SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for kubernetes-kubelet-1.8.10-5.17.x86_64.rpm :
Tue Apr 24 14:00:00 2018 rfernandezlopezAATTsuse.com
- add do-not-gc-sle-kubic-images.patch: Prevent the Kubernetes image
GC from cleaning the images that have been loaded using container-feeder.
- Fixes: bsc#1069469

Wed Apr 18 14:00:00 2018 jmassaguerplaAATTsuse.com
- add fix_cve_2018_1002100_bsc_1089654.1.8.patch. fix cve#2018-1002100
(bsc#1089654)

Tue Apr 17 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.8.10+044cd262c40234014f01b40ed7b9d09adbafe9b1:

* Update hosts in EnsureLoadBalancer()

* external lb - move target pool operation into its own function

* Update event-exporter

* Fixes the regression of GCEPD not provisioning correctly on alpha clusters.

* Allow update/patch of CRD while terminating

* add remount logic for azure file plugin

* 1.8 edition: Pass in etcd TLS credentials during migrate and rollback

* purge all the -v references from e2e.go

* Check whether it is running locally when UseInstanceMetadata

* Get external IP for azure standard nodes

* Kubernetes version v1.8.10-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.9.

* Fix CleanupGCEResources for regional test

* Detect backsteps correctly in base path detection

* Add atomic writer subpath e2e tests

* Exclude commas when pulling the tag out of the git export-subst format string

* bugfix(mount): lstat with abs path of parent instead of \'/..\'
- Fixes bsc#1089991
https://bugzilla.suse.com/show_bug.cgi?id=1089991

Tue Mar 13 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.8.9+3fb1aafdafa3d33bc698930095db1e56c0f76452:

* Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details (#61046, bsc#1085007)

* Automated cherry pick of #55796

* Kubernetes version v1.8.8-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.7.

* Recheck if transformed data is stale when doing live lookup during update

* Fix garbage collector when leader-elect=false

* Track run status explicitly rather than non-nil check on stopCh

* Adjust the Stackdriver Logging length test

* Rework method of updating atomic-updated data volumes

* Adjust GKE spec to validate images with kernel version 4.10+

* dockershim: remove corrupt checkpoints immediately upon detection

* Send correct resource version for delete events from watch cache

* Use /proc/net/nf_conntrack.

* Make IsConnectionReset work with more error implementations.

* Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD

* Update cluster addon Calico to v2.6.6

* Add apiserver metric for number of requests dropped by \'inflight-request\' filters.

* Add a metric to track usage of inflight request limit.

* Fix bug:Kubelet failure to umount mount points

* By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access.

* Add deprecated stage of feature gates

* Mark ServiceProxyAllowExternalIPs feature as deprecated

* azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request

* Bump Metrics Server to version v0.2.1

* Updated priority of mirror pod by PriorityClass.

* Update Calico to version v2.6.7

* Set --kubelet-preferred-address-types on apiserver by default

* Remove setInitError.

* storage, etcd3: add an option for configuring interval of compaction requests from apiserver

* Expose etcd compaction time via environmental variable in GCE

* Configurable etcd quota backend bytes

* Cluster Autoscaler 1.0.4

* Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node.

* Set instanceID to azure resource ID format while useInstanceMetadata is enabled

* Kubernetes version v1.8.9-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.8.

* Pass pvc namespace and annotations to Portworx Create API

* Add a test case for the race in #59822

* Add started state to the processor to protect against double starts

* Fix race in healthchecking etcds leading to crashes

* Drop init container annotations during conversion

* Fix kubelet PVC metrics using a volume stats collector.

* Increase allowed lag for ssh key sync loop for tunneler

* add lock before detaching azure disk

* Fix comparison of golang versions

* Fix Deployment with Recreate strategy not to wait on Pods in terminal phase

* Add tests for Deployments Recreate strategy when there are pods in terminal state present

* Ensure that the runtime mounts RO volumes read-only

* hack: when installing gazelle, checkout older version of buildtools

* Update Dashboard version to v1.8.3

* Fix nested volume mounts for read-only API data volumes

* Lock subPath volumes

* Add subpath e2e tests

* Add feature gate for subpath

Thu Jan 18 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.8.7+b30876a5539f09684ff9fde266fda10b37738c9c:

* Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details (#61046, bsc#1085007)

* Disable GCE target

* Kubernetes version v1.8.6-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.5.

* kubelet falls back to parse generic version string if not semver

* Fix PV counter predicate in eclass

* move InitStorageAccount into azure disk provision func

* remove initialize storage account pool process

* Add cos as an alias for gci in the upgrade script

* fix bug in container lifecycle event generation

* remove time waiting after create storage account

* Add pvc as part of equivalence hash

* Update generated bazel

* Check both name and ports for azure health probes

* change default azure file/dir mode to 0755

* return error when create azure share failed

* enable flexvolume on Windows

* fix CreateVolume: search mode for Dedicated kind

* search by accounttype in CreateVolume func

* Temporary implementation of count metrics for PodSecurityPolicy

* Add --retry-connrefused to all curl invocations.

* Kubernetes version v1.8.7-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.6.

* Fix a bug in validating node existence.

* Remove a file that isn\'t in the 1.8 branch

* Get automatically created subnetwork if none is specified

* Update boilerplate for 2018

* Add generated runtime and generated device plugin to update-all

* Regenerate all generated code

* Configurable liveness probe initial delays for etcd and kube-apiserver in GCE

* Add \'exec\' in all saltbase manifests using \'/bin/sh -c\'.

* Rename tree state from \'git archive\' to \'archive\'

* Use git archive to produce kubernetes-src.tar.gz when possible

* Honor make variable OUT_DIR.

* use /dev/disk/by-id instead of /dev/sd
* for azure disk

* prefer /dev/disk/azure/scsi1/ over by-id for azure disk

* delete a node from its cache if it gets node not found error

* add remount logic if original mount path is invalid

* Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup.

* Use existing subnetwork of forwarding rule

* Avoid error on closed pipe

Tue Dec 12 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.8.5+cce11c6a185279d037023e02ac5249e14daa22bf:

* Kubernetes version v1.8.5-beta.0 openapi-spec file updates

* Set -w flag on all iptables calls during master startup

* conversion-gen: check for nil pkg in getManualConversionFunctions

* Add/Update CHANGELOG-1.8.md for v1.8.4.

* Fix panic when AlphaFeatureGate isn\'t configured for gce.

* Tolerate partial discovery in garbage collector

* oidc auth: fix prefix flag plumbing

* Use v0.0.0 gitVersion on branches in support of new .gitattributes solution.

* kubeadm: Fix a small bug in the self-hosting code

* Fix incorrect localhost seccomp profile path

* Verify seccomp absolute path in dockershim

* Update bazel and remove unused data files

* add user-specified ns to --dry-run created obj

* add tests

* Fix setting resources in fluentd-gcp plugin

* Fix panic in GCE loadbalancer library

* support mount options in azure file

* add vers mountoptions and fix comments

* If mountPath is missing, prefix with root dir.

* update API, remove validation.

* Include ServerName in tls transport cache key

* remove disk allocatable evictions

* Fix TestAggregatedAPIServer setup

* update cadvisor godeps to v0.27.3

* add Standard GRS, RAGRS support for azure disk

* Fix typo in component name of prometheus-to-sd config.

* Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior.

* Initial changes for adding forward rules

* Review updates

* log errors while trying to GC resources

* Wait for controllerrevision informer to sync on statefulset controller startup

* adjust the expected output based kubectl verison

* update comment that are out of date

* [e2e] make sure to specify APIVersion in HPA tests

* kubelet: MustRunAsNonRoot should reject a pod if it has non-numeric USER.

* This was missed when I cherry picked the original CL back. Also fix the test startup script to match the GCE startup script.

* Fix scheduler cache panic when updating pod conditions

* Update Dashboard add-on to version 1.8.0

* certs: add month buckets

* fix inter-pod anti-affinity issue

* fix gce.conf multi-value parameter processing

Fri Nov 24 13:00:00 2017 mjuraAATTsuse.com
- After upgrade to Kubernetes v1.8.4 drop the patches:

* kubectl-fix-duplicate-proto-error-bsc-1057277.patch

* kubelet-support-btrfs-fixes-bsc-1042383.patch

Tue Nov 21 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.8.4+9befc2b8928a9426501d3bf62f72849d5cbcd5a3:

* Add bind mount /etc/resolv.conf from host to containerized mounter

* Enhance message in cluster-info dump

* Change second StorageClass Column to provisioner Some provisioners have key-value pairs in parameters map which key is type, here TYPE in StorageClass columns may be confused

* Re-enable federated ingress test that was disabled due to a federated service deletion bug.

* Add ceph-common to hyperkube image

* Return clusterErr rather than err

* Add default=false to usage of kube-apiserver allow-privileged flag

* Tune Cinder approvers

* kubectl: \'apply view-last-applied\' must not use printf(), as this will cause format codes in the YAML/JSON to be interpreted.

* fix self link error of generic resources in describe command

* Use variadic nature of
*cobra.Command.AddCommand to add group of commands to a parent command

* Remove duplicate error message output in hyperkube.

* fix err message in namespace_policy

* Adding option to set the federation api server port if nodeport is set

* Add statefulset to the completion candidates of kubectl scale

* Check uper limit of port and ensure 0 corresponds to random port

* Add ownership for the future of scheduler_perf and kubemark

* add test for kubectl create pdb

* Ignore ErrNotFound when delete LB resources

* Mark deprecated info in short description of deprecated commands.

* Delete meaningless err check

* Suggest user to use \'hack/install-etcd.sh\' when running integration tests without etcd found.

* add validate to not allow mix --config with other arguments

* Delete unuse err check

* volumes: SetNodeStatusUpdateNeeded on error

* allow output patch string in edit command

* removing unnecessary shallow copy see #46703

* Do not retunr svc in case of error. Rename apiServerNodePortPort.

* Added logic to copy-to-staging to avoid copying if the same file already exists in gce

* Add a feature gate for Debug Containers

* Deleting ServiceReaper

* add ContainerRuntimeVersion to `kubectl get nodes -o=wide` output

* fix comment of isDir

* Fix the typo in translations\' README.md

* Improve code coverage for pkg/printer

* Removed mesos related labels.

* Create output_dir if doesn\'t exist

* Use t.Fatalf instead

* fix some err message

* Adds --insecure to cockroachdb client command

* Add git branch to make build short hash unique

* fix JSONPath parser will not filter strings containing parentheses

* add more unit test

* Add test case for namespace

* add cmd test for kubectl auth can-i

* [Federation][Kubefed] Support documentation for kubefed and its sub commands

* [Federation][Kubefed] Add placeholders for generated docs

* Fixed a comment typo

* fix parse pairs

* Fix const nameing in node/metrics

* Improve error reporting when flex driver has failed to initialize.

* Shorten issue template

* Add OpenAPI README file

* Fix print type of podname

* Fixing style errors

* Fix comments

* extending DefaultExternalHost for any registred cloud provider see #46567

* controller-manager: fix horizontal-pod-autoscaler-use-rest-clients flag help info

* Pipe in GCE master/node tags through flags for e2e test

* deletePod handler in the deployment controller shouldn\'t set owner refs

* Make firewall test get tag from config instead of instance and fix multi-zone issue

* kuberuntime: cleanup TestGenerateContainerConfig

* Add Validate() function for audit options

* Delete reduandant err definition

* controller: fix error message

* Allow NetworkPolicy.spec updates

* Remove unnecessary wrapper flags

* Cleanup federation/cluster scripts from deprecated bringup method

* Auto generated file

* Fix a typo in deletion log of apiserver

* Kubelet doesn\'t override addrs from Cloud provider

* Fix restart action on juju kubernetes-master

* Fix local isolation for pod requesting only overlay

* Fix setting juju worker labels during deployment

* Run cAdvisor on the same interface as kubelet

* [trivial]fix function name in comment

* Fix mismatched types Verbose and bool Fix invalid operation: mismatched types Verbose and bool

* correct the script name for generating swagger doc

* Updated comments for functions.

* Change cephfs secret related logs level

* owners: remove euank from sig-node-reviewers

* Fix local isolation for pod requesting only scratch

* scheduler/util: remove bad print format

* Validate if service has duplicate targetPort

* shows how to wire admission control in a sample api server.

* Add IPv6 test cases to kube-proxy server test.

* Using only the exit code to decide when to fall back on logs

* AWS: Set CredentialsChainVerboseErrors

* E2E:Delete unecessary check

* Use a pointer to mark the nodeport port, if any.

* delete unused return

* Add timothysc to kubeadm reviewers

* fix env flag

* Moved md5 comand to a separate function and added comments

* remove unneeded variable

* Use reflect.DeepEqual to replace sliceEqual

* Refactor slice intersection

* Fix broken command in registry addon document

* Moved gsutil_get_tar_md5 function before copy-to-staging function

* Changes node e2e tests to use new Ubuntu image

* Deprecate keep-terminated-pod-volumes

* print non-existent key in configmap

* fix-review

* Only do string trim when it\'s necessary

* AWS: Fix suspicious loop comparing permissions

* deprecate created-by annotation for e2e test framework

* rebase gophercloud to support HTTP status 300 in pagination, so listing Cinder v1/v2 API versions won\'t break

* fix naming for testgrid

* iSCSi plugin: Remove redundant nil check

* Replace capacity with allocatable to calculate pod resource

* Clean up Deployment overlap annotation code

* Add rbac support to fluentd-elasticsearch

* Create a kubectl alpha subcommand

* Speed up attach/detach controller integration tests

* fixed the logging of which conversions.

* Speed up PV integration tests

* storageclass ceph add imageformat parameter

* Add `imageFeatures` parameter for RBD volume plugin, which is used to customize RBD image format 2 features. Update RBD docs in examples/persistent-volume-provisioning/README.md.

* Only `layering` RBD image format 2 feature should be supported for now.

* deprecate created-by annotation for pod drain

* add owners for sh2ju

* Don\'t bother with a mutable transformer for identity

* Modify NewVolumeManager() function return value Since function NewVolumeManager() will always return vm and nil, we do not need the second return value, it will always be nil.

* Output TYPE for getting service

* use appsv1beta1 for statefulsets and controller history

* Update admission control args

* Small fix for number of pods and nodes in test function

* Delete pre-commit hook

* Fix typo in cross-repo link

* es discovery support args apiserver-host and kubeconfig

* add extra args validate

* delete the for loops that done nothing

* Use more meaningful and consistent variable names in glusterfs plugin.

* Lower etcd compacted loglevel

* Make different container runtimes constant

* Get rid of 30s ResyncPeriod in endpoint controller

* Add \"alpha phase preflight\" command

* don\'t pass CRI error through to waiting state reason

* Remove repeat type conversions

* Also rename leftCapacity to leftAllocatable

* Fix a typo

* Add websocket protocol authentication method

* Use websocket protocol authenticator in apiserver

* Set default User-Agent on http probe

* Remove redirect verb parsing

* Insert Cynerva and Kjackal to approvers list

* Run hack/verify-govet.sh as part of verify make target This commit ensures that: - go vet will be run as part of the make verify target - the vet make-rule script won\'t be run directly, as generated_files won\'t be run in that case - that go vet errors show up in the build log with a start time, finish time, and SUCCESS/FAILED message as part of the verify make rule script

* dockershim: checkpoint HostNetwork property

* Make fluentd log to stdio instead of a dedicated file

* Add ApiEndpoint support to GCE config.

* Remove e2e test for least requested prioirty function

* support to build hyperkube image on ppc64le

* Fix invalid filename in kubelet log

* fix systemd service file for custom args. Signed-off-by: xuxinkun

* remove dead code in rbac helper

* Add type conversion judgment

* split v1/register.go to regsiter.go and builder.go move api/v1 to k8s.io/api/v1 duplicate some global variables/functions in pkg/api/v1/builder.go, add todo to remove these

* run pkg/api/v1/rewrite....sh, pkg/api/v1 (not including subdir) compile

* run root-rewrite-v1-..., compile

* let conversion-gen to choose localSchemeBuiler

* revert before merge? remove a dependency from pkg/apis/componentconfig to clientset, probably we should fix it later. i removed the dependency to test if pkg/apis compile

* Bump event-exporter version to reduce warnings noise

* Don\'t revert, necessary change to make helpers to include k8s.io/api

* unify register.go formats: networking/v1/register.go staging/src/k8s.io/kube-apiextensions-server/pkg/apis/apiextensions/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/metrics/v1alpha1 register.go

* pkg/apis/move-external-types-for-apis.sh, k8s.io/api compiles

* run pkg/apis/make-origin-dir-compile, pkg/apis compile

* run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles

* run fix-casttype.sh

* manually fix unit tests in pkg/api/v1

* vendorless path for informer-gen

* hack/lib/init.sh util.sh update-codegen.sh

* manually fix protogen

* manually remove pkg/client/listers/policy/v1alpha1

* some copy.sh changes

* change hack/update-codecgen.sh

* run hack/update-codegen.sh

* run ./remove-original-proto.sh to remove the old proto

* run root-rewrite-import-client-go-api-types

* run hack/update-staging-client-go, somehow we copied listers/

* make all works. generated harmless covnersion/deepcoy chagnes

* manually fix unit tests

* manually fix hack/verify-staging-imports.sh

* manually fix kubectl openapi unit test

* manually fix openapi-gen

* revert!! temporary change to hack/update-all.sh

* run hack/update-all

* revert hack/update-all to its original form

* run update-staging-godeps.sh; the script asks user to manually commit changes for each repo

* incluster config will be used when creating external shared informers.

* Bump up npd version to v0.4.1

* Don\'t audit log tokens in TokenReviews

* kubelet should resume csr bootstrap

* update e2e for GCE ApiEndpoint support

* include k8s.io/api in update-godep-staging.sh

* generated Godeps.json

* Remove limits from ip-masq-agent for now. ip-masq-agent when issuing an iptables-save will read any configured iptables on the node. This means that the ip-masq-agent\'s memory requirements would grow with the number of iptables (i.e. services) on the node.

* enable docs and man page autogeneration for cloud-controller-manager

* fix nits in kubelet server

* [Federation] Convert the ReplicaSet controller to a sync controller.

* update the err of hostPorts in psp

* Update cadvisor to v0.26.1.

* Move seccomp helper methods and tests to platform-specific files.

* update openstack metadata-service url

* Remove service on termination when exec \'kubectl run\' command with flags \"--rm\" and \"--expose\"

* fix CopyStrings and ShuffleStrings for slice when slice is nil

* add level for print flags

* fix comment mistake

* OpenStack for cloud-controller-manager

* Added helper funcs to schedulercache.Resource.

* [trivial]fix function name in comment

* Add client cert authentication for Azure cloud provider

* Fix tests after rebasing

* Add the pcks12 package to the build of Azure cloud provider

* Fix test name

* Fix dependencies order after rebase

* Add more pdbs in autoscaling e2e

* Bumped Heapster to v1.4.0-beta.0

* Add annotation constants to glusterfs plugin.

* Use %q formatter for error messages from the AWS SDK. #47789

* Implement e2e test for Stackdriver event exporter

* Removes alpha feature gate for affinity annotations. Beta fields should be used.

* add compression to GET and LIST api requests

* removed \'Storage\' option from \'kubectl top\' like options

* detach getClusterNodes() func from provisioner method.

* Display for clusterIP and port when service is ExternalName

* Fix output extra comma

* kubectl: rename Run() -> RunRun() to clarify purpose

* kubectl: rewrite docstrings in several files

* cmd: make createDeployment a private function

* cmd: refactor common err expr into helper function

* kubectl: simplify code with help of linter

* kubectl: note a bug with a comment

* kubectl: refactor addFromEnvFile, write tests

* kubectl: fix inaccurate usage messages for --windows-line-endings

* e2e: bump kubelet\'s resurce usage limit

* Bump Cluster Autoscaler to 0.6.0-beta2

* make proto time precision match json

* deprecate created-by annotation for cronjob

* include object fieldpath in event key

* [Federation] Account for caching in kubectl

* Strip versions from known api groups in audit policy

* Enable vmodule support for all components

* Fixed Monitoring e2e test

* openapi: Fetch protobuf rather than Json

* Save docker image tarfiles in _output/release-images/$arch/.

* [esipp-e2e] Change service port to avoid collision

* Use a different env var to enable the ip-masq-agent addon. We shouldn\'t mix setting the non-masq-cidr with enabling the addon.

* Move e2e fromManifest funcs to manifest package

* Pipe clusterID into gce_loadbalancer_external.go

* Update e2e tests to pipe in clusterID for gce resource cleanup

* Encodes ReportPrefix into the generated metrics file names

* Adds IPv6 test cases

* Remove e2e test that checked scheduler priority function for ReplicationController spreading

* Do not set CNI on a private master when enabling network policy.

* Extending timeout waiting for delete node to become ready before the test ends

* [Federation]Fix forgeting to close file

* Plumb preferred version to nested object encoder

* [Federation]Remove duplicate constants

* Fix kubectl api-versions caching

* Bump e2e mounttest image version to 0.8

* kubeadm: Remove the validate phase as it\'s not needed nor used

* kubeadm: Cleanup version gates for the Node Authorizer when targeting v1.8

* Update CHANGELOG.md for v1.7.0-rc.1.

* Remove stubs from docs/

* [Federation][Kubefed] Address review comment

* Checked whether balanced Pods were created.

* Move the workload e2e tests to it\'s own package

* apiextensions-apiserver: fix build

* revert 45764

* Reflect kubeadm-specific kubelet changes in the bazel debs

* Update kube-dns to 1.14.4

* Multi Arch test images

* modify the meassage in kubectl secret command when the envFile path is not an file path

* godoc update for scheduler predicates.

* kubeadm: Make kube-proxy RollingUpgradeable

* Port some more images

* kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns

* Add a failsafe for etcd not returning a connection string

* Add err judgment

* Retry service syncs with exponential backoff in endpoints-controller

* Remove old node role label that is not used by kubeadm

* IPv6 support for getting node IP

* Move LoadPodFromFile to volume utils

* Fix lint errors

* Revert \"Decrese fluentd cpu request\"

* Add e2e for cluster-autoscaler scale-up from 0

* Bump Cluster Autoscaler to 0.6.0

* Move more printers to TablePrinter

* add options enable tokencleaner,bootstrapsigner controller

* Fix error in local-cluster-up

* Retry finding RBAC version if not found in discovery cache

* garbage collector controller propagates DeletePropagationForeground policy if the object doesn\'t already have finalizers.

* prioritize messages for long steps

* Move iptables logging in kubeproxy from Errorf to V(2).Infof

* cmd/create_deployment: refactor & test long function

* cmd/run: use util function to deduplicate logic

* Enables memcg notification in cluster/node e2e tests

* Make big clusters work again after introduction of subnets

* Fix test commands in cluster/gce/util.sh

* Skip Deployment upgrade test on 1.5 and earlier.

* Add priority to Kubernetes API

* Make doc generation on cherry-picks optional

* bazel: update rules_docker and use official busybox base image

* s/count/total/ in audit prometheus metrics

* Autogenerated files

* Update CR example in client-go

* Formatted Dockerfile to be cleaner and precise

* Move DaemonSet to table printer

* Ensures node becomes schedulable at the end of tests that delete nodes

* Update docs for user-guide

* Allocate clusterIP when change service type from ExternalName to ClusterIP

* Modify e2e tests for service type update.

* modify some mistake

* Add Pod UID (metadata.uid) to downward API env var

* Use endpoints informer for the endpoint controller

* Improve security of Juju deployed clusters

* Set cluster-autoscaler node balancing flag

* Fix typo in cluster-autoscaler config

* Fix ebtables_test.go to actually get run, and to pass

* Fix the names of some iptables tests

* Fix fluentd-gcp configuration to facilitate JSON parsing

* Fix typo

* Support IPv6 in kubenet_linux.go

* Adding a retry to the master version checking

* openapi: Read Accept-Content to send gzip if needed

* Add NYTimes/gziphandler dependency

* Bump GCE ContainerVM to container-vm-v20170627

* kubectl/cmd: many small refactors

* Add unit test case for initClusterIP and updateNodePort

* Kubelet: Centralize Capacity discovery of standard resources in Container manager. Have storage derive node capacity from container manager. Move certain cAdvisor interfaces to the cAdvisor package in the process.

* Validate --storage-backend type.

* Follow up for https://github.com/kubernetes/kubernetes/pull/47003

* Populate endpoints and allow ports with headless service

* Disable anonymous-auth

* Add generic NoSchedule toleration to fluentd in gcp config as a quick-fix for #44445

* Fix kube-proxy panic when running with \"--cleanup-iptables=true\"

* add volumes test

* Fix minor bug in autoscaler e2e cleanup

* kubeadm: Start using Tolerations in yaml code again

* Fix bug cluster-subnet logic

* Move go build to image-utils

* Bumped Heapster to v1.4.0

* Add OWNERS file to kubelet gpu package

* Use multiple clients in the density test

* Add retry to RC creation in autoscaler e2e

* Log the OS images used during cluster creation

* Fix Unstructured field accessor

* Add traceroute logging on connection failure

* Allow creating special node for heapster in GCE

* Allow log-dumping only N randomly-chosen nodes in the cluster

* Log get PVC/PV errors in MaxPD predicate only at high verbosity

* Add Google cloudkms dependency

* Add KUBE_GCE_API_ENDPOINT for GCE API endpoint config.

* Add Google cloudkms service to gce cloud provider

* [Federation] Convert the deployment controller to a sync controller.

* Write output into the correct dir

* Add node e2e tests for runAsUser

* Implement GetCapacity in container_manager_unsupported

* Used const variable in scheduler test.

* remove unused codes in loadSystemLanguage

* allow impersonate serviceaccount in cli

* Set a Quobyte quota for newly created volumes

* Partially revert \"Do not fire InsufficientResourceError when there are intentional reasons.\"

* fix #45780 slightly differently

* support NoExecute and NoSchedule taints correctly in DaemonSet controller

* Update addon-resizer version

* Fix removing finalizer for garbage collector

* remove useless argument \"name\"

* Update Quobyte API repo

* Make the Quota creation optional

* Update comment for garbagecollector

* Fix completions for --namespace to override flags

* Rename function to follow other similar functions

* Change KUBE_GCE_API_ENDPOINT to GCE_API_ENDPOINT

* Add configuration for swift container name

* Add unit test coverage for nvidiaGPUManager initialization

* testing fixed hack/verify-gofmt.sh and hack/verify-flags-underscore.py

* TestLoopbackHostPort should accept IPv6 loopback host

* Do not fail on error when deleting ingress

* add dockershim checkpoint node e2e test

* eliminate kubectl dependency on k8s.io/kubernetes/pkg/util

* move crlf to kubectl/util

* Cleanup lint errors in the pkg/kubelet/server/... directory

* Refactor unstructured converter

* remove useless check from impersonation filter

* Update CHANGELOG.md for v1.7.0.

* pull the release notes from k8s.io/features/release-1.7/release-notes-draft.md

* Remove duplicated line from ceph-secret-admin.yaml

* Fix share name generation in azure file provisioner.

* Fix broken mardown format in v1.7 CHANGELOG

* Added scale-down-to-0 e2e for cluster autoscaler

* HTTPExtender: shoud close resp.Body even when StatusCode not ok

* remove redundant alias

* Fix review comments - luxas, ixdy

* don\'t accept delete tokens that are waiting to be reaped

* Fix verify-golint

* Fix issue with not waiting for nodes to be fully schedulable during test cleanup

* Make cluster IP range an argument to ginkgo to fix firewall test

* kubeadm: Remove some old comments

* kubeadm: Remove old feature gates and unused functions

* Fix deleting empty monitors

* kubelet: remove unused bandwidth shaping teardown code

* kubelet: remove NET_PLUGIN_CAPABILITY_SHAPING

* Ensure get_password is accessing a file that exists.

* Add bazel build file

* Return a slightly more verbose error when \"go get\" fails.

* allow heapster clusterrole to see deployments

* set snat to false

* meta.EachListItem should support runtime.Unstructured

* Add testing manifests for (node upgrade) etcd test.

* Add (node upgrade) etcd test.

* move term to kubectl/util

* Add local volume bug to known issues

* update-bazel

* Updated OWNERS_ALIASES for scheduler, and added scheduler integration test owners.

* split util/slice

* Added case on \'terminated-but-not-yet-deleted\' for Admit.

* Fix kubectl describe for controllerRef

* Support completion for kubectl config delete-cluster

* Provide a way to setup the limit NO files for rkt Pods

* Add Cleanup section to apiextensions client-go

* Checked container spec when killing container.

* fix style of yaml and text

* Group and order imported packages.

* Updated comments of func in testapi.

* GuaranteedUpdate must write if stored data is not canonical

* Remove useless error

* Use helper to init ClusterIP and NodePort in Create of service

* Pass cluster name to Heapster with Stackdriver sink.

* add validate for advanced audit policy

* update events\' ResponseStatus at Metadata level

* Covert Stackdriver Logging load tests to soak tests

* Non leaders should overwrite any local copies of keys they have with what the leader has.

* Fix kubernetes charms not restarting services after snap upgrades

* Fix: namespace-create have kubectl in path

* remove tpr API access

* allow a deletestrategy to opt-out of GC

* make the panic handler first

* Fix charms leaving services running after unit removal

* configure kube-proxy to run with unset conntrack param when in lxc

* Remove unused sub-pkgs in pkg/util

* Fix lint errors of pkg/util/net/sets/ipnet.go

* Use the azure certificate password when decoding the certificate

* Fix 401/403 apiserver errors do not return \'Status\' objects

* \"rbd: image xxx is locked by other nodes\" is misleading

* remove unused function and variable from audit backend

* fix error type

* kubeadm: Move app/master into a separate phase directory

* kubeadm: Harmonize import names in the controlplane phase with all the other code

* fix test selector

* Fix secret/configmap/projected update tests to work for large clusters

* Add ability to enable patch conversion detector

* Introducing a cluster-scoped resource in the wardle.k8s.io group. The cluster scoped resource has a field that indicates Flunder.Names that are disallowed. The resource is going to be used by an admission plugin. The admission plugin will list the cluster-scope resources and check against banned names.

* Removed dependencies to testapi.

* Properly nest code blocks

* recheck pod volumes before marking pod as processed

* update test function calls

* fix the pr number

* Ensure namespace exists as part of RBAC reconciliation

* Factored out simulate from nodeShouldRunDaemonPod.

* Validated expected event numbers for damoncontroller test.

* Add a new default printer handler for HumanReadable

* Pods which exits and won\'t restart should not be in the Endpoints.NotReadyAddresses

* schduler: fix validation test

* Check if golint exists first in hack/verify-golint.sh

* fix-review

* Skip errors when unregistering juju kubernetes-workers

* Launch kubemark with an existing Kubemark Master

* Add a README to the pre-existing provdier

* Move test-webserver from contrib/for-demos to kubernetes/test/images

* Add a refreshing discovery client

* bulk delete of tpr packages

* Refactor cached discovery client

* Update CHANGELOG.md for v1.6.7.

* fix cross build for windows

* [e2e-ingress] Get node tags from instance under GKE

* Fix e2e_test.go

* expose lock release error from iptables util

* share iptables util client within kubenet

* Move the kubelet certificate management code into a single package

* Enable Service Affinity for OpenStack cloudprovider.

* Cleanup useless metrics.go for garbagecollector

* word spell error

* eliminate kubectl dependency on kubelet

* Fix Audit-ID header key

* Fix a dead link in cluster/update-storage-objects.sh

* Allows to use versions like 1.6.4 instead v1.6.4

* Add node-name flag to `join` phase

* Fix invalid Content-Type for 403 error

* Volunteer to help with OpenStack provider reviews

* Add initial support for the Azure instance metadata service.

* kubeadm: Make self-hosting work and split out to a phase

* kubeadm self-hosting: unit tests and bazel

* Update CockroachDB tag to v1.0.3

* Kubelet run() should accept partial KubeletDeps

* Add prometheus plugin on fluentd image.

* flush conntrack entry for udp service when # of backend changes from 0 to non-0

* refactor updateEndpointMap and updateServiceMap results

* fix unit tests

* Use network project id for firewall/route mgmt and zone listing

* Use API that utilizes networkProjectId

* follow our go code style: error->err

* Remove shouldAssignNodePorts logic in initNodePort; add test cases.

* update release notes for 1.7

* fix parse resource in setting selector

* run must output message on container error

* Use Secrets for files that self-hosted pods depend on

* Fix ClusterIP leak flake and potential NodePort leak

* Check opts of cloud config file

* remove useless code

* Fix subPath existence check to not follow symlink

* Move metrics_grabbert to test/e2e

* client-go: remove TPR example

* IPv6 support for getting IP from default route

* remove dead code

* Fix Stackdriver Logging e2e soak tests

* Changes for partial eviction flake

* Warn if aws has no cluster id provided

* proxy/userspace: honor listen IP address as host IP if given

* examples/volumes/flexvolume/nfs: check for jq and simplify quoting.

* Bump image version on makefile and DS.

* fed: Remove flakey and redundant replicaset unit test

* fed: Remove redundant replicaset e2e

* fed: Remove redundant deployment e2e tests

* godep-save.sh: add sanity checks

* Make kube-proxy\'s MetricsBindAddress configurable via flag

* Record 429 and timeout errors to prometheus

* Unify generic proxy code in apimachinery

* make externalAdmissionHookConfigurationManager distinguish API disabled error

* proxy/userspace: suppress \"LoadBalancerRR: Removing endpoints\" message

* Prepare to introduce websockets for exec and portforward

* move leaderelection package to client-go

* Move pkg/apimachinery/test to apimachinery

* add test resource carp and change name

* obvious fix

* let scheduler use client-go\'s client when initilaizer leaderelection

* update bazel

* support json output for log backend of advanced audit

* remove extra WriteHeader function

* Run verify-godeps.sh fully if hack/ dir changes

* Fix godep verify to use godep restore script

* audit: fix deepcopy registration

* apimachinery+apiserver: extract test types to work w/ deepcopy-gen

* Update generated files

* hack/OWNERS: add myself (sttts)

* bump rules_docker to pickup performance improvements

* fully implement kubeadm-phase-certs - stash

* apimachinery: remove unneeded GetObjectKind() impls

* Commit-1: Improved code coverage for equivalence cache.

* revert workaround in PR 46246 as APIs have been consistent

* use built-in path separator instead of hard coded

* Update heketi vendor dependencies.

* generated: bazel / godeps

* Move SPDY specific code into its own package

* Removed mesos as cloud provider from Kubernetes.

* Workaround tcpv4-only-systems connect issue in test

* amend the comment

* Removed old mesos deps.

* remove svg mime type extension

* godep-save.sh: add verbosity

* godep-save.sh: workaround broken vendor/github.com/docker/docker/project/CONTRIBUTING.md symlink

* Use glog.
*f when a format string is passed

* add a regression test for Audit-ID http header

* Fix function and type names in the comments

* glusterfs: retry without auto_unmount only when it\'s not supported

* Rackspace for cloud-controller-manager

* Remove dead code for OpenStack provider

* jsonpath filter: allow intermediate missing keys

* Added pod evictors for new zone.

* Bump event-exporter version

* Setting default FlexVolume driver directory on COS images.

* Adds statefulset replicated sql upgrade test. Relies on image code that lives elsewhere.

* Name change: s/timstclair/tallclair/

* Allow missing NETWORK_PROJECT_ID env var

* Begin polling for bootstrap cluster info immediately.

* Fix issue when setting fileysystem capacity in container manager

* dockershim: clean up unused security context code

* Improve node restriction message

* squash the commits into one

* Workaround docker-wait freeze with 17.06.0

* Fix flaky test Test_Run_OneVolumeAttachAndDetachMultipleNodesWithReadWriteMany

* controller: cleanup complete deployments only

* Update labels.yaml

* Add generated clients. modify codegen script to make modification easier and to allow it to work from the root of the sample server.

* Fixes bind-mount teardown failure with non-mount point Local volumes

* Use Container-optimzed OS images for node

* Update NODE_OS_DISTRIBUTION from debian to gci

* Leave the test jobs running on CVM after all.

* Leave testing on CVM by default

* Correctly filter terminated pods in kubectl

* Helper methods dealing with ControllerRef

* integration-tests: remove unneeded post hook wait workaround

* kube-apiserver: make apiserver chain testable

* kube-apiserver: add integration test with real Run() func

* Removed mesos flags from known-flags.txt.

* Improved code coverage for pkg/kubelet/types/pod_update

* fix pdb validation bug on spec

* Fix panic of DeleteRoute()

* Move performance tests to test/e2e/scalability subdirectory

* Implement kubectl describe

* Add node-name flag to `init` phase

* Enable logexporter mechanism to dump logs from k8s nodes to GCS directly

* Update godeps.

* Bazel files.

* Add in build files.

* Code updates for new SDK.

* update bazel and godep after rebase.

* Change fluentd-gcp monitoring to use metrics exposed by SD plugin

* cmd/version: refactor to use the -Options pattern

* mountpath should be absolute

* maxinflight handler should let panicrecovery handler call NewLogged

* Move kubectl e2e tests to their own directory and prefix the test names with [sig-cli]

* Change the default kubeadm bootstrap token TTL to 24 hours.

* Make storage e2e tests start with [sig-storage] instead of [k8s.io].

* Remove volume tags.

* Change [Volume] tags to [sig-storage].

* Move empty_dir_wrapper.go into the storage directory.

* scheduler e2e: make container name shorter

* vSphere for cloud-controller-manager

* Fix typo

* Add test for kubectl resource filter.

* kubeadm: Start to remove old envparams

* support GCE alpha beta API override

* pull compute alpha api client

* fed: Replace NamespacedName for namespace sync compatibility

* fed: Provide client config to adapter factory

* fed: Move namespace propagation to the sync controller

* Moving disruption controller e2es to workload/

* Add test image name to the OS image field of the perf metrics

* Allow verify-sh to run in SILENT mode.

* use overrided api endpoint in gce cloud provider

* Add quick-verify make rule.

* add [sig-apps] prefix to workload e2e tests

* add [sig-apps] identifier to relevant upgrade tests

* add testmain setup func to the integration framework

* use testmain in integration tests

* add make bazel-test-integration target

* Changes for converting node to v1 in drain

* Update CHANGELOG.md for v1.8.0-alpha.2.

* Remove address getter from CreateAddress(Region and Global)

* Delete reduandant
*

* Correct the comment in PSP examples.

* Fixed cluster validation for multizonal clusters.

* Add e2e test for readOnlyRootFilesystem containers

* add more logs for debugging to autoscaling tests

* remove error since err is always nil

* use v1.ResourcePods instead of hard coding \'pods\'

* Added localPV e2e tests with two pods and refactored existing tests

* Fix parsing empty CIDR

* Fix the order of deletion

* Set default snap channel on charms to 1.7 stable

* Add current members of autoscaling teams to autoscaling tests OWNERS

* Added `CriticalAddonsOnly` toleration for npd.

* Revert \"Merge pull request #48560 from nicksardo/gce-network-project\"

* fed: Enable the namespace controller in integration tests

* remove some people from OWNERS so they don\'t get reviews anymore

* Do not persist SelfLink into etcd storage

* Fix issues for local storage allocatable feature

* Add cos-beta-60-9592-52-0 to benchmark tests

* Add known GCE issue for 1.7.0

* Support IPv6 addresses for getListener()

* Updates Docker Engine API

* update verify-staging-imports.sh

* client-go: add canonical import comment

* replace hardcoded use of \"kubectl\" in apply warning msg

* move sig-apps upgrade tests to its directory

* fix gce cloud provider projects api

* azure: msi: add managed identity field, logic

* azure: refactor azure.go to make auth reusable

* azure: acr docker cred provider reuses auth

* add pkg/credentailprovider/azure to hack/.linted_packages

* Update dependencies

* Log error when fail to execute command in with-retry()

* Import kubectl tests in e2e_test.go so they start running.

* add approvers to pkg/controller/garbagecollector

* kubeadm: fix broken `kubeadm init --config` flag.

* remove apimachinery\'s dependency on k8s.io/api

* Correcting two spelling mistakes Reustable->Reusable adversly->adversely

* Update CHANGELOG.md for v1.7.1.

* Add Azure managed disk support

* Adopt debian-base as baseimage

* remove duplicated word file in error

* Use go-ansiterm version matching docker/pkg/term/windows v1.11

* Remove max-pods density test

* Fix typo in ExecCommandParam

* Log error when failed to renew lease.

* add redirect notice in all readme files

* kubeadm: add a warning about the default token TTL changing in 1.8

* Supports customized system spec in the node conformance test and creates the GKE system spec

* Fix comments and typo in the error message.

* use port configuration

* [Federation] Handle federation up timeouts

* Use local PX endpoint for mount, unmount, detach and attach calls

* Fix logging levels in Portworx volume driver and add doc for getPortworxDriver function

* Add more detailed comment for localOnly flag in getPortworxDriver function

* no warning event on dns search deduplication

* add fc volume attacher

* Move api-machinery related e2e tests to a \'api-machinery\' e2e test subdirectory.

* Use $(location) to find generated output paths.

* VirtualMachinesClient.Get backoff in lb pool logic

* backing off az.getIPForMachine in az.NodeAddresses

* Revert \"Use go-ansiterm version matching docker/pkg/term/windows v1.11\"

* Fix compilation failure in dockershim for windows

* Added logging to AWS api calls. #46969

* Mark sig-scheduling tests with [sig-scheduling] so they can be selected for the testdash dashboard.

* Allow setting service account with kubectl run

* Never prevent deletion of resources as part of namespace lifecycle

* Fix tls config copy in dial test

* do not close os.Stdin manually

* Further removal of Gets from Creates

* Renamed nodeutil to v1node.

* Sig-instrumentation e2e tests refactoring

* Remove use of (Label|Field)SelectorParam

* Remove \"special\" restclient parameters

* Remove Kube specific api constructs from restclient

* log node-problem-detector

* github.com/stretchr/testify - main desired update. Old version has bugs.

* Explicitly set --cluster-ip-range --clean-start --minStartupPods

* Move seccomp from anntations to security context

* Run hack/update-generated-runtime.sh

* fix sort-by output problem

* Use const value maxPriority instead of immediate value 10

* hpa: Prevent scaling below MinReplicas if desiredReplicas is zero

* Add test for kube-proxy running with \"--cleanup-iptables=true\"

* forget pod first after bind failed

* Fix condition in autoscaler e2e

* PV controller: resync informers manually

* kubeadm: Remove the old KubernetesDir envparam

* Reduce SD Logging soak test duration & fix problem with multiple nodes

* Group every two services into one in load test

* Update yaml and json with multi arch test images

* Create 64-core masters for huge clusters

* Added comments on not set node network/inode condition to unknown.

* iptables_test should not run on OSX or Windows

* minor adjustments in the sample apiserver around resource creation.

* prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm

* Sanitize test names before using them as namespaces

* Fix if condition in cluster/log-dump/log-dump.sh

* check for negative index values

* kubeadm: Make kube-proxy tolerate the uninitialized cloud taint

* Export BaseControllerRefManager

* Update some tests to fall back to InternalIP if ExternalIP isn\'t set

* Make sure that image tags contain only allowed characters.

* cluster/gke: If NODE_INSTANCE_GROUP is set, don\'t execute any bash

* Invert .linted_packages into .golint_failures.

* Scripted migration from clientset_generated to client-go.

* Manual changes.

* Migrate api.Scheme to scheme.Scheme

* Migrate api.Registry to testapi.Groups in tests.

* manual changes

* import all types for controller manager

* update-bazel.sh

* bootstrap token auth: don\'t accept deleted tokens

* api types: fix protobuf names that are different from JSON name

* generated

* Add cos-beta-60-9592-52-0 to the benchmark tests

* Test Ubuntu image using GKE image spec

* Always use gcr.io/google_containers for side-loaded Docker images

* Improve the warning message if the rbd command is not found.

* correcting spell mistake

* fix NamespaceLifecycle admission

* adding validations on kube-apiserver audit log options

* Make \"kubectl version\" json output more readable.

* Shared Informer Run blocks until all goroutines finish

* Improve Start functions

* Refactor Start functions into an object

* use https to check healthz in hack/local-up-cluster.sh

* cleanup the conversion of ObjectReference

* OpenAPI bug: Array/Map Ptr Elements\' handing was incorrect

* bump(k8s.io/gengo): 712a17394a0980fabbcf3d968972e185d80c0fa4

* update golang version to go1.8

* Refactor: pkg/util into sub-pkgs

* deepcopy: add interface deepcopy funcs

* deepcopy: misc fixes for static deepcopy compilation

* deepcopy: run deepcopy-gen in client-go

* staging/copy.sh: don\'t strip tags anymore with k8s.io/api

* Update generated code

* Add customresourcedefinition and its shortcut in \"kubectl get\"

* kubeadm: Split out markmaster to its own phase

* k8s.io/metrics: restrict k8s.io/metrics imports

* update-staging-godeps: do not exclude k8s.io/metrics

* Cleanup usage of cmd/kubeadm/app/images in addons

* Added delaying deliverer to retry ensureDNSRecords

* Auto generated files

* add InstanceID to fake cadvisor (used in Kubemark)

* Fix health check node port test flake

* Make sure the previous symlink file is deleted before trying to create a new one.

* Add approvers to owners file for hpa

* Fix findmnt parsing in containerized kubelet

* Remove affinity annotations leftover

* Restore cAdvisor prometheus metrics to the main port

* Add extra logging to azure API calls

* This patch add new storage class parameter called `volumeoptions` which can be used to set various volume options. for eg# if you want to enable encryption on volumes, the values like `client.ssl on`, `server.ssl on`..etc can be passed to `volumeoptions` parameter in storageclass.

* [Federation] Make arguments to scheduling type adapter methods generic

* gce: don\'t add kubelet bearer token to known tokens

* Update factory.go informers to update equivalence cache

* Protect against nil panic in apply

* Update generated bazel

* Tolerate a missing MasterName (for GKE)

* add svc and netpol to discovery

* expose RegisterAllAdmissionPlugins so that admission chains can be built reused

* Move GPU e2e tests under owning SIG.

* add a union category expander

* make sure that the template param is the right type before using it

* Modify podpreset lister to use correct namespace

* expose method to allow externally setting defaults on an external type

* Flag support in kubectl plugins

* Add utility function to install go package at a particular commit

* Switch from gazel to kazel, and move kazelcfg into build/root

* update cli owner

* kubectl/deployment: add BaseDeploymentGenerator to reduce duplication

* move admission/v1alpha1 to k8s.io/api

* Move pkg/api/v1/ref -> client-go/tools/reference

* IPv6 support for ChooseHostInterface (part 3 of 3)

* Pass logexporter config through e2e framework

* aggr: don\'t write empty CA files

* generated

* azure: acr: support auth to preview ACR w/ MSI+AAD

* gce: make some global variables local

*
*: remove --insecure-allow-any-token option

* gce: don\'t print every file in mounter to stdout

* Add PriorityClass API

* addressed reviewer comments

* autogenerated files

* volume i/o tests for storage plugins

* Add AzureFile,Flex,Flocker volume source to describe printer.

* Added golint check for pkg/kubelet.

* # This is a combination of 2 commits. # The first commit\'s message is:

* Build files generated

* Add seccomp profile in sandbox security context

* Set default CIDR to /16

* Fix the Azure file to work within different cloud environments

* Add the azure cloud provider dependency to azure file plugin

* Fall back on Azure public cloud endpoint when no Azure cloud provider is found

* Fix comment to conform to golint

* Restrict the dir and file permissions of the mounted volume

* Add tests for other cloud providers

* Add the fake cloud provider to azure file build

* Remove unused import after rebase

* Remove clientset from azure file test build

* Support \"fstype\" parameter in dynamically provisioned PVs

* Rev Calico\'s Typha daemon to v0.2.3 in add-on deployment.

* Allow to override build date

* check for nil value in interface for proxier health

* If the init fails for whatever reason, plugin is nil and cannot be used.

* fix leader-elect-resource-lock\'s description

* add test case for pdb printer

* remove redundant param in e2e_node/remote

* Fix too extensive logging in Stackdriver Logging e2e tests

* Add more logging to PD node delete test

* Bump rescheduler version to v0.3.1

* [Federation] Update to enable all apis in integration tests

* [Federation] Update to enable all apis in e2e tests

* Fix test

* add some more deprecation warnings to cluster

* fixit: break sig-cluster-lifecycle tests into subpackage

* Restrict the visibility of two packages in pkg/client/

* test/OWNERS: add zmerlynn

* tighten quota controller interface

* Remove deprecated cluster/log-dump.sh

* use informers for quota evaluation of core resources where possible

* Fix up imds, also refactor for better testing.

* Tolerate Flavor information for computing instance type

* glbc: change the label of the l7-lb-controller pod

* Refactoring taints to reduce sprawl

* Build files generated

* Respect KUBE_BUILD_PLATFORMS set by user

* Check whether NODE_LOCAL_SSDS=0 and handle this case appropriately.

* Remove hostname label condition in SchedulerPredicates

* bump(github.com/coreos/go-oidc): a4973d9a4225417aecf5d450a9522f00c1f7130f

* Updating staging Godeps

* Update wordpress to 4.8.0

* Fix on-premises term in error string and comments

* reenable garbage collector e2e tests

* Move e2e dependent images from kubernetes/kubernetes.github.io repo

* remove types.generated.go generated for internal API types

* Move cmd/libs/go2idl/
* to staging/src/k8s.io/kube-gen/cmd

* Fixup go2idl references

* Make staging hack/update-codec.sh scripts relocatable and kube independent

* Update godeps

* Can not set struct pointer directly to interface(kubelet panic)

* fix the typo of Kubernetes Worker

* [e2e] Also verify content returned by kube-proxy healthz server

* remove duplicated bug-fix item

* make default values as const vars

* Simplify master-worker relation missing message

* fix bug when azure cloud provider configuration file is not specified

* bump(golang.org/x/sys): 7a4fde3fda8ef580a89dbae8138c26041be14299

* Remove myself from a bunch of places

* Unify fuzzers and roundtrip tests

* fix mutation in statefulset sync

* fix typo

* kubelet: remove code for handling old pod/containers paths.

* Don\'t fail fast if LoadBalancer section is missing

* Update status to show failing services.

* Fix master disk size variable usage

* Fix bug with sed in log-dump script

* ParseEncryptionConfiguration: simplify code.

* add e2e tests for bootstrap signer

* add e2e for bootstrap token cleaner

* add integration testing for bootstrap token auth

* update-codecgen.sh: add staging dir support to tsort logic

* allow exceptions to be specified to handle conflicting group and resourc enames

* fuzzer: remove unreachable code

* Add yujuhong to test/e2e_node/OWNERS

* kubeadm: Make the hostPath volume mount code more secure

* Make NodeRestriction admission allow evictions for bounded pods

* Add new API version apps/v1beta2

* Don\'t enable apps/v1beta2 by default

* Mark apps/v1beta2 as WIP in types.go

* The `backup-volfile-servers` mount option allows to specify more than one server to be contacted in single mount command. With this option in place, it is not required to iterate over all the servers in the addrlist. A mount attempt with this option will fetch all the servers mentioned in the list, Reference # https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html/Administration_Guide/sect-Native_Client.html

* update import

* update godep

* fix golint

* Cleanup storage e2e test names by removing redundant [sig-storage] tags and [Volume] tags

* Use custom port for node-problem-detector

* Avoid looking up instance id until we need it

* Enable RBAC by default in hack/local-up-cluster.sh

* remove deprecated flags LowDiskSpaceThresholdMB and OutOfDiskTransitionFrequency

* kubeadm: don\'t customize etcd selinux label

* Use AppsV1beta1 instead of Apps clienset

* Fix golint failures by skipping auto-generated codes

* Mark apps/v1beta2 runtime Objects for code-gen

* Autogen

* Added utility functions for scheduler integration testing and cleaned up scheduler_test.go

* Converted a couple of e2e priority tests to integration tests.

* Deleted the converted e2e tests

* update bazel

* Addressed reviewer comments

* update things

* Do not allow vendored code to import staging code

* Fix network/subnet url logic

* Add project to pd delete node gcloud command

* Bump up minNodesHealthCheckVersion in gce_healthcheck due to known issues

* Fix issue in installing containerized mounter

* Fix TODO: rename podInfraContainerID to podSandboxID

* Move event type

* Auto-calculate master disk and root disk sizes in GCE

* Reduce hollow proxy mem/node

* SetNewReplicaSetAnnotations() should compare revisions as numbers than strings

* Add UT and upgrade this test suite with go sub-test

* remove unused function

* fix invalid issue link on api conversion

* Review Comments

* [trival] fix typo

* add namespace for describe pdb

* Explicitly use Core() client when creating eventClint

* Do not try to restart services

* switch from package syscall to x/sys/unix

* Use Eventfd() from x/sys/unix

* Fix: PV metric is not namespaced

* Update CHANGELOG.md for v1.7.2.

* Pass clientset\'s Interface to CreateScheduler.

* Add client side event rate limiting

* add cronjobs to all

* Use specified ServerName in aggregator TLS validation

* more robust stat handling from ceph df output

* rate limiting should not affect system masters

* Update cos-dev image in benchmark tests to cos-dev-61-9759-0-0

* copy OWNERS to k8s.io/api

* [client-go] Add dynamic.Interface

* fix race in proxy unit test

* Update to version gate CRDs to 1.7 and greater

* Fix unstructured marshaler to handle all JSON types

* generate clientset, external listers, and external informers to client-go directly

* fixed conflict resolution behavior while apply podpresets

* remove external clientset, listers, informers from kubernetes

* remove update-staging-client-go.sh. Note that client-go/pkg/version is copied from kubernetes

* move clientset\'s import_known_versions.go to kube-controller-manager

* update README.md

* Fix duplication in scheduler.

* rename pkg/api/v1/builder.go to register.go to be consistent with others

* generated innocuous change

* Fix controller crash because of nil volume spec

* Change e2e-framework behavior to retry retriable API errors

* Use absolute path when updating staging godeps

* Move Godeps.json into correct path for metrics and kube-gen

* Add Readme files to staging Godeps

* Garbage collector e2e tests create deployments with unique labels, and unique podTemplate

* squash the commits into one

* Delete redundant err definition

* Rename test dir to allude sig-apps ownership

* Moves networking e2e tests to test/e2e/network

* Do not spin forever if kubectl drain races with other removal

* fix f.Errorf

* fix para

* Use a client interface instead of a concrete type

* Add node e2e tests for GKE environment

* statefulset_expansion.go delete ps define

* Fixed glusterfs mount options

* apimachinery: fail early with deepcopy problems during roundtrip tests

* hack/update-staging-godep.sh: check for staging repos in GOPATH

* continue Fix error format and info for get_test.go

* Fix ha_master tests

* Allow unmounting bind-mounted directories.

* Set external hostname in local-up-cluster

* tune iscsi and fc volume owner

* Fix bug in command retrying in kubemark

* allowPrivilegeEscalation: modify api types & add functionality

* allowPrivilegeEscalation: apply to correct docker api versions

* test/images: add no_new_privs test container

* allowPrivilegeEscalation: add integration test with setuid binary

* StatefulSet: Stop using `initialized` annotation in e2e tests.

* StatefulSet: Remove `pod.alpha.kubernetes.io/initialized` annotation.

* allowPrivilegeEscalation: update docs

* allowPrivilegeEscalation: update code generation

* Add ubuntu to gluster and nfs tests

* Providing kubeconfig file is now the switch for standalone mode

* increate GC orphan test timeout

* Add some logs to certificate rotation

* [client-go] Add fake dynamic Client/ClientPool

* kubeadm: Make sure --config can be mixed with --skip-
* flags

* unify tag syntax for genclient tags and add onlyVerbs and skipVerbs

* update tags in types for new genclient syntax

* regenerate clients to pickup updated genclient:noStatus comment

* update staging clients

* Added sig-storage labels to upgrade tests and moved them to appropriate directory

* regenerate clients

* let garbage collector send orphaning patches in parallel

* Test GCE ILB functionality

* Add Service table printer

* Fix Operation names for subresources

* Update swagger and OpenAPI spec

* Implement Envelope encryption Transformer

* Add unit tests for envelope transformer

* Add benchmarks for envelope transformer

* Add [sig-network] prefix to network e2e tests

* remove duplicated import and wrong alias name of api package

* Add ingress table printer

* Expose Informer constructors

* Re-generate informers

* Fix make help

* Add statefulset table printer

* Add Endpoint table printer

* Add Node table printer

* set default adminid for rbd deleter

* update json-patch to fix nil value issue when creating mergepatch

* update related files

* Added node taints labels.

* add namespace test

* use demorgans to make startRouteController implementation more readable

* Add shiywang to sig-cli help out review code

* Update maintainers for Juju charm layers

* Enhance scheduler cache unit tests to cover OIR in pod spec

* Change pod config to manifest

* Change log level for pod manifest

* remove deads2k from volume reviewer

* add reflector metrics

* Fix bug in cluster/log-dump and add OWNERS file

* Log abridged set of rules at v2 in kube-proxy on error

* kube-apiserver: add CRD initializer test

* Use case-insensitive header keys for `--requestheader-group-headers`.

* apimachinery: fix meta/v1alpha1.Table deepcopy

* Add sig-testing OWNERS_ALIASES

* openapi: refactor into more generic structure

* DS: add to v1beta2/types.go

* DS: added v1beta2/defaults

* DS: added unversioned type apps.DaemonSet and validation

* DS: Add conversion functions

* DS: changes to server and storage

* DS: kubectl changes

* DS: RBAC changes

* Bump required golang version to 1.8

* Add jq and remove godep from kube-cross

* rsync git directories into kube-build

* Simplify output of ensure_godep_version

* Log times to restore godeps

* Dockerize update-staging-godeps

* DS: Api Machinery Fixes

* DS: autogen

* DNS name error message improvement

* Add ext4 and xfs tests to GCE PD basic mount tests

* Updates godep for etcd-client to 3.1.10.

* Move cmd/kubelet/app/bootstrap.go to a kubelet subpackage

* Move client cert bootstrap to a kubelet package

* Rebase hyperkube image on debian-hyperkube-base, based on debian-base.

* move sig-node related e2e tests to node subdir

* skip downloading and extracting tarballs and docker images when they are preloaded.

* Replace duplicate cAdvisor Mock chain code with function

* Converted usage of federation internal clientset to versioned clientset

* Stop generating federation internal clientset

* When faild create pod sandbox record event.

* Remove federation internal clienset

* Auto generated files

* improve log for pod deletion poll loop

* compact rules which has the same ResourceName

* validate cadvisor rootpath

* change Errorf to Error when no printer format

* simplify if and else for code

* enhance kubectl run error message

* remove redundant comment

* add daemonset to all categories

* add empty lines to separate unimplemented elements

* replicaset fix typo

* update auto-gen

* Better message if we dont find appropriate BlockStorage API

* Cassandra example, use nodetool drain in preStop

* use the core client with version

* Fix registered ownerName in prometheus

* Run mount in its own systemd scope.

* Add termination gracePeriod

* Update vendor of gopkg.in/gcfg from v1 to v1.2.0

* Wrap gce.conf parse with FatalOnly error filter

* Adding metrics support to local volume

* Bump ReplicaSet to apps/v1beta2

* Fix ReplicaSet federation e2e test: use explicit cluster.ReplicaSets

* Remove default binding of system:node role to system:nodes group

* adds an admission plugin initializer to the sample apiserver. the plugin initializer is going to be used by an admission plugin that will use generated informers/listers to list the cluster-scoped resources.

* Autogen

* StatefulSet: Remove `initialized` annotation from apps/v1beta2.

* Move the audit e2e test out of the node SIG

* Unit test unknown value in config

* make admission tolerate object without objectmeta for errors

* Fixes bug where the network used in the cloud provider was not taken from the /etc/gce.conf configuration.

* make it possible to allow discovery errors for controllers

* Adding unit test for ensureStaticIP

* Check volumespec is nil in FindPluginBySpec

* Add OWNERS file for Calico add-on

* Replace duplicate pod status code with function

* Fix log-dump script wrt logexporter

* improve detectability of deleted pods

* FC volume plugin: remove unmount of global mount

* Add inter-pod-affinity integration tests and remove corresponding e2e tests

* fix arg type error in printf

* Use MetricsStatsFs to expose RBD volume plugin metrics.

* Add apiserver metric for response sizes split by namespace scope

* Reduce GC e2e test flakiness

* Adding old juju maintainers

* set k8s master charm state to blocked if the services appear to be failing

* Fix some typos

* fix apps DeploymentSpec conversion issue

* Display list of failed tests to the user

* reverting deprecatin of vcenter port

* kubeadm: use kubelet bootstrap instead of reimplementing

* skip WaitForAttachAndMount for terminated pods in syncPod

* Azure: Allow VNet to be in a separate Resource Group

* StatefulSetReaper#Stop: use the timeout we calculate

* fix the typo of intializing

* Pod affinity test clean up as AffinitInAnnotation is removed.

* cloudprovider/photon: remove unneeded bash exec

* Volunteer to review Cinder related code

* Lowercases hostname for kubeadm cert slice

* Supply Portworx StorageClass paramters in volume spec labels for server-side processing

* Add comment for parameter parsing logic in Portworx volume create

* update the link to client-gen doc

* Add priority admission controller

* squash the commits into one

* revert most of the changes, add comments

* Emit event and retry when fail to start healthz server on kube-proxy.

* Don\'t use cacher if uninitialized

* Revert \"Remove old node role label that is not used by kubeadm\"

* Remove blank lines-review comments

* add podsecuritypolicy in kubectl describe command

* Add waitForFailure for e2e test framework

* Fix the matching rule of instance ProviderID

* Add a support for GKE regional clusters in e2e tests.

* Move ResourceQuota plugin at the end of the admission plugin chain.

* Fix crd delete nil pointer

* Enable garbage collection of custom resources

* Log attach detach controller skipping pods at higher priority

* Add conversion-gen between extensions and apps

* remove useless conversion-gen tags

* Autogen

* We never want to modify the globally defined SG

* Add admission controller API to config and externalize ADMISSION_CONTROL

* Enable node authorizer in local-up-cluster

* conversion-gen: support recursive types

* Relax restrictions on environment variable names.

* Fix bug and add log statements to log-dump script

* Revert \"Aggregate OpenAPI specs\"

* Revert \"Separate Build and Serving parts of OpenAPI spec handler\"

* Add KMS plugin registry

* Add unit tests for KMS transformer initialization

* Add cloudprovidedkms provider support

* Emit event when failed to create route

* Update generic errors with the new http package codes

* Report non-resource URLs in max-in-flight correctly

* Timeout filter returns 504 and an inconsistent error body

* Return a status cause for disruption budget that contains more details

* generated: bazel

* SuggestClientDelay is not about retrying, clarify message and header

* Filter duplicate ips or hostnames for ingress

* rename this file to delete.go to avoid confusion

* fix missing verb at end of format string

* Add test items for job utils

* Renamed packge name to apiv1

* fix swallowed error in kubectl rolling_updater

* send volumesInUse sorted in node status updates

* update dashboard image version

* fix error message for cronjob

* add label examples for kubectl run

* amend the message

* fix spelling

* adding kube-apiserver starting option tests

* refactor capabilities to a singleton struct

* Reduce kubectl calls from O(#nodes) to O(1) in cluster logdump

* Added taints node by condition feature flag.

* Add parallelism to GCE cluster upgrade

* Renamed zoneNotReadyOrUnreachableTainer to zoneNoExecuteTainer.

* Renamed doTaintingPass to doNoExecuteTaintingPass.

* Add KUBE_COVER help to \"make test\"

* Make \"kubeadm version\" json format output more readable.

* Fix issue: https://github.com/kubernetes/kubernetes/issues/49728 Let user choose ADVERTISE_ADDRESS in case the apiserver heuristic for the external address is broken

* Fix a bug that --flag=val causes completion error in zsh

* Add missing ugorji codecs for auth/v1, settings/v1alphav1 and storage/v1

* bump(k8s.io/gengo): 9e661e9308f078838e266cca1c673922088c0ea4

* update generated deepcopy code

* Fix initial exec terminal dimensions

* autogenerated files

* Refactor logging e2e tests, add new checks

* ignore udp metrics in k8s

* kubeadm: make rpm use --bootstrap-kubeadm

* Set default vmodule flag in integration tests

* [addon-manager] Remove unneeded annotation codes

* Fixes kubernetes/kubeadm#347

* set nodeOODCondition

* Fix usage a make(struct, len()) followed by append()

* kubectl: deploy generators don\'t need to impl Generator iface

* bump(github.com/googleapis/gnostic):0c5108395e2de

* FC volume plugin: remove block device at DetachDisk

* Use --sandbox_fake_username with bazel build

* gce: make append_or_replace.. atomic

* gce: extend CLOBBER_CONFIG to support known_tokens.csv

* Add clusterroles for approving CSRs easily

* ScaleIO Volume Plugin - volume attribute updates

* Fix indent of ginkgo-e2e.sh

* generated: clarification on RetryAfterSeconds field

* refactor function is-preloaded in configure.sh

* fix alpha/beta endpoint when api endpoint is specified

* metadata improvements.

* Update images used in the node e2e benchmark tests

* If err does not add continue, type conversion will be error. If do not add continue, pod. (
* V1.Pod) may cause panic to run.

* Add basic local volume provisioner e2e tests

* add UpdateContainerResources function to CRI

* fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go

* fix winspace wrong comment message

* Validate if service has duplicate port

* Add e2e test for privileged containers

* Allow mode in e2e-framework to gather metrics only from master

* Update Godeps to use kube-openapi

* Update main repo references to new kube-openapi repo

* Aggregate OpenAPI spec

* Update Bazel

* Update OpenAPI spec

* Delete redundant print \'got:\'

* Add [sig-autoscaling] prefix to autoscaling e2e tests

* Add gmarek to hack/ OWNERS

* Multiarch nonewprivs test image

* Update the DeleteReplicaSet in rs_util.go to use server side reaper

* Allow configuration of logrorate in GCE

* adds an admission plugin to the sample apiserver. the admission plugin checks whether Flunder.Name is not on the banned list. including a unit test with various test scenarios.

* Fix duplicate metrics collector registration attempted error

* Don\'t stop log-dumping if logexporter fails

* Allow update to GC fields for RBAC resources

* GC shouldn\'t send empty patch

* This adds an etcd health check endpoint to kube-apiserver addressing https://github.com/kubernetes/kubernetes/issues/48215.

* cmd/explain: make \'recursive\' local var (not global)

* certificate manager: close existing client conns once cert rotates

* generated:

* increate gc e2e test timeout

* fix example apiservice.yaml to add groupPriorityMinimum and versionPriority

* rename OWNER to OWNERS

* Increase default value of DeploymentSpec.RevisionHistoryLimit to 10

* auto-gen

* Rename e2e sig framework files

* Fix Getpath() description

* Correctly handle empty watch event cache

* update submit-queue URL in README.md

* Add [sig-scalability] prefix to scalability e2e tests

* Bugfix: verify-no-vendor-cycles.sh detects wrong cycles

* Have a uniform format for filenames across controllers

* change the StatefulSet observedGeneration from a pointer to an int for consistency

* auto-gen

* Remove deprecated kubectl command aliases

* Improve shared informer notification dispatching

* fed/clustercontroller: fix race when updating data

* remove dead log handler and increase verbosity

* Enabled SD monitoring e2e tests on GCE

* Do not allow empty topology key for pod affinities.

* Remove extraneous white space

* Add missing UID in SubjectAccessReviewSpec

* create default storage selection functions

* Add --feature-gate flags to kubeadm

* VCLib Package - A common framework using by vsphere cloud provider for managing all vsphere entities

* vSphere Cloud Provider code refactoring

* e2e test changes

* Move left networking e2e tests to test/e2e/network

* cleanup dead installer code

* client-gen: don\'t return a nil client interface value

* generated

* Add cblecker to hack/ approvers

* Upgrade Elasticsearch/Kibana to 5.5.1 and use official Kibana image

* Update repo-infra and rules_go Bazel workspace dependencies

* Fail on swap enabled and deprecate experimental-fail-swap-on flag

* Fix premature return

* AttachDisk should not call detach inside of Cinder volume provider

* Fix typo in test/images/port-forward-tester/Makefile

* Adding cassandra test server manifests.

* Correctly cast port to string

* fix typo

* Update kazel to include kubernetes/repo-infra#21

* Update kazelcfg to kazel everything

* Make hack/boilerplate/test files use a more appropriate package name

* Run hack/update-bazel.sh to generate BUILD files

* Fix BUILD files

* remove temporary file after apt-get install

* Fix incorrect owner in OWNERS

* Remove [k8s.io] tag and redundant [sig-storage] tags from tests

* Do not try run preStop hook when the gracePeriod is 0 Add UT for lifeCycle hooks

* Add Event table printer

* Add namespace table printer

* Add secret table printer

* Add serviceAccount table printer

* Add persistentVolume table printer

* Add persistentVolumeClaim table printer

* Add componentStatus table printer

* Add table printer for 3rdpartyResource and deployment

* Add table printer for hpa

* Add table printer for configMap

* Add table printer for psp

* Add table printer for cluster

* Add table printer for rolebinding clusterRoleBinding

* Add table printer for csr

* Add some more table printer

* fix secret printer

* address comments

* Fix pointer bug in local volume e2e test

* add possibility to use multiple floating pools

* Fix comment of request.go

* Remove traces of go2idl

* Moved node condition check into Predicats.

* Fix comment of isHTTPSURL

* Remove 0,1,3 from rand.String, to avoid \'bad words\'

* Enable overriding fluentd resources in GCP

* Update CHANGELOG.md for v1.7.3.

* Allow for some pods not to get scheduled in CA tests.

* Fix etcd migration for HA clusters

* Remove v2 data when upgrading to 3.1.
* version

* add fieldSelector podIP

* Explicitly use Core client as EventClient in hollow node

* UTs for pkg/kubectl generate_test.go

* apiextensions: fix panix with KUBE_API_VERSIONS set

* Cover get equivalence cache in core

* Update generated files

* Bump GLBC version to 0.9.6

* fix data race in storage (during addition)

* Remove failure check from deployment controller

* Adding IPv6 to cidr_set and cidr_set_test

* Adding cassandra test.

* Update OWNERS files for networking components

* Add kube-proxy change notice to v1.7.3 release note

* Added field CollisionCount to StatefulSetStatus

* Update CHANGELOG.md for v1.6.8.

* Move remaining cert helper functions to client-go/util/cert - Move public key functions to client-go/util/cert - Move pki file helper functions to client-go/util/cert - Standardize on certutil package alias - Update dependencies to client-go/util/cert

* fix outofdisk condition not reported

* Fix incorrect call to \'bind\' in scheduler

* Let controllers ignore initialization timeout error when creating a pod.

* support multiple ec2 ips in aws provider

* increase the GC e2e test timeout because the API re-discovery increases the latency

* Return Audit-Id http header for trouble shooting

* Removed un-used InodePressure condition.

* validate token length in tokenReview

* Display healthcheck nodeport and other fields in describe service

* kube-gen: move client-gen tests into test dir

* kube-gen: fixup moved tests

* verify-staging-import: ignore k8s.io/kube-gen/test

* kube-gen: cut off protobuf-gen from apimachinery

* kube-gen: cut off conversion-gen from k8s.io/apimachinery

* kube-gen: unify update-codecgen.sh scripts

* Update generated files

* fix typos in federation-controller

* Update OWNERS to correct members\' handles.

* codegen: skip generation of informers and listers on resources with missing verbs

* Don\'t expect internal clientset to be generated for groups without new types

* Add metav1.MicroTime to exceptions in tag tests

* Add MicroTime to DeepEquals overrides

* Fix swallowed errors in RS and deployment tests

* Add e2e test for cronjob chained removal

* Add basic install and mount flexvolumes e2e tests

* Move proxy code to its own package

* Ensure proxy server code is logically distinct

* Allow the UpgradeAwareProxy to have an upgrade specific transport

* React to changes in UpgradeAwareProxy

* Use the UpgradeAwareProxy in `kubectl proxy`

* Add e2e test for kubectl exec via kubectl proxy

* Add pkg/kubectl/proxy to list of pkg/kubectl/util consumers

* Fix includeObject parameter parsing

* Refactored the fluentd-es addon files, moved the fluentd configuration to ConfigMap

* kubeadm: Replace
*clientset.Clientset with clientset.Interface

* Handle errors more consistently in scheduler

* Update build requirements

* openapi: Remove cache mechanism

* c-go: Use http Etag cache

* c-go: Add dependencies for http-cache

* c-go/transport: Add test for CacheRoundTripper

* Add info about staging repos to staging/README.md

* Add node e2e test for Docker\'s shared PID namespace

* Fix local storage test failures

* Use \'Infof\' instead of \'Errorf\' for a debug log

* fix the link of doc

* fix typo

* use status code instead of response body for checking kube-proxy URLs

* Remove deprecated ESIPP beta annotations

* kubeadm: Add back labels for the Static Pod control plane

* fully implement kubeadm-phase-kubeconfig

* Fix typo in certificate

* Fix typo in comment

* [Federation] hpa controller

* Fixed typo in comment in eviction_manager

* Fixed typo in rkt

* Fix typo in variable of remote

* [Federation] Make the hpa scale time window configurable

* plugin/pkg/client/auth: add openstack auth provider

* [OpenStack] Add more detail error message

* Migrate to GetControllerOf from meta/v1 package

* Migrate to NewControllerRef from meta/v1 package

* Migrate to IsControlledBy from meta/v1 package

* client-gen: stop embedding of GroupVersion client intfs

* Fix code implicitly casting clientsets to getters

* Fix printer hack to get a versioned client

* Update generated code

* getHashEquivalencePod also returns if equivalence pod is found

* Remove duplicate logging code

* Remove duplicate command example

* Add whitespace to improve error msg clarity

* Modify e2e.go to arbitrarily pick one of zones we have nodes in for multizone tests.

* Fix NotFound errors do not line up with API endpoint\'s group version

* Move the sig-instrumentation test to a dedicated folder

* Fix Stackdriver Logging soak tests issues

* Ignore the available volume when calling DetachDisk

* Fix storage tests for multizone test configuration.

* Handled taints on node in batch.

* Added toleration for node condition taints.

* There is no need to split service key repeatedly

* convert default predicates to use the default

* Enable selfHosted feature flag

* Add a simple cloud provider for e2e tests on kubemark

* Arbitrarily chose first (lexicographically) subnet in AZ on AWS.

* Handle missing OpenAPI specs on aggregated servers

* provide the failing health as part of the controller error

* add job controller

* add fed job e2e test

* implement statefulset scale subresource

* Make ClusterID required for AWS. #48954

* Add irfanurrehman as approver for federation.

* Add Shashi as approver for e2e_federation

* Revert \"Merge pull request #47353 from apelisse/http-cache\"

* Move ownership of proxy test to sig-network directory

* Copy annotations from StatefulSet to ControllerRevisions it owns

* Addressed reviewer comments

* add LocalZone into gce.conf and refactor gce cloud provider configuration to allow avoiding external communication

* Deprecate Deployment rollbackTo field and remove rollback endpoint

* Conversion code for apps/v1beta2 Deployment

* Remove some apps/v1beta2 generated files so that codegen works

* Autogen

* Moved node/testutil to upper dir.

* add some checks for fedration-apiserver options

* Update mrubin to matchstick in OWNERS

* Honor --use-service-account-credentials and warn when missing private key

* Change test to work around restmapper pluralization bug

* Add error return for the Marshal object invocation.

* simplify logic around LB deletion

* Added monitoring sidecar for Heapster

* kubeadm: Centralize commonly used paths/constants to the constants pkg

* Block on master-creation step for large clusters (>50 nodes) in kube-up

* Remove ScheduledJobs support

* Detect systemd on mounter startup

* Generated changes after removing ScheduledJobs

* Update gophercloud to support list interfaces of OpenStack instance

* Fix conflict about getPortByIp

* Add blank import for node tests

* validate kube-apiserver options

* Add unittests for GenerateLink

* Ensure that pricing expander is used by default in Cluster Autoscaler

* Dynamic Kubelet Configuration

* additional generated files

* core generated files

* Retry fed-lb-svc creation on diff NodePort during e2e tests

* Add debug logs to log-dump

* GKE deployment: Kill cluster/gke

* Change default update strategy to rolling update

* Autogenerated

* Break up node controller into packages

* RawExtension unmarshal will produce empty objects if the original object was nil #50323

* Rewrite staging import verifier in Go

* golint fixes

* fix dump

* Clean validation_test go file When i wrote test cases for local storage quota, found some unused vars and useless code, remove them

* fix error message for scale

* delete redundant test para.

* Remove some helpers associated with ESIPP.

* checking if disk is already attached for photon.

* Reduce hollow-kubelet cpu request

* correct the allocated element number of pod selectable field set

* Improve GC discovery sync performance

* Bugfix: set resources only for fluentd-gcp container.

* Fix unused Secret export logic.

* Add MemoryPressure/DiskPressure toleration for no BestEffort pod.

* wires ban flunder admission plugin to the sample server

* Don\'t call one of pointless conversions

* Added changes as a result of running make update

* kubeadm: Upload configuration used at \'kubeadm init\' time to ConfigMap for easier upgrades

* autogenerated bazel

* Use local JSON log buffer in parseDockerJSONLog.

* Add explicit API kind and version to the audit policy file on GCE

* Use zero TerminationGracePeriodSeconds in fixture

* Admit sysctls for other runtime.

* New get-kube.sh option: KUBERNETES_SKIP_RELEASE_VALIDATION

* remove apps/v1beta2 defaulting codes for obj.Spec.Selector and obj.Labels

* csr: add resync to csr approver

* Make socket address parsing work on FreeBSD.

* Add rbac.authorization.k8s.io/v1

* Generated files

* Adds v1.Service.PublishUnreadyAddresses and deprecates service.alpha.kubernetes.io/tolerate-unready-endpoints

* generated code

* Fix dropped errors in vsphere_volume

* Simplify hack/verify-flags-underscore.py

* Remove redundant files

* Add leader election support for controller-manager

* Auto generated files

* AddOrUpdateTaint should ignore duplicate Taint.

* Target godep script change verifications

* code format for test/integration/framework/master_utils.go

* Add token group adder component

* Add token cache component

* Add union token authenticator

* Simplify bearer token auth chain, cache successful authentications

* kubeadm: Move all node bootstrap token related code in one phase package

* kubeadm: Add the \'kubeadm phase bootstrap-token\' command

* autogenerated

* Remove repeated reviewers names

* remvoe redundant words in Type Taint

* auto-gen

* add grabbing CA metrics in e2e tests

* jsonpath: fix comments

* Simplify a command for unmounting mounted directories under /var/lib/kubelet.

* apimachinery: remove pre-apigroups import prefix logic

* Update etcd path test to always use kindWhiteList

* Add functionality needed by Cluster Autoscaler to Kubemark Provider.

* add Cluster Autoscaler scalability test suite

* Typedef visitor to document parameters

* FC plugin: Support WWID for volume identifier

* Autogenerated files

* Detect missing steps in edit testcases

* Specify node labels for fakeVolumeHost when testing

* remove the duplicate address of glusterfs

* GCE: filter addresses by IP when listing

* kubeadm: add pubkeypin package (public key pinning hash implementation).

* kubeadm: implement TLS discovery root CA pinning.

* kubeadm: generated deepcopy for `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm` and `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1`.

* Add a heap data store to client-go

* autogenerated files

* move logs to kubectl/util

* Kubelet manage hosts file for HostNetwork Pods instead of Docker

* Fix my incorrect username in #46649

* Adds IPv6 test case to kubeadm bootstrap

* Correct case for starting character of option string

* Fix grammatical error

* GCE: Specify alpha in annotation key, deprecate lower case of LB type

* Add node benchmark tests for cos-m60 with docker 1.12.6

* forbid kubectl edit an empty list

* Tainted node by condition.

* get_test.go fix error format and info

* Fix typos in kubefed package

* Fix the method name of BuiltInAuthenticationOptions

* add fuzzer dir for each apigroup

* Requeue DaemonSets if non-daemon pods were deleted.

* add cmd-test for sort-by command

* Moved node condition filter into a predicates.

* fix a typo

* Update Stackdriver event exporter version

* Pass config to external Kubemark cluster in e2e tests

* Add variables for passing test args to kubemark master components

* apimachinery: remove misleading NewDefaultRESTMapper

* Bump Cluster Autoscaler to 0.7.0-alpha1

* Bump rules_go

* Use gazelle and kazel together to manage BUILD files

* Autogenerate BUILD files

* Remove deprecated cgo_genrules

* Use buildozer to remove deprecated automanaged tags

* Use buildozer to delete licenses() rules except under third_party/

* Add metric for remaining life of authenticating certificates

* Add a SUPPORT.md file for github

* Added jdumars to OWNERS file for Azure cloud provider

* openapi: Move Fakes to testing package

* Renamed to RegisterMandatoryFitPredicate.

* select an RBAC version for kubefed it knows how to speak

* openapi: Add validation logic

* deprecation of .spec.templateGeneration from extensions/v1beta1 DaemonSet to apps/v1beta2

* auto-gen

* move UDP conntrack operations together to pkg/proxy/util/conntrack.go

* Delete load balancers if the UIDs for services don\'t match.

* fix-review

* do-rebase

* Refactor updateClusterStatus to reduce locking

* Refactor TestUpdateClusterRace and TestUpdateClusterStatusOK

* Use DiscoveryClient from kube clientSet instead of creating new one

* Auto generated file

* Cleanup locking in configz

* add validation for fed-apiserver

* Remove packages which aren\'t relied on by heapster anymore.

* Remove deprecated flag \"long-running-request-regexp\".

* Adding support for internal IP for e2e tests

* Avoid rsync of .git directory

* Support seccomp profile from container\'s security context

* Use seccomp from security context

* Rename runtime/default to docker default

* run hack/update-bazel.sh

* Implement kind visitor library for kubectl

* Support for using a client-go client from kubectl

* Mark volume as detached when node does not exist for vsphere

* [VSphere] Don\'t return err when node doesn\'t exist in DetachDisk()

* Fix node allocatable resource validation GetNodeAllocatableReservation gets all the reserved resource, and we need to compare it with capacity

* Make endpoints controller update based on semantic equality

* fix apply_set_last_applied dry-run output issue

* remove useless comments in node_controller.go

* Add image e2e-net-amd64 to CommonImageWhiteList

* some small fix in verify-flags-underscore

* Changes for updating serviceaccount of a resource.

* NodeConditionPredicates should return NodeOutOfDisk error.

* simplify disruption controller

* Add prefix to common networking e2e tests

* update clientset.Core() to clientset.CoreV1() in test

* Increase kibana CPU limit to sped up the startup

* Log error from ensureDNSRecords

* Add Exec interface to VolumeHost

* Add pluginName to VolumeHost.GetMouter

* SafeFormatAndMount should use volume.Exec provided by VolumeHost

* Typed static/mirror pod UID translation

* [Federation] Kubefed doc fix

* Set cluster autoscaler version to 0.6.1-beta2

* Move all staticpod utils to separate package

* Main work -- move etcd to separate phase and hook up most things

* Add CLI commands

* Autogenerated bazel etc.

* [Federation] Autogenerated file changes for kubefed doc fix

* Use Describe to add prefix

* Refactor addons into multiple packages

* Update bazel

* Migrate sig-auth e2e tests.

* Use `select` to disable building static binaries if `--cpu=darwin`.

* Remove package from hack/.golint_failures

* Add ReclaimPolicy field to StorageClass

* Generated StorageClass.ReclaimPolicy code

* Remove the status of the terminated containers in the summary endpoint

* Fix kubernetes-worker charm hook failure when applying labels

* Bumped Heapster version to 1.4.1

* Use nodePortOp for allocating healthCheck nodePort

* Extend SetHeader Requests method ito accept multiple values

* FeatureGate: update comments

* move retry to client-go

* refactor entries added by hostAlias into a separate method and be explicit about the source

* Creates /var/lib/kubelet as root

* add HostAlias support for HostNetwork pods

* remove validation disallowing hostAlias with hostNetwork

* Bump gce metadata-proxy from 0.1.2 to 0.1.3

* Allow passing image description from e2e node test config

* Add resouer into scheduler reviewer

* Log name if Azure file share cannot be created

* OpaqueIntResourceName unit tests

* Added logic and tests for creating and using a tmpfs volume in localPV e2e tests

* Move taints e2e test to sig-scheduling

* apiservers: add synchronous shutdown mechanism on SIGTERM+INT

* fix typo

* Modify the initialization of results in generic_scheduler.go

* Mark the volumes as detached when node does not exist

* fix some typo

* fix some typo

* kubectl show node role if defined

* Port internal extensions/Network
* to networking.k8s.io API group

* Update generated files

* Remove deprecated lookup cache flags.

* apiserver: simplify deepcopy calls

* Implement batching audit webhook graceful shutdown

* apimachinery: simplify deepcopy calls

* apiextensions: simplify deepcopy calls

* kubeadm: Centralize client create-or-update logic in one package

* autogenerated bazel

* Update RegisterMandatoryFitPredicate to avoid double register.

* registries: simplify deepcopy calls

* Base Fluentd image off debian:stretch-slim for systemd with LZ4

* Small code cleanups

* Small improvements on CLI messages

* fix two typos in quobyte error message

* move KubeletConfiguration out of componentconfig API group

* Allow injection of policy in RBAC post start hook

* Fix make cross build failure

* Adds IPv6 test cases to kubeadm certs and validation pkgs.

* Fix comment of limitranges

* Dump installation and configuration logs for master

* Added Device plugin API

* Added script to generate the Device Plugin API

* Added script to verify the generated Device Plugin API

* Fix forkedjson.LookupPatchMetadata for pointers.

* Bump Cluster Autoscaler to 0.6.1

* mark created-by annotation as deprecated

* remove deprecated command \'kubectl stop\'

* Using hash/fnv to generate the vmName

* Move List (the type) into metav1 but preserve the exposed type

* remove leaked socket file after unit test

* update it

* Support autoprobing subnet-id for openstack cloud provider

* Make kube::util::ensure_clean_working_dir more verbose in log files

* move some e2e tests to SIG respectively

* Promote CronJobs to batch/v1beta1

* Generated changes for CronJobs in batch/v1beta1

* Replaced bool map to string set.

* fix panic in e2e

* Replace hard-code \"cpu\" and \"memory\" to consts

* kubectl: simplify deepcopy calls

* continue fix the typo

* upgrade advanced audit to v1beta1

* run hack/update-all.sh

* audit: disable new v1beta1 types until incompatible changes are done

* Don\'t SSH to master for metrics in case of GKE

* Make removing nodes public for Kubemark controller

* Delete \"hugetlb\" from whitelistControllers

* Refactor RBAC authorizer entry points

* apimachinery: Print unknown transport type

* Re-enable OIR e2e tests.

* Feature-gate self-hosted secrets

* Remove BUILD reference to removed files

* move i18n to kubectl/util

* enables apps/v1beta2 and removes WIP comments from documentation

* generated code

* Remove duplicate unused function.

* Address PR comments

* Bump repo-infra/kazel dependency

* fix-review

* Re-run init containers if the pod sandbox needs to be recreated

* OIR predicate includes namespaced resources.

* Generated files

* Remove incorrect patch-merge directives.

* On AttachDetachController node status update, do not retry when node doesn\'t exist but keep the node entry in cache

* Regenerate all BUILD files in vendor/ from scratch using gazelle

* Disables Docker\'s health check

* Remove kubectl\'s dependence on schema file in pkg/api/validation.

* address review comments.

* add some e2e for node authz

* Remove redundant err definition

* fix issue(#50821)Add image check, if image not changed, transform false

* Add ControllerRevision to apps/v1beta2

* Added auto-generated changes

* Delete useless code

* Honor --use-service-account-credentials in cloud-controller-manager

* update CRD strategy for status updates

* fix kubectl issue(#52)kubectl run --expose continues after error (missing port)

* move IsLocalIP() and ShouldSkipService() to pkg/proxy/util

* verify pkg/util contains no code

* fix GPU resource validation incorrectly allows zero limits

* auto-gen

* update testcase err msg

* Fixed several typos in CHANGELOG.md.

* Make metav1.(Micro)?Time functions take pointers

* Rename k8s.io/{kube-gen -> code-generator}

* fix issue(#49695)kubectl set image deployment is ignoring --selector

* fix issue(#49883) Add selector example

* kubeadm: Fix self-hosting race condition

* newline to separate unimplemented elements

* Small improvement in ban flunder admission plugin. After the changes a name will be also taken directly from meta field. Previously a name was taken only via attributes.GetName() method, which in turns derived a name from a URL address. This didn\'t work as we don\'t allow to pass a name when POSTing a resource.

* fix incorrect logic

* allow default option values - kube top node|pod

* Fixup after k8s.io/{kube-gen -> code-generator} rename

* cni: print better error when a CNI .configlist is put into a .config

* Update CHANGELOG.md for v1.7.4.

* Update GCP API package

* NR Infrastructure agent example daemonset

* Fix e2e_node for changes to /api/compute/v0.beta package

* Add e2e aggregator test.

* Updates Kubeadm Master Endpoint for IPv6

* Proposal to add AATTwlan0 to appropriate owner files

* Make route-controller list only relevant routes instead of all of them

* Update with PR comments

* make admission plugins handle mutating spec of uninitialized pods

* Set ExecSync timeout in liveness prober.

* Clear collections between each test of TestList

* Verify TableConversion behavior in resttest

* Make generic metadata conform to documented name column convention

* Enable server side printers for converted types

* add tests

* Change API version of statefulset scale subresource e2e test to v1beta2

* Added lister expansions for DaemonSet, Deployment, ReplicaSet, and StatefulSet for apps/v1beta2

* Add instance metadata from flag even when using image config.

* Add enj to OWNERS for test/integration/etcd/etcd_storage_path_test.go

* Add node e2e test for Docker\'s live-restore

* Use \'Infof\' instead of \'Errorf\' for a debug log

* Add enj as reviewer to OWNERS

* add cmd test kubectl set image

* Fix admission plugin registration

* CollisionCount should have type int32 across controllers that use it for collision avoidance

* auto-gen

* Reduce one time url direction

* remove dead code for cloner

* validate nonResourceURL in create clusterrole

* support fieldSelector spec.schedulerName

* Cleanup makeEventRecorder function drop KubeletConfiguration arg since it is unused

* Main work -- refactor certs phase

* Main work -- cleanup certs CLI command

* Autogenerated bazel files

* [advanced audit api] fuzz Event with random value

* Fix zsh completion for kubeadm

* Stackdriver Logging e2e: Explicitly check for docker and kubelet logs presence

* add diff details to pod validation error

* kubeadm: Adds dry-run support for kubeadm using the \'--dry-run\' option

* Use CollisionCount for collision avoidance in StatefulSet controller

* Implemented support for using images from CI builds

* Autogenerated

* oidc auth: make the OIDC claims prefix configurable

* Refactor cluster_upgrade to include statefulset upgrade tests.

* bump(github.com/google/cadvisor): 27e1acbb4ef0fe1889208b21f8f4a6d0863e02f6

* Don\'t register the kubeletconfig group with the default Scheme

* Allow zsh completion to be autoloaded by compinit

* Update help/example for kubectl completion

* kubeadm: Make the self-hosting with certificates in Secrets mode work again

* kubeadm: Adding unit tests for newly added funcs

* autogenerated bazel

* Updated gRPC version to support Keep Alive

* Fix threshold notifier build tags This was preventing cross builds from darwin

* Increase latency threshold for list api calls

* Fix duplicate field in kubeconfig

* Clean /run/kubernetes on kubeadm reset

* Revert #50362.

* Expand the test to include other flags as well

* Remove seemingly obsolete binaries

* bump QEMU to new version 2.9.1

* fix issue(#50937)Fix kubectl get pvc lose volume name

* fix bad url

* don\'t try to add pool id if pool doesn\'t exist

* kubeadm: Add back labels for the Static Pod control plane (attempt 2)

* kubeadm: Tell the user when a static pod is created

* Fix unhandled error

* Create the directory for cadvisor if needed

* kubeadm: Use kube-dns manifests based on the kubernetes version

* Factor out endpoint address generation, skip unneeded endpoint updates

* Fix legacy floatingip

* Support ServiceAnnotationLoadBalancerFloatingNetworkId for LB v1

* use more-specific arm32v7 instead of deprecated armhf organization

* use more-specific arm64v8 instead of deprecated aarch64 organization

* Replace the deprecated function with the suggest function

* Address TestEtcdStoragePath flakes

* fix bad url in the README file

* bump new version due to base image changed

* Revert \"Don\'t register the kubeletconfig group with the default Scheme\"

* update to rbac v1 in yaml file

* Made the difference between scale-up timeout and cluster set-up timeout explicit.

* Fixed code comments that were not updated

* Auto-calculate CLUSTER_IP_RANGE based on no. of nodes

* Fix GC integration test race

* iSCSI volume plugin: iSCSI initiatorname support

* gce external LB: add a function to verify the requested IP address

* Validate against OpenAPI schema (if available)

* openapi: Use \"group\" to look for resources

* openapi: Handle properly empty/null fileds

* openapi-validation: Handle List special case

* openapi validation: Ignore unknown types

* Autogenerated files

* Show events when describing service accounts

* teach gce cloud to handle alpha/beta operations

* [sig-network-e2e] Remove redundant sig prefix from tests

* Revert \"Merge pull request #51008 from kubernetes/revert-50789-fix-scheme\"

* adding version.Components(), .Major(), .Minor() .Patch() etc.

* kubeadm preflight - enforce maximum supported Kubernetes version

* StatefulSet controller no longer attempts to mutate v1.PodSpec.Hostname or v1.PodSpec.Subdomain

* StatefulSet: Deflake e2e \"Saturate\" phase.

* addressed comments

* Add ncdc to client-go/tools/cache OWNERS

* run go fmt

* Fix StatefulSet update validation

* Makefile cleanups

* Message cleanup on update-all

* Add debug logs to conversion-gen

* More PR comments

* Fix swallowed errors in statefulset tests

* fix bad url

* Multi-Attach volume fix for vSphere

* update to rbac v1 in bootstrappolicy test

* fix-review

* fix issue(51027)kubect logs --selector ignoring --tail=-1

* Add ephemeral local storage resource name first

* add merge key to initializers.pending

* daemon_controller: fix typo.

* Add flags for prometheus-to-sd components.

* azure: Don\'t exec \'cat\' to read files.

* azure: Use VolumeHost.GetExec() to execute stuff in volume plugins

* generate files before scheduler perf

* Correct error strings in glusterfs

* Replace validateGlusterfs() with validateGlusterfsVolumeSource for consistency.

* Print root cause failure message in StartTestServerOrDie()

* Fix README registry error

* FlexVolume: Add capability to disable SELinux Relabeling during the driver\'s init phase

* Always check if default labels on node need to be updated in kubelet

* ScaleIO: use a fresh mounter for every SetUp/TearDown

* ScaleIO: Use VolumeHost.GetExec() to execute utilities

* add UT for pkg/apis/autoscaling/v2alpha1/defaults.go

* Refactor kuberuntime test case with sets.String

* fix confusion in service_controller

* fibre channel: Remove unused exe interface

* Support for specifying external LoadBalancerIP on openstack

* Add Humble as GlusterFS approver.

* gluster: Remove unused exe interface

* gluster: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Revert \"Updated gRPC vendoring to support Keep Alive\"

* nfs: Use VolumeHost.GetExec() to execute stuff in volume plugins

* quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins

* rbd: Use VolumeHost.GetExec() to execute stuff in volume plugins

* StorageOS: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Fix comment to more accurately

* kubeadm: Add node-cidr-mask-size to pass to kube-controller-manager for IPv6

* kubeadm: Implement the \'kubeadm config\' command

* Skip \"Simple pod should support exec through kubectl proxy\" test

* add alpha api gate at gce cloud provider

* Don\'t silence `go get` during verify scripts

* Add cpuset helper library.

* Run multiarch/qemu-user-static:register before building cross-arch images

* Remove crash loop detection from the dynamic kubelet config feature

* Fix unready endpoints bug introduced in #50934

* Enable finalizers independent of GC enablement

* Clarify finalizer function

* GCE: Add functions for Alpha address and forwarding rules

* Enable overlay2 on cos-m60 in node e2e tests

* Set GCE_ALPHA_FEATURES environment variable in gce.conf

* GCE: add a new label \"version\" for metrics

* Adding script to set up FlexVolume on a COS instance using mounting utility image in GCR.

* Changing Flexvolume plugin directory to a location reachable by containerized kubelet.

* Enable apps/v1beta2 Deployment, ReplicaSet, DaemonSet in federation

* add the caller ip into rsync hosts allow list

* Use Fatalf instead of Errorf when mounter/unmounter if nil in volume tests

* Renamed CPUSet.AsSlice() => CPUSet.ToSlice()

* Add CPUSetBuilder, make CPUSet immutable.

* implement proposal 34058: hostPath volume type

* update e2e tests and yaml files

* set default HostPathType to empty

* run nsenter in host namespace for containerized kubelet

* Fix swallowed error in attachdetach tests

* Italian translation

* auto-gen

* Move package `app/cmd/features` to `app/features` + bazel files

* Add CLI flag for `cfg.FeatureFlags`

* Add some debug statements to logdump script

* Add initiatorname in iscsi describe printer.

* Fix backward compatibility for renamed OpenAPI definitions

* Update OpenAPI spec

* kubeadm selfhosting CLI improvements

* Include $USER in network name to not clash for different users\' clusters

* iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Print multiple node roles, remove kubeadm-specific annotation from kubectl

* Removing push_api_data on kube-api.connected seems to be dead code

* provide a default field selector for name and namespace

* remove unnecessary field conversions

* Revert default service-cidr config on kubernetes-master charm

* kubeapiserver: rename `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`.

* roundtrip: fix error messages

* Update cos-m61 image in benchmark tests

* Update cos image to cos-stable-60-9592-84-0

* Bumped gRPC version to 1.3.0

* Avoid explicit mention of plugin name in error strings.

* Add volume operation metrics to operation executor and PV controller

* output junit dir for easier debug

* Add liggitt as an API approver. Note that bgrant0607 is an approver, but shouldn\'t be auto-assigned.

* Update CHANGELOG.md for v1.6.9.

* basic logging for healthz installer

* Add an OrDie version for AddPostStartHook

* Bump repo-infra dependency to fix go_genrule without sandboxing

* openapi: Change reference to be first-class

* add sig leads to owners-aliases

* StatefulSet: Deflake e2e \"restart\" phase.

* Add signal handler for catching Ctrl-C on hack/e2e

* Update CHANGELOG.md for v1.8.0-alpha.3.

* Allow remote runtimes to pass apparmor host validation

* Fix swallowed error in registrytest

* clean up LocalPort in proxier.go

* Add AddAliasToInstance() to gce cloud provider

* remove deprecated rbac rule

* Removes redundant prefix in cluster-lifecycle e2e test names

* fix status in deployment_rollback response

* fix fuzzer for hostpath type that the path can be an empty string

* update related files

* [Federation]hpa controller controls distribution of target objects

* [Federation]build files for hpa controller controlling target objects

* fix invalid url link

* refactor(flexvolume): simplify capabilities handling

* fix e2e network wrong output message

* update kubeadm to use hostpath type

* Distribute pods efficiently in CA scalability tests

* Change the FakeCloudAddressService to store Alpha objects internally

* azure file volume: add secret namespace api

* generated files

* RBD Plugin: Log RBD Attach/Mount/Unmout actions at logging level 3

* [Federation] Update hpa e2e utils to enable reuse in fed hpa tests

* AllowedNotReadyNodes allowed to be not ready for absolutely
*any
* reason

* Let the initializer admission plugin set the metadata.intializers to nil if an update makes the pendings and the result both nil

* StatefulSet: Deflake e2e `kubectl exec` commands.

* Update example to CockroachDB v1.0.5

* refactor CephFS PV spec to use SecretReference

* generated files

* Add IPBlock to NetworkPolicy

* Add networking fuzzer

* IPBlock generated code

* cleaning dettach logic since it\'s not needed

* add unit test

* generated

* Always create vendor/BUILD in hack/update-bazel.sh

* Regenerate the vendor/BUILD file

* Adding fsGroup check before mounting a volume

* let resourcequota evaluator handle uninitialid pod and pvc

* Call the right cleanup function

* Issue fix in hpa e2e util

* bazel: use fast docker_pull

* statefulSet kubectl rollout command

* Allow bearer requests to be proxied by kubectl proxy

* Revert \"Skip \"Simple pod should support exec through kubectl proxy\" test\"

* Add InstanceExists
* methods to cloud provider interface for CCM

* cloudprovider.Zones should support external cloud providers

* set --audit-log-format default to json

* Fix validation return value

* Block instance identity, block recursive=true

* Add kube-proxy daemonset as a cluster addon.

* Local storage does not manage overlay any more

* fix validation return error

* Cloud Controller Manager now sets Node.Spec.ProviderID

* Remove deprecated init-container in annotations

* handle failed mounts for fc volumes

* Made the tests ensure that Cluster Autoscaler is on before running.

* Paramaterize stickyMaxAgeMinutes for service in API

* auto gen code

* admission api: cut off api from k8s.io/apiserver

* kubeadm: Resolve tech debt; move commonly used funcs to a general package instead of duplicating

* kubeadm: Add \'kubeadm upgrade plan\' and \'kubeadm upgrade apply\' CLI commands

* Add unit tests for kubeadm upgrade|plan

* Added test case for Predicates.

* Add kubectl set env command

* Generated documentation for kubectl set env

* Add bash test for kubectl set env command

* Fix benchmarks to really test reverse order of the keys.

* autogenerated bazel

* Implement GetZoneByProviderID and GetZoneByNodeName for openstack

* modify an little gammer error.

* Revert \"Revert \"Merge pull request #47353 from apelisse/http-cache\"\"

* c-go: Update diskv to get atomic fs cache write

* Consume new config value for network project id

* GCE: Add a fake forwarding rule service

* add an starting info log of namespace controller.

* kubeadm: Fully implement \'kubeadm init --dry-run\'

* Set flexvolumeplugin.host so that it\'s not nil

* client-go: Update RoundTrippers to be Unwrappable

* Fixed gke auth update wait condition.

* Adding dynamic Flexvolume plugin discovery capability, using filesystem watch.

* Make coreos test images sshd not allow password login.

* Revert \"Ensure empty serialized slices are zero-length, not null\"

* Generated files

* Update fixture data

* Don\'t update pvc.status.capacity if pvc is already Bound

* Unshadow error in registrytest

* Change StatsProvider interface to provide container stats from either cadvisor or CRI and implement this interface using cadvisor

* fix ReadOnlyPort, HealthzPort, CAdvisorPort defaulting/documentation

* address test & doc comments

* Add host mountpath for controller-manager for flexvolume dir

* refactor method name as per comments

* handle iscsi failed mounts

* Default ABAC to off in GCE/GKE (for new clusters).

* Audit policy v1beta1 now supports matching subresources and resource names.

* Add extra group constants and validation to `pkg/bootstrap/api`.

* Add debugging to the codegen process

* Change eviction policy to manage one single local storage resource

* Change validation for local ephemeral storage

* Implement `auth-extra-groups` in bootstrap token authenticator.

* kubeadm: add `--groups` flag for `kubeadm token create`.

* kubeadm: add extra group info to `token list`.

* Fix NoNewPrivs and also allow remote runtime to provide the support.

* generated: update API resources

* change godoc based on feedback from luxas

* kubeadm: Move the uploadconfig phase right in the beginning of cluster init

* Implement stop function in streaming server.

* add deprecation warnings for auto detecting cloud providers

* Create kube::util::create-fake-git-tree function

* Add option to copy output when running the build shell

* Modify rsync filter to retain output across runs

* Revert \"GCE: Consume new config value for network project id\"

* Moved node condition filter into a predicates.

* Allow PSP\'s to specify a whitelist of allowed paths for host volume

* generated files

* Fix forbidden message format

* Fix swallowed errs in volume util package

* Refres equal cache if node condition changed.

* Fix swallowed error in storageos

* Fix swallowed error in scaleio package tests

* Fix swallowed errors in portworx tests

* Fix swallowed errors in tests of photon_pd package

* Fix swallowed error in iscsi package

* Add local storage to downwards API

* Fix swallowed error in tests of host_path package

* Fix swallowed errors in tests of gce_pd

* Fix swallowed error in tests for flocker package

* Fix swallowed error in fc

* auto generated code

* hack/local-up-cluster.sh defaults to allow swap

* kubectl get show uninitialized resources

* update related files due to api change

* kubectl add global flag --include-uninitialized

* Add local storage support in Quota

* Add feature gate for local storage quota

* Remove private and unused codes

* Add cluster e2es to verify scheduler local storage support

* Fixes cross platform build failure

* Add test cases to test local ephemeral storage for limitrange

* adding validations on kubelet starting configurations

* Use constants instead of magic string for runtime names

* run hack/update-bazel.sh

* Fix swallowed errors in aws_ebs tests

* kubeadm: Use the --enable-bootstrap-token-auth flag when possible

* Test loading Kubelet config from a file

* Revert \"Re-enable OIR e2e tests.\"

* WaitForAttach refactoring for iSCSI attacher/detacher

* Support iscsi volume attach and detach

* Remove previous local storage resource name \'scratch\" and \"overlay\"

* refactor codes in volume iscsi to improve readability

* fix typo in pkg tunneler

* kubeadm: Rename FeatureFlags to FeatureGates

* Make it possible to fake the ServerVersion in the FakeDiscovery implementation

* autogenerated code

* kubeadm: Cut unnecessary kubectl dependency

* Fix list-features script

* fix the bad position of code comment

* Replicate the persistent volume label admission plugin in a controller in the cloud-controller-manager

* Add support to recompute partial predicate metadata upon adding/removing pods

* bazel update

* [kube-proxy] Use glog instaed of fmt.Printf

* Autodetect kubemark Cloud Provider

* AWS: check validity of KSM key before creating a new encrypted disk.

* Make threshold for glbc mem-usage scale with nodes in density test

* add long description for --list aware user

* Feature gate initializers field

* Made blacklist stricter to deal with alternate versions of true

* Unify cloudprovided and normal KMS plugins

* Add liggitt to client-go approvers

* Consume new config value for network project id

* Add MountOptions field to PV spec

* Generated PV.Spec.MountOptions code

* Moving filesystem mock to pkg/util, and added some functionality

* Fix `gcloud compute instance-groups managed list` call

* Make Prometheus cAdvisor metrics labels consistent

* Set up KUBE_PROXY_DAEMONSET env for GCE and common.sh.

* Add kube-proxy daemonset track to GCE startup scripts (GCI, Debian and CoreOS).

* Add --request-timeout to allow the global request timeout of 60 seconds to be configured.

* Use the pre-built docker binaries on Ubuntu for benchmark tests

* Add --append-hash flag to kubectl create configmap/secret

* remove failure policy from intializer configuration

* generated

* add retainKeys in patchStrategy

* Adding e2e SELinux test for local storage

* unify the validation rules on initializer name

* Refactoring for filesystem mock move

* update initializer names to valid ones in tests

* add apply test for retainKeys

* update generated files

* Admit NoNewPrivs for remote and rkt runtimes

* GCE: Add annotations and helper functions for network tiers

* update bazel

* e2e: Add tests for network tiers in GCE

* return reasonable error when connection closed

* Add Google Cloud KMS plugin for encryption

* fixing package comment of v1

* Enable batch/v1beta1.CronJobs by default

* Fix handling of APIserver errors when saving provisioned PVs.

* simplify Run in controllermanager

* add some period in cloud controller manager\'s options

* modifying the comment of BeforeDelete function to improve readibility

* implementation of GetZoneByProviderID and GetZoneByNodeName for AWS

* Added an end-to-end test ensuring that Cluster Autoscaler does not scale up when all pending pods are unschedulable.

* Renamed ClusterSize and WaitForClusterSize to NumberOfReadyNodes and WaitForReadyNodes, respectively.

* Add CPU manager interfaces.

* fix typo about volumes

* fix extra blanks in cloud controller manager\'s options

* check job ActiveDeadlineSeconds

* Add feature gate and validate test for local storage limitrange

* Fix setNodeAddress when a node IP and a cloud provider are set

* update scheduler to return structured errors instead of process exit

* Ignored node condition predicates if TaintsByCondition enabled.

* Add storageClass.mountOptions and use it in all applicable plugins

* Generated storageClass.mountOptions code

* allow disabling the scheduler port

* Add types for validation of CustomResources

* Add generated code

* Validate CustomResource

* Add integration tests

* Update godeps

* Add feature gate for CustomResourceValidation

* Retry master instance creation in case of retriable error (with sleep)

* Move rotating kubelet client certificate to beta.

* Set up ENABLE_POD_PRIORITY env for GCE and common.sh

* Configure pod priority for kube-proxy when enabled

* Add upgrades tests for kube-proxy daemonset migration path

* controllers: simplify deepcopy calls

* scheduler: simplify deepcopy calls

* admission plugins: simplify deepcopy calls

* pkg/api: simplify deepcopy calls

* e2e/integration: simplify deepcopy calls

* Add unit test for UploadConfig in Kubeadm

* kubeadm: preflight check for enabled swap

* Fix prefixing bug in import verifier

* Correct default cluster-ip-range subnet

* Adding Flexvolume plugin dir piping for master on COS

* Improve description for --masquerade-all flag

* Improve --cluster-cidr description

* rbd: default image format to v2 instead of deprecated v1

* test/e2e/auth: fix audit log test format parsing

* Add v1 API as a default conversion peer

* Enable switching to alpha GCE disk API

* Skip system container cgroup stats if undefined

* libnetwork ipvs godeps

* wrapper ipvs API as util

* implement ipvs mode of kube-proxy

* [Scheduler] regroup packages

* Fix splitProviderID for Azure

* Fix InstanceTypeByProviderID for Azure

* Switch away from gcloud deprecated flags in compute resource listings

* Fix pod local ephemeral storage usage

* Add pod local ephemeral storage usage e2e test cases

* Add PVCRef to VolumeStats

* fix taint controller panic

* kubectl: Clean up documentation for rollout_status.go

* refactor function

* kubectl: Remove ending punctuation from error strings

* Fix typo in docs.

* Only list hollow-node pods while trying to count them

* Fix godoc comments.

* Fix iSCSI WaitForAttach not mounting a volume

* [Scheduler] Fix typo in info message

* Share /var/lib/kubernetes on startup

* Allow -n namespaces/

* Added in-memory CPU manager state.

* Added none policy for CPU manager.

* Added CPU manager unit tests (none policy)

* CPU manager config and feature gate.

* CPU Manager initialization and lifecycle calls.

* Fix printISCSIVolumeSource to show kubectl describe properly

* Add preemption victim selector logic to scheduler

* Add specific types for PredicateMetadata and PredicateMetadataProducer

* autogenerated files

* Add the logic to pick one node for preemption

* do not update init containers status if terminated

* Fix regex\'s and redirect port

* Reserve internal address for ILBs

* Change SizeLimit to a pointer

* Remove deprecated and experimental fields from KubeletConfiguration

* Generated files

* add reconcile command to kubectl auth

* ignore selector changes for deployment, replicaset and daemonset prior update

* Adds the rand.SafeEncodeString function and uses this function to generate names for ReplicaSets and ControllerRevisions.

* Separate feature gates for dynamic kubelet config vs loading from a file

* c-go cache: Only cache discovery requests

* c-go cache: Use diskv TempDir to get atomic write

* client-go cache: Make caching layer Unwrappable

* Adding vishh to test approvers

* Update the label manifest with new do-not-merge labels

* Split APIVersion into APIGroup and APIVersion in audit events

* run hack/update-codecgen.sh and hack/update-bazel.sh

* fixing a typo in staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go

* make these tests table-driven

* update Deprecated code and fix bug not return when list pod failed

* Added cpu-manager-reconcile-period config.

* rsync iptables

* add tests for apps/v1beta2 conversion

* enforce include-uninitialized in several kubectl commands

* add tests

* Create a secondary range for the services instead of a subnetwork

* Allow audit to log authorization failures

* add information for subresource kind determination:

* generated

* Update CHANGELOG.md for v1.7.5.

* update GC controller to wait until controllers have been initialized once

* make api request verb can be overrided and make \"GET\" pod log request reported as \"CONNECT\" pod log request for metrics

* Fix local storage code to follow go style

* Make feature gate threadsafe

* apiextensions: add maximum for validation

* Add tests for stripping \"namespaces/\" from passed-in namespace

* Update Bazel configuration for flag.go and overrides_test.go

* Revert \"Enable batch/v1beta1.CronJobs by default\"

* Adds check for external CA

* Ensures that the DaemonSet controller does not launch a Pod on a Node while waiting for a Pod that it has previously created to terminate.

* Add bowei to the OWNER for cluster/gce

* Fix changelog to add discovery/controller-manager fixes. Improve release notes for entries that say \"automated cherrypick\".

* Support remote runtimes with native cAdvisor support

* Edit owner files for kube-proxy

* Generate deb and rpms package with correct versions.

* Make cluster/common.sh work even if ${HOME} is unset.

* Add some initial shell parsing tests.

* Add KUBE_APISERVER_REQUEST_TIMEOUT_SEC env var.

* Simplify describe events table

* Added basic Flexvolume dynamic plugin discovery e2e test; added Flexvolume prober unit tests.

* Test image utils for multi arch test images

* Update the yaml file with multiarch images

* Fix bazel

* Port e2e tests for multi architecture

* Set NODE_NETWORK and NODE_SUBNETWORK in kube-up

* fix bug on kubectl deleting uninitialized resources

* add tests

* Fix providerID update validation

* audit real impersonated user info

* Delete the federation namespace from fcp instead of individual objects

* Fix scheduling e2e test case for local ephemeral storage

* Add explain for register TaintTolerationPriority function.

* Use json-iterator for JSON, kill off codecgen

* Add json-iterator dep, remove ugorji dep

* Remove generated JSON code

* test fix

* fix kube-proxy panic

* remove explictly set timeout value

* Remove DynamicVolumeProvisioning from feature gate

* Switch audit output to v1beta1

* Do not mutate original object even temporarily to avoid data races

* add selfsubjectrulesreview api

* generated

* create the methods in the generated expansion files

* add missing sub-resources test actions

* code-generator: allow to customize generated verbs and add custom verb

* update bazel

* generate UpdateScale and GetScale verbs for scalable resources

* Make etcd prefix configurable in migration script

* Fix pod and node names switched around in error message.

* Add a new paging utility for client side ranging

* Enable paging for all list watchers

* Server side implementation of paging for etcd3

* Integration test for API paging

* API for server paging

* generated: api changes

* expose discovery information on scalable resources

* Slow-start batch pod creation of rs, rc, ds, jobs

* Fixes grace period in delete

* Change default validation to openapi

* openapi: Remove unused test structure and code.

* GCE: Add \"Network Tiers\" as an Alpha feature for L4 load balancers

* Revert \"CPU manager wiring and `none` policy\"

* e2e: test using reserved IP with network tiers

* Expose PVC metrics via kubelet prometheus

* Depend on //cluster/lib instead of :all-srcs.

* make url parsing in apiserver configurable

* Fixed integer overflow when matching PVPVC claims. Added tests to guard this behavior.

* Create an EventRateLimit admission control plug-in for the API Server. The EventRateLimit plug-in limits the number of events that the API Server will accept in a given time period. It allows for server-wide, per-namespace, per-user,and per-source+object rate limiting.

* Clear values for disabled alpha fields

* Added Device Plugin Manager

* Drop alpha/beta init containers annotations on conversion

* Device Plugin Kubelet integration

* Testing

* Alpha feature integration

* Kubelet side extension to support device allocation

* update API v1 Job object

* Generate files from v1.JobSpec modification

* Move custom metrics APIs to v1beta1

* Move HPA to use custom-metrics/v1beta1

* Rename custom metrics API to custom.metrics.k8s.io

* Build controller roles/bindings on demand

* Update d.status.unavailableReplicas api comment

* Add feature gate for mount propagation

* Add API for mount propagation.

* Regenerate API

* Add mount propagation to CRI protocol

* Implement mount propagation in docker shim

* Implement mount propagation in kubelet

* Add RBAC, healthchecks, autoscaler and update Calico to v2.5.0, Typha to 0.4.0

* Map a resource to multiple signals in eviction manager

* (ALPHA GCP FEATURE) Add IPAM controller

* Update d.spec.progressDeadlineSeconds comment

* Update godep-licenses script to work on darwin This change ensures that the BSD (darwin) and GNU (linux) versions of the md5sum util have the same output.

* Update godep licences

* Implement GetZoneByProviderID & GetZoneByNodeName

* Deprecates extension/v1beta DaemonSet Deployment and ReplicaSet Deprecates apps/v1beta1 Deployment StatefulSet and ControllerRevision

* Add `secondary-range-name` to the gce.conf

* auto generated

* Revert to using isolated PID namespaces in Docker

* Explicitly enable docker shared-pid for e2e_node

* Make logdump for kubemark logs independent of KUBERNETES_PROVIDER

* Changed volume IO e2e test to verify file hash instead of content.

* Make logdump work for GKE with \'use_custom_instance_list\' defined

* Update to debian-iptables-amd64:v8 in bazel WORKSPACE

* Kubernetes version v1.8.0-beta.0 file updates

* Generating docs for v1.8.0-beta.0 on release-1.8.

* Changes in OpenStack cloud provider for latest gophercloud

* Bug Fix - Adding an allowed address pair wipes port security groups

* Update sys spec to support docker 1.11-1.13 and overlay2.

* Update the label manifest with new milestone labels

* update generated protobuf for audit v1beta1 api

* Regenerate openapi for 1.9

* Revert \"Remove deprecated and experimental fields from KubeletConfiguration\"

* Fixes a cross-build failure introduced in PR 51209. FYI, issue 51863.

* Provide whole delegate chain to kube aggregator

* Consolidate local OpenAPI specs and APIServices\' spec into one data structure

* Update Godep for kube-openapi

* Enable batch/v1beta1.CronJobs by default

* Correct CronJob group version at remaining places

* update bazel

* Fully implement the kubeadm upgrade functionality

* Add unit tests for kubeadm upgrade

* autogenerated bazel

* Job failure policy support in JobController

* client-go: fix \'go build ./...\'

* kubeadm: Add omitempty tags to nullable values and use metav1.Duration

* autogenerated code

* kubeadm: Detect kubelet readiness and error out if the kubelet is unhealthy

* Build test targets for all server platforms

* Fix arm (32-bit) e2e.test compile failure

* Introduced Metrics Server

* Made metrics-server critical service managed by addon-manager

* Implement necessary API changes

* Implement controller for resizing volumes

* Add rbac policy change for expand controller

* Update generated files - api, bazel, json

* Clear alpha MountPropagation fields.

* implementation of GetZoneByProviderID and GetZoneByNodeName for azure

* Provide a way to omit Event stages in audit policy

* generated: update API resources

* Correct logdump logic for kubemark master

* Un-revert \"CPU manager wiring and `none` policy\"

* Fixed nil InternalContainerLifecycle in cm stubs.

* Fix Start signature in container_manager_windows.

* Add topology helper and tests to cpumanager.

* Added cpu assignment helpers.

* Added static cpumanager policy.

* Add tests for the static cpumanager policy.

* Add liggitt to registry approvers

* Gracefully handle permission errors when attempting to create firewall rules

* audit: fix fuzzer

* Use different project id for network ops & always set subnet

* make clean will remove all gitignored files

* Fix Stackdriver Logging tests for large clusters

* Tolerate group discovery errors in e2e ns cleanup

* remove OutOfDisk from controllers

* wait for container cleanup before deletion

* update vendor kube-openapi

* remove dup pkg and update reference

* GCE Cloud provider changes to enable RePD

* Enable dynamic provisioning of GCE Regional PD

* Modify VolumeZonePredicate to handle multi-zone PV

* Remove redundant redunancy in gce_alpha.go

* Make
*fakeMountInterface in container_manager_unsupported_test.go implement mount.Interface again.

* fix docstring of advanced audit policy

* set AdvancedAuditing feature gate to true by default

* Fix kubemark master-size and num-nodes config

* Make heapster VM creation work with IP aliases

* HugePage changes in API and server

* Kubelet changes to support hugepages

* Scheduler support for hugepages

* Node validation restricts pre-allocated hugepages to single page size

* Support for hugetlbfs in empty dir volume plugin

* Adding getHugePagesMountOptions function and tests

* check block owner ref on finalizers subresource

* Add EgressRule to NetworkPolicy

* Add PolicyTypes to NetworkPolicy Spec

* EgressRule generated code

* Extends device_plugin_handler to checkpoint device to container allocation information.

* Limit APIService healthz check to startup

* Make local APIService objects available on create

* Prevent flutter of CRD APIServices on start

* Sync local APIService objects once

* add permissions to workload controllers to block owners

* Set up DNS server in containerized mounter path

* update cadvisor, docker, and runc godeps

* Enabling aggregator functionality on kubemark, gce

* Graduate metrics/v1alpha1 to v1beta1

* Update HPA REST metrics client to metrics/v1beta1

* Rename metrics to metrics.k8s.io

* GCE: pass GCE_ALPHA_FEATURES if it is set

* Category expansion fully based on discovery

* use validatePod to validate update of uninitialized pod

* Disable rbac/v1alpha1 settings/v1alpha1 scheduling/v1alpha1

* Implement KubeProxyUpgradeTest and KubeProxyDowngradeTest

* Decouple kube-proxy migration tests from upgradeTests

* Move Autoscaling v2{alpha1 --> beta1}

* Move consumers of autoscaling/v2alpha1 to v2beta1

* Make hugepages comparison work on 32-bit platforms

* Add cluster up configuration for certificate signing duration.

* COS/GCE: Ensure TasksMax is sufficient for docker

* Fix unbound variable in configure-helper.sh

* Fix dynamic discovery error in e2e

* add a test for validating update of uninitialized pod

* enable the quota e2e test

* bazel

* Fixed CCM service controller start jitter

* fix issue(#47976)Invalid value error when creating service from exported config

* PodSecurityPolicy.allowedCapabilities: add support for using
* to allow to request any capabilities.

* Update autogenerated files.

* Bump cluster autoscaler to 0.7.0-alpha2

* Fix panic in expand controller when checking PVs

* enhance unit tests of advance audit feature

* Implement StatsProvider using CRI stats

* Charge quota for uninitialized objects at different time

* bazel

* Fix pod update test descriptions to match the test cases

* kubeadm: Upgrade Bootstrap Tokens to beta when upgrading to v1.8

* Fall back to network if subnet is unknown

* Revert \"remove dup pkg and update reference\"

* soft eviction timer works

* Added large topology tests for static policy in CPU Manager. - Added comments for tests cases.

* e2e: network tiers should retry on 404 errors

* update-all.sh.

* StatefulSet: Deflake e2e RunHostCmd.

* Move paused deployment e2e tests to integration

* Fix duplicate proto error in kubectl 1.8.0-alpha.

* kubeadm: add addons command

* Disable default paging in list watches

* Add sttts to code-generator OWNERS

* client-gen: avoid panic for empty groups

* kubeadm: Set the new BT auth group on the init token

* Fix cross-build

* Improve how JobController use queue for backoff

* Provide field info in storage configuration

* code-generator/protobuf: cut-off kubernetes specifics

* Multiarch support for pets images

* Fix proxied request-uri to be valid HTTP requests

* German Translation

* Fix AppArmor test at scale

* Bubble reservation error to the user when the address is specified.

* Move error check in TestFindDeviceForPath()

* Address comments

* Verify that AppArmor pod is colocated with the loader

* Rerun hack/update-bazel.sh

* Pipe in upgrade image target to kube-proxy migration tests

* ScaleIO - Specify SDC GUID value via node label

* Use COS for nodes in cluster by default, and bump COS.

* Convert deprecated gcloud --regexp flag into --filter

* fsync config checkpoint files after writing

* Add pod eviction logic for scheduler preemption Add Preempt to scheduler interface Add preemption to the scheduling workflow Minor changes to the scheduler integration test library

* autogenerated files

* Fix RBAC rules to allow scheduler update annotations of pods.

* Improve dynamic kubelet config e2e node test and fix bugs

* dockershim: check if f.Sync() returns an error and surface it

* Kubernetes version v1.8.0-beta.1 file updates

* fix format of forbidden messages

* Update CHANGELOG.md for v1.8.0-beta.1.

* Extend test/e2e/scheduling/nvidia-gpus.go to include a device plugin based nvidia gpu e2e test.

* Log a warning when --audit-policy-file not passed to apiserver

* Replace \'misc\' with more specific at-mentions bugs and feature-requests. Replace ReplicaSets with Deployments as example, because ReplicaSets are dated. Generalize join example.

* fix prober ticking shift for kubelet restarted cases

* Fix pointer receivers handling in unstructured converter

* A policy with 0 rules should return an error

* apiserver: separate apiserver specific configs into ExtraConfig

* apiserver: make config completion structural recursion

* apiserver: allow disabling authz/n via options

* apiserver: stratify versioned informer construction

* Update set image description to remove job from resources that can update container image

* Revert commit 9dc3a661d71c18e33ac93a6125bb187fa83b8853

* apiserver: split core API creation from secure serving

* apiserver: avoid panics on nil sub-option structs

* Bump cluster autoscaler to 0.7.0-alpha3

* Fill in creationtimestamp in audit events

* Add bskiba to cluster-autoscaler config owners

* kube-aggregator: use shared informers from RecommendedConfig

* Update bazel

* bump(github.com/google/cadvisor): cda62a43857256fbc95dd31e7c810888f00f8ec7

* Fix deployment timeout reporting

* Allow watch cache to be disabled per type

* Restore OWNERS file for k8s.io/metrics

* Remove links to GCE/AWS cloud providers from PersistentVolumeController

* kubeadm: Perform TLS Bootstrapping in kubeadm join for v1.7 kubelets but not v1.8 ones

* kubeadm: Enable certificate rotation

* Version gates the ephemeral storage e2e test

* Use credentials from providers for docker sandbox image

* Add warning for kube-proxy DaemonSet option

* Fix discovery restmapper finding resources in non-preferred versions

* Move 1.2.
* release notes into separate file CHANGELOG-1.2.md

* Update TOC of CHANGELOG

* Note equivalence class for dev and other fix

* Portworx driver changes dependent on updated vendor\'ed code.

* add some test case

* suspect nil pointer for HostPathType

* Port Guestbook tests to mutiarch

* fix kubectl set env --list description

* RBD Plugin: Omit volume.MetricsProvider field and add some testcases.

* [fluentd-gcp addon] Update event-exporter to address metrics problem

* fix condition-taint labels

* Added node e2e tests for the CPU Manager feature.

* Extract config common across CIDR allocators

* Summary tests should report rss usage now

* Ignore pods for quota that exceed deletion grace period

* Glusterfs expands in units of GB not GiB

* Use cAdvisor constant for crio imagefs

* Add bsalamat to sig-scheduling-maintainers

* \'
*\' is valid for allowed seccomp profiles

* Add OWNERS for build/debs

* kubeadm: Mark self-hosting alpha in v1.8

* Fix glusterfs creating volumes in GiB

* bazel: update sha256sum on rules_go and io_bazel dependencies

* Revert \"Add cluster up configuration for certificate signing duration.\"

* Small fix in salt manifest for kube-apiserver for request-timeout flag

* enable azure disk mount on windows node

* fix azure disk mounter issue

* Normalize WATCHLIST to WATCH in metrics

* Report scope on all apiserver metrics

* Report \"resource\" scope where possible

* Report scope in e2e test metrics

* [fluentd-gcp addon] Restore the metric for the number of read log entries

* Fix pagesize mount option name

* Prevent enabling alpha APIs by default

* Switch default audit policy to beta and omit RequestReceived stage

* Log at higher verbosity levels some common SyncPod errors

* StatefulSet: Deflake e2e RunHostCmd more.

* fix kubeadm token create error

* fix Kubeadm phase addon

* Make log-dump use \'gcloud ssh\' for GKE also

* Remove the conversion of client config, because client-go is authoratative now

* Extends GPUDevicePlugin e2e test to exercise device plugin restarts.

* Make CPU manager release allocated CPUs when container enters completed phase.

* [fluentd-gcp addon] Trim too long log entries due to Stackdriver limitation

* log gcloud command error

* Add new api groups to the GCE advanced audit policy

* Fix bug with gke in logdump

* Bump Cluster Autoscaler to 0.7.0-beta1

* Make advanced audit policy on GCP configurable

* Don\'t crash density test on missing a single measurement

* Workaround go-junit-report bug for TestApps

* use specified discovery information if possible

* Add e2e test for storageclass.reclaimpolicy

* Make CPU constraint for l7-lb-controller in density test scale with #nodes

* Allow metadata firewall & proxy on in GCE, off by default

* Move cloudprovider initialization to after token controller and use clientBuilder

* Add more tests on pod preemption

* Bumped Heapster to v1.5.0-beta.0

* Update CHANGELOG.md for v1.6.10.

* kubelet: enable CRI container metrics

* Implement support for updating resources

* Update the test under audit policy

* Fix e2e Flaky Apps/Job BackoffLimit test

* Get nodes from GKE node pool by checking labels

* Update CHANGELOG.md for v1.7.6.

* Changes the node cloud controller to use its name for events

* [fluentd-gcp addon] Remove trimming e2e tests out of blocking suites

* Add env var to enable kubelet rotation in kube-up.sh.

* Use separate client for node status loop

* Fixes device plugin re-registration handling logic to make sure: - If a device plugin exits, its exported resource will be removed. - No capacity change if a new device plugin instance comes up to replace the old instance.

* plumb the proxyTransport to the webhook admission plugin; set the ServerName in the config for webhook admission plugin.

* fix the webhook unit test; the server cert needs to have a valid CN; fix a fuzzer;

* Add Windows Kernel Proxy support

* Fix Bazel build

* Vendor changes

* Move 1.3.
* release notes out of CHANGELOG.md

* Add cluster name option for cloud controller manager

* Support kubernetes-anywhere provider

* Enable overriding Heapster resource requirements in GCP

* Revert \"Update addon-resizer version\"

* Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1

* Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1 - generated changes

* [fluentd-gcp addon] By default ingest audit logs in JSON format

* Increase sliding window to 5hr for request_latencies metric

* Add extra steps to delete resource handler trace

* Bumped Metrics Server to v0.2.0

* Added OWNERS for metrics-server

* Enable autoscaling/v2beta1 by default

* Recreate pod sandbox when the sandbox does not have an IP address.

* Attempt at fixing UTs

* Add configuration support for signing duration.

* etcd3 store: retry w/live object on conflict

* Do not install metrics/v1at lpah1 by default

* [fluentd-gcp] Update Stackdriver plugin to version 0.6.7

* Add bootstrap policy for HPA metrics REST clients

* fix addon error

* Add statefulset upgrade tests to be run as part of all upgrade testsuites

* update tag

* Fix nil dereference if storage id is nil

* Handle nil WritableLayer

* Fix CRI container/imagefs stats.

* Fix panic in ControllerManager when GCE external loadbalancer healthcheck is nil

* use allocatable instead of capacity for node memory

* Add exception to golint check

* Resize plugin should only check for increase in size

* Fixes some races in deviceplugin manager_test.go and manager.go.

* Fix volume remount on reboot

* bazel: set --incompatible_comprehension_variables_do_not_leak=false

* Fix FC WaitForAttach not mounting a volume

* use allocatable instead of capacity

* Remove kargakis from OWNERS, add tnozicka

* Add support for Instances

* godep: add dhcp4 and dhcp4client dependencies

* Move 1.4.
* release notes out of CHANGELOG.md

* Move 1.5.
* release notes out of CHANGELOG.md

* Move 1.6.
* release notes out of CHANGELOG.md

* Fix mistype that causes breakage of e2e test.

* Add concurrency to cloud CIDR allocator & make it non-blocking on NodeSpec updates

* Say the valid IP range in IP errors

* Retry if possible while creating latency pods in density test

* Fix: update system spec to support Docker 17.03

* Make statefulset tests part of separate testsuite

* FC plugin: Return target wwn + lun at GetVolumeName()

* Add mount options e2e test

* Made image as deliberately optional in v1 Container struct.

* Generated code.

* Fixed test issue for image validation.

* k8s.io/code-generator: hide gen test output from go tools

* Update generated files

* [fluentd-gcp addon] Remove audit logs from the fluentd configuration

* adjust parameter in cluster autoscaling test

* conversion-gen: make staging dirs independent of living in vendor/

* Fix conversion of CRD schema to go-openapi types

* add pdbs for more kube-system pods in scale down test

* update-staging-godeps: only mangle staging repos in Godeps.json

* restore e2fsprogs in hyperkube image

* Update staging godeps

* bump tags

* Add e2e test for volume metrics

* Fixed nil dereference in dynamic provisioning e2e tests

* Mark the LBaaS v1 of OpenStack cloud provider deprecated

* Add e2e test to verify PVC metrics

* Don\'t specify clusterIP in dns e2e test

* Increase api latency threshold for cluster-scoped list calls

* improve PDBs cleanup

* improve retrying logic when checking CA status

* deprecate warning for persistent volume admission controller

* Debug for issues #50945

* Address review comments

* Address review comment

* Remove GC rate limiter metrics

* Checking GlusterFS error output https://github.com/kubernetes/kubernetes/issues/50463

* improve setting pdbs for kube-system pods

* Fake out the kubernetes version in phase testing in order to avoid resolving things manually (which can lead to flakes)

* Use the release-1.8 branch by default

* Fix volume metric flake

* Bump cluster autoscaler to 0.7.0-beta2

* Kubernetes version v1.8.0-rc.1 file updates

* Preserve leading and trailing slashes on proxy subpaths

* AllowPrivilegeEscalation: add validations for caps and privileged

* Mark Cluster Autoscaler as GA (1.0.0) in 1.8 branch

* Fixed intermittant e2e aggregator test on GKE.

* fix missing apps/replicaset in kubectl

* Support apps.ReplicaSet in kubectl describe

* Update kube-dns to version 1.14.5

* Update kubeadm to 1.14.5

* Fix host network flake tests

* Normalize RepoTags before checking for match

* Kubernetes version v1.8.0 file updates

* Kubernetes version v1.8.1-beta.0 file updates

* Kubernetes version v1.8.1-beta.0 openapi-spec file updates

* Service LoadBalancer defaults to external

* Change ImageGCManage to consume ImageFS stats from StatsProvider

* Calculate patches for commands using input version

* Fix sed command to not try shell redirection

* Fix basic audit in GCE deploy scripts

* Fixes a flakiness in GPUDevicePlugin e2e test. Waits till nvidia gpu disappears from all nodes after deleting the device plug DaemonSet to make sure its pods are deleted from all nodes.

* Correct APIGroup for RoleBindingBuilder Subjects

* Enable node certificate autorotation

* Don\'t try to migrate to new roles and rolebinding within 1.7 upgrades

* Fix imagefs stats.

* Upgrade version of heaspter to v1.4.3.

* Remove conformance tag for internet connectivity

* Added device plugin e2e kubelet failure test

* Modified test/e2e_node/gpu-device-plugin.go to make sure it passes.

* Fixes test/e2e_node/gpu_device_plugin.go test failure.

* remove containers of deleted pods once all containers have exited

* Add permisions for Metrics Server to read resources on cluster level

* Version should be quoted so jq doesn\'t interpret it as numeric

* Change default --cert-dir for kubelet to a non-transient location

* code-generator: rename _test to _examples

* code-generator: turn hack/update-codegen.sh into re-usable generate-{internal,}-groups.sh scripts

* sample-apiserver: port to k8s.io/code-generator/generate-internal-groups.sh

* verify-pkg-names.sh: exclude generated informers

* Update generated files

* Ignore notFound when deleting firewall

* Use pointer for PSP allow escalation

* Handle missing subnet for auto networks and legacy networks

* Add group by default to kubeadm token create

* Fixes a regression introduced by PR 52290 that extended resource capacity may temporarily drop to zero after kubelet restarts and PODs restarted during that time window could fail to be scheduled.

* bazel: set --incompatible_disallow_set_constructor=false to fix breakage

* query --incompatible_comprehension_variables_do_not_leak=false

* In DevicePluginHandlerImpl.Allocate(), skips untracked extended resources. Otherwise, we would fail a Pod allocation request that has an extended resource not managed by any device plugin.

* Bump GLBC to 0.9.7

* fix generate-groups.sh

* code-generator: fix flag check in generate-internal-groups.sh

* Strip tokens from `kubeadm-config` config map

* gce:restrict file permissions for PKI assets

* Add client and server versions to the e2e.test output.

* Fix to prevent downward api change break on older versions

* Make CoreID\'s platform unique

* Fix flake for volume detach metrics

* fix #52462. Do not GC exited containers in running pods

* Kubernetes version v1.8.1 file updates

* Kubernetes version v1.8.2-beta.0 file updates

* Kubernetes version v1.8.2-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.1.

* Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role

* Update busybox image link to gcr.io for kube-proxy

* feature gate local storage allocatable eviction

* Ensure base image includes the modprobe binary

* Updated hash and version of image debian-hyperkube-base-amd64

* Removed unneeded change on WORKSPACE file

* User separate client for leader election in scheduler

* Fix hpa scaling above max replicas w/ scaleUpLimit

* Split downward API e2e test case for pod/host IP into two

* Create new targets for running in existing containers (GCB).

* Autoscaler metrics-server with pod-nanny

* Fixed metrics API group name in audit configuration

* client-gen: register standard flags

* Restrict GPU tests to use release 1.8 version of device plugins

* Bulk Verify Volumes Implementation for vSphere

* Unable to detach the vSphere volume from Powered off node

* start generating rbac serialization for v1

* PodSecurityPolicy: Do not mutate nil privileged field to false

* PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil

* PodSecurityPolicy: avoid unnecessary mutation of container capabilities

* PodSecurityPolicy: avoid unnecessary mutation of supplemental groups

* PodSecurityPolicy: pass effective capabilities to validation interface

* PodSecurityPolicy: limit validation to provided groups

* PodSecurityPolicy: pass effective selinux options to validate

* PodSecurityPolicy: pass effective runAsNonRoot and runAsUser to user validation interface

* GC: Add check for nil interface

* SecurityContext: Add accessors/mutators for effective container security context

* PodSecurityPolicy: avoid unnecessary securitycontext mutation

* PodSecurityPolicy: Order by name, prefer non-mutating policies, require
*api.Pod, allow GC updates

* fix avset nil issue in azure loadbalancer

* Adjust defaults of audit webhook backends

* Add throttling to the batching audit webhook

* Enable prometheus client metrics in apiserver

* Do not remove kubelet labels during startup

* Ensure network policy conversion round trips nil from field

* Always retry network connection error in webhook

* fix error message of custrom resource validation

* apiextensions-apiserver: stop cacher on CRD update

* apiextensions: create storage with accepted, not spec\'ed names

* apiextensions: keep CRD storage for updates outside of spec and accepted names

* apiextensions: fix test loop for CRD validation

* Removed the IPv6 prefix size limit for cluster-cidr

* Update bootstrap policy with replicaset/daemonset permissions in the apps API group

* Fix kube-proxy panic on cleanup

* Cluster Autoscaler 1.0.1

* Fix etcd hostnames

* Use GetByKey() in typeLister_NonNamespacedGet

* Make OpenStack LBaaS v2 Provider configurable

* Regenerate auto-generated code

* Kubernetes version v1.8.2 file updates

* Kubernetes version v1.8.3-beta.0 file updates

* Kubernetes version v1.8.3-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.2.

* Fix retry logic in service controller

* fix#50150: azure disk mount failure on coreos

* Use cloud environment to instantiate client

* Variable mismatch

* Fix `kubeadm init --token-ttl=0`/config `tokenTTL: \"0\"`.

* change default kind value of azure disk pv

* allow windows mount path

* fix azure pv crash due to readOnly nil

* Move fluentd-gcp out of host network

* Fix detach metric flake by not using exact equals

* Move hardcoded constants to the beginning of configure.sh script

* Specify correct subresource discovery info

* Use GVK from storage in API registration

* Test scale subresource discovery

* add windows implementation of GetMountRefs

* Bump version of prometheus-to-sd to 0.2.2.

* Fixing usage of clustered datastore to be absolute datastore

* add scheduling.k8s.io to apiVersionPriorities

* Use CIDR-aware proxy resolver for SPDY RoundTripper

* Fix `kubeadm upgrade plan` for offline operation

* Add openssh-client to the debian-hyperkube-base image

* update cadvisor godeps to v0.27.2

* fix #54499. Removed containers are not waiting

* Add a label which prevents a node from being added to a cloud load balancer.

* Append an alpha label to the exclude load balancer annotation.

* wqFlag gate node exclusion for service load balancers.

* Update service_controller.go to remove merge conflict markers

* rename metric reflector_xx_last_resource_version to reflector_last_resource_version{name=\"xx\"}

* Add GCP addon PodSecurityPolicies & Bindings

* GCP PodSecurityPolicy configuration

* PodSecurityPolicy E2E tests

* trigger endpoint update on pod deletion

* Fix typo in CHANGELOG-1.8.md

* Revert \"Validate if service has duplicate targetPort\"

* Introduce GCE-specific addon directory

* Aggregator test uses framework namespace.

* Update fluentd-gcp DaemonSet

* Cluster Autoscaler 1.0.2

* Remove dependency on drv_cfg binary for querying scalio devices

* ScaleIO - API source code update

* ScaleIO - Generated files

* Revert cherry-pick #55064

* Adjust resources for Metrics Server

* Reapply cherry-pick #55064

* Fix hyperkube kubelet --experimental-dockershim

* Updating Calico to v2.6.1

* RBAC for Calico Typha Horizontal Autoscaler

* Fix \'Schedulercache is corrupted\' error

* partial fix crd patch failing

* kubeadm: don\'t create duplicate volume/mount

* Kubernetes version v1.8.3 file updates

* Kubernetes version v1.8.4-beta.0 file updates

* Kubernetes version v1.8.4-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.3.

* GCE: provide an option to disable docker\'s live-restore

* Dockershim: print docker info output at startup

* kubectl apply does not send empty patch request

* fix panic bug

* Allow HPA to get custom metrics

* Make swap check as an error

* Set the NON_MASQUERADE_CIDR to 0/0 by default in GCE/GKE which disables masquerade rules setup by the kubelet. Add masquerade rules based on NON_MASQUERADE_CIDR being set to 0/0.

* Capture git export-subst strings in version.sh for \'git archive\' use.

* Explicitly set route_localnet on nodes & masters.

* avoid Registry in fake REST client

* fix errors

* Fix .git rsync filter

* Check dup NodePort with protocols when update services

* Add unit test for checking dup NodePort with protocols

* Add e2e test for checking dup NodePort with protocols

* Use \"==\" instead of DeepEqual for simple structs comparing.

* Return error instead of crashing apiserver when updating services with duplicate nodeports

* mount /lib/modules to kube-proxy

* update wrong group for priorityclasses

* Use whitelisted test image

* Fix session affinity with local endpoints traffic

* Source PodSecurityPolicies from addon subdir

* Reorganize addon PodSecurityPolicies

* Add optional addon PSPs

* Remove SSL cert volumes from heapster addons

* Add a cloud-init script to disable live-restore

* Bump addon manager version used to 6.5

* fix conditional for warning while starting KCM without secret file

* add ipvs default sync period

* Set \"--kubelet-preferred-address-types\" if ssh tunnel is not used. In additional don\'t advertise external address.

* Cluster Autoscaler 1.0.3

Fri Nov 17 13:00:00 2017 mjuraAATTsuse.com
- Set KUBE_GIT_COMMIT and KUBE_GIT_TREE_STATE compilation option, (bsc#1065972)

* Please check commit_id comment in kubernetes.spec

Fri Nov 10 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.7+8e1552342355496b62754e61ad5f802a0f3f1fa7:

* Fix clusterip for ExternalName service test

* Third party resources should not be part of conformance

* Disable invalid test case from dns externalName e2e test

* Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty

* Update kube-dns to 1.14.5

* Kubernetes version v1.7.7 file updates

Thu Oct 19 14:00:00 2017 mjuraAATTsuse.com
- Add kubectl fix for duplicate proto error, (bsc#1057277)

* kubectl-fix-duplicate-proto-error-bsc-1057277.patch

Fri Sep 29 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.7 (bsc#1061027):

* Fix clusterip for ExternalName service test

* Third party resources should not be part of conformance

* Disable invalid test case from dns externalName e2e test

* Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty

* Update kube-dns to 1.14.5

* Kubernetes version v1.7.7 file updates

Mon Sep 18 14:00:00 2017 jmassaguerplaAATTsuse.com
- Update to 1.7.6 (fix bsc#1059207)
[fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, AATTcrassirostris)
Cluster Autoscaler 0.6.2 (#52359, AATTmwielgus)
Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, AATTjpbetz)
Fix credentials providers for docker sandbox image. (#51870, AATTfeiskyer)
Fix security holes in GCE metadata proxy. (#51302, AATTihmccreery)
Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, AATTliggitt)
Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, AATTliggitt)
Fix a kube-controller-manager crash which can result when --concurrent-resource-quota-syncs is >1 and pods exist in the system containing certain alpha/beta annotation keys. (#52092, AATTironcladlou)
Make logdump support kubemark and support gke with \'use_custom_instance_list\' (#51834, AATTshyamjvs)
Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, AATTliggitt)
In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, AATTyujuhong)
Fix providerID update validation (#51761, AATTkarataliu)
Automated cherry pick of #50381 to release-1.7 (#51871, AATTfeiskyer)
The emptyDir.sizeLimit field is now correctly omitted from API requests and responses when unset. (#50163, AATTjingxu97)
Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, AATTgunjan5)
- Update to 1.7.5
Bumped Heapster version to 1.4.2 - more details https://github.com/kubernetes/heapster/releases/tag/v1.4.2. (#51620, AATTpiosz)
Fix for Pod stuck in ContainerCreating with error \"Volume is not yet attached according to node\". (#50806, AATTverult)
Fixed controller manager crash by making it tolerant to discovery errors.(#49767, AATTdeads2k)
Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag --enable-garbage-collector=false (#51469, AATTironcladlou)
Allow attach of volumes to multiple nodes for vSphere (#51066, AATTBaluDontu)
vSphere: Fix attach volume failing on the first try. (#51217, AATTBaluDontu)
azure: support retrieving access tokens via managed identity extension (#48854, AATTcolemickens)
Fixed a bug in strategic merge patch that caused kubectl apply to error out under some conditions (#50862, AATTguoshimin)
It is now posible to use flexVolumes to bind mount directories and files. (#50596, AATTadelton)
StatefulSet: Fix \"forbidden pod updates\" error on Pods created prior to upgrading to 1.7. (#48327) (#51149, AATTkow3ns)
Fixed regression in initial kubectl exec terminal dimensions (#51127, AATTchen-anders)
Enforcement of fsGroup; enable ScaleIO multiple-instance volume mapping; default PVC capacity; alignment of PVC, PV, and volume names for dynamic provisioning (#48999, AATTvladimirvivien)
- Update to 1.7.4
Azure: Allow VNet to be in a separate Resource Group. (#49725, AATTsylr)
Fix an issue where if a CSR is not approved initially by the SAR approver is not retried. (#49788, AATTmikedanese)
Cluster Autoscaler - fixes issues with taints and updates kube-proxy cpu request. (#50514, AATTmwielgus)
Bumped Heapster version to 1.4.1: (#50642, AATTpiosz)
handle gracefully problem when kubelet reports duplicated stats for the same container (see #47853) on Heapster side
fixed bugs and improved performance in Stackdriver Sink
fluentd-gcp addon: Fix a bug in the event-exporter, when repeated events were not sent to Stackdriver. (#50511, AATTcrassirostris)
Collect metrics from Heapster in Stackdriver mode. (#50517, AATTpiosz)
fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group. (#49805, AATTnbutton23)
Updates Cinder AttachDisk operation to be more reliable by delegating Detaches to volume manager. (#50042, AATTjingxu97)
fixes kubefed\'s ability to create RBAC roles in version-skewed clusters (#50537, AATTliggitt)
Fix data race during addition of new CRD (#50098, AATTnikhita)
Fix bug in scheduler that caused initially unschedulable pods to stuck in Pending state forever. (#50028, AATTjulia-stripe)
Fix incorrect retry logic in scheduler (#50106, AATTjulia-stripe)
GCE: Bump GLBC version to 0.9.6 (#50096, AATTnicksardo)
The NodeRestriction admission plugin now allows a node to evict pods bound to itself (#48707, AATTdanielfm)
Fixed a bug in the API server watch cache, which could cause a missing watch event immediately after cache initialization. (#49992, AATTliggitt)
- Update to 1.7.3
fix pdb validation bug on PodDisruptionBudgetSpec (#48706, AATTdixudx)
kubeadm: Fix join preflight check false negative (#49825, AATTerhudy)
Revert deprecation of vCenter port in vSphere Cloud Provider. (#49689, AATTdivyenpatel)
Fluentd-gcp DaemonSet exposes different set of metrics. (#48812, AATTcrassirostris)
Fixed OpenAPI Description and Nickname of API objects with subresources (#49357, AATTmbohlool)
Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server\'s IP address, consistent with non-websocket requests. (#49353, AATTliggitt)
kubeadm: Fixes a small bug where --config and --skip-
* flags couldn\'t be passed at the same time in validation. (#49498, AATTluxas)
kubeadm: Don\'t set a specific spc_t SELinux label on the etcd Static Pod as that is more privs than etcd needs and due to that spc_t isn\'t compatible with some OSes. (#49328, AATTeuank)
Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server\'s IP address, consistent with non-websocket requests. (#49353, AATTliggitt)
kubectl drain no longer spins trying to delete pods that do not exist (#49444, AATTeparis)
Fixes #49418 where kube-controller-manager can panic on volume.CanSupport methods and enter a crash loop. (#49420, AATTgnufied)
Fix Cinder to support http status 300 in pagination (#47602, AATTrootfs)
Automated cherry pick of #49079 upstream release 1.7 (#49254, AATTfeiskyer)
Fixed GlusterFS volumes taking too long to time out (#48709, AATTjsafrane)
The IP address and port for kube-proxy metrics server is now configurable via flag --metrics-bind-address (#48625, AATTmrhohn)
Special notice for kube-proxy in 1.7+ (including 1.7.0):
Healthz server (/healthz) will be served on 0.0.0.0:10256 by default.
Metrics server (/metrics and /proxyMode) will be served on 127.0.0.1:10249 by default.
Metrics server will continue serving /healthz.
- Update to 1.7.2
Use port 20256 for node-problem-detector in standalone mode. (#49316, AATTajitak)
GCE Cloud Provider: New created LoadBalancer type Service will have health checks for nodes by default if all nodes have version >= v1.7.2. (#49330, AATTMrHohn)
Azure PD (Managed/Blob) (#46360, AATTkhenidak)
Fix Pods using Portworx volumes getting stuck in ContainerCreating phase. (#48898, AATTharsh-px)
kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm (#49017, AATTluxas)
Fix pods failing to start when subPath is a dangling symlink from kubelet point of view, which can happen if it is running inside a container (#48555, AATTredbaron)
Never prevent deletion of resources as part of namespace lifecycle (#48733, AATTliggitt)
kubectl: Fix bug that showed terminated/evicted pods even without --show-all. (#48786, AATTjanetkuo)
Add a runtime warning about the kubeadm default token TTL changes. (#48838, AATTmattmoyer)
Local storage teardown fix (#48402, AATTianchakeres)
Fix udp service blackhole problem when number of backends changes from 0 to non-0 (#48524, AATTfreehan)
hpa: Prevent scaling below MinReplicas if desiredReplicas is zero (#48997, AATTjohanneswuerbach)
kubeadm: Fix a bug where kubeadm join would wait 5 seconds without doing anything. Now kubeadm join executes the tasks immediately. (#48737, AATTmattmoyer)
Fix a regression that broke the --config flag for kubeadm init. (#48915, AATTmattmoyer)
Fix service controller crash loop when Service with GCP LoadBalancer uses static IP (#48848, AATTnicksardo) (#48849, AATTnicksardo)
- Update to 1.7.1
Added new flag to kubeadm init: --node-name, that lets you specify the name of the Node object that will be created (#48594, AATTGheRivero)
Added new flag to kubeadm join: --node-name, that lets you specify the name of the Node object that\'s gonna be created (#48538, AATTGheRivero)
Fixes issue where you could not mount NFS or glusterFS volumes using hostnames on GCI/GKE with COS images. (#42376, AATTjingxu97)
Reduce amount of noise in Stackdriver Logging, generated by the event-exporter component in the fluentd-gcp addon. (#48712, AATTcrassirostris)
Add generic NoSchedule toleration to fluentd in gcp config. (#48182, AATTgmarek)
RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup. (#48480, AATTliggitt)
Support NoSchedule taints correctly in DaemonSet controller. (#48189, AATTmikedanese)
kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns (#48050, AATTluxas)

Tue Sep 12 14:00:00 2017 mmeisterAATTsuse.com
- fix docker 1.12.6 requirement in subpackages

Sun Sep 3 14:00:00 2017 kukukAATTsuse.de
- Exclude s390
- Fix building on aarch64

Fri Sep 1 14:00:00 2017 thippAATTsuse.de
- Require docker 1.12.6:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#external-dependency-version-information

Fri Sep 1 14:00:00 2017 mmeisterAATTsuse.com
- drop redundant BuildRequires
already present with golang(API) = 1.8

Thu Aug 17 14:00:00 2017 kukukAATTsuse.de
- Remove superfluous whitespaces as requested by sle-review-team

Thu Jul 13 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.0:

* Kubernetes 1.7 is a milestone release that adds security, stateful application,
and extensibility features motivated by widespread production use of Kubernetes.

* Security enhancements in this release include encrypted secrets (alpha),
network policy for pod-to-pod communication, the node authorizer to limit Kubelet
access to API resources, and Kubelet client / server TLS certificate rotation (alpha).

* Major features for stateful applications include automated updates to StatefulSets,
enhanced updates for DaemonSets, a burst mode for faster StatefulSets scaling,
and (alpha) support for local storage.

* Extensibility features include API aggregation (beta), CustomResourceDefinitions (beta)
in favor of ThirdPartyResources, support for extensible admission controllers (alpha),
pluggable cloud providers (alpha), and container runtime interface (CRI) enhancements.
- patch modifications:

* modify make-e2e_node-run-over-distro-bins.patch: supply additional args to
test-e2e-node.sh

* modify build-with-debug-info.patch: hard-code go binary invocation
- add_pr_template.patch
- fix-support-for-ppc64le.patch

Mon Jun 12 14:00:00 2017 fcastelliAATTsuse.com
- Update go build requirements: do not build with go >= 1.8 until
we kubernetes 1.7 is released (see https://github.com/kubernetes/kubernetes/issues/45935)

Thu Jun 8 14:00:00 2017 robert.rolandAATTsuse.com
- Adding a /etc/kubernetes/kubelet-initial EnvironmentFile that is expected
to set the KUBELET_INITIAL_ARGS variable so that a set of arguments that
only impact kubelet on the first run can be supplied. This removes the
need to restart kubelet when you change the node labels, for example.

Wed Jun 7 14:00:00 2017 fcastelliAATTsuse.com
- Change default kubernetes log level: use warning as base level of logging,
not debug.
- Change default kubelet configuration: do not tell kubelet to look for
the API server on localhost. 90% of the times this process is located
somewhere else. This also helps to fix/mitigate bsc#1042387

Mon Jun 5 14:00:00 2017 fcastelliAATTsuse.com
- Add kubelet-support-btrfs-fixes-bsc-1042383.patch needed to fix bsc#1042383
- Removed commented line referring to a patch file no longer shipped

Fri May 19 14:00:00 2017 jmassaguerplaAATTsuse.com
- Downgrade to version 1.5.3 because we just hit some new issues
(bsc#1039663) with k8s 1.6 and we don\'t have time to properly fix
and test 1.6, to make sure there are no new bugs, before the release.

Tue Apr 11 14:00:00 2017 jengelhAATTinai.de
- Update descriptions

Thu Apr 6 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.6.1:

* Bump cluster autoscaler to 0.5.1

* Kubernetes version v1.6.1-beta.0

* update-all.sh

* Better messaging when GKE certificate signing fails.

* Update busybox dependency to fix bazel build

* update-all.sh

* don\'t wait for first kubelet to be ready

* Fix problems of not-starting image pullers

* Kubernetes version v1.6.1

Mon Apr 3 14:00:00 2017 jmassaguerplaAATTsuse.com
- Remove get-rid-of-the-git-commands-in-mungedocs.patch: no mungedocs
Review patches:

* build-with-debug-info.patch

* fix-support-for-ppc64le.patch

* git-upstream.patch

* make-e2e_node-run-over-distro-bins.patch
- Remove 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch
because mesos has been moved to the incubator project:
https://github.com/kubernetes/kubernetes/pull/33658

Mon Apr 3 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.6.0:

* Kubernetes version v1.6.0-beta.0

* Generating docs for v1.6.0-beta.0 on release-1.6.

* update-all.sh.

* update-all.sh.

* Kubernetes version v1.6.0-beta.1

* update-staging-client-go.sh

* Kubernetes version v1.6.0-beta.2

* update-all.sh.

* Kubernetes version v1.6.0-beta.3

* update-all.sh.

* Kubernetes version v1.6.0-beta.4

* update-staging-client-go.sh

* Update NPD rbac.

* Kubernetes version v1.6.0-rc.1

* update-all.sh.

* Update a few regex patterns to support release candidates

* Added failing upgrade if there are many master replicas.

* added prompt warning if etcd3 media type isn\'t set during upgrade

* etcd upgrade warning: add docs link, fixed etcd2 behavior, print non-interactive

* in storage media upgrade prompt, provide config for using protobuf

* Kubernetes version v1.6.0

Mon Mar 27 14:00:00 2017 alvaro.saurinAATTsuse.com
- updated to to 1.5.5

Wed Mar 15 13:00:00 2017 alvaro.saurinAATTsuse.com
- updated to to 1.5.4

Thu Feb 23 13:00:00 2017 alvaro.saurinAATTsuse.com
- added some patches:
build-with-debug-info.patch, fix-support-for-ppc64le.patch,
get-rid-of-the-git-commands-in-mungedocs.patch, git-upstream.patch,
make-e2e_node-run-over-distro-bins.patch
- removed gcc-on-ppc64-and-arm.patch

Tue Jan 24 13:00:00 2017 jmassaguerplaAATTsuse.com
- exclude i586. We don\'t expect this package to build with i586

Mon Jan 23 13:00:00 2017 jmassaguerplaAATTsuse.com
- add kubernetes-rpmlintrc file to the spec file

Mon Nov 28 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix ownernship of service account key

Wed Nov 23 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix permissions in service account key

Thu Nov 17 13:00:00 2016 jmassaguerplaAATTsuse.com
- add the github PR templates or it does not build

Thu Nov 17 13:00:00 2016 asaurinAATTsuse.com
- Updated to 1.3.10
- AWS: fix volume device assignment race condition (#31090, AATTjustinsb)
- Test x509 intermediates correctly (#34524, AATTliggitt)
- Remove headers that are unnecessary for proxy target (#34076, AATTmbohlool)
- gci: decouple from the built-in kubelet version (#31367, AATTAmey-D)
- Bump GCE debian image to container-vm-v20161025 (CVE-2016-5195 Dirty… (#35825, AATTdchen1107)
- Add RELEASE_INFRA_PUSH related code to support pushes from kubernetes/release. (#28922, AATTdavid-mcmahon)

Wed Sep 14 14:00:00 2016 msabateAATTsuse.com
- Updated to 1.3.7
- Fix watch cache filtering (#29046, AATTliggitt)
- List all nodes and occupy cidr map before starting allocations (#29062, AATTbprashanth)
- Fix watch cache filtering (#28968, AATTliggitt)
- Lock all possible kubecfg files at the beginning of ModifyConfig. (#28232, AATTcjcullen)
- Removing images with multiple tags (#29316, AATTronnielai)
- kubectl: don\'t display an empty list when trying to get a single resource that isn\'t found (#28294, AATTncdc)
- Fix working_set calculation in kubelet (#29154, AATTvishh)
- Don\'t delete affinity when endpoints are empty (#28655, AATTfreehan)
- GCE bring-up: Differentiate NODE_TAGS from NODE_INSTANCE_PREFIX (#29141, AATTzmerlynn)
- Fix logrotate config on GCI (#29139, AATTadityakali)
- Do not query the metadata server to find out if running on GCE. Retry metadata server query for gcr if running on gce. (#28871, AATTvishh)
- Fix GPU resource validation (#28743, AATTtherc)
- Scale kube-proxy conntrack limits by cores (new default behavior) (#28876, AATTthockin)
- Don\'t recreate lb cloud resources on kcm restart (#29082, AATTbprashanth)
- NetworkPolicy cherry-pick 1.3 (#29556, AATTcaseydavenport)
- Allow mounts to run in parallel for non-attachable volumes (#28939, AATTsaad-ali)
- add enhanced volume and mount logging for block devices (#24797, AATTscreeley44)
- kube-up: increase download timeout for kubernetes.tar.gz (#29426, AATTjustinsb)
- Fix RBAC authorizer of ServiceAccount (#29071, AATTalbatross0)
- Update docker engine-api to dea108d3aa (#29144, AATTronnielai)
- Assume volume is detached if node doesn\'t exist (#29485, AATTsaad-ali)
- Make PD E2E Tests Wait for Detach to Prevent Kernel Errors (#29031, AATTsaad-ali)
- Fix \"PVC Volume not detached if pod deleted via namespace deletion\" issue (#29077, AATTsaad-ali)
- append an abac rule for $KUBE_USER. (#29164, AATTcjcullen)
- Update Dashboard UI to version v1.1.1 (#30273, AATTbryk)
- allow restricting subresource access (#30001, AATTdeads2k)
- Fix PVC.Status.Capacity and AccessModes after binding (#29982, AATTjsafrane)
- oidc authentication plugin: don\'t trim issuer URLs with trailing slashes (#29860, AATTericchiang)
- network/cni: Bring up the lo interface for rkt (#29310, AATTeuank)
- Fixing kube-up for CVM masters. (#29140, AATTmaisem)
- Addresses vSphere Volume Attach limits (#29881, AATTdagnello)
- Increase request timeout based on termination grace period (#31275, AATTdims)
- Skip safe to detach check if node API object no longer exists (#30737, AATTsaad-ali)
- Nodecontroller doesn\'t flip readiness on pods if kubeletVersion < 1.2.0 (#30828, AATTbprashanth)
- Update cadvisor to v0.23.9 to fix a problem where attempting to gather container filesystem usage statistics could result in corrupted devicemapper thin pool storage for Docker. (#30307, AATTsjenning)
- AWS: Add ap-south-1 to list of known AWS regions (#28428, AATTjustinsb)
- Back porting critical vSphere bug fixes to release 1.3 (#31993, AATTdagnello)
- Back port - Openstack provider allowing more than one service port for lbaas v2 (#32001, AATTdagnello)
- Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain (#32413, AATTfreehan)
- Fixes the panic that occurs in the federation controller manager when registering a GKE cluster to the federation. Fixes issue #30790. (#30940, AATTmadhusudancs)

Wed Jul 13 14:00:00 2016 tchvatalAATTsuse.com
- Run over with spec-cleaner
- Remove the prereq fillup as it is not used
- Use symlinks on fdupes not hardlinks
- Move scriptlet prior files to match rest of specs
- Switch to full url on sources for easy downloading
- Make node and master conflict, they both provide same config files
causing rpm conflicts

Tue Jul 12 14:00:00 2016 msabateAATTsuse.com
- Removed go as a build requirement
The golang-packaging build requirement already has go as a requirement.

Mon Jul 11 14:00:00 2016 msabateAATTsuse.com
- Re-added missing tmpfiles creation

Mon Jul 11 14:00:00 2016 msabateAATTsuse.com
- Improved the handling of /var/run/kubernetes

Fri Jul 8 14:00:00 2016 msabateAATTsuse.com
- Added some more macros from golang-packaging
I\'ve also done some minor changes and I\'ve merged the following two patches:
1. kubernets_change_cc_for_ppc64le.patch
2. 0001-SUSE-hack-use-native-system-compiler.patch
into the patch: gcc-on-ppc64-and-arm.patch

Wed Jul 6 14:00:00 2016 msabateAATTsuse.com
- Added %{go_nostrip} from golang-packaging
I\'ve also done some minor corrections

Tue Jul 5 14:00:00 2016 dmuellerAATTsuse.com
- fix tarball (was tar.gz instead of tar.xz)

Tue Jul 5 14:00:00 2016 cbraunerAATTsuse.com
- update to 1.3.0

* add _constraints file to get more disk space on aarch64

* fix url to show http://kubernetes.io

* remove bash completion instructions since bash completion has been removed
upstream and is replaced by a dedicated command that generates the bash
code on the fly

Thu Jun 23 14:00:00 2016 dmuellerAATTsuse.com
- add 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch,
0001-SUSE-hack-use-native-system-compiler.patch: Build on aarch64

Thu Jun 23 14:00:00 2016 dmuellerAATTsuse.com
- update to 1.2.4:

* Ensure status is not changed during an update of PV, PVC, HPA objects (#24924, AATTmqliang)

* GCI: Add two GCI specific metadata pairs (#25105, AATTandyzheng0831)

* Update salt config to allow Debian Jessie on GCE. (#25123, AATTjlewi)

* Fix DeletingLoadBalancer event generation. (#24833, AATTa-robinson)

* GCE: Prefer preconfigured node tags for firewalls, if available (#25148, AATTa-robinson)

* Drain pods created from ReplicaSets in \'kubectl drain\' (#23689, AATTmaclof)

* GCI: Update the command to get the image (#24987, AATTandyzheng0831)

* Validate deletion timestamp doesn\'t change on update (#24839, AATTliggitt)

* Add support for running clusters on GCI (#24893, AATTandyzheng0831)

* Trusty: Add retry in curl commands (#24749, AATTandyzheng0831)

Fri May 6 14:00:00 2016 fcastelliAATTsuse.com
- Add runtime requirement to kubelet

Thu May 5 14:00:00 2016 fcastelliAATTsuse.com
- Fix version tag inside of final packages

Thu Apr 28 14:00:00 2016 normandAATTlinux.vnet.ibm.com
- enable build ppc64le
new kubernets_change_cc_for_ppc64le.patch

Tue Apr 26 14:00:00 2016 fcastelliAATTsuse.com
- Updated to kubernetes v1.2.3

Fri Mar 18 13:00:00 2016 fcastelliAATTsuse.com
- Update to kuberneted v1.2.0

Fri Feb 19 13:00:00 2016 fcastelliAATTsuse.com
- Update to kubernetes v1.1.7
- Remove change-internal-to-inteernal.patch, no longer needed
- Cleanup of the spec file

Sat Sep 19 14:00:00 2015 fcastelliAATTsuse.com
- kubernetes-node: require the Docker package to be installed at runtime

Tue Sep 8 14:00:00 2015 dmacvicarAATTsuse.de
- initial package for 1.1.0 pre from git based on Fedora
package


 
ICM