure/scsi1/ over by-id for azure disk * unify the print of pod metadata * Bump fluentd-gcp version * More default fixups for Kubelet flags * Add myself in kubeadm reviewers * Move DefaultMaxEBSVolumes constant into scheduler * Improve comments for Azure Blob Disk Controller * Invalidate resource requirements on extended resources with only request set. * Avoid error on closed pipe * periodically check whether assigned kubelet config should become last-known-good * Make ConfigOK status messages more human readable by including the API path to the object instead of the UID * Honor make variable OUT_DIR. * validate admission-control param * Move local PV negative scheduling tests to integratiom * Add kubeproxyconfig round trip test * Auto generated BUILD files * Clarify error messages in HPA metrics * fix-binary-check-cephfs * Return actual error when backoff fails * delete the unused function in kubectl * fixed the some typo in eviction_manager * remove hard coding Namespace * update bazel * Remove comments in get-kube.sh that imply support for environments that were removed long ago. * Update Azure GO SDK to v12.1.0 * Add workaround for removing VMSS reference from LB * fix possible panic * refactor function CalculateAntiAffinityPriority by using map/reduce pattern * Allow kubectl set image/env on a cronjob * Minor commenting fixes for Azure Disk Controllers from CR * Update pause container version to 3.1 * Fixing typo in e2e test variable * dockershim: bump the minimum supported docker version to 1.11 * Update CHANGELOG-1.9.md for v1.9.1. * Fix ExternalAddress parsing problem under IPv6 * Split the NodeController into lifecycle and ipam pieces. * Changed return of empty string to raise an exception as it should have been from the beginning. * e2e node framework can generate a base kubelet config file * fix bug of swallowing missing merge key error * fix-bug: version info should be printed when failed to execute 'kubectl apply -f XXXXX' * Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1 * Add FailedPostStartHook error message. * Add generic interface for Azure clients * Add fake clients * Fix a broken link in the fluentd-elasticsearch addon README * Enable list option modification when create list watch * Small improvement of showKind get * Add RESTClient Custom metrics empty test * Removing duplicate import * Re-add nodecontroller OWNERS file * Fix errors in Heapster deployment for google sink * Use existing subnetwork of forwarding rule * Fix local e2e test with changed error message * Kubeadm: clean up MarshalToYamlForCodecs * Remove mikedanese from kubeadm owners since he's no longer actively working on the project. * Remove dependency on v1 API in base credential provider * Update kube-dns to 1.14.8 * Move scheduler code out of plugin directory. * Fix scheduler refs in BUILD files. * add folder named custom in gce * Do not set BaseURI again * fix typos in kubectl pkg * Add proxy_read_timeout flag to kubeapi_load_balancer charm. * Make sure is not nil * Adding support for Block Volume to rbd plugin * remove useless service watch in APIServiceRegistrationController * update bazel * use sets.String to replace slice when sort []string * Add test coverage for metrics/utilization.go * forbid unnamed context * Fix Typo in apiserver README * fix populateDesiredStateOfWorld bug for attach/detach controller * tiny fix * Version bump to etcd v3.2.13 * Version bump to grpc v1.7.5 * Version bump to grpc-gateway v1.3.0 * Update staging deps for etcd 3.2.13 version bump * Fix build and test errors from etcd 3.2.13 upgrade * use danglingerror * fix csi mounter ut print * fix csi attach ut print * add remount logic if original mount path is invalid * Add CustomResourceValidation example in sample-controller * remove deplicate func * Containerized kubelet is no longer experimental * Add support for cloud-controller-manager in local-up-cluster.sh * Enable support for etcd3 * Fixed TearDown of NFS with root squash. * Add jsafrane as util/mount approver. * Add gnufied as AWS approver. * Bump fluentd-gcp image used to 2.0.13 * include kube-dns deployment check * pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. * Allow oadm drain to continue w ds-managed pods w local storage * Update vmware/govmomi godeps * Add vSphere Cloud Provider simulator based tests * client-go: remove import of github.com/gregjones/httpcache * generated: update staging godeps * enable on-demand metrics for eviction * Renews cached NodeInfo with new vSphere connection * Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup. * Refactor HostIP predicate algorithm * Abstract cmd valid args get behind the factory * update apiserver key/crt with a long expire time * fix rbd ConstructVolumeSpec bug * remove unnecessary function getBuggyHostportChain * refactor customresource handler * run update bazel and staging-godep * Update spec dependency to point to 0.1 tag * Fix exists status for azure GetLoadBalancer * [Kubectl] Update RunCreate to follow more conventions * Fix vm cache in concurrent case * Refactor retry logic away from updateCIDRAllocation() * Make code generators log to stderr by default * Handle Unhealthy devices Update node capacity with sum of both healthy and unhealthy devices. Node allocatable reflect only healthy devices. * Add volumemetrics for glusterfs plugin. * kubeadm: more random tokens * etcd client: add keepalive * Move some old security controls to KubeletFlags and mark them deprecated * [kubeadm] Bump kube-dns to 1.14.8 * make controller port exposure optional * removed deprecated windows install script from cluster * remove deprecated openstack heat * removed deprecated libvirt-coreos kube-up/ from cluster * Add getCRIClient and set default values for CRI related flags * Remove unnecessary docker specific logic in node e2e test. * Treat staging repos as authoritative for all files * Let mutating webhook defaults the object after applying the patch sent back by the webhook * Remove the empty vsphere directory from cluster/ * Remove aws from the cluster/ directory. * Support utilities * "meta" type descriptions used for code generation * Implementation of the compute "filter" handling for List() * documentation * long running operation support * code generation * support interfaces for the generated code * Generated code (see gen/main.go for the source) * Special custom code for handling the Projects resource * Hand written unit test for exercising the mock * BUILD * Clean up documentation. * Ignore golint failures for bad compute API names * Fix gofmt * Remove glog dependency in the generator * cmd/kubectl: fix broken error formatting for run * hack/ scripts to keep the generated code in sync * Update generated code to stable order * Revert "no need delete endpoint explicitly in endpoint controller" * All Kubelet flags should be explicitly registered * Move common functions together * Remove options.md, which is outdated and doesn't contain any useful information. * Add wrappers for azure clients * Clean up azure rateLimiter and verbose logs * Fix lint and bazel * typo of errUnsuportedVersion * Add azClientConfig to pass all essential information to create clients * Add volID based delete() and resize() if volID is available in pv spec. * Fix bug:Kubelet failure to umount mount points * fixed some bad url * added fluent-plugin-detect-exceptions plugin to fluentd-es-image * fix for local-up-cluster.sh bad cloud_config_arg * Block volumes Support: iSCSI plugin update * generated code for iSCSI plugin change * move detach out of os volumes attach * manuallly handle encoding and decoding in the scale client * Mark kubelet PID namespace flag as deprecated * Fix policy conflict in the CPU manager node e2e test. * added fluent-plugin-detect-exceptions plugin to fluentd-es-image * remove deprecated photon controller * Fix cadvisor flag registration for cross build * remove support for container-linux in gce kube-up * Create a feature flag for sharing PID namespace * Fix quota controller worker deadlock * Add `cloud` for the generated GCE interfaces, support structs * integration: add retries to node authorizer tests * add number measurement for bound/unbound pv/pvc * fix ipvs proxy mode kubeadm usage * Don't rewrite device health * Add zouyee as a reviewer for the cluster/centos directory. * Add e2e test logic for device plugin * Remove the deprecated vagrant kube-up implementation. * Add custom volumename option to GlusterFS dynamic PVs. * Update bazel. * Fixed crash when path has multiple leading slashes * fix windows ut for proxy mode * remove provides which has been deleted * add hostPorts to pod describer * Add kawych to Metrics Server owners * [FC Plugin] Create proper volumeSpec during ConstructVolumeSpec * remove OpenAPI import from types * bump(k8s.io/kube-openapi): a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3 * Fixing logs for cri stats * Fix golint errors on test/e2e/e2e.go * Removing Flexvolume feature tag in e2e tests and alpha tag in Flex path arguments because Flexvolume is now GA. * Fix CHANGELOG urls for release 1.9.1 * Get the node before attempting to get its Alias IP ranges * Set pids limit at pod level * update generated code * fix a typo * use shared informers for BootstrapSigner controller * Metrics for predicate and priority evaluation * Build files generated * Use linux commands instead of docker commands. * Use GinkgoRecover to avoid panic. * the changes introduced in this commit plumbs in the generic scaler into kubectl. * Instrument the Azure API calls for Prometheus monitoring * add KUBE_ROOT in directory * The lbaas.opts.SubnetId should be set by subnet id. * Fix endpoint not work issue * hack/generate-bindata.sh: make output cleanly by suppressing pushd/popd output. * Bump fluentd-gcp version * Bump runc to d5b4a3e * Adjust the Stackdriver Logging length test * Install gazelle from bazelbuild/bazel-gazelle instead of rules_go * Revert "Rewrite go_install_from_commit to handle pkgs that aren't in HEAD" * Use the bazel version check function from bazel-skylib * Check grpc server ready properly * Remove salt support for providers that no longer exist. * Remove vmUUID check in VSphere cloud provider * Improved readability for messages being logged * Added metrics for preemption victims, pods preempted and duration of preemption * -Add scheduler optimization options, short circuit all predicates if one predicate fails * fix typeos in cloud-controller-manager * cluster: remove kube-push * cluster: remove support for cvm from gce kube-up * periodically flush writer * cluster: move logging library to hack/ * Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9 * Updated PID pressure node condition. * fix some bad url * fix nodeport localhost martian source error * add ut for localhost nodeport * Rename func name according TODO * use shared informers for TokenCleaner controller * Remove unused code in UT files in pkg/ * Extend the ListNextResults methods with the resource group and instrument them * remove invalid and useless functions from unit test * unstructured helpers: print path in error * kubectl scale: support Unstructured objects * Show findmt command output in case of error * Review fixes * Add script to run integration benchmark tests in dockerized env * cmd/kube-apiserver/app/aggregator.go: add comments for explaining the group/version fields. * admission: do not leak admission config types outside of the plugins * Update generated files * Return the correct set of supported mime types for non-streaming requests * remove outdate package * Fix comparison of golang versions * csi: Fix versioning error message * Limit all category to apps group for ds/deployment/replicaset * Log message at a better level * Create Conformance document to display all tests that belong to Conformance suite * Convert nodeName to lower case for vmss instances * Rename filenames for clear * Fix azure fake clients: use pointers * Add more unit tests * Add error helpers and constants for NotAcceptable and UnsupportedMediaType * Return correct error when submitting patch in unsupported format * Add support for submitting/receiving CRD objects as yaml * Add fsType for CSI * auto generated code * bump(gopkg.in/yaml.v2): 670d4cfef0544295bc27a114dbac37980d83185a * move prometheus init to k8s.io/apiserver/pkg/endpoints/metrics/metrics.go * Benchmark non docker specific * fix azure TestGetInstanceIDByNodeName data race * fix(fakeclient): write event to watch channel on add/update/delete * Regenerating code of fake clientset * Call Dial in blocking mode * say which lease is being acquired * azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request * cluster: remove centos dependency on saltbase * cluster: remove gce dependencies out of salt * cluster: delete saltbase * hack/update-swagger-spec.sh: when API server fails to start, show the last lines of logs. * Change default volume source to regular emptydir for e2e volume servers * remove flaky label from eviction tests * Allow version arg in "kubeadm upgrade apply" optional * fail earlier on discovery failures * Update CHANGELOG-1.8.md for v1.8.7. * remove duplicated import * improve error message for expired tokens * Fixed spelling of Promethus to Prometheus * Plumb versioned informers to authz config * Add get volumeattachments support to Node authorizer * Recheck if transformed data is stale when doing live lookup during update * Delete redundant symbols * Add generic Bootstrap Token constants and helpers to client-go * create auto-gen files * hack/update-swagger-spec.sh(cleanup): fix signal handler to really cleanup etcd and minor improvements. * set fsGroup by securityContext.fsGroup in azure file * handle uniquified holder identities * Reduce Metrics Server memory requirement * Update comments for getting and removing loopback device at iSCSI,FC,RBD * Track run status explicitly rather than non-nil check on stopCh * Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set * bump addon version in makefile * low hanging fruit for using cobra commands * Rework method of updating atomic-updated data volumes * client-go: fix bootstrap token imports * Adding support for custom TLS ciphers in api server and kubelet * kubelet: imagegc: exempt sandbox image * Update release note links for 1.10 * Add deprecation warnings for rktnetes flags * apps api is now stable, use it * Better check for GCE VM * configurable scopes for gcp default credentials * new testcases to util.go * inject 60 second interval in deployment rollout * Update gce call to use wrapper in gce_loadbalancer_external * Enable --external-cloud-volume-plugin/--provider-id for local-up-cluster * kubeadm: remove Initializers (still in alpha) from admission control * remove duplicated check of device path in aws attacher * fix a little typo in BalancedResourceAllocation * Surface error loading admission plugin config * Fix loading structured admission plugin config * Promote SS to apps/v1 * fix some typos in comments * upgrade to apps/v1 deployment * run update bazel * admit upgrading storage class of pvc from beta annotation to spec field * make the controller manager create and use a valid cobra command * Add apiserver metric for number of requests dropped by 'inflight-request' filters. * Ability to specify OS_* variables for OpenStack configuration * handle scheduler without exposed ports * make the kubelet cobra command complete * Enable privileged containers for apiserver and controller * Update generated code * uniquify resource lock identities * trace patch operations * Update CHANGELOG-1.9.md for v1.9.2. * Fix flake8 lint error in kubernetes-master charm * Add handling for method that use Pages() to retrieve results * Update code for GCE cloud provider * CHANGELOG: feature flag is "AdvancedAuditing" not "AdvancedAudit" * Remove apiVersion from scheduler extender example configuration * Update cluster addon Calico to v2.6.6 * Add multi-vc configuration for e2e tests * Bump bazelbuild/rules_go and kubernetes/repo-infra to tip * Use the pkg_tar wrapper from kubernetes/repo-infra * Update Addresses to use generated code * Update UrlMap to use generated code * Update BackendService to use generated code * Update Healthcheck to use generated code * Update Certs to use generated code * Update InstanceGroup to use generated code * Update e2e test utils with the new interfaces * Update TargetProxy to use generated code * [GCE cloud provider] Update hosts in EnsureLoadBalancer() * [GCE cloud provider] external lb - move target pool operation into its own function * Update bazel builds * Update Firewall to use generated code * Update bazel * Update Forwarding rules to use generated code * Update bazel * Fix reference to Items in internal load balancer * Remove ignoring of object not found on deletion * add pkg/util/ipset OWNERS file * Add liggitt to hack approvers * A couple of minior changes: a) fetch the subnetwork url from subnets describe command rather than compose it from env vars; b) explicit specify etcd version env vars before running upgrade.sh to avoid prompt. * Minior changes on comments. * Minior changes on comments. * fix event message when processing loadbalancer update * Get windows kernel version directly from registry * Remove getOldSecurityGroupName() from OpenStack cloud provider * Uncomment the call to upgrade.sh * refactor admission flag: add two admission flags and make plugins auto in recommended order * update admission test cases * run update bazel * Update Routes to use generated code * Update bazel * Update Zones to use generated code * testcase to pkg/kubelet/cadvisor/util.go * Openstack: register metadata.hostname as node name * Update TargetPool to use generated code * use GetUniqueVolumeNameFromSpec instead of implementing it manually * Add Namespace to glusterfs custom volume names. * Fix UpdatePodWithRetries inline documentation * kubeadm: Allows to specify custom flag values for control plane components * make kube-apiserver admission flag disable other plugins * Fix typo * Clean up error messages for pre-bound PVCs. * Changing where the charm gets network addresses in order to support network spaces. * updated fluentd-es-image to use fluentd 1.1.0 * Remove Saturation() from rate limiter interface * Switch from juju/ratelimit to golang.org/x/time/rate * Remove github.com/juju/ratelimit * updated fluentd configmap with 1.1.0 compatible version * updated iamge & configmap versions * Show all the annotations in ingress rules * Benchmarking script pretty-prints results into a separate file * Skip log path tests when they are expected to fail. * add options for min tls levels * generated * tolerate more than one gvklist item * return reason for allowed rbac authorizations * GCE: Fix Valid() to check for proper region/zone names * GCE: Check that the key is valid for each call * Make IsConnectionReset work with more error implementations. * Adding support for changing default backend and nginx container images * fix provider-id bad param in local-up-cluster * Never let cluster-scoped resources skip webhooks * generated * Send correct resource version for delete events from watch cache * Bump metadata proxy to v1.9 * A couple of more changes: 1) revert the changes on assigning subnetwork_url from selfLink as it may break if using an overrided api endpoint; 2) update etcd version to the latest. * dockershim: remove the use of kubelet's internal API * Fix all the unit tests and update the bazel files * dockershim: call DockerService.Start() during grpc server startup * use original pos filenames again * switch to new detect-exeptiions plugin release 0.0.9 * dockershim: clean up the legacy interface * Generate bindata.go and k8s.mo * Add logging in all generated GCE calls * Resulting generated code * Fixes some typos/spaces in the GCE cloudprovider * [e2e util] Remove static IP functions based on gcloud * Fix master regex when running multiple clusters * Update NEG to use generated code * sync code from copy destination * Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value * GCE: invalid location was used in regional and zonal operations * Kubelet provides an updated and complete status of local-static Pods * Moved func WaitForPersistentVolumeClaimBeRemoved Among Other WaitFor Functions * Remove op field as it is no longer needed * Update unavailable aggregated APIs to 503s instead of 404s * fix userid validation * Fix autoscaler deployment bug * bugfix(mount): lstat with abs path of parent instead of '/..' * Use /proc/net/nf_conntrack. * Updated priority of mirror pod by PriorityClass. * fix the wrong err print of assumepod * fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation. * Hide generated files only on github * pass APIEnablement through apiserver chain * run update bazel and staging-godep * ref -> $ref * Support out-of-tree / external cloud providers * Use backup location to load cloud config for OpenStack * don't stop informer delivery on error * Don't run godep restore in jenkins verify * Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size. * Use correct pv annotation to fetch volume ID. * Refactor gcp.go methods for testability, add tests * Fixing some flake8 issues * kubectl: Use metrics-server for kubectl top commands * Force use of Makefile for update * Add gce-ingress e2e test for sync failure case * Improve the upgrade test for ingress. * Update Instances to use generated code * fix invalid admission name LimitPodHardAntiAffinityTopology * Add additional unit tests. * Remove salt configuration from the fluentd-gcp configuration. * Fix non-interface type ErrResourceNotFound on left * Fix logs message formating * Expose the generate stub for compute API * Reduce verbose logs * Fix possible panic when getting primary IPConfig * ignore no such address error when unbind ip for IPVS service * update bazel BUILD * Openstack: Fill size attribute for the V3 API volumes * Add a container type to the runtime labels * Add support for binary file in configmap * generated code and docs * run a full round trip scenario * Add a e2e test for binary data in configmap * Checked node.Unscheulable in Toleration predicate. * Wait for healthy extension server before registering APIService * Skip unavailable services during e2e remaining content check * Return ServiceUnavailable error consistently from proxy * Update README.md with punctuation improvements * Adding network spaces support for kubernetes-master. * update if statement * Adding network spaces support for kubeapi-load-balancer. * add apiregistration v1 * generated * Add better event handling for deleted Pods * vclib: add test constants for use with vcsim * vclib: add Datastore tests * vclib: add Folder tests * vclib: add VirtualMachine tests * vclib: update bazel * Add some more azure unit tests. * Use SSH tunnel for webhook communication iff the webhook is deployed as a service * godep: vendor gopkg.in/square/go-jose.v2/jwt * resource version parsing should all be in one place * move service account signing to using go-jose * By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access. * Distinguish service unavailable errors in client-go * add e2e test for bound/unbound pv/pvc count metrics * Make the pause image a manifest list * Add preferred self anti-affinity to kube-dns pods * remove newline after range * run update code-gen * Don't bind PVs and PVCs with different access modes. * Add list of pods that use a volume to multiattach events * kube-apiserver flag --admision-control is deprecated, use the new --enable-admission-plugins * Create benchmark results file before writing to it * switch hyper to cobra * Ensure config has been created before attempting to launch ingress. * bump version of addon manager * PSP: when comparing categories in SELinux levels, ignore its order. * Update autogenerated files. * selinux/mustrunas_test.go(TestMustRunAsValidate): rename a member to make its meaning obvious. * selinux/mustrunas_test.go(TestMustRunAsValidate): make PSP SeLinux options configurable. * selinux/mustrunas_test.go(TestMustRunAsValidate): add more test cases to improve code coverage. * Removal of KubeletConfigFile feature gate: Step 1 * Created bootstrap logic for vSphere test * Fix bug in dockerized benchmarking script * Adding downgrade test for ingress-gce * Tag Security Group created for AWS ELB with same additional tags as ELB * Increase KUBE_PARALLEL_BUILD_MEMORY to 40G. * fix neg e2e test * Fix equiv. cache invalidation of Node condition. * Add benchmark for equivalence hashing. * Change equivalence hash function. * Move equivalence class hash code. * Fix equivalence cache hash tests. * use containing API group when resolving shortname from discovery * Use GlobalMemoryStatusEx to get total physical memory on Windows node * serviceaccount: check token is issued by correct iss before verifying * serviceaccount: handle jwt flow specific validation in seperate validator struct * Rename package deviceplugin => devicemanager. * remove unused func in FakeConfigurator of scheduler * Add UT test to openstack_test.go * fixing array out of bound by checking initContainers instead of containers * Fix kubectl explain for cronjobs * Fix adding FileContentCheck * Move multizone e2e to sig scheduling path * Skip NoNewPrivileges test when SELinux is enabled * Make it possible to override the driver installer daemonset url from test-infra. * Don't assume ipcmk command supports size suffix. * Refactor handling of IpcMode for the actual container * Add new e2e-test container to export ipcs from util-linux * Use ipc-utils container in HostIPC tests. * Produce junit results for verify job * Fix unset variables in shell2junit * Set KUBE_JUNIT_REPORT_DIR on dockerized test * Change flags to variables so that they can be passed through make * Add storage-backend configuration option to kubernetes-master charm. * Add allowPrivilegeEscalation to kubectl describe psp * Tag multi-az cluster volume e2e test with sig-storage * Fixing spaces issue found with tests. Had some missing parameters for some functions. * Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132. * fix runtime-config bug in kube-aggregator * Only run verify-staging-godeps if staging/godeps are touched * Remove changes on SECONDARY_RANGE_NAME. * fix some log param error modified: pkg/cloudprovider/providers/vsphere/vsphere_util.go modified: pkg/controller/certificates/cleaner/cleaner.go modified: pkg/controller/volume/pvcprotection/pvc_protection_controller.go modified: pkg/volume/azure_dd/azure_mounter.go * Revert "Remove changes on SECONDARY_RANGE_NAME." * Prefer apps/v1 storage for daemonsets, deployments, replicasets * Prefer exact resource name matches to shortname expansions * mini fix about typo * Make REST mappings for resources a unique list * Clean up unused functions and consts * Add a metric to track usage of inflight request limit. * Add deprecated stage of feature gates * Mark ServiceProxyAllowExternalIPs feature as deprecated * csi: Update version comparison model * Adds breadcrumb to crictl warning * Update CHANGELOG-1.10.md for v1.10.0-alpha.2. * fix url parsing for staging/dev endpoint * Split ClientConfigFor() * Add in godeps verification for hack/lib/ and build/ * Add cblecker to shell2junit OWNERS You break it, you bought it. * Contain variable names in shell2unit Also correct unbound assertions variable error on line 176 * Add brackets and quotes where needed * Add e2e tests for GPU monitoring. * Fix pod security policy capability test. * kubelet: remove the rktshim directory * Revert "Change equivalence class hashing function" * fix `make quick-verify` * remove support enable-disable api resources * fix GetCustomResourceListerCollectionDeleter comments * refactor resource_config.go thoroughly and remove useless code in registry * fix webhook admission README * Fix self link for cluster scoped custom resources * Only rotate certificates in the background * The TODO has been completed, so remove the comments * code cleanup in integration framework * run update bazel * add RequireKubeConfig back for pull-kubernetes-e2e-kops-aws * use info instead of infof when no format * pass listener in apiextentions-apiserver test to prevent port in use flake * Expose default service IP CIDR in apiserver * Fix TC resource Leak * remove dead testing code * remove --tls-ca-file which had no effect * Remove unused test for node auto-repair. This test is testing GKE only feature and should use different infrastructure. * fix parameter advertise_address should be --advertise-address * remove dead prefix field * Removal of KubeletConfigFile feature gate: Step 3 (final) * correct typo in HorizontalPodAutoscaler status condition * Kubelet flags take precedence * pkg: kubelet: do not assume anything about images names * Fix pod sandbox privilege. * removes the remainder from ScalerFor method * Fix setting qps in density test. * Improve messaging on resize * Add more tests. * CRI: Add a call to reopen log file for a container * Perform resize of mounted volume if necessary * Set generate-kubelet-config-file to true by default. * Forcing get_node_name to continue searching for a node name if the returned list of nodes doesn't include this one. * resourceQuota support for extended resources * update e2e test for resourceQuota support on extended resources * Skip rescheduler test. * Add windows config to CRI * Generate cri apis automatically * Support GetLabelsForVolume In OpenStack * Fix flaky AdmissionWebhook e2e tests. * Update bazelbuild/rules_go to support go1.9.3 * Update to go1.9.3 * fix portallocator comments * [GCE] Set --kubelet-preferred-address-types on apiserver by default * Add experimental hyperv containers support on Windows * Add HyperVContainer feature gates * Remove setInitError. * fix mistaken info print * Add detailed err in ensure docker process error * Correct the URL of openstack and make test case more detail * deprecate insecure http flags and remove already deprecated public-address-override * Add UT test to openstack and two para in configFromEnv * remove some unused functions in validation.go * Fix race condition in fake runtime test. * initial work for azure file grow size implementation * Don't go get godep in jenkins scripts * Reset DeferredDiscoveryRESTMapper before use * Remove port from HTTPProxyCheck * Remove unneeded code * When installing vendored godep, ensure that it's in path * Make eviction manager work with CRI container runtime. * Add test/fix for ErrShortBuffer edgecase * Add crds as CustomResourceDefinition shortname * Add deprecation comment to PersistentVolumeReclaimRecycle * Fix PodPidsLimit and ConfigTrialDuration on internal KubeletConfig type * Fixing upgrade charm failing if upgrading from an old enough charm(pre Nov 2017). * Add NominatedNodeName to PodStatus * Autogenerated files * Change manifest file perms to remove execute * cloudprovider/openstack: fix bug the tries to use octavia client to query flip * Client ca post start hook now checks if the system namespace already exists before creating it. * Fixes ci-ingress-gce-upgrade-e2e * e2e test: use sleep to wait in hostexec * Update tests to use the hostexec:1.1 image * fix some typos in filters * Ensure IP is set for Azure internal loadbalancer * Fix typo and comments * fix rebase error * codeClean-merge-logfAndFailnow-to-fatalf * Build Kubernetes binaries with valid Semantic Version * Use `blkid` to get fs type of device. * modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go * fix the format for github error * reopen #58913 Fix TODO move GetPauseImageNameForHostArch func * Do not use ifupdown commands * Add call to addCredentialProviderFlags * Add Beta VolumeAttachment API * sample-controller: document minimum kube version * PVC Protection E2E Tests for Failed Scheduling * update all * Use v1beta1 VolumeAttachment * Change feature gate PreRelease to Beta * Rename PVCProtection feature gate so that PV protection can share the feature gate with PVC protection * reuse PVC protection admission plugin for PV protection * existing PV controller changes * Add PV protection controller * Add policy for pv protection controller * refactor kube-aggregator api group install * Expose etcd compaction time via environmental variable in GCE * Fixing issue with capitalization causing odd behaviors for allow-privileged configuration option. * remove alpha when running cloud-controller-manager with hyperkube * Adding lower() to kubernetes master's usage of allow-privileged. * Disable JUnit-style reporting for benchmark script * Fix cross-build breakage after #58174 * Update Calico to version v2.6.7 * use node-e2e framework for testing cadvisor * add upstream * aesgcm - passing * fix typo in package apiserver * Elaborate deprecation warning * kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address * Add GCE ingress test case for modified health check * Make predicate errors more human readable * fix a typo in pkg/apis/core/fuzzer/fuzzer.go * Fix typo (a -> an) * fix a typo in pkg/cloudprovider/providers/azure/azure_loadbalancer.go * Update test framework featuregates type. * Auto generated BUILD files. * Add UT test TestCheckOpenStackOptsfunc * Expose etcd compaction interval param for kubemark apiserver * Fix typo * Fix typos * gce: delete opencontrail vars * cluster: remove unused functions * cluster: remove some cvm stuff * cluster: delete image staging * cluster: remove unused kubelet token * cluster: remove unreferenced vars * cluster: remove kube-registry-proxy * cluster/gce: remove salt comments from manifests * Ensure that the runtime mounts RO volumes read-only * Revert "fail earlier on discovery failures" * [GCE Ingress e2e] Add test for pre-shared certificate * Add IPv6 to ref page descriptions. * Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node. * kubelet: only register api source when connecting * suggest using describe cmd to list pod containers * bumping timeouts for apiserver communication. * Update CHANGELOG-1.10.md for v1.10.0-alpha.3. * [e2e ingress-gce] Retrieve the correct health check resource * add basic functionality deployment integration tests * refactor ipset interface AddEntry() * validate set in ipset * validate entry in ipset * validate ipset entry before adding in ipvs proxier * fix review comments * update bazel BUILD * Add tests for pkg/serviceaccount. * check ErrorNotFound in netlink.go to fix cross build error * update bazel * fix todo: Move isDecremented to pkg/apis/core/validation * initialize ipvs proxy owners file * Fix typo in CHANGELOG-1.10.md. * Move MountPropagation to beta. * kubeadm init: skip checking cri socket in preflight checks * Configurable etcd quota backend bytes * fix TODO:change to a api-server watch * fix the format for github error * delete duplicate function for getting volume source * Conversion from typed to unstructured should set GVK * Introduce apiserver profile-gathering library in testing framework * fix irregular descriptive docs * Add e2e test for PV protection * Cleaning up loopback removal process * Add Terminating state to PVs * Cluster Autoscaler 1.1.1 * Add mwielgus and MaciekPytel to GCE owners * Use `blkid` to get fs type of device. * Promote v1alpha1 meta to v1beta1 * patch cmd/kubeadm/test/cmd/BUILD for bazel 0.10 * nodelifecycle: set OutOfDisk unknown on node timeout * Replace nominateNodeName annotation with PodStatus.NominatedNodeName in scheudler logic * autogenerated files * Remove validation failure of Pod priority when the feauter is disabled * Sort firewall params * Update etcd server version to 3.2.13 * fixing node labels for random tests invocation * Reformat log to show more details * fix typo in cluster * fix todo: migrate to use framework.AddOrUpdateLabelOnNode/framework.RemoveLabelOffNode replace of updateNodeLabels * Remove comment from Cluster Autoscaler manifest * Add annotations to the deviceplugin API * Regenerate the deviceplugin protobuf file * Add Annotations from the deviceplugin to the runtime * Cap how long the kubelet waits when it has no client cert * When using the bootstrap cert, update the store * add Annotations to audit event * run hack/update-all.sh * refactor NsenterWriter to utilize pkg/util/nsenter * Remove resources that were moved to kubernetes/examples repo * fix typo in client-go * Fix golint for openstack and cinder packages * Adding volume metrics support for vSphere Cloud Provider * Use `blkid` to get fs type of device. * Add OWNERS for Godeps and vendor folders * Add OWNERS for third_party folder * Add unit test for endpoint allocate * Add OWNERS for translations folder * Ignore OWNERS file in verify-godeps * Update kubeadm supported etcd version to 3.2.14 in 1.10 * build: fix a logic error in shell script. * core/v1 should be first in discovery order * add kube-root for file directory * fix todo:Move function readinessCheck to util * add example for kubectl config unset, this will help user use * Pass pod informer to PV controller * Don't recycle PVs that are used by a pod * Revert "Add self anti-affinity to kube-dns pods" * kubelet ignores hugepages if hugetlb is not enabled * Remove --service-sync-period flag which was not in use * Use beta instead of alpha GCE Compute API to add an alias range to an instance. * add minimal types for service account TokenRequest API * autogenerated * Add GCE instance UpdateNetworkInterface API to beta. * Fix StatefulSet set selector bug * Add comments about potential race in delta fifo. * Ability to run an external binary instead of hyperkube cloud-controller-manager * Redesign and implement volume reconstruction work * Patch ingress upgrade test to ignore checking certain GCP resources * Clarify that ListOptions.Timeout is not conditional on inactivity * certs: allow cert controller to delete csrs * bzl: make integration tests actually work * Fix local PV node affinity tests and only run once * Fix the wrong comment in cri constants. * Test ports are covered by firewall * Equiv class volume fixes * Scheduler is not able to read from config file if configmap is not present * Use direct struct comparison, not reflection * clean up code * Fix TestPlugin func has two same if code/kind bug * Fix typo: constucts -> constructs * clean temporary para for require-kubeconfig * Refactor and add some tests. * Ensure daemon opts are in effect before docker login * fix typo in kubeadm * fix invalid match rules for advanced audit policy * Ensure public IP removed after service deleted * Remove defaultV18AdmissionControl in 1.10 cycle * add testapigroup of apimachinery to go-to-protobuf * make sure mounter not nil and fix some typo * add unchedule information to kubectl describe node * Fix RBAC permissions for metadata agent. * fix golint warnings in daemon controller * Update storageos api dependency to 0.3.4 * StorageOS support for containerized kubelet and mount options * kubectl: cannot set --all and --selector at the same time * Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface. * Document kubeadm API * Update etcd version from 3.1.10 to 3.2.14 when upgrading a K8s cluster to use IP aliases. * Update generated code * fix apply --force w/ invalid AND conflicting resource * split docker-logins logic into 2 handlers * use comparable host path instead of full url when creating a targetpool * move makeHostUrl to gce_instances (only used there) * Fix flaky AdmissionWebhook e2e-crd tests * IPv6: Ensure calculated node CIDR size for pod subnets is valid * Add context to all relevant cloud APIs * kube-scheduler: Use default predicates/prioritizers if policy config does not specify them * svcacct: move claim generation out of TokenGenerator * Better timeout in slower virtual machines * authentication: remove TokenRequest from authentication.k8s.io/v1beta1 * test: bump timeout on //pkg/master * Ensure euqiv hash calculation per schedule * Initial local PV block device plugin checkin. * [e2e ingress-gce] Plumb the Logger interface and avoid assertion in util functions * Use SetInformers method to register for Node events. (#449) * fix TODO: moving driver name check in API validation * Fix to register priority function ResourceLimitsPriority correctly. * remove a todo which is out of date * Add TestEmsireExternalLoadBalancer test * Move shared load balancer variables out of test.lb update/delete tests * test loadbalancer resources created & deleted * check presence of healthcheck * add AddInstanceHook mock method, test insertion of new instace * Update PriorityClassName API doc * autogenerated files * Make kubelet flags of kube-up.sh configurable. * Removed unnecessary test code. * simplify the if logic * Change log format: replace () to [] * add k8s:conversion-gen to internalversion * regenerated files * auto generated items * abstract proxy servicePort and endpoints * delete unused generated file * Remove provisioner configuration from info message. * Switch CRI NamespaceOption from bools to enums * Update kubelet for enumerated CRI namespaces * Increment CRI version from v1alpha1 to v1alpha2 * Remove duplicated comment * Enable HPA tests on large clusters * Reimplement 2 tests using fakeexec * devicemanager: increase code coverege of endpoint's unit test * add keyring parameter in Ceph RBD provisioner * fix todo: use selector.DeepCopy replace of hard code * clean up unused function GetKubeletDockerContainers * Return information about which int tests failed in the summary * Indicate endpoint subsets are an optional field * Allow passing request-timeout from NewRequest all the way down to actual request * remove mapper dependency - PrintSuccess * Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT * cleanup * Move workload registries to apps package * godep: update vmware/govmomi * vclib: enable VM disk attach test * Disallow PriorityClass names with 'system-' prefix for user defined priority classes * isolate node creation into separate function, address PR comments * Create short name for cronjob * Handle fetch of container logs of error containers during pod termination * fix deployment's collision avoidance mechanism * check firewall creation + deletion for healthcheck firewall * test updateExternalLoadBalancer removes nodes * Cleanup of ipvs utils * use getInstanceByName to check for node presence, instead of DeleteInstance) * remove newline before err checks. address pr comments * Add mountpoint as CRI image filesystem storage identifier. * verify no extra RS was created when re-creating a deployment * run update-bazel.sh, lint on mock.go * Remove experimental keystone authenticator * Add gRPC client service for envelope transformer * Update kms provider config for gRPC client service * Fix verify error and address review comments * Only support unix socket for kms gRPC, also add Version method * Update for review comments * Remove configfile for kms in encryption config * Add generated script for kms api pb file * Change provider ID to uuid * Add verify script for kms generated file * audit support wildcard matching subresources * add test case * run hack/update-all.sh * Moved validation to the API side * Revert "add number measurement for bound/unbound pv/pvc" * Add useInstanceMetadata param back in Azure cloud provider * Switch to k8s.gcr.io vanity domain * Route verify-bazel output to stderr * Route verify-gofmt output to stderr * Route verify-boilerplate output to stderr * Route verify-godeps output to stderr * Route verify-godep-licenses output to stderr * return error if New-SmbGlobalMapping failed in azure file mount * Enable golint for `pkg/scheduler` * Change critical pods? template to use priority * Set instanceID to azure resource ID format while useInstanceMetadata is enabled * Fix golint errors in `pkg/scheduler` based on golint check * fix describe when allocatable CPU/Memory is 0 * Add apiserver profiling to our scalability tests * add node shutdown taint * admission registration use shared informer instead of poll * add wait ready for mutating/validating webhook configuration * run update bazel staging-dep * fix using defer in loop in cors test * client-gen: remove base input dirs * Collect prometheus metrics for custom resources * update staging godeps * add more error logs in kubectl run * return a more human readable error message if mount an unformatted volume as readonly * AWS: Do not ignore errors from EC2::DescribeVolumee in DetachDisk * Extract instantiation of cloud provider * Skip TestRoutes when there are no vm(s) * Fix bug with profile-gathering waitgroup in scale tests * Add shyamjvs to cluster/images/kubemark/OWNERS * Add node e2e to verify hugepages feature * validation_test.go: move test cases for AllowPrivilegeEscalation option from TestValidatePodSpec to TestValidateSecurityContext. * kubelet: add support for pod PID namespace sharing * Unify image registry value in kubemark setup scripts * Mark kubemark images w/ random tags to avoid race b/w runs * dockershim: don't check pod IP in StopPodSandbox * Add 'none' option to EnforceNodeAllocatable * Fixes the regression of GCEPD not provisioning correctly on alpha clusters. * Cleanup and add category doc * Adding benchmarks to envelop encryption integration tests * generate mocked methods with context as the first arg, because golint * make context the first arg in AddInstanceHook/RemoveInstanceHook * remove CAdvisorPort from KubeletConfiguration * Update cadvisor to 6116f265302357cbb10f84737af30b1f13ce2d6c * Remove unnecessary summary api call. * Add a new environment variable to the startup scripts called KUBE_PROXY_MODE * Create pkg/kubelet/apis/deviceplugin/v1beta1 directory. * Make azure cache general for all objects * New unit tests for timedCache * Add cache for virtual machines * Add cache for load balancer * Add cache for network security groups * Add cache for route tables * Rename and restructure local PV tests * Update endpoint value in test code * Pass pvc namespace and annotations to Portworx Create API * [e2e ingress-gce] Scale test to measure ingress create/update latency * fix incorrect logic in canSupport * Update azure_loadbalancer.md * bazel: support using SOURCE_DATE_EPOCH to override date * Bury KubeletConfiguration.ConfigTrialDuration for now * Task 0: Added Alpha flag for NoDaemonSetScheduler feature. * remove unused function in pkg/controller/replicaset/replica_set_test.go * kubeadm: Support imagePullPolicy option in the kubeadm init configuration file * Avoid race condition when updating equivalence cache. * proxy service part changes * proxy endpoints part changes * iptables proxier part changes * ipvs part changes * Pass pod labels to controller revision * update bazel BUILD * correct the ConstructVolumeSpec func path value * Add error handling and new tests * devicemanager testing: dynamically choose tmp dir * Add HTTPProxyCheck for API servers * Enable scaling fluentd-gcp resources using ScalingPolicy. * Remove bootstrap kubelet config on reset * Print stderr from go tool pprof in profile gatherer * Disable symbol resolution by pprof in profile-gatherer * CSI - Marking CSIPersistentVolumeSource Beta * CSI - Auto-generated code updates * Workaround patch using cached version in TestPatch * Update Kubeadm proxy handling for IPv6 * devicemanager testing: time out sooner * Bump GLBC version to 0.9.8-alpha.1 * fix --watch on multiple requests * Refactor volumehandler in operationexecutor * Autogenerated files * vSphere test infrastructure improvement and new node-unregister test * Update CHANGELOG-1.9.md for v1.9.3. * Enable Audit Logs Behind a Feature Gate * Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName. * juju: Fix kube-proxy failing to identify local endpoints * Update CHANGELOG-1.8.md for v1.8.8. * Extend timeout to deal with pkg/master flake. * Adding kubemci e2e test for conformance * Autogenerated BUILD changes * release local ephemeral storage resource when removing pod * Add tests for schedulercache * nit: remove CSI plugin from ProbeExpandableVolumePlugins * taint also node controller * Check etcd port instead of process name * some typo * fix "destroying ipset" error in kube-proxy.log when run cluster in local * fix deleting dummy device error in kube-proxy.log when run cluster in local * Use SeekStart, SeekCurrent, and SeekEnd repalace of deprecated constant * fix all the typos across the project * auto-generated * Use generic cache for vmss * Adjust unit tests for vmss * util/goroutinemap code cleanup * New github id - FengyunPan -> FengyunPan2 * remove unused function printIndentedJson and printAllPods in test/integration/scheduler * Update README.md * create storage account if necessary when create azure file pvc * Migrate FeatureGates type of kube-proxy from string to map[string]bool * Auto generated files. * Update fuzzer to reflect FeatureGates type change. * Make command-line flag --feature-gates compatible * fix some syntax related errors * Add ipset binary for IPVS, context: https://github.com/kubernetes/kubernetes/issues/57321 * Fix kubelet PVC metrics using a volume stats collector. * Requesting new credentials when node names change * format some import statements in scheduler pkg * fix typo, this let's us -> this lets us * Add unit tests for extractVmssVMName * Use full instanceID as lun lock key * Abstract disk operation interfaces in VMSet * Update vmss client to new version * Update vmss fake clients * Update Azure GO SDK to v12.4.0-beta * Use new clients for vmss cache * Add azure disk support of vmss * update azure API for auth * Fix unit tests for vmss * Fix godeps for client-go * Map correct vmset name for internal load balancers * Add unit tests for mapLoadBalancerNameToVMSet * use new account generation method for blob disk * Remove /ui/ redirect * Fix #59601: AWS: Check error code returned from describeVolume * kubeadm: add configuration option to not taint master * Remove unused getClusterCIDR() * compare Pods by UID, not by name and namespace * kubelet: check for illegal phase transition * Promote configurable pod resolv.conf (CustomPodDNS) to Beta * Auto-generated files for CustomPodDNS Beta API * Ignore 0% and 100% eviction thresholds * Bump GLBC to 0.9.8-alpha.2 and change back to --verbose * bazel: update digest for debian-iptables-amd64 * Add etcd 3.x minor version rollback support to migrate-if-needed.sh * bazel: update busybox digest to latest (~1.28.0) * Dynamic client support subresource create/get/update/patch verbs * Remove myself (timothysc) from OWNERS files on areas that I do not actively maintain. * code-generator: add boilerplate header * add --go-header-file to use kube boilerplate * Fix typos * Detect CIDR IPv4 or IPv6 version to select nexthop * Fix: change basic auth password should keep admin in masters group * Review #1 * Review #2 * controller-manager: switch to config/option struct pattern * apiserver: make SecureServingOptions and authz/n options re-usable * controller-manager: add SecureServingOptions * controller-manager: add authz/n to options, nil by default * Update generated files * hack/grab-profiles.sh: fix typo in variable name. * hack/grab-profiles.sh: use double quotes in trap. * hack/grab-profiles.sh: bash script cleanups. * hack/grab-profiles.sh: fix typos in error strings and variables. * staging: add boilerplate header * Increase timeout on waiting on cluster resize in autoscaling tests * pass listener in integration test to prevent port in use flake * run update bazel * Don't create no-op iptables rules for services with no endpoints * hack/update-codegen.sh: split string into array robustly. * hack/update-codegen.sh: fix finding items in an array. * hack/update-codegen.sh: fix finding api names. * Add criSocket to kubeadm NodeConfiguration manifest * Remove duplicated definition of ResourceList in Metrics API * libffi-dev dependency added in fluent-es-image Dockerfile to solve the docker build error * kubectl port-forward allows using resource name to select a matching pod * add reviewers to util/mount * local-up-cluster.sh should be conformant out-of-the-box * Upload container runtime log to sd/es. * removing production code usage from e2e tests code * Avoid hook errors when effecting label changes. * Add a test case for the race in #59822 * Add started state to the processor to protect against double starts * Remove unused DeltaFIFO compressor argument to NewDeltaFIFO * juju: Fix broken ingress after upgrade-charm * WIP - create read/writer rate limiter * Add criSocket to kubeadm MasterConfiguration manifest * fix markdown formatting for test image * Configuration changes * kube-dns configmap translate * add federations translation * improve tests * use caddy for translation * fix json tag on Azure.config * deprecate kubelet's cadvisor port * Add vmType checking in Azure disk controller common * Addressed review comments * kubemark using cobra commands * fix README for admission webhook test image * Secure Kubelet's componentconfig defaults while maintaining CLI compatibility * rename func ValidatePodSecurityContext to ValidatePod * Addressed jeffvance's review comments * Fix instanceID for vmss nodes * cmd/controller-manager: add OWNERS for generic controller-manager code * add number measurement for bound/unbound pv/pvc * add e2e test for bound/unbound pv/pvc count metrics * Save benchmark data in perfdash-friendly format. * update-bazel.sh * Add golang.org/x/tools/benchmark/parse godep. * Fake docker-client assigns random IPs to containers * Add retries to PrepareNodes utility function * Fix DownwardAPI refresh race. * vendor caddy * Add jsafrane as AWS approver. * kubectl port-forward support resolving service port to target port, and support Service as resource type * fixing diskIsAttached func * Correct error strings and variable name. * kubeadm: Demote controlplane passthrough flags to phases alpha * Pipe error message from openapi/swaggerspec verify checks to stderr * Check if netstat or iproute2 is available * Update to latest gophercloud/gophercloud * Partial revert of fb5caac2da063cd5e992e2c9fda5b0bf30776871 * Improve comments for kubelet * trivial change to fix test issue * Kubernetes version v1.11.0-alpha.0 openapi-spec file updates * kubelet: revert the status HostIP behavior * force node name in generated static pod name lowercase * Move the kubeletconfig v1alpha1 API to beta, rename to kubelet.config.k8s.io * apiserver: fix some typos from refactor * Standardize on KUBE_PROXY_MODE (not KUBEPROXY_MODE) * Rename ConfigOK to KubeletConfigOk * Try longer to fetch initial token. * Fix the broken link in Markdown * Process existing cloud nodes in CCM * csi: Remove stale volume path * Store labels and fields with object * Fix cluster autoscaler test to support regional clusters. * Clean-up not needed method. * fix fluentd-gcp-scaler to look at correct fluentd-gcp version * update -o name format to kind.group/name * Rework volume manager log levels * Container Liveness probe InitialDelay time increased to accomodate slow machines * Add configuration item to allow kubeadm join to use a dns name pointing to control plane * Update build deps for Bazel and zz_generated * Enable mount propagation tests by default * Add a reviewer to addon-manager * enable mutating and validating admission webhook by default on gce and centos clusters setup by kube/cluster-up.sh * Add some more tests for routes. * Avoid call to get cloud instances * gke-certificates-controller: rm -rf * code review: create err chan via helper * Update reviewers for sig-scheduling. * kubelet: revert the get pod status * Add cblecker to dep approvers * Enforce OWNERS file in Godeps and vendor dirs * Re-add OWNERS files to Godeps/vendor dirs * Add deprecation notices * cluster/images/hyperkube: Fix typo in Dockerfile for aggregator symlink * Add cloud-provider policies to be applied via addon mgr * Log the command line flags * Use consts as predicate name in handlers * In etcd-version-monitor, Remove grpc labels used only in etcd 3 format when translating metric back to 3.0 format * [e2e ingress-gce] Add test for backside re-encryption * Change the strategic-merge-patch link to https://git.k8s.io/community/contributors/devel/strategic-merge-patch.md * Fix pod scheduled. * Index PVs by StorageClass in assume cache * collect ephemeral storage capacity on initialization * wait for bound pvc metric updated before validating * Remove extraneous CHANGELOGS on the 1.10 branch. * Updating kubemci e2e test to not add kubeconfig flag for get-status * Add AWS cloud provider option for IAM role * Move code only used by gce out of common.sh and into gce/util.sh. * use prometheus-to-sd 0.2.4 and fluentd-gcp-image 2.0.16 * Add quotas to density and load tests * Revert "add node shutdown taint" * add an admission decorator chain * Split self-signed cert and CA * reevaluate eviction thresholds after reclaim functions * Bump default Metadata Agent version * Allow Metadata Agent to get and list resources * Add myself to owner aliases * Updating vendor file and dependency * Refactor k8s core csi bits for CSI Spec 0.2.0 * Add code and yaml for Istio as an addon * svcacct: default expiration of TokenRequest * oidc authentication: switch to v2 of coreos/go-oidc * oidc authentication: generate testdata and delete old test packages * bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b * Updating code to use TempDir in manifest test * [e2e ingress-gce] Enhance cleanup logic for pre-shared-cert test * Move ipvs module loading logic * Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies * Autogenerated: hack/update-bazel.sh * Require boilerplate on Bazel Skylark source files * Pass ProjectRouter to mocks * Don't assume SG is for ELB; pass tags directly * Fix e2e node setKubeletConfiguration helper * Do not add kubeconfig while running kubemci * Pick the PriorityClass with the lowest value of priority in case more than one global default exists * Add VolumeNodeAffinity to PersistentVolumeSpec * Add new volume-scheduler cluster role to scheduler * Volume node affinity enforcement * Generated files * Updated comments to correct flag of taint. * Add API docs for multiple PriorityClasses marked as globalDefault * Taint node when it under PID pressure. * collect metrics on the /kubepods cgroup on-demand * Fixing CSI E2E test * Removed newlines from e2e log statements. * dockertools: disable MemorySwap on Linux * refactor kubeadm join command generation * autogenerated files * Changed API doc * autogenerated files * Add cluster-location to GCE instance attributes * AllowVolumExpansion field to describe printer. * Introduce PodSecurityPolicy in the policy/v1beta1 API group. * Update examples to use PSPs from the policy API group. * Update generated files. * Fix typos in configmaplock * glusterfs: Remove an outdated comment about GB vs GiB * glusterfs: fix a comment typo * glusterfs: refer to upstream gluster documentation * Remove unused code and modify tests to include set based selector * Fix grammar eror of azure cloudprovider * Increase allowed lag for ssh key sync loop for tunneler * Fix race in healthchecking etcds leading to crashes * Reformat and update error strings. * Bump kube-openapi to add new openapi endpoint * Add new openapi endpoint in aggregator server * cleanup printers some more * Fix device unmap for non-attachable plugin case * Drop init container annotations during conversion * bzl: use --local_test_jobs * bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43 * Test cases fix after path expansion * Bump addon-manager to v8.6 * Disallow setting both alpha and beta PV nodeAffinity Allow setting PV nodeAffinity if previously unset * svcacct: make token authenticator fully generic * Add test for wrong networktier resource deletion * Move NetworkTiers into cloud/constants.go * Move and make exported lbScheme types into cloud/constants.go * Define hooks for inserting Forwarding Rules and Addresses in all versions * Move shared variables and fakeGCECloud method to top * Use shared variable names. Define hooks on mock objects * Delete unused ForwardingRule fakes * fix running with no eviction thresholds * remove deprecated /proxy paths * autogenerated * returning an empty array instead of returning an array with empty string for kubemci get status * cloud: don't require application default credentials to run unit tests * [e2e ingress-gce] Bump num of ingresses for scale test * add deployment proportional scaling e2e test * Improve scheduling queue's logic * rename StorageProtection to StorageObjectInUseProtection * fix resource filter for generic printers on get * Adding per container stats for CRI runtimes * Invoke PreStart RPC call before container start, if desired by plugin * Migrate deviceplugin api from v1alpha to v1beta1 * [fluentd-gcp addon] Update event-exporter * Fix getting pool size in autoscaling e2e tests * Return information about which int tests failed in the summary - followup * Make sure node pool is deleted in autoscaler e2e tests. * Pass location parameter to event exporter. * Remove pkg/client/unversioned * Introduce e2e test for Metadata Agent * collapse printing paths * readme update for fluentd-gcp-scaler * StorageProtection Brought to Beta in 1.10 Release * Remove Feature from StorageProtection E2E tests as Storage Protection feature is brought into beta. * adding new tag bumping SHA * Deprecate KubeletConfiguration flags * Kubernetes API for Shared Process Namespace * Fix kubectl describe for priority class objects. * Generated code for Shared Process Namespace * [e2e ingress-gce] Reduce numExtraLarge to 99 * bump(go-openapi/validate): d509235108fcf6ab4913d2dcb3a2260c0db2108e * remove unneeded factory codec methods * Bump dependencies for build tag fixes bump github.com/vmware/govmomi/vim25 to HEAD bump bitbucket.org/bertimus9/systemstat to HEAD * Minor improvements to scheduling queue * Test cases to verify container log stats * Update kubectl describe to print out PV node affinity * add support for /token subresource in serviceaccount registry * Deprecate kubectl scale job * Change printDeprecationWarning to use fmt.Fprintf instead of glog * Make the `Unschedulable Queue` interface private * Extracting common logic related to integration testing of storage transforms. * Introduce some plumbing which makes it possible to specify which ingress image to upgrade to for the upgrade test * Document k8s.gcr.io/etcd image upgrade/downgrade support * DevicePlugins feature is beta in 1.10 release * fix todo: add validate method for &schedulerapi.Policy * Critical pods priorityClass addition * Build files generated * remove f.PrintObjectSpecificMessage * Set shared PID namespace mode based on PodSpec * set default enabled admission plugins by official document * Add GetDiskFreeSpaceEx and export winstats.StatsClient * Set FsId and usedBytes for windows image file system * Get dirFsInfo from docker image filesystem * add lock before detaching azure disk * Cleanup node type checking for azure nodes * Avoid explicit mention of glusterfs in error strings. * controller-manager make use of generic apiserver profiling * kube-scheduler make use of generic apiserver profiling * kube-proxy make use of generic apiserver profiling * update bazel * Review #1 * Unset CDPATH in build script to fix path generation * Improves backoff policy in JobController * Fix passing gcloud command output to error check * Allow env to be updated via specific key in resource * Make CSI volume attributes first class * Add CSI volume attributes generated API code * remove metrics client factory method * deprecate --show-all * Fixes #47538: Add functionality for manually creating a Job instance from a CronJob * Add kubectl create job --from=cronjob/ * Remove unnecessary return parameter from NewCmdTopPod * Add external metric type to HPA API * Autogenerated code for HPA external metrics * Modify tests * Remove ClientSetForVersion & ClientConfigForVersion from factory * Validation for HPA external metrics * Fix nsenter on Mac * update version and manifest * bump coredns feature gates to beta * Namespace should support table printing * update cadvisor godeps and ignore per-cpu metrics * add subresources for custom resources * update generated files * Modify PodSecurityPolicy admission plugin to additionally allow authorizing via "use" verb in policy API group. * Run hack/update-bazel.sh * Introduce buffered audit backend * Remove subnet size restriction for IPv6 * Update the DaemonSet controller to use the apps/v1 API * backoff runtime errors in kubelet sync loop * Update description for valid reclaim policies * Results of running update scripts: update-openapi-spec update-federation-openapi-spec * Fix incorrectly formatted URL * Add smart retries to resource creations in testing framework * examples/podsecuritypolicy: add owners. * Fixes for HTTP/2 max streams per connection setting * godeps: bump go-openapi * Remove k8s prefix from gcr.io/k8s-ingress-gce-image-push repo * multi-zone PD e2e tests * generated files * gce: allow extra addons to be sourced form a url * add me to iptables/kube-proxy reviewers * clean up KubeletConfigOk condition construction * Discovery client and aggregator downloader use /openapi/v2 endpoint * Refactor tests * fix typo and remove inaccurate TODO * vendor misspell * add spelling checking script * fix new typos when rebasing * Add kubelet container log manager * Use container log manager in kubelet * Generated code * Add node e2e test for log rotation. * add description of mount options to StorageClass describe printer * kms: rename KMSService to KeyManagmentService * fix proxy mode comment message in v1alpha1 * fix proxy mode comment message * Make Service storage a wrapper around other storages * generated: bazel * Disable mount propagation for windows containers * Reuse the "min*Nodes" slices to save the GC time. * remove unused function negotiate() and writeYAML() * More unit test for configurable pod resolv.conf * Add e2e test for configurable pod resolv.conf * Remove conntrack entry on udp rule add. * initialize all known client auth plugins * clean up sysctl code * [kube-proxy]enhance kubeproxy init flag * fix freespace for image GC * Fix grammar and log issue in volume cache code * Autoscaler e2e - fix getting initial pool size * Add a metric exposing number of objects per type * generated * dockershim: Return Labels as Info in ImageStatus. * apiserver: fix testing etcd config in preparation for etcd 3.2.16+ * simplify kubectl testing factory * Only run connection-rejecting rules on new connections * handle Table response in client * Enable PV protection test by default * Fix golint warning * Update versioned portions of kubectl to use apps/v1 with DaemonSet * Update e2e and integration to use apps/v1 for DaemonSet * generated code * Add Categories to CRD spec * update generated files * Introduce External Metrics API * Include generated files * Revert "Allow env to be updated via specific key in resource" * Allow TTLs to be plumbed through to webhook authn/authz in gce scripts. * update GCE plugin for block support * expunge the word 'manifest' from Kubelet's config API * api changes * k8s csi code change * autogenerated api changes * integration: refactor, cleanup, and add more tests for TokenRequest * Secure etcd API /w TLS on kubeadm init [kubeadm/#594] - Generate Server and Peer cert for etcd - Generate Client cert for apiserver - Add flags / hostMounts for etcd static pod - Add flags / hostMounts for apiserver static pod * Add more test cases for volume binding in the scheduler * Change SANs for etcd serving and peer certs * Fix typos * Update autogenerated docs * add comments * Made a couple API changes to deviceplugin/v1beta1 to avoid future incompatible changes: - Add GetDevicePluginOptions rpc call. This is needed when we switch from Registration service to probe-based plugin watcher. - Change AllocateRequest and AllocateResponse to allow device requests from multiple containers in a pod. Currently only made mechanical change on the devicemanager and test code to cope with the API but still issues an Allocate call per container. We can modify the devicemanager in 1.11 to issue a single Allocate call per pod. The change will also facilitate incremental API change to communicate pod level information through Allocate rpc if there is such future need. * adding replication-type in GCE PD parameters * Add Local PV stress test * kubeadm: use localhost for API server liveness probe * fix device name change issue for azure disk * fix cli example * flag value bindings for kubectl label/patch/taint/top commands * move storageclass/setdefault into pkg/admission/storage * kubectl: flag value bindings for common utils * fix "make test" * Delete the two same if in func TestPlugin * fix references * FIX the os.Stat() func in volume file/kind bug * Fix Deployment with Recreate strategy not to wait on Pods in terminal phase * Add tests for Deployments Recreate strategy when there are pods in terminal state present * CRD should have server side printing * Partial revert to fix local-up-cluster.sh * vendor files update * CSI code changes * Update vendor spf13/cobra to fix completion error in bash 3 * Support Running local-up-cluster in CI * Added unschedulabe predicate. * tokenrequest: tokens bound to pods running as other svcaccts * Move kubelet flag generation from the node to the client, and pass the kubelet flags through a new variable in kube-env (KUBELET_ARGS). * correct the expected value in plugintest * autogenerated files * kubeadm create token using config file * add unit test for static pod name generation * Use `Int32Ptr` function from utils instead of self-written versions * Run hack/update-bazel.sh * vendoring latest version of google-api-go-client * Added local storage e2e test for VolumeMode: block * Conformance: Add StatefulSet tests. * Delete two same if in photon_pd * fix package name error modified: plugin/pkg/admission/priority/admission.go modified: plugin/pkg/admission/priority/admission_test.go * statefulset validate collisionCount * Fix registry flunder and fisher strategy method names to a standard * remove default priority cache in Priority admission controller * add --experimental-server-print tests * Update Dashboard version to v1.8.3 * Use quotas in default performance tests * Add clusterid tags to the instances in AWS tests * Return missing ClusterID error instead of ignoring it * Move retry-based updates to a different pkg * Add support for external metrics in kubectl * Revert "fix resource filter for generic printers on get" * adjust filtered object test to reflect old weird behavior * update aws plugin for block support * Fix regional clusters startup * hack/lib/golang.sh: split strings into arrays safely. * hack/lib/golang.sh: do not split on array items. * hack/lib/golang.sh: use double quotes. * hack/lib/init.sh: prevent splitting in 'dirname' result. * hack/lib/util.sh: add double quotes. * hack/lib/util.sh: improve staging api finding. * hack/lib/util.sh: do not iterate over ls output. * hack/lib/util.sh: remove shadowed case statements. * hack/lib/protoc.sh: don't split find-binary output. * Use rbd-nbd if present for rbd volume map and unmap operations, if rbd fails. * Add external metrics client * don't use storage cache during apiserver unit test * add nodeport-addresses flag for kube-proxy * validate nodeport-addresses * create netwowrk interface util * iptables part implementation * ipvs part implementation * userspace part changes * auto generated codes * update bazel * fix static checks * Use feature-gates command line for kube-proxy * Better PROXY_LOG and verbosity in the command line * auth: reregister auth providers * Differentiate between target and target average value * Add myself to dep-approvers OWNER alias * Reduce number of pods created for local PV stress test * Adding dummy and dummy-attachable example Flexvolume drivers; adding DaemonSet deployment example * bzl: fix update-bazel.sh * Update to use Stackdriver Agent image. * promote GC e2e tests to conformance tests * Let image manager return a copy of image list. * Add CPU/Memory pod stats for CRI stats. * auth: allow nodes to create tokones for svcaccts of pods * noderestriction: restrict nodes TokenRequest permission * rbac: allow system:node role to make TokenRequests for all service accounts * Update gke nvidia-gpu-device-plugin to the latest version that supports both v1alpha and v1beta1 device plugin versions. Re-enables nvidia-gpus e2e test after verifying the test passes now. * fix bug where character devices are not recognized * Increase timeout of integration tests * Added MountDevice/UnmountDevice pass-through to NodeStageVolume/NodeUnstageVolume for CSI Volume Plugin. Added related unit tests. Vendored CSI Spec to HEAD * Adding beta feature flag for regional PDs. * Remove cassandra example * Update gengo version * run hack/godep-save.sh * run hack/update-staging-godeps.sh * Update code generators * don't (remote) cache release-tars * Remove dep-reviewers * Run hack/update-all.sh * Remove passing packages from hack/.golint_failures * Add scheduling.k8s.io to the known groups for audit logging on GCE. * Delete the Redundant define tc * GCE: support Cloud TPU API in cloud provider * Update device plugin e2e_node test to not changing Kubelet config as DevicePlugins feature is enabled by default now. * Add Cloud TPU v1alpha1 API dependency * fix nodenames slices comparison para. * clean up example unit test * Volume deletion should be idempotent * Extract recycler client into seperate directory * Extract volumepathhandler into seperate directory * merge util into one file * move fs into seperate directory to break cycle import * update golint_failures * Make Scale() for RC poll-based until #31345 is fixed * update import * update bazel * Remove old featureGate flag * Add external metrics client to HPA rest client * Implement external metrics in HPA * Validate path in external metric name * Include EOF errors also as retryable errors * Fix nested volume mounts for read-only API data volumes * Fixed log calls in VolumeManager * sh2ju.sh: suppress `which` command output when gdate not found in $PATH. * E2E: add tests for PSP from the "policy" API Group. * Run hack/update-bazel.sh * Use consts defined in api instead of defining another ones. * [kube-proxy] Move Service/EndpointInfo common codes to change tracker * [kube-proxy] Move ipv6 related funcs to utils pkg * [kube-proxy] Add more IP version related utils * [kube-proxy] Make the import name of utilproxy consistent * [kube-proxy] Harden change tracker and proxiers for unmatched IP versions * [kube-proxy] Unit test for unmatched IP version * [kube-proxy] Mass service/endpoint info functions rename and comments * Auto-updated BUILD files * Temporary fix for LeaderElect for kube-scheduler * Refactor common parts of scheduler_perf into reusable utils * Remove unused variables (only assigned to) from test code. * Make a few code paths compile cleanly with 32-bit Go. * Add a few "+build linux" tags where appropriate. * Move linux-only getProxyMode tests to a linux-only file. * Vendor golang's go/types to include a fix for CGo typechecking. * Fix build tag for grpc_service_unix_test.go. * Add test/typecheck, a fast typecheck for all build platforms. * Ensure generated files are present before typechecking. * Ensure status bar displays full progress. * Changing Flexvolume plugin directory on COS in GCE to a durable directory * Update kubectl e2e test manifests to apps/v1 * Adding Data Encryption Key (DEK) Key Encryption Key (KEK) integration tests via KMS Plugin Mock. * Fix kubectl completion so that file names are listed * Code Cleanup * Switch to a dedicated CA for kubeadm etcd identities * Fix typos * svcacct: move getters to use an external clientset * implement token authenticator for new id tokens * Support cluster-level extended resources in kubelet and kube-scheduler * enable IPVS feature gateway by default since it's already beta * Setup windows container config to kubelet CRI * Setup docker hostconfig for windows containers * Update unit tests and bazel files * Update godeps * Allow update/patch of CRD while terminating * gce: add support for enabling TokenRequest feature * client-go: add an exec-based client auth provider * generated * add unit test case for nodenames comparison * Added unscheduable node UT for DaemonSet. * add TestUpdateStatus for horizontalpodautoscaler * Add node-e2e test for ShareProcessNamespace * update the relevant BUILD file * remove gcloud docker -- since it's deprecated * Fix stackdriver logging test * cloud-controller-manager get /healthz instead of calling restclient.ServerAPIVersions to wait for apiserver being healthy * remove unused rest/versions.go * run update bazel * Add missing table converters for server side printing * Add integration test for server side printing * Adds daemonset conformance tests * Remove spxtr from various OWNERS files. * Check nil error in IsProbableEOF() * improve get description * add m1093782566 to milestone maintainer since he is a PM member on behalf of SIG-Network * fix todo:Get rid of this duplicate function IsRetryableAPIError in favour of the one in test/utils * Relax time tolerance on KMS test, limit to platforms with unix sockets available * Set default vmtype to standard if not set * Only install etcd for verify tests that need it. * API Changes for RunAsGroup and Implementation and e2e * add remount logic for azure file plugin * Update CHANGELOG-1.10.md for v1.10.0-beta.1. * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.1. * fix warning info format * remove "scale job" from help info * Update CHANGELOG-1.7.md for v1.7.13. * Increase loging verbosity for deleting stateful set pods * Added dashboard banner passthrough to GCE kube-up. * Add buffering to the log audit backend * remove anti-affinity * Add retries to resource deletions in testing framework * Do not count failed pods as unready in HPA controller * I forgot the fact that the DevicePlugin test itself restarts Kubelet for testing purpose. Move that test back to Serial but constructs a smaller test without kubelet restart that we may run during presubmit. * Add //test/e2e/... and //test/integration/... to //build/visible_to:COMMON_testing * Add selector to DaemonSet in newDaemonSet function so that the v1 apis function for e2e * Add support for `make verify WHAT=typecheck`. * Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859 * Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation * update Mount propagation version in comment * Fix a grammatical error in a comment * bump(6644d4): spf13/cobra: support bash completion for aliases * kubelet: notify systemd that kubelet has started * increase amount of memory filled by memory allocatable eviction test * Remove mapping to /host/lib from fluentd-gcp container. * Cap max number of nodes to use for local PV e2e tests * Expect NetworkTier not to be set as GCE value (all uppercase) * Update gazelle to latest to fix vendoring issue * requires string input * improve daemonset's retry creating failed daemon pods e2e test * Swithcing to Official CSI 0.2.0 tag * Promote LocalStorageCapacityIsolation feature to beta * Update README.md of sample-apiserver. * Generate client certificates for healthchecking kubeadm etcd static pods * Update liveness probes to exec etcdctl /w mTLS for kubeadm etcd static pods * Code cleanup: group consts togather * Update documentation for azure-shared-securityrule * Fix broken useManagedIdentityExtension for azure cloud provider * Enable maximumLoadBalancerRuleCount config for azure yaml config file * Add unit tests for parseConfig * Lock subPath volumes * Add subpath e2e tests * Add feature gate for subpath * Add e2e test for deletion * [fluentd-gcp addon] Fix passing location to event exporter * Fix initializing watch cache * Run server-side print tests only on k8s 1.10+ * oidc: add rithujohn191 as a reviewer * Fixing e2e CSI test * Bump etcd server patch version to 3.2.16 * Pass in etcd TLS credentials during migrate and rollback * fix test failure and delete unused code * Fix DaemonSet e2e test for OnDelete * Prevent webhooks from affecting admission requests for webhooks * Run hack/update-all.sh * Fixing e2e CSI test, II * Bump Cluster Autoscaler to 1.1.2 * Create fake /etc/hosts for conformance test * Add retrying to audit logging e2e tests * Update Kubelet command option description for IPv6 * Setting REMOUNT_VOLUME_PLUGIN_DIR for COS images in kube-env * Add support for binaries to run as Windows services * Add sys/windows/svc to vendor * Remove 1.8-1.9 upgrade codes of kubeadm * Auto generated BUILD files. * Use cert util to get cert data. * log enabled admission controller in order * purge all the -v references from e2e.go * Add cblecker to test/ approvers * Add OWNERS file to test/typecheck/ * Avoid reallocating of map in PodToSelectableFields * Mark reconstructed volumes as reported InUse * Change regional PD cloud provider references to use the beta API * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.2. * Update CHANGELOG-1.10.md for v1.10.0-beta.2. * Vendor newest GCP Go client * Update cadvisor to v0.29.1 * [e2e service] Refine apiserver restart logic * auto check the current year * Task 2: Schedule DaemonSet Pods by default scheduler. * Rollback etcd server version to 3.1.11 due to #60589 * [Test change - don't merge] Skip load test * Make log audit backend configurable in GCE * Increase verbosity of frequently printed logline in scheduler_binder * Fix default auditing options. * Make admission webhooks not ignore scheme * Check whether it is running locally when UseInstanceMetadata * Get external IP for azure standard nodes * added missing error check * Fix broken gke regional logging test. * Fix upgrade tests for GKE Regional Clusters * Revert "[Test change - don't merge] Skip load test" * Fix use of "-w" flag to iptables-restore * Use grpc to improve the CPU utilization of the logging agent. * Revert "Use quotas in default performance tests" * [e2e service] Fix gke failure: move apiserver restart validation logic into util * match KindFor first * use temp kubeconfig for fake factory * [e2e service] Fix CleanupGCEResources for regional test * Make admission webhooks work in custom apiservers. * Bump to etcd 3.1.12 to pick up critical fix * Fixes the races around devicemanager Allocate() and endpoint deletion. * reduce nesting * fix option --audit-webhook-initial-backoff * set readOnly for CSI mounter * fix show-all option description modified: pkg/kubectl/cmd/util/printing.go * kubelet initial flag parse should normalize flags * Update CHANGELOG-1.8.md for v1.8.9. * Update CHANGELOG-1.9.md for v1.9.4. * Update CHANGELOG-1.7.md for v1.7.14. * Find most recent modified date for fluentd buffers recursively. * Add missing v1.9.4 release note entries. * Add missing v1.7.14 release note entries. * Add missing container-runtime "remote" option * Update CHANGELOG-1.10.md for v1.10.0-beta.3. * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.3. * Exclude commas when pulling the tag out of the git export-subst format string * Detect backsteps correctly in base path detection * Add atomic writer subpath e2e tests * Fix subpath e2e tests on multizone cluster. * Increase apiserver mem-threshold in density test * Use pod UID as cache key instead of namespace/name * Updates kubeadm default to use 1.10 * fix kubectl_filedir completion * Update CHANGELOG-1.10.md for v1.10.0-beta.4. * Add/Update CHANGELOG-1.10.md for v1.10.0-beta.4. * Backoff only when failed pod shows up * Fix deprecated gcloud compute networks --mode switches. * Bump fluentd-gcp-scaler version * Fail the ingress test if it timesout getting address for IP address * Fixes 'Zone is empty' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters * Fix issue with race condition during pod deletion * Added unscheduable taint. * Bump fluentd-gcp-scaler version * Fix creation of subpath with SUID/SGID directories. * Add unit test TestGarbageCollectorSync * Add AUTOSCALER_ENV_VARS to kube-env to hotfix cluster autoscaler * Prevent garbage collector from attempting to sync with 0 resources * Fix e2e tests for emptydir * Fix a bug where malformed paths don't get written to the destination dir. * Fix cpu cfs quota flag with pod cgroups * Patch glbc manifest to use version 1.0.0. Also add rate limiting flags * Wait for only enough no. of RC replicas to be running in testutil * Added network-unavailable tolerations for hostNetwork=true. * Update CHANGELOG-1.9.md for v1.9.5. * Update CHANGELOG-1.8.md for v1.8.10. * Update CHANGELOG-1.7.md for v1.7.15. * Add/Update CHANGELOG-1.10.md for v1.10.0-rc.1. * disable DaemonSet scheduling feature for 1.10 * Use inner volume name instead of outer volume name for subpath directory * Fix `PodScheduled` bug for static pod. * Cluster Autoscaler 1.2.0 - Make use of %license macro - Update to version 1.9.8+c138b85178156011dc934c2c9f4837476876fb07: * Use pod UID as cache key instead of namespace/name * Avoid copying aggregated admin/edit/view roles during bootstrap * generated * Cherrypick kube-openapi changes * Improve where we load builds from for kubeadm upgrade jobs * Backport MAX_PODS_PER_NODE env from #63114 to 1.9 * passthrough readOnly to subpath * add udev to hyperkube and bump versions * RBD Plugin: Fix comments and remove unnecessary locking code. * RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one. * Fix race between stopping old and starting new endpoint * Make integration test etcd store unique * loopback webhook integration test * Honor existing CA bundle and TLS server name in webhook client * ensure tls server name is used in transport * distinguish custom dialers in transport cache * Ensure service routing resolves kubernetes.default.svc correctly * Fix upgrade to Kubernetes v1.9.3+ * Detach bug fix * Fix ILB issue updating backend services * Fix subnet cleanup logic when using IP-aliases with custom subnets * Fix IP-alias subnet creation logic * When using custom network with IP-alias, use the former's subnet for the latter too * Add/Update CHANGELOG-1.9.md for v1.9.7. * Kubernetes version v1.9.8-beta.0 openapi-spec file updates * Fix use visible files creation for windows fix bsc#1096773 - Update to version 1.9.7+dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92: * Fix conformance testdata OWNERS file. * add semver metadata regex * Fix bug:Kubelet failure to umount mount points * Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node. * Fix kubelet PVC metrics using a volume stats collector. * Return missing ClusterID error instead of ignoring it * Add clusterid tags to the instances in AWS tests * fix bug where character devices are not recognized * add remount logic for azure file plugin * Fixes for HTTP/2 max streams per connection setting * use new account generation method for blob disk * Make admission webhooks work in custom apiservers. * Fixes the races around devicemanager Allocate() and endpoint deletion. * Add missing container-runtime "remote" option * added missing error check * reduce nesting * Fixes 'Zone is empty' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters * Fix creation of subpath with SUID/SGID directories. * Fix e2e tests for emptydir * e2e test: use sleep to wait in hostexec * Update tests to use the hostexec:1.1 image * Support new NODE_OS_DISTRIBUTION 'custom' on GCE * Bump debian-iptables-amd64 digest for release 1.9 * IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode * Kubernetes version v1.9.7-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.6. * Bump Heapster to v1.5.2 * Use inner volume name instead of outer volume name for subpath directory * Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859 * Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS * Fix upgrade tests for GKE Regional Clusters * Fix use of "-w" flag to iptables-restore * Update fluentd-gcg and event-exporter images * Use O_PATH to avoid errors on Openat * Add a test case for the race in #59822 * Add started state to the processor to protect against double starts * Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure * Backport Cloud CIDR allocator fixes to 1.9 * use danglingerror * move detach out of os volumes attach * Remove mutation from pvc validation * Add pod deletion to subpath tests, and subpath as file with container restart * Use relative path for creating socket files * Backport etcd.manifest fixes for HA clusters from #61241 to 1.9 * Register metav1 types into samplecontroller api scheme * Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don't generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3. * apiserver's webhook admission use its own scheme * add e2e case for crd webhook * Introduce multimaster clusters support to e2e framework for GKE * Fix disruptive tests for GKE regional clusters * Fix resize nodes tests for Regional Clusters * Fix dns autoscaling test for Regional Clusters * Fix restart nodes tests for Regional Clusters * Fix resize test for Regional Clusters * fix incompatible file type checking on Windows * add tests for GetFileType * Fix deprecated gcloud compute networks --mode switches. * Fix daemon-set-controller bootstrap RBAC policy * Fix PodStore to wait for being initialized * fix nsenter GetFileType issue * Cleanup CRD/CR confusion in webhook e2e tests * Fix flaky crd e2e tests * Ensure expected load balancer is selected for Azure * remove default fsypte in azure disk * Fix gofmt * Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver. - Update services files to make use of KUBE_FEATURE_GATES flag feature#feature-gates - Prevent the Kubernetes image GC from cleaning the images that have been loaded using container-feeder. - Added patch: * do-not-gc-sle-kubic-images.patch Fixes: bsc#1069469 - Put all the Kubernetes related services under the podruntime slice. This the recommended deployment to allow fine resource control on Kubernetes. bsc#1086185 - Update to version 1.9.6+9f8ebd171479bec0ada837d7ee641dec2f8c6dd1: * Temporary fix for LeaderElect for kube-scheduler * Added dashboard banner passthrough to GCE kube-up. * Bump Cluster Autoscaler to 1.1.2 * Fix exists status for azure GetLoadBalancer * Add unit test TestGarbageCollectorSync * Prevent garbage collector from attempting to sync with 0 resources * Fix a bug where malformed paths don't get written to the destination dir. * Kubernetes version v1.9.6-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.5. * Always Start pvc-protection-controller * Backport pv-protection-controller Finalizer Removal Part - Update to version 1.9.5+f01a2bf98249a4db383560443a59bed0c13575df: * fix invalid match rules for advanced audit policy * add lock before detaching azure disk * Update hosts in EnsureLoadBalancer() * external lb - move target pool operation into its own function * Update event-exporter * Drop init container annotations during conversion * backoff runtime errors in kubelet sync loop * Fixes the regression of GCEPD not provisioning correctly on alpha clusters. * Allow update/patch of CRD while terminating * Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation * 1.9 edition: Pass in etcd TLS credentials during migrate and rollback * e2e/monitoring: Use non-deprecated proxy API * purge all the -v references from e2e.go * purge all the -v references from e2e.go * Using G instead of Gi for GCE PD dynamic provisioning tests; change PV size check to >= instead of = * Check whether it is running locally when UseInstanceMetadata * Get external IP for azure standard nodes * Kubernetes version v1.9.5-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.4. * Fix CleanupGCEResources for regional test * Detect backsteps correctly in base path detection * Add atomic writer subpath e2e tests * Exclude commas when pulling the tag out of the git export-subst format string * Add retrying to audit logging e2e tests * Skip deprecated /ui redirect check against 1.10.0-alpha.0 and newer * Skip deprecated proxy prefix tests against 1.10.0-alpha.0 and newer * prevent v1alpha1.Table tests in 1.9 from running against >=1.10 * bugfix(mount): lstat with abs path of parent instead of '/..' * Fix subpath e2e tests on multizone cluster. * check server version at correct point in e2e flow - fix bsc#1086412 - Update to version 1.9.4+bee2d1505c4fe820744d26d41ecd3fdd4a3d6546: * Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details (#61046, bsc#1085009) * Ensure public IP removed after service deleted * Use GlobalMemoryStatusEx to get total physical memory on Windows node * Kubernetes version v1.9.4-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.3. * Update to go1.9.3 * kubelet: only register api source when connecting * Set instanceID to azure resource ID format while useInstanceMetadata is enabled * Change provider ID to uuid * Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE. * Still proceed to sync on aliases from node's spec and cloud even if the mode is not the expect one. * Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132 * Update vendor of google.golang.org/api repo * Use beta instead of alpha GCE Compute API to add an alias range to an instance. * Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface. * Pass pvc namespace and annotations to Portworx Create API * return error if New-SmbGlobalMapping failed in azure file mount * Map correct vmset name for internal load balancers * Detect CIDR IPv4 or IPv6 version to select nexthop * Use SetInformers method to register for Node events. (#449) * Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName. * Fix race in healthchecking etcds leading to crashes * Increase allowed lag for ssh key sync loop for tunneler * fix device name change issue for azure disk * create storage account if necessary when create azure file pvc * Ensure that the runtime mounts RO volumes read-only * Fix Deployment with Recreate strategy not to wait on Pods in terminal phase * Fix comparison of golang versions * Add tests for Deployments Recreate strategy when there are pods in terminal state present * Add etcd 3.x minor version rollback support to migrate-if-needed.sh * hack: when installing gazelle, checkout older version of buildtools * Update Dashboard version to v1.8.3 * Fix nested volume mounts for read-only API data volumes * Lock subPath volumes * Add subpath e2e tests * Add feature gate for subpath - Add /var/lib/cni to kubernetes.tmp.conf - Fix %post kubelet section to correctly create /var/lib/cni as subvolume on CaaSP3 only. - Do not create `/opt/cni/bin` subvolume or folder , we'll use `/var/lib/kubelet/cni/bin` instead - Fix CNI subvolume creation in kubelet's post install script - Update to version 1.9.3+d2835416544f298c919e2ead3be3d0864b52323b: * Recheck if transformed data is stale when doing live lookup during update * Fix garbage collector when leader-elect=false * Track run status explicitly rather than non-nil check on stopCh * admission: do not leak admission config types outside of the plugins * Fix loading structured admission plugin config * Surface error loading admission plugin config * Kubernetes version v1.9.3-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.2. * Reduce Metrics Server memory requirement * Adjust the Stackdriver Logging length test * Rework method of updating atomic-updated data volumes * Initialize node ahead in case we need to refer to it in error cases. This is a backport of https://github.com/kubernetes/kubernetes/pull/58186. We cannot intact backport to it due to a refactor PR https://github.com/kubernetes/kubernetes/pull/56352. * Send correct resource version for delete events from watch cache * Add resource limits to prometheus-to-sd to guarantee qos * Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set * Bump metadata proxy to v1.9 * Revise the log err when failed to get the node. * Use /proc/net/nf_conntrack. * Make IsConnectionReset work with more error implementations. * Rewrite go_install_from_commit to handle pkgs that aren't in HEAD * Use the bazel version check function from bazel-skylib * Update cluster addon Calico to v2.6.6 * Make it possible to override the driver installer daemonset url from test-infra. * Add apiserver metric for number of requests dropped by 'inflight-request' filters. * Add a metric to track usage of inflight request limit. * Never let cluster-scoped resources skip webhooks * generated * fixing array out of bound by checking initContainers instead of containers * Use SSH tunnel for webhook communication iff the webhook is deployed as a service * Split ClientConfigFor() * By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access. * Add deprecated stage of feature gates * Mark ServiceProxyAllowExternalIPs feature as deprecated * azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request * Bump Metrics Server to version v0.2.1 * Get windows kernel version directly from registry * Updated priority of mirror pod by PriorityClass. * Update Calico to version v2.6.7 * Client ca post start hook now checks if the system namespace already exists before creating it. * Set --kubelet-preferred-address-types on apiserver by default * Remove setInitError. * Expose etcd compaction time via environmental variable in GCE * cloudprovider/openstack: fix bug the tries to use octavia client to query flip * Cluster Autoscaler 1.1.1 * Ensure IP is set for Azure internal loadbalancer * Configurable etcd quota backend bytes * Remove duplicate function. * fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation. * ref -> $ref * fix GetCustomResourceListerCollectionDeleter comments - Update to version 1.9.2+5fa2db2bd46ac79e5e00a4e6ed24191080aa463b: * kubenet: remove code forcing bridge MAC address * Prevent deadlock on azure zone fetch in presence of failure * Clean up some service related description * Fixes range for min value in imagepolicy admission * fix typo in config_test.go * Allow to specify tls config for coredns provider * Expect that path to files will be provided not raw data * kubelet: fix inconsistent display of terminated pod IPs by using events instead * fix error print * flexvol: remove a mount directory in a error case * kubectl config get-contexts: sort output * avoid newline "\n" in the error to break log msg to 2 lines * Remove duplicate code fixing empty name error * Mark volume as detached when node does not exist for photon * Fixed a small comment typo * Fix AnnotationProvidedIPAddr for externalCloudProvider * Fix kube-proxy to use proper iptables commands for IPv6 operation * Clean up diskLooksUnformatted literal * Create container log symlink for all containers * fix kubectl set resource/selector/subject output * Add YAML example to kubectl patch. * set proxy when build containers for users behind proxy * Use cloud environment to instantiate client * Variable mismatch * remove redundant error test case in autoscaling validation * Support completions for --clusterrole of kubectl create clusterrolebinding * Add Kubernetes user agent to GCP API calls. * support nodeSelector in kubefed init * If command.Execute() return err, print to stdErr * Run go fmt * Add fmt.printf for other need * provider_test.go: use existing method instead of own copy of it. * migrate sig-ui e2e test * fix-review * Fix typo in docs of remote package * fix conditional for warning while starting KCM without secret file * add ut for pkg/kubectl/deployment.go * fix minor typo * Add CII Best Practices Badge * fix issue(49965)kubectl scale also says that it can work based on a label selector or all * remove duplicated import * e2e test session affinity * add unit test for describe secret * debug cost time * Fix NodeIdentifier godocs: IdentifyNode -> NodeIdentity * Add bash test for kubectl scale --selector and --all * Refactor federation dns test case with sets.String * Remove useless code * add UT for pkg/kubecl clusterrolebinding * fix bug in admission test * remove useless allocation of map * Improved Italian translation for kubectl * Rebase runtime-config branch on top of master * Use --oom-score-adj flag for kube-proxy * Remove cgo flag for oom package * change AddEventHandlerWithResyncPeriod to AddEventHandler in factory.go * Pointer receiver support for MarshalQueryParameter() * Add a kubelet metric to track certificate expiration. * Fix format specifiers in Azure cloud provider * Remove plugins entry from hack/.golint_failures * Fix documentation golint warnings * Change error variable identifiers to ErrFoo * Rename PluginsEnvVarPluginLoader to stop stutter * Rename XDGDataPluginLoader to be uniform * add unit test case for networkpolicy storage * Address panic in TestCancelAndReadd * ensure unstructured resources in kubectl get * Azure: expose services on non-default subnets * add ipvs default sync period * squash the commits into one * should use time.Since instead of time.Now().Sub * Fix apiserver help message * kubectl: Move utility functions to util package * remove todo(#42787)Add fallback for cronjobs, and move some useful function to cmdutil * migration of federation test * fix comment for cronjob utils.go * Refactor cronjob test case with sets.String * rename the name of eventsource in controller-manager * add verify case in index_test.go * add err message if / pairs specified under --local * add Local and Unstructured builder attributes * update bazel * Moving disk-related cloud provider operations to gce_disks.go * fix annoying leader election typo * Add cmluciano to NetworkPolicy reviewers * ignore unknown resource version in scaler error * add --list option to label cmd * Add an OWNERS file for deviceplugin package. Update OWNERS file for gpu package. * ProducesObject should only update the returned API object resource documentation * Add examples pods to demonstrate CPU manager. * add readme file of ipvs * rsync ipvs proxier to HEAD of iptables * update bazel * vendor libnetwork which support flush API * support ipvs flush API * Fix failure to load volume plugins for #52048 * Add required family flag for conntrack IPv6 operation * acknowledge --show-all=false with --watch * Clean up kublet secret and configmap unit test * move specialDefaultResourcePrefixes out of vendor/k8s.io/apiserver * adding kube-controller-manager starting option tests * Add `ReclaimPolicy` field to `kubectl describe storageclass` output. * validate federation cluster spec CIDR * client-go: simplify deepcopy calls * Fix some comment in hack/jenkins/*-dockerized.sh * Change TimeAdded to pointer * Generated files * Add cmluciano to milestone maintainers * inode eviction only requires filling 200k inodes * Fixes issues noted in review * e2e: minor changes to network/service testing utils * add test case * Allow kubectl cp large amounts of files from container * Ensure we log the flag apiserver starts with. * Add more test coverage for kubeadm uploadconfig especially with idempotent case. * Remove backward compatibility of hostportChainName * Fix golint errors in `pkg/controller/podautoscaler` * Modify `apimachinery` imports using `staging` * Do deep copy instead of to and from JSON encoding * fix kubectl cp command error. it happens when copy directory to pod and the directory path ends with '/'. for example: kubectl cp /XX/XX/ XX-POD:/XX/XX * add lease endpoint reconciler * dockershim: remove support for legacy containers * adds two new fields to AdmissionOption. * Avoid printing node list for LoadBalancer in log file * Parse out numeric portion of semantic version. * correct to handler * Always populate volume status from node * fix issue(#52244)kubectl describe serviceaccount have redundance null line, we should keep accordance for kubectl describe command * fix return 0 error in DefaultSubCommandRun * remove repeated import'k8s.io/client-go/kubernetes' in controllermanager.go * print HostPathType for kubectl describe * allow windows mount path * add FlagPersistent flag in nodePort and other situation * remove unless healthz.DefaultHealthz() in controller-manager * ut test load ipvs config * Add testcase for SelfLink function * Fix typo in kubelet kuberuntime container test * Fix incorrect status msg in podautoscaler * Add specific errors for pod affinity predicates * Add some comments to the version and user-agent changes. * Updated pd.go tests to use GCE API instead of GCloud Commands * Add cdk-service-kicker to kubernetes charms * error msg fixes * E2E test to make sure controller does not crash because of nil volume spec. * add ut for pkg/kubectl/autoscale_test.go * storage, etcd3: add an option for configuring interval of compaction requests from apiserver * Implement metrics for Windows Nodes * typo in annotations * fix issue(11233)enhance kubectl config command * Test gcloud exit when detecting master for e2e * fix kubectl get cronjob lose age info * Removing PrometheusPushGateway --prom-push-gateway flag from e2e tests. * add/update tests * improve the relation of ExecInContainer and Exec * Release note should not be NONE or similar things. * Refactor node taint conditions * add age column for storageclass and cronjob test * golint version and fix versioning doc link * Add s390x to juju kubernetes * Remove warning about changes in default token TTLs * Bugfix to check overcommit for hugepages. * Drop --experimental-bootstrap-token-auth flag. * Remove deprecated stale flags of kubele * Use NC to fix deprecated taint key name * Add redirection test for service using request host. Transport has no scheme and host. * Handles redirection when service returns absolute path with request's host. * client-go: Truncate body based on Verbosity level * Initial changes for adding forward rules * Do not set message when terminationMessagePath not found * Unable to detach the vSphere volume from Powered off node * Switching to apps/v1beta2 * fix typos: remove duplicated word in comments * Add IPv6 support to iptables proxier * Some kubelet flags do not accept their default values * Fix url for Saltstack administration document * Add default value for RouteReconciliationPeriod in cloud controller manager * Improve codes which checks whether sandbox contains containers * Need to validate taint effect when removing taints. * optimize then function in kind visitor * Remove unused variables and constant from pkg/apis/componentconfig/v1alpha1/defaults.go * Use const instead of hard code for volume plugin * Consolidate extended resources and hugepages in Scheduler. * Add pod disruption budgets to admin/edit/view roles * To be consistent with http package, check also no_proxy * s390x ingress controller support * Remove federation manifests which are no longer used * Auto generated bazel build file * add generic printer test of structured obj * Bulk Verify Volumes Implementation for vSphere * Fixing kubelet restart * bazel: make //cmd/kubectl:kubectl binary publicly visible * Refactoring and improvements for iSCSI and FC * Only register floatingIP for external loadbalancer service * Fix missing floatingip when calling GetLoadBalancer() * fix the bad code comment and make the format unify * Add test file for go file * stop the Timer * Fix typo in e2e-node-test.sh * Multi-arch allowPrivilegeEscalation tests * Validate that cronjob names are less than 52 characters * Fix GCE LB resource cleanup for service e2e tests. * Collapse all metrics handlers into common code * Track gauge of all long running API requests * fix typo * Minor fix: make sure that gluster implement interface ExpandableVolumePlugin * fix typo * Remove the deprecated env "ENABLE_CRI" * add feature: azurefile mount on windows node * TestIoHandler should not run on unsupported platforms * Add comment for controller manager default values * fix service hash flags * update comment code mistake * only allow cifs mount on windows node * default service resolver for webhook admission * Enable go race detection for bazel tests. * CRI: Allow configuring stdout/stderr streams for Exec/Attach requests * Adjust the validating messages * Conditionally run detect-project in log-dump * generic_scheduler.go: Fix link in comment * pkg/controller/node/scheduler/rate_limited_queue.go:correct a small spelling mistake * add UT for podPreset storage * Add version info to kube-scheduler, kube-proxy and kubelet logs. * Remove cloud provider rackspace * Fix broken statefulset e2e test * Fixed logic with updates in initializer plugin * Make feature gate enablement checks lock-free * dockershim: fine-tune network-ready handling on sandbox teardown and removal * bazel: bump rules_go * Build hyperkube image with Bazel * Set the default value of service-cluster-ip-range in kube-apiserver * Remove orphaned rules * Use buildozer to remove deprecated automanaged tags * Use buildozer to delete licenses() rules * add tags to e2e and integration tests * Tag broken examples test as manual * bazel: use autogenerated all-srcs rules instead of manually-curated sources rules * bazel: build/test almost everything * Added device plugin e2e kubelet failure test * Allow dns e2e test case for ExternalName to run on aws * Don't need to check useAnnotation in dns e2e test * the feature of Flex volume API and Improved lifecycle hasnot merge v1.6 * fix some error link of changelog.md and changelog-1.6.md * fix error of func TestValidateStatefulSet that updateStrategy * make configFactory private * remove rackspace related code * refactor parsing cluster autoscaler status * Moved fakes to a separate file usable by other tests * Modified test/e2e_node/gpu-device-plugin.go to make sure it passes. * kubelet: remove the --docker-exec-handler flag * Add cos as an alias for gci in the upgrade script * Add docs for secret literal and file combinations * Update CHANGELOG.md for v1.9.0-alpha.1. * Update CHANGELOG.md for v1.8.0-rc.1. * Preserve leading and trailing slashes on proxy subpaths * Cleaning up unused functions in /pkg/controller/deployment/util * kubeadm golint clean up * volunteer to help with external cloud providers * Add a negotiate method media type for use in explicit contexts * Simplify some deployment utilities * add ipvs sync period parameters * refactor tests, and add soft eviction test * Added service annotation to set Azure DNS label for public IP * Update gophercloud to Handle New Identity Endpoints * bug(cli)fix kubectl config unset unexist map key will add this key, should tell user this key not exist * Switching to rbac/v1 * Include audit log in master log capture * Add support for skeleton in GetSigner * squash the commits into one * fix 404 link in changelog-1.6 * Limit 52-character cronjob name validation to create * Update kubelet's 'pod-manifest-path' description * Use arg cgroupRoot,not nodeConfig.CgroupRoot * fix-todo * improve cgroupmanager in qosContainerManager * Improve `horizontal.go` documentation * Fix oversized comment line, lint error * Add round trip tests for conversion to go-openapi types * use patch PodStatus to avoid overwriting potential pending status updates * Change RBAC storage version to v1 for 1.9 * bump(github.com/go-openapi/spec): 7abd5745472fff5eb3685386d5fb8bf38683154d * enable scale to 0 test for gke * oidc client auth: better error when refresh response is missing id_token * Fix test selector * Move prometheus metrics for docker operations into dockershim * Adjust audit policy for scale issues * AllowPrivilegeEscalation: add validations for caps and privileged * Move deployment collision avoidance e2e test to integration * Refactor function * Mark Cluster Autoscaler as GA (1.0.0) * godep revendor google api go clients * add neg to gce cloud provider * add alpha wrapper function for backend service and health check * e2e additional tests for local volume * Endpoints can add a get or connect options type in their group * Use PollImmediate and shorter interval in integration test * Add check for IPv6 '::' when calculating kube-proxy's node IP * Add msau42 to storage e2e approvers * Fixes the flaky TestDevicePluginReRegistration. In the current test, there is a race that the new device plugin endpoint may not be added to the device plugin manager endpoints at the time when we call manager.Devices(). Added the checking and waiting for endpoint updates before calling manager.Devices() in the test. * Fixed intermittant e2e aggregator test on GKE. * Fix --kube-reserved storage key name and add test cases for node allocatable reservation * refactor nsenter to new pkg/util * use GetFileType per mount.Interface to check hostpath type * auto-gen * fix some typos in api types * Fix a potential file leak * auto-gen * Add switch to control use of pv for etcd in federation CI jobs * Fix couple of minor issues in federation deployment scripts * Remove unnecessarily included scripts in federation deployment scripts * Move logs related to etcd pvc creation inside conditional * Use custom error for "unimplemented" * federation: simplify deepcopy calls * Fix wrong deprecated option info in * remove unused code * Detect major version mismatches between kubeadm and kubelet. * fix fuzz of micro time * Improve HT detection * Ring buffer for notifications * Get fallback termination msg from docker when using journald log driver * Fix the version detection of OpenStack Cinder * Removes creation of CSR approval CR from kubeadm * cluster size autoscaling tests fixes * Allow kubelet metrics tests to run on gke * Add more reviewers for volume components * fix missing apps/replicaset in kubectl * Support apps.ReplicaSet in kubectl describe * Align imagefs eviction defaults with image gc defaults * Allow to use version labels in kubeadm upgrade apply * federation/pkg/federation-controller/util: fix swallowed errors * Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled * Modify traces in deletion handler * More descriptive error message for `make test` * Remove touch-lock init container from kube-proxy * Fix kube-proxy addon OWNERS file * Add documentation comments for volume expand controller * [OpenStack] Service LoadBalancer defaults to external * support run ipvs UTs in windows platform * Fix host network flake tests * Update gophercloud: Remove v1/appiversions * Added openstack instance metadata search order * kubeadm-reset: notify about a non-default certificates directory * remove ipv4 in pkg/util/ipvs * All cloud-providers not required out-of-tree * fix broken cloud provider info urls * clusterrolebindings duplicate create in local-up-cluster.sh Changes to be committed: modified: hack/local-up-cluster.sh * Fix version comparison for versions with preRelease components * Add a label which prevents a node from being added to a cloud load balancer. * Metadata order search tests * outputs for colums not found * Update kube-dns to version 1.14.5 * Update kubeadm to 1.14.5 * Revert "Make kubelet touch iptables lock file during initialization" * improve code * Normalize RepoTags before checking for match * Improve PVC ref volume metric test robustness * kubectl cp support coping remote file into local dir * enable to specific unconfined AppArmor profile * k8s.io/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch: Fix swallowed errors in diffLists() * k8s.io/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch: Fix swallowed errors in normalizeSliceOrder() * Address review comments * vendor/k8s.io/client-go/tools/record: Fix two swallowed errors in tests * Retry when checking Azure storage account readiness * Move k/test/e2e_federation package to k/federation/test/e2e * Move k/test/integration/federation to k/federation/test/integration * Auto generated build files * implement delete real server for fakeIPVS and add UTs * remove ipv4 constraints of Node IPs in ipvs proxier * fix sample-apiserver artifacts * new version number for kubeadm constants.go * Fix lint error on kubernetes-worker * gce:restrict file permissions for PKI assets * fix #52462. Do not GC exited containers in running pods * bazel: set --incompatible_disallow_set_constructor=false to fix breakage * Fix indentation and skip leading v on the semver. * Change ImageGCManage to consume ImageFS stats from StatsProvider * Fix another space vs tab formatting error. * Improve deb and rpm packaging * Add 201/202 to the list of returned codes. * Make sure GOPATH/bin is in PATH * Centralize godep version number * Kubeadm: Change the marshal code to use ApiMachinery code. * Let node test subcommand be an arg * Fix kubeadm upgrade grammar. * Abort if not default nor conformance * Update CHANGELOG.md for v1.6.11. * Update CHANGELOG.md for v1.8.0. * Make HPA tolerance a flag * Remove storage-class annotations in examples * Fix a scheduler flaky e2e test * Move 1.6.11 changelog to CHANGELOG-1.6.md * Update CHANGELOG.md for v1.7.7. * remove unused filed * remove unused function addStorageLimit * rename test file name * Improve error logging and comments * Fix broken links in kubelet * Fix basic audit in GCE deploy scripts * fix comment * Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled * Fix sed command to not try shell redirection * Calculate patches for commands using input version * Fixes a flakiness in GPUDevicePlugin e2e test. Waits till nvidia gpu disappears from all nodes after deleting the device plug DaemonSet to make sure its pods are deleted from all nodes. * Fix 1.8.0 binery checksums * Let local node e2e return error. * Go fmt * Bazel fmt * Enable node certificate autorotation * prepull images after disk eviction tests * gce: remove compute-rw, see what breaks * Fix user-agent append string component order. * Move make clean to a static list * Update file location in comment * Fix merge conflicts. * Allow users to configure the service account made available on their nodes * add get alpha backend service into cloud provider * Fix imagefs stats. * Clean up godep scripts to be self-contained * Vendor godep v79 and use it * openapi: Validate unregistered type, if they can be found * Fix failing import in juju master namespace actions. * Panic on failure to calculate index key * pass labelSelector to server side opaquely * Fix bad format of 1.8 release notes * Elimenate extra CRI call * Correct APIGroup for RoleBindingBuilder Subjects * Enhance scheduler for TaintNodeByCondition. * Update CHANGELOG.md for v1.5.8. * fluentd-elasticsearch add-on: Upgrade to Elasticsearch/Kibana 5.6.2 * fluentd-elasticsearch add-on: Upgrade API versions * moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver * Rename TPR to CRD to be consistent * Updated known issues for kubelet --cert-dir * create separate transports for liveness and readiness probes * Implement CRI stats in dockershim for Windows * Update influxdb and grafana controller to latest version * Add audit-logging, feature-gates & few admission plugins to kubemark * Send VolumeMismatch event to PVC * make isAutoscalerEnabled check work with min size 0 * Fixed counting of unbound PVCs towards limit of attached volumes. * refactor test to work on GKE * Wording in missing config from cluster response errantly says "don't how to". * remove containers of deleted pods once all containers have exited * Don't referece not-exist addon manager manifests in comment * etcd: update version to 3.1.10 * Version should be quoted so jq doesn't interpret it as numeric * add --selector flag support * Beginning of rewrite apply merge-logic using visitor pattern. * Address PR comments * container-vm is deprecated, so don't use it for GCE test clusters * Kubeadm: Add some validation for external etcd config * Fixes test/e2e_node/gpu_device_plugin.go test failure. * stop assigning satnam reviews * Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role * add timeout for Openstack cloud provider * don't recreate static pods when node gets deleted * Version should be quoted so jq doesn't interpret it as numeric * cmd: kubectl: remove golint_failures entry * Change default --cert-dir for kubelet to a non-transient location * support imagePullSecrets and imagePullPolicy in kubefed init * Fix test skip condition * Disable autoscaling before removing autoscaled node pool * Increase backoffLimit for job that we expect to fail several times * Remove conformance tag for internet connectivity * Dynamically determine default docker machine memory * Add permisions for Metrics Server to read resources on cluster level * default fail-swap-on to false for kubelet on kubernetes-worker charm * Remove swagger 1.2 validation * Add IPv6 option for e2e iPerf test * fluentd-elasticsearch add-on: Rename Elasticsearch Docker image tag * removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer. * Merge kube-dns templates into a single file * Merge kube-dns-autoscaler templates into a single file * Rewrite `kubectl explain` to use openapi * openapi: Add fake resource to simplify tests * Add test for explain * Fixes a regression introduced by PR 52290 that extended resource capacity may temporarily drop to zero after kubelet restarts and PODs restarted during that time window could fail to be scheduled. * add note about kubeletremoved flag --api-servers * Support field selectors for CRDs * Fix spam of multiattach errors in event logs * Improve explanation of ReplicaSet. * fix typo in health check url * Verify clean up of stale VM's for vSphere dynamic provisioning * e2e tests need a ping6 test for IPv6-only clusters * Minior cleanup in pkg/controller/node/ipam/sync/sync.go * Add a flag to customize config relative dir * Create e2e test for Custom Metrics - Stackdriver Adapter * Support completions for kubectl config rename-context * Enable prometheus client metrics in apiserver * Update bazel * cleaning tests from deprecated usecases due to unsupported version * Add /var/lib/kubelet error to known issues * code-generator: rename _test to _examples * code-generator: turn hack/update-codegen.sh into re-usable generate-{internal,}-groups.sh scripts * sample-apiserver: port to k8s.io/code-generator/generate-internal-groups.sh * verify-pkg-names.sh: exclude generated informers * Update generated files * kubelet: add metrics to network plugin manager * Ignore notFound when deleting firewall * moves admission.v1alpha1.NewAdmissionReview to webhook plugin * Use pointer for PSP allow escalation * revert the comment change from Run to run * Bump default snap channel to 1.8/stable in juju charms * New controller to GC CSRs. * Allow setting --concurrent-service-syncs for kube-controller-manager in GCE startup scripts * Refactor network policy e2e tests, and add additional logging when tests fail * Handle missing subnet for auto networks and legacy networks * Fix the defaultServerImage name of hyperkube in kubefed * cmd: cloud-controller: remove golint_failures entry * Fixed alpha e2e test failure. * Enable event logging in the service controller * Update CHANGELOG-1.7.md for v1.7.8. * Removed the IPv6 prefix size limit for cluster-cidr * PV recycler: don't reuse old recycler pod. * Add test for HPA * Fixed metrics API group name in audit configuration * Add API version apps/v1 * Enable apps/v1 by default * Skip auto-generated apps/v1 codes in golint * Fix typo in apps/v1beta2 default test * Move certificate manager to client. * Add cblecker to build/ owners * Adjust defaults of audit webhook backends * Add throttling to the batching audit webhook * Ignore unexported fields in import_known_versions_test * Ability to run the openstack tests against DevStack * Add group by default to kubeadm token create * Add cheftako to CP reviewers and wlan0 to approvers. * Autogen * Remove deprecated const from apps/v1beta2 and apps/v1 * Added integration test for TaintNodeByCondition. * implement fakeIPVS update virtual server * log when node is initialized in cloud controller manager * sync(k8s.io/gengo): 70ad626ed2d7a483d89d2c4c56364d60b48ee8fc * code-generator: unify generator main.go files * client-gen: stratify main.go * Update generated files * apimachinery: remove Scheme.Copy * Autoscaler metrics-server with pod-nanny * apimachinery: remove Scheme.DeepCopy * Skip e2e check for logs API path if provider is local * add --dry-run option to kubectl drain * PSP: teach fuzzer about fsGroup/supplementalGroups strategies. * add tests * Updating Calico to v2.6.1 * apiextensions/examples: remove unnecessary function * apimachinery: mechanical removal of ObjectCopier plumbing * [GCE kube-up] Allow creating/deleting custom network * Allow kubemark to use custom network for instance creation * Removes TTY flag from etcd image build process * In DevicePluginHandlerImpl.Allocate(), skips untracked extended resources. Otherwise, we would fail a Pod allocation request that has an extended resource not managed by any device plugin. * kubeadm/cmd: fix typos, punctuation and capitalization * common.sh fix to detect ip instead of ifconfig * clarify pridicates message when no nodes available * remove replicaset unit tests that are converted to integration tests * revamp replicaset e2e tests * Update generated files * Strip tokens from `kubeadm-config` config map * sort top pod and top node output by namespace/name * Fix a grammatical problem in a comment * Add missing short names to kubectl help text * format some code in dockershim * Fallback to internal addrs in e2e tests when no external addrs available * Device Plugin now closes client connexion * [OpenStack]Add codes to check the count of nodes(members) * fix duplicate unbind action * remove repeated type conversion * RBAC: Add test for create clusterrolebindding * validate kube-proxy options * generators: allow +groupName everywhere in doc.go * add possibility to ignore volume label in dynamic provisioning * Load kernel modules automatically inside a kube-proxy pod * RBAC work on PoC * Update worker actions to use client creds * Use new kube-control interface * Update e2e to use new control interface * Fix ingress and microbot * Use the updated (RBAC enabled) cdk-addons * Move ingress to kube-system. Rename enable-rbac to authorization-mode. * Fix trimmed files comming from leadership * address code-gen issue https://github.com/kubernetes/code-generator/issues/7 * Return an error if metric cannot be registered * Add launching Cluster Autoscaler in Kubemark * Avoid unnecessary gcloud call if test was skipped * Do not set auto-detect cloud provider as the default in kubelet * Clean up in `cluster_size_autoscaling.go` * Return err when delete volume failed * Add client and server versions to the e2e.test output. * Remove local PV tests using TestContainerOutput because it doesn't wait for unmount * query --incompatible_comprehension_variables_do_not_leak=false * move initializer to the generic apiserver * generated * Add no-negcache flag to kube-dns * add ApproximatePodTemplateForObject factory method * add user-specified ns to --dry-run created obj * removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin. * Don't skip mounts if we can't find the volume * Fix potential problem when scaling --replicas=0 * Update search string for failed scheduling * Updates RangeSize func and tests for IPv6. * Fix a typo. * Bump GLBC to 0.9.7 * revamp replicaset integration tests * bump cni vendor to v0.6.0 * Remove build/cni * not necessary to use disk letter in azure file mount * Change --etcd-quorum-read default to true * remove getAvailableDriveLetter func and test * fix kubemark, juju, and libvirt-coreos README.md (from minion to node) * Support autoprobing node-security-group for openstack cloud provider * fix generate-groups.sh * Make CoreID's platform unique * Enable HorizontalPodAutoscalerUseRESTClients option * Make unnecessary hpa public funcs private * code-generator: fix flag check in generate-internal-groups.sh * Enable API chunking and promote to beta for 1.9 * Fill partial pages on the server rather than forcing client to * Promote continuation token schema to v1 * Use watch cache when rv=0 even when limit is set * Avoid intermediate List allocations as items added to the list * Make feature gates loadable from a map[string]bool * cleaning node controller from code that ensures backward compatibility for unsupported versions * Bump kube-dns version used in e2e * Add no-negcache flag to kube-dns in kubeadm * wait for pod to be fully deleted * clarifying CLI output * Add 'ETCD_DOCKER_REPOSITORY' environment variable override to 'cluster/' scripts. * Fix to prevent downward api change break on older versions * Append an alpha label to the exclude load balancer annotation. * Fix typo in StatefulSet e2e test * GCE kube-down: Delete all remaining firewall rules when KUBE_DELETE_NETWORK is set * kubectl: Remove swagger 1.2 entirely. * Make sure we use rwlocks not just RLock * preserve specified destination path * Add extra log and node env support. * move ippart() to util * consume endpoints IPPart function in util * fix avset nil issue in azure loadbalancer * add instrumented serivce unit test of version * Using assertions * kubelet/cm: remove unneeded fork of 'cat' * Release NodePorts at the end of test cases * clean up winkernel proxy * apiextensions-apiserver: stop cacher on CRD update * apiextensions: create storage with accepted, not spec'ed names * The Securty Group name should be unique * Fix hpa scaling above max replicas w/ scaleUpLimit * Use gcloud for enabling/disabling autoscaling in e2e tests * Fix flake for volume detach metrics * pkg/api: move *_test.go -> pkg/api/testing * SimpleNameGenerator: unify to use k8s.io/apiserver/pkg/storage/names * Work on upgrade path * update wrong comments * add tests * The DBusFakeConnection should have locks to prevent races * Mulligan: Remove deprecated and experimental fields from KubeletConfiguration * feature gate local storage allocatable eviction * fixed tests * Parse cluster-cidr only if it is specified * Move 1.5.x changelog entries * Move 1.7.x changelog entries * Move 1.9.x changelog entries * Regenerate CHANGELOG TOCs * Minior fix on getting subnet mode by gcloud * Update comments in pkg/kubeapiserver/authenticator/config.go * Tests to verify volume provisioning on a clustered datastore * Create new targets for running in existing containers (GCB). * Reduce log spam in qos container manager * fix azureDisk warns about disk format failure * avoid kubelet converts and validates pods multiple times * Add CHANGELOG-1.8.md for v1.8.1. * generic webhook: set a default timeout for webhook requests * Move 1.8.x release notes * Don't exit early in diff.ObjectReflectDiff on slices * Fix broken url * support micro time for advanced audit * run hack/update-all.sh * Fix incorrect link in kubeadm * Avoid fetching entire discovery tree when possible * Try to use bazel to build/push kubemark image * update cluster printer to enable --show-labels * Fix errors in cephfs_test.go * Split downward API e2e test case for pod/host IP into two * Improve e2e tests of audit logging. * Clean up unused func checkKnownProxyMode * Added more unit tests for kube-scheduler. * remove redundancy code in setCPUCgroupConfig * Add e2e test case for downward API exposing pod UID * User separate client for leader election in scheduler * Mark etcd-quorum-read as deprecated. * Get rid of pkg/api/util * Fix incorrect link in api * generated when exec hack/update-all.sh * Update CockroachDB tag to v1.1.0 * Don't use strokes in the logo SVG * kubeadm: prepare for v1.9 cycle * Optimize random string generator to avoid multiple locks & use bitmasking * kube-dns-anti-affinity: kube-dns never-co-located-in-the-same-node * kubelet evictions take priority into account * perform nil check before iterating over keys * Fix possibly flake in multiattach unit test * Ensure base image includes the modprobe binary * Updated hash and version of image debian-hyperkube-base-amd64 * Change name from sourceHost to sourceRequestHost. * split configmap, downwardapi, and secrets, into two files each volume/non-volume and moved sig labels to front of the description string * quote valid strings for field validation * Add IPv6 and negative UT test cases for proxier's deleteEndpointConnections * fix flex installer directory create * fix print format of rootScoped resourced * Use regexp instead of specifing uid. * defer func of kubelet volume testing * Define pod UID version. * Tweak kube-schuduler unit test cases. * refactor NewCmdJoin function * unused para in quantity_test * add m1093782566 to pkg/proxy/OWNERS * remove hairpin constant * This patch improve kubectl cp command from two aspects A.support soft link better before this patch "kubectl cp" command will copy the soft link to destination as an empty regular file after this patch "kubectl cp" command will behave the same as tar command this patch improves it on both from container and to container * add test case for querying rootScoped resources in cli * fed: Move cluster generator & constants from kubectl to kubefed pkg * capitalize the first letter * Volunteer to help with sig/openstack * Update BUILD file by executing update-bazel.sh * apiextensions: keep CRD storage for updates outside of spec and accepted names * apiextensions: fix test loop for CRD validation * Make sure pkg/controller/service does not depend on cmd/kubeadm/app * Remove cmd/kubeadm from pkg/controller * Remove cmd/kubelet dependency from pkg/kubelet/volumemanager * Remove cmd/kubelet dependency from pkg/kubelet * Fix license boilerplate * Drop cmd/gke-certificates-controller from bazel build script * Add import-boss directives * Ignore .import-restrictions when checking against generated docs * Add benchmark for random string generation utility * kubelet syncPod throws specific events * decode admission responses into a fresh object * NewProxierWithNoProxyCIDR: fix handling IPv6 URLs * kubeadm: add Priority to admission control * Improve generated proxy URLs for cluster-info * Make kubemark push a manual target * Allow kube-proxy using InClusterConfig() * [GCE kube-up] Don't provision kubeconfig file on nodes when kube-proxy run as a DaemonSet * Do not crash when groupVersion doesn't have a group * Remove the old Kubelet TLS Bootstrapping mode * kube-dns-anti-affinity: Adjust to match different scheme * When only one node after predicate, just return it * Update all binary download references to v0.6.0 * Update debs/rpm packages to use v0.6.0 * Try in-cluster config before using localhost:8080 * add unit test for cloud-controller-manager * glusterfs service endpoint prefix should be `glusterfs-dynamic-`. * Warn user if Pod/Service networks will be accessed via proxy. * Added PreShutdownHooks to the apiserver * Duplicate a constant - LabelNodeRoleMaster * Update many misspelled word initializer * Update rules_go, repo-infra, and rules_docker dependencies * Use -proto=legacy with gazelle, and manually fix staging/ import paths * update BUILD files * PodSecurityPolicy: Do not mutate nil privileged field to false * PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil * PodSecurityPolicy: avoid unnecessary mutation of container capabilities * PodSecurityPolicy: avoid unnecessary mutation of supplemental groups * PodSecurityPolicy: pass effective capabilities to validation interface * PodSecurityPolicy: limit validation to provided groups * PodSecurityPolicy: pass effective selinux options to validate * PodSecurityPolicy: pass effective runAsNonRoot and runAsUser to user validation interface * GC: Add check for nil interface * SecurityContext: Add accessors/mutators for effective container security context * PodSecurityPolicy: avoid unnecessary securitycontext mutation * PodSecurityPolicy: Order by name, prefer non-mutating policies, require *api.Pod, allow GC updates * clean up pkg/apis/meta/v1/time.go * update Godeps grpc to pick up data race fix * Add sample-apiserver namespace manifest * Always retry network connection error in webhook * Auto-calculate master disksize and cluster IP range in kubemark * Make EVENT_PD variable useful for kubemark * enable scale from 0 test in GKE * Make test case description more accurate. * Added PreShutdownHook functions for endpoint reconcilers * Verify the bootstrap client cert before using it * An expired certificate is not compatible * Delete the private key for the bootstrap client cert on failure * If CSR is deleted, exit immediately * Collapse duplicate code into pkg/util/csr * Kubelet should exit if the current client cert has expired * cache.ListWatchUntil should return err.ErrWaitTimeout * Have the certificate manager decide if the server is healthy * Fix expected result in Custom Metrics - Stackdriver Adapter e2e test * update-bazel.sh: fix on Mac * build/common.sh: silence kube::build::has_ip on Mac * add proxy metrics in app level * Move pkg/kubelet/util/csr into client-go * Fixed the lease endpoint reconciler creation of kubernetes endpoint and lease file ttl * Upgrade to go1.9 * Update bazelbuild/rules_go to support go1.9 * add deads to admission owners * RBAC for Calico Typha Horizontal Autoscaler * E2E test cases for Invalid user inputs - disksize, datastore, fstype * Move kubectl type conversion libs out of the resource & util package and into the conversion command. * add replicaset upgrade test * Fix unmatched bold marker in ISSUE_TEMLATE.md * refactor pd.go for future tests * review comments: some refactoring in testPDPod() and simplified Logf() * Adding vishh as an Owner for hack directory * start generating rbac serialization for v1 * allow */subresource in rbac policy rules * Extract gnu-sed detection into a function * Change scheduler to skip pod with only annotations updates * Add named port ingress test. * review: condense 2 more Its into 1 * Add check-network-mode to support both new and deprecated network mode fields * Delete redundant parameter flag * Fix admission webhook test failure in go1.9 * validate ipvs scheduler * fix CI error for session affinity * review: condense 2 Contexts into 1 * Add extra information in status functions in CRI. * Since replenishmentControllers was generated by ctx.InformerFactory, remove "replenishmentControllers []cache.Controller" which is never used. * Remove Sprintf when there are no placeholders in the formatting. * kubelet falls back to parse generic version string if not semver * Increase l7-lb-controller's memory check threshold in density test * add windows implementation of GetMountRefs * Fix typo in function name. * admission_test.go: remove unused createNamespaceForTest() and createSAForTest() functions. * add TestStatus to instrumented_services_test * Fix lint warnings for useless err checks. * [Kubectl]Fix example and annotation in convert * staging README: update code-generator to published * Do not remove kubelet labels during startup * add unit tests in /pkg/api/v1helper * Provide aggregated validation errors for version and kind * Make scheduler integration test faster * Add a file store utility package in kubelet * Change dockershim to use the common store package * Update bazel file * Remove repeated random string generations in scheduler volume predicate * review: improve disruptive node tests * Addressing review comments * Add GCE_GLBC_IMAGE to allow override glbc image * Increase waiting time (120s) for docker startup in health-monitor.sh * Introduce GCE-specific addon directory * Remove dangling shell functions * Ensure network policy conversion round trips nil from field * correct the kubeDeps.Cloud * kubelet: remove the --network-plugin-dir flag * Remove dependency on internal types from pkg/kubectl/resource. * fix the bad code comment in scheduler package * fix bug * fix PV Recycle issue when running on multi-arch * Create new unit tests for version and kind validation * Fixing a glog message to not print managed zones when it is empty * fix build vendor * Fix typo in comment. * Update generated code. * Move global scheme to pkg/api/legacyscheme * More generated files. * Bump cluster autoscaler to 1.0.1-beta1 * Add pod related conformance annotations * Updated cluster/addons readme to match and point to docs * pkg/api/legacyscheme: fixup imports * Update bazel * Enable metadata concealment for tests * Switch to v1.List instead of allowing the conversion fn to be provided. * Move --enable-cusom-metrics to KubeletFlags and mark it deprecated * Create api-{approvers,reviewers} alias * Ignore OWNERS files in hack/verify-api-reference-docs.sh * add nested encoder and decoder to admission config * allow fail close webhook admission * update .dockercfg content to config.json * Fix loss of selector during RC/RS conversion. * Fix loss of MinReadySeconds on RC/RS conversion. * Fix loss of Conditions during RC/RS conversion. * Fix LastTransitionTime for NamesAccepted condition * Remove redundant staging/src/k8s.io/api/core/OWNERS * Add fuzz test for RC/RS conversion. * Revert "kube-dns-anti-affinity: kube-dns never-co-located-in-the-same-node" * split up large rest handling file * add ingress conformance test for NEG * add e2e test for switching ingress mode between NEG and IG * Restrict Azure NSG rules to allow external access only to load balancer IP * exit with correct exit code on plugin failure * Add sample CustomResourceDefinition controller * bazel cleanup: remove --incompatible workaround flags * Fix retry logic in service controller * Fix dockershim panic when listing images * adding e2e test for statefulsets for vsphere cloud provider * Fixing usage of clustered datastore to be absolute datastore * add event broadcaster logging for all contoller managers * Versioned busybox docker image * use multi-arch busybox for e2e * pass stop channel to route-controller main goroutine * Pass zone name instead of zone url to GCE API to update NIC setting for alias range. * Revert pkg/cloudprovider/providers/gce/BUILD made by GoSublime, which is irrelevant to the fix. * Fix typos: replace SECONDARY-RANGE-NAME with SECONDARY_RANGE_NAME. * add ProxyModeIPVS in proxy mode validation * eviction/detach test * delete NONE and N/A * fix error message of custrom resource validation * kubeadm/cmdutil.go: minor improvements * Update CHANGELOG-1.7.md for v1.7.9. * add url path for admission webhooks * generated * Speed up volume tests by reducing pod grace period * Fixes spam from node status updates * Adding config option to add additional SANs to the master's certificate. Regenerate certificate if data on certificate changes. This includes IP address and SANs. Restart API server after updating certificate. * update admission webhook to accept client config * Add timothysc to test approvers * actually check for a live discovery endpoint before aggregating * update resource selector - kubectl drain * minor test fixes; update test-cmd tests to match updated resource selector behavior * Add link to k8s.io/sample-controller * [client-go] avoid Registry in fake REST client * [client-go] fake discovery returns server groups * [client-go] Polymorphic Scale Client * Fuzz label selectors * Update extensions fuzzer to use selector fuzzer * update readme about strategic-merge-patch * fix dl.k8s.io * Make HPA controller use polymorphic scale client * [make-rules] test grep should treat binary as text * [client-go] Add fake scale client * Make AllocateResponse artifacts global across all devices per container in device plugin API * bump device plugin version to v1alpha2 to reflect the change to AllocateResponce API * Disabling k8s.io/kubernetes/pkg/kubelet/cm TestPodContainerDeviceAllocation due to #54100 * Fix `kubeadm upgrade plan` for offline operation * default admission hook failure safely * Skip ILB e2e test on GCP if cluster size exceeds limit * Use RFC1918 addresses in tests * Update CHANGELOG-1.7.md for v1.7.9. * revamp deployment upgrade test * Kubeadm should check for bridge-nf-call-ip6tables * Use GetByKey() in typeLister_NonNamespacedGet * Directly using std{in,out} for test helper subproc * Regenerate code with hack/update-codegen.sh * cleaning newNodeController from unsupported kubelet version * Unit tests for Azure service session affinity * Use PROVIDER_VARS * restore staging api owners * Run hack/update-bazel.sh * Allow absent Weight if PrioritizeVerb is empty * Address comments, fix lint failures, and bazel complaints * Aggregator test uses framework namespace. * added BUILD; review comments * Fixing spacing issue * fix bug in OnError() of apimachinery * doTestPlugin func delete volumePath in nfsvolume * unnecessary functions cleanup for deviceplugin * Check the count of cloud node for LoadBalancer service * fix some small errors in 'kubectl set' series command * fix Federation: Google Cloud DNS provider does not handle missing domains correctly * generate bazel * Implement InstanceExistsByProviderID() for cloud providers * fix issue(51245)kubectl printObj should not print header when occur error * Abstract contains func to common place * Remove redundant code of checking path * Cluster Autoscaler 1.0.1 * Change config.changed to config.changed.extra_sans so we only try to update certificates when the SAN entries change * Update openapi to use kube-openapi code * Update bootstrap policy with replicaset/daemonset permissions in the apps API group * addons/dns: changing probes for SRV record type * Fix kube-proxy panic on cleanup * Add conformance annotations for expansion and service tests * Use public ClientSet and update to CoreV1 and NetworkingV1 apis. * update linker libraries now that we reference networkingv1 * Add a notice for node e2e config files * Fix scheduler permission to patch pods * Ensure port on resolved service host * bump debian-hyperkube-base to 0.5 since CNI gets bumped * remove hard code of session affinity timeout in win-proxy * Add PodDisruptionBudget to scheduler cache. * Autogenerated files * Log error when a healthz check fails * Add service latency and secret related conformance annotations * Remove redundant call to StartLogging in service_controller. Fixes #54339 * Improve 'kubectl completion` to override short flags * sample-controller: add usage instructions to README * [addon/storage-class] update storageclass groupversion in storage-class * [cluster/centos] fix https * [images/hyperkube]add kube-aggerator link * Delete unused yaml files * Better error check for kubectl cluster-info * Add some indent in CHANGELOG-1.7 * Fix detach metric flake by not using exact equals * let the caller log error message * migrate resource related files to sig scheduling * Delete redundant err check * correct the error info when resourceName equals to hugepage * missing the format string * [OpenStack]Remove the LbaasV1 of OpenStack cloud provider * Update gophercloud: cleanup lbaas v1 * Move fluentd-gcp out of host network * Make OpenStack LBaaS v2 Provider configurable * Add README and LICENSE to staging repos * Revert "update gRPC to pick up data race fix" * Volunteer to be reviewer of NodeController. * Volunteer to be reviewer of DaemonSet * Fix etcd hostnames * Use CIDR-aware proxy resolver for SPDY RoundTripper * Fix a grammatical problem in a comment * change alpha-endpoint-reconciler-type to endpoint-reconciler-type * E2E stress test for vSphere Cloud Provider Volume lifecycle operations addressed jeffvance's review comments * update admission webhook to handle multiple auth domains * add kubectl create --raw -f * Garbage collector e2e can create too many pods for cluster * Implement `kubectl alpha diff` to diff resources * Move runtime-related flags from KubeletConfiguration to KubeletFlags * Add conformance annotations for proxy and scheduler predicate tests * Missed approvers for controller/service * certs: remove always nil error from New signature * adding E2E test to verify workflow for deleting PVC when PVC is in use * Adds support for v4/v6 loopback dns bind address. * Refactor RBD volume * Refactor RBD volume (Generated files) * Fix govet in pkg/kubectl/apply * Modify serve-hostname image to handle graceful termination * Update kube-dns 1.14.7 * Add comments to explain difference between req.URL.Host and req.Host. * Add documentation for alpha diff * add e2e test for syncing endpoints to NEG * add manifest for NEG e2e test * add e2e test for rolling update backend with NEG * Adding unit tests to methods of file's util * Removed compatibality code for kubelet 1.2. * Combine deployment rollback e2e tests * Move deployment e2e test for rollback with no revision to integration * [cluster/log-dump] bump daemonset version * fix review comments * [examples.storage/minio] update deploy config version * apply/strategy: Improve test performance * implement dummy device operation by netlink * Move deployment e2e test for hash label adoption to integration * RBD Plugin: rbdStatus only check output of successful `rbd status` run * migrate ip cmd to netlink * update scheduler to use schedulerName selector * remove redendancy code for cni * error log message in buildCNIRuntimeConf * Amend the error messages in install_test.go * Delete maxNumPVs and maxNumPVCs const of persistent_volume.go * a typo in dockershim.cm.containerManager.doWork * Update openapi bazel build to support vendored build * Fix NPE in time.Equal method * Deprecate the SSH Tunneling functionality in API Server * service_controller: Include service key in error messages * gce_loadbalancer_external: Critical path logging cleanup * Set "--kubelet-preferred-address-types" if ssh tunnel is not used. In additional don't advertise external address. * remove mutual exclusivity check - local, unstructured builder attrs * Fix hyperkube kubelet --experimental-dockershim * Update CHANGELOG-1.8.md for v1.8.2. * Move device plugin related files under pkg/kubelet/cm/deviceplugin/. * Device plugin code refactoring to cope with file move. * Deprecate using cloud provider to set host address feature * Change type of scheduling queue from cache.FIFO to a new interface * Autogenerated files * client-go: Update CRUD example * client-go: use retry util in CRUD example * client-go: fix err scope in CRUD example * Added functionality to replace default kube-dns deployment with a GKE specific one * Move podDevices code into a separate file. * local up cluster in ipvs mode by add env 'KUBEPROXY_MODE=ipvs' * audit backend run before http server start and register presShutdown hook * Fix nil pointer panic in service LB e2e tests * add scheduling.k8s.io to apiVersionPriorities * fix#50150: azure disk mount failure on coreos * fix newline in raw string in e2e net perf case * Added unit test cases for the public methods of pkg/util/taints.go * change default kind value of azure disk pv * Add conformance annotations for projected volume tests * Address lint errors * delete the hostport from usedmap * Delete the parentheses in volumes.go * RBD Plugin: Prepare to implement Attacher/Detacher interfaces. * in persistent_volumes-local.go has the parentheses of var define * RBD Plugin: Implement Attacher/Detacher interfaces. * RBD Plugin: Remove deviceMountPath before return on error Attach.MountDevice. * Enhanced the network policy describer * updating-bazel with pkg/apis/networking * RBD Plugin: No need to acquire advisory lock any more! With central attachdetach controller, we don't need to lock the image any more. But for backward compatibility, we should: * hack: rename verify-{staging- -> }imports.sh * importverifier: fix isPathUnder for base == path * update the wrong format of string TargetPort * Remove kubectl create namespace dependencies on kubernetes/pkg/api * Update kubectl drain command to use policy V1Beta1 instead of unversioned API * import-verifier: use yaml for inline comments * Fix kubeadm e2e CI build * Volunteer to help review examples * Address more comments * fix incorrect log * sample-apiserver: add docs * Update CHANGELOG-1.6.md for v1.6.12. * ScaleIO - API source code update * ScaleIO - Generated files * Update fluentd-gcp DaemonSet * Move hardcoded constants to the beginning of the script. * Add probe, pre_stop, and networking related container annotations. * Add Windows support to the system verification check * fix #54499. Removed containers are not waiting * Add go flags to go-to-protobuf * cmd/kubeadm/app/util/apiclient: fix swallowed errors * Optimize Repeated registration of AlgorithmProvider when ApplyFeatureGates Add InsertPredicateKeyToAlgorithmProviderMap() and RemovePredicateKeyFromAlgorithmProviderMap() to insert/remove fit predicate key of all algorithmProviders which in algorithmProviderMap Add Func RemovePredicateKeyFromAlgoProvider() AND InsertPredicateKeyToAlgoProvider() which can insert/remove fit predicate key to specific algorithmProvider * Adding unit tests to methods of netsh * Adding unit tests to methods of 'plugin/pkg/scheduler/algorithm/priorities/util' * check for illegal container state transition * move getMaxVols function to predicates.go and change the params of NewMaxPDVolumeCountPredicate funcs * remove the clean entirely and defer func format * Update vendored kube-openapi to latest * Update kazel hash to latest * fix azure pv crash due to readOnly nil * add HA gate and minVersion validation * fix issue(#52994)kubectl set resource can not update multi resource in local * Fix incorrect parameter tip * migrate cluster dns test to sig network * merge func list and listwatch into one * Update invalid TOC anchor of 1.4 CHANGELOG * Update invalid TOC anchor of 1.6 CHANGELOG * enable webhook admission in local up cluster * move webhook admission to generic apiserver * make printing deterministic * Fix log collection for kubeadm-gce tests * Add node e2e tests for pulling images from credential providers * fix a syntax error in a comment * Bump version of prometheus-to-sd to 0.2.2. * Updates kube-dns in kubeadm to 1.14.7 * Add bsalamat to milestone maintainers * Added Cpu Manager file state * State file test fixes * Added service annotation for AWS ELB SSL policy * Update volume OWNERS to reflect active sig-storage reviewers * reorganize rbac addon dir into subdirectories * don't add kubelet legacy binding if we aren't registering the master kubelet * Remove ./federation path * Remove all traces of federation * Add openssh-client to the debian-hyperkube-base image * Better error messages and logging while registering device plugins. * Remove unused pods in genericScheduler * Add unit test for get pod -o wide * update rbac apiversion * remove +linux restriction in ipvs/fake * Add fake remote runtime service * use core client with explicit version globally * remove redundant code * kubeadm-doc * generated-doc-placeholders * fix netsh checkIPExists in Chinese * e2e-node:the value of bestEffortCgroup is wrong * Don't cache exec and mounter in RBD volume plugin * Remove iptables log on restore failure * examples/podsecuritypolicy/rbac: fix names in comments and sync with examples repository. * Update core quota framework * Update quota controller to monitor all types * Update admission control framework for quota * Update e2e and integration tests * Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm * Prevent successful containers from restarting with OnFailure restart policy * remove the nesting directory webhook/webhook * Updating NewCIDRSet return value * Remove unneeded deps * convert testFailedDeployment e2e test to integration test * godep update * Don't log error in getInstanceFromProjectInZoneByName * Support api chunking in kubectl get * create an instance of registry and scheme for kubectl * Add framework.ConformanceIt as the new way to declare conformance tests. * Add conformance test regression test. * update-bazel * Add a e2e test for the admission webhook * webhook source code * update bazel * Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false * Metadata concealment e2e * Update AWS SDK to 1.12.7 * kubectl apply does not send empty patch request * switch some commands to use its own scheme * print priority and priorityClassName when describe pod * update wrong group for priorityclasses * clean up ipvs proxy startup in local-up.sh * Update PR template * update ipvs proxy readme * wqFlag gate node exclusion for service load balancers. * Specify correct subresource discovery info * Use GVK from storage in API registration * Test scale subresource discovery * audit backend run shutdown gracefully after http handler finish * Make HugePages const name consistent. * Add generated files * Fix the DNS addon bind address * Remove Google Cloud KMS integration for encryption-at-rest. * Fix TestCRD Flake * Validate that PersistentVolumeSource is not changed during PV Update. * Remove Google cloudkms dependency. * Added comments & examples/tests to kubectl env package * if judgement always true in e2e * Make github hide generated files in diffs * fix import warning * apiserver: return 4xx for invalid patch * Add CRI log format support in fluentd. * Revert "audit backend run shutdown gracefully after http handler finish" * kubenet: yield lock while executing CNI plugin. * admission: unify plugin constructors * make iptables wait flag generic; increase the max wait time from 2 seconds to 5 seconds * Review updates * Fix and update comment with api.Scheme * Remove all api.Scheme references by using explicit package aliases * Change bucket info of volume operations * remove created-by annotation * cluster: build gci mounter like other go binaries * diff: Propragate errors when diffing * Do not clobber KUBERNETES_PROVIDER - fix kubeadm/gce log collection * Inline completions * Added a test for proper `%s` handling when display last applied configuration * Validate apps/v1 DaemonSet selector immutable on updates * Lift embedded structure out of ManifestURLHeader field * Add downward api and docker container conformance annotations * update cadvisor godeps to v0.27.2 * Add explain for preempt sunction. * Improve kubectl error messages * fix TODO one of min-available/max-available must be specified when create pdb * Remove azure-sdk-for-go workaround that is no longer needed * Move get into its own package * fix IPV6 judgement bug and add UTs * debug e2e fail cases * Add sig-storage prefix for common e2e tests * optimize-intergration-test-rc * support kube-proxy ipvs mode for kubeadm * Update conformance testdata for storage test * Move printing the valid resource types to a function * add test for pdb * remove dependency from service generator * Add test case for validateClientConnectionConfiguration. * Add test case for validateHostPort. * remove dependency from top command * remove dependency from kubectl/metricsutil * Add test case for validateIPVSSchedulerMethod. * improve setting cgroupparent * Adjust resources for Metrics Server * Rename Detach() parameter. * Describe IPBlock for NetworkPolicyIngressRule. * Allow HPA to get custom metrics * Describe NetworkPolicyEgressRule. * Add test case for NetworkPolicyEgressRule. * fix a grammatical problem in a comment * fix testSupport in downwardapi_test * add apply --force --overwrite deployment lables e2e test enhance * Update `truncateBody` to not truncate with high level * ClusterAutoscaler 1.0.2-beta2 * Initial integration test setup for DaemonSet controller * trigger endpoint update on pod deletion * convert testOverlappingDeployment e2e test to integration test * Fix hook failure in kubernetes-worker charm due to iptables conflict * DaemonSet e2e should wait for history creation * Fix one line, remove fprintf * Remove spaces * Fix a bug checking DaemonSet pods are updated in e2e test * Remove docker dep in kubelet startup * Update the get command to follow more conventions * Rev Azure SDK to v11.1.1 * Error for missing context is no longer altered * Allow extra volumes to be defined * Update storageclass version to v1 in examples * migrate network_partition to sig apps * update autogen BUILD files * Improve cronjob concurrency policy doc * switch convert to use pkg/api/legacyscheme * validation to GPU and hugepages * Describe PolicyTypes for Network Policy. * add test for convert * rename metric reflector_xx_last_resource_version to reflector_last_resource_version{name="xx"} * fix panic in kubelet * Fix kubectl Pod Disruption Budget V2 max-unavailable parameter * kubectl Pod Disruption Budget V1 min-available parameter is not required * kubectl Pod Disruption Budget V2 selector parameter is required * Fix kubectl Pod Disruption Budget assertion error messages * Remove kubectl Pod Disruption Budget V2 deprecated min-available default * fix kubelet startup args * Add kubectl Pod Disruption Budget tests * Print type representation on errors when checking parameter types * kube-proxy IPVS: Fix IPVS availability check * Split unstructured.go into several parts * Useful helper functions for Unstructured * Add selfHosted etcd API * Add generated files * Add metrics.UnregisterMetricAndUntrackRateLimiterUsage function * Check RegisterMetricAndTrackRateLimiterUsage error when starting controllers * Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle. * Fix error for strategic merge patch of custom resources * Removes 'rwx' permissions for global users * Add unit test coverage for network policy validation. * Kubeadm - Added initial support for Windows worker nodes to join cluster using kubeadm * Allow override of cluster level (default, whitelist) tolerations by namespace level empty (default, whitelist) tolerations. * Adding extra_sans option to load balancer to allow custom SAN entries on the certificate Adding support for restarting nginx on the load balancer Added better support for knowing when certificates are written. This helps the master restart the apiserver appropriately. * Add dns, configmap, and custom resource definition conformance annotations. * Optimize the suboptimal image locality algorithm * Fixing indent * Small refactorings for kubectl/apply merge packages * kubectl apply parse libraries copy extensions to references and list elements * pkg/controller/deployment: unit tests for syncRolloutStatus * pkg/controller/deployment: syncRolloutStatus additional unit test case * Inventory of kubectl dependency on main repository * set leveled logging (v=4) for 'updating container' message * Add GCP addon PodSecurityPolicies & Bindings * GCP PodSecurityPolicy configuration * Remove dependency on drv_cfg binary for querying scalio devices * Changing the way we clear the certificate written flag to use a helper function in the tls layer. * Upgrade go-autorest to 9.1.0 * Update CHANGELOG-1.9.md for v1.9.0-alpha.2. * Don't hide proto files * PodSecurityPolicy E2E tests * refactor replicaset sync call tree * add admission handler for device resources allocation * update unit test for plugin resources allocation reinforcement * cmd: genutils: remove golint_failure entry * Update vendored package heredoc * Update Godeps LICENSES * clean up legacy ipv4/32 in ipvs proxy * Check dup NodePort with protocols when update services * Add unit test for checking dup NodePort with protocols * Add e2e test for checking dup NodePort with protocols * Add containerd e2e. * Improve deleteOptions doc * Improve deleteOptions doc (generated) * [test/e2e_node]Redirect dl.k8s.io to the kubernetes-release GCS bucket * update readme in ipvs proxy * When cert dir is relative, cert rotation builds incorrect symlinks * [cli] exit when Validate() return an error * add wiring for validating admission * admission: { -> Mutating}Admit(admission.Attributes) * admission: split MutationInterface out of Interface * admission: complete plumbing of validation admission * admission: wire create+update validation func into kube registries * admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} * Update bazel * Fix kubectl autoscale help message * Update translations * should check and return err when visit failure * Reduce metadata-proxy cpu requests to 30m * kubeadm: reset: use crictl to reset containers * Explicitly set route_localnet on nodes & masters. * conversion-gen: cut off kube dependencies in extra-peer-dirs * Update kube-openapi to use validation * Add empty dir and host related conformance annotations * Support retainkeys strategy in new apply merge code * Only parse ClusterCIDR, ServiceCIDR if AllocateNodeCIDRs * Disable the grace termination period for the calico/node pod * Node autoprovisioning e2e test. * Check for available volume before attach/delete in EBS * remove empty creationTimestamp field * StopPodSandbox should not log when container is already removed * Remove redundant comment and improve documentation. * Enable DevicePlugins feature on GCE clusters with accelerators attached. * Add node label to GCE nodes with accelerators attached. * Run nvidia-gpu device-plugin daemonset as an addon on GCE nodes that have nvidia GPUs attached. * cleanup kubectl/resource tests dependency * [e2e] make sure to specify APIVersion in HPA tests * Promotes the StatefulSet, ControllerRevision, Deployment, and ReplicaSet kinds to the apps/v1 group version. * Integration test keeps marking pods ready until deployment is complete * Wait for markPodsReady goroutine to finish * Add integration test for deployment rolling update, rollback, rollover * Fix calico network policy for opensource. * discovery client not depend on pkg/api/legacyscheme * kubelet: dockershim: remove orphaned checkpoint files * Fix go-autorest dependency in client-go staging * Sandbox Support for Windows + CNI * fix kube-proxy mode * [client-go] Add apps.Scale support to Scale client * Update deletionTimestamp with information about finalizer effect * remove duplicate healthz check register * Fix wrong format and output. * kubectl/config/rename: fix wording * haveSame is suboptimal, fix it as well as the name * Remove version check in kubectl e2e test. * Nods which is not present not need updateAddress * refactor admission handler and add UT * Don't need to check version for auth e2e test * Auto generated BUILD file * Add more comments for HandlerImpl struct * Add scale down to 1 e2e test. * make easy validation admission plugins into validators * Fix a typo. * fix exported method run's comment * Remove check for SubResourcePodProxyVersion and SubResourceServiceAndNodeProxyVersion * Remove TPR remnants * generated files: remove tpr * remove generated files with tpr * remove tpr from test_owners.csv * Remove version check for kubectl portfoward. * Auto generated BUILD file * Clarify what each "version" means. * autogenerated code * gets the correct version of kubernetes client for DaemonSet and StatefulSet History and Rollback and updates test-cmd for new versions * Add prometheus-to-sd-exporter to metadata-proxy addon; bump to proxy to v0.1.4 and e2e to v0.0.2; remove configmag * Close the file before renaming in FileStore * Adds Support for Configurable Kubeadm Probes. * New master takes over * move the GenericAdmissionWebhook plugin to be after ResourceQuota to avoid charge quota prematurely * Update CHANGELOG-1.7.md for v1.7.10. * refactor authorizer to return a tristate decision * move authorizers over to new interface * modify the union authorizer to return on the first Approve or Deny and to continue on Unknown * add deny to SAR API * autogenerated * Removing flush_auth_for_departed * The cp command must call Close() on files, and does not pass on Mac * Container manager has a bad fake interface * Tmpdir can be a symlink, also fake mount needs to call nested mounter * vendor update: github.com/golang/protobuf * move KubeProxyConfiguration out of componentconfig API group * auto generated files * Use const GroupName instead of hard-code. * Use global Scheme for API group. * NewOptions doesn't need to return error in signature. * Rename kubeproxy config pkg and group. * Use "kubeproxy.config.k8s.io" as final group name. * Add limitrange e2e test for LocalStorageCapacityIsolation feature * Add resource quota e2e test for LocalStorageCapacityIsolation feature * Add downward_api e2e test for LocalStorageCapacityIsolation feature * update staging files * Clean up redundant DNS related kubelet codes * Hide openapi-spec in diffs * [trival]remove duplicated code from unit test * remove dynamic client * typed client: add tags and script for code generation * typed client: add generated files * update apiextensions-apiserver godeps * fix scheduler predicates test that may violate DNS label rules * Stop using the PersistentVolumeLabel admission controller in v1.9 * remove the wrongly checked in binary * Add support for configmap resource lock type to CCM * stop timer * kubeadm mount path '/lib/modules' * add namespace parameters on command * implement SafeWaitGroup without race issue * rename selector to labelSelector * add fieldSelector for kubectl get * Don't share nodePort service in session affinity tests * Switch field types to PodSelector and NamespaceSelector * remove unused function in keymutex_test.go file modified: pkg/util/keymutex/keymutex_test.go * add tests * code-gen: allow overlapping prefixes in GroupNames * code-gen: add example2 type to test +groupGoName * apiserver: remove scheme arg from NewUnsecuredEtcd3TestClientServer * Cluster Autoscaler 1.0.2 * Update generated code * tolerate discovery errors in the restmapper * kubeadm: don't create duplicate volume/mount * Retry pod listing call in load test if possible instead of failing * split some admission plugins into mutation and validation halves * apiserver: fix Cacher.Stop() race * Fix divide by zero issue in calculating spread priority for zones * audit policy: reject audit policy files without apiVersion and kind * CHANGELOG: loosen language around audit policy file kind and apiVersion * apiserver: protect registry cleanup against concurrent access * Set the NON_MASQUERADE_CIDR to 0/0 by default in GCE/GKE which disables masquerade rules setup by the kubelet. Add masquerade rules based on NON_MASQUERADE_CIDR being set to 0/0. * Fixing 'targetport' to service 'port' mapping * Fix GoFmt error * Add hook information when rejecting a request * Added logic for custom kube proxy yaml for GKE * Make selector immutable the default behavior, except for legacy versions * Adding an e2e test for gce multi cluster ingress * Add extra-args configs for scheduler and controller-manager * Add named port egress test * Add windows kernel mode kubeproxy reviewers * partial fix crd patch failing * delete if-else branch * Make CRI logs parsing to a library * Run hack/update-bazel.sh * migration pod relevant e2e tests to sig node * update autogen BUILD files * fix kubeproxy in hack/local-up-cluster.sh * fix panic bug * Use "==" instead of DeepEqual for simple structs comparing. * Return error instead of crashing apiserver when updating services with duplicate nodeports * Work around heapster panic. * use versiond group clients from client-go * add create subcommand for priorityclass * Raise log level to avoid log spam * fix lint errors in kubeproxyconfig types. * Checking Cinder disk when tickers are delivered * Adds e2e tests for Node Autoprovisioning: - shouldn't add new node group if not needed - shouldn't scale up if cores limit too low, should scale up after limit is changed * try ipset in ipvs proxy mode * remove unused constant * code-generators: remove distinction of 1st and 2nd comment block for tags * Support copying options in resolv.conf into pod sandbox when dnsPolicy is Default * Fix `kubeadm init --token-ttl=0`/config `tokenTTL: "0"`. * kubeadm: remove priority admission controller for v1.9 * Add some error handling in place of ilusory one. * Update generated files * Refactor scheduler config API * Adds e2e tests for Node Autoprovisioning: - should create new node if there is no node for node selector * Make ReconcileOptions reusable * Add the iptables wait flag change to more places * fixup: remove useless errexit setting * kubenet: disable DAD in the container. * update podtolerations admission to mutate and validate separately * split serviceaccount admission into mutation and validation * adding coredns as a featuregate * Fix namespace support in kubectl aging plugin * Re-allow 0 for kube-proxy conntrack settings * Update bazel * Clarify DefaultAddCapabilities behavior * generated code * Tolerate partial discovery in garbage collector * Skip ESIPP [Slow] suite of networking tests for huge clusters * Deduplicate RC/RS controller code. * Add enisoc to RC/RS OWNERS. * Add ReplicationController integration tests. * RC/RS dedup: Add protection against future RS versions. * GCE: provide an option to disable docker's live-restore * Dockershim: print docker info output at startup * vSphere scale tests * Fix 'Schedulercache is corrupted' error * proxy: cleanup old build file * Stop running unit tests outside of Bazel. * Adding documentation on using domains and / in taint/label keys; Also clarified both key and value to labels can be 63 characters long * remove redundant code in admission initializer * Test to verify volume attach status after master kubelet restart * refactor builder in kubectl factory * Use go native func after upgrading to go1.9 * Add conditions to DaemonSet API * Autogen * Bump minimum supported go version to 1.9.1 * [trivil] fix comment in kube-scheduler * enable webhook admission in local up cluster * Add shyamjvs to test/OWNERS * Remove the comparison of ReadyReplicas to zero. * Conditionally mount flexvolume * Remove backfile-kubeletauth-certs from gce upgrade * Replace some occurances of kubernetes internal api types in kubectl * Refactor Priority Reduce functions * Fix GKE failure, set default in configure.sh. * Add extra-args configs to kubernetes-worker charm * reflector: exit retry loop on closed stopCh * apiserver: add validating admission tests * Update CHANGELOG-1.8.md for v1.8.3. * kubeadm: Extended KubeletVersionCheck * Fix data race in TestCRD * Remove hack for CLUSTER_IP_RANGE in e2e framework no longer needed * certificate manager: reduce max backoff from 128s to 32s * update apps/v1 types.go comments for controller spec selector * update auto-gen code * update the inconsistent description of TopologyKey in PodAffinityTerm * removed unused defaultClientConfigForVersion() functions from cmd_test.go. * Should return when claim.Spec.VolumeName is null * Fixes service controller update race condition * generated files * update ipvs readme file * Fix typo and progress messages. * Use const instead of hard-code for kubeadm usages * Refactor HistoryViewerFor to use Visitor design pattern * Symbol links of key and cert are no longer used. * move InitStorageAccount into azure disk provision func * openstack: fetch volume path from metadata service * kubeadm: use the CRI for preflights checks * Use volumeutil.LoadPodFromFile for pod spec * Move core api to pkg/apis/core * pkg/apis/core: fixup package names * pkg/apis/core: fix code generation * pkg/apis/core: fixup conversion func names in dependencies * pkg/apis/core: mechanical import fixes in dependencies * pkg/apis/core: restrict imports * Update generated files * Delete network by default in kube-down unless using default network * Refactoring of priority function(CaculateSpreadPriority) by using map/reduce pattern * compute pod selectors in priority meta data producer * Make swap check as an error * code-generator: move kube group list out of client-gen * admission: split PodSecurityPolicy into mutating and validating part * resync status on apiservices for aggregator * code-generator: add NewFilteredSharedInformerFactory function * run hack/update-codegen.sh * run hack/update-bazel.sh * Add performance test phase timing export. * Update configure-helper.sh * Switch to autoscaling.Scale internally * generated files * Enable scale subresources for apps/v1 * Generated files * E2E Performance test to print latency numbers for vsphere volume lifecycle operations * updated elasticsearch and kibana version to version 5.6.4 * Rename ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration * Update generated files * Disable service e2e on type and port change for huge clusters * kubadm/cmd: wording and punctuation fixes * move cmd/util/printing.go#PrintResourceInfoForCommand -> factory_builder.go * Added conditions to statefulset * Autogenerated * Rearrange kubelet networking codes * Add MutatingWebhookConfiguration type * Update generated files for MutatingWebhookConfiguration * Add apelisse to OWNERS * Add sig storage label to multizone static PV test * Capture git export-subst strings in version.sh for 'git archive' use. * Add several validation to persistentvolume * Revert "Validate if service has duplicate targetPort" * remove out of date TODO * Mark BetaStorageClassAnnotation as deprecated * Add support for CronJob to kind_visitor * gracefully shutdown apiserver after all non-long running requests finish * update bazel and staging godep * rename test file and remove unused code * add hostip protocol to the hostport predicates and make unit test adapt to the code change * add e2e test on the hostport predicates * add unit test for VisitPodConfigmapNames * not calculate new priority when user update pods * Fix influxdb e2e test failure. * Review comments addressed. * cache admission webhook restClient * update bazel * Adds e2e tests for Pod Priority and Preemption in Clucter Autoscaler: - shouldn't scale up when expendable pod is created - should scale up when non expendable pod is created - shouldn't scale up when expendable pod is preempted - should scale down when expendable pod is running - shouldn't scale down when non expendable pod is running * Add alpha feature for mount containers * Add ExecMounter * Add mount containers to kubelet * extracted elasticsearch-logging service name as environment variable ELASTICSEARCH_SERVICE_NAME with fallback on default * Support multizone clusters in GCE and GKE e2e tests * add windows mount path test * Use HPA permissions to read custom metrics in Custom Metrics e2e test * bump base images to debian stretch * Fix an unreachable kubectl explain field lookup test * bump(k8s.io/gengo): b58fc7edb82e0c6ffc9b8aef61813c7261b785d4 * apimachinery: Remove cloner from scheme * deepcopy: remove deepcopy register tags * kubeadm: fix deepcopy generation due to missing opt-in tag * Update generated code * Adjust GKE spec to validate images with kernel version 4.10+ * remove todo: switch UpdatePodSpecForObject to work on v1.PodSpec, use info.VersionedObject, and avoid conversion completely * Allocate map for ManifestURLHeader * Support collecting log for alternative container runtime in e2e test. * Disallow parent approvals. * Add README.md to test/conformance. * Refer to instructions when the test fails. * Don't clobber KUBE_VERBOSE in verify script * Fix CRI fluentd config. * add NamespaceSelector to the api * generated * Source PodSecurityPolicies from addon subdir * Reorganize addon PodSecurityPolicies * Add optional addon PSPs * Remove SSL cert volumes from heapster addons * Use whitelisted test image * ccm: move all argument handling to server * hyperkube: add cloud-controller-manager * ccm: make missing --cloud-provider fatal * hyperkube: add alpha subcommand * respond to luxas's feedback * respond to wlan0's feedback * validation of CRD custom resources: alpha->beta * Update cAdvisor. * Fix TestSummaryProvider. * Expose accelerator metrics in the summary API. * Vendor JeffAshton/win_pdh and remove lxn/win * This PR fixes issue #55031 where kubelet.exe crashes on Windows Server Core. The root cause is that kubelet.exe depends on package lxn/win pdh and kernel32 wrapper for node metrics. However, opengl32.dll is not available in Server Core and lxn/win requires the presence of all win32 DLLs. This PR uses a slim win32 package JeffAshton/win_pdh since most win32 APIs needed are PDH API. Also this PR makes own implementation of GetPhysicallyInstalledSystemMemory until golang Windows syscall has it or lxn/win fixes opengl32 issue. Also this PR modifies the way to get Windows version. * Adds Support for Node Resource IPv6 Addressing * Set CONTAINER_RUNTIME default value to 'docker' * allow configuring of the docker storage driver on gce * [kube-proxy] Fix session affinity with local endpoints traffic * build: speed up .tar.gz by 10x * move IsMissingVersion comments * Improve chinese translate for kubectl i18n * Fix .git rsync filter * Add URL beside service * generated * fix docs and validation * generated * kubeadm enable endpoint-reconciler for ha * Add concurrent service sync flag to CCM * Refactoring staticpod and waiter functions * Using --show-labels with incompatible ?kubectl get? arguments should error out * ResourceQuota support for hugepages * Validate usage strings when creating bootstrap tokens via kubeadm * update unit test for hugepage resourceQuota support * replace sets.List() with sets.UnsortedList() * fixtypo * Make sure that storage request of pvc is not zero * add kubeadm alpha phase kubeconfig option(--output) * fix bug: without Unlock in error case, and remove unrelated test cases * use versionedObject replace internal in kubectl set selector * remove redundant code in ValidateDiscovery * Validate podCIDR of node spec. * Fix typo in e2e test name. * fix ipvs proxier getLocalIPs() error * Make sure the ports is valid when parsing portString * rbac api changes for aggregation * generated * add clusterrole aggregation controller * handle clusterrole migration * Use results of kube-controller-manager leader election in addon manager * split limitranger admission * add type assertions to admission plugins * kubeadm-doc-gen * code-generator: fix multiple internal groups in generate-internal-groups.sh * code-generator: complete PkgName, GroupName, GoName separation * Regional support in CA tests. * admission: don't update psp annotation on update * ip6tables should be set in the noop plugin * Validate that PV capacity and PVC capacity requests are greater than zero * Apply taint when a volume is stuck in attaching state on node * Bump Cluster Autoscaler version to 1.1.0-alpha1 * Parse the last partial line in CRI logs * Enforce use of fixed size int types in the API * let validation webhook convert objects to the external version before sending them * Add CoreDNS as an optional addon in kube-up * Extend test/e2e/scheduling/nvidia-gpus.go to track resource usage of installer and device plugin containers. To support this, exports certain functions and fields in framework/resource_usage_gatherer.go so that it can be used in any e2e test to track any specified pod resource usage with the specified probe interval and duration. * Webhook e2e test: PUT and PATCH operations * Combine downward api e2e test cases. * Update conformance testdata for downward api test * dockershim: remove corrupt checkpoints immediately upon detection * Complete test case for kubeletconfig validation * Using lower case of fmt.Errorf * using regexp match achieve find efficiently * E2E test to verify pod failover during node power-off * pass devices of previous endpoint into re-registered one to avoid potential orphaned devices upon re-registration * Removed unused function. * Removed unnecessary type conversion * Add e2e test for mount propagation * Review fixes * remove duplicated import * code-generator: add complete internal group test cases * code-generator: smoke test _example by compiling * Update generated code * fix failed to access service of e2e test * convert this warning to an error in kubeadm * Remove unused pkg/apis/policy/v1alpha1 * Do not crash on empty NODE_NAMES array. * wrapper ipset util * Update Gophercloud dependency for reauth problem * Fix cross-compliation of mount_exec.go * Fix resource requests & limits of metadata-proxy * Pass pod name and namespace argss to prom-to-sd sidecar of metadata-proxy * Add brackets around IPv6 addrs in e2e test IP:port endpoints * Ensure GCE AlphaFeatureGate initialized * remove bad defaulting for exec and attach options * make the parameter codec include defaulters * Enable file state in static policy * Cpu manager file state tests * kubeadm: fix crictl command for reset * Add admission metrics * Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 * Fix admission metrics to track mutating/validating correctly * Remove is_system_ns from admission metrics * disable container disk metrics when using the CRI stats integration * include rbd command output in errors, simplify ifelse logic * Webhook e2e test: fail open and fail closed * Swap NetworkPolicy storage to networking.k8s.io/v1 * Align admission metric names with prometheus guidelines * comment * gce: readd kubelet-bootstrap to kubelet user * Revert "allow configuring of the docker storage driver on gce" * Modify the AWS cloud provider to ensure additional load balancer tags are added to existing load balancers * Don't test flexvolume-dir creation * Move category expander out of kubectl/resource * Adds jiayingz@ and vish@ as approvers for pkg/kubelet/cm/deviceplugin/. * Update URLs for nvidia gpu device plugin and nvidia driver installer. * Reorganize the admission webhook code. * Introduce storage v1alpha1 and VolumeAttachment * Generated files for new VolumeAttachemnt object * Set up alternate mount point for SCSI/NVMe local SSD by UUID in /mnt/disks/by-uuid/, set up ability to have unformatted disk symlinked in /dev/disk/by-uuid/. Added tests. Preserved backwards compatibility. * verify token file * remove AddToGroupVersion in kubeproxy scheme * update bazel * Reorganize the code in webhook admission plugin. * generated bazel * Add a cloud-init script to disable live-restore * Fix hostport duplicate chain names * Remove bugy chains as well to clean up old chain/rule * Add tests to test if legacy chains/rules can be cleaned up * Only attempt to construct GC informers for watchable resources * Support AWS ECR credentials in China * swap the return statements * add testcase for aws china region * fix awsStandardDNSSuffix * wrap ipset in proxy ipvs * Bump Heapster version to 1.5.0-beta.1 * use ipset doing snat and packet filter in ipvs proxy * kubeadm: change in logic of getDNSIP * Improve messages around waiting for pods. * Bump addon manager version used to 6.5 * kubectl explain: ignore trailing period * add visibility of cmd/testing to kubectl/explain * WaitForCacheSync fail should return for service controller * Add special tag for disabling ESIPP and HPA-related tests on large clusters * Clean up no longer used k8sVersion param * move cmd/util/printing.go#PrintSuccess to factory_builder.go * create fn for dns manifests * StorageClass API changes for VolumeBindingMode * generated files * Kubelet: Relative paths in local config file * Revert get version change due to the overlap in PR #55143 * Add defaulting to VolumeBindingMode * Clarify ExternalNames are hostnames * Move DNS related kubelet codes into its own package * Fixes Issue 55816: Removes unneeded IPPart error * openapi: Add EmptyResource/CreateOpenAPISchemaFunc test utils * Show openapi custom columns in `kubectl get` * Restore default polling period of resource-gatherer * Return nil error if checkpoint returns with KeyNotFound error * Update CHANGELOG-1.9.md for v1.9.0-alpha.3. * Rename log-dump env to `LOG_DUMP_SYSTEMD_SERVICES`. * Wait for server resources. * Move ungated 'alpha' KubeletConfiguration fields and self-registration fields to KubeletFlags * Guarantee that status errors have a kind set * If mountPath is missing, prefix with root dir. * auth/gcp: capture stderr from gcloud config-helper * Fix TestForgivenessAdmission. * Fix typo in CloudControllerManager * Use file-backed state for all cpumanager policies * support mount options in azure file * add vers mountoptions and fix comments * registry: cut-off kube dependencies from registrytest * registry: move generic registry tester into k8s.io/apiserver * add test for slice * Be less agressive and more patient when creating large master. * RBD Plugin: Fix bug in checking command not found error. * Clone documentation utility from //pkg/kubectl/cmd/templates * kubeadm-doc-preflight * Allow use of Octavia endpoint * Stop executing Pod Priority and Preemption e2e tests on GKE. * Set resource-gathering and probe-duration period for kubemark * kubectl: Add Terminating state to PVCs * Fix dangling attach errors * LimitRange e2e test improved. * Retry transient errors when fetching cfssl*. * fix indent * deviceplugin: fix race when multiple plugins are registered * Refactor `reconcileAutoscaler` method in hpa * ensure config file exists before loading configuration in imagePolicyWebhook * Revert "Add options for mounting SCSI or NVMe local SSD though Block or Filesystem and do all of that with UUID" * local-up-cluster.sh should start scheduler with FEATURE_GATES * Adds node auto-repair e2e tests. * add rest/request backoffMgr and throttle setters * Removed opaque integer resources. * fix flaky allocatable test * sarapprover: ignore authz errors * sarapprover: increase base delay of per item rate limit * Move regexp.MustCompile to global variable * Move unstructured conversion into pkg/runtime * Scheme should support Unstructured conversion natively * Scheme should provide ObjectTyper for Unstructured objects as well * Make edit test use subtests to identify flake * certs: start deprecation of signing asset default paths * kubeadm-markmaster * kubectl apply edit-last-applied should fail when version is missing * Fix accelerator stats API to follow API conventions. * Kubernetes version v1.10.0-alpha.0 openapi-spec file updates * update API, remove validation. * Correct clean up actions in e2e tests * fix underlying bug: double close channel when stop * Lift embedded structure out of eviction-related KubeletConfiguration fields * omitempty * Kubeadm supports for Kubelet Dynamic Configuration. * Consolidate DNS codes in kubelet pkg * Replace node's alpha taint key with GA * Auto generated files. * Run TryStartKubelet conditionally; replace hard-code with constants. * add Standard GRS, RAGRS support for azure disk * Use framework.ConformanceIt for node e2e conformance tests * Update conformance testdata for e2e node conformance tests * Update BUILD file to include e2e_node tests * remove initialize storage account pool process * Control logs verbosity in resource gatherer * Add kawych to cluster-monitoring deployment owners * Set -w flag on all iptables calls during master startup * Add GA toleration key and leave alpha ones untouched * Table printers and server generation should always copy ListMeta * API chunking tests should fail if limit is breached * conversion-gen: check for nil pkg in getManualConversionFunctions * Set defaults for KubeletConfiguration * Fix representation of the pv's capacity which provisioned by glusterfs * ColonSeparatedMultimapStringString: allow multiple Set invocations with default override * omitempty * Generating docs for v1.9.0-beta.0 on release-1.9 * Set up alternate mount point for SCSI/NVMe local SSD by UUID in /mnt/disks/by-uuid/, set up ability to have unformatted disk symlinked in /dev/disk/by-uuid/. Added tests. Preserved backwards compatibility. * Fix protobuf generation for empty struct * Admission request/response handling * Updating vSphere Cloud Provider (VCP) to support k8s cluster spead across multiple ESXi clusters, datacenters or even vSphere vCenters * add detail to flag help * Adds custom expansions to the listers for apps/v1 * CSI - API change for CSI volume source type * CSI - Generated source code * Upgrade to go1.9.2 * Explicitly download go1.9.2 in Bazel WORKSPACE * codgen * Filter out duplicated container stats * Add unit test for "filter out duplicated container stats" * seccomp is an alpha feature and not feature gated * fix network value for stats summary * KubeletConfiguration should be a member of MasterConfiguration * Add phase kubelet * Make updateNodeWithConfigMap public * Retry when update node with configmap fails. * Add test case for phase kubelet. * add andyzhangx as reviewer * Adding the mutating webhook * generated bazel * Rename the testdata package to testcerts. * fix webhook e2e test cleanup * Update generated proto for empty structs * Master now supports delayed upgrades. It will wait until specifically told to upgrade with an action unless the configuration option require-manual-upgrade is false. * Add VolumeType api to PV and PVC * generated code for VolumeMode api change * remove disk allocatable evictions * Allow resource.Builder to modify requests per client * Allow constructing spdy executor from existing transports * use SecretObject to reference iSCSI CHAP secret * generated files * Fix potential unexpected object mutation that can lead to data races * fix cadvisor.New signature for cross build * Adding etcd upgrade to kubeadm upgrade apply * Add ExtendedResourceToleration admission controller. * Rename GenericAdmissionWebhook to ValidatingAdmissionWebhook * fix fakeIPSet ut error * [advanced audit]add a policy wide omitStage * run hack/update-all.sh * address review comments * Fix panic when assigning configmap UID of kubelet configuration. * Unstructured cleanups * Check if SleepDelay of AWS request is nil before sign. * fix bad return error text * KubeletConfiguration.BaseConfig.ClusterDNS defaults to the tenth address of MasterConfiguration.Networking.ServiceSubnet * Auto generated BUILD files. * Move GetDNSIP to a "higher level" pkg. * fix CreateVolume: search mode for Dedicated kind * search by accounttype in CreateVolume func * kubeadm: Fix a small bug in the self-hosting code * Re-engineer the kubeadm join logic. * Auto generated BUILD files. * kubeadm-improve-doc1 * Added a new scheduling queue based on priority queue. * Autogenerated files * Revert "refactor builder in kubectl factory" * Unify unstructured and versioned object in resource.Builder * Builder should allow moving between unstructured / versioned easily * Remove use of VersionedObject and simplify builder in generic methods * Apply set last applied should not need to fetch latest * Add a lazy discovery interface for Unstructured * Remove unstructured error checking from affected code * Unify Object and UnstructuredObject * All commands must declare Unstructured or Internal * rollingupdate should use explicit casting * Avoid wrong filling of glusterfs volume spec in ConstructVolumeSpec() * admission/webhook: move webhook initializer into plugin * apiserver: remove unneeded scheme from registry tester * include error message for volumeManager during attach and mount * update comment that are out of date * Improve kubeadm apply error logging style * Add Amazon NLB support * Add aws elbv2 to vendor * #55183 follow up: Reinstate admission chain composition and ns test * admission: make metrics compositional and move to metrics sub-package * Add condition "len(cfg.DiscoveryToken) != 0" to ValidateArgSelection. * Regenerate API server serving certificates when upgrading. * Adds the statefulset.kubernetes.io/pod-name label allowing users to attach a Service to an individual Pod. * Azure load balancer general improvement * fix documents, and correct typo * rename azure interfaces to conform with golang convention * code-review- add logs and comments (#11) * naming, comment, typo correction * address more code review comments * fix azure bazel BUILD * for error case, return nil for SG * fix fake name convention * refactor fake Delete function * add azure_fakes.go Boilerplate header * make newFake* functions unexported * clean up retry logic, since we try at least once * assign random ip instead of hard code * add test for flipServiceInternalAnnotation * Option to consolidate Azure NSG rules for services (#13) * correct doc for reconcileSecurityGroup * fix rebase test error * Update CHANGELOG-1.8.md for v1.8.4. * BlockVolumesSupport: CRI, VolumeManager and OperationExecutor changes * generated code for Volumemanager change * apiextensions: fix object keys in fuzzer to exclude escape characters * consolidate printer OutputOpts w PrintOpts * pass printOpts by pointer * VolumeMode binding logic update * Update debian-hyperkube-base to 0.7 * Merging handler into manager API * Block volumes Support: FC plugin update * generated code for FC plugin change * Add 'None' option to DNSPolicy and define DNSConfig field in Pod API * support openapi in strategic merge patch * rbac bootstrap policy: add selfsubjectrulesreviews to basic-user * Update the validating webhook plugin to be a ValidatingInterface, rather than a MutatingInterface * convert testScaledRolloutDeployment e2e test to integration test * Add validation check for PodDNSConfig and 'None' DNSPolicy * Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior. * Suppress warning when a pod in binding cannot be expired * Autogenerated codes for Custom Pod DNS API * Support Custom Pod DNS in kubelet, gated by feature gate * Add Pod-level local ephemeral storage metric in Summary API * Add constants in CRI. * Add fluentd support. * Add kubeletconfig round trip test * Add service.UID into security group name * Changes nvidia-gpu device plugin addon config settings: - Runs as system critical pod - Makes resource limits to match its resource requets - Modifies test/e2e/scheduling/nvidia-gpus.go to cope with the recent change of running the device plugin as a system addon. - The resource settings of the addon is based on the test results from 8 nvidia-tesla-k80 gpus. * Add EnsureOldSecurityGroupDeleted to delete old security group * Block Volume: cmdline printer update * pass listener to genericapiserver * Use GetVersion() API instead of ver command * complish feature gate dependency in kubeadm * Addition of bootstrap checkpointing * Don't call BeforeEach() again in ingress suite * Update generated and dep addition of safefile * Fix panic when AlphaFeatureGate isn't configured for gce. * Import gophercloud package first * Add logic to account for pods nominated to run on nodes, but are not running yet. Add tests for the new logic. * fixup! Add logic to account for pods nominated to run on nodes, but are not running yet. Add tests for the new logic. * Autogenerated files * add cleanup-ipvs flag * Add initial VMType (via vmType param) in azure cloud provider * Add utils for vmss typed instances * Support getting instanceID, type and IP for vmss instances * Add fake clients and unit tests * Extends deviceplugin to gracefully handle full device plugin lifecycle. - Instead of using cm.capacity field to communicate device plugin resource capacity, this PR changes to use an explicit cm.GetDevicePluginResourceCapacity() function that returns device plugin resource capacity as well as any inactive device plugin resource. Kubelet syncNodeStatus call this function during its periodic run to update node status capacity and allocatable. After this call, device plugin can remove the inactive device plugin resource from its allDevices field as the update is already pushed to API server. - Extends device plugin checkpoint data to record registered resources so that we can finish resource removing even upon kubelet restarts. - Passes sourcesReady from kubelet to device plugin to avoid removing inactive pods during grace period of kubelet restart. * Extends gpu_device_plugin e2e_node test to verify that scheduled pods can continue to run even after device plugin deletion and kubelet restarts. * fix storageclass unit tests * implement cinder resize * kubeadm-bootstrap * generated files * Implement individual control for kubeadm preflight checks * allow ELB HC configuration via Service annotations * Add environment variable to enable support for new Stackdriver resource model * add versioned webhook admission config * Graduate admission API to v1beta1; graduate webhook related admissionregistration API to v1beta1 * take disk requests into account during evictions * support openapi in apply * update godep * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * Enable cpu manager only if the test is not skipped. - Also, if KubeReserved is nil, allocate a map. * findSecurityRule returns true when it matches most of characteristics. * fixing issue of feature gate not being turned off properly * generated * make admission config scheme configurable * update coredns manifest * comment on findSecurityRule and fmt * change storage, registry, discovery version for admissionregistration * remove reference to v1alpha1 * fix hack/local-cluster-up.sh * manual fix required to run hack/update-all.sh * update-all generated * Adds device plugin registration count metric and allocation latency metric. * make client-gen behave correctly when there is no types in a group that needs client. * oidc auth: fix prefix flag plumbing * Kubelet flags take precedence over config from files/ConfigMaps * CSI - API source code implementation * CSI - Generated source code * CSI - GoDeps dependency updates * Do not add new field in fluentd CRI log format. * change DefaultGarbageCollectionPolicy to DeleteDependents for workload controllers * Fix incorrect localhost seccomp profile path * Verify seccomp absolute path in dockershim * Update bazel and remove unused data files * Refactor PV selection into a common call for scheduler and PV controller * Refactor bindVolumeToClaim() into 1) forming new PV object 2) making API and cache update * Expose single annotation/label via downward API * fixes issue 56041 * Revert "Kubelet flags take precedence over config from files/ConfigMaps" * In findMatchingVolumes: - Delay binding until Pod is scheduled - Check for PV node affinity and access modes - Exclude volumes from being matching * Add assume cache for PVs * Cache for pod bindings * Library for scheduler volume binding * fix controlplane unit tests * Auto generated BUILD files. * Address review comments. * Make expired cert check more clear. * Add unit test case for new funcs * Scheduler volume cache plumbing and predicate invalidation * Add predicate to find volume matches * Add assume/bind volume functions to scheduler * update build files * Add import restriction * Add scheduler and pv controller integration test * Local e2e tests * Add note to feature gate * install ipset in debian-iptables docker image and bump tag to v10 * Auto generated BUILD files. * Write marshalled kubeletconfig object to init-config-dir * Refactoring writing kubeletconfig. * Fix deadlock of writing file on node. * Support VolumeV3 for OpenStack cloud Provider * Extend apiserver testserver such that in can be used in integration tests abstract out etcd server creation test/integration/framework: cleanup master_utils.go kube-apiserver: move StartTestServer tests into test/integration/master Fix the failing scale test kube-apiserver's TestServer now returns a struct instead of individual values * Update gophercloud for supporting OpenStack Cinder v3 * Restructure cmd/kubeadm/OWNERS * Fix long even handler in cloud cidr allocator * Fix setting resources in fluentd-gcp plugin * Support ceph rbd resize * fix fmt wording error * Adding etcd version for kubeadm upgrade plan * Dump last curl output if cluster fails to come up. * Bump Heapster version to v1.5.0-beta.2 * require webhook admission kubeconfigfile to be absolute * Should make dir before writing file. * Add deployment for Stackdriver Metadata Agent with version and resource requirement controlled by env variable * kubeadm: add `--print-join-command` flag for token create. * log errors while trying to GC resources * support upgrade plan for coredns * udpate cadvisor dependency to v0.28.2 * move the MutatingAdmissionWebhook to the last in the mutating amdission plugin chain. * Add pod-level metric for CPU and memory stats * Install kmod instead of module-init-tools in iptables image * Add PDB support during pod preemption * Autogenerated files * Add owners for podsecuritypolicy package * allow exceptions to be specified to handle conflicting group and resourc enames * Add new Events API group * generated * Create a separate conversion function for the field labels used by downward API * Optimize PSP authorization * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * Allow node to update PVC's status * Add Feature tag to CPU Manager node e2e test. * Rename tree state from 'git archive' to 'archive' * Use git archive to produce kubernetes-src.tar.gz when possible * Migrate CIDR allocators to shared node informer * Implement file system resizing support on kubelet start * clear resourceversion for migrated cluster roles * Implement resizing support for GCE * Enable PersistentVolumeClaimResize admission plugin in default cluster settings * Update CHANGELOG-1.6.md for v1.6.13. * Fixing etcd version for 1.10.X kubernetes * Fix NewProxyServer * Validate key subscript for metadata.annotations and metadata.labels separately * Implement disk resizing for AWS * Update kubeadm config for setting kube-proxy bind address * Integrating cadvisor stats to CRI Pod stats collection * Modifying cri stats test cases * support flexvlome in psp * generated * Bump CPU requirements of L7 LB controller. * Added PVC Finalizing Controller feature switch. * PVC Being Deleted Checks in kubelet * Admission Controller PVC Finalizer Plugin * Added PVC Protection Controller * Add policy for the PVC Protection Controller * kubeadm: rename flag to --ignore-preflight-errors * AWS: Implement fix for detaching volume from stopped instances * Use PATCHs instead of PUTs in CIDR allocator * Allow healthchecks to be skipped with --ignore-checks-errors too * Only check Readiness of masters, not every node * Remove SupportIPVSProxyMode feature gate in kubeadm. * Auto generated BUILD files. * Update NetworkUnavailable condition in ipam controller * Fix panic in GCE loadbalancer library * Add validation of kubelet configuration in kubeadm. * Auto generated BUILD files. * Only set defaults when DynamicKubeletConfig feature gate is on. * Enable kube-proxy validation in kubeadm validation. * Run the kubeletconfig defaulter in kubeadm defaults * Wait for controllerrevision informer to sync on statefulset controller startup * fix bad return Error * add kube config file of kube-proxy to kube-proxy config map * Use full gopath for externalTypes * Use full gopath for externalTypes of missing API groups. * Update CHANGELOG-1.7.md for v1.7.11. * Reduce memory footprint of admission metrics * Unmute curl when fetching cfssl. * Requeue failed updates for retry in CIDR allocator * Move audit logs e2e to the default test suite. * Include ServerName in tls transport cache key * Mark v1beta1 NetworkPolicy types as deprecated * Fix TestAggregatedAPIServer setup * Add [sig-node] to some unowned e2e_node tests * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * Implement resource limit priority function. This function checks if the input pod's resource limits are satisfied by the input node's allocatable resources or not. If yes, the node is assigned a score of 1, otherwise the node's score is not changed. * Fix AppArmor upgrade test * LBaaS v1 is no longer supported * Set bs-version to auto for tests * Skip TestRoutes if extension or router-id is missing * certs: add month buckets * Allow volume test to run outside an actual OpenStack VM * Fix GC sync race condition * Ensure sync failures are correctly retried * Find a server name and router id to test TestRoutes * Add more GC sync logging * Add a GC deadlock note * Code Generator: Link back to examples and articles * Support autoprobing floating-network-id for openstack cloud provider * Document CustomPodDNS feature gates for DNSConfig and None dnsPolicy * Update gophercloud networking for autoprobing external network * Add generated files * Fix typo in component name of prometheus-to-sd config. * Add checking HPA_USE_REST_CLIENTS in addition to ENABLE_METRICS_SERVER when disabling REST clients use for HPA * Allow choosing min CPU architecture for master VM on gce * Remove gke from expected providers of audit e2e test. * Return original error instead of negotiation one * e2e: eviction test redirect dd stderr * Update Dashboard add-on to version 1.8.0 * add-on fluentd-elasticsearch: Add missing fluentd-es-ds selector * Do not fake /bin/bash, just use the real bash * Configure metadata concealment iptables rules in node startup. * Make sure node is ready before calling getLocalNode to fix test failure. * mock container networking and fix filtering bug * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * Revert "Merge pull request #55336 from oracle/for/upstream/master/53462" * Updates Kube-proxy validators to allow Windows 'kernelspace' mode. * Fix Content negotiation incorrect when Accept header uses type parameters * Fix --min-cpu-platform argument to gcloud in kube-up * Allow config and ignore-preflight to be specified together * Add brackets around IPv6 kube-dns liveness probe addrs * Fix configuration of Metadata Agent daemon set * kubelet: MustRunAsNonRoot should reject a pod if it has non-numeric USER. * Generated code NP v1beta1 * Remove conditions from PVC after successful resize * Do not resize file system on a read-only mount * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * update build/root/WORKSPACE and cluster/images/hyperkube/Makefile for the new tag * nvidia-gpu-device-plugin daemonset should tolerate nvidia.com/gpu taint. * Create volumeMount and hostPath for cloud config file * Add wildcard tolerations to kube-proxy. * kubeadm etcd modifying recover steps * Makes modes OS-specific (+ fixes tests). * bump kubectl version to 1.8.4 * Return no volume match if prebound PV node affinity doesn't match node * kubeadm: Use the v1.9 branch by default * declare ipvs proxier beta * Make audit batch webhook backend configurable * AWS: Support for mounting nvme volumes * Update CHANGELOG-1.9.md for v1.9.0-beta.1. * Add/Update CHANGELOG-1.9.md for v1.9.0-beta.1. * Update nvidia-gpu-device-plugin addon. * remove time waiting after create storage account * Fix static IP issue for Azure internal LB * kube-apiserver: enable admission registration v1beta by default * fix inter-pod anti-affinity issue * admission: do not require v1alph1 for v1beta1 * Cluster Autoscaler 1.1.0-beta1 * Fix for the network partition tests (and cluster autoscaling too potentially) * build patch from openapi only for registered types * kubeadm: Fix a couple of upgrade/downgrade-related bugs * Restore CHANGELOG.md * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * delete a node from its cache if it gets node not found error * VolumeHost.GetNodeName method added for CSI fix * CSI - feature gate fix, gated RBAC rules, csi nodeID label * Fix PV counter predicate in eclass * Add pvc as part of equivalence hash * Update generated bazel * CSI - Fix so VolumeAttachment.Spec.Attacher use driverName * CSI - Extract volume attributes from PV annotations" * Enable SD custom metric autoscaling e2e on GKE * Revert "Fix for the network partition tests" * Add DisabledForLargeClusters tag to audit tests. * Disable GCE target * cloud-provider needs cluster-role to apply taint to the node * coredns 1.0.0 * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * fake docker client can remove containers which have not been started * add yaml-quote for GCE_GLBC_IMAGE * Separates validation per-runtime. * Override recycler pod image in GCE * Re-uses device plugin resources allocated to init containers. Implements option 2 mentioned in https://github.com/kubernetes/kubernetes/issues/56022#issuecomment-348286184 * fix gce.conf multi-value parameter processing * add apps/v1beta2 deprecation comments * Autogen * Make audit webhook backend configurable in startup scripts * Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec * make requirements less precise for disk eviction test * fix test * release-1.9: Run hack/update-generated-docs.sh * Check both name and ports for azure health probes * Modify 'restore-from-backup.sh' to work in multinode etcd cluster. * Bump Heapster version to v1.5.0-beta.3 * Update CHANGELOG-1.8.md for v1.8.5. * Update CHANGELOG-1.9.md for v1.9.0-beta.2. * Add/Update CHANGELOG-1.9.md for v1.9.0-beta.2. * Update cadvisor godeps to v0.28.3 * Cluster Autoscaler 1.1.0 * CSI - Multiple bug fixes for NodeProbe, vol data file, mount dir create * fix bug in container lifecycle event generation * BUmped Heapster to v1.5.0 * kubeadm: Don't downgrade etcd on cluster downgrade * Doc updates for 1.9 * kubelet should use the value of the cri container runtime endpoint from cadvisor * Mark Flexvolume as GA * Update nvidia-gpu-device-plugin addon. * gce/upgrade.sh: Prompt if etcd version is unspecified. * gce: split legacy kubelet node role binding and bootstrapper role binding * Switch to k8s-1.9 branch of the installer in release-1.9 branch of kubernetes * Kubernetes version v1.9.1-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.0. * enable flexvolume on Windows * return error when create azure share failed * change default azure file/dir mode to 0755 * fix accessmode mapping error * Use pod nanny configured with ComponentConfig in Heapster * Use pod nanny configured with ComponentConfig in Metrics Server * Process cluster-scoped owners correctly * Add --retry-connrefused to all curl invocations. * Reduce CPU and memory requests for Metrics Server Nanny * old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go * Fix problem accessing private docker registries * node_e2e: do not return error if Docker's check-config.sh fails * Fix session out issue while creating volume and error message coming up while attaching the volume * Fix issue #390 * Fixes issue#392. * Reduce CPU request of Dasboard addon * Fix a bug in validating node existence. * Update CoreDNS version and Corefile. * kubeadm: Only check for well-known files in preflight * Get automatically created subnetwork if none is specified * Ensure dependents are added to virtual node before attemptToDelete * Requeue unobserved nodes in attemptToDelete * Configurable liveness probe initial delays for etcd and kube-apiserver in GCE * Update boilerplate for 2018 * Add generated runtime and generated device plugin to update-all * Regenerate all generated code * COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming. * Add 'exec' in all saltbase manifests using '/bin/sh -c'. * update godep for etcd-client to 3.1.11 in 1.9 branch * Kubernetes version v1.9.2-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.9.md for v1.9.1. * Honor make variable OUT_DIR. * update etcd version to 3.1.11 in 1.9 branch * use /dev/disk/by-id instead of /dev/sd* for azure disk * prefer /dev/disk/azure/scsi1/ over by-id for azure disk * Support passing kube-scheduler policy config * Schedule Calico components even on tainted nodes * Update kube-dns to 1.14.8 * add remount logic if original mount path is invalid * add folder named custom in gce * Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup. * Use existing subnetwork of forwarding rule * Renews cached NodeInfo with new vSphere connection * Avoid error on closed pipe * Fix quota controller worker deadlock * Fix errors in Heapster deployment for google sink * Let mutating webhook defaults the object after applying the patch sent back by the webhook * The lbaas.opts.SubnetId should be set by subnet id. * Add cache for VirtualMachinesClient.Get in azure cloud provider * Remove exists return value from getVirtualMachine * Remove VirtualMachineClientGetWithRetry * Return actual error when backoff fails * Fix vm cache in concurrent case * Fix conflicts - Fix requirements to require docker-kubic instead of docker_1_12_6 since docker_1_12_6 has been renamed to docker-kubic - Update to version 1.8.7+b30876a5539f09684ff9fde266fda10b37738c9c: * Disable GCE target * Kubernetes version v1.8.6-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.8.md for v1.8.5. * kubelet falls back to parse generic version string if not semver * Fix PV counter predicate in eclass * move InitStorageAccount into azure disk provision func * remove initialize storage account pool process * Add cos as an alias for gci in the upgrade script * fix bug in container lifecycle event generation * remove time waiting after create storage account * Add pvc as part of equivalence hash * Update generated bazel * Check both name and ports for azure health probes * change default azure file/dir mode to 0755 * return error when create azure share failed * enable flexvolume on Windows * fix CreateVolume: search mode for Dedicated kind * search by accounttype in CreateVolume func * Temporary implementation of count metrics for PodSecurityPolicy * Add --retry-connrefused to all curl invocations. * Kubernetes version v1.8.7-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.8.md for v1.8.6. * Fix a bug in validating node existence. * Remove a file that isn't in the 1.8 branch * Get automatically created subnetwork if none is specified * Update boilerplate for 2018 * Add generated runtime and generated device plugin to update-all * Regenerate all generated code * Configurable liveness probe initial delays for etcd and kube-apiserver in GCE * Add 'exec' in all saltbase manifests using '/bin/sh -c'. * Rename tree state from 'git archive' to 'archive' * Use git archive to produce kubernetes-src.tar.gz when possible * Honor make variable OUT_DIR. * use /dev/disk/by-id instead of /dev/sd* for azure disk * prefer /dev/disk/azure/scsi1/ over by-id for azure disk * delete a node from its cache if it gets node not found error * add remount logic if original mount path is invalid * Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup. * Use existing subnetwork of forwarding rule * Avoid error on closed pipe - Update to version 1.8.5+cce11c6a185279d037023e02ac5249e14daa22bf: * Kubernetes version v1.8.5-beta.0 openapi-spec file updates * Set -w flag on all iptables calls during master startup * conversion-gen: check for nil pkg in getManualConversionFunctions * Add/Update CHANGELOG-1.8.md for v1.8.4. * Fix panic when AlphaFeatureGate isn't configured for gce. * Tolerate partial discovery in garbage collector * oidc auth: fix prefix flag plumbing * Use v0.0.0 gitVersion on branches in support of new .gitattributes solution. * kubeadm: Fix a small bug in the self-hosting code * Fix incorrect localhost seccomp profile path * Verify seccomp absolute path in dockershim * Update bazel and remove unused data files * add user-specified ns to --dry-run created obj * add tests * Fix setting resources in fluentd-gcp plugin * Fix panic in GCE loadbalancer library * support mount options in azure file * add vers mountoptions and fix comments * If mountPath is missing, prefix with root dir. * update API, remove validation. * Include ServerName in tls transport cache key * remove disk allocatable evictions * Fix TestAggregatedAPIServer setup * update cadvisor godeps to v0.27.3 * add Standard GRS, RAGRS support for azure disk * Fix typo in component name of prometheus-to-sd config. * Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior. * Initial changes for adding forward rules * Review updates * log errors while trying to GC resources * Wait for controllerrevision informer to sync on statefulset controller startup * adjust the expected output based kubectl verison * update comment that are out of date * [e2e] make sure to specify APIVersion in HPA tests * kubelet: MustRunAsNonRoot should reject a pod if it has non-numeric USER. * This was missed when I cherry picked the original CL back. Also fix the test startup script to match the GCE startup script. * Fix scheduler cache panic when updating pod conditions * Update Dashboard add-on to version 1.8.0 * certs: add month buckets * fix inter-pod anti-affinity issue * fix gce.conf multi-value parameter processing - After upgrade to Kubernetes v1.8.4 drop the patches: * kubectl-fix-duplicate-proto-error-bsc-1057277.patch * kubelet-support-btrfs-fixes-bsc-1042383.patch - Update to version 1.8.4+9befc2b8928a9426501d3bf62f72849d5cbcd5a3: * Add bind mount /etc/resolv.conf from host to containerized mounter * Enhance message in cluster-info dump * Change second StorageClass Column to provisioner Some provisioners have key-value pairs in parameters map which key is type, here TYPE in StorageClass columns may be confused * Re-enable federated ingress test that was disabled due to a federated service deletion bug. * Add ceph-common to hyperkube image * Return clusterErr rather than err * Add default=false to usage of kube-apiserver allow-privileged flag * Tune Cinder approvers * kubectl: 'apply view-last-applied' must not use printf(), as this will cause format codes in the YAML/JSON to be interpreted. * fix self link error of generic resources in describe command * Use variadic nature of *cobra.Command.AddCommand to add group of commands to a parent command * Remove duplicate error message output in hyperkube. * fix err message in namespace_policy * Adding option to set the federation api server port if nodeport is set * Add statefulset to the completion candidates of kubectl scale * Check uper limit of port and ensure 0 corresponds to random port * Add ownership for the future of scheduler_perf and kubemark * add test for kubectl create pdb * Ignore ErrNotFound when delete LB resources * Mark deprecated info in short description of deprecated commands. * Delete meaningless err check * Suggest user to use 'hack/install-etcd.sh' when running integration tests without etcd found. * add validate to not allow mix --config with other arguments * Delete unuse err check * volumes: SetNodeStatusUpdateNeeded on error * allow output patch string in edit command * removing unnecessary shallow copy see #46703 * Do not retunr svc in case of error. Rename apiServerNodePortPort. * Added logic to copy-to-staging to avoid copying if the same file already exists in gce * Add a feature gate for Debug Containers * Deleting ServiceReaper * add ContainerRuntimeVersion to `kubectl get nodes -o=wide` output * fix comment of isDir * Fix the typo in translations' README.md * Improve code coverage for pkg/printer * Removed mesos related labels. * Create output_dir if doesn't exist * Use t.Fatalf instead * fix some err message * Adds --insecure to cockroachdb client command * Add git branch to make build short hash unique * fix JSONPath parser will not filter strings containing parentheses * add more unit test * Add test case for namespace * add cmd test for kubectl auth can-i * [Federation][Kubefed] Support documentation for kubefed and its sub commands * [Federation][Kubefed] Add placeholders for generated docs * Fixed a comment typo * fix parse pairs * Fix const nameing in node/metrics * Improve error reporting when flex driver has failed to initialize. * Shorten issue template * Add OpenAPI README file * Fix print type of podname * Fixing style errors * Fix comments * extending DefaultExternalHost for any registred cloud provider see #46567 * controller-manager: fix horizontal-pod-autoscaler-use-rest-clients flag help info * Pipe in GCE master/node tags through flags for e2e test * deletePod handler in the deployment controller shouldn't set owner refs * Make firewall test get tag from config instead of instance and fix multi-zone issue * kuberuntime: cleanup TestGenerateContainerConfig * Add Validate() function for audit options * Delete reduandant err definition * controller: fix error message * Allow NetworkPolicy.spec updates * Remove unnecessary wrapper flags * Cleanup federation/cluster scripts from deprecated bringup method * Auto generated file * Fix a typo in deletion log of apiserver * Kubelet doesn't override addrs from Cloud provider * Fix restart action on juju kubernetes-master * Fix local isolation for pod requesting only overlay * Fix setting juju worker labels during deployment * Run cAdvisor on the same interface as kubelet * [trivial]fix function name in comment * Fix mismatched types Verbose and bool Fix invalid operation: mismatched types Verbose and bool * correct the script name for generating swagger doc * Updated comments for functions. * Change cephfs secret related logs level * owners: remove euank from sig-node-reviewers * Fix local isolation for pod requesting only scratch * scheduler/util: remove bad print format * Validate if service has duplicate targetPort * shows how to wire admission control in a sample api server. * Add IPv6 test cases to kube-proxy server test. * Using only the exit code to decide when to fall back on logs * AWS: Set CredentialsChainVerboseErrors * E2E:Delete unecessary check * Use a pointer to mark the nodeport port, if any. * delete unused return * Add timothysc to kubeadm reviewers * fix env flag * Moved md5 comand to a separate function and added comments * remove unneeded variable * Use reflect.DeepEqual to replace sliceEqual * Refactor slice intersection * Fix broken command in registry addon document * Moved gsutil_get_tar_md5 function before copy-to-staging function * Changes node e2e tests to use new Ubuntu image * Deprecate keep-terminated-pod-volumes * print non-existent key in configmap * fix-review * Only do string trim when it's necessary * AWS: Fix suspicious loop comparing permissions * deprecate created-by annotation for e2e test framework * rebase gophercloud to support HTTP status 300 in pagination, so listing Cinder v1/v2 API versions won't break * fix naming for testgrid * iSCSi plugin: Remove redundant nil check * Replace capacity with allocatable to calculate pod resource * Clean up Deployment overlap annotation code * Add rbac support to fluentd-elasticsearch * Create a kubectl alpha subcommand * Speed up attach/detach controller integration tests * fixed the logging of which conversions. * Speed up PV integration tests * storageclass ceph add imageformat parameter * Add `imageFeatures` parameter for RBD volume plugin, which is used to customize RBD image format 2 features. Update RBD docs in examples/persistent-volume-provisioning/README.md. * Only `layering` RBD image format 2 feature should be supported for now. * deprecate created-by annotation for pod drain * add owners for sh2ju * Don't bother with a mutable transformer for identity * Modify NewVolumeManager() function return value Since function NewVolumeManager() will always return vm and nil, we do not need the second return value, it will always be nil. * Output TYPE for getting service * use appsv1beta1 for statefulsets and controller history * Update admission control args * Small fix for number of pods and nodes in test function * Delete pre-commit hook * Fix typo in cross-repo link * es discovery support args apiserver-host and kubeconfig * add extra args validate * delete the for loops that done nothing * Use more meaningful and consistent variable names in glusterfs plugin. * Lower etcd compacted loglevel * Make different container runtimes constant * Get rid of 30s ResyncPeriod in endpoint controller * Add "alpha phase preflight" command * don't pass CRI error through to waiting state reason * Remove repeat type conversions * Also rename leftCapacity to leftAllocatable * Fix a typo * Add websocket protocol authentication method * Use websocket protocol authenticator in apiserver * Set default User-Agent on http probe * Remove redirect verb parsing * Insert Cynerva and Kjackal to approvers list * Run hack/verify-govet.sh as part of verify make target This commit ensures that: - go vet will be run as part of the make verify target - the vet make-rule script won't be run directly, as generated_files won't be run in that case - that go vet errors show up in the build log with a start time, finish time, and SUCCESS/FAILED message as part of the verify make rule script * dockershim: checkpoint HostNetwork property * Make fluentd log to stdio instead of a dedicated file * Add ApiEndpoint support to GCE config. * Remove e2e test for least requested prioirty function * support to build hyperkube image on ppc64le * Fix invalid filename in kubelet log * fix systemd service file for custom args. Signed-off-by: xuxinkun * remove dead code in rbac helper * Add type conversion judgment * split v1/register.go to regsiter.go and builder.go move api/v1 to k8s.io/api/v1 duplicate some global variables/functions in pkg/api/v1/builder.go, add todo to remove these * run pkg/api/v1/rewrite....sh, pkg/api/v1 (not including subdir) compile * run root-rewrite-v1-..., compile * let conversion-gen to choose localSchemeBuiler * revert before merge? remove a dependency from pkg/apis/componentconfig to clientset, probably we should fix it later. i removed the dependency to test if pkg/apis compile * Bump event-exporter version to reduce warnings noise * Don't revert, necessary change to make helpers to include k8s.io/api * unify register.go formats: networking/v1/register.go staging/src/k8s.io/kube-apiextensions-server/pkg/apis/apiextensions/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/metrics/v1alpha1 register.go * pkg/apis/move-external-types-for-apis.sh, k8s.io/api compiles * run pkg/apis/make-origin-dir-compile, pkg/apis compile * run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles * run fix-casttype.sh * manually fix unit tests in pkg/api/v1 * vendorless path for informer-gen * hack/lib/init.sh util.sh update-codegen.sh * manually fix protogen * manually remove pkg/client/listers/policy/v1alpha1 * some copy.sh changes * change hack/update-codecgen.sh * run hack/update-codegen.sh * run ./remove-original-proto.sh to remove the old proto * run root-rewrite-import-client-go-api-types * run hack/update-staging-client-go, somehow we copied listers/ * make all works. generated harmless covnersion/deepcoy chagnes * manually fix unit tests * manually fix hack/verify-staging-imports.sh * manually fix kubectl openapi unit test * manually fix openapi-gen * revert!! temporary change to hack/update-all.sh * run hack/update-all * revert hack/update-all to its original form * run update-staging-godeps.sh; the script asks user to manually commit changes for each repo * incluster config will be used when creating external shared informers. * Bump up npd version to v0.4.1 * Don't audit log tokens in TokenReviews * kubelet should resume csr bootstrap * update e2e for GCE ApiEndpoint support * include k8s.io/api in update-godep-staging.sh * generated Godeps.json * Remove limits from ip-masq-agent for now. ip-masq-agent when issuing an iptables-save will read any configured iptables on the node. This means that the ip-masq-agent's memory requirements would grow with the number of iptables (i.e. services) on the node. * enable docs and man page autogeneration for cloud-controller-manager * fix nits in kubelet server * [Federation] Convert the ReplicaSet controller to a sync controller. * update the err of hostPorts in psp * Update cadvisor to v0.26.1. * Move seccomp helper methods and tests to platform-specific files. * update openstack metadata-service url * Remove service on termination when exec 'kubectl run' command with flags "--rm" and "--expose" * fix CopyStrings and ShuffleStrings for slice when slice is nil * add level for print flags * fix comment mistake * OpenStack for cloud-controller-manager * Added helper funcs to schedulercache.Resource. * [trivial]fix function name in comment * Add client cert authentication for Azure cloud provider * Fix tests after rebasing * Add the pcks12 package to the build of Azure cloud provider * Fix test name * Fix dependencies order after rebase * Add more pdbs in autoscaling e2e * Bumped Heapster to v1.4.0-beta.0 * Add annotation constants to glusterfs plugin. * Use %q formatter for error messages from the AWS SDK. #47789 * Implement e2e test for Stackdriver event exporter * Removes alpha feature gate for affinity annotations. Beta fields should be used. * add compression to GET and LIST api requests * removed 'Storage' option from 'kubectl top' like options * detach getClusterNodes() func from provisioner method. * Display for clusterIP and port when service is ExternalName * Fix output extra comma * kubectl: rename Run() -> RunRun() to clarify purpose * kubectl: rewrite docstrings in several files * cmd: make createDeployment a private function * cmd: refactor common err expr into helper function * kubectl: simplify code with help of linter * kubectl: note a bug with a comment * kubectl: refactor addFromEnvFile, write tests * kubectl: fix inaccurate usage messages for --windows-line-endings * e2e: bump kubelet's resurce usage limit * Bump Cluster Autoscaler to 0.6.0-beta2 * make proto time precision match json * deprecate created-by annotation for cronjob * include object fieldpath in event key * [Federation] Account for caching in kubectl * Strip versions from known api groups in audit policy * Enable vmodule support for all components * Fixed Monitoring e2e test * openapi: Fetch protobuf rather than Json * Save docker image tarfiles in _output/release-images/$arch/. * [esipp-e2e] Change service port to avoid collision * Use a different env var to enable the ip-masq-agent addon. We shouldn't mix setting the non-masq-cidr with enabling the addon. * Move e2e fromManifest funcs to manifest package * Pipe clusterID into gce_loadbalancer_external.go * Update e2e tests to pipe in clusterID for gce resource cleanup * Encodes ReportPrefix into the generated metrics file names * Adds IPv6 test cases * Remove e2e test that checked scheduler priority function for ReplicationController spreading * Do not set CNI on a private master when enabling network policy. * Extending timeout waiting for delete node to become ready before the test ends * [Federation]Fix forgeting to close file * Plumb preferred version to nested object encoder * [Federation]Remove duplicate constants * Fix kubectl api-versions caching * Bump e2e mounttest image version to 0.8 * kubeadm: Remove the validate phase as it's not needed nor used * kubeadm: Cleanup version gates for the Node Authorizer when targeting v1.8 * Update CHANGELOG.md for v1.7.0-rc.1. * Remove stubs from docs/ * [Federation][Kubefed] Address review comment * Checked whether balanced Pods were created. * Move the workload e2e tests to it's own package * apiextensions-apiserver: fix build * revert 45764 * Reflect kubeadm-specific kubelet changes in the bazel debs * Update kube-dns to 1.14.4 * Multi Arch test images * modify the meassage in kubectl secret command when the envFile path is not an file path * godoc update for scheduler predicates. * kubeadm: Make kube-proxy RollingUpgradeable * Port some more images * kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns * Add a failsafe for etcd not returning a connection string * Add err judgment * Retry service syncs with exponential backoff in endpoints-controller * Remove old node role label that is not used by kubeadm * IPv6 support for getting node IP * Move LoadPodFromFile to volume utils * Fix lint errors * Revert "Decrese fluentd cpu request" * Add e2e for cluster-autoscaler scale-up from 0 * Bump Cluster Autoscaler to 0.6.0 * Move more printers to TablePrinter * add options enable tokencleaner,bootstrapsigner controller * Fix error in local-cluster-up * Retry finding RBAC version if not found in discovery cache * garbage collector controller propagates DeletePropagationForeground policy if the object doesn't already have finalizers. * prioritize messages for long steps * Move iptables logging in kubeproxy from Errorf to V(2).Infof * cmd/create_deployment: refactor & test long function * cmd/run: use util function to deduplicate logic * Enables memcg notification in cluster/node e2e tests * Make big clusters work again after introduction of subnets * Fix test commands in cluster/gce/util.sh * Skip Deployment upgrade test on 1.5 and earlier. * Add priority to Kubernetes API * Make doc generation on cherry-picks optional * bazel: update rules_docker and use official busybox base image * s/count/total/ in audit prometheus metrics * Autogenerated files * Update CR example in client-go * Formatted Dockerfile to be cleaner and precise * Move DaemonSet to table printer * Ensures node becomes schedulable at the end of tests that delete nodes * Update docs for user-guide * Allocate clusterIP when change service type from ExternalName to ClusterIP * Modify e2e tests for service type update. * modify some mistake * Add Pod UID (metadata.uid) to downward API env var * Use endpoints informer for the endpoint controller * Improve security of Juju deployed clusters * Set cluster-autoscaler node balancing flag * Fix typo in cluster-autoscaler config * Fix ebtables_test.go to actually get run, and to pass * Fix the names of some iptables tests * Fix fluentd-gcp configuration to facilitate JSON parsing * Fix typo * Support IPv6 in kubenet_linux.go * Adding a retry to the master version checking * openapi: Read Accept-Content to send gzip if needed * Add NYTimes/gziphandler dependency * Bump GCE ContainerVM to container-vm-v20170627 * kubectl/cmd: many small refactors * Add unit test case for initClusterIP and updateNodePort * Kubelet: Centralize Capacity discovery of standard resources in Container manager. Have storage derive node capacity from container manager. Move certain cAdvisor interfaces to the cAdvisor package in the process. * Validate --storage-backend type. * Follow up for https://github.com/kubernetes/kubernetes/pull/47003 * Populate endpoints and allow ports with headless service * Disable anonymous-auth * Add generic NoSchedule toleration to fluentd in gcp config as a quick-fix for #44445 * Fix kube-proxy panic when running with "--cleanup-iptables=true" * add volumes test * Fix minor bug in autoscaler e2e cleanup * kubeadm: Start using Tolerations in yaml code again * Fix bug cluster-subnet logic * Move go build to image-utils * Bumped Heapster to v1.4.0 * Add OWNERS file to kubelet gpu package * Use multiple clients in the density test * Add retry to RC creation in autoscaler e2e * Log the OS images used during cluster creation * Fix Unstructured field accessor * Add traceroute logging on connection failure * Allow creating special node for heapster in GCE * Allow log-dumping only N randomly-chosen nodes in the cluster * Log get PVC/PV errors in MaxPD predicate only at high verbosity * Add Google cloudkms dependency * Add KUBE_GCE_API_ENDPOINT for GCE API endpoint config. * Add Google cloudkms service to gce cloud provider * [Federation] Convert the deployment controller to a sync controller. * Write output into the correct dir * Add node e2e tests for runAsUser * Implement GetCapacity in container_manager_unsupported * Used const variable in scheduler test. * remove unused codes in loadSystemLanguage * allow impersonate serviceaccount in cli * Set a Quobyte quota for newly created volumes * Partially revert "Do not fire InsufficientResourceError when there are intentional reasons." * fix #45780 slightly differently * support NoExecute and NoSchedule taints correctly in DaemonSet controller * Update addon-resizer version * Fix removing finalizer for garbage collector * remove useless argument "name" * Update Quobyte API repo * Make the Quota creation optional * Update comment for garbagecollector * Fix completions for --namespace to override flags * Rename function to follow other similar functions * Change KUBE_GCE_API_ENDPOINT to GCE_API_ENDPOINT * Add configuration for swift container name * Add unit test coverage for nvidiaGPUManager initialization * testing fixed hack/verify-gofmt.sh and hack/verify-flags-underscore.py * TestLoopbackHostPort should accept IPv6 loopback host * Do not fail on error when deleting ingress * add dockershim checkpoint node e2e test * eliminate kubectl dependency on k8s.io/kubernetes/pkg/util * move crlf to kubectl/util * Cleanup lint errors in the pkg/kubelet/server/... directory * Refactor unstructured converter * remove useless check from impersonation filter * Update CHANGELOG.md for v1.7.0. * pull the release notes from k8s.io/features/release-1.7/release-notes-draft.md * Remove duplicated line from ceph-secret-admin.yaml * Fix share name generation in azure file provisioner. * Fix broken mardown format in v1.7 CHANGELOG * Added scale-down-to-0 e2e for cluster autoscaler * HTTPExtender: shoud close resp.Body even when StatusCode not ok * remove redundant alias * Fix review comments - luxas, ixdy * don't accept delete tokens that are waiting to be reaped * Fix verify-golint * Fix issue with not waiting for nodes to be fully schedulable during test cleanup * Make cluster IP range an argument to ginkgo to fix firewall test * kubeadm: Remove some old comments * kubeadm: Remove old feature gates and unused functions * Fix deleting empty monitors * kubelet: remove unused bandwidth shaping teardown code * kubelet: remove NET_PLUGIN_CAPABILITY_SHAPING * Ensure get_password is accessing a file that exists. * Add bazel build file * Return a slightly more verbose error when "go get" fails. * allow heapster clusterrole to see deployments * set snat to false * meta.EachListItem should support runtime.Unstructured * Add testing manifests for (node upgrade) etcd test. * Add (node upgrade) etcd test. * move term to kubectl/util * Add local volume bug to known issues * update-bazel * Updated OWNERS_ALIASES for scheduler, and added scheduler integration test owners. * split util/slice * Added case on 'terminated-but-not-yet-deleted' for Admit. * Fix kubectl describe for controllerRef * Support completion for kubectl config delete-cluster * Provide a way to setup the limit NO files for rkt Pods * Add Cleanup section to apiextensions client-go * Checked container spec when killing container. * fix style of yaml and text * Group and order imported packages. * Updated comments of func in testapi. * GuaranteedUpdate must write if stored data is not canonical * Remove useless error * Use helper to init ClusterIP and NodePort in Create of service * Pass cluster name to Heapster with Stackdriver sink. * add validate for advanced audit policy * update events' ResponseStatus at Metadata level * Covert Stackdriver Logging load tests to soak tests * Non leaders should overwrite any local copies of keys they have with what the leader has. * Fix kubernetes charms not restarting services after snap upgrades * Fix: namespace-create have kubectl in path * remove tpr API access * allow a deletestrategy to opt-out of GC * make the panic handler first * Fix charms leaving services running after unit removal * configure kube-proxy to run with unset conntrack param when in lxc * Remove unused sub-pkgs in pkg/util * Fix lint errors of pkg/util/net/sets/ipnet.go * Use the azure certificate password when decoding the certificate * Fix 401/403 apiserver errors do not return 'Status' objects * "rbd: image xxx is locked by other nodes" is misleading * remove unused function and variable from audit backend * fix error type * kubeadm: Move app/master into a separate phase directory * kubeadm: Harmonize import names in the controlplane phase with all the other code * fix test selector * Fix secret/configmap/projected update tests to work for large clusters * Add ability to enable patch conversion detector * Introducing a cluster-scoped resource in the wardle.k8s.io group. The cluster scoped resource has a field that indicates Flunder.Names that are disallowed. The resource is going to be used by an admission plugin. The admission plugin will list the cluster-scope resources and check against banned names. * Removed dependencies to testapi. * Properly nest code blocks * recheck pod volumes before marking pod as processed * update test function calls * fix the pr number * Ensure namespace exists as part of RBAC reconciliation * Factored out simulate from nodeShouldRunDaemonPod. * Validated expected event numbers for damoncontroller test. * Add a new default printer handler for HumanReadable * Pods which exits and won't restart should not be in the Endpoints.NotReadyAddresses * schduler: fix validation test * Check if golint exists first in hack/verify-golint.sh * fix-review * Skip errors when unregistering juju kubernetes-workers * Launch kubemark with an existing Kubemark Master * Add a README to the pre-existing provdier * Move test-webserver from contrib/for-demos to kubernetes/test/images * Add a refreshing discovery client * bulk delete of tpr packages * Refactor cached discovery client * Update CHANGELOG.md for v1.6.7. * fix cross build for windows * [e2e-ingress] Get node tags from instance under GKE * Fix e2e_test.go * expose lock release error from iptables util * share iptables util client within kubenet * Move the kubelet certificate management code into a single package * Enable Service Affinity for OpenStack cloudprovider. * Cleanup useless metrics.go for garbagecollector * word spell error * eliminate kubectl dependency on kubelet * Fix Audit-ID header key * Fix a dead link in cluster/update-storage-objects.sh * Allows to use versions like 1.6.4 instead v1.6.4 * Add node-name flag to `join` phase * Fix invalid Content-Type for 403 error * Volunteer to help with OpenStack provider reviews * Add initial support for the Azure instance metadata service. * kubeadm: Make self-hosting work and split out to a phase * kubeadm self-hosting: unit tests and bazel * Update CockroachDB tag to v1.0.3 * Kubelet run() should accept partial KubeletDeps * Add prometheus plugin on fluentd image. * flush conntrack entry for udp service when # of backend changes from 0 to non-0 * refactor updateEndpointMap and updateServiceMap results * fix unit tests * Use network project id for firewall/route mgmt and zone listing * Use API that utilizes networkProjectId * follow our go code style: error->err * Remove shouldAssignNodePorts logic in initNodePort; add test cases. * update release notes for 1.7 * fix parse resource in setting selector * run must output message on container error * Use Secrets for files that self-hosted pods depend on * Fix ClusterIP leak flake and potential NodePort leak * Check opts of cloud config file * remove useless code * Fix subPath existence check to not follow symlink * Move metrics_grabbert to test/e2e * client-go: remove TPR example * IPv6 support for getting IP from default route * remove dead code * Fix Stackdriver Logging e2e soak tests * Changes for partial eviction flake * Warn if aws has no cluster id provided * proxy/userspace: honor listen IP address as host IP if given * examples/volumes/flexvolume/nfs: check for jq and simplify quoting. * Bump image version on makefile and DS. * fed: Remove flakey and redundant replicaset unit test * fed: Remove redundant replicaset e2e * fed: Remove redundant deployment e2e tests * godep-save.sh: add sanity checks * Make kube-proxy's MetricsBindAddress configurable via flag * Record 429 and timeout errors to prometheus * Unify generic proxy code in apimachinery * make externalAdmissionHookConfigurationManager distinguish API disabled error * proxy/userspace: suppress "LoadBalancerRR: Removing endpoints" message * Prepare to introduce websockets for exec and portforward * move leaderelection package to client-go * Move pkg/apimachinery/test to apimachinery * add test resource carp and change name * obvious fix * let scheduler use client-go's client when initilaizer leaderelection * update bazel * support json output for log backend of advanced audit * remove extra WriteHeader function * Run verify-godeps.sh fully if hack/ dir changes * Fix godep verify to use godep restore script * audit: fix deepcopy registration * apimachinery+apiserver: extract test types to work w/ deepcopy-gen * Update generated files * hack/OWNERS: add myself (sttts) * bump rules_docker to pickup performance improvements * fully implement kubeadm-phase-certs - stash * apimachinery: remove unneeded GetObjectKind() impls * Commit-1: Improved code coverage for equivalence cache. * revert workaround in PR 46246 as APIs have been consistent * use built-in path separator instead of hard coded * Update heketi vendor dependencies. * generated: bazel / godeps * Move SPDY specific code into its own package * Removed mesos as cloud provider from Kubernetes. * Workaround tcpv4-only-systems connect issue in test * amend the comment * Removed old mesos deps. * remove svg mime type extension * godep-save.sh: add verbosity * godep-save.sh: workaround broken vendor/github.com/docker/docker/project/CONTRIBUTING.md symlink * Use glog.*f when a format string is passed * add a regression test for Audit-ID http header * Fix function and type names in the comments * glusterfs: retry without auto_unmount only when it's not supported * Rackspace for cloud-controller-manager * Remove dead code for OpenStack provider * jsonpath filter: allow intermediate missing keys * Added pod evictors for new zone. * Bump event-exporter version * Setting default FlexVolume driver directory on COS images. * Adds statefulset replicated sql upgrade test. Relies on image code that lives elsewhere. * Name change: s/timstclair/tallclair/ * Allow missing NETWORK_PROJECT_ID env var * Begin polling for bootstrap cluster info immediately. * Fix issue when setting fileysystem capacity in container manager * dockershim: clean up unused security context code * Improve node restriction message * squash the commits into one * Workaround docker-wait freeze with 17.06.0 * Fix flaky test Test_Run_OneVolumeAttachAndDetachMultipleNodesWithReadWriteMany * controller: cleanup complete deployments only * Update labels.yaml * Add generated clients. modify codegen script to make modification easier and to allow it to work from the root of the sample server. * Fixes bind-mount teardown failure with non-mount point Local volumes * Use Container-optimzed OS images for node * Update NODE_OS_DISTRIBUTION from debian to gci * Leave the test jobs running on CVM after all. * Leave testing on CVM by default * Correctly filter terminated pods in kubectl * Helper methods dealing with ControllerRef * integration-tests: remove unneeded post hook wait workaround * kube-apiserver: make apiserver chain testable * kube-apiserver: add integration test with real Run() func * Removed mesos flags from known-flags.txt. * Improved code coverage for pkg/kubelet/types/pod_update * fix pdb validation bug on spec * Fix panic of DeleteRoute() * Move performance tests to test/e2e/scalability subdirectory * Implement kubectl describe * Add node-name flag to `init` phase * Enable logexporter mechanism to dump logs from k8s nodes to GCS directly * Update godeps. * Bazel files. * Add in build files. * Code updates for new SDK. * update bazel and godep after rebase. * Change fluentd-gcp monitoring to use metrics exposed by SD plugin * cmd/version: refactor to use the -Options pattern * mountpath should be absolute * maxinflight handler should let panicrecovery handler call NewLogged * Move kubectl e2e tests to their own directory and prefix the test names with [sig-cli] * Change the default kubeadm bootstrap token TTL to 24 hours. * Make storage e2e tests start with [sig-storage] instead of [k8s.io]. * Remove volume tags. * Change [Volume] tags to [sig-storage]. * Move empty_dir_wrapper.go into the storage directory. * scheduler e2e: make container name shorter * vSphere for cloud-controller-manager * Fix typo * Add test for kubectl resource filter. * kubeadm: Start to remove old envparams * support GCE alpha beta API override * pull compute alpha api client * fed: Replace NamespacedName for namespace sync compatibility * fed: Provide client config to adapter factory * fed: Move namespace propagation to the sync controller * Moving disruption controller e2es to workload/ * Add test image name to the OS image field of the perf metrics * Allow verify-sh to run in SILENT mode. * use overrided api endpoint in gce cloud provider * Add quick-verify make rule. * add [sig-apps] prefix to workload e2e tests * add [sig-apps] identifier to relevant upgrade tests * add testmain setup func to the integration framework * use testmain in integration tests * add make bazel-test-integration target * Changes for converting node to v1 in drain * Update CHANGELOG.md for v1.8.0-alpha.2. * Remove address getter from CreateAddress(Region and Global) * Delete reduandant * * Correct the comment in PSP examples. * Fixed cluster validation for multizonal clusters. * Add e2e test for readOnlyRootFilesystem containers * add more logs for debugging to autoscaling tests * remove error since err is always nil * use v1.ResourcePods instead of hard coding 'pods' * Added localPV e2e tests with two pods and refactored existing tests * Fix parsing empty CIDR * Fix the order of deletion * Set default snap channel on charms to 1.7 stable * Add current members of autoscaling teams to autoscaling tests OWNERS * Added `CriticalAddonsOnly` toleration for npd. * Revert "Merge pull request #48560 from nicksardo/gce-network-project" * fed: Enable the namespace controller in integration tests * remove some people from OWNERS so they don't get reviews anymore * Do not persist SelfLink into etcd storage * Fix issues for local storage allocatable feature * Add cos-beta-60-9592-52-0 to benchmark tests * Add known GCE issue for 1.7.0 * Support IPv6 addresses for getListener() * Updates Docker Engine API * update verify-staging-imports.sh * client-go: add canonical import comment * replace hardcoded use of "kubectl" in apply warning msg * move sig-apps upgrade tests to its directory * fix gce cloud provider projects api * azure: msi: add managed identity field, logic * azure: refactor azure.go to make auth reusable * azure: acr docker cred provider reuses auth * add pkg/credentailprovider/azure to hack/.linted_packages * Update dependencies * Log error when fail to execute command in with-retry() * Import kubectl tests in e2e_test.go so they start running. * add approvers to pkg/controller/garbagecollector * kubeadm: fix broken `kubeadm init --config` flag. * remove apimachinery's dependency on k8s.io/api * Correcting two spelling mistakes Reustable->Reusable adversly->adversely * Update CHANGELOG.md for v1.7.1. * Add Azure managed disk support * Adopt debian-base as baseimage * remove duplicated word file in error * Use go-ansiterm version matching docker/pkg/term/windows v1.11 * Remove max-pods density test * Fix typo in ExecCommandParam * Log error when failed to renew lease. * add redirect notice in all readme files * kubeadm: add a warning about the default token TTL changing in 1.8 * Supports customized system spec in the node conformance test and creates the GKE system spec * Fix comments and typo in the error message. * use port configuration * [Federation] Handle federation up timeouts * Use local PX endpoint for mount, unmount, detach and attach calls * Fix logging levels in Portworx volume driver and add doc for getPortworxDriver function * Add more detailed comment for localOnly flag in getPortworxDriver function * no warning event on dns search deduplication * add fc volume attacher * Move api-machinery related e2e tests to a 'api-machinery' e2e test subdirectory. * Use $(location) to find generated output paths. * VirtualMachinesClient.Get backoff in lb pool logic * backing off az.getIPForMachine in az.NodeAddresses * Revert "Use go-ansiterm version matching docker/pkg/term/windows v1.11" * Fix compilation failure in dockershim for windows * Added logging to AWS api calls. #46969 * Mark sig-scheduling tests with [sig-scheduling] so they can be selected for the testdash dashboard. * Allow setting service account with kubectl run * Never prevent deletion of resources as part of namespace lifecycle * Fix tls config copy in dial test * do not close os.Stdin manually * Further removal of Gets from Creates * Renamed nodeutil to v1node. * Sig-instrumentation e2e tests refactoring * Remove use of (Label|Field)SelectorParam * Remove "special" restclient parameters * Remove Kube specific api constructs from restclient * log node-problem-detector * github.com/stretchr/testify - main desired update. Old version has bugs. * Explicitly set --cluster-ip-range --clean-start --minStartupPods * Move seccomp from anntations to security context * Run hack/update-generated-runtime.sh * fix sort-by output problem * Use const value maxPriority instead of immediate value 10 * hpa: Prevent scaling below MinReplicas if desiredReplicas is zero * Add test for kube-proxy running with "--cleanup-iptables=true" * forget pod first after bind failed * Fix condition in autoscaler e2e * PV controller: resync informers manually * kubeadm: Remove the old KubernetesDir envparam * Reduce SD Logging soak test duration & fix problem with multiple nodes * Group every two services into one in load test * Update yaml and json with multi arch test images * Create 64-core masters for huge clusters * Added comments on not set node network/inode condition to unknown. * iptables_test should not run on OSX or Windows * minor adjustments in the sample apiserver around resource creation. * prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm * Sanitize test names before using them as namespaces * Fix if condition in cluster/log-dump/log-dump.sh * check for negative index values * kubeadm: Make kube-proxy tolerate the uninitialized cloud taint * Export BaseControllerRefManager * Update some tests to fall back to InternalIP if ExternalIP isn't set * Make sure that image tags contain only allowed characters. * cluster/gke: If NODE_INSTANCE_GROUP is set, don't execute any bash * Invert .linted_packages into .golint_failures. * Scripted migration from clientset_generated to client-go. * Manual changes. * Migrate api.Scheme to scheme.Scheme * Migrate api.Registry to testapi.Groups in tests. * manual changes * import all types for controller manager * update-bazel.sh * bootstrap token auth: don't accept deleted tokens * api types: fix protobuf names that are different from JSON name * generated * Add cos-beta-60-9592-52-0 to the benchmark tests * Test Ubuntu image using GKE image spec * Always use gcr.io/google_containers for side-loaded Docker images * Improve the warning message if the rbd command is not found. * correcting spell mistake * fix NamespaceLifecycle admission * adding validations on kube-apiserver audit log options * Make "kubectl version" json output more readable. * Shared Informer Run blocks until all goroutines finish * Improve Start functions * Refactor Start functions into an object * use https to check healthz in hack/local-up-cluster.sh * cleanup the conversion of ObjectReference * OpenAPI bug: Array/Map Ptr Elements' handing was incorrect * bump(k8s.io/gengo): 712a17394a0980fabbcf3d968972e185d80c0fa4 * update golang version to go1.8 * Refactor: pkg/util into sub-pkgs * deepcopy: add interface deepcopy funcs * deepcopy: misc fixes for static deepcopy compilation * deepcopy: run deepcopy-gen in client-go * staging/copy.sh: don't strip tags anymore with k8s.io/api * Update generated code * Add customresourcedefinition and its shortcut in "kubectl get" * kubeadm: Split out markmaster to its own phase * k8s.io/metrics: restrict k8s.io/metrics imports * update-staging-godeps: do not exclude k8s.io/metrics * Cleanup usage of cmd/kubeadm/app/images in addons * Added delaying deliverer to retry ensureDNSRecords * Auto generated files * add InstanceID to fake cadvisor (used in Kubemark) * Fix health check node port test flake * Make sure the previous symlink file is deleted before trying to create a new one. * Add approvers to owners file for hpa * Fix findmnt parsing in containerized kubelet * Remove affinity annotations leftover * Restore cAdvisor prometheus metrics to the main port * Add extra logging to azure API calls * This patch add new storage class parameter called `volumeoptions` which can be used to set various volume options. for eg# if you want to enable encryption on volumes, the values like `client.ssl on`, `server.ssl on`..etc can be passed to `volumeoptions` parameter in storageclass. * [Federation] Make arguments to scheduling type adapter methods generic * gce: don't add kubelet bearer token to known tokens * Update factory.go informers to update equivalence cache * Protect against nil panic in apply * Update generated bazel * Tolerate a missing MasterName (for GKE) * add svc and netpol to discovery * expose RegisterAllAdmissionPlugins so that admission chains can be built reused * Move GPU e2e tests under owning SIG. * add a union category expander * make sure that the template param is the right type before using it * Modify podpreset lister to use correct namespace * expose method to allow externally setting defaults on an external type * Flag support in kubectl plugins * Add utility function to install go package at a particular commit * Switch from gazel to kazel, and move kazelcfg into build/root * update cli owner * kubectl/deployment: add BaseDeploymentGenerator to reduce duplication * move admission/v1alpha1 to k8s.io/api * Move pkg/api/v1/ref -> client-go/tools/reference * IPv6 support for ChooseHostInterface (part 3 of 3) * Pass logexporter config through e2e framework * aggr: don't write empty CA files * generated * azure: acr: support auth to preview ACR w/ MSI+AAD * gce: make some global variables local * *: remove --insecure-allow-any-token option * gce: don't print every file in mounter to stdout * Add PriorityClass API * addressed reviewer comments * autogenerated files * volume i/o tests for storage plugins * Add AzureFile,Flex,Flocker volume source to describe printer. * Added golint check for pkg/kubelet. * # This is a combination of 2 commits. # The first commit's message is: * Build files generated * Add seccomp profile in sandbox security context * Set default CIDR to /16 * Fix the Azure file to work within different cloud environments * Add the azure cloud provider dependency to azure file plugin * Fall back on Azure public cloud endpoint when no Azure cloud provider is found * Fix comment to conform to golint * Restrict the dir and file permissions of the mounted volume * Add tests for other cloud providers * Add the fake cloud provider to azure file build * Remove unused import after rebase * Remove clientset from azure file test build * Support "fstype" parameter in dynamically provisioned PVs * Rev Calico's Typha daemon to v0.2.3 in add-on deployment. * Allow to override build date * check for nil value in interface for proxier health * If the init fails for whatever reason, plugin is nil and cannot be used. * fix leader-elect-resource-lock's description * add test case for pdb printer * remove redundant param in e2e_node/remote * Fix too extensive logging in Stackdriver Logging e2e tests * Add more logging to PD node delete test * Bump rescheduler version to v0.3.1 * [Federation] Update to enable all apis in integration tests * [Federation] Update to enable all apis in e2e tests * Fix test * add some more deprecation warnings to cluster * fixit: break sig-cluster-lifecycle tests into subpackage * Restrict the visibility of two packages in pkg/client/ * test/OWNERS: add zmerlynn * tighten quota controller interface * Remove deprecated cluster/log-dump.sh * use informers for quota evaluation of core resources where possible * Fix up imds, also refactor for better testing. * Tolerate Flavor information for computing instance type * glbc: change the label of the l7-lb-controller pod * Refactoring taints to reduce sprawl * Build files generated * Respect KUBE_BUILD_PLATFORMS set by user * Check whether NODE_LOCAL_SSDS=0 and handle this case appropriately. * Remove hostname label condition in SchedulerPredicates * bump(github.com/coreos/go-oidc): a4973d9a4225417aecf5d450a9522f00c1f7130f * Updating staging Godeps * Update wordpress to 4.8.0 * Fix on-premises term in error string and comments * reenable garbage collector e2e tests * Move e2e dependent images from kubernetes/kubernetes.github.io repo * remove types.generated.go generated for internal API types * Move cmd/libs/go2idl/* to staging/src/k8s.io/kube-gen/cmd * Fixup go2idl references * Make staging hack/update-codec.sh scripts relocatable and kube independent * Update godeps * Can not set struct pointer directly to interface(kubelet panic) * fix the typo of Kubernetes Worker * [e2e] Also verify content returned by kube-proxy healthz server * remove duplicated bug-fix item * make default values as const vars * Simplify master-worker relation missing message * fix bug when azure cloud provider configuration file is not specified * bump(golang.org/x/sys): 7a4fde3fda8ef580a89dbae8138c26041be14299 * Remove myself from a bunch of places * Unify fuzzers and roundtrip tests * fix mutation in statefulset sync * fix typo * kubelet: remove code for handling old pod/containers paths. * Don't fail fast if LoadBalancer section is missing * Update status to show failing services. * Fix master disk size variable usage * Fix bug with sed in log-dump script * ParseEncryptionConfiguration: simplify code. * add e2e tests for bootstrap signer * add e2e for bootstrap token cleaner * add integration testing for bootstrap token auth * update-codecgen.sh: add staging dir support to tsort logic * allow exceptions to be specified to handle conflicting group and resourc enames * fuzzer: remove unreachable code * Add yujuhong to test/e2e_node/OWNERS * kubeadm: Make the hostPath volume mount code more secure * Make NodeRestriction admission allow evictions for bounded pods * Add new API version apps/v1beta2 * Don't enable apps/v1beta2 by default * Mark apps/v1beta2 as WIP in types.go * The `backup-volfile-servers` mount option allows to specify more than one server to be contacted in single mount command. With this option in place, it is not required to iterate over all the servers in the addrlist. A mount attempt with this option will fetch all the servers mentioned in the list, Reference # https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html/Administration_Guide/sect-Native_Client.html * update import * update godep * fix golint * Cleanup storage e2e test names by removing redundant [sig-storage] tags and [Volume] tags * Use custom port for node-problem-detector * Avoid looking up instance id until we need it * Enable RBAC by default in hack/local-up-cluster.sh * remove deprecated flags LowDiskSpaceThresholdMB and OutOfDiskTransitionFrequency * kubeadm: don't customize etcd selinux label * Use AppsV1beta1 instead of Apps clienset * Fix golint failures by skipping auto-generated codes * Mark apps/v1beta2 runtime Objects for code-gen * Autogen * Added utility functions for scheduler integration testing and cleaned up scheduler_test.go * Converted a couple of e2e priority tests to integration tests. * Deleted the converted e2e tests * update bazel * Addressed reviewer comments * update things * Do not allow vendored code to import staging code * Fix network/subnet url logic * Add project to pd delete node gcloud command * Bump up minNodesHealthCheckVersion in gce_healthcheck due to known issues * Fix issue in installing containerized mounter * Fix TODO: rename podInfraContainerID to podSandboxID * Move event type * Auto-calculate master disk and root disk sizes in GCE * Reduce hollow proxy mem/node * SetNewReplicaSetAnnotations() should compare revisions as numbers than strings * Add UT and upgrade this test suite with go sub-test * remove unused function * fix invalid issue link on api conversion * Review Comments * [trival] fix typo * add namespace for describe pdb * Explicitly use Core() client when creating eventClint * Do not try to restart services * switch from package syscall to x/sys/unix * Use Eventfd() from x/sys/unix * Fix: PV metric is not namespaced * Update CHANGELOG.md for v1.7.2. * Pass clientset's Interface to CreateScheduler. * Add client side event rate limiting * add cronjobs to all * Use specified ServerName in aggregator TLS validation * more robust stat handling from ceph df output * rate limiting should not affect system masters * Update cos-dev image in benchmark tests to cos-dev-61-9759-0-0 * copy OWNERS to k8s.io/api * [client-go] Add dynamic.Interface * fix race in proxy unit test * Update to version gate CRDs to 1.7 and greater * Fix unstructured marshaler to handle all JSON types * generate clientset, external listers, and external informers to client-go directly * fixed conflict resolution behavior while apply podpresets * remove external clientset, listers, informers from kubernetes * remove update-staging-client-go.sh. Note that client-go/pkg/version is copied from kubernetes * move clientset's import_known_versions.go to kube-controller-manager * update README.md * Fix duplication in scheduler. * rename pkg/api/v1/builder.go to register.go to be consistent with others * generated innocuous change * Fix controller crash because of nil volume spec * Change e2e-framework behavior to retry retriable API errors * Use absolute path when updating staging godeps * Move Godeps.json into correct path for metrics and kube-gen * Add Readme files to staging Godeps * Garbage collector e2e tests create deployments with unique labels, and unique podTemplate * squash the commits into one * Delete redundant err definition * Rename test dir to allude sig-apps ownership * Moves networking e2e tests to test/e2e/network * Do not spin forever if kubectl drain races with other removal * fix f.Errorf * fix para * Use a client interface instead of a concrete type * Add node e2e tests for GKE environment * statefulset_expansion.go delete ps define * Fixed glusterfs mount options * apimachinery: fail early with deepcopy problems during roundtrip tests * hack/update-staging-godep.sh: check for staging repos in GOPATH * continue Fix error format and info for get_test.go * Fix ha_master tests * Allow unmounting bind-mounted directories. * Set external hostname in local-up-cluster * tune iscsi and fc volume owner * Fix bug in command retrying in kubemark * allowPrivilegeEscalation: modify api types & add functionality * allowPrivilegeEscalation: apply to correct docker api versions * test/images: add no_new_privs test container * allowPrivilegeEscalation: add integration test with setuid binary * StatefulSet: Stop using `initialized` annotation in e2e tests. * StatefulSet: Remove `pod.alpha.kubernetes.io/initialized` annotation. * allowPrivilegeEscalation: update docs * allowPrivilegeEscalation: update code generation * Add ubuntu to gluster and nfs tests * Providing kubeconfig file is now the switch for standalone mode * increate GC orphan test timeout * Add some logs to certificate rotation * [client-go] Add fake dynamic Client/ClientPool * kubeadm: Make sure --config can be mixed with --skip-* flags * unify tag syntax for genclient tags and add onlyVerbs and skipVerbs * update tags in types for new genclient syntax * regenerate clients to pickup updated genclient:noStatus comment * update staging clients * Added sig-storage labels to upgrade tests and moved them to appropriate directory * regenerate clients * let garbage collector send orphaning patches in parallel * Test GCE ILB functionality * Add Service table printer * Fix Operation names for subresources * Update swagger and OpenAPI spec * Implement Envelope encryption Transformer * Add unit tests for envelope transformer * Add benchmarks for envelope transformer * Add [sig-network] prefix to network e2e tests * remove duplicated import and wrong alias name of api package * Add ingress table printer * Expose Informer constructors * Re-generate informers * Fix make help * Add statefulset table printer * Add Endpoint table printer * Add Node table printer * set default adminid for rbd deleter * update json-patch to fix nil value issue when creating mergepatch * update related files * Added node taints labels. * add namespace test * use demorgans to make startRouteController implementation more readable * Add shiywang to sig-cli help out review code * Update maintainers for Juju charm layers * Enhance scheduler cache unit tests to cover OIR in pod spec * Change pod config to manifest * Change log level for pod manifest * remove deads2k from volume reviewer * add reflector metrics * Fix bug in cluster/log-dump and add OWNERS file * Log abridged set of rules at v2 in kube-proxy on error * kube-apiserver: add CRD initializer test * Use case-insensitive header keys for `--requestheader-group-headers`. * apimachinery: fix meta/v1alpha1.Table deepcopy * Add sig-testing OWNERS_ALIASES * openapi: refactor into more generic structure * DS: add to v1beta2/types.go * DS: added v1beta2/defaults * DS: added unversioned type apps.DaemonSet and validation * DS: Add conversion functions * DS: changes to server and storage * DS: kubectl changes * DS: RBAC changes * Bump required golang version to 1.8 * Add jq and remove godep from kube-cross * rsync git directories into kube-build * Simplify output of ensure_godep_version * Log times to restore godeps * Dockerize update-staging-godeps * DS: Api Machinery Fixes * DS: autogen * DNS name error message improvement * Add ext4 and xfs tests to GCE PD basic mount tests * Updates godep for etcd-client to 3.1.10. * Move cmd/kubelet/app/bootstrap.go to a kubelet subpackage * Move client cert bootstrap to a kubelet package * Rebase hyperkube image on debian-hyperkube-base, based on debian-base. * move sig-node related e2e tests to node subdir * skip downloading and extracting tarballs and docker images when they are preloaded. * Replace duplicate cAdvisor Mock chain code with function * Converted usage of federation internal clientset to versioned clientset * Stop generating federation internal clientset * When faild create pod sandbox record event. * Remove federation internal clienset * Auto generated files * improve log for pod deletion poll loop * compact rules which has the same ResourceName * validate cadvisor rootpath * change Errorf to Error when no printer format * simplify if and else for code * enhance kubectl run error message * remove redundant comment * add daemonset to all categories * add empty lines to separate unimplemented elements * replicaset fix typo * update auto-gen * Better message if we dont find appropriate BlockStorage API * Cassandra example, use nodetool drain in preStop * use the core client with version * Fix registered ownerName in prometheus * Run mount in its own systemd scope. * Add termination gracePeriod * Update vendor of gopkg.in/gcfg from v1 to v1.2.0 * Wrap gce.conf parse with FatalOnly error filter * Adding metrics support to local volume * Bump ReplicaSet to apps/v1beta2 * Fix ReplicaSet federation e2e test: use explicit cluster.ReplicaSets * Remove default binding of system:node role to system:nodes group * adds an admission plugin initializer to the sample apiserver. the plugin initializer is going to be used by an admission plugin that will use generated informers/listers to list the cluster-scoped resources. * Autogen * StatefulSet: Remove `initialized` annotation from apps/v1beta2. * Move the audit e2e test out of the node SIG * Unit test unknown value in config * make admission tolerate object without objectmeta for errors * Fixes bug where the network used in the cloud provider was not taken from the /etc/gce.conf configuration. * make it possible to allow discovery errors for controllers * Adding unit test for ensureStaticIP * Check volumespec is nil in FindPluginBySpec * Add OWNERS file for Calico add-on * Replace duplicate pod status code with function * Fix log-dump script wrt logexporter * improve detectability of deleted pods * FC volume plugin: remove unmount of global mount * Add inter-pod-affinity integration tests and remove corresponding e2e tests * fix arg type error in printf * Use MetricsStatsFs to expose RBD volume plugin metrics. * Add apiserver metric for response sizes split by namespace scope * Reduce GC e2e test flakiness * Adding old juju maintainers * set k8s master charm state to blocked if the services appear to be failing * Fix some typos * fix apps DeploymentSpec conversion issue * Display list of failed tests to the user * reverting deprecatin of vcenter port * kubeadm: use kubelet bootstrap instead of reimplementing * skip WaitForAttachAndMount for terminated pods in syncPod * Azure: Allow VNet to be in a separate Resource Group * StatefulSetReaper#Stop: use the timeout we calculate * fix the typo of intializing * Pod affinity test clean up as AffinitInAnnotation is removed. * cloudprovider/photon: remove unneeded bash exec * Volunteer to review Cinder related code * Lowercases hostname for kubeadm cert slice * Supply Portworx StorageClass paramters in volume spec labels for server-side processing * Add comment for parameter parsing logic in Portworx volume create * update the link to client-gen doc * Add priority admission controller * squash the commits into one * revert most of the changes, add comments * Emit event and retry when fail to start healthz server on kube-proxy. * Don't use cacher if uninitialized * Revert "Remove old node role label that is not used by kubeadm" * Remove blank lines-review comments * add podsecuritypolicy in kubectl describe command * Add waitForFailure for e2e test framework * Fix the matching rule of instance ProviderID * Add a support for GKE regional clusters in e2e tests. * Move ResourceQuota plugin at the end of the admission plugin chain. * Fix crd delete nil pointer * Enable garbage collection of custom resources * Log attach detach controller skipping pods at higher priority * Add conversion-gen between extensions and apps * remove useless conversion-gen tags * Autogen * We never want to modify the globally defined SG * Add admission controller API to config and externalize ADMISSION_CONTROL * Enable node authorizer in local-up-cluster * conversion-gen: support recursive types * Relax restrictions on environment variable names. * Fix bug and add log statements to log-dump script * Revert "Aggregate OpenAPI specs" * Revert "Separate Build and Serving parts of OpenAPI spec handler" * Add KMS plugin registry * Add unit tests for KMS transformer initialization * Add cloudprovidedkms provider support * Emit event when failed to create route * Update generic errors with the new http package codes * Report non-resource URLs in max-in-flight correctly * Timeout filter returns 504 and an inconsistent error body * Return a status cause for disruption budget that contains more details * generated: bazel * SuggestClientDelay is not about retrying, clarify message and header * Filter duplicate ips or hostnames for ingress * rename this file to delete.go to avoid confusion * fix missing verb at end of format string * Add test items for job utils * Renamed packge name to apiv1 * fix swallowed error in kubectl rolling_updater * send volumesInUse sorted in node status updates * update dashboard image version * fix error message for cronjob * add label examples for kubectl run * amend the message * fix spelling * adding kube-apiserver starting option tests * refactor capabilities to a singleton struct * Reduce kubectl calls from O(#nodes) to O(1) in cluster logdump * Added taints node by condition feature flag. * Add parallelism to GCE cluster upgrade * Renamed zoneNotReadyOrUnreachableTainer to zoneNoExecuteTainer. * Renamed doTaintingPass to doNoExecuteTaintingPass. * Add KUBE_COVER help to "make test" * Make "kubeadm version" json format output more readable. * Fix issue: https://github.com/kubernetes/kubernetes/issues/49728 Let user choose ADVERTISE_ADDRESS in case the apiserver heuristic for the external address is broken * Fix a bug that --flag=val causes completion error in zsh * Add missing ugorji codecs for auth/v1, settings/v1alphav1 and storage/v1 * bump(k8s.io/gengo): 9e661e9308f078838e266cca1c673922088c0ea4 * update generated deepcopy code * Fix initial exec terminal dimensions * autogenerated files * Refactor logging e2e tests, add new checks * ignore udp metrics in k8s * kubeadm: make rpm use --bootstrap-kubeadm * Set default vmodule flag in integration tests * [addon-manager] Remove unneeded annotation codes * Fixes kubernetes/kubeadm#347 * set nodeOODCondition * Fix usage a make(struct, len()) followed by append() * kubectl: deploy generators don't need to impl Generator iface * bump(github.com/googleapis/gnostic):0c5108395e2de * FC volume plugin: remove block device at DetachDisk * Use --sandbox_fake_username with bazel build * gce: make append_or_replace.. atomic * gce: extend CLOBBER_CONFIG to support known_tokens.csv * Add clusterroles for approving CSRs easily * ScaleIO Volume Plugin - volume attribute updates * Fix indent of ginkgo-e2e.sh * generated: clarification on RetryAfterSeconds field * refactor function is-preloaded in configure.sh * fix alpha/beta endpoint when api endpoint is specified * metadata improvements. * Update images used in the node e2e benchmark tests * If err does not add continue, type conversion will be error. If do not add continue, pod. (* V1.Pod) may cause panic to run. * Add basic local volume provisioner e2e tests * add UpdateContainerResources function to CRI * fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go * fix winspace wrong comment message * Validate if service has duplicate port * Add e2e test for privileged containers * Allow mode in e2e-framework to gather metrics only from master * Update Godeps to use kube-openapi * Update main repo references to new kube-openapi repo * Aggregate OpenAPI spec * Update Bazel * Update OpenAPI spec * Delete redundant print 'got:' * Add [sig-autoscaling] prefix to autoscaling e2e tests * Add gmarek to hack/ OWNERS * Multiarch nonewprivs test image * Update the DeleteReplicaSet in rs_util.go to use server side reaper * Allow configuration of logrorate in GCE * adds an admission plugin to the sample apiserver. the admission plugin checks whether Flunder.Name is not on the banned list. including a unit test with various test scenarios. * Fix duplicate metrics collector registration attempted error * Don't stop log-dumping if logexporter fails * Allow update to GC fields for RBAC resources * GC shouldn't send empty patch * This adds an etcd health check endpoint to kube-apiserver addressing https://github.com/kubernetes/kubernetes/issues/48215. * cmd/explain: make 'recursive' local var (not global) * certificate manager: close existing client conns once cert rotates * generated: * increate gc e2e test timeout * fix example apiservice.yaml to add groupPriorityMinimum and versionPriority * rename OWNER to OWNERS * Increase default value of DeploymentSpec.RevisionHistoryLimit to 10 * auto-gen * Rename e2e sig framework files * Fix Getpath() description * Correctly handle empty watch event cache * update submit-queue URL in README.md * Add [sig-scalability] prefix to scalability e2e tests * Bugfix: verify-no-vendor-cycles.sh detects wrong cycles * Have a uniform format for filenames across controllers * change the StatefulSet observedGeneration from a pointer to an int for consistency * auto-gen * Remove deprecated kubectl command aliases * Improve shared informer notification dispatching * fed/clustercontroller: fix race when updating data * remove dead log handler and increase verbosity * Enabled SD monitoring e2e tests on GCE * Do not allow empty topology key for pod affinities. * Remove extraneous white space * Add missing UID in SubjectAccessReviewSpec * create default storage selection functions * Add --feature-gate flags to kubeadm * VCLib Package - A common framework using by vsphere cloud provider for managing all vsphere entities * vSphere Cloud Provider code refactoring * e2e test changes * Move left networking e2e tests to test/e2e/network * cleanup dead installer code * client-gen: don't return a nil client interface value * generated * Add cblecker to hack/ approvers * Upgrade Elasticsearch/Kibana to 5.5.1 and use official Kibana image * Update repo-infra and rules_go Bazel workspace dependencies * Fail on swap enabled and deprecate experimental-fail-swap-on flag * Fix premature return * AttachDisk should not call detach inside of Cinder volume provider * Fix typo in test/images/port-forward-tester/Makefile * Adding cassandra test server manifests. * Correctly cast port to string * fix typo * Update kazel to include kubernetes/repo-infra#21 * Update kazelcfg to kazel everything * Make hack/boilerplate/test files use a more appropriate package name * Run hack/update-bazel.sh to generate BUILD files * Fix BUILD files * remove temporary file after apt-get install * Fix incorrect owner in OWNERS * Remove [k8s.io] tag and redundant [sig-storage] tags from tests * Do not try run preStop hook when the gracePeriod is 0 Add UT for lifeCycle hooks * Add Event table printer * Add namespace table printer * Add secret table printer * Add serviceAccount table printer * Add persistentVolume table printer * Add persistentVolumeClaim table printer * Add componentStatus table printer * Add table printer for 3rdpartyResource and deployment * Add table printer for hpa * Add table printer for configMap * Add table printer for psp * Add table printer for cluster * Add table printer for rolebinding clusterRoleBinding * Add table printer for csr * Add some more table printer * fix secret printer * address comments * Fix pointer bug in local volume e2e test * add possibility to use multiple floating pools * Fix comment of request.go * Remove traces of go2idl * Moved node condition check into Predicats. * Fix comment of isHTTPSURL * Remove 0,1,3 from rand.String, to avoid 'bad words' * Enable overriding fluentd resources in GCP * Update CHANGELOG.md for v1.7.3. * Allow for some pods not to get scheduled in CA tests. * Fix etcd migration for HA clusters * Remove v2 data when upgrading to 3.1.* version * add fieldSelector podIP * Explicitly use Core client as EventClient in hollow node * UTs for pkg/kubectl generate_test.go * apiextensions: fix panix with KUBE_API_VERSIONS set * Cover get equivalence cache in core * Update generated files * Bump GLBC version to 0.9.6 * fix data race in storage (during addition) * Remove failure check from deployment controller * Adding IPv6 to cidr_set and cidr_set_test * Adding cassandra test. * Update OWNERS files for networking components * Add kube-proxy change notice to v1.7.3 release note * Added field CollisionCount to StatefulSetStatus * Update CHANGELOG.md for v1.6.8. * Move remaining cert helper functions to client-go/util/cert - Move public key functions to client-go/util/cert - Move pki file helper functions to client-go/util/cert - Standardize on certutil package alias - Update dependencies to client-go/util/cert * fix outofdisk condition not reported * Fix incorrect call to 'bind' in scheduler * Let controllers ignore initialization timeout error when creating a pod. * support multiple ec2 ips in aws provider * increase the GC e2e test timeout because the API re-discovery increases the latency * Return Audit-Id http header for trouble shooting * Removed un-used InodePressure condition. * validate token length in tokenReview * Display healthcheck nodeport and other fields in describe service * kube-gen: move client-gen tests into test dir * kube-gen: fixup moved tests * verify-staging-import: ignore k8s.io/kube-gen/test * kube-gen: cut off protobuf-gen from apimachinery * kube-gen: cut off conversion-gen from k8s.io/apimachinery * kube-gen: unify update-codecgen.sh scripts * Update generated files * fix typos in federation-controller * Update OWNERS to correct members' handles. * codegen: skip generation of informers and listers on resources with missing verbs * Don't expect internal clientset to be generated for groups without new types * Add metav1.MicroTime to exceptions in tag tests * Add MicroTime to DeepEquals overrides * Fix swallowed errors in RS and deployment tests * Add e2e test for cronjob chained removal * Add basic install and mount flexvolumes e2e tests * Move proxy code to its own package * Ensure proxy server code is logically distinct * Allow the UpgradeAwareProxy to have an upgrade specific transport * React to changes in UpgradeAwareProxy * Use the UpgradeAwareProxy in `kubectl proxy` * Add e2e test for kubectl exec via kubectl proxy * Add pkg/kubectl/proxy to list of pkg/kubectl/util consumers * Fix includeObject parameter parsing * Refactored the fluentd-es addon files, moved the fluentd configuration to ConfigMap * kubeadm: Replace *clientset.Clientset with clientset.Interface * Handle errors more consistently in scheduler * Update build requirements * openapi: Remove cache mechanism * c-go: Use http Etag cache * c-go: Add dependencies for http-cache * c-go/transport: Add test for CacheRoundTripper * Add info about staging repos to staging/README.md * Add node e2e test for Docker's shared PID namespace * Fix local storage test failures * Use 'Infof' instead of 'Errorf' for a debug log * fix the link of doc * fix typo * use status code instead of response body for checking kube-proxy URLs * Remove deprecated ESIPP beta annotations * kubeadm: Add back labels for the Static Pod control plane * fully implement kubeadm-phase-kubeconfig * Fix typo in certificate * Fix typo in comment * [Federation] hpa controller * Fixed typo in comment in eviction_manager * Fixed typo in rkt * Fix typo in variable of remote * [Federation] Make the hpa scale time window configurable * plugin/pkg/client/auth: add openstack auth provider * [OpenStack] Add more detail error message * Migrate to GetControllerOf from meta/v1 package * Migrate to NewControllerRef from meta/v1 package * Migrate to IsControlledBy from meta/v1 package * client-gen: stop embedding of GroupVersion client intfs * Fix code implicitly casting clientsets to getters * Fix printer hack to get a versioned client * Update generated code * getHashEquivalencePod also returns if equivalence pod is found * Remove duplicate logging code * Remove duplicate command example * Add whitespace to improve error msg clarity * Modify e2e.go to arbitrarily pick one of zones we have nodes in for multizone tests. * Fix NotFound errors do not line up with API endpoint's group version * Move the sig-instrumentation test to a dedicated folder * Fix Stackdriver Logging soak tests issues * Ignore the available volume when calling DetachDisk * Fix storage tests for multizone test configuration. * Handled taints on node in batch. * Added toleration for node condition taints. * There is no need to split service key repeatedly * convert default predicates to use the default * Enable selfHosted feature flag * Add a simple cloud provider for e2e tests on kubemark * Arbitrarily chose first (lexicographically) subnet in AZ on AWS. * Handle missing OpenAPI specs on aggregated servers * provide the failing health as part of the controller error * add job controller * add fed job e2e test * implement statefulset scale subresource * Make ClusterID required for AWS. #48954 * Add irfanurrehman as approver for federation. * Add Shashi as approver for e2e_federation * Revert "Merge pull request #47353 from apelisse/http-cache" * Move ownership of proxy test to sig-network directory * Copy annotations from StatefulSet to ControllerRevisions it owns * Addressed reviewer comments * add LocalZone into gce.conf and refactor gce cloud provider configuration to allow avoiding external communication * Deprecate Deployment rollbackTo field and remove rollback endpoint * Conversion code for apps/v1beta2 Deployment * Remove some apps/v1beta2 generated files so that codegen works * Autogen * Moved node/testutil to upper dir. * add some checks for fedration-apiserver options * Update mrubin to matchstick in OWNERS * Honor --use-service-account-credentials and warn when missing private key * Change test to work around restmapper pluralization bug * Add error return for the Marshal object invocation. * simplify logic around LB deletion * Added monitoring sidecar for Heapster * kubeadm: Centralize commonly used paths/constants to the constants pkg * Block on master-creation step for large clusters (>50 nodes) in kube-up * Remove ScheduledJobs support * Detect systemd on mounter startup * Generated changes after removing ScheduledJobs * Update gophercloud to support list interfaces of OpenStack instance * Fix conflict about getPortByIp * Add blank import for node tests * validate kube-apiserver options * Add unittests for GenerateLink * Ensure that pricing expander is used by default in Cluster Autoscaler * Dynamic Kubelet Configuration * additional generated files * core generated files * Retry fed-lb-svc creation on diff NodePort during e2e tests * Add debug logs to log-dump * GKE deployment: Kill cluster/gke * Change default update strategy to rolling update * Autogenerated * Break up node controller into packages * RawExtension unmarshal will produce empty objects if the original object was nil #50323 * Rewrite staging import verifier in Go * golint fixes * fix dump * Clean validation_test go file When i wrote test cases for local storage quota, found some unused vars and useless code, remove them * fix error message for scale * delete redundant test para. * Remove some helpers associated with ESIPP. * checking if disk is already attached for photon. * Reduce hollow-kubelet cpu request * correct the allocated element number of pod selectable field set * Improve GC discovery sync performance * Bugfix: set resources only for fluentd-gcp container. * Fix unused Secret export logic. * Add MemoryPressure/DiskPressure toleration for no BestEffort pod. * wires ban flunder admission plugin to the sample server * Don't call one of pointless conversions * Added changes as a result of running make update * kubeadm: Upload configuration used at 'kubeadm init' time to ConfigMap for easier upgrades * autogenerated bazel * Use local JSON log buffer in parseDockerJSONLog. * Add explicit API kind and version to the audit policy file on GCE * Use zero TerminationGracePeriodSeconds in fixture * Admit sysctls for other runtime. * New get-kube.sh option: KUBERNETES_SKIP_RELEASE_VALIDATION * remove apps/v1beta2 defaulting codes for obj.Spec.Selector and obj.Labels * csr: add resync to csr approver * Make socket address parsing work on FreeBSD. * Add rbac.authorization.k8s.io/v1 * Generated files * Adds v1.Service.PublishUnreadyAddresses and deprecates service.alpha.kubernetes.io/tolerate-unready-endpoints * generated code * Fix dropped errors in vsphere_volume * Simplify hack/verify-flags-underscore.py * Remove redundant files * Add leader election support for controller-manager * Auto generated files * AddOrUpdateTaint should ignore duplicate Taint. * Target godep script change verifications * code format for test/integration/framework/master_utils.go * Add token group adder component * Add token cache component * Add union token authenticator * Simplify bearer token auth chain, cache successful authentications * kubeadm: Move all node bootstrap token related code in one phase package * kubeadm: Add the 'kubeadm phase bootstrap-token' command * autogenerated * Remove repeated reviewers names * remvoe redundant words in Type Taint * auto-gen * add grabbing CA metrics in e2e tests * jsonpath: fix comments * Simplify a command for unmounting mounted directories under /var/lib/kubelet. * apimachinery: remove pre-apigroups import prefix logic * Update etcd path test to always use kindWhiteList * Add functionality needed by Cluster Autoscaler to Kubemark Provider. * add Cluster Autoscaler scalability test suite * Typedef visitor to document parameters * FC plugin: Support WWID for volume identifier * Autogenerated files * Detect missing steps in edit testcases * Specify node labels for fakeVolumeHost when testing * remove the duplicate address of glusterfs * GCE: filter addresses by IP when listing * kubeadm: add pubkeypin package (public key pinning hash implementation). * kubeadm: implement TLS discovery root CA pinning. * kubeadm: generated deepcopy for `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm` and `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1`. * Add a heap data store to client-go * autogenerated files * move logs to kubectl/util * Kubelet manage hosts file for HostNetwork Pods instead of Docker * Fix my incorrect username in #46649 * Adds IPv6 test case to kubeadm bootstrap * Correct case for starting character of option string * Fix grammatical error * GCE: Specify alpha in annotation key, deprecate lower case of LB type * Add node benchmark tests for cos-m60 with docker 1.12.6 * forbid kubectl edit an empty list * Tainted node by condition. * get_test.go fix error format and info * Fix typos in kubefed package * Fix the method name of BuiltInAuthenticationOptions * add fuzzer dir for each apigroup * Requeue DaemonSets if non-daemon pods were deleted. * add cmd-test for sort-by command * Moved node condition filter into a predicates. * fix a typo * Update Stackdriver event exporter version * Pass config to external Kubemark cluster in e2e tests * Add variables for passing test args to kubemark master components * apimachinery: remove misleading NewDefaultRESTMapper * Bump Cluster Autoscaler to 0.7.0-alpha1 * Bump rules_go * Use gazelle and kazel together to manage BUILD files * Autogenerate BUILD files * Remove deprecated cgo_genrules * Use buildozer to remove deprecated automanaged tags * Use buildozer to delete licenses() rules except under third_party/ * Add metric for remaining life of authenticating certificates * Add a SUPPORT.md file for github * Added jdumars to OWNERS file for Azure cloud provider * openapi: Move Fakes to testing package * Renamed to RegisterMandatoryFitPredicate. * select an RBAC version for kubefed it knows how to speak * openapi: Add validation logic * deprecation of .spec.templateGeneration from extensions/v1beta1 DaemonSet to apps/v1beta2 * auto-gen * move UDP conntrack operations together to pkg/proxy/util/conntrack.go * Delete load balancers if the UIDs for services don't match. * fix-review * do-rebase * Refactor updateClusterStatus to reduce locking * Refactor TestUpdateClusterRace and TestUpdateClusterStatusOK * Use DiscoveryClient from kube clientSet instead of creating new one * Auto generated file * Cleanup locking in configz * add validation for fed-apiserver * Remove packages which aren't relied on by heapster anymore. * Remove deprecated flag "long-running-request-regexp". * Adding support for internal IP for e2e tests * Avoid rsync of .git directory * Support seccomp profile from container's security context * Use seccomp from security context * Rename runtime/default to docker default * run hack/update-bazel.sh * Implement kind visitor library for kubectl * Support for using a client-go client from kubectl * Mark volume as detached when node does not exist for vsphere * [VSphere] Don't return err when node doesn't exist in DetachDisk() * Fix node allocatable resource validation GetNodeAllocatableReservation gets all the reserved resource, and we need to compare it with capacity * Make endpoints controller update based on semantic equality * fix apply_set_last_applied dry-run output issue * remove useless comments in node_controller.go * Add image e2e-net-amd64 to CommonImageWhiteList * some small fix in verify-flags-underscore * Changes for updating serviceaccount of a resource. * NodeConditionPredicates should return NodeOutOfDisk error. * simplify disruption controller * Add prefix to common networking e2e tests * update clientset.Core() to clientset.CoreV1() in test * Increase kibana CPU limit to sped up the startup * Log error from ensureDNSRecords * Add Exec interface to VolumeHost * Add pluginName to VolumeHost.GetMouter * SafeFormatAndMount should use volume.Exec provided by VolumeHost * Typed static/mirror pod UID translation * [Federation] Kubefed doc fix * Set cluster autoscaler version to 0.6.1-beta2 * Move all staticpod utils to separate package * Main work -- move etcd to separate phase and hook up most things * Add CLI commands * Autogenerated bazel etc. * [Federation] Autogenerated file changes for kubefed doc fix * Use Describe to add prefix * Refactor addons into multiple packages * Update bazel * Migrate sig-auth e2e tests. * Use `select` to disable building static binaries if `--cpu=darwin`. * Remove package from hack/.golint_failures * Add ReclaimPolicy field to StorageClass * Generated StorageClass.ReclaimPolicy code * Remove the status of the terminated containers in the summary endpoint * Fix kubernetes-worker charm hook failure when applying labels * Bumped Heapster version to 1.4.1 * Use nodePortOp for allocating healthCheck nodePort * Extend SetHeader Requests method ito accept multiple values * FeatureGate: update comments * move retry to client-go * refactor entries added by hostAlias into a separate method and be explicit about the source * Creates /var/lib/kubelet as root * add HostAlias support for HostNetwork pods * remove validation disallowing hostAlias with hostNetwork * Bump gce metadata-proxy from 0.1.2 to 0.1.3 * Allow passing image description from e2e node test config * Add resouer into scheduler reviewer * Log name if Azure file share cannot be created * OpaqueIntResourceName unit tests * Added logic and tests for creating and using a tmpfs volume in localPV e2e tests * Move taints e2e test to sig-scheduling * apiservers: add synchronous shutdown mechanism on SIGTERM+INT * fix typo * Modify the initialization of results in generic_scheduler.go * Mark the volumes as detached when node does not exist * fix some typo * fix some typo * kubectl show node role if defined * Port internal extensions/Network* to networking.k8s.io API group * Update generated files * Remove deprecated lookup cache flags. * apiserver: simplify deepcopy calls * Implement batching audit webhook graceful shutdown * apimachinery: simplify deepcopy calls * apiextensions: simplify deepcopy calls * kubeadm: Centralize client create-or-update logic in one package * autogenerated bazel * Update RegisterMandatoryFitPredicate to avoid double register. * registries: simplify deepcopy calls * Base Fluentd image off debian:stretch-slim for systemd with LZ4 * Small code cleanups * Small improvements on CLI messages * fix two typos in quobyte error message * move KubeletConfiguration out of componentconfig API group * Allow injection of policy in RBAC post start hook * Fix make cross build failure * Adds IPv6 test cases to kubeadm certs and validation pkgs. * Fix comment of limitranges * Dump installation and configuration logs for master * Added Device plugin API * Added script to generate the Device Plugin API * Added script to verify the generated Device Plugin API * Fix forkedjson.LookupPatchMetadata for pointers. * Bump Cluster Autoscaler to 0.6.1 * mark created-by annotation as deprecated * remove deprecated command 'kubectl stop' * Using hash/fnv to generate the vmName * Move List (the type) into metav1 but preserve the exposed type * remove leaked socket file after unit test * update it * Support autoprobing subnet-id for openstack cloud provider * Make kube::util::ensure_clean_working_dir more verbose in log files * move some e2e tests to SIG respectively * Promote CronJobs to batch/v1beta1 * Generated changes for CronJobs in batch/v1beta1 * Replaced bool map to string set. * fix panic in e2e * Replace hard-code "cpu" and "memory" to consts * kubectl: simplify deepcopy calls * continue fix the typo * upgrade advanced audit to v1beta1 * run hack/update-all.sh * audit: disable new v1beta1 types until incompatible changes are done * Don't SSH to master for metrics in case of GKE * Make removing nodes public for Kubemark controller * Delete "hugetlb" from whitelistControllers * Refactor RBAC authorizer entry points * apimachinery: Print unknown transport type * Re-enable OIR e2e tests. * Feature-gate self-hosted secrets * Remove BUILD reference to removed files * move i18n to kubectl/util * enables apps/v1beta2 and removes WIP comments from documentation * generated code * Remove duplicate unused function. * Address PR comments * Bump repo-infra/kazel dependency * fix-review * Re-run init containers if the pod sandbox needs to be recreated * OIR predicate includes namespaced resources. * Generated files * Remove incorrect patch-merge directives. * On AttachDetachController node status update, do not retry when node doesn't exist but keep the node entry in cache * Regenerate all BUILD files in vendor/ from scratch using gazelle * Disables Docker's health check * Remove kubectl's dependence on schema file in pkg/api/validation. * address review comments. * add some e2e for node authz * Remove redundant err definition * fix issue(#50821)Add image check, if image not changed, transform false * Add ControllerRevision to apps/v1beta2 * Added auto-generated changes * Delete useless code * Honor --use-service-account-credentials in cloud-controller-manager * update CRD strategy for status updates * fix kubectl issue(#52)kubectl run --expose continues after error (missing port) * move IsLocalIP() and ShouldSkipService() to pkg/proxy/util * verify pkg/util contains no code * fix GPU resource validation incorrectly allows zero limits * auto-gen * update testcase err msg * Fixed several typos in CHANGELOG.md. * Make metav1.(Micro)?Time functions take pointers * Rename k8s.io/{kube-gen -> code-generator} * fix issue(#49695)kubectl set image deployment is ignoring --selector * fix issue(#49883) Add selector example * kubeadm: Fix self-hosting race condition * newline to separate unimplemented elements * Small improvement in ban flunder admission plugin. After the changes a name will be also taken directly from meta field. Previously a name was taken only via attributes.GetName() method, which in turns derived a name from a URL address. This didn't work as we don't allow to pass a name when POSTing a resource. * fix incorrect logic * allow default option values - kube top node|pod * Fixup after k8s.io/{kube-gen -> code-generator} rename * cni: print better error when a CNI .configlist is put into a .config * Update CHANGELOG.md for v1.7.4. * Update GCP API package * NR Infrastructure agent example daemonset * Fix e2e_node for changes to /api/compute/v0.beta package * Add e2e aggregator test. * Updates Kubeadm Master Endpoint for IPv6 * Proposal to add @wlan0 to appropriate owner files * Make route-controller list only relevant routes instead of all of them * Update with PR comments * make admission plugins handle mutating spec of uninitialized pods * Set ExecSync timeout in liveness prober. * Clear collections between each test of TestList * Verify TableConversion behavior in resttest * Make generic metadata conform to documented name column convention * Enable server side printers for converted types * add tests * Change API version of statefulset scale subresource e2e test to v1beta2 * Added lister expansions for DaemonSet, Deployment, ReplicaSet, and StatefulSet for apps/v1beta2 * Add instance metadata from flag even when using image config. * Add enj to OWNERS for test/integration/etcd/etcd_storage_path_test.go * Add node e2e test for Docker's live-restore * Use 'Infof' instead of 'Errorf' for a debug log * Add enj as reviewer to OWNERS * add cmd test kubectl set image * Fix admission plugin registration * CollisionCount should have type int32 across controllers that use it for collision avoidance * auto-gen * Reduce one time url direction * remove dead code for cloner * validate nonResourceURL in create clusterrole * support fieldSelector spec.schedulerName * Cleanup makeEventRecorder function drop KubeletConfiguration arg since it is unused * Main work -- refactor certs phase * Main work -- cleanup certs CLI command * Autogenerated bazel files * [advanced audit api] fuzz Event with random value * Fix zsh completion for kubeadm * Stackdriver Logging e2e: Explicitly check for docker and kubelet logs presence * add diff details to pod validation error * kubeadm: Adds dry-run support for kubeadm using the '--dry-run' option * Use CollisionCount for collision avoidance in StatefulSet controller * Implemented support for using images from CI builds * Autogenerated * oidc auth: make the OIDC claims prefix configurable * Refactor cluster_upgrade to include statefulset upgrade tests. * bump(github.com/google/cadvisor): 27e1acbb4ef0fe1889208b21f8f4a6d0863e02f6 * Don't register the kubeletconfig group with the default Scheme * Allow zsh completion to be autoloaded by compinit * Update help/example for kubectl completion * kubeadm: Make the self-hosting with certificates in Secrets mode work again * kubeadm: Adding unit tests for newly added funcs * autogenerated bazel * Updated gRPC version to support Keep Alive * Fix threshold notifier build tags This was preventing cross builds from darwin * Increase latency threshold for list api calls * Fix duplicate field in kubeconfig * Clean /run/kubernetes on kubeadm reset * Revert #50362. * Expand the test to include other flags as well * Remove seemingly obsolete binaries * bump QEMU to new version 2.9.1 * fix issue(#50937)Fix kubectl get pvc lose volume name * fix bad url * don't try to add pool id if pool doesn't exist * kubeadm: Add back labels for the Static Pod control plane (attempt 2) * kubeadm: Tell the user when a static pod is created * Fix unhandled error * Create the directory for cadvisor if needed * kubeadm: Use kube-dns manifests based on the kubernetes version * Factor out endpoint address generation, skip unneeded endpoint updates * Fix legacy floatingip * Support ServiceAnnotationLoadBalancerFloatingNetworkId for LB v1 * use more-specific arm32v7 instead of deprecated armhf organization * use more-specific arm64v8 instead of deprecated aarch64 organization * Replace the deprecated function with the suggest function * Address TestEtcdStoragePath flakes * fix bad url in the README file * bump new version due to base image changed * Revert "Don't register the kubeletconfig group with the default Scheme" * update to rbac v1 in yaml file * Made the difference between scale-up timeout and cluster set-up timeout explicit. * Fixed code comments that were not updated * Auto-calculate CLUSTER_IP_RANGE based on no. of nodes * Fix GC integration test race * iSCSI volume plugin: iSCSI initiatorname support * gce external LB: add a function to verify the requested IP address * Validate against OpenAPI schema (if available) * openapi: Use "group" to look for resources * openapi: Handle properly empty/null fileds * openapi-validation: Handle List special case * openapi validation: Ignore unknown types * Autogenerated files * Show events when describing service accounts * teach gce cloud to handle alpha/beta operations * [sig-network-e2e] Remove redundant sig prefix from tests * Revert "Merge pull request #51008 from kubernetes/revert-50789-fix-scheme" * adding version.Components(), .Major(), .Minor() .Patch() etc. * kubeadm preflight - enforce maximum supported Kubernetes version * StatefulSet controller no longer attempts to mutate v1.PodSpec.Hostname or v1.PodSpec.Subdomain * StatefulSet: Deflake e2e "Saturate" phase. * addressed comments * Add ncdc to client-go/tools/cache OWNERS * run go fmt * Fix StatefulSet update validation * Makefile cleanups * Message cleanup on update-all * Add debug logs to conversion-gen * More PR comments * Fix swallowed errors in statefulset tests * fix bad url * Multi-Attach volume fix for vSphere * update to rbac v1 in bootstrappolicy test * fix-review * fix issue(51027)kubect logs --selector ignoring --tail=-1 * Add ephemeral local storage resource name first * add merge key to initializers.pending * daemon_controller: fix typo. * Add flags for prometheus-to-sd components. * azure: Don't exec 'cat' to read files. * azure: Use VolumeHost.GetExec() to execute stuff in volume plugins * generate files before scheduler perf * Correct error strings in glusterfs * Replace validateGlusterfs() with validateGlusterfsVolumeSource for consistency. * Print root cause failure message in StartTestServerOrDie() * Fix README registry error * FlexVolume: Add capability to disable SELinux Relabeling during the driver's init phase * Always check if default labels on node need to be updated in kubelet * ScaleIO: use a fresh mounter for every SetUp/TearDown * ScaleIO: Use VolumeHost.GetExec() to execute utilities * add UT for pkg/apis/autoscaling/v2alpha1/defaults.go * Refactor kuberuntime test case with sets.String * fix confusion in service_controller * fibre channel: Remove unused exe interface * Support for specifying external LoadBalancerIP on openstack * Add Humble as GlusterFS approver. * gluster: Remove unused exe interface * gluster: Use VolumeHost.GetExec() to execute stuff in volume plugins * Revert "Updated gRPC vendoring to support Keep Alive" * nfs: Use VolumeHost.GetExec() to execute stuff in volume plugins * quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins * rbd: Use VolumeHost.GetExec() to execute stuff in volume plugins * StorageOS: Use VolumeHost.GetExec() to execute stuff in volume plugins * Fix comment to more accurately * kubeadm: Add node-cidr-mask-size to pass to kube-controller-manager for IPv6 * kubeadm: Implement the 'kubeadm config' command * Skip "Simple pod should support exec through kubectl proxy" test * add alpha api gate at gce cloud provider * Don't silence `go get` during verify scripts * Add cpuset helper library. * Run multiarch/qemu-user-static:register before building cross-arch images * Remove crash loop detection from the dynamic kubelet config feature * Fix unready endpoints bug introduced in #50934 * Enable finalizers independent of GC enablement * Clarify finalizer function * GCE: Add functions for Alpha address and forwarding rules * Enable overlay2 on cos-m60 in node e2e tests * Set GCE_ALPHA_FEATURES environment variable in gce.conf * GCE: add a new label "version" for metrics * Adding script to set up FlexVolume on a COS instance using mounting utility image in GCR. * Changing Flexvolume plugin directory to a location reachable by containerized kubelet. * Enable apps/v1beta2 Deployment, ReplicaSet, DaemonSet in federation * add the caller ip into rsync hosts allow list * Use Fatalf instead of Errorf when mounter/unmounter if nil in volume tests * Renamed CPUSet.AsSlice() => CPUSet.ToSlice() * Add CPUSetBuilder, make CPUSet immutable. * implement proposal 34058: hostPath volume type * update e2e tests and yaml files * set default HostPathType to empty * run nsenter in host namespace for containerized kubelet * Fix swallowed error in attachdetach tests * Italian translation * auto-gen * Move package `app/cmd/features` to `app/features` + bazel files * Add CLI flag for `cfg.FeatureFlags` * Add some debug statements to logdump script * Add initiatorname in iscsi describe printer. * Fix backward compatibility for renamed OpenAPI definitions * Update OpenAPI spec * kubeadm selfhosting CLI improvements * Include $USER in network name to not clash for different users' clusters * iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins * Print multiple node roles, remove kubeadm-specific annotation from kubectl * Removing push_api_data on kube-api.connected seems to be dead code * provide a default field selector for name and namespace * remove unnecessary field conversions * Revert default service-cidr config on kubernetes-master charm * kubeapiserver: rename `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`. * roundtrip: fix error messages * Update cos-m61 image in benchmark tests * Update cos image to cos-stable-60-9592-84-0 * Bumped gRPC version to 1.3.0 * Avoid explicit mention of plugin name in error strings. * Add volume operation metrics to operation executor and PV controller * output junit dir for easier debug * Add liggitt as an API approver. Note that bgrant0607 is an approver, but shouldn't be auto-assigned. * Update CHANGELOG.md for v1.6.9. * basic logging for healthz installer * Add an OrDie version for AddPostStartHook * Bump repo-infra dependency to fix go_genrule without sandboxing * openapi: Change reference to be first-class * add sig leads to owners-aliases * StatefulSet: Deflake e2e "restart" phase. * Add signal handler for catching Ctrl-C on hack/e2e * Update CHANGELOG.md for v1.8.0-alpha.3. * Allow remote runtimes to pass apparmor host validation * Fix swallowed error in registrytest * clean up LocalPort in proxier.go * Add AddAliasToInstance() to gce cloud provider * remove deprecated rbac rule * Removes redundant prefix in cluster-lifecycle e2e test names * fix status in deployment_rollback response * fix fuzzer for hostpath type that the path can be an empty string * update related files * [Federation]hpa controller controls distribution of target objects * [Federation]build files for hpa controller controlling target objects * fix invalid url link * refactor(flexvolume): simplify capabilities handling * fix e2e network wrong output message * update kubeadm to use hostpath type * Distribute pods efficiently in CA scalability tests * Change the FakeCloudAddressService to store Alpha objects internally * azure file volume: add secret namespace api * generated files * RBD Plugin: Log RBD Attach/Mount/Unmout actions at logging level 3 * [Federation] Update hpa e2e utils to enable reuse in fed hpa tests * AllowedNotReadyNodes allowed to be not ready for absolutely *any* reason * Let the initializer admission plugin set the metadata.intializers to nil if an update makes the pendings and the result both nil * StatefulSet: Deflake e2e `kubectl exec` commands. * Update example to CockroachDB v1.0.5 * refactor CephFS PV spec to use SecretReference * generated files * Add IPBlock to NetworkPolicy * Add networking fuzzer * IPBlock generated code * cleaning dettach logic since it's not needed * add unit test * generated * Always create vendor/BUILD in hack/update-bazel.sh * Regenerate the vendor/BUILD file * Adding fsGroup check before mounting a volume * let resourcequota evaluator handle uninitialid pod and pvc * Call the right cleanup function * Issue fix in hpa e2e util * bazel: use fast docker_pull * statefulSet kubectl rollout command * Allow bearer requests to be proxied by kubectl proxy * Revert "Skip "Simple pod should support exec through kubectl proxy" test" * Add InstanceExists* methods to cloud provider interface for CCM * cloudprovider.Zones should support external cloud providers * set --audit-log-format default to json * Fix validation return value * Block instance identity, block recursive=true * Add kube-proxy daemonset as a cluster addon. * Local storage does not manage overlay any more * fix validation return error * Cloud Controller Manager now sets Node.Spec.ProviderID * Remove deprecated init-container in annotations * handle failed mounts for fc volumes * Made the tests ensure that Cluster Autoscaler is on before running. * Paramaterize stickyMaxAgeMinutes for service in API * auto gen code * admission api: cut off api from k8s.io/apiserver * kubeadm: Resolve tech debt; move commonly used funcs to a general package instead of duplicating * kubeadm: Add 'kubeadm upgrade plan' and 'kubeadm upgrade apply' CLI commands * Add unit tests for kubeadm upgrade|plan * Added test case for Predicates. * Add kubectl set env command * Generated documentation for kubectl set env * Add bash test for kubectl set env command * Fix benchmarks to really test reverse order of the keys. * autogenerated bazel * Implement GetZoneByProviderID and GetZoneByNodeName for openstack * modify an little gammer error. * Revert "Revert "Merge pull request #47353 from apelisse/http-cache"" * c-go: Update diskv to get atomic fs cache write * Consume new config value for network project id * GCE: Add a fake forwarding rule service * add an starting info log of namespace controller. * kubeadm: Fully implement 'kubeadm init --dry-run' * Set flexvolumeplugin.host so that it's not nil * client-go: Update RoundTrippers to be Unwrappable * Fixed gke auth update wait condition. * Adding dynamic Flexvolume plugin discovery capability, using filesystem watch. * Make coreos test images sshd not allow password login. * Revert "Ensure empty serialized slices are zero-length, not null" * Generated files * Update fixture data * Don't update pvc.status.capacity if pvc is already Bound * Unshadow error in registrytest * Change StatsProvider interface to provide container stats from either cadvisor or CRI and implement this interface using cadvisor * fix ReadOnlyPort, HealthzPort, CAdvisorPort defaulting/documentation * address test & doc comments * Add host mountpath for controller-manager for flexvolume dir * refactor method name as per comments * handle iscsi failed mounts * Default ABAC to off in GCE/GKE (for new clusters). * Audit policy v1beta1 now supports matching subresources and resource names. * Add extra group constants and validation to `pkg/bootstrap/api`. * Add debugging to the codegen process * Change eviction policy to manage one single local storage resource * Change validation for local ephemeral storage * Implement `auth-extra-groups` in bootstrap token authenticator. * kubeadm: add `--groups` flag for `kubeadm token create`. * kubeadm: add extra group info to `token list`. * Fix NoNewPrivs and also allow remote runtime to provide the support. * generated: update API resources * change godoc based on feedback from luxas * kubeadm: Move the uploadconfig phase right in the beginning of cluster init * Implement stop function in streaming server. * add deprecation warnings for auto detecting cloud providers * Create kube::util::create-fake-git-tree function * Add option to copy output when running the build shell * Modify rsync filter to retain output across runs * Revert "GCE: Consume new config value for network project id" * Moved node condition filter into a predicates. * Allow PSP's to specify a whitelist of allowed paths for host volume * generated files * Fix forbidden message format * Fix swallowed errs in volume util package * Refres equal cache if node condition changed. * Fix swallowed error in storageos * Fix swallowed error in scaleio package tests * Fix swallowed errors in portworx tests * Fix swallowed errors in tests of photon_pd package * Fix swallowed error in iscsi package * Add local storage to downwards API * Fix swallowed error in tests of host_path package * Fix swallowed errors in tests of gce_pd * Fix swallowed error in tests for flocker package * Fix swallowed error in fc * auto generated code * hack/local-up-cluster.sh defaults to allow swap * kubectl get show uninitialized resources * update related files due to api change * kubectl add global flag --include-uninitialized * Add local storage support in Quota * Add feature gate for local storage quota * Remove private and unused codes * Add cluster e2es to verify scheduler local storage support * Fixes cross platform build failure * Add test cases to test local ephemeral storage for limitrange * adding validations on kubelet starting configurations * Use constants instead of magic string for runtime names * run hack/update-bazel.sh * Fix swallowed errors in aws_ebs tests * kubeadm: Use the --enable-bootstrap-token-auth flag when possible * Test loading Kubelet config from a file * Revert "Re-enable OIR e2e tests." * WaitForAttach refactoring for iSCSI attacher/detacher * Support iscsi volume attach and detach * Remove previous local storage resource name 'scratch" and "overlay" * refactor codes in volume iscsi to improve readability * fix typo in pkg tunneler * kubeadm: Rename FeatureFlags to FeatureGates * Make it possible to fake the ServerVersion in the FakeDiscovery implementation * autogenerated code * kubeadm: Cut unnecessary kubectl dependency * Fix list-features script * fix the bad position of code comment * Replicate the persistent volume label admission plugin in a controller in the cloud-controller-manager * Add support to recompute partial predicate metadata upon adding/removing pods * bazel update * [kube-proxy] Use glog instaed of fmt.Printf * Autodetect kubemark Cloud Provider * AWS: check validity of KSM key before creating a new encrypted disk. * Make threshold for glbc mem-usage scale with nodes in density test * add long description for --list aware user * Feature gate initializers field * Made blacklist stricter to deal with alternate versions of true * Unify cloudprovided and normal KMS plugins * Add liggitt to client-go approvers * Consume new config value for network project id * Add MountOptions field to PV spec * Generated PV.Spec.MountOptions code * Moving filesystem mock to pkg/util, and added some functionality * Fix `gcloud compute instance-groups managed list` call * Make Prometheus cAdvisor metrics labels consistent * Set up KUBE_PROXY_DAEMONSET env for GCE and common.sh. * Add kube-proxy daemonset track to GCE startup scripts (GCI, Debian and CoreOS). * Add --request-timeout to allow the global request timeout of 60 seconds to be configured. * Use the pre-built docker binaries on Ubuntu for benchmark tests * Add --append-hash flag to kubectl create configmap/secret * remove failure policy from intializer configuration * generated * add retainKeys in patchStrategy * Adding e2e SELinux test for local storage * unify the validation rules on initializer name * Refactoring for filesystem mock move * update initializer names to valid ones in tests * add apply test for retainKeys * update generated files * Admit NoNewPrivs for remote and rkt runtimes * GCE: Add annotations and helper functions for network tiers * update bazel * e2e: Add tests for network tiers in GCE * return reasonable error when connection closed * Add Google Cloud KMS plugin for encryption * fixing package comment of v1 * Enable batch/v1beta1.CronJobs by default * Fix handling of APIserver errors when saving provisioned PVs. * simplify Run in controllermanager * add some period in cloud controller manager's options * modifying the comment of BeforeDelete function to improve readibility * implementation of GetZoneByProviderID and GetZoneByNodeName for AWS * Added an end-to-end test ensuring that Cluster Autoscaler does not scale up when all pending pods are unschedulable. * Renamed ClusterSize and WaitForClusterSize to NumberOfReadyNodes and WaitForReadyNodes, respectively. * Add CPU manager interfaces. * fix typo about volumes * fix extra blanks in cloud controller manager's options * check job ActiveDeadlineSeconds * Add feature gate and validate test for local storage limitrange * Fix setNodeAddress when a node IP and a cloud provider are set * update scheduler to return structured errors instead of process exit * Ignored node condition predicates if TaintsByCondition enabled. * Add storageClass.mountOptions and use it in all applicable plugins * Generated storageClass.mountOptions code * allow disabling the scheduler port * Add types for validation of CustomResources * Add generated code * Validate CustomResource * Add integration tests * Update godeps * Add feature gate for CustomResourceValidation * Retry master instance creation in case of retriable error (with sleep) * Move rotating kubelet client certificate to beta. * Set up ENABLE_POD_PRIORITY env for GCE and common.sh * Configure pod priority for kube-proxy when enabled * Add upgrades tests for kube-proxy daemonset migration path * controllers: simplify deepcopy calls * scheduler: simplify deepcopy calls * admission plugins: simplify deepcopy calls * pkg/api: simplify deepcopy calls * e2e/integration: simplify deepcopy calls * Add unit test for UploadConfig in Kubeadm * kubeadm: preflight check for enabled swap * Fix prefixing bug in import verifier * Correct default cluster-ip-range subnet * Adding Flexvolume plugin dir piping for master on COS * Improve description for --masquerade-all flag * Improve --cluster-cidr description * rbd: default image format to v2 instead of deprecated v1 * test/e2e/auth: fix audit log test format parsing * Add v1 API as a default conversion peer * Enable switching to alpha GCE disk API * Skip system container cgroup stats if undefined * libnetwork ipvs godeps * wrapper ipvs API as util * implement ipvs mode of kube-proxy * [Scheduler] regroup packages * Fix splitProviderID for Azure * Fix InstanceTypeByProviderID for Azure * Switch away from gcloud deprecated flags in compute resource listings * Fix pod local ephemeral storage usage * Add pod local ephemeral storage usage e2e test cases * Add PVCRef to VolumeStats * fix taint controller panic * kubectl: Clean up documentation for rollout_status.go * refactor function * kubectl: Remove ending punctuation from error strings * Fix typo in docs. * Only list hollow-node pods while trying to count them * Fix godoc comments. * Fix iSCSI WaitForAttach not mounting a volume * [Scheduler] Fix typo in info message * Share /var/lib/kubernetes on startup * Allow -n namespaces/ * Added in-memory CPU manager state. * Added none policy for CPU manager. * Added CPU manager unit tests (none policy) * CPU manager config and feature gate. * CPU Manager initialization and lifecycle calls. * Fix printISCSIVolumeSource to show kubectl describe properly * Add preemption victim selector logic to scheduler * Add specific types for PredicateMetadata and PredicateMetadataProducer * autogenerated files * Add the logic to pick one node for preemption * do not update init containers status if terminated * Fix regex's and redirect port * Reserve internal address for ILBs * Change SizeLimit to a pointer * Remove deprecated and experimental fields from KubeletConfiguration * Generated files * add reconcile command to kubectl auth * ignore selector changes for deployment, replicaset and daemonset prior update * Adds the rand.SafeEncodeString function and uses this function to generate names for ReplicaSets and ControllerRevisions. * Separate feature gates for dynamic kubelet config vs loading from a file * c-go cache: Only cache discovery requests * c-go cache: Use diskv TempDir to get atomic write * client-go cache: Make caching layer Unwrappable * Adding vishh to test approvers * Update the label manifest with new do-not-merge labels * Split APIVersion into APIGroup and APIVersion in audit events * run hack/update-codecgen.sh and hack/update-bazel.sh * fixing a typo in staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go * make these tests table-driven * update Deprecated code and fix bug not return when list pod failed * Added cpu-manager-reconcile-period config. * rsync iptables * add tests for apps/v1beta2 conversion * enforce include-uninitialized in several kubectl commands * add tests * Create a secondary range for the services instead of a subnetwork * Allow audit to log authorization failures * add information for subresource kind determination: * generated * Update CHANGELOG.md for v1.7.5. * update GC controller to wait until controllers have been initialized once * make api request verb can be overrided and make "GET" pod log request reported as "CONNECT" pod log request for metrics * Fix local storage code to follow go style * Make feature gate threadsafe * apiextensions: add maximum for validation * Add tests for stripping "namespaces/" from passed-in namespace * Update Bazel configuration for flag.go and overrides_test.go * Revert "Enable batch/v1beta1.CronJobs by default" * Adds check for external CA * Ensures that the DaemonSet controller does not launch a Pod on a Node while waiting for a Pod that it has previously created to terminate. * Add bowei to the OWNER for cluster/gce * Fix changelog to add discovery/controller-manager fixes. Improve release notes for entries that say "automated cherrypick". * Support remote runtimes with native cAdvisor support * Edit owner files for kube-proxy * Generate deb and rpms package with correct versions. * Make cluster/common.sh work even if ${HOME} is unset. * Add some initial shell parsing tests. * Add KUBE_APISERVER_REQUEST_TIMEOUT_SEC env var. * Simplify describe events table * Added basic Flexvolume dynamic plugin discovery e2e test; added Flexvolume prober unit tests. * Test image utils for multi arch test images * Update the yaml file with multiarch images * Fix bazel * Port e2e tests for multi architecture * Set NODE_NETWORK and NODE_SUBNETWORK in kube-up * fix bug on kubectl deleting uninitialized resources * add tests * Fix providerID update validation * audit real impersonated user info * Delete the federation namespace from fcp instead of individual objects * Fix scheduling e2e test case for local ephemeral storage * Add explain for register TaintTolerationPriority function. * Use json-iterator for JSON, kill off codecgen * Add json-iterator dep, remove ugorji dep * Remove generated JSON code * test fix * fix kube-proxy panic * remove explictly set timeout value * Remove DynamicVolumeProvisioning from feature gate * Switch audit output to v1beta1 * Do not mutate original object even temporarily to avoid data races * add selfsubjectrulesreview api * generated * create the methods in the generated expansion files * add missing sub-resources test actions * code-generator: allow to customize generated verbs and add custom verb * update bazel * generate UpdateScale and GetScale verbs for scalable resources * Make etcd prefix configurable in migration script * Fix pod and node names switched around in error message. * Add a new paging utility for client side ranging * Enable paging for all list watchers * Server side implementation of paging for etcd3 * Integration test for API paging * API for server paging * generated: api changes * expose discovery information on scalable resources * Slow-start batch pod creation of rs, rc, ds, jobs * Fixes grace period in delete * Change default validation to openapi * openapi: Remove unused test structure and code. * GCE: Add "Network Tiers" as an Alpha feature for L4 load balancers * Revert "CPU manager wiring and `none` policy" * e2e: test using reserved IP with network tiers * Expose PVC metrics via kubelet prometheus * Depend on //cluster/lib instead of :all-srcs. * make url parsing in apiserver configurable * Fixed integer overflow when matching PVPVC claims. Added tests to guard this behavior. * Create an EventRateLimit admission control plug-in for the API Server. The EventRateLimit plug-in limits the number of events that the API Server will accept in a given time period. It allows for server-wide, per-namespace, per-user,and per-source+object rate limiting. * Clear values for disabled alpha fields * Added Device Plugin Manager * Drop alpha/beta init containers annotations on conversion * Device Plugin Kubelet integration * Testing * Alpha feature integration * Kubelet side extension to support device allocation * update API v1 Job object * Generate files from v1.JobSpec modification * Move custom metrics APIs to v1beta1 * Move HPA to use custom-metrics/v1beta1 * Rename custom metrics API to custom.metrics.k8s.io * Build controller roles/bindings on demand * Update d.status.unavailableReplicas api comment * Add feature gate for mount propagation * Add API for mount propagation. * Regenerate API * Add mount propagation to CRI protocol * Implement mount propagation in docker shim * Implement mount propagation in kubelet * Add RBAC, healthchecks, autoscaler and update Calico to v2.5.0, Typha to 0.4.0 * Map a resource to multiple signals in eviction manager * (ALPHA GCP FEATURE) Add IPAM controller * Update d.spec.progressDeadlineSeconds comment * Update godep-licenses script to work on darwin This change ensures that the BSD (darwin) and GNU (linux) versions of the md5sum util have the same output. * Update godep licences * Implement GetZoneByProviderID & GetZoneByNodeName * Deprecates extension/v1beta DaemonSet Deployment and ReplicaSet Deprecates apps/v1beta1 Deployment StatefulSet and ControllerRevision * Add `secondary-range-name` to the gce.conf * auto generated * Revert to using isolated PID namespaces in Docker * Explicitly enable docker shared-pid for e2e_node * Make logdump for kubemark logs independent of KUBERNETES_PROVIDER * Changed volume IO e2e test to verify file hash instead of content. * Make logdump work for GKE with 'use_custom_instance_list' defined * Update to debian-iptables-amd64:v8 in bazel WORKSPACE * Kubernetes version v1.8.0-beta.0 file updates * Generating docs for v1.8.0-beta.0 on release-1.8. * Changes in OpenStack cloud provider for latest gophercloud * Bug Fix - Adding an allowed address pair wipes port security groups * Update sys spec to support docker 1.11-1.13 and overlay2. * Update the label manifest with new milestone labels * update generated protobuf for audit v1beta1 api * Regenerate openapi for 1.9 * Revert "Remove deprecated and experimental fields from KubeletConfiguration" * Fixes a cross-build failure introduced in PR 51209. FYI, issue 51863. * Provide whole delegate chain to kube aggregator * Consolidate local OpenAPI specs and APIServices' spec into one data structure * Update Godep for kube-openapi * Enable batch/v1beta1.CronJobs by default * Correct CronJob group version at remaining places * update bazel * Fully implement the kubeadm upgrade functionality * Add unit tests for kubeadm upgrade * autogenerated bazel * Job failure policy support in JobController * client-go: fix 'go build ./...' * kubeadm: Add omitempty tags to nullable values and use metav1.Duration * autogenerated code * kubeadm: Detect kubelet readiness and error out if the kubelet is unhealthy * Build test targets for all server platforms * Fix arm (32-bit) e2e.test compile failure * Introduced Metrics Server * Made metrics-server critical service managed by addon-manager * Implement necessary API changes * Implement controller for resizing volumes * Add rbac policy change for expand controller * Update generated files - api, bazel, json * Clear alpha MountPropagation fields. * implementation of GetZoneByProviderID and GetZoneByNodeName for azure * Provide a way to omit Event stages in audit policy * generated: update API resources * Correct logdump logic for kubemark master * Un-revert "CPU manager wiring and `none` policy" * Fixed nil InternalContainerLifecycle in cm stubs. * Fix Start signature in container_manager_windows. * Add topology helper and tests to cpumanager. * Added cpu assignment helpers. * Added static cpumanager policy. * Add tests for the static cpumanager policy. * Add liggitt to registry approvers * Gracefully handle permission errors when attempting to create firewall rules * audit: fix fuzzer * Use different project id for network ops & always set subnet * make clean will remove all gitignored files * Fix Stackdriver Logging tests for large clusters * Tolerate group discovery errors in e2e ns cleanup * remove OutOfDisk from controllers * wait for container cleanup before deletion * update vendor kube-openapi * remove dup pkg and update reference * GCE Cloud provider changes to enable RePD * Enable dynamic provisioning of GCE Regional PD * Modify VolumeZonePredicate to handle multi-zone PV * Remove redundant redunancy in gce_alpha.go * Make *fakeMountInterface in container_manager_unsupported_test.go implement mount.Interface again. * fix docstring of advanced audit policy * set AdvancedAuditing feature gate to true by default * Fix kubemark master-size and num-nodes config * Make heapster VM creation work with IP aliases * HugePage changes in API and server * Kubelet changes to support hugepages * Scheduler support for hugepages * Node validation restricts pre-allocated hugepages to single page size * Support for hugetlbfs in empty dir volume plugin * Adding getHugePagesMountOptions function and tests * check block owner ref on finalizers subresource * Add EgressRule to NetworkPolicy * Add PolicyTypes to NetworkPolicy Spec * EgressRule generated code * Extends device_plugin_handler to checkpoint device to container allocation information. * Limit APIService healthz check to startup * Make local APIService objects available on create * Prevent flutter of CRD APIServices on start * Sync local APIService objects once * add permissions to workload controllers to block owners * Set up DNS server in containerized mounter path * update cadvisor, docker, and runc godeps * Enabling aggregator functionality on kubemark, gce * Graduate metrics/v1alpha1 to v1beta1 * Update HPA REST metrics client to metrics/v1beta1 * Rename metrics to metrics.k8s.io * GCE: pass GCE_ALPHA_FEATURES if it is set * Category expansion fully based on discovery * use validatePod to validate update of uninitialized pod * Disable rbac/v1alpha1 settings/v1alpha1 scheduling/v1alpha1 * Implement KubeProxyUpgradeTest and KubeProxyDowngradeTest * Decouple kube-proxy migration tests from upgradeTests * Move Autoscaling v2{alpha1 --> beta1} * Move consumers of autoscaling/v2alpha1 to v2beta1 * Make hugepages comparison work on 32-bit platforms * Add cluster up configuration for certificate signing duration. * COS/GCE: Ensure TasksMax is sufficient for docker * Fix unbound variable in configure-helper.sh * Fix dynamic discovery error in e2e * add a test for validating update of uninitialized pod * enable the quota e2e test * bazel * Fixed CCM service controller start jitter * fix issue(#47976)Invalid value error when creating service from exported config * PodSecurityPolicy.allowedCapabilities: add support for using * to allow to request any capabilities. * Update autogenerated files. * Bump cluster autoscaler to 0.7.0-alpha2 * Fix panic in expand controller when checking PVs * enhance unit tests of advance audit feature * Implement StatsProvider using CRI stats * Charge quota for uninitialized objects at different time * bazel * Fix pod update test descriptions to match the test cases * kubeadm: Upgrade Bootstrap Tokens to beta when upgrading to v1.8 * Fall back to network if subnet is unknown * Revert "remove dup pkg and update reference" * soft eviction timer works * Added large topology tests for static policy in CPU Manager. - Added comments for tests cases. * e2e: network tiers should retry on 404 errors * update-all.sh. * StatefulSet: Deflake e2e RunHostCmd. * Move paused deployment e2e tests to integration * Fix duplicate proto error in kubectl 1.8.0-alpha. * kubeadm: add addons command * Disable default paging in list watches * Add sttts to code-generator OWNERS * client-gen: avoid panic for empty groups * kubeadm: Set the new BT auth group on the init token * Fix cross-build * Improve how JobController use queue for backoff * Provide field info in storage configuration * code-generator/protobuf: cut-off kubernetes specifics * Multiarch support for pets images * Fix proxied request-uri to be valid HTTP requests * German Translation * Fix AppArmor test at scale * Bubble reservation error to the user when the address is specified. * Move error check in TestFindDeviceForPath() * Address comments * Verify that AppArmor pod is colocated with the loader * Rerun hack/update-bazel.sh * Pipe in upgrade image target to kube-proxy migration tests * ScaleIO - Specify SDC GUID value via node label * Use COS for nodes in cluster by default, and bump COS. * Convert deprecated gcloud --regexp flag into --filter * fsync config checkpoint files after writing * Add pod eviction logic for scheduler preemption Add Preempt to scheduler interface Add preemption to the scheduling workflow Minor changes to the scheduler integration test library * autogenerated files * Fix RBAC rules to allow scheduler update annotations of pods. * Improve dynamic kubelet config e2e node test and fix bugs * dockershim: check if f.Sync() returns an error and surface it * Kubernetes version v1.8.0-beta.1 file updates * fix format of forbidden messages * Update CHANGELOG.md for v1.8.0-beta.1. * Extend test/e2e/scheduling/nvidia-gpus.go to include a device plugin based nvidia gpu e2e test. * Log a warning when --audit-policy-file not passed to apiserver * Replace 'misc' with more specific at-mentions bugs and feature-requests. Replace ReplicaSets with Deployments as example, because ReplicaSets are dated. Generalize join example. * fix prober ticking shift for kubelet restarted cases * Fix pointer receivers handling in unstructured converter * A policy with 0 rules should return an error * apiserver: separate apiserver specific configs into ExtraConfig * apiserver: make config completion structural recursion * apiserver: allow disabling authz/n via options * apiserver: stratify versioned informer construction * Update set image description to remove job from resources that can update container image * Revert commit 9dc3a661d71c18e33ac93a6125bb187fa83b8853 * apiserver: split core API creation from secure serving * apiserver: avoid panics on nil sub-option structs * Bump cluster autoscaler to 0.7.0-alpha3 * Fill in creationtimestamp in audit events * Add bskiba to cluster-autoscaler config owners * kube-aggregator: use shared informers from RecommendedConfig * Update bazel * bump(github.com/google/cadvisor): cda62a43857256fbc95dd31e7c810888f00f8ec7 * Fix deployment timeout reporting * Allow watch cache to be disabled per type * Restore OWNERS file for k8s.io/metrics * Remove links to GCE/AWS cloud providers from PersistentVolumeController * kubeadm: Perform TLS Bootstrapping in kubeadm join for v1.7 kubelets but not v1.8 ones * kubeadm: Enable certificate rotation * Version gates the ephemeral storage e2e test * Use credentials from providers for docker sandbox image * Add warning for kube-proxy DaemonSet option * Fix discovery restmapper finding resources in non-preferred versions * Move 1.2.* release notes into separate file CHANGELOG-1.2.md * Update TOC of CHANGELOG * Note equivalence class for dev and other fix * Portworx driver changes dependent on updated vendor'ed code. * add some test case * suspect nil pointer for HostPathType * Port Guestbook tests to mutiarch * fix kubectl set env --list description * RBD Plugin: Omit volume.MetricsProvider field and add some testcases. * [fluentd-gcp addon] Update event-exporter to address metrics problem * fix condition-taint labels * Added node e2e tests for the CPU Manager feature. * Extract config common across CIDR allocators * Summary tests should report rss usage now * Ignore pods for quota that exceed deletion grace period * Glusterfs expands in units of GB not GiB * Use cAdvisor constant for crio imagefs * Add bsalamat to sig-scheduling-maintainers * '*' is valid for allowed seccomp profiles * Add OWNERS for build/debs * kubeadm: Mark self-hosting alpha in v1.8 * Fix glusterfs creating volumes in GiB * bazel: update sha256sum on rules_go and io_bazel dependencies * Revert "Add cluster up configuration for certificate signing duration." * Small fix in salt manifest for kube-apiserver for request-timeout flag * enable azure disk mount on windows node * fix azure disk mounter issue * Normalize WATCHLIST to WATCH in metrics * Report scope on all apiserver metrics * Report "resource" scope where possible * Report scope in e2e test metrics * [fluentd-gcp addon] Restore the metric for the number of read log entries * Fix pagesize mount option name * Prevent enabling alpha APIs by default * Switch default audit policy to beta and omit RequestReceived stage * Log at higher verbosity levels some common SyncPod errors * StatefulSet: Deflake e2e RunHostCmd more. * fix kubeadm token create error * fix Kubeadm phase addon * Make log-dump use 'gcloud ssh' for GKE also * Remove the conversion of client config, because client-go is authoratative now * Extends GPUDevicePlugin e2e test to exercise device plugin restarts. * Make CPU manager release allocated CPUs when container enters completed phase. * [fluentd-gcp addon] Trim too long log entries due to Stackdriver limitation * log gcloud command error * Add new api groups to the GCE advanced audit policy * Fix bug with gke in logdump * Bump Cluster Autoscaler to 0.7.0-beta1 * Make advanced audit policy on GCP configurable * Don't crash density test on missing a single measurement * Workaround go-junit-report bug for TestApps * use specified discovery information if possible * Add e2e test for storageclass.reclaimpolicy * Make CPU constraint for l7-lb-controller in density test scale with #nodes * Allow metadata firewall & proxy on in GCE, off by default * Move cloudprovider initialization to after token controller and use clientBuilder * Add more tests on pod preemption * Bumped Heapster to v1.5.0-beta.0 * Update CHANGELOG.md for v1.6.10. * kubelet: enable CRI container metrics * Implement support for updating resources * Update the test under audit policy * Fix e2e Flaky Apps/Job BackoffLimit test * Get nodes from GKE node pool by checking labels * Update CHANGELOG.md for v1.7.6. * Changes the node cloud controller to use its name for events * [fluentd-gcp addon] Remove trimming e2e tests out of blocking suites * Add env var to enable kubelet rotation in kube-up.sh. * Use separate client for node status loop * Fixes device plugin re-registration handling logic to make sure: - If a device plugin exits, its exported resource will be removed. - No capacity change if a new device plugin instance comes up to replace the old instance. * plumb the proxyTransport to the webhook admission plugin; set the ServerName in the config for webhook admission plugin. * fix the webhook unit test; the server cert needs to have a valid CN; fix a fuzzer; * Add Windows Kernel Proxy support * Fix Bazel build * Vendor changes * Move 1.3.* release notes out of CHANGELOG.md * Add cluster name option for cloud controller manager * Support kubernetes-anywhere provider * Enable overriding Heapster resource requirements in GCP * Revert "Update addon-resizer version" * Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1 * Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1 - generated changes * [fluentd-gcp addon] By default ingest audit logs in JSON format * Increase sliding window to 5hr for request_latencies metric * Add extra steps to delete resource handler trace * Bumped Metrics Server to v0.2.0 * Added OWNERS for metrics-server * Enable autoscaling/v2beta1 by default * Recreate pod sandbox when the sandbox does not have an IP address. * Attempt at fixing UTs * Add configuration support for signing duration. * etcd3 store: retry w/live object on conflict * Do not install metrics/v1at lpah1 by default * [fluentd-gcp] Update Stackdriver plugin to version 0.6.7 * Add bootstrap policy for HPA metrics REST clients * fix addon error * Add statefulset upgrade tests to be run as part of all upgrade testsuites * update tag * Fix nil dereference if storage id is nil * Handle nil WritableLayer * Fix CRI container/imagefs stats. * Fix panic in ControllerManager when GCE external loadbalancer healthcheck is nil * use allocatable instead of capacity for node memory * Add exception to golint check * Resize plugin should only check for increase in size * Fixes some races in deviceplugin manager_test.go and manager.go. * Fix volume remount on reboot * bazel: set --incompatible_comprehension_variables_do_not_leak=false * Fix FC WaitForAttach not mounting a volume * use allocatable instead of capacity * Remove kargakis from OWNERS, add tnozicka * Add support for Instances * godep: add dhcp4 and dhcp4client dependencies * Move 1.4.* release notes out of CHANGELOG.md * Move 1.5.* release notes out of CHANGELOG.md * Move 1.6.* release notes out of CHANGELOG.md * Fix mistype that causes breakage of e2e test. * Add concurrency to cloud CIDR allocator & make it non-blocking on NodeSpec updates * Say the valid IP range in IP errors * Retry if possible while creating latency pods in density test * Fix: update system spec to support Docker 17.03 * Make statefulset tests part of separate testsuite * FC plugin: Return target wwn + lun at GetVolumeName() * Add mount options e2e test * Made image as deliberately optional in v1 Container struct. * Generated code. * Fixed test issue for image validation. * k8s.io/code-generator: hide gen test output from go tools * Update generated files * [fluentd-gcp addon] Remove audit logs from the fluentd configuration * adjust parameter in cluster autoscaling test * conversion-gen: make staging dirs independent of living in vendor/ * Fix conversion of CRD schema to go-openapi types * add pdbs for more kube-system pods in scale down test * update-staging-godeps: only mangle staging repos in Godeps.json * restore e2fsprogs in hyperkube image * Update staging godeps * bump tags * Add e2e test for volume metrics * Fixed nil dereference in dynamic provisioning e2e tests * Mark the LBaaS v1 of OpenStack cloud provider deprecated * Add e2e test to verify PVC metrics * Don't specify clusterIP in dns e2e test * Increase api latency threshold for cluster-scoped list calls * improve PDBs cleanup * improve retrying logic when checking CA status * deprecate warning for persistent volume admission controller * Debug for issues #50945 * Address review comments * Address review comment * Remove GC rate limiter metrics * Checking GlusterFS error output https://github.com/kubernetes/kubernetes/issues/50463 * improve setting pdbs for kube-system pods * Fake out the kubernetes version in phase testing in order to avoid resolving things manually (which can lead to flakes) * Use the release-1.8 branch by default * Fix volume metric flake * Bump cluster autoscaler to 0.7.0-beta2 * Kubernetes version v1.8.0-rc.1 file updates * Preserve leading and trailing slashes on proxy subpaths * AllowPrivilegeEscalation: add validations for caps and privileged * Mark Cluster Autoscaler as GA (1.0.0) in 1.8 branch * Fixed intermittant e2e aggregator test on GKE. * fix missing apps/replicaset in kubectl * Support apps.ReplicaSet in kubectl describe * Update kube-dns to version 1.14.5 * Update kubeadm to 1.14.5 * Fix host network flake tests * Normalize RepoTags before checking for match * Kubernetes version v1.8.0 file updates * Kubernetes version v1.8.1-beta.0 file updates * Kubernetes version v1.8.1-beta.0 openapi-spec file updates * Service LoadBalancer defaults to external * Change ImageGCManage to consume ImageFS stats from StatsProvider * Calculate patches for commands using input version * Fix sed command to not try shell redirection * Fix basic audit in GCE deploy scripts * Fixes a flakiness in GPUDevicePlugin e2e test. Waits till nvidia gpu disappears from all nodes after deleting the device plug DaemonSet to make sure its pods are deleted from all nodes. * Correct APIGroup for RoleBindingBuilder Subjects * Enable node certificate autorotation * Don't try to migrate to new roles and rolebinding within 1.7 upgrades * Fix imagefs stats. * Upgrade version of heaspter to v1.4.3. * Remove conformance tag for internet connectivity * Added device plugin e2e kubelet failure test * Modified test/e2e_node/gpu-device-plugin.go to make sure it passes. * Fixes test/e2e_node/gpu_device_plugin.go test failure. * remove containers of deleted pods once all containers have exited * Add permisions for Metrics Server to read resources on cluster level * Version should be quoted so jq doesn't interpret it as numeric * Change default --cert-dir for kubelet to a non-transient location * code-generator: rename _test to _examples * code-generator: turn hack/update-codegen.sh into re-usable generate-{internal,}-groups.sh scripts * sample-apiserver: port to k8s.io/code-generator/generate-internal-groups.sh * verify-pkg-names.sh: exclude generated informers * Update generated files * Ignore notFound when deleting firewall * Use pointer for PSP allow escalation * Handle missing subnet for auto networks and legacy networks * Add group by default to kubeadm token create * Fixes a regression introduced by PR 52290 that extended resource capacity may temporarily drop to zero after kubelet restarts and PODs restarted during that time window could fail to be scheduled. * bazel: set --incompatible_disallow_set_constructor=false to fix breakage * query --incompatible_comprehension_variables_do_not_leak=false * In DevicePluginHandlerImpl.Allocate(), skips untracked extended resources. Otherwise, we would fail a Pod allocation request that has an extended resource not managed by any device plugin. * Bump GLBC to 0.9.7 * fix generate-groups.sh * code-generator: fix flag check in generate-internal-groups.sh * Strip tokens from `kubeadm-config` config map * gce:restrict file permissions for PKI assets * Add client and server versions to the e2e.test output. * Fix to prevent downward api change break on older versions * Make CoreID's platform unique * Fix flake for volume detach metrics * fix #52462. Do not GC exited containers in running pods * Kubernetes version v1.8.1 file updates * Kubernetes version v1.8.2-beta.0 file updates * Kubernetes version v1.8.2-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.8.md for v1.8.1. * Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role * Update busybox image link to gcr.io for kube-proxy * feature gate local storage allocatable eviction * Ensure base image includes the modprobe binary * Updated hash and version of image debian-hyperkube-base-amd64 * Removed unneeded change on WORKSPACE file * User separate client for leader election in scheduler * Fix hpa scaling above max replicas w/ scaleUpLimit * Split downward API e2e test case for pod/host IP into two * Create new targets for running in existing containers (GCB). * Autoscaler metrics-server with pod-nanny * Fixed metrics API group name in audit configuration * client-gen: register standard flags * Restrict GPU tests to use release 1.8 version of device plugins * Bulk Verify Volumes Implementation for vSphere * Unable to detach the vSphere volume from Powered off node * start generating rbac serialization for v1 * PodSecurityPolicy: Do not mutate nil privileged field to false * PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil * PodSecurityPolicy: avoid unnecessary mutation of container capabilities * PodSecurityPolicy: avoid unnecessary mutation of supplemental groups * PodSecurityPolicy: pass effective capabilities to validation interface * PodSecurityPolicy: limit validation to provided groups * PodSecurityPolicy: pass effective selinux options to validate * PodSecurityPolicy: pass effective runAsNonRoot and runAsUser to user validation interface * GC: Add check for nil interface * SecurityContext: Add accessors/mutators for effective container security context * PodSecurityPolicy: avoid unnecessary securitycontext mutation * PodSecurityPolicy: Order by name, prefer non-mutating policies, require *api.Pod, allow GC updates * fix avset nil issue in azure loadbalancer * Adjust defaults of audit webhook backends * Add throttling to the batching audit webhook * Enable prometheus client metrics in apiserver * Do not remove kubelet labels during startup * Ensure network policy conversion round trips nil from field * Always retry network connection error in webhook * fix error message of custrom resource validation * apiextensions-apiserver: stop cacher on CRD update * apiextensions: create storage with accepted, not spec'ed names * apiextensions: keep CRD storage for updates outside of spec and accepted names * apiextensions: fix test loop for CRD validation * Removed the IPv6 prefix size limit for cluster-cidr * Update bootstrap policy with replicaset/daemonset permissions in the apps API group * Fix kube-proxy panic on cleanup * Cluster Autoscaler 1.0.1 * Fix etcd hostnames * Use GetByKey() in typeLister_NonNamespacedGet * Make OpenStack LBaaS v2 Provider configurable * Regenerate auto-generated code * Kubernetes version v1.8.2 file updates * Kubernetes version v1.8.3-beta.0 file updates * Kubernetes version v1.8.3-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.8.md for v1.8.2. * Fix retry logic in service controller * fix#50150: azure disk mount failure on coreos * Use cloud environment to instantiate client * Variable mismatch * Fix `kubeadm init --token-ttl=0`/config `tokenTTL: "0"`. * change default kind value of azure disk pv * allow windows mount path * fix azure pv crash due to readOnly nil * Move fluentd-gcp out of host network * Fix detach metric flake by not using exact equals * Move hardcoded constants to the beginning of configure.sh script * Specify correct subresource discovery info * Use GVK from storage in API registration * Test scale subresource discovery * add windows implementation of GetMountRefs * Bump version of prometheus-to-sd to 0.2.2. * Fixing usage of clustered datastore to be absolute datastore * add scheduling.k8s.io to apiVersionPriorities * Use CIDR-aware proxy resolver for SPDY RoundTripper * Fix `kubeadm upgrade plan` for offline operation * Add openssh-client to the debian-hyperkube-base image * update cadvisor godeps to v0.27.2 * fix #54499. Removed containers are not waiting * Add a label which prevents a node from being added to a cloud load balancer. * Append an alpha label to the exclude load balancer annotation. * wqFlag gate node exclusion for service load balancers. * Update service_controller.go to remove merge conflict markers * rename metric reflector_xx_last_resource_version to reflector_last_resource_version{name="xx"} * Add GCP addon PodSecurityPolicies & Bindings * GCP PodSecurityPolicy configuration * PodSecurityPolicy E2E tests * trigger endpoint update on pod deletion * Fix typo in CHANGELOG-1.8.md * Revert "Validate if service has duplicate targetPort" * Introduce GCE-specific addon directory * Aggregator test uses framework namespace. * Update fluentd-gcp DaemonSet * Cluster Autoscaler 1.0.2 * Remove dependency on drv_cfg binary for querying scalio devices * ScaleIO - API source code update * ScaleIO - Generated files * Revert cherry-pick #55064 * Adjust resources for Metrics Server * Reapply cherry-pick #55064 * Fix hyperkube kubelet --experimental-dockershim * Updating Calico to v2.6.1 * RBAC for Calico Typha Horizontal Autoscaler * Fix 'Schedulercache is corrupted' error * partial fix crd patch failing * kubeadm: don't create duplicate volume/mount * Kubernetes version v1.8.3 file updates * Kubernetes version v1.8.4-beta.0 file updates * Kubernetes version v1.8.4-beta.0 openapi-spec file updates * Add/Update CHANGELOG-1.8.md for v1.8.3. * GCE: provide an option to disable docker's live-restore * Dockershim: print docker info output at startup * kubectl apply does not send empty patch request * fix panic bug * Allow HPA to get custom metrics * Make swap check as an error * Set the NON_MASQUERADE_CIDR to 0/0 by default in GCE/GKE which disables masquerade rules setup by the kubelet. Add masquerade rules based on NON_MASQUERADE_CIDR being set to 0/0. * Capture git export-subst strings in version.sh for 'git archive' use. * Explicitly set route_localnet on nodes & masters. * avoid Registry in fake REST client * fix errors * Fix .git rsync filter * Check dup NodePort with protocols when update services * Add unit test for checking dup NodePort with protocols * Add e2e test for checking dup NodePort with protocols * Use "==" instead of DeepEqual for simple structs comparing. * Return error instead of crashing apiserver when updating services with duplicate nodeports * mount /lib/modules to kube-proxy * update wrong group for priorityclasses * Use whitelisted test image * Fix session affinity with local endpoints traffic * Source PodSecurityPolicies from addon subdir * Reorganize addon PodSecurityPolicies * Add optional addon PSPs * Remove SSL cert volumes from heapster addons * Add a cloud-init script to disable live-restore * Bump addon manager version used to 6.5 * fix conditional for warning while starting KCM without secret file * add ipvs default sync period * Set "--kubelet-preferred-address-types" if ssh tunnel is not used. In additional don't advertise external address. * Cluster Autoscaler 1.0.3 - Set KUBE_GIT_COMMIT and KUBE_GIT_TREE_STATE compilation option, (bsc#1065972) * Please check commit_id comment in kubernetes.spec - Update to version 1.7.7+8e1552342355496b62754e61ad5f802a0f3f1fa7: * Fix clusterip for ExternalName service test * Third party resources should not be part of conformance * Disable invalid test case from dns externalName e2e test * Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty * Update kube-dns to 1.14.5 * Kubernetes version v1.7.7 file updates - Add kubectl fix for duplicate proto error, (bsc#1057277) * kubectl-fix-duplicate-proto-error-bsc-1057277.patch - Update to version 1.7.7 (bsc#1061027): * Fix clusterip for ExternalName service test * Third party resources should not be part of conformance * Disable invalid test case from dns externalName e2e test * Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty * Update kube-dns to 1.14.5 * Kubernetes version v1.7.7 file updates - Update to 1.7.6 (fix bsc#1059207) [fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, @crassirostris) Cluster Autoscaler 0.6.2 (#52359, @mwielgus) Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, @jpbetz) Fix credentials providers for docker sandbox image. (#51870, @feiskyer) Fix security holes in GCE metadata proxy. (#51302, @ihmccreery) Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, @liggitt) Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, @liggitt) Fix a kube-controller-manager crash which can result when --concurrent-resource-quota-syncs is >1 and pods exist in the system containing certain alpha/beta annotation keys. (#52092, @ironcladlou) Make logdump support kubemark and support gke with 'use_custom_instance_list' (#51834, @shyamjvs) Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, @liggitt) In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, @yujuhong) Fix providerID update validation (#51761, @karataliu) Automated cherry pick of #50381 to release-1.7 (#51871, @feiskyer) The emptyDir.sizeLimit field is now correctly omitted from API requests and responses when unset. (#50163, @jingxu97) Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, @gunjan5) - Update to 1.7.5 Bumped Heapster version to 1.4.2 - more details https://github.com/kubernetes/heapster/releases/tag/v1.4.2. (#51620, @piosz) Fix for Pod stuck in ContainerCreating with error "Volume is not yet attached according to node". (#50806, @verult) Fixed controller manager crash by making it tolerant to discovery errors.(#49767, @deads2k) Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag --enable-garbage-collector=false (#51469, @ironcladlou) Allow attach of volumes to multiple nodes for vSphere (#51066, @BaluDontu) vSphere: Fix attach volume failing on the first try. (#51217, @BaluDontu) azure: support retrieving access tokens via managed identity extension (#48854, @colemickens) Fixed a bug in strategic merge patch that caused kubectl apply to error out under some conditions (#50862, @guoshimin) It is now posible to use flexVolumes to bind mount directories and files. (#50596, @adelton) StatefulSet: Fix "forbidden pod updates" error on Pods created prior to upgrading to 1.7. (#48327) (#51149, @kow3ns) Fixed regression in initial kubectl exec terminal dimensions (#51127, @chen-anders) Enforcement of fsGroup; enable ScaleIO multiple-instance volume mapping; default PVC capacity; alignment of PVC, PV, and volume names for dynamic provisioning (#48999, @vladimirvivien) - Update to 1.7.4 Azure: Allow VNet to be in a separate Resource Group. (#49725, @sylr) Fix an issue where if a CSR is not approved initially by the SAR approver is not retried. (#49788, @mikedanese) Cluster Autoscaler - fixes issues with taints and updates kube-proxy cpu request. (#50514, @mwielgus) Bumped Heapster version to 1.4.1: (#50642, @piosz) handle gracefully problem when kubelet reports duplicated stats for the same container (see #47853) on Heapster side fixed bugs and improved performance in Stackdriver Sink fluentd-gcp addon: Fix a bug in the event-exporter, when repeated events were not sent to Stackdriver. (#50511, @crassirostris) Collect metrics from Heapster in Stackdriver mode. (#50517, @piosz) fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group. (#49805, @nbutton23) Updates Cinder AttachDisk operation to be more reliable by delegating Detaches to volume manager. (#50042, @jingxu97) fixes kubefed's ability to create RBAC roles in version-skewed clusters (#50537, @liggitt) Fix data race during addition of new CRD (#50098, @nikhita) Fix bug in scheduler that caused initially unschedulable pods to stuck in Pending state forever. (#50028, @julia-stripe) Fix incorrect retry logic in scheduler (#50106, @julia-stripe) GCE: Bump GLBC version to 0.9.6 (#50096, @nicksardo) The NodeRestriction admission plugin now allows a node to evict pods bound to itself (#48707, @danielfm) Fixed a bug in the API server watch cache, which could cause a missing watch event immediately after cache initialization. (#49992, @liggitt) - Update to 1.7.3 fix pdb validation bug on PodDisruptionBudgetSpec (#48706, @dixudx) kubeadm: Fix join preflight check false negative (#49825, @erhudy) Revert deprecation of vCenter port in vSphere Cloud Provider. (#49689, @divyenpatel) Fluentd-gcp DaemonSet exposes different set of metrics. (#48812, @crassirostris) Fixed OpenAPI Description and Nickname of API objects with subresources (#49357, @mbohlool) Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server's IP address, consistent with non-websocket requests. (#49353, @liggitt) kubeadm: Fixes a small bug where --config and --skip-* flags couldn't be passed at the same time in validation. (#49498, @luxas) kubeadm: Don't set a specific spc_t SELinux label on the etcd Static Pod as that is more privs than etcd needs and due to that spc_t isn't compatible with some OSes. (#49328, @euank) Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server's IP address, consistent with non-websocket requests. (#49353, @liggitt) kubectl drain no longer spins trying to delete pods that do not exist (#49444, @eparis) Fixes #49418 where kube-controller-manager can panic on volume.CanSupport methods and enter a crash loop. (#49420, @gnufied) Fix Cinder to support http status 300 in pagination (#47602, @rootfs) Automated cherry pick of #49079 upstream release 1.7 (#49254, @feiskyer) Fixed GlusterFS volumes taking too long to time out (#48709, @jsafrane) The IP address and port for kube-proxy metrics server is now configurable via flag --metrics-bind-address (#48625, @mrhohn) Special notice for kube-proxy in 1.7+ (including 1.7.0): Healthz server (/healthz) will be served on 0.0.0.0:10256 by default. Metrics server (/metrics and /proxyMode) will be served on 127.0.0.1:10249 by default. Metrics server will continue serving /healthz. - Update to 1.7.2 Use port 20256 for node-problem-detector in standalone mode. (#49316, @ajitak) GCE Cloud Provider: New created LoadBalancer type Service will have health checks for nodes by default if all nodes have version >= v1.7.2. (#49330, @MrHohn) Azure PD (Managed/Blob) (#46360, @khenidak) Fix Pods using Portworx volumes getting stuck in ContainerCreating phase. (#48898, @harsh-px) kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm (#49017, @luxas) Fix pods failing to start when subPath is a dangling symlink from kubelet point of view, which can happen if it is running inside a container (#48555, @redbaron) Never prevent deletion of resources as part of namespace lifecycle (#48733, @liggitt) kubectl: Fix bug that showed terminated/evicted pods even without --show-all. (#48786, @janetkuo) Add a runtime warning about the kubeadm default token TTL changes. (#48838, @mattmoyer) Local storage teardown fix (#48402, @ianchakeres) Fix udp service blackhole problem when number of backends changes from 0 to non-0 (#48524, @freehan) hpa: Prevent scaling below MinReplicas if desiredReplicas is zero (#48997, @johanneswuerbach) kubeadm: Fix a bug where kubeadm join would wait 5 seconds without doing anything. Now kubeadm join executes the tasks immediately. (#48737, @mattmoyer) Fix a regression that broke the --config flag for kubeadm init. (#48915, @mattmoyer) Fix service controller crash loop when Service with GCP LoadBalancer uses static IP (#48848, @nicksardo) (#48849, @nicksardo) - Update to 1.7.1 Added new flag to kubeadm init: --node-name, that lets you specify the name of the Node object that will be created (#48594, @GheRivero) Added new flag to kubeadm join: --node-name, that lets you specify the name of the Node object that's gonna be created (#48538, @GheRivero) Fixes issue where you could not mount NFS or glusterFS volumes using hostnames on GCI/GKE with COS images. (#42376, @jingxu97) Reduce amount of noise in Stackdriver Logging, generated by the event-exporter component in the fluentd-gcp addon. (#48712, @crassirostris) Add generic NoSchedule toleration to fluentd in gcp config. (#48182, @gmarek) RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup. (#48480, @liggitt) Support NoSchedule taints correctly in DaemonSet controller. (#48189, @mikedanese) kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns (#48050, @luxas) - fix docker 1.12.6 requirement in subpackages - Exclude s390 - Fix building on aarch64 - Require docker 1.12.6: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#external-dependency-version-information - drop redundant BuildRequires already present with golang(API) = 1.8 - Remove superfluous whitespaces as requested by sle-review-team - Update to version 1.7.0: * Kubernetes 1.7 is a milestone release that adds security, stateful application, and extensibility features motivated by widespread production use of Kubernetes. * Security enhancements in this release include encrypted secrets (alpha), network policy for pod-to-pod communication, the node authorizer to limit Kubelet access to API resources, and Kubelet client / server TLS certificate rotation (alpha). * Major features for stateful applications include automated updates to StatefulSets, enhanced updates for DaemonSets, a burst mode for faster StatefulSets scaling, and (alpha) support for local storage. * Extensibility features include API aggregation (beta), CustomResourceDefinitions (beta) in favor of ThirdPartyResources, support for extensible admission controllers (alpha), pluggable cloud providers (alpha), and container runtime interface (CRI) enhancements. - patch modifications: * modify make-e2e_node-run-over-distro-bins.patch: supply additional args to test-e2e-node.sh * modify build-with-debug-info.patch: hard-code go binary invocation - add_pr_template.patch - fix-support-for-ppc64le.patch - Update go build requirements: do not build with go >= 1.8 until we kubernetes 1.7 is released (see https://github.com/kubernetes/kubernetes/issues/45935) - Adding a /etc/kubernetes/kubelet-initial EnvironmentFile that is expected to set the KUBELET_INITIAL_ARGS variable so that a set of arguments that only impact kubelet on the first run can be supplied. This removes the need to restart kubelet when you change the node labels, for example. - Change default kubernetes log level: use warning as base level of logging, not debug. - Change default kubelet configuration: do not tell kubelet to look for the API server on localhost. 90% of the times this process is located somewhere else. This also helps to fix/mitigate bsc#1042387 - Add kubelet-support-btrfs-fixes-bsc-1042383.patch needed to fix bsc#1042383 - Removed commented line referring to a patch file no longer shipped - Downgrade to version 1.5.3 because we just hit some new issues (bsc#1039663) with k8s 1.6 and we don't have time to properly fix and test 1.6, to make sure there are no new bugs, before the release. - Update descriptions - Update to version 1.6.1: * Bump cluster autoscaler to 0.5.1 * Kubernetes version v1.6.1-beta.0 * update-all.sh * Better messaging when GKE certificate signing fails. * Update busybox dependency to fix bazel build * update-all.sh * don't wait for first kubelet to be ready * Fix problems of not-starting image pullers * Kubernetes version v1.6.1 - Remove get-rid-of-the-git-commands-in-mungedocs.patch: no mungedocs Review patches: * build-with-debug-info.patch * fix-support-for-ppc64le.patch * git-upstream.patch * make-e2e_node-run-over-distro-bins.patch - Remove 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch because mesos has been moved to the incubator project: https://github.com/kubernetes/kubernetes/pull/33658 - Update to version 1.6.0: * Kubernetes version v1.6.0-beta.0 * Generating docs for v1.6.0-beta.0 on release-1.6. * update-all.sh. * update-all.sh. * Kubernetes version v1.6.0-beta.1 * update-staging-client-go.sh * Kubernetes version v1.6.0-beta.2 * update-all.sh. * Kubernetes version v1.6.0-beta.3 * update-all.sh. * Kubernetes version v1.6.0-beta.4 * update-staging-client-go.sh * Update NPD rbac. * Kubernetes version v1.6.0-rc.1 * update-all.sh. * Update a few regex patterns to support release candidates * Added failing upgrade if there are many master replicas. * added prompt warning if etcd3 media type isn't set during upgrade * etcd upgrade warning: add docs link, fixed etcd2 behavior, print non-interactive * in storage media upgrade prompt, provide config for using protobuf * Kubernetes version v1.6.0 - updated to to 1.5.5 - updated to to 1.5.4 - added some patches: build-with-debug-info.patch, fix-support-for-ppc64le.patch, get-rid-of-the-git-commands-in-mungedocs.patch, git-upstream.patch, make-e2e_node-run-over-distro-bins.patch - removed gcc-on-ppc64-and-arm.patch - exclude i586. We don't expect this package to build with i586 - add kubernetes-rpmlintrc file to the spec file - fix ownernship of service account key - fix permissions in service account key - add the github PR templates or it does not build - Updated to 1.3.10 - AWS: fix volume device assignment race condition (#31090, @justinsb) - Test x509 intermediates correctly (#34524, @liggitt) - Remove headers that are unnecessary for proxy target (#34076, @mbohlool) - gci: decouple from the built-in kubelet version (#31367, @Amey-D) - Bump GCE debian image to container-vm-v20161025 (CVE-2016-5195 Dirty? (#35825, @dchen1107) - Add RELEASE_INFRA_PUSH related code to support pushes from kubernetes/release. (#28922, @david-mcmahon) - Updated to 1.3.7 - Fix watch cache filtering (#29046, @liggitt) - List all nodes and occupy cidr map before starting allocations (#29062, @bprashanth) - Fix watch cache filtering (#28968, @liggitt) - Lock all possible kubecfg files at the beginning of ModifyConfig. (#28232, @cjcullen) - Removing images with multiple tags (#29316, @ronnielai) - kubectl: don't display an empty list when trying to get a single resource that isn't found (#28294, @ncdc) - Fix working_set calculation in kubelet (#29154, @vishh) - Don't delete affinity when endpoints are empty (#28655, @freehan) - GCE bring-up: Differentiate NODE_TAGS from NODE_INSTANCE_PREFIX (#29141, @zmerlynn) - Fix logrotate config on GCI (#29139, @adityakali) - Do not query the metadata server to find out if running on GCE. Retry metadata server query for gcr if running on gce. (#28871, @vishh) - Fix GPU resource validation (#28743, @therc) - Scale kube-proxy conntrack limits by cores (new default behavior) (#28876, @thockin) - Don't recreate lb cloud resources on kcm restart (#29082, @bprashanth) - NetworkPolicy cherry-pick 1.3 (#29556, @caseydavenport) - Allow mounts to run in parallel for non-attachable volumes (#28939, @saad-ali) - add enhanced volume and mount logging for block devices (#24797, @screeley44) - kube-up: increase download timeout for kubernetes.tar.gz (#29426, @justinsb) - Fix RBAC authorizer of ServiceAccount (#29071, @albatross0) - Update docker engine-api to dea108d3aa (#29144, @ronnielai) - Assume volume is detached if node doesn't exist (#29485, @saad-ali) - Make PD E2E Tests Wait for Detach to Prevent Kernel Errors (#29031, @saad-ali) - Fix "PVC Volume not detached if pod deleted via namespace deletion" issue (#29077, @saad-ali) - append an abac rule for $KUBE_USER. (#29164, @cjcullen) - Update Dashboard UI to version v1.1.1 (#30273, @bryk) - allow restricting subresource access (#30001, @deads2k) - Fix PVC.Status.Capacity and AccessModes after binding (#29982, @jsafrane) - oidc authentication plugin: don't trim issuer URLs with trailing slashes (#29860, @ericchiang) - network/cni: Bring up the lo interface for rkt (#29310, @euank) - Fixing kube-up for CVM masters. (#29140, @maisem) - Addresses vSphere Volume Attach limits (#29881, @dagnello) - Increase request timeout based on termination grace period (#31275, @dims) - Skip safe to detach check if node API object no longer exists (#30737, @saad-ali) - Nodecontroller doesn't flip readiness on pods if kubeletVersion < 1.2.0 (#30828, @bprashanth) - Update cadvisor to v0.23.9 to fix a problem where attempting to gather container filesystem usage statistics could result in corrupted devicemapper thin pool storage for Docker. (#30307, @sjenning) - AWS: Add ap-south-1 to list of known AWS regions (#28428, @justinsb) - Back porting critical vSphere bug fixes to release 1.3 (#31993, @dagnello) - Back port - Openstack provider allowing more than one service port for lbaas v2 (#32001, @dagnello) - Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain (#32413, @freehan) - Fixes the panic that occurs in the federation controller manager when registering a GKE cluster to the federation. Fixes issue #30790. (#30940, @madhusudancs) - Run over with spec-cleaner - Remove the prereq fillup as it is not used - Use symlinks on fdupes not hardlinks - Move scriptlet prior files to match rest of specs - Switch to full url on sources for easy downloading - Make node and master conflict, they both provide same config files causing rpm conflicts - Removed go as a build requirement The golang-packaging build requirement already has go as a requirement. - Re-added missing tmpfiles creation - Improved the handling of /var/run/kubernetes - Added some more macros from golang-packaging I've also done some minor changes and I've merged the following two patches: 1. kubernets_change_cc_for_ppc64le.patch 2. 0001-SUSE-hack-use-native-system-compiler.patch into the patch: gcc-on-ppc64-and-arm.patch - Added %{go_nostrip} from golang-packaging I've also done some minor corrections - fix tarball (was tar.gz instead of tar.xz) - update to 1.3.0 * add _constraints file to get more disk space on aarch64 * fix url to show http://kubernetes.io * remove bash completion instructions since bash completion has been removed upstream and is replaced by a dedicated command that generates the bash code on the fly - add 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch, 0001-SUSE-hack-use-native-system-compiler.patch: Build on aarch64 - update to 1.2.4: * Ensure status is not changed during an update of PV, PVC, HPA objects (#24924, @mqliang) * GCI: Add two GCI specific metadata pairs (#25105, @andyzheng0831) * Update salt config to allow Debian Jessie on GCE. (#25123, @jlewi) * Fix DeletingLoadBalancer event generation. (#24833, @a-robinson) * GCE: Prefer preconfigured node tags for firewalls, if available (#25148, @a-robinson) * Drain pods created from ReplicaSets in 'kubectl drain' (#23689, @maclof) * GCI: Update the command to get the image (#24987, @andyzheng0831) * Validate deletion timestamp doesn't change on update (#24839, @liggitt) * Add support for running clusters on GCI (#24893, @andyzheng0831) * Trusty: Add retry in curl commands (#24749, @andyzheng0831) - Add runtime requirement to kubelet - Fix version tag inside of final packages - enable build ppc64le new kubernets_change_cc_for_ppc64le.patch - Updated to kubernetes v1.2.3 - Update to kuberneted v1.2.0 - Update to kubernetes v1.1.7 - Remove change-internal-to-inteernal.patch, no longer needed - Cleanup of the spec file - kubernetes-node: require the Docker package to be installed at runtime - initial package for 1.1.0 pre from git based on Fedora package ==== libssh ==== Version update (0.9.3 -> 0.9.4) Subpackages: libssh-config libssh4 - Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ ==== libtirpc ==== Version update (1.2.5 -> 1.2.6) Subpackages: libtirpc-netconfig libtirpc3 - Update to libtirpc 1.2.6 - Drop patches all patches backported from this release (0001-Add-authdes_seccreate-stub.patch, 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated service_del_preun and service_del_postun for iscsi and iscsiuio packges in SPEC file, so that services get started/ stopped in the correct order, and changed systemd macros so that iscsi login service iscsi.service is not restarted during package upgrade (bsc#1166650) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Install branding-openSUSE meta package - Put apparmor-utils only on DVD, but don't install by default (follow Tumbleweed) ==== podman ==== Version update (1.8.2 -> 1.9.0) Subpackages: podman-cni-config - Switched to simple `make binaries` for building podman - Update podman to v1.8.2: * Features - Experimental support has been added for podman run - -userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 ==== systemd ==== Version update (244 -> 245) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Switch back to the hybrid hierarchy Unfortunately Kubernetes and runc are not yet ready for cgroupsv2. Let's reconsider the unified hierarchy in a couple of months. - Import commit c5aa158173ced05201182d1cc18632a25cf43b94 (merge v245.4) - Add 0001-meson-fix-build-of-udev-path_id_compat-builtin-with-.patch - Import commit 31f82b39c811b4f731c80c2c2e7c56a0ca924a5b (merge v245.2) d1d3f2aa15 docs: Add syntax for templated units to systemd.preset man page 3c69813c69 man: add a tiny bit of markup bf595e788c home: fix segfault when parsing arguments in PAM module e110f4dacb test: wait a bit after starting the test service e8df08cfdb fix journalctl regression (#15099) eb3a38cc23 NEWS: add late note about job trimming issue 405f0fcfdd systemctl: hide the 'glyph' column when --no-legend is requested 1c7de81f89 format-table: allow hiding a specific column b7f2308bda core: transition to FINAL_SIGTERM state after ExecStopPost= 2867dfbf70 journalctl: show duplicate entries if they are from the same file (#14898) [...] - Upgrade to v245 (commit 74e2e834b4282c9bbdc12014f6ccf8d86e542b8d) See https://github.com/openSUSE/systemd/blob/SUSE/v245/NEWS for details. The new tools provided by systemd repart, userdb, homed, fdisk, pwquality, p11kit feature have been disabled for now as they require reviews first. Default to the "unified" cgroup hierarchy. Indeed most prominent users of cgroup (such as libvirt, kubic) should be ready for such change. It's still possible to switch back to the old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0" option to the kernel command line though. Added 0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch: upstream commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533 has been reverted for now on as it introduced a behavior change which has impacted plymouth at least. - add systemd-network-generator.service file together with systemd-network-generator binary ==== xen ==== Version update (4.13.0_11 -> 4.13.0_12) - bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch - bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch - bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing memory barriers in read-write unlock paths 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch - bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error path in GNTTABOP_map_grant 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch - bsc#1167152 - L3: Xenstored Crashed during VM install Need Core analyzed 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch - Drop for upstream solution (bsc#1165206) 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch - Upstream bug fixes (bsc#1027519) 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch ==== xfsprogs ==== Version update (5.5.0 -> 5.6.0) - update to v5.6.0: * xfs_scrub: don't set WorkingDirectory in systemd job * xfsprogs: fix silently broken option parsing * xfsprogs: various minor Coverity fixes * xfs_repair: fix dir_read_buf use of libxfs_da_read_buf * libxfs: check retval of device flush when closing * xfs_io: set exitcode on failure appropriately * libxfs changes merged from kernel 5.6