SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for kubernetes-kubelet-1.13.2-9.1.x86_64.rpm :
Tue Jan 29 13:00:00 2019 mmeisterAATTsuse.com
- Drop obsolete patches:
- do-not-gc-sle-kubic-images.patch (container-feeder no longer used)
- build-with-debug-info.patch
- Disable rpmlint checks
- some kubernetes shell scripts use \'/usr/bin/env bash\' which rpmlint
doesn\'t like

Tue Jan 29 13:00:00 2019 opensuse-packagingAATTopensuse.org
- Update to version 1.13.2:

* Shorten re-read period for token files to work with ProjectedTokenVolumeSource

* Clean up artifacts variables in hack scripts

* make integration/verify script look for k8s under GOPATH

* Add request processing HPA into the queue after processing is finished. This fixes a bug with skipping request inserted by resync because previous one hasn\'t processed yet.

* change azure disk host cache to ReadOnly by default

* always use golint from vendor

* install golint from vendor

* vendor golint

* Rename UnmountMountPoint to CleanupMountPoint

* Move linux test utils to os-independent test file

* Add e2e test for removing the subpath directory

* Add comments around use of PathExists

* Add unit test for UnmountMountPoint

* Update doCleanSubpaths to use UnmountMountPoint

* Move unmount volume util from pkg/volume/util to pkg/util/mount

* autogenerated files

* Fix race in setting nominated node

* Add a test that reproduces the race condition between setting nominated node name of a pod and scheduling cycle of other pods

* update cloud provider boilerplate

* Bump dashboard to v1.10.1 for CVE-2018-18264

* storage_scheduling: retry operation as intended

* Protect Netlink calls with a mutex

* Fix tag on github.com/go-openapi

* Do not try to delete RS already in termination list

* Add info message showing the reason for skipping deletion

* Gofmt

* Avoid unbinding multiple times for multiport svc

* Update test for new CleanupLegacyServices function

* Apply graceful termination logic when unbinding addresses

* Apply graceful termination when deleting a service

* Leave refactoring TODO

* Check for volume-subpaths directory in orpahaned pod cleanup

* Fix create secret docker-registry compatibility

* Make scheduleinternalcache.PodFilter as public

* Add unit test to verify generated volume names.

* Rename GetUniqueVolumeNameForNonAttachableVolume to GetUniqueVolumeNameFromSpecWithPod

* Fix device mountable volume names in DSW

* fix race condition when attach azure disk in vmss

* Surface selected pod RuntimeHandler in Kubelet logs

* Ensure volume mount err checking done inside op

* Fix race condition when joining nodes

* kubeadm: fix nil check in join config creation

* New sysctls to improve pod termination

* Update to go1.11.4

* bump golang to 1.11.3 (CVE-2018-16875)

* kubeadm: fixed etcd sync endpoints

* Add/Update CHANGELOG-1.13.md for v1.13.1.

* Kubernetes version v1.13.2-beta.0 openapi-spec file updates

* fix kubelet log flushing issue in azure disk

* fix node and kubelet start times

* Disable proxy to loopback and linklocal

* diff: Make filename cross-platform compatible

* diff: Fix overlapping filenames

* add VMSize info in attach/detach azure disk

* activate unschedulable pods only if the node became more schedulable

* apply: fix detection of non-dry-run enabled servers

* plumb bearer token and token file for e2e

* Include BGPConfiguration

* Generalize handling of InactiveConn to TCP

* Handle UDP graceful termination

* Fix logic of delete function

* Display RS complete name in logs

* Surface help for insecure ports to explain how to disable

* Update Cluster Autoscaler version in gce manifests to 1.13.1

* Run old-style priority functions in parallel to the map-reduce style ones

* Avoid copying Extender struct while running priority functions

* Avoid copying PriorityConfig struct while running priority functions

* Fix sort-by regression

* Use kubeconfig flag instead of kubeconfig-dir in kubeadm init phase bootstrap-token

* Allow kube-scheduler to tolerate cluster auth config lookup failure

* Set delete propagation policy to background when removing jobs and its dependents

* Fix Azure node\'s internal IP address

* fixes autoscaling types conversion

* Plumb token and token file through rest.Config

* Use Node-Problem-Detector v0.6.0

* Volume exec file test: added NodeSelector to pod

* Refactor driverinfo feature support into capabilities map

* Add e2e test for file exec

* Check for subpath error in container status instead of pod events

* Add/Update CHANGELOG-1.13.md for v1.13.0.

* Kubernetes version v1.13.1-beta.0 openapi-spec file updates

* autogenerated files

* Change sort function of the scheduling queue to avoid starvation

* Add/Update CHANGELOG-1.13.md for v1.13.0-rc.2.

* Update portworx to move from glog to klog

* cache portworx API port

* Lookup PX api port from k8s service

* Revert \"CSI: enhance driver tests to update the drivers.\"

* Allow CSI Drivers suporting 0.x/1.x to use old dir

* Update Cluster Autoscaler version to 1.13.0

* fix detch azure disk issue by clean vm cache

* Add/Update CHANGELOG-1.13.md for v1.13.0-rc.1.

* Update CHANGELOG-1.13.md for v1.13.0-rc.1.

* Fix timeout for testPodFailSubpathError longer to avoid flake

* Make HostPath CSI driver persistent across restart.

* Update Cluster Autoscaler version to 1.13.0-rc.2

* Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate. But its corresponding bootstrap RBAC policy was shadowed by TokenRequest feature gate. This patch fix it.

* Forces fsnotify CREATE and REMOVE to occur serially

* Fix flake with e2e test that checks detach while mount in progress

* Fix testPodFailSubpathError to make only WaitTimeoutForPodEvent wait

* Fix eventOccurred to check message from all the events

* Update CHANGELOG-1.10.md for v1.10.11.

* Update CHANGELOG-1.11.md for v1.11.5.

* Update CHANGELOG-1.12.md for v1.12.3.

* Set deadline for returning backend error

* CSI: enhance driver tests to update the drivers.

* Verify backend upgraded connection

* kubeadm: add missing --config flag to mark-control-plane phase

* Fix kubeadm reset in case of external etcd

* Extend timeout before breaking node in autoscaling test

* should return error when attach/detach failed

* Update CHANGELOG-1.13.md for v1.13.0-beta.2.

* Add/Update CHANGELOG-1.13.md for v1.13.0-beta.2.

* Fix etcd connect for join --control-plane

* Permit use of deprecated dir in device plugin.

* Modify CSI to handle both 0.3 and 1.0

* Add missing feature gate to CSI driver uninstall

* Reduce csipb dependencies

* Modify kubelet watcher to support old versions

* kubeadm: override node registration options from command line

* kube-apiserver: fix missing global flags for --help

* kubeadm: config migrate handles more valid configs

* auto-generated file

* add --cloud-provider-gce-lb-src-cidrs for
*-controller-manager, and add test

*
*-controller-manager: fix missing global flags for --help

* Clear pod binding cache.

* Update github.com/json-iterator/go to 1.1.4

* Fixes kubeadm 857

* Optimistic-locking on diff

* Allow kubectl patcher to patch specific version

* Fix bug with volume getting marked as not in-use with pending op

* kubeadm: override node registration options from command line

* kubeadm: Bump minimum Kubernetes version to v1.12

* Fix io test to use unique file names and cleanup all files

* `kubeadm init` supports sparse certificates

* Move some test functions into test utils

* kubeadm: adds etcd server version for 1.13

* Add flags to kubeadm init phase uploadconfig all

* kubeapiserver: rename \'--experimental-encryption-provider-config\' to \'--encryption-provider-config\'.

* kubeadm: fix issues in the v1beta1 godoc

* Fix flaky \'shouldn\'t trigger additional scale-ups during processing scale-up\' test

* fix release note

* Revert \"Make bootstrap client cert loading part of rotation\"

* Add/Update CHANGELOG-1.13.md for v1.13.0-beta.1.

* Update CHANGELOG-1.13.md for v1.13.0-beta.1.

* Ensure the bootstrap rotation code is tested by forcing rotation

* Make bootstrap client cert loading part of rotation

* Update e2e tests to include CSI

* Update pluginwatcher to ignore CSI metadata dir and non socket files

* Tolerate apiserver being older than controller-manager

* patch webhook authenticator to support token review with arbitrary audiences

* plumb apiAudience to TokenReview registry

* Fix kubelet panic.

* Remove devicePath dependency for CSI volumes

* Don\'t allow --csr-only for CA certs or all

* autogenerated

* authn: add Audiences to TokenReview

* ensure scheduler preemptor behaves in an efficient/correct path

* Revert \"Merge pull request #67205 from roycaihw/crd-openapi-spec\"

* Revert \"Merge pull request #71137 from sttts/sttts-crd-openapi-spec-recursive-v2-prune\"

* fix a scheduler panic due to internal cache inconsistency

* Revert \"Make csi alpha failing test skip\"

* Augmenting API call retry in nodeinfomanager

* Fix kubeadm etcd manifests to use brackets around IPv6 addrs

* Simplify GCE PD CSI Socket path

* migrate service account volume to a projected volume

* explicitly set run as user/group in addons that set this config in their dockerfile

* update PSPs to allow projected volumes

* Fix BlockVolume feature gate toggling in validation & defaults unit tests

* Add volume mode downgrade test: should not mount/map in <1.13

* Remove [Feature:BlockVolume] everywhere

* Update all tests to account for BlockVolume enabled by default

* Generate code for BlockVolume beta promotion

* Promote BlockVolume to beta

* autogenerated

* fix a description error in DynamicAuditing feature

* apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion

* generated

* fix client-side specification of timeout now that it is honored

* update client generator for local timeout

* kubeadm: Allow customizing the image repository via flags

* Add tests to ensure feature gate changes don\'t escape kubelet/scheduler packages

* fix scheduler and kubelet unit tests leaking feature flag changes

* Add tests to ensure storage feature gate changes don\'t escape packages

* fix storage unit tests leaking feature flag changes

* Fix storage feature gate test setting

* kubeadm phases add all subcommands

* Fixed clearing of devicePath after UnmountDevice

* add reviewer

* kubeadm: Warn on API server bind address override

* Make fluentd container runtime service configurable.

* Add option to k8s apiserver to reject incoming requests upon audit failure

* set net/ipv4/vs/conn_reuse_mode to 0

* Update CSI tests to point to 1.0.0 external bits.

* fixes duplicated describer client

* support statefulset in kubectl autoscale command

* kubectl: small internal to external type fix

* Update CSI client to pick up CSI v1.0.0 changes

* add basic e2e test and integration for CRD openapi

* Bump grpc from 1.7.5 to 1.13.0

* Update vendored CSI from v0.3 to v1.0.0

* kubeadm: update autogenerated bazel

* kubeadm: handle strict config unmarshaling

* Fix the comment for csi block pathes to make look the same to filesystem

* Kubelet Plugin Registration v1 update fix

* Fix renewing certificates via the API

* Fixes flaky tests for kubectl port-forward

* generated

* Convert and construct OpenAPI v2 spec from CRD

* Add watchdog for leader election logic getting wedged

* Apiextensions-apiserver aggregates CRD schemas

* Allow apiextensions-apiserver to import kube-openapi

* Enable aggregator apiserver resyncing openapi spec

* Option to generate CSRs instead of issued certificates

* increase the liveness probe delay for GCE e2e tests, to avoid premature teardown

* add kubelet grpc server for pod-resources service

* add KubeletPodResources feature-gate

* generate go client for kubelet podresources API

* add kubelet pod-resources API definition

* apiserver: propagate panics from REST handlers correctly

* apiserver: preserve stack trace in handler panic beyond timeout handler

* prune internal clients from kubectl describer

* PV Controller: fix recycling

* Rename tag for CSI skip attach tests

* Fix validateMixedArgs for phases

* apiserver: in timeout_test separate out handler

* Refactor New function

* Remove todo from init phase

* Minor update to the comment block characters for kubeadm

* Delegate creation of publishPath to driver and allow creating device file directly

* adds dynamic audit configuration generated

* Report KCM as unhealthy if leader election is wedged. Feedback from lavalamp and deads2k. Changed Check() logic to be central to LeaderElector. Further changes, especially cleaning up the test code.

* adds dynamic audit configuration

* Fix kubeadm upload-config kubeadm example

* Add README for nodelocaldns

* Tolerate existing CSI fields in PVs when the feature is disabled

* kubeadm: fix godocs indentation for v1beta1

* kubeadm: document required etcd configuration

* Change stagingPath to be a directory

* Update generated

* Build OpenAPI Definitions per group instead of per resource

* Kubeadm phases - add local flags

* Fix for adding block volume support to CSI RBD driver

* e2e/storage: distinct test names for provisioning

* Fix CreateSecPodWithNodeName to properly set node to be deployed

* Tighten up validation of VolumeAttachment fields

* reset helptext alignment

* Update CHANGELOG-1.10.md for v1.10.10.

* Add volumeattachment status subresource

* Generated files

* Promote VolumeAttachment to storage.k8s.io/v1 API

* Promote CSIPersistentVolumeSource to GA

* Move CSIPersistentVolume feature to GA

* Kubelet plugin watcher update to v1

* Pluginregistration package updat to v1

* Fix density test

* DeltaFIFO cleanup

* Remove self-deletion permissions from kubelets

* Limit kubelets from updating their own labels

* retrofit svcacct token authenticator to support audience validation

* TokenRequestProjections should allow API server to default empty audience

* Typo fix: healtcheck->healthcheck (#65394)

* Fix sending oversided data frames to spdy stream

* Removed .salt template , using .sed template

* Fixup language on help message to denote phases

* fix typos in test/e2e/kubectl/kubectl.go

* cleanup error handling in apiserver opts validation

* split TokenRequest initialization out of run and into complete and validate

* Remove serial from gcepd-external tests

* replace golang.org/x/exp/inotify with standalone library

* exclude etcd from the liveness health check for the kube-apiserver on GCE

* add ability to exclude health checks from failing healthz by passing in a query param

* Revert \"kubeadm: Create control plane with ClusterFirstWithHostNet dns policy\"

* kubeadm: update notes and example config in v1beta1 godocs

* fix a typo error imported by https://github.com/kubernetes/kubernetes/pull/68812

* Remove k8s.io/client-go/util/cert/triple

* Feature gate update to GA

* update kubectl run to generate apps/v1 deployments

* rootcacertpublisher: trigger resync on namespace add and update

* Disable equivalence cache by default in the scheduler integration tests

* dedup APIAudiences config in kube-apiserver, use GenericConfig field

* kubeadm graduate addons phase

* Move csr.RequestNodeCertificate into kubelet bootstrap package

* Remove unused funcs in certutil

* kubeadm: set pod-infra-container-image for the kubelet

* Recognize newer docker versions without -ce/-ee suffix

* updates license year

* kubeadm: Adds tests to node patching

* autogen files

* Use watch cache when rv=0 even when limit is set

* iptables reset text message

* Remove DynamicKubeletConfig from init and join workflow, also remove DynamicKubeletConfig feature gate

* Introduce kubeapiserver.config.k8s.io/v1 with EncryptionConfiguration and use a standard method for parsing config file.

* kubeadm: print the join command should happen after all the phases in init have finished

* Handle validation of drivers in Spec and Status

* e2e/storage: avoid fmt.Sprintf for single string

* Add validation of CSINodeInfo before Create/Update calls

* fix kubeadm upgrade

* added non-optional and empty key test cases for secret and configMap

* fixup! add longest_running_processor_microseconds metric

* Unexport csr.ParseCSR

* update cAdvisor godeps to v0.32.0

* Support running a nodelocal dns cache

* kubectl: move custom columns printers and flags

* add BoundServiceAccountTokenVolume feature

* pkg/kubelet/stats: Add container log size metric

* fixup! add longest_running_processor_microseconds metric

* make oidc authenticator (more?) audience aware

* fixes kubeadm 1221 to remove AuditPolicyConfiguration Added conversion test and failure.

* always enable TokenRequest in GCE kube-up.sh

* Add test for CRD server-dry-run and fix bug

* add longest_running_processor_microseconds metric

* Upgrade Stackdriver Logging Agent addon image to 0.6-1.6.0-1 to use Fluentd v1.2.

* update bazel

* defer finalizing pods for cronjobs to server delete

* Handler error when kubeconfig file not exist on kubeadm reset

* kubeadm: update the state in app/cmd.go

* Write HostAliases aliases on same line per host IP

* Improve usability of CSI plugin metrics

* combine syncs in rootcacertpublisher

* Support multiple arguments for cordon and drain

* Fix the TestRunApplyPrintsValidObjectList test

* Fix dry-run output in kubectl apply --prune

* auto-generated file

* kube-scheduler: output flags in logical sections

* add log_file option to kubelet flags

* kubeadm: update generated docs for mark-control-plane phase

* kubeadm: graduate mark-control-plane phase

* fixup! Test workqueue metrics

* fixup! Test workqueue metrics

* autogenerated

* kubeadm refactor joinControlPlane config

* autogenerated

* add DNS struct to kubeadm config

* s/glog/klog/ - keep up with master

* Update all the staging Godeps.json

* Fix issues with verify-imports.sh

* Update vendor dependencies

* Move from glog to klog

* add Ready column for kubectl get sts command

* generated files

* Test workqueue metrics

* Update generated files

* CRD Conversion

* Fix a race in the scheduler.

* adds dynamic audit plugins generated

* adds dynamic audit plugins

* E2E Test

* Example webhook implementation (used in E2E test)

* Make csi alpha failing test skip

* Add multi PVC versions of tests for delayed binding

* kubectl get: remove internal resource dependency

* kubectl: remove redundant test

* add a metric that can be used to notice stuck worker threads

* Don\'t compare interface values in dynamic config controller

* Remove useBetaAPI option from getReplicaZoneURI

* fix for test failure #70774

* Update heketi dependencies to shaAATT558b29266ce0a873991ecfb3edc41a668a998514.

* kubeadm: UnifiedControlPlaneImage -> UseHyperKubeImage

* CoreDNS should respect user taints

* autogenerated

* Update unit tests after the rename

* kubeadm: InitConfiguration.APIEndpoint -> LocalAPIEndpoint

* [kubeadm/app/..add other packages]Switch to github.com/pkg/errors

* code cleanup for kubectl taint

* Update addon-manager to 1.8.4

* Change semantics of driver install and uninstall in CSINodeInfo to use new fields.

* Updated test files with new fields

* Add fields available and volumePluginMechanism to CSINodeInfo CRD API Object. Split CSINodeInfo into Spec and Status.

* Revert \"Hold mutex lock shorter when processing inter-pod affinity/anti-affin…\"

* add description for pod readiness gate

* Results of running update scripts: update-openapi-spec update-federation-openapi-spec

* Fix conformance test error with log level 8

* Pluginwatcher should prevent kubelet from starting if we cannot watch the plugin root

* finish controller name change and don\'t double check feature flag

* Pluginwatcher: log error when walking fs rather than fail

* Fix pluginwatcher panic on failed startup

* kubeadm: Remove cluster name from JoinConfiguration

* kubectl convert: add deprecation warning for 1.13

* generated

* Remove unused openapi-gen cmd

* Revert resource limits priority function

* kubeadm: Remove feature gates from JoinConfiguration

* Add unit test case for empty list

* kube-scheduler: add secure serving and authn/z integration tests

* kube-scheduler: split out cmd Run func

* integration: rename test/integration/{controllermanager -> serving}

* kube-scheduler: move stopCh creation out of scheduler factory code

* kube-scheduler: enable secure ports 10259

* [kubeadm] Update CoreDNS Version

* update version of CoreDNS to 1.2.6

* Add debug info: scheduler extenders\'s score and its name for each pod

* Delete node lease if the corresponding node is deleted

* Fix CSI CRD installation for Alpha clusters

* To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace. This patch add a controller called \"root-ca-cert-publisher\" to complete above job as well as some bootstrap rbac policies.

* kubeadm graduate bootstrap-token phase

* Revert \"Activate unschedulable pods only if the node became more schedulable\"

* add readiness gates column in the wide printout for pod

* kubeadm: use client-go\'s MakeCSRFromTemplate() in \'renew\'

* Fix test driver\'s unique name consistent

* Kubernetes version v1.14.0-alpha.0 openapi-spec file updates

* Feature: Implements Raw Block Volume Support for in-tree vSphere plugin

* Update kubelet node status report logic with node lease feature

* add With method for allowed URL options on delegated authorization

* Add license declaration to forked godep

* Remove ignore on GodepVersion and Godep comments

* Update godeps

* Remove godep from REQUIRED_BINS

* Use ensured godep instead of relying on PATH

* remove unused python-image from cluster/addons

* Delete extraneous CHANGELOG-
*.md files on branch.

* Move Regional PD to GA

* fix healthz checkerNames test so that it tests against the expected output

* Switch to sigs.k8s.io/yaml from ghodss/yaml

* generated

* Integration test (please review with -w to ignore

* API server serves CRD per-version schema/subresources/columns

* Validation, defaulting and pre-create/update strategy for

* Add feature gate and API changes for multi-version

* Removed feature gates selfhosting, HA and store certs in secrets. Added new alpha command to pivot to self hosted Removed slelfhosting upgrade ability Added warning message to self hosted pivot added certs in secrets flag to new selfhosting comand

* prune internal client from ca registration hook

* Make csi drivers and in-tree drivers share e2e tests

* kubeadm: prepull Etcd image only if required

* Fix index out of range error when sorting kubectl get

* Don\'t fail RCConfig.start on node restart.

* remove duplicate default in kubelet --help

* Remove deprecated kubectl command aliases kubectl run-container

* Mark configmap and downwardapi tests with sig-node

* update code change for golang.org/x/net/... to release-branch.go1.10

* update staging godeps for golang.org/x/net/... to release-branch.go1.10

* update godeps for golang.org/x/net/... to release-branch.go1.10

* e2e: Better error reporting in firewall test

* Add the existence check of /proc/net/nf_conntrack

* kubectl version should print just client information in the absence of kubeconfig

* Install ensured godep inside hermetic GOPATH

* Modify forked godep to have custom version

* Use a fixed abbreviation size in `git describe` output

* Move godep from vendor to third_party/forked/

* Register CSI CRDs as addon

* remove subpath readonly test for new directories

* Fix csi rbac in e2e manifests

* fixup! Add a scheduler cache dumper

* Include read access to controllerrevisions for admin/edit/view roles

* allow delegated authorization to have privileged groups

* Filter out spammy audit logs from cluster autoscaler.

* kubeadm graduate upload-config phase

* A few improvements for DeleteResourceAndWaitForGC:

* Refactor GlusterFS PV spec.

* e2e: create and patch items of type Secret, code cleanup

* Modify waitForPodsInactive to return meaningful error message.

* serviceaccount subproject approvers/reviewers

* auth policy subproject approvers/reviewers

* node-isolation approvers/reviewers

* encryption-at-rest approvers/reviewers

* certificates subproject approvers/reviewers

* authorizers subproject approvers/reviewers

* authenticators subproject approvers/reviewers

* audit subproject owners/reviewers

* e2e: block all master addresses

* fix slice sharing bug in cgroup manager

* Update to gazelle 0.15.0

* Update to rules_go 0.16.2

* Move volume scheduling feature to GA

* adding test case for flex volume resize on pod restart

* Remove subPath tests from host_path.go

* Autogenerated files

* Add a scheduler cache dumper

* remove webhook cache implementation and replace with the token cache

* kubeadm: make sure that commands are not added for hidden phases

* periodically reload tokens read from TokenFile in kubeconfig

* Fix Typo: mataData -> metaData; masquared -> masquerade

* improve sorting efficiency

* cmd/kube-controller-manager: add myself as approver

* kubeadm: Add configurable control plane up timeout

* Add more logging to e2e HPA tests

* Modify the wrong function name

* Fix end-to-end test logic to get image name

* remove duplicate default value in kubelet --help

* update bazel

* use \'nf_conntrack\' instead of \'nf_conntrack_ipv4\' for linux kernel >= 4.19

* Fixes lint errors in kubeapiserver packages

* Add CRDs to etcd storage path test

* Update bazel

* Validate kubeconfig files in case of external CA mode

* autogenerated

* improve flags management in phases

* Bump golang version to 1.11.2

* Fix error wrap on pki_helpers

* Modify the judgement condtion in elasticsearch_logging_discovery.go

* delete some para no need used in local volume

* fix local volume getVolumeSourceFSType func by golint

* Hold mutex lock shorter when processing inter-pod affinity/anti-affinity priority function

* fixes unnecessary dry import for test regression

* Do not allocate memory for pods that do not have inter-pod affinity/anti-affinity

* Update pd csi e2e yamls with latest driver

* Fix csi volume attach limit

* chore(apiserver): nit fix

* Build file generated

* Remove resource priority limit e2e function

* refactors kubeapiserver webhook utility to be generic generated

* refactors kubeapiserver webhook utility to be generic

* kubectl: remove unnecessary internal->external conversion before PrintObj

* kubeadm: Writable to ReadOnly in HostPathMount

* Fix overflow issue on renewal

* kubeadm: autogenerated docs for wait-control-plane phase

* kubeadm: graduate wait-control-plane phase

* fix typo Kubernets to Kubernetes

* e2e: remove \"nodes\" permission from driver-registrar RBAC

* Correct test name typo in validation.

* Deflake e2e HPA tests

* fix a bug that --tail option does not take effects in \'kubectl logs --selector xx=xx --tail 3\'

* kubeadm: Control plane config moved to substructs

* Replace getPVCName() with a variable

* remove retry operation on attach/detach disk

* validate args for kubectl config view

* change UltraSSD default perf

* Remove the redundant space

* remove meaningless case

* Fix some golint errors for packages in `pkg/kubectl`

* Use `audit.k8s.io/v1` as default value of option --audit-webhook-version and --audit-log-version in release 1.13

* Add UPDATE_API_KNOWN_VIOLATIONS=true to Makefile.generated_files

* updates audit endpoints test

* Drop generated clients for Scale types

* CSI Kubelet Plugin Watcher unregistration

* fix typo

* kubeadm: autogenerated docs for etcd phase

* kubeadm: graduate the etcd phase

* configure cluster domain via flags

* cmd/cloud-controller-manager: add myself as approver

* improve the expression of some comments

* Set arp_ignore and arp_announce flags

* fix golint errors in pkg/volume/
*

* kubeadm: Perform IPVS check on join only if the cluster was set up with IPVS.

* leaderelection: reduce renewed lease verbosity

* move certs/pkiutil to generic kubeadm utils

* add ultrassd support

* Update bazel build

* Add dns capabilities to CNI for windows containers

* use loopback client connection instead of direct etcd call in master lease

* update generated deps

* Update a few dependencies

* wrap all audience unaware authenticators in kube-apiserver

* create audience unaware authenticator wrappers

* kubectl: change legacyscheme codecs to direct codecs (no conversion)

* move audience context functions to authenticator package

* Update generated files

* recreate violation_exceptions.list

* update kube-openapi dep

* autogenerated

* kubeadm alpha commands

* Fix typos on cmd/kubeadm/app/cmd

* Promote Replication Controller and Replica Set e2e tests to Conformance

* FeatureGate and API Validation for CRD Webhook Conversion

* Refactor webhookclientConfig validation of admission and audit registration

* API Types for CRD conversion

* gce: move more stuff into main and refactor detect whether configure-helpers.sh was sourced

* test switching between standalone/Ingress NEG

* Update import-boss restrictions - pkg/controller

* Remove mount propagation feature gate logic

* kubeadm: autogenerated docs

* kubeadm: move the control-plane phase to the phase runner

* Add MaciekPytel to test OWNERS.

* Update CHANGELOG-1.13.md for v1.13.0-alpha.3.

* glusterfs: Allow admin to provide custom endpoint/service name prefix

* Ensure orphan public IPs deleted

* upgrade azure sdk to support ultra ssd

* e2e: less verbose item creation

* fix auditsink validation output

* add more ut for runasuser/runasusername

* kubectl: fixes expose bug for workload without selectors

* combine similar code where calucate schedule priority

* fix openstack provider to handle only Cinder volumes

* git ignore vendordiff.patch to avoid accidental checkin

* Fix for the \'kubectl explain crd --recursive\' goes into an infinite loop issue

* Update API-related owners files

* kubeadm: remove the unit test TestRunListTokens

* Deflake HPA tests

* prevent sorting of PATH dirs

* add e2e tests for TaintBasedEvictions

* Update comments on the OwnerReference to acknowledge that the owning object can be cluster scoped.

* Fix capacities as well

* Add GetScale/UpdateScale methods to apps/v1 clients

* Fix retainKeys patchStrategy in apps/deployments

* Fix GetScale/UpdateScale type for replicationcontroller client

* autogenerated

* kubeadm graduate kubeconfig phase

* fix AWS volume and cloud provider import order

* kubeadm: APIServerEndpoints -> APIServerEndpoint

* fix typo

* clean unused functions in ./pkg/printers/internalversion/printers.go

* add BUILD

* [kubeadm/app/]switch to github.com/pkg/errors

* e2e: live streaming of pod events and stdout for CSI volume tests

* code cleanup for kubectl top

* Fix golint error for `pkg/volume/util/resize_util.go`

* Enable allocatable support for Windows nodes

* activate unschedulable pods only if the node became more schedulable

* improve cephfs fuse error log level

* Correct some errors in returned message

* Fix an error in log info

* Fixes golint in test/utils/image

* default api audiences to service account token issuer if available

* Add myself as reviewer to test/conformance/OWNERS

* make gc admission set attribute namespace correctly for owners

* Remove unused code in aws cloud provider

* bazel: use starlark implementations of http_archive and http_file

* Implement a basic RuntimeClass E2E

* bazel: bump repo-infra dependency

* Fixed lint errors for pkg/cloudprovider/providers/gce. Fixed minor issues. Cleaned up from merge errors.

* Revert \"Improve multi-authorizer errors\"

* Remove spurious vendordiff.patch file

* extend tests to support ipv6 functionality

* kubeadm: graduate `certs` phase: update documentation

* kubeadm: graduate `certs` phase

* glusterfs: remove a redundant comment

* glusterfs: improve a comment block

* Tolerate lack of namespace permissions in RBAC reconciliation

* Swap cmd_test to cmd package in kubeadm/app/cmd/config_test.go

* Added tracing for long running requests.

* Improve Azure instance metadata handling

* Add support for projected volume in describe function

* remove internal informer/lister generator

* prune internal informer from kubeapiserver constructor

* duplicated glog.V(10) when had a if glog.V(10)

* delete internal informer/lister

* Refactor scheduler_test.go to use Clientset

* Update bazel

* Get etcd data dir from kubeadm config or use etcd manifest as fallback on kubeadm reset

* staing/apimachinery: fix typo \"perfer\" to \"prefer\"

* Build files

* Fix e2e node status updates

* autogenerated

* kubeadm graduate kubelet-start phase

* add module \'nf_conntrack\' in ipvs prerequisite check

* Address code review comments

* Generated changes for make body a optional parameter

* fix(bug): make body a optional parameter in [DELETE] /apis/batch/v1/namespaces/{namespace}/jobs/{name}

* Switch kubectl rollout to directly rolling back deployments

* Revert \"limit forbidden error to details of what was forbidden\"

* e2e: update bazel BUILD files

* e2e CSI: bump all containers to v0.4.1

* fix ContinueOnError visitor

* echo audiences in anonymous and insecure authenticators

* e2e: deploy from manifest files + enhance CSI volume output

* Deprecate critical pod annotation

* Fix e2e test and build file

* Fix default algorithm provider priority insertion

* scale test service account token projection in kubemark

* fix golint for /pkg/util/ipconfig and /pkg/util/resourcecontainer-2

* Update CHANGELOG-1.12.md for v1.12.2.

* Fix a typo in source code comment

* GlusterFS: Use pvc uid instead of pvc name in glusterfs endpoint name.

* Update deprecation warning for kubectl run

* e2e: Only do LB health check reconciliation test on GCE

* Disambiguate \"unsupported provider\" messages

* Documentation re-formatting

* e2e: simplify gcePD .yaml files

* e2e framework: UniqueName

* Address CR comments and add more tests

* [kubeadm/app/util]switch to github.com/pkg/errors

* replace contrustor of ad controller with config.complete.new flow

* display EphemeralStorage usage with kubectl describe node

* fix typo in predicates_test.go

* Update CHANGELOG-1.11.md for v1.11.4.

* generated files

* Update daemonset fixture to match apps/v1 defaulting behavior

* fixup extensions->apps references

* stop generating GetScale/UpdateScale for internal clients

* Change registration and custom conversion from extensions to apps

* Move fuzzing from extensions to apps

* Move extensions validation to apps

* Move extensions types to apps

* remove CustomMetricTarget

* Add new driver config for testing PD CSI driver out of tree

* Improve comments for when hostPath in Windows needs to be transformed

* bump metadata-concealment version to 1.1.1

* always allow unimportant legacy root paths

* Add regions ap-northeast-3 and eu-west-3

* Updating build files after review comments

* test/e2e/storage: use relatime for checking NFS options

* test/e2e/storage: provide useful output if test fail

* Incorporating review comments

* Fix typecheck test error message

* Update srcimporter.go to golang/goAATT5f0a9ba

* Fix typo in Bug Report issue template

* Use debian-base instead of busybox as base image for server images

* changes for update-bazel script

* changes done to enable br_filter and ip_forward for debian packages

* Optimized map allocation in Replace methods

* generated proto: remove trailing whitespace

* Remove trailing whitespace in proto generator

* auto-generated file

* add kube-controller manager round trip test

* Change back HPA e2e tests to request 500 mCPU

* make use of common generator script in aggregator codegen

* respect GOFLAGS when compiling aggregator and add env args

* [kubeadm/app/cmd]switch to github.com/pkg/errors

* Adopt multiple issue templates (#68774)

* Change GCE LB health check interval from 2s to 8s, unhealthyThreashold to 3

* Remove forked go/types

* Swap typecheck to use go/types stdlib

* Update e2e test image manifests

* Update to use kube-addon-manager:v8.9

* Update to use debian-iptables v11.0 and debian-hyperkube-base 0.12.0

* test/e2e/apps: fix race in cronjob test

* Prune internal clientset/informer from kubeapiserver admission initializer (#70167)

* certificate_manager: Check that template differs from current cert before rotation

* Updated Regional PD failover test to use node taints instead of instance group deletion

* e2e: allow unknown providers with a warning

* e2e tests for flex volume expand

* adding support for expanding in use persistent volumes for Flex

* Move the provisioning test for retain policy back to volume_provisioning.go

* Switch from mirror to main download site for zookeeper

* Increment version for metadata-concealment test image

* add more scheduler benchmark testcases

* Update CHANGELOG-1.13.md for v1.13.0-alpha.2.

* remove kubeClient != nil when using glog.Fatalf

* autogenerated

* kubeadm graduate kubelet-start phase

* fix incorrect return value of kubeadm pre-flight checks

* update token authn constructor

* Update vendor package github.com/coreos/...

* sync missing secret type to external api repo

* switch informer in token authn

* Annotate errors in apimachinery e2e tests

* Replace resyncTicker with syncTicker in commenting

* Update regions.go

* cni: rate and limit must be both set

* adding Datadog Cluster Agent to the list of Custom Metrics Providers

* Add system root unit test

* Generated files

* Fix omitempty/optional indicator on CABundle fields

* Correct regexp check in IsNodeUnmanagedByProvider

* externalize psp admission controller

* Avoid short-circuiting conversion when decoding into opinionated unstructured objects

* Instantiate unstructured objects with versions in custom resource handler

* Allow specifying the hub group-version for a handler

* Inline patch#toUnversioned

* Test custom resource scaling with multiple versions

* apiextensions: add smoke test checking that patches apply to non-storage versions

* Add metrics to volume scheduling operations

* nodeController should send events to api server when nodeController eviction happens

* Deflake e2e tests of HPA

* Fix missing \'break\'

* use more specific authenticator.Audiences type in TokenRequest registry

* remove OutOfDisk condition in kubelet

* trivial fix

* promote --service-account-api-audiences to top level kube-apiserver config

* Fix linting issues in staging/src/k8s.io/client-go/discovery/
*

* generated files

* Update the doc to say that we will use RFC 3339 format to store the timestamp.

* Make it clear that the timestamp is a unix time in millis.

* fixes the way the informers are started in sample controller pkg

* make token cache include audience in hash key

* rebase authenticators onto new interface.

* tokenreview: authenticator interface changes

* Move minimum set of dynamic provisioning e2e test to testsuites

* Switch windows runtime endpoints to npipe

* Fix service targetPort with string for Windows

* fixes wild serviceaccount controller options

* improve azure disk attachment perf on Linux

* Currently, kubelet token mamanger only clean tokens who are expired. For tokens with long expiration, if the pod who creates them got killed or evicted, those tokens may stay in kubelet\'s memory until they are expired. It\'s bad for kubelet and node itself. After this patch, each time a pod was deleted, token manager would clean related tokens.

* tests: Fixes DNS tests false positives

* updates shared apiserver webhook client

* Fix grammatical errors and repeat words

* kubeadm: fix missing error handling

* kubeadm: don\'t prepull etcd image on upgrade

* kubeadm: fix typo: missing round bracket

* CSI client: added missing lock when reading from csiDrivers

* kubeadm: check required number of CPUs on master

* Remove temporary workaround for scheduler alpha config-loading

* register skeleton provider

* fix container port to key by both port and protocol

* Refactor dry run test to reuse ETCD storage data

* pass in stopCh for GCE cluster ID controller

* pass in stopCh to cloud provider Initialize method for custom controllers

* Add api-machinery \'watch-consistency\' e2e test

* Update annotation name and documentation.

* Changed prepare-log-file to take args for setting uid/gid for log files.

* Avoid dropping resourcequota metadata in controller

* Update to debian-base 0.4.0

* Requeue work item on syncHandler error

* Rename and update the doc.

* Specify in the documentation that the timestamp will be expressed in milliseconds.

* debian-base: purge libsystemd0 to eliminate CVE false-positives

* kubeadm: sort pod Volumes and VolumeMounts

* clean up redundant code

* fix reference to controlManagerExtraAargs

* add more logging for azure disk diagnostics

* add myself to node reviwers

* Remove error output from stdout to stderr

* make error messages more helpful for some e2e auth tests

* kubectl: copy deployment util dependency into kubectl

* make coredns kubeup default, update manifest

* Set the default for EnableServiceLinks only in Pod

* fix lint issues in the apis/abac directory (except latest.go)

* docs/admin: add OWNERS file with cmd/kubeadm approvers

* add dns pod memory constraint

* Opt out of chowning and chmoding from kubectl cp.

* Add EndpointsLastTriggerTime annotation.

* kubeadm: Introduce config print init/join-defaults

* autogenerated

* kubeadm graduate preflight phase

* Add guidance for testing in the PR template

* remove unneed if block for kubectl delete command

* update bazel

* use PodSecurityPolicySpec of policy/v1beta1 instead of extensions/v1beta1

* Include vendor/k8s.io in coverage.

* Make sure kubelet is restarted in the storage test

* Clean cross-build image and update to protoc 3.0.2

* Skip node cidr mask size check for cloud allocation.

* Changes when .metadata.generation of a CR increments.

* kubectl: move translated data into kubectl

* kubectl: remove internalclientset dependency

* Put node lease lister behind feature gate

* Simplify taint manager workqueue keys

* Allow components to generate certificates in-memory

* remove duplicate kubeadm root check

* Combine creating a volume and applying tags in one operation

* kubeadm: skip upgrade if manifest is not changed

* delete node from aws if it is terminated

* Use sudo only when not already root

* Use our forked qemu-static-register scripts instead of a privileged container

* Fix path to qemu-binfmt-conf.sh

* Fork multiarch/qemu-user-static registration scripts

* add azure premium file support

* add UT code for cleanLegacyBindAddr

* add some helpers to Audiences to find intersecting audiences

* fix golint for some of pkg/util

* Add CSI action required to 1.12 release notes

* Add test cases for taintbasedevictions

* Fix golint errors when generating informer code

* Remove myself from OWNERS files.

* Fluentd: concatenate long logs (>16KB) which have been splitted by Docker into several lines.

* fluent-es-image: sort plugins in Gemfile.

* fluent-es-image: add fluentd-plugin-concat to gemfile.

* Fix node join taints

* adding more strict release note language

* Base conformance image on debian-hyperkube-base:0.11.0 and reenable by default

* Use debian-hyperkube-base:0.11.0 and remove qemu registration

* Create hyperkube symlinks in base image

* Reduce cardinality of admission webhook metrics

* More complete list of possible labels

* E2E and build file generated

* Dynamic client watchers should be able to handle ERROR gracefully

* All kubectl/cmds need visibility on pkg/kubectl/util

* Remove defaulting from test that uses kubectl.Scheme

* Fix govet errors in generators

* Cut a dependency between kubectl and the rest of the repo

* Move versioned generators into their own package

* Promote resource limits priority functions to beta

* Consistently print errors to stderr and add newlines to cordon

* Update CHANGELOG-1.10.md for v1.10.9.

* adds dynamic audit api generated

* adds dynamic audit api

* kubeadm: Split discovery from JoinConfiguration

* validte args for kubectl api-versions/api-resources

* fix register wrong configz for
*-controller-manager

* cmd init refactor

* Grant permissions for batch/job to cluster-autoscaler

* change azure file mount permission to 0777

* Delete repeated words and fix misspellings

* etcd2 code cleanup, remove deserialization cache

* tolerate both http(s) and git urls for cherry_pick_pull

* make tokentest available to tests only

* Adds label prompt and explanation to pull request template

* enable and improve e2e of NoExecuteTaintManager

* Upgraded the test to 1.10 Sample API server.

* Add CHANGELOG-1.13.md for v1.13.0-alpha.1.

* Use fsync instead of sync for test

* fix comments

* fix golint issues for pkg/volume/empty_dir

* Remove duplicate words

* Add tests for `csiDriverClient`

* Make CreatePrivilegedPSPBinding reentrant

* use etcd endpoint from advertise-client-urls

* promote TaintBasedEvictions featuregate to beta

* Add pkg/probe/OWNERS

* kubectl: update to use correct printers package

* Update heapster eventer addon-resizer to 1.8.3

* Add kube-state-metrics nanny configuration

* Fix addon-resizer version - 1.8.3

* Switch off KUBE_BUILD_CONFORMANCE to diagnose a ci-cross issue

* Fix error messages suggesting invalid flag

* Fix syntax error

* resycn psp api

* clean all unused packages under pkg/util

* remove last traces of old registry name

* Update usages of http.ResponseWriter.WriteHeader to use http.Error

* Disable OWNERS inheritance on key api change directories

* kubeadm: modify SetKubernetesVersion

* Remove excess \'in\'

* Fix a bug in node tree when all nodes in a zone are removed

* Broaden scope of host path types to skip processing in Windows

* Move pkg/scheduler/algorithm/well_known_labels.go out

* fix issue that e2e script exits due to unbound variables

* fix bug, infinite recursive call of GetLoadBalancerName()

* Update BASEIMAGE

* kubectl: copy printer tabwriter into kubectl

* dry-run: Promote from Alpha to Beta

* kubectl diff: Print error when something goes wrong

* Bazel: stop using deprecated docker_ rules and turn on stamping

* kubectl taint: copy core taintutil dependency into kubectl

* upstream heptio/kube-conformance

* Add auth-delegator permissions for e2e sample server test

* Remove flaky test by avoiding reuse of name for replicaset

* Fix WaitTimeoutForPodEvent logic

* kubectl dry-run: Check for server didn\'t work on create

* kubectl diff: Rename KUBERNETES_EXTERNAL_DIFF to KUBECTL_EXTERNAL_DIFF

* run make update

* Add unit tests for CSI mount options

* fix omitempty on ProcMount

* add phase runner

* Add tolerations for Stackdriver Logging and Metadata Agents.

* fix some typos

* Update golint download URL

* fix typos

* Add etcd ports constant

* Refactor scheduler factory test

* Remove ericchiang from OWNERS files

* AWS: unexport unnecessarily exported methods and variables about recognize region

* NodeLifecycleController treats node lease renewal as a heartbeat signal

* rename AWS CP TestParseInstance

* sync PSP v1beta1 api definitions with internals

* e2e: fix some small typos

* Manual changes to package visibility

* Generated changes

* Move pkg/kubectl/cmd/templates -> pkg/kubectl/util/temlpates

* Fix typo in CHANGELOG-1.10.md

* Adds support for `LC_MESSAGES` and `LC_ALL`

* use k8s.gcr.io/pause instead of kubernetes/pause

* kubectl: copy pod utils into util/podutils package

* Add support for mount options to CSI drivers

* cleanup pkg/apis/core/types.go

* Add test to ensure backward compatability for timestamps

* remove unnecessary time type

* Fix typos in the test comments

* Add labels when conformance/ directory changes

* Fixup log

* Seed math/rand in TestMain before tests are executed

* Remove unnecessary random re-seeding

* Simplify random seed initialization

* e2e: update bazel BUILD files

* Fix pastBackoffLimitOnFailure when backoffLimit is zero

* e2e: modular framework

* Add support for JSON patch in fake client

* Adding cheftako as approver for gce. Lead on sig cloud-provider. Also providing support for gce cloud provider.

* [scheduler cleanup phase 1]: Move NodeInfo utils into pkg/scheduler/cache

* e2e: speed up DNS tests

* e2e: remove workarounds for etcd2 test jobs

* certs: Delete useless code

* Update the list of SIG scheduling reviewers

* `kubectl get priorityclass` prints value column

* Add cli-runtime to make tests

* Fix error argument

* dry-run: Verify if the object supports dry-run

* dry-run: Create class to find if a type is a CRD

* Create a method to check dryRun is supported

* Fix up test cases

* Updating ghodss/yaml and gopkg.in/yaml.v2 to latest version

* [scheduler cleanup phase 1]: Move CacheComparer to pkg/scheduler/internal/cache/comparer

* kubeadm: allow usage --config with --print-join-command

* cherry_pick_pull should work for non-k/k repos

* add test for new constructor

* create a new scheduler constructor

* Remove excessive warnings with x509 certificate auth Suppress common name verify warning log and roll up into returned error

* Improve the ipvs error message

* adds dynamic informer factory

* Aligned sched_perf owner.

* Adding more kernel config paths

* improve err msg for runtimeError

* Add x13n to metadata-agent manifest OWNERS

* tokenreview: add APIAudiences config to generic API server and augment context

* add volume topology-aware dynamic provisioning integration case

* api changes for psp runasgroup policy

* Update build and conformance test list

* Update test suite names

* Keep related test cases and delete the rest

* Break up projected.go into projected_combined/configmap/secret/downwardapi

* account for disabled legacy metadata endpoints

* Remove pod status.phase check from pod event handlers

* kubectl factory client access: Moves remaining internal references into callers

* Fixes golint for test/list

* kubadm: remove misleading message in `init`

* Differentiate multizone zonal from Regional Cluster. Fixed go format and unit test. Collapse lines. Switched to using regional throughout and added warning for HA Zonal.

* Enable insertId generation, update Stackdriver Logging Agent image to 0.5-1.5.36-1-k8s and add priorityClassName for Metadata Agent.

* Add table printer for resource quotas

* kubeadm-improve-apidoc

* fix paths w shortcuts when copying from pods

* upgrade azure go sdk for azure file premium support

* add provision failure hook in fake volume plugin

* Fixed subpath in containerized kubelet.

* improve decription of command \'kubectl create clusterrole\'

* fix GetVolumeLimits log flushing issue

* Fix golint issues for pkg/volume/{fc,flocker} packages

* staging/README: add cloud-provider repo

* Add import restrictions for cloud-provider

* fix bug not checkou err before defer conn.CLose()

* update bazel

* reuse func getNodeIP

* Allow an empty \"\" runtimeHandler

* Remove deprecated --etcd-quorum-read flag

* Fix find-binary to locate bazel e2e tests

* tests: Makes tests\' commands platform agnostic

* remove unused code of (pkg/controller)

* Fixes webhook test failures

* Add test for kubectl cluster-info dump

* Introduce test harness into unit tests

* kubectl rollback: remove duplicated code for printing pod template

* Remove superfluous MkdirAll from MakeTempDirOrDie

* kubectl env resolve: copy core fieldpath and resource dependencies into kubectl

* Allow inverted key/cert order in combined PEM file

* Update etcd client to 3.3.9

* Allows to use named ports in the kubectl portforward

* fix golint for pkg/cloudprovider/providers/aws

* refactor index_test to compress the basic expected assertions

* Update elasticsearch to v6.3.0

* Fix typos of readme.md

* Fix overwriting env variables in kube-apiserver manifest

* Retry attaching multipath iSCSI volumes

* clean unused package: pkg/util/term

* Add canonical import paths to storage packages

* remove --skip-preflight-checks deprecated info

* cleanup: delete duplicate lines

* util/config` packages; filenames and methods should be updated to use new names

* port-forward listen on address

* Manual changes to package visibility and test dependencies

* Generated changes

* React to moves

* Move each kubectl command to a separate directory

* [scheduler cleanup phase 1]: Move FakeCache to pkg/scheduler/internal/cache/fake

* Move scheduler cache interface and implementation to pkg/scheduler/internal/cache

* fix golint errors in pkg/util/strings

* Correctly handle named pipe host mounts for Windows

* fix vet error in test/soak/serve_hostnames/serve_hostnames.go

* fix vet error in test/soak/cauldron/cauldron.go

* fix vet error in plugin/pkg/admission/storage/persistentvolume/label/admission.go

* fix vet error in pkg/kubelet/kubelet_test.go

* fix vet error in pkg/controller/route/route_controller_test.go

* Update gofmt for go1.11

* Fix TestGetNameFromCallsite as the test runner line changed.

* Bump golang version to 1.11.1

* Bump repo-infra to e8f2f7c

* Bump rules_go to 0.15.4 to support go1.11.1

* Update CHANGELOG-1.12.md for v1.12.1.

* Increase time-out of kms-service concurrency tests.

* Remove the duplicated words in test files

* correct directory modes

* e2e: update bazel BUILD files

* e2e/lifecycle: decentralized settings

* e2e/instrumentation: decentralized settings

* e2e/storage: decentralized settings

* e2e: clarify and enhance configuration support

* Replace Parallelize with function ParallelizeUntil and formally deprecate the Parallelize

* kubeadm: Allow mixing Init and Join Configurations

* kubeadm: do not panic if etcd local alpha phase is called when an external etcd config is used

* Sort bind options in JoinMountOptions

* Moving the cloudprovider interface to staging.

* kubeadm: handle stable-1 as the default version

* kubectl rollback: remove legacyscheme dependency

* [aws] allow true/false in lb annotations

* Updated approvers for winkernel

* Populate ClientCA in delegating auth setup

* Run kms-plugin in its own POD.

* Switch e2e_node to etcd3

* Remove etcd2 storage backend

* staging/README: add cluster boostrap

* Make staging repo creation instructions clearer

* autogenerated

* Fix tests

* Automated bump from v1alpha3 references to v1beta1

* Add a duplicated v1beta1 API

* Bump github.com/google/certificate-transparency-go to v1.0.21

* kubectl fake test factory: replace legacyscheme with kubectl scheme

* Fix to reflect commnet

* NodeAuthorizer and NodeRestriction integration test for CSINodeInfo permissions

* kubectl helpers test: remove core dependencies

* storage: propagate TransformFromStorage errors from List

* kubectl run test: remove legacyscheme dependency and cleanups

* storage: printf cleanups

* kubeadm: fix printf format error

* Update OWNERS files for GCE-related components

* Update options of master/node-os-distro

* kubectl apply test: remove core testapi dependency

* e2e: change test strings to avoid error highlighting

* Fix descriptor lock release logic for block volume unmapDevice

* fix inconsistency in updating hns policy

* Make the golint verify script MacOS compatible

* Check client_ca configmap needs update

* support mount options in setup

* kubectl set tests: remove testapi core dependency

* kubectl get test: remove testapi dependencies and cleanups

* mountoptions support for local storage

* Add `log-level` mount option support for glusterfs plugin

* refactor envelope to use cryptobytes

* generated

* Add Create and Update Options to rest param installation

* Add validation for percentage-of-nodes-to-score of the scheduler config

* GCP: Remove the deprecated google-json-key support

* Update provisioner name and don\'t supply zone in GCE PD CSI test

* Remove redundant [Serial] tags and dont delete CRD\'s at the end of test

* Add Pod Security Policy back in to GCE PD Cluster Role

* kubectl rolling-updater test: remove testapi and core testing dependency

* kubectl validation test: remove unused testapi dependency

* Allow hostname-override flag to be used if specified

* kubectl drain/cmd test: remove testapi dependency

* Bump cluster-proportional-autoscaler to 1.3.0 - Rebase docker image on scratch.

* Bump addon-manager to v8.8 - Rebase docker image on debian-base:0.3.2.

* Add a e2e test to check node limits

* Update defaultbackend to v1.5

* Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s.io/cluster-bootstrap

* kubeadm: include better details about v1alpha3 godocs - update examples in v1alpha3/doc.go - add docs link when printing `kubeadm config print-default`

* Mark optional fields as really optional.

* use signer interface for certificate creation

* e2e: update bazel BUILD files

* e2e: abstract access to additional files

* Rename node status to node health in NodeLifecycleController

* Enable audit logging truncating backend.

* Extract cpu requests to separate env variables.

* network/cni: more informative log messages

* Update addon-manager to use debian-base:0.3.2.

* fix cri-o when using unix prefix

* improve pleg error msg when it has never been successful

* add myself and cheftako to services/routes controller OWNERS

* test: Wait for pod event to show up

* fix golint for pkg/volume/gce_pd

* Update CHANGELOG-1.9.md for v1.9.11.

* Enable volume limit feature by default

* allow condition value to specified for kubectl wait

* Increase the pod start short timeout

* cmd/kubeadm: add neolit123 as reviewer

* E2E CSI: bump versions of sidecar containers to 0.4.0

* kubeadm: fix kubeadm join using existing certs

* add opt to track dns pods

* pass handler ctx to node rest nodegetter

* Rename the constant that refers to the `kubeadm-config` ConfigMap

* Use token file for in cluster config during e2e tests

* Add controller roles to CSI e2e tests

* Add missing step to in-cluster-client-configuration example

* update list of default admission plugins

* Promote pod\'s websocket based NodeConformance tests to Conformance

* fix bugs introduced by ipvs graceful termination

* Fix test name: s/overriden/overridden

* Update default backend image

* fix typo

* fix typo

* Fix the confusing kubelet logs about imageGC

* Upgrade the release version info in CHANGELOG.md

* scheduler: add error handling for bind

* set default admission plugins on local-up-cluster.sh

* add nsswitch to busybox control plane images

* Add fall-back to get node IP on host_path tests

* \"gcloud beta compute networks subnets\" stopped working, fails with the erros: - The request did not match the specified API. \"gcloud compute networks subnets\" works with the latest gcloud release.

* Adding few VMware contributors as approvers for vsphere volume plugin

* updated cmd/kubeadm/.import-restrictions with dependencies

* upgrading sample-apiserver to 1.10

* move SchedulingQueue to pkg/scheduler/internal/queue

* auto-generated files

* add deprecation warnings for all cloud providers

* CHANGELOG-1.12: fix outdated information

* kubectl remove references to internal version of resources

* fix typo

* Fix flake in CSI plugin e2e test

* Bug fix - revert metrics-server base CPU resources back to 40 mCPU

* autogenerated

* Restore fuzzer test

* cleanup v1alpha3 conversion to internal

* remove flag: insecure-experimental-approve-all-kubelet-csrs-for-group

* Cleaned Up Sig-Azure

* Use proper manifest images

* fix kubectl wait with no resource name provided

* correct CHANGELOG-1.12

* Adding myself as OWNER for vSphere Cloud Provider. And removing few users who are not owners.

* Add jpbetz and wenjiaswe to cluster/images/etcd OWNERS

* Update CHANGELOG-1.12.md for v1.12.0.

* kubectl replaced reference to internal version of Deployment with external version

* fix golint error on head. the type should not be declared with the var, as it will be inferred

* Add sig-cli as approver for testdata

* Remove extra debugging log::status call

* shutdown schedulingQueue gracefully

* kubectl replace legacyscheme with kubectl scheme in two tests

* kubectl remove internal version references in polymorphichelpers

* kubectl small fix for config view to replace legacyscheme with kubectl scheme

* Move `diff` command to root rather than alpha

* Use dry-run patch to get the merged version of the object

* Add slow test comment and format import statements

* cleanup duplicate assignment logic in scheduler

* Kubelet should not create a new pod sandbox if all containers are done

* Add mock for UpdateBetaBackendService

* kubectl remove internal version of resource for rollout pause/resume

* Lazily dial kms-plugin.

* remove duplicate words in files

* Purge the manifest after the push

* Fix panic in kubectl rollout commands

* Update authenticated-image-pulling with fat manifest image

* Deduplicate list of directories

* Fix Stackdriver custom metrics tests

* fix panic: kubectl rollout undo

* Add \"MayRunAs\" value among other GroupStrategies

* Unmount iSCSI device only if it\'s mounted.

* Fixed panic in iSCSI.UnmountDevice

* add pod age to describe node

* Set PriorityClassName when there\'s a default PirorityClass.

* ipvs connection based graceful termination

* ipvs support graceful termination

* func getPodsMatchingAffinity no longer exists,dont need it in comment

* Cleaned up lint errors in pkg/kubeapiserver/server.

* namespace exists externalization

* namespace autoprovision externalization

* Populates the fake dynamic client scheme

* fix some golint in staging/src/k8s.io/apiserver/pkg/admission/plugin/

* use http.StatusOK instead of 200

* Create unique mac address per endpoint

* Replaces dependency on internal version of resource with external version

* Replace internal reference of last-applied-config with external reference for diff

* autogenerated files

* Remove PDB and its event handlers from the scheduler cache

* Replace internal dependency on last-applied-configuration with external dependency

* Changes to be more consistent about import aliases and group/kind

* Random typo fix

* More cleanup

* Remove unused client in rollout status

* Add configmap get to system:kube-controller-manager

* Make sure we pass mount options while creating bind mounts

* Fix code generation by adding missing parameter

* Re-enable smoke tests in verify-codegen script

* Add MixedCase example project

* Remove lowercasing for project imports

* Update GCE PD CSI Driver to run by default and automatically set up secrets with GCP Service Account Key

* autogenerated

* removal of v1alpha2

* Remove pointer receivers from schema structs

* AWS: Add tests for awsTagging.hasClusterTag

* fix scheduler crash when Prioritize Map function failed

* Ensure reproducible builds - support for SOURCE_DATE_EPOCH with dockerized builds

* Add fallbacks for getting node IP from Azure IMDS

* Fixes #65869 Do not listen insecurely if secure port is specified

* add a test case which check secret\'s type

* Update crictl to v1.12.0

* remove unneed parameter in test struct

* Remove unused chaosclient

* Only allow apiserver to follow redriects to the same host

* Added support for regional calls to GetClusters Fixed issues from lavalamp and verification. Added todo. Fixed import sections.

* Expose public function to init fake GCECloud + add common hooks

* update netd node selector label to cloud.google.com/gke-netd-ready

* simplify run method of kube-scheduler cmd

* Add e2e test for mutating webhooks affecting webhook-config objects

* make sure that log includes user information

* if driver disable support of FSGroup, mounter will not process the volume ownership

* set api version and action name in fake evictions

* return error if make dir failed when setting up azure file volume

* fix the output of dryrun when label the same value as original

* fix allow-priviledge not work in local-up-cluster

* AWS: Add a simple test for \"shared\" tag

* Got allocatable GPUs.

* add validation for etc resolve parsing

* Promote kubelet NodeConformance tests to Conformance

* Add unit tests for getting vmss node IP

* Get public IP for Azure vmss nodes

* minor fix

* Add helpful log for checking cgrop path

* fix api rules docs

* kubectl: Drop backOff from DrainOptions

* fix typographic errors in test utils file

* Add scheduler throughput metric.

* hack/update-gofmt.sh

* hack/update-bazel.sh

* fix kubeadm import restrictions

* find & replace version import

* hack/update-bazel.sh

* move pkg/util/version into staging

* More specific import aliases

* Replace internal version of resource in drain test with external version

* Replace internal version of resource with external version for tests

* Update pluginwatcher doc

* fixes bsd / gnu sed

* Promote emptyDir wrapper volume tests to conformance

* Change pause version value to a constant for image

* Keep backward compatibility for \'node.Spec.Unschedulable\'.

* Fix for man pages do not build reproducibly

* Return error from NodeGetInfo

* fix golint for pkg/volume/aws_ebs

* Update bazel

* Update notes to document why invalidation order is important.

* Use seqeuence number to represent generation of equivalence cache.

* Fix spelling

* Revert \"Use sync.map to scale ecache better\"

* Enable TTLAfterFinished e2e test

* Address review comments

* Update CHANGELOG-1.12.md for v1.12.0-rc.2.

* Upgrade test naming consistency for sig

* Fix Panic in PersistentVolumes:vsphere

* Update comment to reflect the new logic

* Add comment to specify default

* Add guidelines for creating new staging repos

* Renamed pluginwatcher README to README.md

* extract volume attachment status checking operation as a common function when attaching a CSI volume

* Configure resource-only container with memory limit

* CSI E2E: retry csi-pod creation

* Start synchronizing pods after network is ready.

* Add unit tests for InstanceShutdownByProviderID

* Fix nodes power state on Azure

* fix some typo

* fix some typo

* Removed taint check as DaemonSet tolerates default taints.

* Move storage tests that take longer than 2 minutes to slow suite

* kubeadm: fix broken Docker 17.xx validation

* adds dynamic lister

* Use the v1.12 branch by default

* Replace internal version Encoder with external version Encoder for autoscale.

* Replace internal version Encoder with external version encoder for create and create_test.

* Update kubeadm v1alpha3 example configuration

* Remove etcd 3.2.18 from the etcd image

* Update to use etcd:3.2.24-1 image

* Bump kube-dns to 1.14.13 - Update Alpine base image to 3.8.1. - Build multi-arch images correctly.

* PDB checks should not be done for terminal pods while evicting

* oidc: respect the legacy goog issuer

* fix golint issue for pkg/volume/flexvolume package

* Create control plane with ClusterFirstWithHostNet dns policy

* Promote non-table based container runtime test to conformance

* Process only CPU and memory stats when Kubelete stats API is called with only_cpu_and_memory parameter. Before all stats were processed and removed before returning.

* Update according to review comments.

* Remove unused function in downwardapi.go

* update vendor

* fix a small typo

* fix syntax error:\'its\'

* generated

* POSTing rollback returns metav1.Status

* Continue using go1.8.7 in etcd image

* Update etcd image revision

* Updated PodExecOptions to external version

* pkg/proxy: only set sysctl if not already set

* Revert \"Add DNS pod resource monitoring option\"

* Bump version of fluentd-gcp-scaler

* kubeadm: Use GetGenericImage for kube-dns

* Clean up support doc resources

* HPA stabilizes initial recommendation

* Wait for events instead of just checking them in cronjob e2e

* Ignore non-avaiable volumes in findMatchingVolume: update tests

* Image manifest for debian-base

* Manifest image for debian-hyperkube-base

* Manifest for debian-iptables image

* Manifest for etcd image

* kubeadm: include the \'certs renew\' sub-command in the CLI

* fix UnmountDevice failure on Windows

* Update kube-dns container images.

* Change service from internal version to external version

* Fetch gke-exec-plugin license file along with the binary

* Update CHANGELOG-1.12.md for v1.12.0-rc.1.

* Don\'t run limitranger admission plugin on pod update requests

* Avoid setting Masked/ReadOnly paths when pod is privileged

* Add privileged test pod security policy to local volume provisioner test service account

* Removing CRD installation from attach detach controller

* Updating CSI e2e test to create CSI CRDs; storing CRD spec in a common location

* Move legacyscheme (internal version) to kubectl scheme (external version)

* Update to golang 1.10.4

* bazel: update debian-iptables and debian-hyperkube-base

* fix typo in cleanup of aggregator test

* GetMountRefs shouldn\'t error when file doesn\'g exist in Windows and nsenter. Add unit test

* Add go profile instrumentation to kubectl

* Disable DNS federation test

* Fix DS tests to set their namespaces to empty node selectors so that they keep working with PodNodeSelector plugin.

* do not merge: test coredns with mem bump

* Update custom metrics conversion functions

* Move INSTALL.md from k8s.io/client-go to staging

* Made image registries configurable from registry.yaml file

* dont merge this commit

* Restore
*filter table for ipvs

* Add REUSE_CERT to skip creaing new ca/cert files

* fix bug that defer in infinite loop

* typo fix from utilites to utilities

* Update to use debian-iptables v10.2 and debian-hyperkube-base 0.10.2

* Fix drain for evicting terminal DS pods and pods with local storage

* Install netbase in debian-iptables and debian-hyperkube-base as it is needed by ipvs

* GetMountRefs should not fail if the path supplied does not exist anymore. It has no mount references

* Include PV wait confirmation for Disruptive PV tests

* Add seans3 to sig-cli reviewers list

* e2e/framework: update kubernetes-anywhere path

* Fix to inject KUBERNETES_ env vars when enableServiceLinks is false and the pod is in the master namespace.

* kubelet: Make service environment variables optional

* Renew certificates as part of upgrade rather than recreating them

* Add dns pod monitoring option

* Bump metrics-server to v0.3.1

* Update kubeadm v1alpha3 example

* Update Cluster Autoscaler version 1.12.0

* Fixed subpath cleanup when /var/lib/kubelet is a symlink.

* Check network condition ready when waiting for ready nodes

* remove duplicated words in heap.go and interfaces.go

* Upgrade kubeadm\'s version of docker support

* Port kubelet e2e_node tests to e2e

* fix golint failures - /pkg/kubelet/images

* add version to cloud-controller

* Update CHANGELOG-1.10.md for v1.10.8.

* fix patch compare in test

* Fixed registration of the BanFlunder AdmissionController

* kubeadm: remove unit test TestNewCmdReset

* kubeadm: update MinimumControlPlaneVersion to v1.11.0

* Add serviceaccounts permission for ClusterRole, required by Calico v3.2.0+.

* Replace internal version Encoder with external version Encoder

* Replace internal version Encoder with external version Encoder

* Fixed leaking dynamic provioning test PDs

* Replace internal version Encoder with external version Encoder

* verify invalid secret/configmap/projected volumes

* Allow nodeName updates when endPoint is updated.

* CSI fix for proper fsgroup application to volume

* Coerce componentconfig/v1alpha1 KubeSchedulerConfiguration to kubescheduler.config.k8s.io/v1alpha1

* Rewrite finalURLTemplate used only for metrics because of dynamic client change

* tighten maximum retry loop for aggregate api availability

* Fix Redis StatefulSet e2e test

* allow audit policy to be loaded from any byte source

* Ignore non-available volumes in findMatchingVolume to reduce chance of unnecessary binding failures.

* Remove unused internal version of Pod resource

*
*: Remove comment tags in GoDoc

* Add events for azure-cloud-provider

* fix PodAntiAffinity issues

* NodePIDPressure condition should set to unknown when node lost connnection with contorl

* Remove dependency on internal version of resource

* remove submit-queue from readme

* Removes dependency on internal version of resource

* Remove legacyscheme by adding ParameterCodec to kubectl scheme

* Small fix to remove dependency on internal version of resource

* Delaying kubeclient and csi client injection into CSI plugin

* Package fixes for enabling br_netfilter & ip_forward with kubeadm (kubeadm#1062)

* Apply _netdev mount option in bind mount if available

* Revert \"Enable CoreDNS as default for kube-up deployments\"

* Fix local-up-cluster when specifying CERT_DIR

* Avoid marking configuration files as executable

* fix controller manager arguments for v1.12-

* Move pod created into kube-system namespace delete call into a defer block to be sure the clean-up is done even when the test failed

* Revert cpu resource decrease.

* Fix potential panic when getting azure load balancer status

* del internalError

* Add generated files

* Make APIGroup optional and modify validation

* Change VolumeTestCleanup to not fail when pod already deleted

* fix typo in dry run disabled error

* Fix golint for pkg/probe

* Change GCEPD Standard test disk to PD_STANDARD and 2GB

* Test Resource fix for all non-GCE In-tree drivers

* Fix test framework to pass generic driver specific test specific resources. Fix GCE PD resource leak

* Fix test cases and build files

* make test zone an option in test-e2e-node.sh script

* Glusterfs: Remove unwanted `log-file` mount argument.

* Remove deprecated [Feature:Empty] test

* Autoscaler e2e tests use allocatable to calculate resources

* Remove unused fields from YAMLPrinter struct

* fix verify-bazel error

* Add VolumeScheduling support for Cinder

* return 400 status when invalid json patch passed to apiserver

* Update CHANGELOG-1.12.md for v1.12.0-beta.2.

* kubectl-diff: Simplify interface

* kubeadm 883 Updated logging to be consistent. There where areas in kubeadm init where glog was used and glog and was inconsistent with the rest of kubeadm init logging.

* add coredns configmap to federation test

* kubelet: skip initializing/using the RuntimeClass in standalone mode

* Add links to the newly created repos. `cli-runtime` `kube-controller-manager` `kube-proxy` `kube-scheduler` `kubelet` `sample-cli-plugin`

* promote feature gate ScheduleDaemonSetPods to beta

* Using node name to improve node controller performance.

* Added default tolerations for new pods.

* 1. Do not set Accelerator Node labels on master node in GCE k8s clusters 2. Do not set Preemptible node label on master node unless the master node is explicitly set to be preemptible.

* fix golint issue for pkg/volume/util

* Make integration test work with `go test`.

* Consolidated CSIDriver logic under CSIDriverRegistry flag

* Fix size of repd e2e to use Gi

* gcp client auth plugin: persist default cache on unauthorized

* Ignore not found endpoint on deletion

* Remove feature tag from ScheudulerPreemption tests

* update cadvisor to v0.31.0

* [kubeadm] - Update controller manager arguments for v1.12+

* kubeadm: add mandatory configuration to \"phase preflight\"

* clean unused function in file pkg/cloudprovider/providers/gce/gce_loadbalancer.go

* refactor kubelet/network/dns

* kubeadm-annotate-cri

* vendor: bump github.com/evanphx/json-patch

* update dashboard version

* Update CHANGELOG-1.11.md

* Update CHANGELOG-1.11.md for v1.11.3.

* Fix for #67799

* use dailcontext

* Rearranged feature flags

* critical pod test should not rely on feature gate set in framework; non-critical pods are always preemptable

* vendor: bump github.com/evanphx/json-patch

* Remove dependency on docker daemon for core credential types

* fix eviction test panics

* implement InstanceShutdownByProviderID for azure

* Use KUBE_BUILD_WITH_COVERAGE directly.

* Add a completely populated yaml InitConfig to the v1lapha3 dodoc

* Fix small typo - \"nfds\"

* Added unschedulable and network-unavailable toleration.

* pkg/api: Fix golint errors

* Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction.

* remove feature gate from kubelet defaulting

* Fixed error message reporting for Gluster driver tests

* DRY

* Don\'t bother dumping coverage info if it won\'t exist.

* Include coverage information when dumping logs.

* Add \"only_cpu_and_memory\" GET parameter to /stats/summary http handler in kubelet. If parameter is true then only cpu and memory will be present in response. The parameter will be used by Metric Server to avoid sending/decoding unneeded data.

* Fix up potentially empty fields in HPA v2beta2

* Support multiple versions in custom metrics client

* Currently, token manager use keyFunc like: `fmt.Sprintf(\"%q/%q/%#v\", name, namespace, tr.Spec)`.

* Fixes using externally managed certs for kubeadm

* Update default etcd server to 3.2.24 for kubernetes 1.12

* conversion-gen issues with import that are exactly the same

* Updated the device manager pluginwatcher handler

* Updated the CSI pluginwatcher handler

* Update pluginwatcher tests

* Refactor pluginwatcher to use the new API

* Update the plugin watcher interface

* autogenerated bazel

* fix wrong usage of strings.TrimLeft

* Add import-restrictions information for staging repos

* Add missing files to staging repos Godeps folders

* Standardize componentconfig code/comment patterns

* change default storage class annotation for all addons

* Fix kubeadm token list

* Fix issue #68338

* Replaced hardcoded busybox image in e2e tests.

* ignore .git dirs when executing gofmt

* Apply user configurations for local etcd

* fix metricsStatFS volume path for local volume

* Fix gce localssd pv tests

* Resolves #59015, extends existing regex to cover t3, r5(d) & z1d instance types

* Add unit tests for pod information in NodePublish

* Simple code and typo fixed in in kubelet

* Simple code and typo fixed in in kubelet

* Pass pod information in CSI NodePublish attributes.

* Add new RBAC rules for CSIDriver

* Add feature for pod information in NodePublish

* 67803: CSI Cluster Registry and Node Info CRDs

* Fix failure message of e2e test about kubectl

* Use the $GO_GENRULE_EXECROOT env var set by go_genrule

* Update to gazelle 0.14.0 and run hack/update-bazel.sh

* Set gazelle:proto disable_global

* Update to use latest busybox

* Update to rules_docker v0.5.1

* Update to rules_go 0.15.3 and latest k8s.io/repo-infra

* Initial node performance testing framework.

* Bump addon-manager to v8.7 - Support extra `--prune-whitelist` resources in kube-addon-manager. - Update kubectl to v1.10.7.

* gce: use getrandom instead of urandom for on node rng

* Fix compatibility tests for scheduler

* Add e2e test for skipping attach

* Add unit tests for skipping attach

* Skip attach for non-attachable CSI volumes

* Add CSIDriver lister to CSI plugin

* Add new RBAC rules for CSIDriver

* Add feature for skipping attachment of non-attachable CSI volumes

* Simple code and typo fixed in in pkg/kubelet

* CSI e2e test: driver registrar updates for moving PluginWatcher to beta

* Move the flag registration code from pkg/apis/componentconfig to pkg/util/flag

* Ignore golint and update api violations

* Start using the new packages in the ccm

* Move CloudControllerManagerConfiguration from pkg/apis/componentconfig to cmd/cloud-controller-manager/app/apis/config

* Use informer cache instead of active pod gets in HPA controller.

* Cleaning up the cluster directory deprecation notice. - Remove link to the kube-deploy repo - Remove link to SaltStack

* apiserver: make InClusterConfig errs for delegated authn/z non-fatal

* apiserver: fix misleading delegated authn/z warnings

* gke: fix failing e2e tests

* master/staging/README.md update

* Update CHANGELOG-1.12.md for v1.12.0-beta.1.

* remove unused format log print

* add a missing \"%s\"

* Update etcd client to 3.2.24 for latest release

* update comments of doc.go in stagging/src/k8s.io/kube-aggregator

* Update reflect2 to 1.0.1 (memory utilization fix)

* Fix unit tests for Windows

* Kubelet: only sync iptables on linux

* Add scheduler option for bind timeout

* Use rwlock for caches

* generated files

* Integration and e2e tests

* Scheduler changes to assume volume and pod together, and then bind volume and pod asynchronously afterwards. This will also make it easier to migrate to the scheduler framework.

* Volume scheduling library changes:

* Let the service controller retry when presistUpdate returns a conflict error.

* Autogen

* Make number of workers configurable

* Add e2e test for TTL after finished

* Validate Job .spec.ttlSecondsAfterFinished; clear it when feature disabled

* Implement RuntimeClass support for the Kubelet & CRI

* Add TTL GC controller

* Autogen API docs

* Add TTLAfterFinished alpha feature

* Graduates pluginwatcher feature to beta

* Add pluginwatcher generated files

* Create pkg/kubelet/apis/pluginregistration/v1beta1 directory

* Fix for issue #67091

* update cloud provider deprecation notice

* Update the message to be more precise regarding the tested condition

* add OWNERS file

* [kube-controller-manager] auto-generated file

* [kube-controller-manager] auto-generated file about run godeps

* [kube-controller-manager] fix violation and golint failure

* [kube-controller-manager] fix some reference from cmd/
*-controller-manager about kubeControllerManagerConfiguration

* [kube-controller-manager] fix some reference from pkg/apis/componentconfig about kube-controller-manager api

* [kube-controller-manager] create package to hold kube-controller-manager component api

* [kube-controller-manager] just only remove struct and default about KubeControllerManagerConfiguration from pkg/apis/componentconfig

* Fix the skip message since it was the exact opposite of the tested condition

* Start deprecating all generators in run except for run-pod/v1

* fix error info

* autogenerated

* use new kubeadm-config in kubeadm join control-plane & kubeadm upgrade/upgrade node

* upload and fetch of kubeam config v1alpha3 from cluster

* Fix panic when processing http response

* Not split nodes when searching for nodes but doing it all at once

* Remove e2e-image-puller

* Deprecate cloudstack and ovirt controller projects

* Add back predicate related accessors to scheduler.Configurator

* Integration test for CronJob

* Update Bazel

* Switch kubectl rollout status to UntilWithSync to avoid premature timeouts

* Generalize kubectl rollout StatusViewer interface

* Update cluster autoscaler to 1.12.0-beta.1

* Kubelet: do not report used inodes on Windows

* Kubelet: only apply default hard evictions of nodefs.inodesFree on Linux

* Increase metrics-server scrape frequency to 30s

* Fixup openstack cloud provider loadbalancer deletion error

* Mark HPA REST Clients Flag as Deprecated

* fix and update local volume e2es

* fix UT errors and add new UTs

* local volume plugin changes

* make pathWithinBase public

* auto generated files

* fix typo in ipvs RADME.md

* add fstype for local volume source

* Add --server-dry-run flag to `kubectl apply`

* Generated code

* Improve new CSI API types

* Improve CSI CRD installation code

* autogenerated go code, godeps, bazel and gofmt

* Add skeleton new repo files

* Move the kubelet\'s external types to k8s.io/kubelet

* Automated package reference rename

* autogenerated

* Fixup cmd/
*controller-manager code after struct changes. Co-authored by AATTstewart-yu

* Refactor the kube-controller-manager ComponentConfig structs to they can be moved out

* Add Godeps OWNERS for csi-api

* reload token file for InClusterConfig every 5 minutes

* fix #51135 make CFS quota period configurable, adds a cli flag and config option to kubelet to be able to set cpu.cfs_period and defaults to 100ms as before. It requires to enable feature gate CustomCPUCFSQuotaPeriod.

* verifying LimitRange update is effective before creating new pod

* Add validation for kube-scheduler

* Implement semantic comparison of VolumeNodeAffinity for unit tests

* Taint node in paralle.

* Support extra prune resources in kube-addon-manager.

* Add RuntimeClass read permission for nodes

* Change owners.

* generated

* support continueToken for inconsistent list

* Add owners.

* Update echoserver version used to 2.2

* Address shell-related comments.

* Improve error behaviour of package coverage.

* make deps-approvers the approvers of sample-cli-plugin/Godeps

* Register RuntimeClass CRD as an addon

* Update stale comment.

* Add KUBE_COVERAGE_FLUSH_INTERVAL to set flush interval.

* cluster: delete some kube-push remanents

* unify server images bash build

* add make targets for building server images

* Add spiffxp to OWNERS files in bash-heavy dirs

* Hide & warn on GA & deprecated feature gates

* Update external provisioner test to use latest nfs-provisioner

* Adding GCE node termination handler as an optional addon. This step is a pre-requisite for auto-deploying that addon in GKE.

* Automatically install CRDs during controller init

* Pass new CSI API Client and informer to Volume Plugins

* Generated code for new APIs

* Introduce new `CSINodeInfo` CRD API Object

* Introduce new `CSIDriver` CRD API Object

* cloudprovider: aws: return true on existence check for stopped instances

* cloud-controller-manager: disable authn/z on insecure port

* svcacct: pass pod information in user.Info.Extra() when available

* controller-managers: generalize authn/z test to cloud-controller-manager

* cloud-controller-manager: add test server

* cloud-controller-manager: enable secure loopback

* cloud-controller-manager: enable delegated authz/authn if secure port is enabled

* cloud-controller-manager: enable secure ports 10258, deprecate insecure port

* Update auto generated files.

* Replace scale down forbidden window

* Reduce the minwidth of the cli table printer

* Address review comments.

* GC kubemark image after cluster starts up

* Cleanup PodSecurityPolicy AllowPrivEsc tests

* Fix how to use ipvs mode by kubeadm

* Use random backoff for retries in cloud-cidr-allocator

* admission/priority: externalize priority admission controller

* add reviewer

* Wait for Scheduler cache empty.

* Fix retrying in ipam controller

* as hostpathtype owner, adds myself to OWNERS file

* cleanup: remove unused options for rs controller

* Add new csi-api repo to staging

* Allow for configuring etcd servers

* Port security context NodeConformance e2e_node tests to e2e

* Add integration tests for image locality priority

* support cross resource group for azure file

* Promote mount propagation to GA

* Fix cloning image states from node info

* Move image locality to default priority functions

* Fix unnecessary too-old-errors from watch cache

* update generated files

* Refactor addmission webhook hook client to a util package

* Modification: revise some errors about golint in some packages

* Deprecation notice of storage-versions flag

* fix typos

* Be sure we delete the dummy tests.

* Improve bash formatting.

* Fix hostpath subpath reconstruction tests are failing

* Fix grammar in secure-port flag help

* make update

* address comments

* Update auto generated files.

* Change CPU sample sanitization in HPA. Ignore samples if: - Pod is beeing initalized - 5 minutes from start defined by flag - pod is unready - pod is ready but full window of metric hasn\'t been colected since transition - Pod is initialized - 5 minutes from start defined by flag: - Pod has never been ready after initial readiness period.

* Fix multizone gce pd subpath test

* add prototype sorting for table rows

* Make CIDR allocation retry backoff exponentially

* wait until apiserver connection before starting kubelet tls bootstrap

* export a method to expose which ports were forwarded

* kube-controller-manager: disable authn/z on insecure port

* kube-controller-manager: add test server and test serving

* kube-controller-manager: enable secure loopback

* kube-controller-manager: enable delegated authz/authn if secure port is enabled

* kube-controller-manager: enable secure ports 10257, deprecate insecure port

* Add `renew all` command

* Update metrics-server to v0.3.0

* prep for 1.12

* ProcMount: add dockershim support

* vendor: update docker cadvisor winterm

* update jsonlog path for updated vendor

* ProcMount: update staging types

* ProcMount: add api options and feature gate

* pkg/kubelet/apis/cri/runtime: add masked_paths and readonly_paths

* Fix subpath tests not to fail in namespace deletion

* fix typo: result is of that -> result of that

* Remove conformance tag from flaky test

* Add etcd DB size monitoring in density test

* Remove unnecessary concatenation of strings

* Pass the terminaton signal to fluentd

* add flag `--no-headers` to `kubectl top ...`

* Bump logexporter version

* cleanup unneeded if block

* Put fluentd back to host network

* add mixed protocol support for azure load balancer

* fix select zone error in azure disk creation

* apiserver: make not-found external-apiserver-authn configmap non-fatal

* implement InstanceShutdownByProviderID to aws cloudprovider

* addressed reviewer comments

* use topologyPairsMaps for inter pod affinity/anti-affinity maps

* Actually renew certificates (using on-disk CAs)

* Add autogenerated BUILD files.

* Pass KUBE_BUILD_WITH_COVERAGE through to docker instance.

* Add runtime coverage support.

* Build relevant binaries with coverage.

* cluser/addons: add labels to fluentd owner files

* Remove feature tag from dynamic provisioning topology tests

* Fix conversion for autoscaling/v1 ObjectMetricSource and add MetricIdentifier fuzzer

* add test to verify vsphere cloud provider report node hostname

* Replace git volume with configmap in emptydir wrapper conflict test

* Increase Horizontal Pod Autoscaler update frequency (every 30s -> every 15s).

* autogenerated

* Update api violations, golint failures and gofmt

* update bazel

* use CertificatesV1beta1() instead of deprecated Certificates()

* automated: Rename all package references

* automated, boring: Rename pkg/kubelet/apis/{kubelet,}config

* Refactor volume test in a similar way to csi tests

* apiserver: forward panic in WithTimeout filter

* implement InstanceShutdownByProviderID

* remove :

* backport https://github.com/kubernetes/cloud-provider-openstack/pull/43

* Fix golint error under pkg/proxy.

* Add unit tests

* Compose routes for on-prem nodes

* Add on-prem nodes support to Azure cloud provider

* describe allowedTopologies

* generated files

* related test update

* combine feature gate VolumeScheduling and DynamicProvisioningScheduling into one

* Mechanism for renewing a certificate based on an existing certificate

* Build artifacts

* Re-generate files

* Modify DataSource comments

* Modify comments for DataSource

* Clarify comments for DataSource

* Modify comments for DataSource

* Address Tim\'s comments

* Add generated files

* Add validation for feature gate

* Add APIGroup to TypedLocalObjectReference

* Add feature gate for VolumeSnapshotDataSource

* Add TypedLocalObjectReference and DataSource

* E2E tests for allowedTopologies and waitForConsumer for GCE PD and RePD

* Skip LB session affinity test on AWS

* Remove deprecated feature flags

* authn/z: optionally opt-out of mandatory authn/authz kubeconfig

* Do not count soft-deleted pods for scaling purposes in HPA controller

* Add gnufied as approver for attach/detach controller

* Honor --hostname-override, report compatible hostname addresses with cloud provider

* fix the fluentd config params

* Reduce amount of allocations in kube-proxy

* Updated staging godeps, import restrictions and missing metadata files

* Add flag for disabling prometheus-to-sd only for daemon sets

* Revert \"Re-calibrate load test throughputs\"

* only when accessmodes equals to ROX, we don\'t need check rbd status of being used

* add support for --cluster --context --user flags

* add cli plugin example repo

* fix spelling mistakes

* kubeadm: Add missing unit test for GetGenericImage

* kubeadm: remove arch suffix from control plane images

* Fix the returned messaged: statefullsets->statefulsets

* Remove incorrect glog error from Horizontal Pod Autoscaler.

* Add namespace for (cluster)role(binding) cloud-provider.

* Report Hostname node address for vsphere

* Add function comment to fix golint error in cmd/kube-scheduler/app.

* update autogenerated file

* move external kube-proxy componentConfig to k8s.io/kube-proxy/config/

* referencing ClientConnectionConfiguration from k8s.io/apimachinery/pkg/apis/config

* GCE: Add ListLocations to Cloud TPU API

* Remove unused kubelet dependency

* Bump ip-masq-agent to v2.1.1 - Update debian-iptables image for CVEs. - Change chain name to IP-MASQ to be compatible with the pre-injected masquerade rules.

* fix a comment inconsistency in Daemonset Controller

* update e2e shell script due to newly introduced unreachable:NoSchedule taint when the node is in Unknown status

* set coredns as default for kube-up eployments

* Two implmentations of cert renewal

* kubeadm: update auto-generated BUILD files

* kubeadm: fix the air-gapped and offline support issues

* pkg/util/net: use a more descriptive error in getAllDefaultRoutes()

* fix an issue that scheduling doesn\'t respect NodeLost status of a node

* Remove unused function timeoutFromListOptions()

* Size http2 buffers to allow concurrent streams

* Add dry run test for hpa v2beta2

* Generate files and modifications for autoscaling/v2beta2 and custom_metrics/v1beta2

* Add autoscaling/v2beta2 and custom_metrics/v1beta2 to necessary files

* Update printers to include changes from autoscaling/v2beta2

* Update metrics API to include autoscaling/v2beta2 changes

* Implement autoscaling/v2beta2 features in HPA controller

* Update autoscaling conversion and validation for v2beta2 inclusion

* Autoscaling v2beta2 and custom metrics v1beta2 APIs

* expose generic storage factory primitives

* remove dead protobuf tags from test

* fixes golint: pkg switching

* apiserver: unify handling of unspecified options in authn+z

* align imports for kubeapiserver admission initializer

* align imports for test

* align imports for cmd

* prune flipping int/ext conversion for quota controller

* move util funcs

* directly switching quota pkg

* externalize fields for quota private schema

* externalize quota admission controller

* Fix missed cloud-request-sent flags

* Fixes and improvements per review

* Add missing config for Azure integration

* Add Azure Integrator support to k8s charms

* add uuid bits to master/worker to make it a bit easier on operators

* add letters to source code to make native vsphere integration (reqs >= 1.12)

* juju: Add kubelet-extra-config to kubernetes-worker (#145)

* juju: Set kubelet dynamic-config-dir on Kubernetes 1.11+ (#144)

* juju: Use KubeletConfiguration on Kubelet 1.10+ (#143)

* Changing ceph CSI to use cdk-addons for template rendering

* Add leadership layer to kubernetes-worker

* new snapd_refresh config to control snapd refresh frequency (#141)

* Updating ceph to use CSI for k8s >= 1.10

* Doc update after
*fetching
* the upstream so the proper tags come down, too

* admission/exec: externalize exec admission controller

* remove unused format log print

* fix type in runtime conversion.go

* hack/update-generated-protobuf.sh update

* OpenAPI and gofmt updates

* WaitForAllNodesSchedulable should check taints as well

* Add kubectl openapi doc import comment

* autogenerated

* kubeadm config add support for more than one APIEndpoint

* use podPrefix as it\'s defined

* api -> v1 error corrected in pkg/proxy/winkernel/proxier.go

* bazel definition updated for pkg/apis/networking/validation/

* documents updated

* gofmt update

* Changes according to the approved KEP. SCTP is supported for HostPort and LoadBalancer. Alpha feature flag SCTPSupport controls the support of SCTP. Kube-proxy config parameter is removed.

* K8s SCTP support implementation for the first pull request

* Add unit test cases for scheduler/algorithm/predicates.

* Enable dynamic azure disk volume limits

* Add \"EXPERIMENTAL\" to the option description

* Move pkg/proxy/apis/kubeproxyconfig to pkg/proxy/apis/config

* Kubelet creates and manages node leases

* Set paging feature correctly for aggregator and crd storage

* dry-run: Create integration test

* Removes support of internal types from logsForObject

* Add DynamicProvisioningScheduling support for GCE PD and RePD

* Added support to get clusters in gce cloud provider.

* Updates test/e2e_node/device_plugin.go to cope with recent device manager change in commit 7b1ae66. Also changes the test to make sure node is indeed ready after Kubelet restart. The previous readiness check may use old API state but didn\'t run into the issue due to the delay of waiting for pod restart.

* Tests that use CheckTestingNSDeletedExcept must be [Serial]

* Remove provisioner config from log message.

* Add verify script for staging repo metadata files

* controller expectations for deletion can be met by 404

* Fix VMWare VM freezing bug by reverting #51066

* kubeadm - deprecate feature-gates HighAvailability, SelfHosting, CertsInSecrets

* Make HPA more configurable

* Fix the \"dirname: missing operand\" error of \"make test\"

* del unused func DefaultEventFilterFunc

* externalize podpreset

* Fix error link in comment

* Revert \"Parallelize RC deletion in density test\"

* autogenerated

* kubeadm config move ControlPlaneEndpoint to ClusterConfiguration

* api: change owners from apimachinery to architecture

* externalize limitrange

* Using a fixed set of locks, then we don\'t need to free unused locks anymore. See kubernetes/kubernetes/pull/66442 for discussions.

* Report cloudstack hostname address

* Fixes #49445 by introducing a new annotation to attach SG to ELB.

* auto-generated

* use external KubeSchedulerConfiguration

* golint failure

* add new GVK kubescheduler.config.k8s.io/v1alpha1.KubeSchedulerConfiguration

* Allow ImageReview backend to add audit annotations.

* transitioning container-runtime from e2e_node to e2e/common

* vsphere: support zone tags at any level in the hierarchy

* Give APIServer pretty column output

* regenerate files

* Address AATTthockin feedback

* jwt: support opaque signer and push errors to token generator creation

* Parallelize kubemark cluster creation

* Re-calibrate load test throughputs

* kubeadm: use ClusterConfiguration in images.go

* Remove second round of scaling in load test

* apiextensions: remove area/custom-resources label from OWNERS

* Complement unit test case TestNodesWherePreemptionMightHelp for scheduler/core

* Remove deprecated legacy audit logging code.

* Fix golint error under scheduler/factory.

* Fix golint error under scheduler/algorithm/priorities.

* Add unit test cases for scheduler/util.

* fix kubelet iptclient in ipv6 cluster

* Make OpenStack cloud provider report a node hostname address

* Fix panic when choosing zone or zones for volume

* Add unit tests for GetNodeResourceGroup and GetResourceGroups

* Only set nodeSelectorTerms when there are zoned nodes

* update bazel

* vsphere: add tests for Cloud Provider Zones implementation

* Generated code

* Prevent side effects on dryrun in service registry

* Update generated

* Move volume limit feature to beta

* Implement support for updating volume limits

* Support dry run in admission webhooks

* godeps: bump gopkg.in/square/go-jose.v2

* WIP: RC pods

* autogenerated

* kubeadm-ha-upgrade

* Populate internal DNS names in GCE provider

* vsphere: adjust to govmomi tags API changes

* godeps: update vmware/govmomi

* remove feature gates from eviction tests that are enabled by default

* Make aws cloud provider report a node hostname address

* Make kubectl create secret tls work with process substitution

* Parallelize RC deletion in density test

* Add missing word to help text and remove double spaces

* diff: Fix crash when remote object doesn\'t exist

* Set --audit-webhook-mode flag properly based on the env variable

* Get rid of argsLenAtDash in create job

* Fix NameFromCommandArgs when passing command after --

* externalize storageclass

* auto generated code

* Make DisruptedPods in PodDisruptionBudgetStatus optional field

* Fix test case: invalid version should not trigger network operations

* Update Cluster Autoscaler version to 1.3.2-beta.2

* kube-apiserver: create always configmap/extension-apiserver-authentication

* Bump versions of components with latest security patches.

* start-kubemark.sh: clean up the shell script.

* Reduce latency to node ready after CIDR is assigned.

* update some stuff

* kubeadm: Split out ClusterConfiguration from InitConfiguration

* apiextensions: unify hack/{update,verify}-codegen.sh

* delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz

* update sample-controller README

* Add packages to golint_failures

* Fix golint command to only pass a single
*.go file at a time

* remove rescheduler

* externalize serviceaacount admission controller

* update-bazel generated

* add unit test func TestServerRunOptionsValidate

* add unit test func TestToAuthenticationRequestHeaderConfig

* add unit test func TestAPIEnablementOptionsValidate

* add unit test func TestEtcdOptionsValidate and TestParseWatchCacheSizes

* Convert tabs to spaces

* Add Test Description to e2e User-Agent

* pkg/kubectl: fix spelling mistake

* Add misterikkit to sig-scheduling REVIEWERS.

* Add labels to kubelet OWNERS files

* add labels to kubectl OWNERS files

* handle recover from panic

* add NodeConformance test for PodReadinessGate

* Turn on PodReadinessGate by default

* build/debian-iptable: make: support arguments for base and tag

* Add Labels to various OWNERS files

* Allow headless svc without ports to have endpoints

* externalize node admission

* Create cli-runtime staging repository

* Improve HPA sample sanitization

* Fix validate-cluster.sh for clusters with more than 500 nodes.

* device manager: don\'t do operations on nil pointer.

* Increase inotify user instance limit

* code-generator: add CLIENTSET_NAME_{VERSIONED,INTERNAL} for custom packages

* Output more context with the log messages, and general style tweaks

* Prevent resource version to custom resource on no-op writes

* Fix validation logic in E2ETestNodePreparer.

* Fix tests to support ObjectMeta omitempty semantics

* Fix unstructured metadata accessors to respect omitempty semantics

* Reduce verbose logs of node addresses requesting

* fix panic when node annotation is nil

* Supplementary information for common flags and add restart second config

* fix https://github.com/kubernetes/kubernetes/issues/67561 bump version

* Allow adding default capabilities to unprivileged addons

* Make error messages more helpful in some e2e tests

* Fix `bazel test //cmd/kubeadm/...`

* limit forbidden error to details of what was forbidden

* Yank out a bunch of manual tests and prose

* attach: Move the AttachFunc default function to the initializer

* Get VirtualMachineScaleSets and VirtualMachineScaleSetVMs from cached resource groups

* Get VirtualMachines with cached resource groups

* Add caches for cross node resource groups and unmanaged nodes.

* Add sig/api-machinery label to apimachinery OWNERS files

* Tolarate nil inputs on maxSurge and maxUnavailable when parsing IntOrString

* Return error on input in GetValueFromIntOrPercent

* auto-generated file

* skip print section flags if no flags

* [cloud-controller-manager]output flags in logical sections

* [kube-controller-manager]output flags in logical sections

* Update CHANGELOG-1.10.md for v1.10.7.

* Typo fix in returned message: ClusteRole->ClusterRole

* Don\'t ignore error in GetMasterAndWorkerNodesOrDie.

* updates kibana to 6.3.2

* added missing pos files & added mapping type name in fluentd config

* fix https://github.com/kubernetes/kubernetes/issues/67561

* support annotations for admission webhook

* run make update

* add annotations to admission webhook

* Fix bug:DaemonSet didn\'t create pod after node have enough resource

* Error in return value should be tested and fix Description Info

* remove deplicate code for PodRequestsAndLimits

* using set instead of lists for topologyPairsMaps attributes

* created struct for topologyPairs maps

* further enhancements removing matchingTerms from metadata

* add topologyValue map to reduce search space

* 50342: Establish \'406 Not Acceptable\' response for protobuf serialization \'errNotMarshalable\' - Added metav1.Status() that enforces \'406 Not Acceptable\' response if protobuf serialization is not fully supported for the API resource type. - JSON and YAML serialization are supposed to be more completely baked in, so serialization involving those, and general errors with seralizing protobuf, will return \'500 Internal Server Error\'. - If serialization failure occurs and original HTTP status code is error, use the original status code, else use the serialization failure status code. - Write encoded API responses to intermediate buffer - Use apimachinery/runtime::Encode() instead of apimachinery/runtime/protocol::Encode() in apiserver/endpoints/handlers/responsewriters/writers::SerializeObject() - This allows for intended encoder error handling to fully work, facilitated by apiserver/endpoints/handlers/responsewriters/status::ErrorToAPIResponse() before officially writing to the http.ResponseWriter - The specific part that wasn\'t working by ErrorToAPIResponse() was the HTTP status code set. A direct call to http.ResponseWriter::WriteHeader(statusCode) was made in SerializeObject() with the original response status code, before performing the encode. Once this method is called, it can not again update the status code at a later time, with say, an erro status code due to encode failure. - Updated relevant apiserver unit test to reflect the new behavior (TestWriteJSONDecodeError()) - Add build deps from make update for protobuf serializer

* Removed istio related addon manifests, as the directory is deprecated.

* use image 2.2.0 again

* fixed typo

* Provide Flex volume metrics if the plugin supports.

* Autogenerated files

* Add a scheduler config argument to set the percentage of nodes to score

* Add RuntimeHandler to the CRI RunPodSandboxRequest

* Add NodeTree to the scheduler cache

* Add a node tree that allows iterating over nodes in regions and zones

* allow failed discovery on initial quota controller start

* Allow requesting specific gpu in autoscaling e2e tests

* fixed json logging in fluentd-elasticsearch image

* Fix framework.WaitForDaemonSets:

* cpumanager: rollback state if updateContainerCPUSet failed

* pkg/util/metrics: idem-potent registration of RateLimiterMetric and never cleanup

* Update bazel

* kube-apiserver: switch apiserver\'s DeprecatedInsecureServingOptions

* apiserver: move controller-manager\'s insecure config into apiserver

* add more sku support for azure disk

* run make update

* update Annotations description about audit.Event

* externalize pv informer in node authorizer

* util for external pv

* externalize storage object in use protection

* Make kubelet healthz port a constant

* Wait for Available in PV protection test

* Added set and map structural validation for AllowedTopologies

* Changing ceph details to a dictionary. Original code would actually explode if ceph didn\'t exist :-/

* Update to Azure org

* Add test for scheduler config defaults

* Fix parameter for fluentd-gcp-scaler

* Decrease CPU requests of master components in two times.

* In e2e framework, wait for kube-system daemonsets to be ready.

* kubeadm: Remove unused piece of code

* add unit test for func ToAuthenticationConfig

* add unit test for Authentication Validate

* Make log more readable

* dry-run: Allow dry-run flag to pass through if alpha enabled

* fix load balancer IP change when updating service

* Kubemark: don\'t recreate hollow node on VM reboot.

* Remove incorrect comment

* updates es-image to elasticsearch 6.3.2

* change default value of kind for azure disk

* Add unit tests for InstanceID

* Reduce API calls for Azure instance metadata

* Better error message when checking rollout status for StatefulSet with OnDelete strategy type

* add ut for PortPart()

* should cast va instead of pv

* improve GetExistingContainerStatus

* Double check PVC if not found in syncVolume.

* update bazel

* use versioned api in kube-proxy

* Updated cloud providers with todo comment if using DefaultLoadBalancerName

* Update DefaultLoadBalancerName method and add that its deprecated

* fix apiserver crashed when priority classs already exists

* Delete dead code in pkg/scheduler.

* Delete dead code.

* Avoid unnecessary DaemonSet collisionCount bump

* Add metrics to equivalence cache.

* test/integration: use correct import path

* Immediate close the other half of the connection when proxying

* fix an issue in NodeInfo.Clone()

* Better error message if etcd not installed

* Add mfojtik as approver of Deployment

* add updated plugin mechanism

* Remove duplicated detect-master for local

* prevent \"No resources found\" output on forbidden error

* Set DefaultCRISocket on Windows

* Add certlist.go - a declarative list of all certs kubeadm requires

* kubelet/dockershim/network: pass ipRange dynamically to the CNI plugin

* Add certlist.go - a declarative list of all certs kubeadm requires

* Update Bazel

* Add backoff for DS\'s pod deletion to limit fighting with kubelet failing the pod repeatedly

* updated fluentd to 1.2.4

* document expectations for stopped/shutdown instances in cloudprovider.Instances interface

* Update Godeps

* Update Bazel

* Add UntilWithSync (informer based)

* Deprecate ListWatchUntil, fix it and call places

* Move ListWatchUntil to its kin

* run update all

* kube-apiserver make use of GlogSetter

* kubelet support dynamically set glog log level --v

* move glog setter to util/logs

* redundant equal compare

* should check all error

* Add more metrics for A/D Controller:

* fix test log info

* Fix kubeadm init kernel validator display message error

* use glog.V().Infof() for formatting output; return nil when err\'s nil

* use const v1.ProtocolTCP replace of string TCP in test/e2e/network/

* Add CSI volume attributes for kubectl describe pv

* modify a duplicate e2e test of DNS configMap

* auto-generated file

* smaller coverage improvement about ValidateVersion function

* some minor fix in test/e2e/kubectl/kubectl.go

* nits in manager.go

* Kubernetes version v1.13.0-alpha.0 openapi-spec file updates

* Updated comment for DefaultLoadBalancerName to provide further context

* Update workloads controller owner files

* from #61246 note removed examples and regression for master

* update patch to work with --local and avoid extra requests

* Synchronous & unbatched audit log writes

* autogenerated

* Remove references to the config structs that have moved to their own shared packages

* Update Cluster Autoscaler version to 1.3.2-beta.1

* add admissionv1beta1 in scheme

* use temp file for kubeconfig in test

* Store logs from \'logexporter\' to allow debugging it.

* delete the busyboxImage and mountTest var and change use imageutils

* kubectl: update message for a no-op patch

* Add timeout to MIG wait-until-stable operation

* remove unused code in kubeadm/app/cmd/reset_test.go

* fix crd establish controller rate limiter

* should not event directly

* Set nodeAffinity for unmanaged disks

* Update bazel

* Add node affinity for unzoned managed disks

* [cloud-controller manager]remove the redundancy import

* [kube-controller manager]remove the redundancy import

* Update to debian-iptables v10.1 and hyperkube-base 0.10.1

* remove some unused functions

* add UTs for devicemountable conditions

* update volume plugins accordingly

* attacher/detacher refactor

* use NameIsDNSSubdomain validation from staging

* fix some minor mistakes in e2e

* Autogen

* Update API doc of extensions/v1beta1 Deployment\'s RevisionHistoryLimit

* Default extensions/v1beta1 Deployment\'s RevisionHistoryLimit to MaxInt32

* optimize ipvs get nodeIP

* Update the InputStream tests

* apiserver: pass the parent request context when creating InputStream

* Allow passing timeout on TPU API operations via context

* Fix flakiness in daemonset TestLaunchWithHashCollisiion

* Change rbd base image back to fedora 26

* promote TokenRequest and projection to beta in 1.12

* PVC Protection: Wait for Pod delete

* Autogen

* Update Container Resources more info link

* attachdetach controller: attach volumes immediately when Pod\'s PVCs are bound - Add integration test for this feature

* attachdetach controller: attach volumes immediately when Pod\'s PVCs are bound - Use queue to process PVCs on add/update events - Index pods by PVC key then we don\'t need to iterate to find pods

* Fix for duplicate revisions created by StatefulSet

* Add more metrics for Volume Manager

* Add wait to discovery integration test to fix flakiness

* fix typo

* indent error flow

* Support mount options for cephfs with ceph-fuse mount

* enable e2e test on Arm64

* Use FindExistingKubeConfig in the phases which use the --kubeconfig

* Use AddKubeConfigFlag everywhere in kubeadm

* Use the Join of Dir and File name instead of DefaultKubeConfig

* Move defaultKubeConfig to constants.go

* Adds tests for --all-containers=true

* add more tests to clientcmd

* vsphere: enable TestInvalidCaCert

* add --dns-loop-detect option to dnsmasq run by kube-dns

* Log real file\'s name and line

* Sync peer-finder code from contrib repo

* remove getZoneNames func

* add ns for pod in integration test

* Revert \"Update kube::util::ensure-cfssl\"

* kubelet: plumb context for log requests

* End2End tests for DynamicVolumeProvisioning for EBS

* Update to use debian-base:0.3.2

* Add missing tmpdir path to chmod

* storage e2e test: remove race when setting up loopback device

* Use OWNERS-based labeling for kind/api-change

* moved dependency within kubernetes core to staging

* - Added multi-arch support. - Used multi-stage builds.

* Move dependency from k/k/pkg/apis/core to staging

* macOS and docker for mac don\'t play nicely with mktemp

* Populate final scaling policy values for system addon optimizations

* Populate final scaling policy values for system addon optimizations

* Don\'t raise observedGeneration when waiting for expectations and object hasn\'t been processed

* Add integration test for scheduler \"on PVC add\" event handling

* fix create-kubelet-kubeconfig.

* dry-run: Add resttests

* Update Godeps

* Update Bazel

* Rename Until to UntilWithoutRetry and move to using context so it\'s cancelable

* fix azure disk create failure due to sdk upgrade

* ensure ScheduleDSPods respects tainted nodes

* Allow running various storage e2e tests on custom images

* Fixed vsphere volume plugin unsafe type cast; added unit tests

* Bump debian-base to 0.3.2

* Only register qemu-user-static when necessary.

* ensure qemu-ARCH-static binary is world readable and executable

* Move validation dependency from pkg/apis/core/validation to staging

* Update kube::util::ensure-cfssl

* Update staging godeps

* Remove defaulting from shared ComponentConfig types

* Make the request attributes clearer in forbidden messages

* Remove ARCH specific image consideration from e2e tests

* kubeadm-ha-join-controlplane

* test files

* autogenerated

* Write manually-created conversion funcs for shared ComponentConfig types

* autogenerated

* fix OpenAPI link

* Remove references to \'pkg/apis/componentconfig/install\' and fix inconsistencies

* kubectl: recreating resources for immutable fields when force is applied

* Fix provision fail issue for aws provisioner if fsType specified

* list the default enabled admission plugins

* fix cluster-info dump error

* use v1 version of advanced audit policy in kubeadm

* Use gcr.io/k8s-testimages/logexporter:v0.1.2.

* Log error in e2e tests when creating priority classes

* kubeadm: Deduplicate kube-proxy image logic

* Remove redundant code in aws_ebs_block.go

* Update join_test.go

* Fix print error

* Bump cfssl to 56268a6

* Add a check for docker version to push fat manifest images

* Vendor cfssl and cfssljson

* Bump golang.org/x/crypto dep

* Require vendoring of cfssl binaries

* correct kubelet service file permission

* Update `pkg/cloudprovider/providers/azure/OWNERS`

* node authz/ad externalization

* Parse zoned first before using it

* use v1 version of advanced audit policy in gce shell

* use v1 version of advanced audit policy in kubemark

* generated files

* Fix Proto Generator to not assign types to packages they don\'t belong to

* tests: Skips AfterEach step if provider is not supported

* Multi-arch images for metadata-concealment check container

* Upgrade debian-base to 0.3.1 for CVEs

* `kubectl create {clusterrole,role}`\'s `--resources` flag support asterisk to specify all resources

* Removes dependency on RBAC within kubernetes core

* Fix to handle hash collisions correctly for DaemonSet

* Remove the local manifest list after push

* Add docker images for node perf testing workloads.

* CSI plugin now calls NodeGetInfo() to get driver\'s node ID

* improve kubeconfig file modification time

* Fail container start if its requested device plugin resource doesn\'t have cached option state to make sure the device plugin resource is in ready state when we start the container.

* Drop kube-aggregator container image from release

* Add comments clarifying the use of the minClusterSize flag.

* Rename the KubeConfigFile field to Kubeconfig in ClientConnectionConfiguration

* Multi-arch images for echoserver

* GCE: Add OWNERS for image (gci) configuration

* Revise the setting of variables to leverage environment variables.

* Add comment to clarify the use of the minClusterSize flag.

* Fix docker registry used in e2e test.

* GCE: add a crictl test

* a) fixing rebase

* a) fixing dependencies.

* a) porting e2e_node lifecycle testcases into e2e folder, under common. b) placing them under conformance golden list.

* Multi-arch images for apparmor-loader container

* Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA

* Add DynamicProvisioningScheduling and VolumeScheduling support for AzureDisk

* kubeadm: chroot to new --rootfs arg

* Check config path for command \"kubeadm alpha phase kubelet write-env-file\"

* Add wait loop for multipath devices to appear

* Move Until from apimachinery to client-go

* Include unavailable API services in discovery response

* Auto generated BUILD files.

* Set kubeadm version as the default version in phase command.

* refuse serviceaccount projection volume request when pod has no serviceaccount bounded

* Update CHANGELOG-1.11.md for v1.11.2.

* promote informers into master.Config

* error text refers to wrong stream type

* Ignore EIO error in unmount path

* fix yaml file path for test/e2e/network/example_cluster_dns.go

* Add test cases for webhook dry run

* Fix typo in webhook dry-run check

* Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used.

* Fix incorrect reporting of total request including current pod in the resource allocation priority function.

* run ./hack/update-bazel.sh

* Fix for issue #67091

* Change BUILD to remove e2e_node as a reference

* Run :list_conformance_tests without updating BUILD

* Remove [Conformance] from tests in e2e_node

* fix sorting behavior in selector.go

* Allow setting tolerations in test framework

* block dry run if a webhook would be called

* e2e test harness - use busybox from dockerhub

* Graduate ResourceQuotaScopeSelectors to beta

* document /watch prefix deprecation

* Remove the kubeadm `--skip-preflight-checks` flag

* promoting overlapping secret in different namespaces NodeConformance test to conformance.

* kubeadm: fix CRI ListKubeContainers API

* Use sync.map to scale ecache better

* Create LICENSE

* use const v1.ProtocolTCP replace of string TCP

* promoting configmap binarydata support NodeConformance test to conformance.

* HPA: Make dynamicRequestSizeInMillicores bigger

* make the log more readable

* generated

* Added e2e test to check admission webhook works for pods/attach.

* Fix scope.Kind of CONNECT subresources.

* Remove rest.ConnectRequest.

* move easyrsa check to gce prereq check

* delete broken test for a deprecated feature.

* Add TestZone()

* expose default LogsForObject consumeRequest func

* Support dry run in admission plugins

* add CancelRequest to discovery round-tripper

* e2e: Ensure that sysrq-trigger is enabled before use

* A large set of improvements to the Stackdriver components.

* Bump Heapster to v1.6.0-beta.1

* This is a combination of 3 commits.

* fix apiserver pprof redirect bug

* adds a new generator that creates register.go files

* apiserver: output flags in logical sections

* snip more legacy scheme uses we don\'t need ref:https://github.com/kubernetes/kubernetes/pull/66926

* Introduce Azure custom metrics adapter

* Multiarch manifest for volume-tester docker images

* update zz_generated.conversion.go file

* add an OWNERS file

* add generated code files

* move apiserver Configuration to k8s.io/apiserver/pkg/apis/config

* update zz_generated.conversion.go file

* add an OWNERS file

* add generated code files

* move componentconfig ClientConnectionConfiguration to k8s.io/apimachinery/pkg/apis/config

* Update vmware/govmomi vendor: add vapi package

* Implement GetLoadBalancerName per provider and add DefaultLoadBalancerName.

* Compared preemption by priority.

* Update resource-consumer usage

* Update the nginx image from hub.docker.com

* storage: Move precondition check as a method of preconditions

* dry-run: Use dry-runnable structure

* Add zones support for vSphere cloud provider (in-tree)

* switching rolling update to external clients

* Update api version references

* stop adding internal types to external schemes

* remove internal factory client

* fix integration test cleanup

* Scalability tests: Increase sample size for pod startup latency measurement.

* dup key func

* added comment to track conformance promotion in future.

* Graduate quota configuration api to v1beta1

* Fix \'Exists\' scope selector operator

* Rework multi-volume test to use StatefulSet

* Update CHANGELOG-1.9.md for v1.9.10.

* kubelet/cm/cpumanager: Fix unused variable \"skipIfPermissionsError\"

* Fix some test images - update version and arch

* kubelet: volumemanager: poll immediate when waiting for volume attachment

* fix usage string for the kubectl logs command

* add logging to find offending transports

* snip links to internal clients

* remove legacy scheme from create

* snip legacy scheme uses we don\'t need

* added new conforamnce test under NodeConformance verifying InitContainer PodSpec and improves api coverage

* dry-run: Update DynamicClient to pass Create/Update options

* a) adding documentation for the conformance tests including targeted release and test description.

* a) promoting \"Atomic Writer volume\" testcases

* Provide an option to supply log-file mount option for gluster plugin.

* client-go/rest: Fix \"segments segment\" comment typo

* Cloud Provider Zones doc fixups

* switch expose to externals

* update polymorphichelpers for external types

* update etcd storage test to use a complete apiserver will all servers aggregated

* switch etcstorage to use dynamic client

* use table driven tests to reduce nesting in etcdstorage test

* update etcdstorage test to use discovery, not scheme

* Add e2e tests for test scope selectors with non-priorityclass scopes

* switch kubectl portfoward to external types

* switch rollout history to external

* Remove useless named return value

* Run expendable pods tests on GKE

* kubeadm: fix ImagePullCheck output

* pkg/volume/cephfs: fix doc typo, nfs -> cephfs

* improve serviceaccount projected volume validation error info by providing source index info

* Change the expected error message to the common part of the responses of 1.11 and 1.12 servers

* Fix coordination.Lease validation

* Add CHANGELOG-1.12.md for v1.12.0-alpha.1.

* Generate crictl config for preload as well.

* moved some code around added comments and renamed some variables to make the code easier to understand migrated to new image_util build system improved tests updated copyright headers to 2018 updated webhook version

* generated

* make package name match all the import aliases

* add methods to apimachinery to easy unit testing

* Adding details to Conformance Tests using RFC 2119 standards.

* Detect if GCE PD udev link is wrong and try to correct it

* Fix unit test failure: TestNsenterExistsFile

* Add DynamicProvisioningScheduling support for EBS

* Mark --horizontal-pod-autoscaler-upscale-delay deprecated

* Remove UpscaleForbiddenWindow

* Rename desiredReplicas to expectedDesiredReplicas

* Changing ceph CSI to use cdk-addons for template rendering

* update logs

* update attach to use external objs

* Refactor checkRequest to allow it to be called from outside of admission controller

* Full blown kubectl create job

* Fix a typo: coverting -> converting

* need ExpectNoError check

* add space for output

* Fix some type of CHANGELOG-1.11.md

* add ns info for pod in log

* nodes: improve handling of erroneous host names

* remove duplicated import

* fix typo: scale dowm-> scale down

* clean up unused parameter in func restrictedPod and testPrivilegedPods

* remove deprecated shorthand flag of client version

* volumemanager: remove unneccesary closure

* should get return err and check it

* change TRUNCATED to DATA+OMITTED in kubectl config view

* Adding details to Conformance Tests using RFC 2119 standards.

* Break annotations with newlines and shorten length

* Add tests for newline in command, arg, and env

* Environment vars with newlines should be indented

* Break command and args in description by newline

* Adding details to Conformance Tests using RFC 2119 standards.

* Note: this PR is the result of splitting https://github.com/kubernetes/kubernetes/pull/65793 into 2 sections 1) This part, addressing the refactor so eligible-test-for-conformance can use get rid of privileged security context. 2) a second part that will address the promotion of the testcases to be in conformance suite

* fix panic fake SAR client expansion

* update exit code to 0 if patch not needed

* Added check for namespace file

* Return an error if there is no resources matching

* Fix expected pod creations/deletions estimate in load test

* kubeadm: fix runtime.ImageExists API

* Revert \"Passing `KUBE_TEST_ARGS` variable to make through process environment\"

* cpumanager: add test for available CPUs in static policy.

* add an integration test for advanced audit feature

* Remove folders for unused container images

* Remove unused images

* Switch to using multi-arch images with manifests

* bump glbc to 1.2.3

* use Audit v1 api and add it to some unit tests

* run \"make update\"

* upgrade advanced Audit to stable

* error in return value should be tested

* cpumanager: validate topology in static policy.

* Add documentation and unit tests

* Chose availability zones from active nodes

* Add availability zone support for dynamic provisioning Azure managed disks

* Implement PersistentVolumeLabel admission controller for AzureDisk

* Implement GetLabelsForVolume for AzureDisk

* While reviewing devicemanager code, found the caching layer on endpoint is redundant.

* test image for a release 1.7 based sample-apiserver

* add unit test for func EntryString in util/ipset

* use aws.StringSlice replace of deprecated func stringPointerArray

* use func WaitForCompletionRef replace of deprecated func WaitForCompletion

* remove incomplete check of ipvs modules in hack/local-up-cluster.sh

* fix wrong output in e2e log

* replace framework.RunAMaster with kubeapiservertesting.StartTestServer

* fix a duplicate case in TestUpdateNodeObjects

* auto-generated file

* update godep for for move util/pointer to k8s.io/utils

* fix verify about import error

* Switch off leader election for scheduler and kube/cloud controller

* Speed up volume modifications on AWS

* Bump version since we added dnsmasq to dnsutils image

* Move kubelet serving cert rotation to beta

* Grab docker log using a soft link in local-up-cluster

* enable etcd logging in local-e2e jobs

* Remove verbose code in VCP

* Autogen

* Update API doc of ProgressDeadlineSeconds

* Default extensions/v1beta1 Deployment\'s ProgressDeadlineSeconds to MaxInt32.

* return err when Unmarshal failed

* update the import file for move util/pointer to k8s.io/utils

* Fix that fails to resize pvc of cinder volume.

* Correct spelling errors in the comments

* Changed admission controller to allow volume expansion for all volume plugins

* kernel_validator: amend kernel config check paths

* Use KubeletRunDirectory instead of hard-coded way

* Update staging Godeps

* Add dnsmasq to test/images/dnsutils

* dd status=none does not exist on macOS

* Default some unbound cluster/gce env vars

* Exit gce kube-up.sh early if openssl is LibreSSL

* Improve the output of `kubectl get events`

* Use GetControllerOf from apimachinery and remove kubernetes copy

* aggregate admin from edit and view to ensure coverage

* Add KUBE_CUSTOM_CALICO_NODE_DAEMONSET_YAML and KUBE_CUSTOM_TYPHA_DEPLOYMENT_YAML

* Remove unnecessary context in VCP

* add debug handler capability for individual controllers

* add gonum graph representation of GC graph

* bump(gonum.org/v1/gonum)

* Fix jessie-dnsutils image build for arm64 & ppc64el

* fix godep licenses for new root

* Bump Heapster to v1.5.4

* remove unused code in pkg/scheduler/algorithm/scheduler_interface_test.go

* Update CHANGELOG-1.10.md for v1.10.6.

* fix error log

* kubeadm join the cluster with pre-existing client certificate

* Update webhook test image to multi-arch

* update bazel

* use apps/v1 version for scheduler

* refactor hard code in test/e2e/apimachinery/garbage_collector.go

* remove misleading error message on image pulling

* fix grammar error: the predicate verb should be the third person.

* add watch integration test for dynamic client

* Make the timeout error more specific so users can find it

* add unit tests for checkIPandProtocol and setIPSetDefaults

* refactor some hard code in pkg/util/ipset/ipset.go

* Add UT to RBD volume test of TestGetAccessModes and TestRequiresRemount

* Add Deployment conformance tests

* Set connrotation dialer via restclient.Config.Dialer

* test(scheduler): add more integration tests for TaintNodesByCondition

* add myself to milestone maintainers

* Flexvolume e2e test for attachable driver: Introduced delay after pod deletion to ensure detach happens

* Bump to k8s.gcr.io/metadata-proxy:v0.1.10

* Adding details to Conformance Tests using RFC 2119 standards.

* Adding details to Conformance Tests using RFC 2119 standards.

* minor cleanup of selector_spreading priority function

* Remove `auto_unmount` mount option from pv spec annotation to setup() func.

* Add unit tests for GetZoneByNodeName

* Get availability zone for VirtualMachineScaleSetVM

* Update Azure Go SDK to v19.0.0

* Update compute API to 2018-04-01

* Invalidate CheckVolumeBinding predicate only when VolumeScheduling feature is enabled.

* remove unused codes in test/e2e/autoscaling

* when hashsize is Invalid, add an error log

* Avoid deleted iSCSI LUNs in the kernel

* Update ttlcontroller_test.go

* remove the unnecessary comments in tryRegisterWithAPIServer for externalID removed in PR#61877

* Add UT Test to cephfs

* fix kubelet npe on device plugin return zero container

* Revert #63905: Setup dns servers and search domains for Windows Pods

* Avoid sed bundled with Darwin for building test images

* Skip building openapi for ignored paths

* Implement InstanceShutdownByProviderID for vSphere CP

* Make runTest easier to understand

* Retain ShareProcessNamespace in pod storage

* Remove warning for deprecated flag usage as pflag already does that

* kubeadm: make error output more verbose

* kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns

* Mark exec --pod/-p flag as deprecated

* fix the watch status when -o=yaml|json option is specfied

* cleaning up

* clean up unused code

* replace predicates string with corresponding const in TestDefaultPredicates

* Use glog instead of fmt

* Updating ceph to use CSI for k8s >= 1.10

* dry-run: Run generated commands

* add missing OrDie variant for dynamic client construction

* dry-run: Add DryRunTrue value

* e2e: don\'t require heapster

* Sets higher memory limit for init_container tests

* switch logs to use external versions

* kubelet: add image-gc low/high validation check

* Avoid overflowing int64 in RoundUpSize and return error if overflow int

* Adding IKS functionality to kubemark

* Generated code for ShareProcessNamespace beta

* Promote ShareProcessNamespace to beta

* Remove outdated autoscaling e2e tests

* Add flake-reporting utility to testing framework

* Fix computing number of nodes to break in unhealthy cluster test.

* refactor cmd/kubelet/app/server.go to simplify the kubeFlags and KubeletConfiguration invokes

* kubeadm: Improve kubeadm init cmd tests

* kubeadm: rename cri-socket-path -> cri-socket

* fix log format

* Taint node when initializing node.

* reuse iptablesContainerPortalArgs

* add pod UID

* Extender preemption should respect IsInterested()

* fix e2e tests which set PodPriority are failing

* Improve unit test TestZeroRequest

* Update configure-helper.sh to support heapster resource optimizations

* Templatize the scaling policy for metrics-server

* Remove kubelet-level docker shared pid flag

* Removed unused functions.

* use subtest for table units

* Adds a build example with KUBE_BUILD_PLATFORMS

* fix logs command to be generic for all resources again

* dry-run: Create feature-gate flag

* Do not set cgroup parent when --cgroups-per-qos is disabled

* Add user assigned MSI support for azure cloudprovider.

* Autoset OpenAPI version w/o SecurityDefinitions

* Move api rules list under api-approvers-owned package

* Do not attempt to convert nil object during DELETE webhook admission

* fix acr sp access issue

* Add unit tests for windows stats

* Test rescheduling on various events. - Add resyncPeriod parameter for setupCluster to make resync period of scheduler configurable. - Add test case for static provisioning and delay binding storage class. Move pods into active queue on PV add/update events. - Add a stress test with scheduler resync to detect possible race conditions.

* Retry scheduling on various events.

* Update Godeps after removing influx tests

* tolerate missing column headers in server-side print output

* Send correct headers for pod printing

* Only build generators for building platform

* Changed subpath test pod to use standard 5 minute timeout wait function, bumped from 1 minute

* Modified HTML injector to have more distinguishable names for debugging ease

* indicate which scheme has conflicting data

* Fix volume limit for EBS on m5 and c5 instances

* Return correct error type and HTTP Status code for operation errors

* extend timeout to workaround slow arm64 math

* getPids - don\'t recursively traverse every dir

* Add stats for system containers \"pods\"

* Add extra metrics for PV Controller

* Return error in provisionClaimOperation

* Fix a typo in csiPlugin comment

* kubeadm: stop setting UID in the kubelet ConfigMap

* fix kube-aggregator dailer

* csiAttacher: check deviceMountPath before hasStageUnstageCapability

* GetMasterHost should not return port

* Update crictl to v1.11.1.

* Cleanup & fix PodSecurityPolicy field path usage

* Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) so that kubelet does not get stuck in retriving node addresses from a cloudprovider.

* Fix test failure when executed using build/run.sh

* Chop computeReplicasForMetrics to smaller pieces

* Extract helpers from prepareTestClient

* Change README links to https

* Add String method to audit.Backend interface

* session.New is deprecated and remove unused variable

* more clear err log

* update testcase for edit

* add tests for polymorphichelpers pkg

* Fist level ecache for nodeMap

* RWLock for cache

* clean unused variable

* change not valid to invalid

* generated: bazel

* generated: Avoid use of reflect.Call in conversion code paths

* Remove generic conversion function

* Make conversion function names match expected values

* Add a new conversion path to replace GenericConversionFunc

* conversion-gen: Report an error in conversion when names don\'t match

* conversion-gen: Better error on duplicate objects

* conversion-gen: Register static untyped functions (interface{})

* Fixing E2E tests for disk resizing

* Add NoSchedule and NoExecute tolerations to ip-masq-agent

* fix info level message

* Update CHANGELOG-1.11.md for v1.11.1.

* fix a panic due to assignment to nil map

* apimachinery/pkg/runtime/doc: Split list into paragraphs

* Add error check and ignore unused variable (SA4006)

* kubectl: Drop typer from DrainOptions

* Check presence of sioDiskIDPath before reading it

* update github.com/matttproud/golang_protobuf_extensions to 1.0.1

* pkg/controller: remove old clientbuilder methods

* fill in normal restmapping info with the legacy guess

* persistentvolume: fix spelling of storageClasseName

* Unset CDPATH in build scripts

* fix dynamic client listing bug

* Handle errors

* Upgrade TaintNodesByCondition to beta.

* check for crictl executable only for CRI runtime

* Fix unit tests for GetZone

* Add availability zone support to Azure nodes

* kubeadm: wrap runtime tests in a t.Run

* Use probe based plugin discovery mechanism in device manager

* Add unit tests for methods of pod\'s format

* Change the method name from PodsWithDeletiontimestamps to PodsWithDeletionTimestamps

* delete unused events

* remove useless codec param from strategicPatchObject

* remove unreleased tag

* bump ingress version to 1.2

* client-go: fix error message spelling in rest config

* client-go: update documentation for remotecommand.StreamOptions

* Reverting commit #56600 as GCE PD is allocated in chunks of GiB instead of GBs

* Escape illegal characters in remote extra keys

* Fix locating resporce-pool for volume provisioning

* eliminate unnecessary helper

* port setVolumeLimits to Setter abstraction, add test

* extend FakeVolumePlugin to implement VolumePluginWithAttachLimits interface

* port setNodeStatusGoRuntime to Setter abstraction

* port setNodeStatusImages to Setter abstraction, add test

* port setNodeStatusDaemonEndpoints to Setter abstraction

* port setNodeStatusVersionInfo to Setter abstraction, add test

* port setNodeStatusMachineInfo to Setter abstraction, add test

* lift node-info setters into defaultNodeStatusFuncs

* port setNodeVolumesInUseStatus to Setter abstraction, add test

* port setNodeReadyCondition to Setter abstraction, add test

* port setNodePIDPressureCondition to Setter abstraction, add test

* port setNodeDiskPressureCondition to Setter abstraction, add test

* port setNodeMemoryPressureCondition to Setter abstraction, add test

* port setNodeOODCondition to Setter abstraction

* port setNodeAddress to Setter abstraction, port test

* add support for \"success\" output for edit command

* move call to defaultNodeStatusFuncs to after the rest of the Kubelet is constructed

* add nodestatus package with Setter abstraction for composable node constructors

* remove incorrect comment referencing removed functionality

* Collecting etcd histogram metrics

* set standard storage class addon mode to \"ensure-exists\"

* update generated bindata

* add test cases for kubeadm/app/util/runtime

* move runtime details into ContainerRuntime

* translations: point license header to Kubernetes

* clean unused function

* remove the unused verifyRemainingObjects function

* fix error binding of edit output format

* scheduler: fix panic while removing node from imageStates cache

* should be fmt.printf in the e2e test

* Passing `KUBE_TEST_ARGS` variable to make through process environment instead of command line flags. \'$\' character has special meaning in make, prefer passing variables through process environment.

* fixtodo: add unit test for function FetchConfigFromFileOrCluster

* kubeadm: Make the kubeadm config kinds mutually exclusive

* Fix kubeadm upgrade TODOs

* UT case of certificate_controller

* splitRE is never be referenced

* fixdup

* fix nil pointer dereference in node_container_manager#enforceExistingCgroup

* fixformat

* fix glogformat

* fix spell

* autogenerated

* Rename NodeConfiguration to JoinConfiguration in v1alpha3, but support both names for this release of kubeadm

* Automated rename from NodeConfiguration to JoinConfiguration

* Remove the Heapster/InfluxDB test

* Compare stateful set updates semantically

* Safe encode template hash value to make it consistent with resource name

* generated

* Remove hand-written typed registries

* Use storage directly for scale subresources

* Modify resource constraints for master components.

* Bump version of event-exporter.

* apiextensions-apiserver: add test for non-base type columns

* apiserver: make loopback logic in SecureServingOptions reusable

* apiextensions-apiserver: use self-signed cert fixtures in testserver

* apiserver: add SecureServingOptions.ExternalAddress

* apiserver: use fixtures for self-signed certs in test server

* Fix kubeadm checks import error

* only add local endpoints into the hairpin ipset

* fix metrics help comment

* cleanup / simplify convert command

* Allow modifying current context with kubectl set-context

* Don\'t validate HealthzBindAddress in KubeProxyConfiguration if it\'s empty

* make delete waits match on UID

* Support setting azure LB idle timeout

* update generated files

* apiextensions: add optional comment tags

* kubeadm-ha-phases

* dry-run: Run generate commands for new Options types

* dry-run: Create new options for Update/Create and pass it along

* apiserver/README: update to 2018 for compatibility

* Update Cluster Autoscaler version to 1.3.1

* fix csr status message for kubectl certificate deny

* fix CRI socket validatioin

* optimize certificate cleaner

* kubeadm: Printable default component configs

* added serviceAccountName to field selectors

* fieldpath: Add tests for missing cases

* Rework image locality with spread-based scoring

* Add image states to scheduler cache

* Update generated bazel

* Invalidate CheckVolumeBinding predicate cache on PV update.

* verify-generated-docs: Use exit code rather than comparison to empty string

* update TestOnlyLocalNodePorts to make sure only add local RS

* Bump cluster-proportional-autoscaler to 1.2.0

* make the addons docker registry configurable

* generated

* Add Accepted to delete response path

* Update CHANGELOG-1.8.md for v1.8.15.

* Rename violations.report to violation_exceptions.list

* fix updateJob scheduling of resync

* move feature gate checks inside IsCriticalPod

* Explicitly disable dry run for connect

* Don\'t delete pkg/generated/bindata.go in make clean

* fix NodePort with Local policy not working

* Get ipv6 nodeIP when in ipv6 cluster

* use pause image with fat-manifest

* fix bug for garbage collection

* Use kube-openapi cmd in Make rules

* generated

* Bump kube-openapi dependency

* Add kube-openapi cmd to required binaries

* Always mark gke-exec-auth-plugin executable

* Adding generated files

* Fixing comments in types.go

* kubernetes: fix printf format errors

* Re-enable write-read pv check in volume provisioning tests

* Convert TestServerRunWithSNI to subtests to isolate flake

* ensure rs pod cleanup happens

* Disable initializers by default

* Make node status addresses authoritative for kube-apiserver -> kubelet connections

* Make cloud provider authoritative for node status address reporting

* Derive kubelet serving certificate CSR template from node status addresses

* Remove unused x509 code

* declare conversion dependencies

* re-make print flags composeable for sophisticated callers

* fixes operation for \"create on update\"

* clean ups

* clean up node expansion

* Return vmUUID when renewing nodeinfo in VCP

* ensureInternalBackendServiceGroups inserts InstanceGroup links, not nodes

* Remove unused io util writer & volume host GetWriter()

* Create WORKSPACE file before running bazel in kubemark

* verify-generated-files: ensure git tree is clean

* move t.Parallel() out of for loop

* Stop sorting downward api file lines

* kubeadm: run kube-proxy on non-master tainted nodes

* Fix wrong flexvolume dir on gce ubuntu

* Fix pod worker deadlock.

* Generate pkg/generated/bindata.go

* Don\'t gitignore pkg/generated/bindata.go

* switch delete strategy to background deletion

* apiextensions-apiserver: wire through CountMetricPollPeriod for CRs

* Add region label to dynamic provisioned cinder PVs

* kube-apiserver: fix tests which don\'t use tls yet

* kube-apiserver: disallow --secure-port 0

* apiserver: get rid of ReadWritePort in config

* Add a timeout when fetching latest version

* Fix truncating and buffering backends integration.

* Add pod.yaml to user-guide

* Update bazel

* vSphere: set vCenter client UserAgent

* Document ipvs mode has GA in v1.11

* autogenerated

* Rename MasterConfiguration to InitConfiguration in v1alpha3, but support both names for this release of kubeadm

* Automated rename from MasterConfiguration to InitConfiguration

* add cni bandwidth test

* autogenerated

* Update the kubeadm config API roundtrip yaml files

* Update unit tests

* Make kubeadm support {un,}marshalling ComponentConfig structs as different YAML documents

* Remove the ComponentConfig structs from the external v1alpha3 API. Use the new componentconfigs pkg for validation and conversion

* Add a new package for handling all ComponentConfig-related code

* add traffic shaping support for CNI network driver

* Avoid allocations when parsing iptables

* autogenerated

* Update the config API roundtrip tests

* Update unit tests

* Start using the new path in the internal config for the ComponentConfig structs

* kubeadm: Embed the internal variants of the componentconfigs in the internal kubeadm API with conversions

* Add local volume pod affinity tests.

* Remove unneeded deps

* Add a README in test/e2e/node with a warning

* delete copied comment

* switch to glob

* fix visibility of testdata for //test/cmd:legacy-script

* Fix RunAsGroup.

* wire PrintFlags through rollout commands

* pause image should be arch agnostic

* Incremented the elasticsearch version

* generated

* name runtime.Schemes so we can see which one fails

* move CRD server unstructured typer to point of use

* remove stray comment from a merge

* vSphere Cloud Provider: avoid read race during logout

* Remove crappy fmt.Println

* add test case

* make RBAC escalation error message more useful

* Improve multi-authorizer errors

* show pods using pvcs for kubectl describe

* Make proxier params configurable in kubemark

* Optimize iptables

* Fail update-godep-licenses if bash version lower than 4

* Add new owners to vSphere cloud provider

* fix azure storage account creation failure

* Adding details to Conformance Tests using RFC 2119 standards.

* Add script to verify generated files

* juju: Fix kubernetes-worker certificate SANs on AWS

* straight split of test-cmd

* move test-cmd guts to separate sig-cli maintained directory

* apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration bootstrapping

* kubeadm: use constant instead of hardcoded path

* only need to ignore resources that match discovery conditions

* kube-controller-manager: create self-signed certs

* apiserver: don\'t create self-signed certs with disabled secure serving

* kube-controller-manager: add stopCh plumbing

* autogenerated

* controller-manager: allow high ports in secure serving validation

* Refactor a bit of the config YAML loading code, and support loading multiple YAML documents

* Fix field name in NAP tests

* Bump addon resizer image to 1.8.2

* typo s/thub/github/g

* Update Cluster Autoscaler version to 1.3.1-beta.1

* flatten nested lists for flatten in visitor

* Make docker authentication in kubemark provider-independent

* Unify bazel and makefile modes of build for kubemark

* apiserver: don\'t create self-signed certs with disabled secure serving

* kubeadm: update generated files

* Remove duplicate check line

* When api-server is not avaiable, kubectl cluster-info still prints information like: the cluster is running at ... This patch fixes this bug

* fix print format string

* Improve TestMergoSemantics test

* Move from mergo.Merge to mergo.MergeWithOverwrite

* kubectl: Remove an extra character from rollout error message

* apiserver: allow high ports in secure serving validation

* kube-apiserver: drop unused loopback token in insecure mode

* rm PersistentVolumeLabel

* client-go/discovery: fix godoc package comment

* autogenerated

* Automated bump from v1alpha2 references to v1alpha3

* Register the v1alpha3 API in the scheme, and update the roundtrip API tests

* Add a duplicated v1alpha3 API

* ipvs: add addrtype match for nodeport

* Remove the v1alpha1 API folder

* Avoid printing service comments in proxy rules

* Remove unnecessary spaces ahead of custom yaml.

* Remove echo cmd when overwriting a file from an Env var.

* print required flags when running kubeadm upgrade plan

* fix gofmt

* Add healthz check to ensure logging is not blocked

* update hcsshim dependency to v0.6.11

* fix DynamicKubeletConfig feature to beta

* Remove references to the Debian-based Container-VM image

* Remove DefaultingSerializer as it is not being used

* Cleanup apiserver errors

* fix go-template defaulting for commands w default output format

* kubectl: wait for all errors and successes on podEviction

* autogenerated

* if loadbalancer section is not defined in cloudconfig, do not initialize lb support

* Update github.com/imdario/mergo to v0.3.5

* Fix DeletionTimestamp printing

* change field selector conversion registration to be strongly typed

* Update the roundtrip API tests to not use the v1alpha1 API

* Stop using/supporting the kubeadm v1alpha1 API

* Add additional authorization check for create-on-update

* Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager

* Implement fixes for flexvolume when kubelet is contanerized

* add --template tests for commands

* Add lichuqiang as reviewer of persistentvolume controller (for volume scheduling)

* typo fix: fromat->format

* update priority admission for interoperability

* Improved logging message for checking if node is shutdown.

* kubeadm: Fix CoreDNS image generation bug

* make template printers a recommended printer

* move template printers to genericclioptions

* Run update-bazel

* Run code gen

* Handle errors in generated client scheme

* use request.UserAgent()

* fix smb mount security issue

* Build file generated

* Add priority to defaultOn plugins list

* fix \'kubectl cp\' with no arguments causes a panic

* apimachinery: runtime: cleanup comments

* apimachinery: cleanup if...else statement

* apimachinery: runtime: cleanup code

* Remove scheduler config deprecated warning as the new component config is still in alpha

* Update to go1.10.3

* adds post install step to kubeadm deb built by bazel

* fail on rbac resources of non-v1 versions in reconcile

* juju: Fix upgrade actions not working with resources

* split services between multiple namespaces

* kubeadm: Replace GetCoreImage with less error prone functions

* Fix dumping logs with logexporter

* Remove --cadvisor-port - has been deprecated since v1.10

* Block volumes should have empty FSType

* Reload systemd config files before starting kubelet.

* Update output format so that it matches actual accepted values

* hack/verify-pkg-names.sh: remove k8s.io/metrics dirs

* Update generated files

* bump(github.com/kubernetes/gengo): ecfcee3e19c8f1ac0e50e9b9c307626f343ce15f

* Update external k8s.io/metrics imports

* k8s.io/metrics: normalize client dir

* k8s.io/metrics: use standard code-gen scripts

* Speed up cluster startup in GCE

* azure: Add validation of resourceGroup option.

* bug fix: dead loop leaderelection

* fix `kubectl create priorityclass` failure bug

* fix a typo error

* simplify httplog.LogOf

* Add StatefulSet rollback and rolling update test with PVCs

* kubeadm: remove redundant flags settings for kubelet

* fix missing protocol match in ipvs mode

* scheduler: update tests to use sub-benchmarks (pkg/scheduler/cache)

* Get rid of depends on kubectl in kubeadm

* leaderelection: set timeout for tryAcquireOrRenew

* Fixed the wrong elasticsearch node counter

* hack/verify-pkg-names.sh: remove exceptions due to generated code and vendor

* Update generated files

* bump(github.com/kubernetes/gengo): 5b57d243f2ca39dbbda758ee07b76b4d519f6dc7

* Propagate forceAllowCreate as false to all subresources

* Add bionic series (not default)

* Addressed reviewers comments

* Fix test failure of truncated time

* Make various fixes to flex tests and fix some crashes

* make builder tolerant of restmapper failures when it doesn\'t need the answer

* test/e2e_node/system/types_unix: support ZFS

* Allow custom manifests in GCP master setup

* Fix apiserver metrics

* Renamed with psp-binding suffix

* FIX removed file

* bugfix separated files

* Moved under podsecuritypolicies directory

* add volume mode field to constructed VolumeSpec

* fix localvolume volume mode not found issue

* Revert \"Make no. of services in load test configurable\"

* EventRateLimit should aggregate reject errors

* Update CHANGELOG-1.9.md for v1.9.9.

* remove unused variable in openapi-spec script

* Typo Fix.

* Change our tests to ensure that critical system pods are created in the system namespace

* fix sample-controller README

* Increase glog level of some scheduling errors.

* set leader election client timeout

* fix unit test TestAttacherUnmountDevice

* Autogenerated files

* Limit usage of system critical priority classes to the system namespace

* Adding generated files

* Removes defaulting of CSI fsType to ext4

* deprecate openapi printing in kubectl in favor of server-side printing

* Fix bug printing openapi columns

* Allow override AllowCreateOnUpdate with new argument to Update

* Fix comments about default mount propagation

* Add warning function that includes timestamp

* skip nic that are in failing state

* Fix out of bounds error on non-64-bit machines

* feature gate LSI capacity calculation

* add scrape port to service

* Revert \"certs: only append locally discovered addresses when we got none from the cloudprovider\"

* Add metrics for attachable volumes in use

* Preparing for 1.11 release and update ingress image to 0.16.1

* apiserver: do not print feature gates for glog v=0

* Fix K8s-Storage-Plugins repo

* run test TestAttacherMountDevice in temp directory

* Pick the first extension matched

* fix some style error using gofmt

* fix typos

* update aws-sdk to support new region

* pod status should contain ContainerStatuses after eviction

* fixes docs

* Fix some descriptions for kubeadm

* fix typos for TestBackoffHighWaterMark

* show kind for multiple resource types

* update bazel and staging-dep

* move cacher in separate dir

* resource version parsing should all be in one place

* Print type information when unknown watch error

* Insert human curated 1.11 release notes and set current version

* Update CHANGELOG-1.11.md for v1.11.0.

* Bug fix: Should allow alias range size equals to max number of pods
* 2

* Honor custom transport dialer

* Cleanup verbose cAdvisor mocking in Kubelet unit tests

* add help description and examples to wait

* Increase certain waiting time window in gpu_device_plugin e2e_node test.

* Add e2e tests for volumeMode of persistent volume

* Add Mengqi to the list of approvers for strategicpatch

* Print error when APIServer fails to start

* ipvs: remove duplicated masq rules

* fix ipset creation fails on centos. issue 65461

* Autogenerated stuff

* Enable coordination api group

* Create coordination registry

* Add coordination API group with Lease type

* unify log messages

* fix wrong output messages about EnforceNodeAllocatable

* fix a nit error in log

* transform ConnectMethods to kube verbs

* Populate NodeAffinity on top of labels for cloud based PersistentVolumes

* fix azure disk issue for external resource group

* Remove kubectl delete hack that handles DaemonSet deletion

* fix scheduler client construction from configuration files

* Fix typo in comment

* Update CHANGELOG-1.11.md for v1.11.0-rc.3.

* Remove COS requirement while running e2e nvidia gpu tests.

* add sjenning to sig-node-reviewers

* bug fix for cloud provider generator

* add beta healthcheck in gce cloud provider

* swtich to use Beta

* regenerate GCE cloud provider

* revendor GCE API Go client

* update NEGAnnotation

* Add debugging for scale e2e test errors

* Resolve potential devicePath symlink when MapVolume in containerized kubelet

* kubectl convert should not double wrap output in nested lists

* use lowercase hostnames for node names

* show type differences in reflect diff

* allow enabling kubelet serving certificate rotation via flag

* Add ravi to sig scheduling approvers

* Improve job describe and get output

* Enable “Kubernetes Monitoring” and “PodSecurityPolicies” on the same cluster

* Prepare local volumes via hostexec pod.

* Add hierarchy support for plugin directory

* enable etcdv3 client prometheus metics

* Update Rescheduler\'s manifest

* Update vendored tool go install location to use GOPATH

* Fix run-in-gopath issue with symlink\'d gopath

* one more lint fix for sshl_chain_completion

* update NPD version to v0.5.0 for gci

* lint fixes for goal state checks

* BUGFIX: must use ID, not name, of the node security group when adding rules to it

* Update CHANGELOG-1.11.md for v1.11.0-rc.2.

* Read gpu type from TESTED_GPU_TYPE env variable

* move NEG out of featuregate

* Add support for linux abstract socket namespace.

* kubeadm-upgrade: notify the user of manifest upgrade timeouts

* azure: Move configuration of resource group in storage class.

* fix a return miss bug

* Fix scheduler config decoding

* Not step into ipvs.CleanupLeftovers() if canUseIPVS\'s false

* Enable kubectl proxy to set tcp keepalive

* add cleanLegacyBindAddr

* collapse the resource version parse

* deployment: remove unused parameter \'podMap\'

* Remove deprecated interactive flag

* Update bazel

* client-go/examples/fake-client: add doc.go to fix go build warnings

* Remove unused exported errors

* Do not do noramlization of the fingerprint format

* Removed unused vars.

* Improve scheduler\'s performance by eliminating sorting when finding the host with the highest score

* Add missing error handling in schema-related code

* add myself to cmd/[cloud-]controller-manage reviewer

* When splitting `snake_case` words, omit the underscore

* cleanup: remove deadcode

* simplify negs checking

* Add /home/kubernetes/bin into sudoers path, so that `sudo crictl` works.

* Add tests to cover newly added unresolvable failures

* Add more unresolvable conditions to optimize preemption logic

* address comments

* Run hack/update-bazel.sh

* Set gazelle:importmap_prefix for everything under staging/src

* Remove go_prefix from root BUILD file

* Use new go_genrule from kubernetes/repo-infra based on go_path

* Reformat openapi/def.bzl and pkg/version/def.bzl using latest buildifier rules

* Run hack/update-bazel.sh

* gazelle: set proper importmap on dependencies in vendor/

* Set gazelle:prefix on staging/src and remove sed hack

* Update to gazelle 0.12.0 and run hack/update-bazel.sh

* update to rules_go 0.12.1

* Remove the go_default_library_protos filegroups using buildozer

* gazelle: disable proto rules

* add e2e test for standalone (exposed) NEG annotation

* remove cloud-controller-manager deb from releases

* Always create kubeClusterIPSet

* special-case template printing in get.go

* Consume watch event for all versions of CRD

* add rate limiting for NEG calls

* update github.com/pelletier/go-toml to 1.2.0

* Remove unneeded sleep from test.

* delete should tolerate a failed wait because of missing verbs

* legacy api endpoints only support v1 ever

* make sure delete waiting doesn\'t re-evaluate the resource lists

* Use correct field for exception detection.

* Introduce scheduler CPU/Memory profile-gathering in density test

* Refactor profile-gatherer to work across all master components

* Allow more fields at root of CRD schema if status is enabled

* fixtodo: Move these kubelet start/stop functions to phases/kubelet

* return error when failed to prepull the images

* fix typo brance -> brace

* limit User-Agent max length 1024 and add ...TRUNCATED suffix

* fix some typos

* Change signature of SetUrlMapForTargetProxy

* apiserver: fix typo introduced in #57366

* Change prometheus versions from latest to tag

* Add a helper function to customize K8s addon yamls and use it to customize Calico addons on GKE.

* Add client-go example using fake client in test.

* Remove item from taint manager workqueue on completion

* update cadvisor godeps to v0.30.2

* [gce provider] Ran hack/update-cloudprovider-gce.sh

* [gce provider] Wrapper for beta backend servvice create/update

* fix printer check to tolerate vendoring

* Fix k8s json package import name

* etcd: reuse leases for keys in a time window

* Add OWNERS file for rpm packages to mirror the debs

* Fix cleanup of volume metadata json file.

* update github.com/satori/go.uuid to 1.2.0

* Adds cri-tools as a dependency to kubeadm deb/rpms

* Update CHANGELOG-1.10.md for v1.10.5.

* Split scheduler latency metric to fine-grained steps

* auto-generated file

* Removed unused srv_kube_path variable

* Fix scheduler reset metrics bug in testinfra

* [cloud-controller manager]move more setup code from startControllers into the config

* sample-apiserver: add note that the pkg is k8s.io/sample-apiserver

* The shell script shoud be \"build/shell.sh\"

* Create heapster node first

* fix a log param error

* improve kubectl completion help

* Change Azure ARM Rate limiting error message

* fix some small mistakes in kubeadm

* Typo fix: unqalified=>unqualified

* Update CHANGELOG-1.11.md for v1.11.0-rc.1.

* Add a GPUClusterDowngrade test.

* stop returning invalid json fields in CRD OpenAPI schemas

* bump(k8s.io/kube-openapi): 91cfa479c814065e420cee7ed227db0f63a5854e

* scheduler: fix equiv. cache logging.

* Add a package docstring to core/equivalence.

* Clean up names in equivalence package.

* Move equivalence cache into new package.

* juju: Add audit support to kubernetes-master charm

* fix a TODO in ValidatingAdmissionWebhook

* Remove mount.GetMountRefs in favor of mounter.GetMountRefs

* Log long operations on iptables

* Add sysctls to the ouput of `describe` on PSPs

* auto-generated files

* Querry candidate zones for EBS when zone/zones not passed

* add default value to ScaleIOVolumeSource spec

* Update crictl to v1.11.0.

* Added attach/mount/check steps to CSI Driver E2E tests

* Have the /rootfs rw for containerized node e2e

* fix scheduler port boundary to match detection

* Enable watching secret and configmap manager

* Kubelet manager configuration

* add AATTandrewsykim as pkg/cloudprovider approver

* Bumps cri-tools version to GA in bazel build

* Fix a changelog entry in v1.11

* Fix kubeadm unit tests relying on internet access

* use the release-1.11 branch by default

* Update CHANGELOG-1.8.md for v1.8.14.

* Tests: Make e2e test platform-agnostic

* Cluster Autoscaler 1.3.0

* Make no. of services in load test configurable

* promoting namespace e2e tests for conformance

* auto-generated file

* move some option struct from controller manager to kube-controller manager

* sample-apiserver: Add RBAC roles and ClusterRoleBindings for Admission Webhooks

* Fixed detection of inaccessible AWS encryption key.

* fix comments

* Fix MaxAge default audit log option

* kubeadm: Fix a small config upgrading issue with .CloudProvider

* cri-tools deb: Rename cri_tools to the correct cri-tools

* kubeadm: Fix a bug where skipping all preflight checks wouldn\'t activate the kubelet

* CSI block fix for mapping path

* apiextensions: expect IsNotFound errors for disabled versions in testSimpleCRUD

* apiextensions: add update to testSimpleCRUD (again?)

* set more accurate status based on charm goal_state

* Move service account key file arg to the service-account controller options

* Half the no. of endpoints in load test

* Check if the server actually configured with a certificate

* Update copyright header

* Periodically fetch logexported nodes instead of sleeping

* Pass cluster_location argument to Heapster

* Report parsing error in json serializer

* Do not query for VMUUID if it was explicitly passed

* kubeadm: Make the environment file writing happen on upgrade as well

* Use kubernetes image repo for coredns

* add islinwb to pkg/util/ipset reviewers list

* Fix kubeadm init/upgrade --dry-run mode

* Update Cluster Autoscaler to v1.3.0-beta.2

* decode crd objectmeta properly

* apiextensions: fix concurrent map access copying items\' ObjectMeta in Unstructured

* Detect a missing key error and print a cleaner message.

* Fix a typo in kubeadm genearted doc

* Fix check for CRD watch priming

* apiextensions: add AddToGroupVersion call to CRD example register.go

* fix schema for kubeproxyconfig/v1alph1

* make json serializer case sensitive

* vendor the latest json-iterator

* Use context with timeout instead of context.Background

* Wait a minimum amount of time for polling operations

* Update tests to reflect that kubeadm taints should not override node taints

* vendor: update hcsshim to v0.6.11

* apiserver: add context to authn/authz kubeconfig errors

* Readding summary metrics

* Revert \"Fixing scheduling latency metrics\"

* Increase fluentd-gcp grace termination period to 1min

* Start plugin watcher after initialization of all kubelet components

* rm dead auto gen code

* This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest\'s expiration time to avoid extreme value which could harm the cluster.

* Added PV GET api rule to external-provisioner

* Fix kubeadm taints to not override existing node taints

* Re-use private key after failed CSR

* marshal bytes to return as string with `kubectl config view -o jsonpath`

* reduce logging for backoff situations

* apiextensions: enable CoreAPI options needed for admission

* fix update node condition

* Enable dynamic provisioning tests on AWS.

* Update generated files

* bump(k8s.io/gengo): dcbe4570f0cf6efbc583a5321c8f9390f71a544d

* fix bug excludeCIDRs was not assign in func NewProxier

* add ut for audit useragent

* fix iptables_test typo

* fix dead links in kube-dns/README.md

* Replace manifest-tool with docker manifest command

* Make CredentialProvider config loading deterministic.

* Use actual etcd client for /healthz/etcd checks

* [trivial] fix option help message.

* Add kms-plugin-container.manifest to release manifest tarball.

* kubadm - add comment for etcd server cert clientauth usage workaround

* mark kubectl wait as experimental

* Correct several mistakes in the comments/doc for PollImmediate.

* A few cleanups (remove duplicated env vars & unnecessary comments) on yaml files.

* Handle empty clusterID in loadbalancer naming

* Update Calico addon yamls to make it work for both 2.x and 3.x. versions.

* Compute avg and quantiles of scheduler throughput in density test

* autogenerated

* kubeadm: Fix a couple of small-ish bugs for v1.11

* kubeadm - fix local etcd grpc gateway

* Typo fix: toto -> to

* Increase logexporter timeout and add debug logs

* Adding scale error retries

* daemon: add custom node indexer

* auto-generated files

* add e2e regression tests for the kubelet being secure

* Quiet verbose apiserver logs

* Do not error out on pods in kube-system

* Narrow e2e pre-check on scheduler predicates

* Move out azure_loadbalancer.md to cloud provider repository

* kubeadm - local etcd configuration bugfixes

* Issue 63622 - Flaky e2e/aggr test.

* Remove an old TODO.

* Limit the mounted directory to cluster-autoscaler/

* fix eviction event formatting

* fix memcg fd leak

* update cadvisor godeps to v0.30.1 to revert cadvisor#1916

* fix-kubeadm-pull-log

* Cluster Autoscaler 1.3.0-beta.1

* volume: decrease memory allocations for debugging messages

* fix field removal in mutating admission webhooks

* Disambiguate a comment

* set EnableHTTPSTrafficOnly in storageAccount creation

* complete ipvs proxier test

* stop using deprecated --etcd-quorum-read

* Rename context

* auto gen

* fix integer divide by zero panic

* improve memory footprint of daemonset simulate

* Limit access to configmaps

* use subtest for table units

* Add cluster autoscaler w/NAP test involving GPUs

* dockershim/network: add dcbw to OWNERS as an approver

* update rbd and cephfs volume owners

* use subtest for table units

* add msg when getting toomanyrequest error from evict pod

* Create new certs & cleanup cert generation

* Add block volume support to Cinder volume plugin

* Add cleanup for gpu-pod-rc in cluster_size_autoscaling.go

* Create system:cluster-autoscaler account & role and introduce it to CA start-up script

* apimachinery: unify accessors to not deepcopy

* Check certificate thumbprint when configured

* Use soap clients method to load root CAs

* Setup test for verifying by checking certificate fingerprints

* Pass through CA cert file to the connection when multiple vcenters are configured

* Introduce thumbprints per vcenter

* Add godocs for fixtures

* Resolve paths of test fixtures at runtime

* Fix spelling

* Add LICENCE header to createCerts.sh

* Improve godocs and testcase naming

* Add LICENSE header

* Make bazel happy

* Setup TLS with CA Cert

* logging user-agent in audit

* add extended resource name validation

* remove duplicated cleaning up func

* Address a TODO, move to lazy initialization of the firewallD signal handler.

* fix a bug of wrong parameters which could cause token projection failure

* Volunteer to maintain nodelifecycle

* Better log line in e2e

* Don\'t specify a description for Calico CRDs

* In case storage class parameters are empty, create a new map for Portworx volume labels

* re-enable memcg for testing on gce

* Ensure directory is created for kubelet configuration

* Fix output of `kubeadm migrate config`

* Revert \"Add validation code for the Vertical Pod Autoscaler API.\"

* Revert \"Auto-generated code for the Vertical Pod Autoscaler API.\"

* Revert \"Add Vertical Pod Autoscaling API to the autoscaling group.\"

* Fix up legacy printer table adapter

* Update CHANGELOG-1.11.md for v1.11.0-beta.2.

* Add support for OpenStack integrator charm

* Use repo prefix when generating image names

* Fix UnmountDevice with deleted pod.

* Improve kubeadm reset output

* Adds a crictl package for kubeadm installs

* ignore not found file error when watching manifests

* Typo fix in returned message: utilites->utilities

* keep-terminated-pod-volumes should be false

* Fix setup of configmap/secret/projected/downwardapi

* SupportIPVSProxyMode is true by default.

* Typo fix

* Fix dead-link to dns-horizontal-autoscaler

* Add clarification for Windows DNS setup flow

* add missing LastTransitionTime of ContainerReady condition

* modify ipvs readme

* Use context.TODO() to be explicit that cancellation is not implemented

* Propagate signal from stop to context

* Cancellable leader election with context

* Cancellable leader election with channels

* fixes data races

* checkLimitsForResolvConf for the pod create and update events instead of checking period

* Revert \"Fix Windows CNI for the sandbox case\"

* autogenerated

* Add a \'kubeadm upgrade node config\' command and finish up the kubelet integration work

* Allow non-RBAC authorizers to participate in role/clusterrole escalation checks

* Remove ncdc from sig-node-reviewers

* Add TODO for removing kubectl DaemonSet deletion hack

* Revert \"Remove hack in kubectl delete that handles DaemonSet deletion\"

* [e2e service] Change CleanupServiceGCEResources() to CleanupServiceResources()

* Short-circuit node authorizer graph edges for mirror pods

* Remove myself from sig-cli OWNER alias

* keep pod state consistent when UpdatePod

* Added OS verification for third party etcd binary

* Add validation code for the Vertical Pod Autoscaler API.

* Auto-generated code for the Vertical Pod Autoscaler API.

* Add Vertical Pod Autoscaling API to the autoscaling group.

* Update CHANGELOG-1.10.md for v1.10.4.

* kubeadm: Don\'t match DNS versions to K8s versions

* specify external resource group in ResizeDisk

* add external resource group support for azure disk

* fix some typos

* remove unused code in runtime/scheme_test.go

* kubeadm: When etcd is listening on all interfaces, set the etcd probe to use loopback

* auth: standalone kubelets shouldn\'t start a token manager

* disable process scheduler metrics

* update cadvisor godeps to v0.30.0

* Remove hack in kubectl delete that handles DaemonSet deletion

* Skip updating status for DaemonSet being deleted

* Generated code for gce_disks refactor

* Refactored disk cloudprovider methods to use generated client; Refactored gce_disks unit tests; Removed unused gce_op.go and associated unit tests.

* autogenerated

* Switch to Beta

* sysctls: create feature gate to track promotion

* Run make update

* kubeadm: Upload CRISocket information and hence make kubeadm join blocking

* Fix standalone dockershim.

* Reconcile extended resource capacity after kubelet restart.

* Promote sysctl annotations to API fields

* CSI implementation of raw block volume support

* Rate limit only when an actual error happens, not on update conflicts

* Set GCE PD attachable volume limit based on machineType

* Add e2e tests for resource quota\'s priority class scope.

* Inject ContainersReady

* Generate ContainersReady condition

* add ContainersReady condition

* kubeadm: Update the dropin for the kubelet in v1.11

* document per-field advice for dynamic Kubelet config

* coredns to use gcr.io repo

* add port-forward examples for sevice

* kubeadm lowercases all domain names passed as additional SANs

* Fix kubeadm for v1alpha1 configs

* Remove Feature:Volume from tests

* apiextensions: allow Description in the root schema for subresources

* use subtest for table units

* fix kubectl -o

* housekeeping: improved language used in ISSUE_TEMPLATE.md

* Fix quota sync

* Create new variable for each iteration step

* Provision interface change

* kubectl cp support colons-in-filename

* Dynamic provisioning allowed topologies scheduler work

* Run CoreDNS container only with CAP_NET_BIND_SERVICE, drop all other (root) privileges. Run filesystem of container and config in read-only mode.

* Fix panic while provisioning Azure security group rules

* Remove labels.yaml

* 1. fix rbd device works at block mode not get mapped to container when docker restart 2. Add unit test case for rbd

* add Lion-Wei to ipvs reviewers list

* remove deprecated option \'--enable-custom-metrics\'

* generated files

* add unit test for func PodRequestsAndLimits and ExtractContainerResourceValue

* Setup docker options according to windows security context

* Setup windows security context in CRI

* Add security context for Windows containers

* API changes for Topology aware dynamic provisioning

* implement service account token projection

* Add support for enforcing read only host paths in PSPs.

* staging godep update

* Test job backoffLimit correctly

* Add mbohlool to apiextensions-apiserver reviewer list

* Simplify build for bindata

* Simplify build for openapi

* Simplify build for conversion

* Simplify build for defaulter

* Simplify build for deepcopy

* Add a helper tool to emit Makefile snippets

* Simplify find in cache_go_dirs.sh

* Better test for generated file rebuilds

* Simplify Makefile for genfiles a bit

* Build: Test if .todo file exists AND is empty

* Get rid of verify_generated_files

* Update dependency

* Update GCE cloud provider to use Cloud TPU v1 API

* Bazel BUILD fixes

* Modify security profile for proxy

* Fix the handling of untagged images

* Update generated bazel

* New labelmanager package

* update golang/protobuf to v1.1.0 to satisfy CSI v0.3.0 hard requirement

* Adding CSI driver registration

* coredns to gcr.io repo

* Update container-storage-interface/spec vendor to v0.3.0 (and related dependencies)

* Introduce priority class in the resource quota

* Add gpu cluster upgrade test.

* trigger kubelet sync pod on reconciliation

* Generate pod ready status with readiness gates

* Only mount subpath as readonly if specified in volumeMount

* Fix panic caused by no cloudprovider in test

* Kubeadm-initialised kubelet uses provided hostname if present

* Bazel artefacts

* Fix test tag on dynamic config tests

* Never clean backoff in job controller

* Remove event handler to satisfy alpha tests

* apimachinery: do not fuzz ObjectMeta.{Labels/Annotation} with empty keys

* kubeadm: use nodeselector instead of affinity in kube-dns

* kubeadm: use nodeSelector to only run kube-proxy on architecture consistent nodes

* Replace glog.Info{f,ln} with fmt.Print{f,ln}

* Collecting etcd metrics

* Log policy name from pod security policy

* add WithAudit admission decorator

* support AddAnnotation in admission attributes

* Fix TestWantsExternalKubeClientSet describe clientset typo

* Allow parametrization of RequestedToCapacityRatio priority function via policy config

* optimize Equals of ResourceLists

* Register RequestedToCapacityRatioPriority priority function

* Add myself to milestone-maintainers

* add NON_MASTER_NODE_LABELS to config-test.sh

* Code clean up

* Fixing ppc arch

* pkg: kubelet: remote: increase grpc client default size to 16MiB

* Refactor of GenerateMapDeviceFunc to delegate Map call to volume plugin.

* azuredisk size grow feature

* clean up empty dir for admissionregistration

* support netd on k8s

* kubeadm: Set the kubelet `--resolv-conf` flag conditionally on init

* Updated generated files

* API updates for Cinder Volumes to support for user specified Secrets in the future

* Clarify --hostname-override and --cloud-provider interaction

* printers: add deepcopy tests to generated tables

* conversions: don\'t mutate in.ObjectMeta.Annotations

* printers: fix json types – int64 is only allowed integer

* Clean up fake mounters.

* apply global flag \"context\" for kubectl config view

* remove deprecated/unused ProbeNetworkPlugins

* bind alpha feature network plugin flags correctly

* Avoid deadlock in gc resync if available resources change during sync

* Updated integration test.

* Eanbled schedule DaemonSet Pods by default scheduler.

* Updated helper funcs to use nodename.

* Address comments in #64006.

* Set deployment security profile to docker/default

* Update istio addon manifest to 0.8

* GC fallback to jsonmerge patch when SMP is not supported

* validation and feature gate

* make update

* add ReadinessGates in pod spec

* Implement kubelet side changes for writing volume limit to node

* Implement volume plugin changes for volume limits

* Implement scheduler changes for volume limits

* Implement API changes needed for dynamic volume limits

* Add metrics for envelop transformer: transformation_operation_count transformation_failures_count envelope_transformation_cache_misses_count data_key_generation_latencies_microseconds data_key_generation_failures_count

* Add wait.PollImmediateUntil

* apimachinery: adapt ObjectConvertor invariant

* client-go: make exec auth and auth provider mutually exclusive

* generated:

* client-go: promote exec plugin support to beta

* clientauthentication: add v1beta1 API version

* GitRepo command hardening

* Validate git args are not flags prior to mounting

* fixed newline issue

* fixed newline issue

* fixed the bad branch merge issue

* apiextensions: add ObjectMeta schema validation and pruning

* fixed branch and changed values to true

* Replace openapi Fake with kube-openapi version

* fix the verify job

* Increase timeout

* Add feature gate for kubelet plugin watcher

* fix go import

* Remove optimization from getWork in resourcequota/controller.go

* Update pod phase documentation

* clean unused function in file pkg/volume/projected/projected.go

* CSI fix for gRPC conn leak, test updates

* Add netd as an addon for GKE.

* Revert \"Remove rescheduler and corresponding tests from master\"

* fix bug excludeCIDRs was not assign in func NewProxier

* Fix some log issues in flexvolume

* add debugging for aggregator flake

* Update CHANGELOG-1.11.md for v1.11.0-beta.1.

* Quote shell variable expansion

* Update bazel.

* Update unit test.

* Proxy container streaming in kubelet.

* disable memcg for testing prior to 1.11 release

* Rename online resizine feature gate

* openapi: Remove FakeClient from testing library

* Kubeadm/k8s version mismatch is now a skippable error

* cloud node controller: improve error handling for node registration

* remove extra \"../\" when copying from pod to local

* Add tallclair to milestone maintainers

* autogenerated

* Add unit tests for the new Bootstrap Token objects and functions

* kubeadm: Initial refactor of the Bootstrap Tokens. Add the new API objects, add/move helpers and start using the new flow in the code

* Move helper funcs and constants to the client-go Bootstrap Token package from kubeadm

* code-gen: support running from anywhere

* make stackdriver logging tests not block e2e runs

* Save kubeadm manifest backup directories

* Use default seccomp profile for GCE manifests

* Add more kubectl auth reconcile flags

* Add ipvs module loading logic to gce scripts

* Typo fix in returned message: formating->formatting

* Move pkg/scheduler/schedulercache -> pkg/scheduler/cache

* Mount the kubeletConfigPath rw when running containerized node e2e tests

* implement kubelet side online file system resize for volume

* kubeadm uses its own scheme instead of kubectl scheme

* remove inaccurate comment about watch timeout

* remove unused code in kubeadm error.go

* remove redundant getKey functions from tests

* use subtest for table units (pkg/master)

* Support dynamicly set logging verbosity

* svcacct: validate min and max expiration seconds on TokenRequest

* generated: update generated API files

* core v1: deprecate the gitRepo volume type

* updated versions

* Add TLS support to exec authenticator plugin

* add a flag to control the cap on images reported in node status

* [gce provider] More wrappers for alpha/beta backend service

* add utils for pod condition

* make update

* fix unit tests using Patch in fake client

* add Patch support in fake kubeClient

* change kubelet status manager to use patch instead of put to update pod status

* include patch permission for kubelets

* add utils to patch pod status

* autogenerated

* dns record scale test

* apiserver: update tests to use sub-benchmarks (aes_test.go)

* kubeadm: conditionally set the kubelet cgroup driver for Docker

* remove unused functions in cmd

* Fix error message to be consistent with others

* Parallelize taint manager

* Quobyte API update

* replace fmt.Sprintf(%s, i.Type()) with i.Type().String()

* Errorf format %q has arg b.labelSelector of wrong type
*string

* e2e test for block volume provisioning

* apiserver: update tests to use sub-benchmarks (secretbox_test.go)

* Fixing scheduling latency metrics

* we should use Warningf instead of Warning when we are using format string

* remove unused parameter in func buildFakeProxier

* Promote watch e2e test to conformance

* autogenerated

* kubeadm: Add a \'kubeadm config migrate\' command

* move oldNodeUnschedulable pkg var to kubelet struct

* Possible cipher suites values and tls versions in help for apiserver and kubelet

* add api for service account token volume projection

* review: s//-/

* remove ipvs feature gateway

* remove unused status per TODO

* Build files generated

* Phase out rescheduler in favor of priority and preemption

* Modified regional PD test to fetch template name from GCE

* Remove direct and indirect streaming runtime interface.

* Add dry-run to auth reconcile

* Deprecate the in-tree keystone plugin

* e2e node: mark pod cgroup test as [NodeConformance]

* Rename equiv. class invalidation functions.

* Change the return of EquivalenceClass.lookupResult.

* Clean up names and comments in equivalence cache.

* Improve unit tests for InstallPathHandler

* update set selector to use resource builder flags

* cleanup some dead kubectl code and narrow scope of helpers

* fix dynamic kubelet config tests

* node e2e: fix the missing square brackets

* Correctly apply request transforms with flattened resource builder

* Correct image in `kubectl help run`

* Add dynamic environment variable substitution to subpaths

* Add probe based mechanism for kubelet plugin discovery

* Auto-generated files

* create coredns and kube-dns folders

* cleanup some dead cloudprovider code

* autogenerated

* Update unit tests to use the new NodeRegistration object

* kubeadm: Move .NodeName and .CRISocket to a common sub-struct

* add resource builder flags

* cleanup some dead kubelet code

* client-go: start fresh with owner file

* fix the delete result being used

* services must listen on port 443

* Modify LoopbackHostPort() so it returns an IPv6 Loopback address when given [::] address

* apiextensions-apiserver: add establishing controller to avoid race between established and CRs actually served

* include rollout object name in cli message

* Add block volume support to internal provisioners.

* Add reliable wait for volume server startup.

* client-go: document README exception in .github/PULL_REQUEST_TEMPLATE.md

* Declare wait flag in way consistent with other deletion flags

* DaemonSet internals are still in extensions

* Add daemonset when to getReplicasFromRuntimeObject when cleaning objects in e2e

* Allow AWS EBS volumes to be attached as ReadOnly.

* Increase the timeout when waiting for the job to be gone

* use subtest for table units

* use subtest for table units

* remove unnecessary factory delegation for RESTClientGetter method

* Fix GKE Regional Clusters upgrade tests

* kubeadm: Use loadPodSpecFromFile instead of LoadPodFromFile

* UX improvement for preflight check for external etcd client certificates

* Fix bug with scheduler throughput variable pass-by-value

* e2e/storage: central argument handling

* print nodes for those metrics is somehow unreachable

* move filename flags to genericclioptions

* move resource builder flags to genericclioptions

* Update generated files

* apiextensions-apiserver: add columns to CRD spec

* fix azure file size grow issue

* Add myself, Micah to reviewers

* Don\'t reset global timeout on each for loop iteration

* Remove Generators from Factory

* move scaleClient from factory

* raised version tag to 2.1.0

* updated fluentd in fluentd-es-image to version 1.2.1

* ccm: recognize InstanceNotFound from InstanceID

* Restore InstanceNotFound comment & logic

* use subtest for table units (pkg/kubectl)

* collapse into one factory

* kubeadm: do not use --admission-control for the API server

* Improve the help of kubeadm completion

* Wait for PODs ready after scale up

* Run cluster-autoscaler+GPU e2e tests for all gpu types

* bump(github.com/evanphx/json-patch): 94e38aa1586e8a6c8a75770bddf5ff84c48a106b

* generated

* POSTing rollback returns deploymentstatus

* Remove unused limit writer.

* [gce provider] Update auto-generated codes

* [gce provider] Add more wrapper for securiti policy

* Adding a shutdown script that would enable handling preemptible VM terminations gracefully in GCP environment

* Fix nodeport repair for ESIPP services

* Fix DsFromManifest() after we switch from extensions/v1beta1 to apps/v1 in cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml.

* remove gce_address_fakes.go from BUILD file

* Remove some unnecessarily gendered pronouns in comments

* mocks must return true in order to trigger err

* use fakeGCECloud instead of gce address fakes

* Remove initializer test Initializers are alpha, broken and a subject for removal. They don\'t work well with finalizers and the previous hack present in deployment and replicaset reapers was just hiding this problem.

* Handle DaemonSet removal the old way

* Remove kubectl reapers

* Remove feature tags from e2e test for resize

* Fix breaking volume resize e2e tests

* Move volume resizing to beta

* Prepulls images by default

* fix parsing \'crictl pods -q\' output

* disable PersistentVolumeLabel admission controller by default

* remove CrictlChecker from preflight checks

* Should use `hostProcMountinfoPath` constant in nsenter_mount.go.

* Ensure that only IPs are used as node addresses in OpenStack LBs

* Revert \"Change default min-startup-pods value\"

* Measure scheduler throughput in density test

* Move Ceph server secret creation to common code.

* fix toleration validation invalid error

* Update feature warning for log rotation flags.

* simplify else

* fixChineseTranslation

* Rename and add unit test for ImageSizes

* HandleError include the type of the error object

* Move SuggestedPodTemplateResources from factory to set_resources

* Fix hasClusterTag to actually get behavior we want

* Update nvidia-gpu-device-plugin to apps/v1 and use RollingUpdate updateStrategy.

* fix space-vs-tab indent on comment line

* Pull gke-exec-auth-plugin binary on Nodes

* Resurrect lost log line

* Remove signal handler registration from pkg/kubelet

* kubeadm: rename the `kube-dns` phases addon

* MapString
* should return empty string for String() when null

* Updating images for nginx

* Use default seccomp profile for flutend-elasticsearch addon

* Use default seccomp profile for DNS addons.

* graduate DynamicKubeletConfig feature to beta

* Run hack/update-all.sh

* Expose openapi schema to handlers

* Update version of k8s.io/kube-openapi

* Format

* Fix issue 64119.

* add PST to main SECURITY_CONTACTS as formality

* fix describer tests

* move Describer from factory

* Trigger function for secrets

* update manifest

* apiextensions: cleanup test/integration helpers

* apiextensions: unify multi- and mono-versioned test helpers

* pv_controller change for provisioning

* Add dynamic provisioning process

* cache update for dynamic provisioning

* Add reason message logs for non-exist resources

* apimachinery: remove unused UnstructuredObjectConverter

* replace `__internal` with runtime.APIVersionInternal

* resourcequota return StatusError when timeout

* Always masquerade node-originating traffic with a service VIP source ip

* Fix Windows CNI for the sandbox case

* Add unit tests for findRule()

* Add verbose logs for azure cloud provider

* Check LoadBalancingRulePropertiesFormat for azure load balancers

* Move unrelated methods from the factory to helper

* Optimize the lock which in the RunPredicate

* fix bugs that break processing when printing errors occur in kubectl

* fix kubectl set subject --all option invalid bug

* add metadata to kubelet eviction event annotations

* Update function hasClusterTag to fix issue #64230

* kubeadm: Improve the kubelet default configuration security-wise

* Update dashboard OWNERS

* conformance: normalize the test names

* Moving Regional PD e2e tests to regular test suites

* apiextensions: reduce verbose logs in removeDeadStorage

* apiextensions: make CreateNewCustomResourceDefinition return created CRD

* Explictly enable cgo when building kubectl for darwin from darwin

* Add KUBE_CGO_OVERRIDES env var to force enabling CGO

* prevent zero for leader election timeouts

* Do not use DeepEqual to compare slices in test.

* autogenerated

* kubeadm: Refactor the .Etcd substruct in the v1alpha2 API

* Update generated files

* Add clarification for GA in Version Priority sorting

* add test: verify kubelet.config.Restore only happen once

* apiextensions: extract orthortogonal behaviour from nopConverter

* move rollbacker from the factory

* move Pauser and Resumer from the factory

* move more CanBeExposed from factory_client_access

* do some code clean for cloud-controller manager

* Nsenter unit tests

* Pass Nsenter to NsenterMounter and NsenterWriter

* Created directories in /var/lib/kubelet directly.

* Split NsEnterMounter and Mounter implementation of doBindSubpath

* Refactor doBindSubPath into smaller functions:

* Change SafeMakeDir to resolve symlinks in mounter implementation

* Enhance ExistsPath check

* Allow EvalSymlinks target not to exist.

* Add GetMode to mounter interface.

* add missing flag for kubeadm config images pull command

* Use DeleteOptions.PropagationPolicy instead of OrphanDependents (deprecated) in kubectl

* Fix incorrectly set resource version in List

* Remove unused parameter (pod)

* should not ignore err when convert controllermanagerconfiguration api

* Validate cgroups-per-qos for windows

* Fixes fsGroup check in local volume in containerized kubelet. Except this, it also fixes fsGroup check when volume source is a normal directory whether kubelet is running on the host or in a container.

* Correctly identify types served in the kube-apiserver openapi doc

* add colon separators to improve readability of test names

* fix the e2e node helpers that let tests reconfigure Kubelet

* re-reorder authorizers (RBAC before Webhook).

* Add warnings about cache invalidation.

* autogenerated

* kubelet: Move RotateCertificates to the KubeletConfiguration struct

* extend configmap tests to include CoreDNS

* add dynamic config metrics

* Generated files

* CRD versioning with no-op converter

* Do not bypass same version unstructed conversion if it is a list

* CRD versioning validation and defaulting

* CRD versioning - types change

* e2e/auth: Expect apps/v1 Deployment calls in audit test.

* Set explicit labels/selector for apps/v1 Deployment/RS.

* test/integration: Use apps/v1 Deployment/ReplicaSet.

* test/e2e: Use apps/v1 Deployment/ReplicaSet.

* kubectl: Use apps/v1 Deployment/ReplicaSet.

* Use apps/v1 in Deployment controller.

* Stub out BackendService check in Ingress upgrade test.

* Add Logf message for skipped succeeded pods

* Remove some completed TODOs

* move f.Command out of the factory

* log bad format git version

* remove portsforobject from factory

* add a discarding printer for testing and delegation

* generated

* add wait

* generated

* switch rbac to external

* ipvs lb local session affinity

* Added unit tests to sample-controller

* Simplify the volume util by v1helper.

* Create nsenter OWNERS

* Allow env from resource with keys & updated tests

* add volumeName in getVolumeSpecFromGlobalMapPath

* e2e: Remove flaky from CSI E2E test

* autogenerated

* kubeadm: Write kubelet config file to disk and persist in-cluster. Also write runtime environment file and fixup the kubelet phases command

* test/e2e/common: Add NodeFeature or NodeConformance tags

* kubectl use its own logs

* auto generated file

* load kernel modules required by IPVS in kubeadm

* Rename Du() to DiskUsage() for more expressive

* convert Duration into seconds by go library function

* fix kubectl get --show-kind

* test/e2e/common: add NodeConformance tag to all Conformance tests

* generated

* test/e2e_node: Add NodeFeature tags to non-conformance tests

* Re-tag benchmark tests

* test/e2e_node: mark more tests with [NodeConformance]

* test/e2e_node: Add Node-exclusive feature tags to existing tests

* test/e2e_node: Add [NodeConformance] to tests tagged [Conformance]

* mark ServerAddressByClientCIDRs as optional

* move updatepodspecforobject out of factory

* kubeadm-upgrade: add unit tests for the diff command

* kubelet: fix checkpoint manager logic bug on restore

* kubeadm-upgrade: small improvements to diff

* remove LabelsForObject and ResolveImage from factory

* Update CHANGELOG-1.9.md for v1.9.8.

* correct test logging package stackdrvier -> stackdriver

* move PrintOptions to genericclioptions

* remove API dependency on printers

* When creating ext3/ext4 volume, pass -m0 to mkfs in order to disable the super-user-reserved blocks, which otherwise defaults to 5% of the entire disk.

* changed the default value for allow-privileged for the kubelet (kubernetes-worker) based on new standard for 1.10 release

* dynamic Kubelet config reconciles ConfigMap updates

* Update bazel

* Fix running e2e tests with completed kube-system pods

* Add compatibility tests

* remove unused gc code

* Update CHANGELOG-1.10.md for v1.10.3.

* Add docstrings

* Add optional flag of node port range

* add block device support for azure disk

* Update verbose level for kubectl test

* kubeadm: Remove .ImagePullPolicy

* autogenerated

* kubeadm: Remove .AuthorizationModes in the v1alpha2 API

* add formatAndMount unit test on Windows

* Don\'t support marshalling using the v1alpha1 version in kubeadm v1.11

* Update bazel

* Fix cyclic dependency of apiserver test for OpenAPI test

* Dump Stack when docker fails on healthcheck

* remove one duplicated unit test

* Kubelet config: Validate new config against future feature gates

* Generated files

* Sort API Services by Kube-Version order

* Fix error message in Equalities.DeepEqual

* kubeadm: APIServerExtraArgs should override defaultArguments

* Bump grpc max message size for docker service

* autogenerated bazel

* Add testdata that supports the unit tests testing the kubeadm API types

* Add roundtrip, defaulting, upgrading and validation unit tests for the kubeadm API types

* generated

* Add GET PATCH support for two /status:

* Raise error on duplicate name in kubeconfig

* remove knob of equiv class in perf test

* Fixing wrong unit test naming

* Use Dial with context

* Refactor test utils that deal with Kubelet metrics for clarity

* sort on non-tabular output

* Fix TestSchedulerWithVolumeBinding to avoid setting predicate ordering. It is causing data race condition as predicate ordering is changing global variable predicatesOrdering. Infact this test does not require any special predicate order and should work on default predicate ordering as far as VolumeScheduling feature is enabled.

* Graduate CRIContainerLogRotation to beta

* move additional methods from factory

* remove unused code of (pkg/scheduler)

* fix event ref determination for apigroups

* Add environment variable to control truncating backend.

* Tolarate negative values when calculating job scale progress

* uses a more resilient way to get branch name from version

* kubeadm: crictl reset commands fixes

* Add SELinux support to CSI

* kubectl: add aggregation rule support to clusterrole

* Allow for system metrics discovery in Custom Metrics - Stackdriver Adapter test

* kubeadm: Restrict imports from pkg/client/clientset_generated/internalclientset

* kubeadm: Add local copy of LeaseEndpointReconcilerType

* Handle TERM signal to reduce pod terminating time.

* new event exporter config with support for new stackdriver resource types

* fix formatAndMount func issue on Windows

* [e2e ingress-gce] Implement Skip() for ingress upgrade test

* auto generated file

* modify kube-controller manager config struct to adapt option change

* modify cloud-controller manager config struct to adapt option change

* [kube-controller manager]get rid of GenericControllerManagerOptions sub-struct

* [cloud-controller manager]get rid of GenericControllerManagerOptions sub-struct

* remove kube-proxy and kube-scheduler from pkg_kubectl_cmd_util_CONSUMES_BAD group

* Update ipvs docs --- check the prerequisite

* kube-proxy should not depend on kubectl

* construct a new CloudControllerManagerConfiguration struct for cloud-controller manager

* gce provider: point to hack/update-cloudprovider-gce.sh in doc

* gce provider: add wrapper for security policy

* autogenerated

* Only override objects from informer when version has increased. Add more logging and tests to volume scheduler.

* move type setting into an optional layer above normal printing

* add protection for missing apiversion so we never serialize a bad object

* remove versioned printer

* Add kubernetes license to credential manager

* Add unit test for secrets flag in config file

* Add secrets flag in vcp config and modify vcp to use nodemanger connect method

* Modify nodemanager to use credentials from secret

* Add credentials manager unit test in vSphere Cloud Provider

* Add credentials manager in vSphere Cloud Provider

* Add update credentials function in vclib

* add myself as an approver in various auth related directories

* Bumping nginx ingress image to latest

* Wait for pod deletion instead of termination

* kubeadm - fix upgrades with static pod etcd

* pkg: kubelet: remote: increase grpc client default size

* Add a \'kubeadm config print-default\' command

* Move all logic for NodeConfiguration unmarshal to the dedicated package

* autogenerated files

* Cluster Autoscaler 1.2.2

* increase timeout in TestCancelAndReadd

* autogenerated

* kubeadm: Remove the never-used .Etcd.SelfHosted field

* kubeadm: Avoid unneeded dependencies by not using GetFlagString

* start splitting polymorphic functions out of the factory

* fix error tests due to version bumping of etcd and supported k8s

* Bump etcd version based on k8s version to 1.10.X => 3.1.12, 1.11.X => 3.2.18, 1.12.X => 3.2.18

* Remove v190alpha3

* Rename v180AndAboveKubeDNSDeployment to KubeDNSDeployment

* remove v190 from kubeadm in v1.11 cycle

* Update kubeadm\'s minimum supported kubernetes in v1.11.x to 1.10

* update factory interface to overlap with lower RESTClientGetter

* kubectl: fix Flatten() when used without Latest()

* Add GetSELinuxSupport to mounter.

* WatchingSecretManager

* Refactor ConfigMapManager

* fix little bug in kube-scheduler options

* Add a way to pass extra arguments to etcd.

* Fix SkippedPaths

* Add Pod stats for Windows containers

* Init ipvsInterface only when ipvs modules are present

* Add fs status for Windows containers

* Add log stats for Windows containers

* update bazel

* remove request context.WithUID

* Kubernetes version v1.12.0-alpha.0 openapi-spec file updates

* Add strategy description for \'kubectl describe sts\' command

* Fix PDB preemption tests.

* test clusterip

* check for NEG healthcheck with correct name

* Generated docs

* Add a `kubeadm upgrade diff` command

* Extract connection rotating dialer into a package

* diff: Fix broken `Local()` logic

* bzl: cleanup some no longer need visibilities

* Bazel artifacts

* Adds a kubeadm config images pull command

* Additional test coverage for kubectl/cmd/cp

* move ConfigFlags to pkg/kubectl/genericclioptions

* autogenerated

* kubeadm: Remove the .PrivilegedPods configuration option

* kubeadm: Remove the .CloudProvider configuration option

* storageclass can be in annotation and spec

* Ignore golint failure for v1alpha2, as the failing code is autogenerated

* Remove e2e test for cAdvisor running in the kubelet, as it\'s deprecated and gonna be removed

* Add initContainers into completion suggestions for kubectl logs/attach

* autogenerated

* autogenerated move to reference the v1alpha2 API inside of kubeadm

* Refactor cache based manager

* Change default min-startup-pods value

* kubeadm: Register and support loading the v1alpha2 API types

* kubeadm: Add duplicated v1alpha2 API types

* Auto-calculate allowed-not-ready-nodes in test framework

* Enable checking whether ipvs modules are built-in or not

* Setup dns servers and search domains for Windows Pods

* abstract duplicated code in ipvs proxier

* Revert enable PodPreset admission and also enable settings.k8s.io/v1alpha1 api resource

* Revert \"Openstack: register metadata.hostname as node name\"

* Revert \"Split out the hostname when default dhcp_domain is used in nova.conf\"

* Revert \"Specify DHCP domain for hostname\"

* gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup

* Remove unnecessary roundtripping in get.go

* Autogenerated code

* Fix fakeclient List

* Update CHANGELOG-1.8.md for v1.8.13.

* remove single use, non-polymorphic helpers from factory

* Move to a structured status for dynamic Kubelet config

* kubeadm - set CoreDNS FeatureGate to true by default

* bump coredns to GA in kubeadm

* Prevent nodes from updating taints

* apiextensions: only create patch reference object for smp path

* Disable the public cadvisor port by default

* Typo fix in the returen message: dynamicly->dynamically

* update bazel

* vSphere Cloud Provider: update vmware/gomvomi godeps

* vSphere Cloud Provider: add SAML token authentication support

* NFS support for default storage

* make TestGetServerGroupsWithTimeout more reliable

* Change JSON letter case in tests

* Use runtime/default as default seccomp profile for unprivileged PodSecurityPolicy

* Rebase and backward compatibility

* kubeadm preflight check for IPv4 and IPv6 forwarding

* autogenerated bazel

* generated

* stop generating service deletecollection

* Minor fixes for kubeadm reset

* Decrease default node schedulable timeout in e2e framework

* kubeadm: Handle config loading only in one place, and only use the internal version of the API internally. Fix bugs

* restore old cached client behavior

* move cached_discovery to client-go/discovery

* Fix bootstrap roles to allow list/watch secrets/configmaps from nodes

* Requires single name for list and watch

* scheduler: remove nested retry loops

* Revert \"Revert \"scheduler: align with ctrl-managers and apiservers, add https+auth in options\"\"

* Clean stackdriver sinks when reached limit

* Add comments for ipset entries in kube-proxy - fix

* fix ut

* pass stop channel to node-controller

* Still use `docker ps` for docker health monitoring.

* Enable CUSTOM_INGRESS_YAML to replace the glbc manifest

* Add option to control SSL chain completion

* Adding details to Conformance Tests using RFC 2119 standards.

* cleanup kubectl apiresources

* kubeadm - fix external etcd upgrades

* Support kubeadm upgrade with remote etcd cluster

* Build files generated

* Switch to beta

* Update e2e to use priorityClass beta

* Actually support service `publishNotReadyAddresses`

* Refactor kubeadm config list-images

* remove decoder from name printing

* kubeadm: Contact the kubelet on its healthz port 10248 instead of its readonly port

* Sort arguments before joining them, for reproducible return string

* print result object from kubectl taint correctly

* apiserver: Fail if dry-run query param is specified

* Remove layer:status per review

* Update status handling and retry network status poking, per review

* autogenerated bazel

* Stop installing kubeadm types in the generic, legacy scheme

* check for new backend naming scheme

* kubeadm: Use the API machinery for marshalling

* client-go: remove dep on pflag

* Retry certificate approval on conflict errors

* Add e2e test to verify that GPU pool is not scaled up if GPUs are not requested by pods

* kubeadm - do not generate etcd ca/certs for external etcd

* switch to versioned objects only for set

* Track number of registered watchers in apiserver

* remove unused PrintFlags.Scheme

* [prometheus addon] Add filter on image in tests to remove pod timeseries

* Rename kubeadmapiext to the more explicit kubeadmapiv1alpha1

* e2e/storage: parameterize container images

* apiextensions: normalize CR validation to return multiple errors

* fix review comments

* Update error indicating unexistent checkpoint

* Make cpuManagerCheckpoint exported

* Add comments to MockCheckpoint functions and gofmt

* Tweaks

* Add tests

* Migrate cpumanager to use checkpointing manager

* use subtest for table units (pkg/printers)

* simplify code and add unit test for NotReady taint

* fix missing flag value bindings in kubectl

* Avoid copying aggregated admin/edit/view roles during bootstrap

* Control exactly what we use in kubeadm

* Generated

* Move scheduling api to beta

* register client-go auth plugins for e2e

* Adds initial Korean translations for kubectl

* Removed unused namespace in UT helper func.

* kubeadm-init: update note about failing containers

* validation: improve ProjectedVolume validation errors

* validation: allow multiple errors in Volume validation test

* Fix bad sleep - int as duration

* Added documentation of how client-go interfaces with custom controller code

* Tests for kubeadm marshal utilities

* Generated artefacts

* Deprecate photon cloud provider

* fail printing on internal obj

* Use apimachinery for serialising kubeadm MasterConfiguration

* Update generated artefacts

* log error for os.NewComputeV2

* Revisit the OWNERS file for kubeadm

* fix dynamic client name

* Move uncordon to after the node is ready

* generated

* Add GET PATCH support for crd status

* Add InstallPathHandler which allows for more then one path to be associated with health checking.

* Add support for GCP charm

* Fix kubectl auth can-i exit errcode

* Revert \"authz: nodes should not be able to delete themselves\"

* move old dynamic client to deprecated-client

* add subresource support for the dynamic client

* update describer to use dynamic client

* fix typo

* Remove int support from json patches

* Add comments for ipset entries in kube-proxy

* [fluentd-gcp addon] Pass region in seperate field

* fix typo: peirodically->periodically

* Update generated bazel

* Use simple cache instead of LRU

* enhance leaderelection code

* sample-apiserver admission wait for informer sync before serving

* Reuse existing CA cert path for kubelet certs

* kubeadm - add preflight warning when using systemd-resolved

* Update comments and UT to remove /66 restriction

* Add Patch method to GA Backend Services

* Add \'system-cluster-critical\" to kubeadm control plane pods.

* remove legacyscheme dep from printFlags

* Add cluster autoscaler tests for pods requiring GPU

* Add framework.GetReadyNodesIncludingTaintedOrDie

* Add way to request GPUs in tests via RCConfig

* move resource builder to generic options

* cleanup TODO comments from PrintFlags wiring

* Basic E2E tests for kubeadm

* fix message output for import verifier

* remove kube/kube deps from resourcebuilder

* Adds kubeadm images command

* Bump down to cos-stable-65 in config-test

* wrap restclientgetter with match version option

* construct resource.Builder from kubeconfig flags

* update generated files

* Promote CustomResourcesSubresources to beta

* Make node restriction admission pod lookups use an informer

* Make discovery refresh period less aggressive

* use subtest for table units

* Remove 20x factor in garbage-collector qps

* 6capiextensions: handle CRD conflict errs in integration tests

* Cleanup DaemonSet after each integration test.

* remove unused variables on pkg/controller/serviceaccount/serviceaccounts_controller_test.go pkg/controller/endpoint/endpoints_controller_test.go

* kubeadm-init: add details about --token

* Use absolute path for KUBECTL default in local up cluster

* Make aggregator e2e test resilient to unrelated API group changes

* Collapse memcached discovery client onto parallelized discovery method

* test: allow etcd to run on other ports.

* kubeadm: add test coverage to completion.go

* kubeadm: add GetSupportedShells() to completion.go

* category expansion can only come from the server

* move category expansion types to restmapper package

* Uncordon the node after upgrade

* Remove ExtraArgs kubeadm preflight check

* Improve coredns upgrade path

* Rename Add/Delete to
*Reference

* Improve where we load builds from for kubeadm upgrade jobs

* Refactor cachingSecretManager

* push ToRESTMapper down a layer

* don\'t block e2e namespace cleanup checks on metrics.k8s.io API group

* e2e: add a tooling argument to differentiate tooling

* Fix typo in envelope transform error message

* Make taint behavior consistent, taint node with NotReady:NoSchedule

* clean unused code in restmapper_test.go

* Run FSGroup tests by default.

* apiextensions: allow \"required\" at root with status subresource

* Fix issue #63183 that pods on different nodes mount Ceph RBD PVC stuck on ContainerCreating.

* Fix iSCSI and RBD UnmountDevice with mount containers.

* add SetMaxResource for Resource

* scope AWS LoadBalancer security group to spec.loadBalancerSourceRanges

* Fix unit tests for new interfaces

* Do not check vmSetName when getting node IP

* Run resource discovery in parallel

* fix a small mistake in function getFieldMeta

* Add test about host path type

* add IsLikelyNotMountPoint test on Windows

* generated

* Bump kube-openapi dependency

* Fix cgroup names in node_container_manager_test.

* eviction test ensures failed pods are evicted

* explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap

* simplify api registration

* generated

* Build image size map upon node info updates

* Push fat manifest for multi-arch images

* should return error when has no RequestInfo

* use IOStreams for cli commands

* generated

* move client based restmappers to client-go

* stop pretending that we have statically known shortcuts

* adding support for VM name with extra Separator String

* [CustomResourceSubresources] fix status subresource

* cleaning up load balancer resources

* Bump Heapster to v1.5.3

* Refactor hard code in rest_test.go

* fix IsLikelyNotMountPoint func on Windows

* Deprecate in-tree OpenStack cloud provider

* [e2e ingress-gce] Change ingress-upgrade test to not check for number of instances

* add memcg notifications for allocatable cgroup

* workspace mirror: add trailing newline to urls list

* run buildifier on build/workspace_mirror.bzl

* rm GetStandardPrinter

* remove printer helpers

* fix typo

* Close all kubelet->API connections on heartbeat failure

* Always track kubelet -> API connections

* Apply pod name and namespace labels for pod cgroup for cadvisor metrics

* Improve test coverage of Kubelet file utils

* Enable GCE/GKE e2e tests for GlusterFS Dynamic Provisioner.

* default the ignorenotfound for delete when selecting objects

* vsphere: update bazel

* vsphere: fallback to vcsim for testing authentication

* Rename VSphereConnection.GoVmomiClient -> Client

* vsphere: use vim25.Client directly to support token authentication

* Add support for arm64 to the registry action of the kuberntes-worker juju charm.

* update garbage collection to use the new dynamic client

* when get CRD resources with --server-print=true the output looks like:

* remove redudant runtime.GOMAXPROCS

* Cleanup Pods in TestNominatedNodeCleanUp.

* fix ipvs fw

* Check nodeInfo before ecache

* fix annotation of APIGroupInfo

* Don\'t panic is admission options is nil

* remove repeated code

* Use IP_ALIAS_SIZE to calculate and update IP_ALIAS_SIZE. Error added when ip-alias is not enabled when IP_ALIAS_SIZE is not empty.

* wire config flags through factory

* Add conversion to properly parse query parameter propagationPolicy

* begin building a config flags struct

* Add MAX_PODS_PER_NODE env allowing kubelet to be max-pods aware.

* cleanup eviction events

* Add host path type in kubeadm config

* udpate some examples to use external types

* simplify resource builder usage

* change deprecated Kubelet --allow-privileged flag default to true

* Update autogenerated files.

* Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type.

* compute configmap/secret key correctly cross-platform

* slim down printer interface

* Fix bash completion with --all-namespaces

* Switch kubectl resource completion to discovery

* Fix typo in volume_stats.go

* use new dynamic client

* Fix CSI volume detach when the volume is already detached.

* fixed golint error on redundant if

* fix fake clients and unit tests

* use new azure clients

* cleanup unnecessary channels in azure clients

* Allow api-resources to return cached data

* Make ServerPreferred[Namespaced]Resources logic and caches consistent

* Collect logs for health monitor services.

* Install and use crictl in gce kube-up.sh

* Update to go1.10.2

* Update to latest Gophercloud

* Pass certificate URLs instead of the certificate structs

* Revert \"scheduler: align with ctrl-managers and apiservers, add https+auth in options\"

* Allow fetching bootstrap-kubeconfig from VM metadata

* Fix e2e \"When checkpoint file is corrupted should complete pod sandbox clean up\"

* [Device-Plugin]: Extend e2e test to cover node allocatables

* don\'t block creation on lack of delete powers

* dep: run godep save again

* use TempDir func in mount_windows_test.go

* stop using Info.Mappings when they may not be present

* remove unnessary kubectl conversions

* PR #62903 changed error string GetMountRefs() returned, which broke test `should fail due to non-existent path`. Remove error string check to fix test.

* Use default seccomp profile for addons

* Make openapi spec generation wait for the apiserver on shutdown

* Let the kubernetes service reconciler timeout on shutdown

* Update error assertation

* apiserver: change default reconciler to LeaseEndpoint

* run ./hack/update-bazel.sh

* modify outdate link

* Revert \"apiserver: change default reconciler to LeaseEndpoint\"

* juju: Make kubernetes-master status handling more robust

* don\'t reuse resource builder in describe

* ensure diff output includes the portion that differs

* Maintain index of high-cardinality edges in node authorizer graph

* clean up vertex/edge deletion

* Decorator for Create should be called on out, not obj

* Update CHANGELOG-1.11.md for v1.11.0-alpha.2.

* Add metric for throttled requests in AWS

* add some comment message

* iptables: add timeout when checking rules

* dep: upgrade k8s.io/utils

* Use the logging agent\'s node name as the metadata agent URL.

* Add necessary explanation for container log rotation.

* add UT test to PolicyRuleBuilder in file ./pkg/apis/rbac/helpers_test.go

* 1.fix kubectl get
* --all-namespaces namespace miss error 2.also add a test case modified: pkg/kubectl/cmd/get/get.go modified: hack/make-rules/test-cmd-util.sh

* not expose object detail when creating TokenRequest

* Add more volume types in e2e and fix part of them.

* Bump kube-openapi dependency

* Implements distributed OIDC claims.

* WIP: Correct kill logic for cgroup processes

* Ratchet to bazel 0.13.0+

* update restmapping to indicate fully qualified resource

* adds support for arm64 to microbot example of the kubernetes-worker charm

* Expand ability of ResourceID

* kubelet: volume: do not create event on mount success

* gcp: allow non-bootstrap kubeconfig

* update tests to be specific about the versions they are testing instead of floating

* remove rootscopedkinds from groupmeta

* Use a []string for CgroupName, which is a more accurate internal representation

* add test for sparse version encoding/decoding

* get the resource.Info out of the conversion business

* update etcd to skip kinds, not resources so we can use a live mapping

* acknowledge that creation of a restmapper can fail and that we cannot have a default

* remove incorrect static restmapper

* gce: plumb --kubelet-certificate-authority flag to apiserver

* kubelet: fix warning message to not print pointer addrs

* kubelet: force filterContainerID to empty string when removeAll is true

* GCE PD plugin now prevents attaching a regional PD PV with pdName of a regular PD

* Fix pkg_rpm rules for bazel 0.13+

* Remove unused code

* remove unnecessary encoder

* Remove Factory from more Run commands

* Remove event recorder TODO

* Add set image test for sparse API group resource

* Revert \"fixtodo:validate events on PVCs in integration volume binding test\"

* Return attach error to A/D controller.

* Add version/group usage and example to kubectl get

* apiserver: change default reconciler to LeaseEndpoint

* fix commands running crictl

* Generated artefacts

* Capitalize acronyms in AWS metrics-related code

* add fake dynamic client

* make dynamic client slightly easier to use

* [prometheus addon] Fix missing storage class in alertmanager PVC

* clean unused variables

* Update bazel

* scheduler: add https+authn+authz to options, set to nil for now

* scheduler: align plumbing with controller-manager and apiservers

* controller-manager: unify address flag description to listen on all interfaces

* controller-manager: make InsecureServingOptions/Config re-usable

* run make update

* Fix fake clients and unit tests

* Use new Azure SDK APIs for load balancer and public IP operations

* Fix panic for attaching AzureDisk to vmss nodes

* Rename func to ensureNodeExistsByProviderID

* Supported matchField for NodeAffinity.

* move pkg/scheduler/util/testutil.go to pkg/scheduler/testing

* remove format operation in WaitForAttach

* Add RESTMapper to ControllerContext and make it generic for controllers

* fixup! Make scheduler cache generation number monotonic to avoid collision

* Make kubelet `ReadLogs` backward compatible.

* Hide EquivalenceCache mutex from users.

* Rename exported methods on EquivalenceCache.

* Simplify logic in podFitsOnNode.

* Remove predicateResults map from podFitsOnNode.

* Add RunPredicate to EquivalenceCache.

* Deprecate repair-malformed-updates flag, move object meta mutation into BeforeCreate

* Make scheduler cache generation number monotonic to avoid collision

* Use cloudprovider.NotImplemented in AddSSHKeyToAllInstances

* Report node DNS info with --node-ip

* finish wiring PrintFlags

* master count and lease endpoint tests

* remove self linker from group info

* Add name output and verb filtering to api-resources

* replace filepath with path due to pre-formatted volumeName

* divide statically known typer from dynamically derive restmapper

* Move path management from e2e_node to common test/utils directory

* Generated artefacts

* Bump QPS on namespace controller

* remove unnecessarily flexibiliy to simplify the resource builder

* apiserver: document how to run sample-apiserver standalone outside the cluster

* stop anonymously including types in resource struct so we can track usage

* remove versioning interface

* Update CHANGELOG-1.10.md for v1.10.2.

* fix curl header

* add accept for ipvs

* Fix ensure by provider id

* Update pvc_protection_controller.go

* fix bug in dynamicResourceClient.UpdateStatus should encode

* clean duplicate test function

* make use of simple dynamic client in test

* This bring up a heketi server pod and the server will be running in mock mode, the PVC creation should work, however the volume attachment to a pod and read/write is not part of this test. Due to the same reason the tests are marked as [fast].

* Also update CRI to indicate runtimes should not update empty CIDR

* Check CIDR before updating node status

* Simplify vmset acquirement logic

* Collapse onto request scope convertor

* Fix govet error

* kubelet: logs: do not wait on following terminated container

* Fixes fake client generation for non-namespaced subresources

* passthrough readOnly to subpath

* Add myself to sig-scheduling maintainers/approvers list.

* remove unnecessary else clauses

* kubeadm-token: search for existing kubeconfig files

* tighten .Info for kubectl to avoid unpredictable conversion

* rest mappings cannot logically be object converters

* Add other prometheus monitoring components

* Enable bypassing online checks in kubeadm upgrade plan

* generated

* stop duplicating preferred version order

* update describe command opts struct

* remove hardcoded list of resources

* remove KUBE_API_VERSIONS

* Correctly override args with APIServerExtraArgs

* Add level to remote client glog.

* add checks validation MinRequestTimeout of ServerRunOptions

* Improve Azure disk operations for vmas and vmss

* Remove incomplete uint64 support from JSON unmarshaling

* kubectl should not have a direct code dependency on controllers

* Add tests for resourceVersion precondition failures on patch

* Do not schedule pod to the node under PID pressure.

* collapse patch conflict retry onto GuaranteedUpdate

* set updated replicas correctly in scale up, scale down scenarios as well

* set updated replicas

* Update vendors for client-go

* Use new clients in Azure Disk volume

* Use new clients in Azure credential provider

* Use new clients in azure cloud provider

* Upgrade virtualmachin/disk/storageaccount client to use new SDK

* Upgrade Azure Go SDK to v14.6.0

* Revert \"Revert \"Revert revert of equivalence class hash calculation in scheduler\"\"

* Limit access to core/api/v1 inside of client-go

* restclient should not depend on api/core/v1

* client-go should not take a dependency on the v1 api lightly

* report outputFormat in PrintFlags err

* kubeadm: accept \'Y\' and \'y\' as reset confirmation

* wire printflags through additional cmds

* wire PrintFlags through get cmd

* move \"get\" cmd pieces to cmd/get

* support simultaneous kubadm --v and --config

* Check for old NodeInfo when updating equiv. cache.

* Add IsUpTodate() to Cache interface.

* Test race condition in equivalence cache.

* Add pointer comments

* Create a go_bindata bazel macro

* Remove pkg/generated/bindata.go from the repo

* bazel: generate pkg/generated/bindata.go at build time

* Update provisioner to v0.2.1 container

* also fix the quick-release

* runhack/update-staging-godeps.sh

* Refactor the patch handler for readability

* Revert \"Revert \"gce: move etcd dir cleanup to manifests\"\"

* upgrade dep json-iterator/go to fix #62742

* [prometheus addon] Add readme

* generated

* core v1 API requires autoscaling/v1 to serve the Scale endpoint

* update code generator

* eliminate indirection from type registration

* add easy to use dynamic client

* update more commands for iostreams

* kubeadm: add test coverage to join.go

* kubeadm: use the helper NewValidJoin() in join.go

* kubeadm: prompt for confirmation when resetting a master

* Generated changes

* Revert \"gce: move etcd dir cleanup to manifests\"

* version typo fix

* refactor device plugin grpc dial with dialcontext

* Hack for testing until test-infra/pull/7846 merges

* remove useless alwaysAdmit in apiserver test

* update fluentd-elasticsearch addon

* Register Prometheus etcdmetrics only for apiserver

* Clean up and remove unused deps

* add warnings for docker-only flags

* mark APIServiceSpec.CABundle optional

* Added more UT for invalid case.

* -Remove TODO comment of GetNonzeroRequests function

* Fix race between stopping old and starting new endpoint

* avoid duplicate status in audit events

* Tag pkg_rpm rules as manual

* Fix discovery default timeout test

* Update libcontainer to include PRs with fixes to systemd cgroup driver

* Add field selector support to delete, label, annotate

* Remove examples directory

* Fix hpa-use-rest-clients help text

* Set names for OpenStack loadbalancer members and monitors

* dockershim/sandbox: clean up pod network even if SetUpPod() failed

* Fix qosReserved json tag (lowercase qos, instead of uppercase QOS)

* replace request.Context with context.Context

* [kubeadm] Fix Etcd Rollback

* [kubeadm] Add etcd L7 check on upgrade

* [kubeadm] Modify the kubeadm upgrade DAG for the TLS Upgrade

* [kubeadm] Update test-case, fix nil-pointer bug, and improve error message

* [kubeadm] Implement etcdutils with Cluster.HasTLS()

* gce: move etcd dir cleanup to manifests

* Support containerized kubelet in CI

* replace path with filepath

* Prepull etcd before an upgrade

* Fix IP_ALIAS_SUBNETWORK env var assignment in GCE setup

* Removed e2e test on empty NodeAffinity.

* bind externalIP and lb IP

* fix a error in serviceaccount validate. This error is a human-writing error. Small as it is, it could cause recreate Object validate through bug. This patch fix it.

* clean up unused code fakeRL in requestinfo_test.go

* Update CHANGELOG-1.8.md for v1.8.12.

* fixtodo:validate events on PVCs in integration volume binding test

* renable nodeipam in kube-controller-manager

* Bump minimum required go version to 1.10.1

* generated codes.

* Added MatchFields to NodeSelectorTerm.

* [e2e ingress-gce] Fix race condition for appending services and ingresses

* e2e: save raw profiles too

* Fix bash command for liveness probes in the metadata agents.

* Remove unnecessary typer from create/update handlers

* Add unit test for configure-helper.

* Fix scheduler Pod informers to receive events when pods are scheduled by other schedulers.

* Added test for scheduler informers

* remove confusing flexibility for metadata interpretation

* Make integration test etcd store unique

* Use BootID instead of ExternalID to check for new instance

* Bump kube-dns version for kubeadm upgrade

* Update upgrade/downgrade images for ingress-gce

* remove repeated resourceversion

* When bootstrapping a client cert, store it with other client certs

* juju: Use k8s.gcr.io url for arm64 ingress image

* Timeout on instances.NodeAddresses cloud provider request

* Remove METADATA_AGENT_VERSION config option

* Whitelist CronJob for kubectl apply --prune

* add warnings on using pod-infra-container-image for remote container runtime

* avoid dobule RLock() in cpumanager

* Support nsenter in non-systemd environments

* autogenerated files

* make API.ControlPlaneEndpoint accept IP

* PR #59323, fix bug and remove one api call, add node util dependency to cloud controller

* Fix dockershim e2e

* avoid calling Handles twice

* fix typo: mutating validating admission should be distinguished

* kubelet: fixup QOSReserved json tag

* [kubeadm] Implement ReadStaticPodFromDisk

* [kubeadm] fix mirror-pod hash race condition

* Add unit tests for gce loadbalancer internal.

* Fix upgrade to Kubernetes v1.9.3+

* Add a GCS mirror to WORKSPACE URLs. //hack:update-mirror updates it.

* Always Start pvc-protection-controller and pv-protection-controller

* authz: nodes should not be able to delete themselves

* provide standard iostream struct for commands

* kubelet: fix flake in TestUpdateExistingNodeStatusTimeout

* loopback webhook integration test

* Honor existing CA bundle and TLS server name in webhook client

* ensure tls server name is used in transport

* distinguish custom dialers in transport cache

* Ensure service routing resolves kubernetes.default.svc correctly

* Filter unavailable commands in help

* Deprecate kubectl rolling-update

* Set a default request timeout for discovery client

* Manage Metadata Agent Config with Addon Manager

* Change Capacity log verbosity in node status update

* remove uneeded discovery flexibility

* -Fix the name could cause a conflict if an object with the same name is created in a different namespace

* Add node authorizer contention benchmark

* Check all backends for vmss and standard instances

* remove useless variables in deviceplugin/types.go

* e2e test forwarding externalname dns lookup to upstream nameservers.

* aggregate objs before printing in apply cmd

* Only count mounts that are from other pods

* Fix ILB issue updating load balancers

* fix formatting for memcg threshold

* make describers more generic from the CLI

* Add CHANGELOG-1.11.md for v1.11.0-alpha.1.

* Add support to resize Portworx volume

* build/rpms: fix kubeadm rpm

* final record flag cleanup

* Change docker/default to runtime/default

* gcp: add env var to configure enabled controllers in controller-manager

* simplify the client cache

* wire print flags through apply cmd

* Exclude keys containing empty patches in the final patch

* Update CHANGELOG-1.9.md for v1.9.7.

* unpack dynamic kubelet config payloads to files

* Bring StorageObjectInUseProtection feature to GA

* Export RBAC validation functions

* reset resultRun to 0 on pod restart

* Remove InfluxDB from default cluster monitoring

* [Prometheus addon] Use StatefulSet

* Update github.com/stretchr/testify to v1.2.1

* kubectl stops rendering List as suffix kind name for CRD resources

* use recordFlags

* remove flags deprecated in 1.5

* Update all script to use /usr/bin/env bash in shebang

* read openstack auth config from client config

* fix ipvs delay on sync rules

* Add support of zero nodes in vmss

* [prometheus addon] Use secure kubelet port

* Add standard LB support to Azure vmss

* Move vmset checking back to vmsets

* Make pod status to \"Running\" if there is at least one container still reporting as \"Running\" status

* fix csi data race in csi_attacher_test.go

* Use shorter timeout if possible.

* check error when parse field failed

* regenerate fakes

* generate code that passes go vet

* Update upgrade message Fixes: https://github.com/kubernetes/kubeadm/issues/672

* Remove request context mapper

* Add awly as reviewer in several subtrees

* CSI test refactor to be more easily extensible for more plugins when there are more tests

* use record flags

* fix up record flags

* apiserver: move patch tests to their own file

* Add integration test for disable preemption

* autogenerated

* rename ExternaID to something that is obviously deprecated

* boring

* remove last usage of external ID

* wire pritnflags through run cmd

* kubeadm: Mount additional paths inside apiserver/controller-manager for working CA root

* Add volumenameprefix tests for glusterfs dynamic provisioner.

* we should use Infof when we are using format string

* Add k8s.io/apiserver/CONTRIBUTING.md

* [prometheus addon] Add OWNERS file

* ensure we delete orphaned routes with matching next-hops only

* fix error message of TokenRequest

* This patch add a new parameter called `snapfactor` to glusterfs storageclass. This is an optional parameter and value should fall into the range of 1-100. When set the thin pool calculation respect this snapfactor and create a thinpool accordingly.

* add metrics to cinder

* self sign certs when ServerTLSBootstrap is disabled

* clean up
*.properties files

* Report events to apiserver in local volume plugin.

* Auto generated BUILD files.

* Refactor kubeadm api validation.

* Lower UsageNanoCores boundary in summary api test.

* Fix extra-log flag for node e2e.

* Bump GLBC manifest to v1.1.1

* add AATTandrewsykim to OWNERS for cmd/cloud-controller-manager,pkg/controller/cloud,pkg/cloudprovider

* encapsulate IP counter in X, parallelize lb tests

* generated changes

* Add default generation tags

* Add contribex to github template owners

* Fix kubectl describe cronjob

* Fix NPD preload.

* Update kazel to include openapi tag detection fix

* Update generated bazel

* Add write-config-to to scheduler

* Link to vulnerabilitiy disclosure process from the issue template

* Remove unneeded deps from vendor

* Log webhook request error

* bzl: build --config unit should build with race enabled

* Use a dynamic RESTMapper for admission plugins

* Adding kube dns to kubemark

* fix route deletion

* Update addon manifests to use policy/v1beta1 and grant permissions in policy API group.

* Generated files

* sample-apiserver: add v1beta1 with advanced conversion example from v1alpha1

* wording

* Not validating front proxy CA Key when using External CA.

* Fix anti-affinity issue that caused a pod to be considered a match if any of the terms matched (as opposed to all terms matched)

* add CaoShuFeng as a reviewer of kube-apiserver

* fix \"kubectl create --raw\"

* remove PodPreset and enable scheduling.k8s.io/v1alpha1 for Priority

* Use filepath.Clean() instead of path.Clean()

* add generate file

* update comments for local volume

* allow user to scale default backends

* Addressed reviewer comments

* begin adding record flags struct

* add delete flags

* update delete, replace, run cmds

* Fix kubelet flags.

* Add binding error message for volumeMode:Block unsupported case

* Increase max requests inflight limits in gce for very large clusters

* Instrument transformer.go with latency metrics.

* kubelet: move QOSReserved from experimental to alpha feature gate

* Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver.

* remove parallel

* kubelet: add configuration to optionally enable server tls bootstrap

* Move podsecuritypolicy registry to policy package.

* Set kubemark default verbosity to 4

* Show deprecated kube-apiserver flags

* Capture API call logs from kubemark apiserver

* Autocalculate ALLOWED_NOTREADY_NODES based on NUM_NODES

* Add ConnectionReset, InternalError, etc also as retryable API errors

* Support groups (organizations) to be specified in client cert.

* Fix garbled code in kubeadm output

* add andyzhangx as Reviewer

* fix devicePath update issue in Azure WaitForAttach func

* Fix machineID getting for vmss nodes when using instance metadata

* Make \'pod\' package to use unified checkpointManager

* Node-level Checkpointing manager

* Fix use visible files creation for windows

* Allow a test suite reusing framework to register namespaces to delete

* Clean unused error type variable The function which invoked this variable was removed by https://github.com/kubernetes/kubernetes/pull/58725/

* Fix an issue in inter-pod affinity predicate that cause affinity to self being processed incorrectly

* fix some bugs inside csi unit test TestAttacherMountDevice

* Add test to ensure anti-affinity matches against all terms

* kubeadm preflight: check socket path if defined otherwise check docker

* Make x-kubernetes-print-column print handling opt-in

* 1.10 CHANGELOG: Fix supported etcd version comparison with K8s v1.9

* Prevent virtual infinite loop in volume controller

* Fix docker run flags and kubelet flags for containized kubelet:

* Removed no-empty validation of nodeSelectorTerm.matchExpressions.

* unhide deprecated Kubelet flags

* update godeps to use latest pflag

* Enforce not using newer kubeadm to upgrade older kubeadm

* Adds migrations to the kubeadm upgrade phase config

* update-bazel

* Add comments, t.Parallel()

* have fakeLoadbalancerService take lb type as argument

* tests for EnsureLoadBalancer, EnsureLoadBalancerDeleted

* refactor - create new apiService per test. encapsulate resource create/delete checks.

* Add GCE-PD CSI Driver test to E2E test suite

* Remove podpreset in local up cluster

* Add ability to specify port for kubeadm `API.ControlPlaneEndpoint`

* provision Kubelet config file for GCE

* sarapprover: remove self node cert

* Fix volume node affinity to OR node selector terms

* root OWNERS: escape backslashes

* Run hack/update-all.sh

* Add --ipvs-exclude-cidrs flag to kube-proxy.

* Update webhook client config docs regarding service ports

* kubeadm: Make kube-proxy tolerate all taints

* begin wiring printopts through complete commands

* Fixing FULL_REGISTRY assignment

* Init Kubelet runtime cache before dependent stats provider

* CSI - Apply fsGroup volume ownership when pv not readOnly

* Volunteer for local-up-cluster related files

* Include API calls in apiserver logs for tests

* Test e2e prometheus addon

* Add prometheus addon

* Disable pod preemption by config

* auto generated file

* Fix ingress util handling of TLS

* split up the component config into smaller config

* split KubeControllerManagerConfiguration into fewer options struct

* Node E2E: Remove the simple mount test

* Addressed reviewer comments

* Fix bug for headless services without ports

* Fix failed e2e tests for dns configmap.

* Move all create subcommands to its own subdirectory

* use standard interface functions for printers

* Use OWNERS filters to give approval to ixdy for Bazel build changes

* Add msau42 to approvers for volume scheduling

* cleanup resources created by run --rm

* Update CHANGELOG-1.10.md for v1.10.1.

* Remove clusterName flag, just use config file

* enable token auth for kubelets in GCE

* Fix duplicate comment in iptables rule for non-local public-port rule

* Remove unnecessary code in ingress upgrade logic

* Bump image in ingress downgrade test

* avoid race condition in device manager and plugin startup/shutdown

* local-up-cluster: fix kube-proxy featureGates configuration

* local-up-cluster: warn about failing processes

* local-up-cluster: avoid \"No such process\" messages when cleaning up

* make mikedanese owner of CertRotation features

* Update e2e test with private mount propagation

* Fix PodStore to wait for being initialized

* fix nsenter GetFileType issue

* Fix parsing timestamp in test

* Fix wrong usage of kubelet options

* Add private mount propagation to API.

* allow higher burst

* Cluster Autoscaler 1.2.1

* fix nodeport FORWARD chain

* fix kubeadm-731

* fixes failing job back off test

* Ensure expected load balancer is selected for Azure

* Improve performance of affinity/anti-affinity predicate

* Bump etcd default server version to 3.2.18

* Moved sync pod on Node logic to func.

* Add approver for pkg/controller/endpoint

* Explicitly set etcd --snapshot-count to 10000 to match etcd 3.2 default

* kazel: skip third_party/etcd.
*

* Increase CPU limit to 1000 millicores to support 100kb/s throughput.

* Bump GLBC version and remove Unreleased tag from tests

* godeps: remove github.com/kr/pty after #62360

* update bindata after #61817

* Refactor subpath reconstruction tests to use util test

* Fix flaky crd e2e tests

* Revert \"Bugfix for erroneous upgrade needed messaging in kubernetes worker charm.\"

* Remove hostNetwork and hostPID from nvidia-gpu-device-plugin manifest.

* Add e2e test for forwarding PTR records to upstream nameserver.

* optional field removed in test

* kuberuntime: logs: reduce logging level on waitLogs msg

* Set slave mount propagation for local provisioner

* add keys to unkeyed literals

* Remove the default clustername, and make it optional in api

* Add --cluster-name to kubeadm

* Update generated files.

* PSP: move internal types from extensions to policy.

* Update bazel BUILD files

* Move the kubelet network package down to dockershim

* Move hairpin mode logic to dockershim

* Remove outdated network plugin code

* autoscaler support for CoreDNS

* hack/test-update-storage-objects.sh: don\'t build a binary that the script doesn\'t use.

* kubeadm: surface external etcd preflight validation errors

* Fix subnet cleanup logic when using IP-aliases with custom subnets

* Revert \"git: Use VolumeHost.GetExec() to execute stuff in volume plugins\"

* fix custom resource definition validation

* Disable some newly added loadbalancer tests for large clusters

* Updated Readme for Azure (OIDC) auth provider

* add myself to apiserver owners

* Generate bindata through make

* Reorder makefile sections

* Don\'t support `go build` any more.

* Remove \'teststale\'

* Simplify static build, rely on go\'s cache

* Set GOCACHE (1.10) as a subdir of GOPATH

* kubelet: remove unused code

* Generated build files

* Add support for AWS charm

* Add basic generator for apps/v1 deployment

* pkg/kubeapiserver/options: update Bazel files

* oidc authentication: Required claims support

* gce: enable all apis when AllAlpha=true

* export unstructured helper function nestedFieldNoCopy and add unit tests

* Implemented truncating audit backend

* Enable CloudKMS Plugin deployment.

* Reimplement migrate-if-needed.sh in go

* A test we always skip should not be a conformance test

* CustomResources: in OpenAPI spec allow additionalProperties without properties

* add statefulset scaling permission to admins, editors, and viewers

* add UT test for rollout_pause.go file modified: pkg/kubectl/cmd/rollout/BUILD new file: pkg/kubectl/cmd/rollout/rollout_pause_test.go modified: build/visible_to/BUILD

* Move check and import

* local-up-cluster.sh: support preserving etcd optionally

* Auto generated BUILD files.

* Remove the use of storage class beta annotations in e2e tests.

* should use time.Since instead of time.Now().Sub

* add tests for GetFileType

* fix incompatible file type checking on Windows

* clean unused function modified: pkg/controller/volume/persistentvolume/scheduler_binder_test.go

* Remove isNotDir error check

* Create StorageClass for each volume binding test case

* Fix umask to actually intended behavior.

* Added CSI External Components ClusterRole to bootstrapped roles and removed creation from failing e2e test

* Update ingress.go

* Patch ingress upgrade test logic to take note of SNI support in next release.

* Fixes kubeadm upgrade plan output

* Addresses review comments

* Updating kubemci remove-clusters e2e test to check for error in output string

* Adding a release note in 1.10.0 for kubemci failure

* Add ingress e2e test for multiple TLS (SNI) support

* add myself for sig-cli related stuff as reviewer

* remove deprecated ObjectMeta ListOptions DeleteOptions

* Add note on upgrading cluster by kubeadm.

* update network policy describe

* Fix resize test for Regional Clusters

* Fix restart nodes tests for Regional Clusters

* Fix dns autoscaling test for Regional Clusters

* not return 500 status code for insufficient quota

* Re-generate clientsets

* Let the caller handle the error

* Fix some shadow declaration in cmd package

* Extract validateNodeIP test to node status test file.

* Remove the workaround of heapster panic

* Added test to check object size

* Create container name after dropped \":\" and \"AATT\" both separately

* fix wrong error type when formatting

* fix grammar mistake

* remove default fsypte in azure disk

* add one placeholder for err in scheduelr.go

* fix comments

* update build and s/where/which

* add ut

* remove unnecessary TODO in test/e2e/network/service.go

* spec.SchedulerName should be spec.schedulerName in kube-scheduler help

* Handle partial group and resource responses consistently

* fix graph test sorting

* Add wildcard toleration to nvidia-gpu-device-plugin.

* Add documentation around SOURCE_DATE_EPOCH

* Fully resolve tmpdir in verify scripts, since it might be a symlink on macOS

* Update memory required to build kubernetes on osx to 4.5G

* Fix create job usage

* Get namespace and selectors for attach and logs in a common function

* use memory.force_empty before and after eviction tests

* update PrintFlags#Complete to receive string template

* add unreleased tag to http2 test

* Remove rkt references in the codebase

* Make priority rest mapper handle partial discovery results

* Pass 2: k8s GCR vanity URL

* wire printflags through set cmds

* Remove need for server connections for dry-run create

* remove IsAbs validation on local volume

* Correct the returned message

* Add support to ingest log entries to Stackdriver against new \"k8s_container\" and \"k8s_node\" resources.

* Fix getting logs from daemonset

* Fix IP-alias subnet creation logic

* Make the test TestCRIListPodStats pass for Darwin and Windows

* apiserver: cancel context on timeout in WithTimeoutForNonLongRunningRequests

* Update bazel

* kubectl: add JSON fallback codec to cope with more strict stock versioning codec

* apimachinery duct tape: handle empty unstructured GV in versioning codec gracefully

* apimachinery duct tape: in versioning codec avoid conversion roundtrip for same GVK

* apimachinery: normal conversion code path for Unstructured in ConvertToVersion

* Update generated files

* admission/webhook: fix panic from empty response in mutating webhooks

* admission/webhook: refactor to webhook = generic-webhook + source + dispatcher

* Fix resize nodes tests for Regional Clusters

* Capture kernel logs in example fluentd.conf

* Use pause manifest image

* accelerators: remove Accelerators from feature gates

* Don\'t require release tars on kube-down

* Use provided node object in volume binding predicate

* Run hack/update-codegen.sh

* code-gen: allow specifying custom resync periods for certain informer types and switch to functional option pattern for SharedInformerFactory

* Update OWNERS labels for cluster-lifecycle and scheduling

* begin wiring printflags through set cmds

* move http2 test into ingress context. use helper method

* Add http2 <-> https conversion test

* use echoserver 1.10

* Change \'Mac OS X\' to \'macOS\' in build/README.md

* Update CHANGELOG-1.8.md for v1.8.11.

* Updating kubemci remove-clusters e2e test to use --force to remove from all clusters

* When using custom network with IP-alias, use the former\'s subnet for the latter too

* segregate job scaling from everything else

* Update the stackdriver agents yaml to include a deployment for cluster level resources

* fix typo that redefines variable and breaks code

* fluentd-elasticsearc addon: allow graceful shutdown in fluentd-es image.

* apiserver: enforce shared RequestContextMapper in delegation chain

* Fix disruptive tests for GKE regional clusters

* Fix kubectl bindata

* Put nil back into switch

* Wait longer in pod cleanup

* Fix a bug in Deployment controller when comparing templates

* fix generated bindata

* Add test to verify preempt ignore

* Moving test images under volumes-tester/ceph and volumes-tester/nfs

* Fix daemon-set-controller bootstrap RBAC policy

* juju: Set apiserver advertise-address to kube-control ingress address

* Fixes restartKubelet in test/e2e_node failure. Looks like there is some recent change on how we start kubelet service in test_e2e_node. Fixes restartKubelet() to get right kubelet service name to cope with the change.

* Fixing ip address leak in kubemci e2e tests by always cleaning up cloud resources

* Adding a kubemci e2e test to verify that single and multicluster ingresses can exist together

* Migrating test images to gcr.io/kubernetes-e2e-test-images

* support merging multiple SMP into one patch

* Update COS version in Kubernetes GCE default and test

* Remove crassirostris from owners and reviewers

* Fix when privileged is set.

* Retry node pool deletion in autoscaling tests.

* Configure the default channel to 1.10/stable

* Update CHANGELOG-1.7.md for v1.7.16.

* Remove GPU label during upgrade if needed

* Support typed nils; test empty Unstructured is not mutated

* removes job scaler

* Add subnet-id annotation for openstack cloud provider

* Remove check for items

* Make UnstructuredContent return contents without mutating the source

* remove unused function getEncodedPod in etcd_helper_test.go

* check for commands in kubelet command line

* fix typo

* use common clientretry.RetryOnConflict

* run update bazel

* add test case for request context mapper

* optimize requestcontext: use RWMutex and atomic.Value

* deduplicate server startup code in tls integration test

* make kube-apiserver ServerRunOptions setdefault and Validate before use

* fixtodo:generate an event for a missed starting window

* Adding a test for kubemci remove-clusters

* Make FAIL_SWAP_ON warning message clear

* Fixes incorrect atomic usage

* Added downgrade notice

* Cleanup CRD/CR confusion in webhook e2e tests

* Adding an e2e test for verifying https-only annotation with kubemci

* Update image for ingress downgrade test

* Detach bug fix

* Update GLBC manifest to v1.0.1

* Narrow interface consumed by scale client

* oidc authentication: email_verified claim is not required for JWT validation

* wire through humanreadable flags

* Add support for arm64 to juju charms.

* Don\'t quit without printing API latencies in density test if it failed

* Introduce multimaster clusters support to e2e framework for GKE

* add e2e case for crd webhook

* apiserver\'s webhook admission use its own scheme

* Ensure /etc/hosts has a header always - Fix conformance test

* kubeadm: Introduce controllable timeout on join

* Setup default cni dir correctly

* add TestGeneration in customresource/etcd_test.go

* check error when create failed and fix the conditional judgment

* Add support for multiple certificates to targetproxy

* Delete in-tree support for NVIDIA GPUs.

* remove pvc node affinity update check since beta NodeAffinity is immutable

* Fix go vet errors

* Update gofmt for go1.10

*
*: godep generated code

* Update godep in vendor

* Work on master and worker to accomodate the new kind of gpu support

* Getting error from GetFirewallRule and checking it to fix multicluster ingress test

* Update tests.

* Update code for new SDK.

* Support custom test configurations

* Rev the Azure Go SDK.

* Cleanup the use of ExternalID as it is deprecated

* remove kube-apiserver option that is always force to true

* Seperate timer durations for expectEvent and expectNoEvent

* Add e2e test for CRD Watch

* CRI: update documentation for container logpath

* fix local volume issue on windows

* default use kube-system namespace as policyConfigmapNamespace

* fix localport open - ipvs part changes

* fix localport open - iptables part changes

* remove rktnetes related code

* add unit test for new function AnnotationsNeedUpdate

* fixtodo:rsDeepCopy only when sizeNeedsUpdate or annotationsNeedUpdate

* Updated README for ipvs.

* Use typed events client directly

* Restore show-kind function when printing multiple kinds

* init annotations if it is nil to fix kubemci e2e test failures

* fix flag message about TokenRequest

* update bazel

* Stop() for Ticker to enable leak-free code

* Update bazel

* Use initTest for integration to start scheduler

* Use feature gate in integration

* remove usless arguments of startControllers

* Make certificate approve/deny no-op if CSR is already approved

* controller/endpoint: explict log msg when syncing error

* fix ipvs esipp

* fix bug: kubelet potential panic

* Tolerate 406 mime-type errors attempting to load new openapi schema

* Fix dockershim CreateContainer error handling.

* Build files generated

* Include volume count while doing balanced resource allocation

* Bump godep version to v80

* Update to use go1.10.1

* Add Ignorable flag to extender

* Avoid data races in unit tests

* Updating multicluster test to ensure that controller only creates instance groups

* Add volume spec to mountedPod in actual state of world

* Add unit testcases for ensureExternalLoadBalancer to make sure it doesn\'t panic when errors raised.

* Expose kubelet health checks using new prometheus endpoint

* Move istio-injection label to default namespace

* certs: only append locally discovered addresses when we got none from the cloudprovider

* [e2e ingress-gce] Run preshared-cert and backside-reencryption tests with kubemci

* Set leader-elect for kube-scheduler to true

* Use old resource model in External Metrics API e2e tests

* Add kawych to OWNERS of instrumentation e2e tests

* some updates

* Add support of Azure standard load balancer and public IP

* Fix comment in CRI run_as_group.

* remove unused code in securitycontext

* automatic plugin discovery should trigger plugin init only for the relevant plugin

* use handle DeletedFinalStateUnknown objects in function deleteNode

* fix patch conflict detection in apiserver

* Specify DHCP domain for hostname

* In summary_test, make Docker cpu/memory checks optional if unavailable.

* In summary_test, create a file outside the test volume too.

* Add namespace name into e2e event verify

* tools/clientcmd: Remove gopass import

* Don\'t change GOPATH or PATH in a script lib

* Remove kube::util::go_install_from_commit

* Vendor kazel

* Vendor gazelle

* [kubeadm] Bump kube-dns to 1.14.9

* Return error in mount_unsupported for unsupported platforms

* Update Istio addon to 0.6.0 and mirror images in gcr

* Remove ActiveDeadlineSeconds from watch e2e test

* Make systemd service name for kubelet use a timestamp in e2e-node tests.

* Add e2e test for external metrics with Stackdriver

* Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don\'t generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3.

* fix flaky integration tests

* Use range in loops; misc fixes

* fix pr No. from 517326 to 57326

* Revert \"Enable partial success in fluentd-gcp\"

* Add support for CNI on Windows Server 2016 RTM

* set right Content-Type for configz

* Ensure ControllerManagerExtraArgs take precedence over generated args

* Support overriding the --node-cidr-mask-size arg passed to kube-controller-manager

* correct CHANGELOG-1.10.md

* Fix spurious whitespace in messages from sh2ju.

* Deduplicate identical typecheck errors between platforms.

* certs: exclude more nonsensical addresses from SANs

* remove AlphaStorageNodeAffinityAnnotation const

* Resources prefixed with
*kubernetes.io/ should remain unscheduled if they are not exposed on the node.

* Adding integration tests for statefulset

* Fix 61854, skip for short tests

* Fixing ingress controller daemonset on k8s < 1.9

* Add retry to AssertCleanup

* Add e2e test for service session affinity.

* Add ixdy, luxas, and mikedanese as OWNERS of hyperkube image

* add udev to hyperkube and bump versions

* Use relative path for creating socket files

* Fixing whitespace issue in kubernetes-master

* Allow curl --max-time to be configurable

* make reapers tolerate 404s on scaling down

* fix comment error

* fix format and typo of NodeAllocatableCgroups

* update bazel and gofmt

* use filed NodeAffinity instead of annotation for scheduler

* add test for some function

* fix chinese syntax

* Remove alpha annotation for volume node affinity

* LoadBalancerStatus make use of generated deep copy method

* Update CHANGELOG-1.10.md

* avoid resource leak when both `--rm` and `--expose` are specified

* Ensure -o yaml populates kind/apiVersion

* kubectl: fix a panic when createGeneratedObject failed

* when copy file from host to pod like this: 1.kubectl copy /tmp/test-file test-pod:/ 2.kubectl copy /tmp/test-file test-pod: example 1 will fail, example 2 will cause a panic. This patch fix bugs above.

* Display extended resources in node allocated resources

* Add CRI container log format support back.

* fix cephfs fuse mount bug when use is not admin

* Add pod deletion to subpath tests, and subpath as file with container restart

* wire through template PrintFlags

* remove beta annoucement for out-of-tree cloud provider feature

* apiexstension-apiserver: test cr finalization and deletion

* Update generated files.

* Critical pods shouldn\'t be restricted to kube-system

* Fix incorrect changelog - dynamic kubelet config is not beta

* Use curl instead of wget to fetch the CNI tarball in e2e-node test

* Remove references to rkt from shell scripts in cluster/ and hack/.

* Update Godeps after removing rkt.

* Remove rktnetes code

* Split out the hostname when default dhcp_domain is used in nova.conf

* node authorizer sets up access rules for dynamic config

* Deprecate PSP-related types in extensions/v1beta1 in favor of policy/v1beta1.

* Update bazel rules

* pkg/util/pointer: Update `int` pointer functions

* autogenerate files

* fix RC to RS

* Enable partial success in fluentd-gcp

* Include original error in the error message.

* pv controller clean code

* check error when json.Unmarshal failed

* fix changelog

* Support multi-container pod for \"kubectl logs\"

* add lb source test

* ipvs loadbalance

* delete some unused code

* Marks 1.10 as the current release

* Only check hash labels of non-adopted resources in integration tests

* Stop checking hash labels of adopted resources in e2e tests

* Remove unused Deployment util functions

* Add in human curated release notes for 1.10

* Update CHANGELOG-1.10.md for v1.10.0.

* Deployment to stop adding pod-template-hash labels/selector on adoption

* Add support for setting a custom rate limiter in gce cloud provider

* Skip volume unit tests that don\'t work on osx.

* Unit tests for external load balancer.

* removes custom scalers from kubectl

* Update event-exporter image

* Pod deletion can be contended, causing test failure

* Increase service endpoint test timeout

* Double container probe timeout

* wire through custom-column print flags

* wire through name/success print flags

* Increase cpu/mem thresholds for c-m in density test

* Revert \"Increase fluentd rolling-upgrade maxUnavailable to large value\"

* validate authorization flags in BuiltInAuthorizationOptions.Validate

* use status.Errorf instead of Deprecated func grpc.Errorf

* Turn server-print on by default in kubectl

* fix hostport checking for initContainers since they run in sequential order

* clean up output-version

* remove deprecated -a

* Use inclien func to ensure unlock is executed

* Implement verbosity feature for kubeadm init

* Patch for #61632, add `/etc/sysconfig/kublet` and supporting wiring.

* Added e2e test for local-volume provisioner that does not create PV for discovered non-bind-mounted filesystem.

* Support completion for kubectl apply view/edit-last-applied

* Add a sceneo UT test to TestMustRunAsOptions

* Revert \"Revert revert of equivalence class hash calculation in scheduler\"

* Adds e2e test for the VMware vpxd restart scenario

* run hack/godep-restore.sh && hack/godep-save.sh

* Update to gazelle 0.10.1

* Remove all upstream BUILD, BUILD.bazel, and WORKSPACE files from vendor/

* Fix #61363, Bounded retries for cloud allocator.

* remove knownAlphaFeatures, only store input features.

* Removing the always pull policy on this image.

* update-godep-licenses.sh: various fixes and cleanups.

* verify-cli-conventions.sh: use $(..) instead of `..`.

* verify-godeps: change redirection order.

* cluster/gce: fix checks for empty strings.

* cluster/gce: fix shell return value comparison.

* pkg/util/verify-util-pkg.sh: fix shell return value comparison.

* Updated e2e lv-provisioner image to v2.1.0

* Add conflict detection feature to apply strategy

* include node internal ip as additional information for kubectl

* Clarify runtime behavior for symlinked and non-exist hostPath

* escape literal percent sign when formatting

* add kubectl config view --raw example help user use

* Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure

* Use RaceFreeFakeWatcher in ObjectTracker

* Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS

* Use O_PATH to avoid errors on Openat

* Enable AESGCM encryption of secrets in etcd by default.

* Cluster Autoscaler 1.2.0

* test: Disable ui dashboard test for gke

* Performance tests and fix for IPAM controller.

* e2e:Enable CSI tests

* Update GCP fluentd configmap for GKE node journal logging

* Remove validation of Alpha Feature Gates

* meta/v1: check error from json.Unmarshal()

* Do not consider pods being deleted in the same namespace for spreading purposes for service anti-affinity priority similar to selectorspread priority.

* Fix minor error in the 1.10 release note.

* wire through json/yaml print flags

* update metrics to true like it is for kube-apiserver

* Add AATTx13n to fluentd-gcp OWNERS

* Replace \"golang.org/x/net/context\" with \"context\"

* Increase fluentd rolling-upgrade maxUnavailable to large value

* Fix ha_master test: ignore stderr from \'gcloud\' (warnings etc)

* Fix master replication util for gce clusters - populate cluster-location.txt

* Remove max-pods param from config-test.sh

* Add verification of supported service tags

* move the const to the place it should be

* cluster/update-storage-objects.sh: Fix to ignore deleted objects

* Revert \"add rolling update daemonset existing pod adoption integration test\"

* Fix `PodScheduled` bug for static pod.

* Use inner volume name instead of outer volume name for subpath directory

* Bump image for ingress downgrade test

* Remove wildcard matching of no-op test webhooks

* Increase API watch test timeout to avoid flakes.

* Fix help text for cpu manager

* Adding rramkumar1 and MrHohn as reviewer & approver to pkg/test

* Support --dry-run in kubectl patch command.

* Fix condition for using network unavailable taint in cloud_cidr_allocator

* Fixing kubemci conformance test

* Make advanced audit output version configurable.

* Update CHANGELOG-1.9.md for v1.9.6.

* Update staging godeps

* Get rid of duplicate VerifyPodStartupLatency util in node density tests

* Capture different parts of pod-startup latency as metrics

* Use a random unused port for these e2e tests. Do not use port 80 to avoid conflict with other important pods that might be listening on 0.0.0.0:80.

* add --from-file flag to docker-registry secret

* Add a configuration step to make the test work on GKE

* Clearing out the client-ca-file option in case it exists on the snap from long ago.

* Autogenerated changes.

* PSP: godoc fixes and improvements.

* Use consistent bash variable syntax

* Add support of specifying service tags for Azure cloud provider

* Bump cfssl to be compatible with Go 1.10

* `--force` only takes effect when `--grace-period=0`

* remove invalid resource replicationControllers

* add myself for sig-cli reviewer

* Print object should be updated which may cause potential bug. This patch fix this. modified: pkg/kubectl/cmd/create_clusterrole.go modified: pkg/kubectl/cmd/create_role.go

* fix a error in return value modified: pkg/registry/rbac/validation/rule.go

* etcd client add dial timeout

* switch to scale subresource when describe hpa replicas

* remove kube-apiserver unused storage-version flag

* this patch do tow things: 1.add dry-run flag for create job subcommand 2.add cmd-util test for create job subcommand modified: pkg/kubectl/cmd/create_job.go modified: hack/make-rules/test-cmd-util.sh

* Add UT Test to TestAttacherUnmountDevice

* --show-all is inert in v1.11

* Change pods memory boundary.

* Fix comments and some small fixes

* Grammar and spelling update

* Changing admission controller settings to match https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use

* Add COPYING file name as valid license file

* hack/update-bazel.sh

* ReplicaSet: Use apps/v1 RS in integration test.

* ReplicaSet: Use apps/v1 RS in e2e test.

* Add e2e test for Custom Metrics API with new Stackdriver resource model and External Metrics API.

* disable DaemonSet scheduling feature for 1.10

* Generated changes

* RoundTrip tests in the k8s/api repository

* remove unused code

* check etcd servers by a random order

* Make `test-cmd` work with OS-X tooling

* the err has checked in TearDownAt func/kind bug

* Use function aws.Int64Value replace of deprecated function orZero

* catch err when Watch testResource failed in func TestWatchCallNonNamespace

* remove unused rls-ca-file flag

* fix isnotfound

* return error if get NodeStageSecret and NodePublishSecret failed

* fix failed verify misspell err

* Fix broken link

* fix sorting taints in case the sorting keys are equal

* Update CHANGELOG-1.10.md for v1.10.0-rc.1.

* prevent conformance test failure in DIND scenario

* Check apps/v1 StatefulSet available before starting its controller

* ReplicaSet: Use apps/v1 RS in kube-controller-manager.

* ReplicationController: Use apps/v1 ReplicaSet in conversion layer.

* ReplicaSet: Use apps/v1 for RS controller.

* remove todo suggesting to add the cronjob start time

* remove todo to consider adding the cronjob name as a label

* Fix job\'s backoff limit for restart policy OnFailure

* Update Cluster Autoscaler version to 1.2.0-beta1

* Remove \'system\' prefix from Metadata Agent rbac configuration

* Stabilize openstack_test when running against real cloud

* vendor: Update github.com/evanphx/json-patch

* Add test for FailedGetExternalMetric

* bump spf13/cobra(c439c4): Terminate the stripping of flags when -- is found

* apiserver: add warning about not trusting authz of aggregator

* Bump Heapster to v1.5.2

* add e2e test

* Log rbac info into advanced audit event

* add unit test for PVC conditions describer

* fix kubectl apply error message

* Suppress error message from grep by removing in the end as it is wrongly interpreted as a file.

* cluster/gce/list-resources.sh: also list stackdriver logging sinks

* provide easy methods for direct kubeconfig loading from bytes

* Refactor disruptive tests to use more volume types

* Add myself for sig-cli related stuff as approver

* Use charm env in actions to get have charmhelpers available

* Fix the 404 error

* respect fstype in Windows for azure disk

* update-translations.sh: use kube::util::ensure-temp-dir instead of static path.

* build-ui.sh: use kube::util::ensure-temp-dir instead of static path.

* remove outdated comments

* fix sorting tolerations in case the keys are equal

* remove DNS service from kubectl comformance test

* add unit test for func parsePorts and validate

* Instrument transformer.go with latency metrics.

* Support new NODE_OS_DISTRIBUTION \'custom\' on GCE

* remove unused code authenticator/password/allow

* fix a small error in description modified: pkg/kubectl/cmd/create_job.go

* Add volumemetrics for ISCSI Plugin.

* remove unnecessary TODOs in meta.go

* Remove deprecated paramter \"authorization-rbac-super-user\"

* return NodeStageVolume/NodePublishVolume error if operation failed

* fix todo:add function getFailContainer to report which containers failed the pod

* Document that endpoints is only plural in resource aliases

* add rolling update daemonset existing pod adoption integration test

* Pod comparer should count pods in scheduling queue

* Fix error handling in gc e2e test

* Node status be more verbose

* Correct spelling

* Skip checking when failSwapOn=false

* `GetExternalMetricReplicas` ignores unready pods

* Add missing binaryData field to the ConfigMap Hash

* pkg/printers: Support base64 decode in kubectl go-template

* add Get/Set methods, mutex on instanceGroupAttrs.

* move shared test cluster vars into method + type

* test ensureInternalBackendService, ensureInternalBackendServiceGroups

* expect no error when correct resources already exist. DeleteWrongResources -> ClearPreviousResources

* test that deleting twice does not throw error

* rename to _test.go, update-bazel, comments

* Fix Issue #61123, call syncer.Update on add event.

* test updateInternalLoadBalancer

* hooks for updating healthchecks, firewalls, regional backendservices

* test ensureInternalLoadBalancer and ensureInternalLoadBalancerDeleted

* add hooks to add, remove, insert instances from instancegroups

* isolate logic to be shared with internal lb tests into separate file

* Fix strategy name in the error messages.

* kubectl get psp: modify header to show PRIV instead of DATA for column with privileged flag.

* Add Troubleshooting sections to Heapster and Metrics Server addons documentation

* remove the outdated TODO

* stop using AlwaysAdmit admission

* remove unused func NewNamespacedNameFromString

* remove hack/test-cmd.sh: make is the main build tool

* pkg/api/unversioned related cleanup

* fix little

* remove check d >= 0 since go 1.8 is no longer supported on master branch

* remove unused pkg unversioned

* fix bug in apiserver.k8s.io install

* don\'t do attach and deatch when volume status is error

* remove dead code in kubelet

* Simplify authenticator configuration initialization

* fix validation for dev gcloud

* Grant sig leads feature approval powers

* Add e2e test for watch

* distinguish which labels belong to resource

* Roundtrip test helper for external types

* resource-name not present in the URL for list,watch,deletecollection

* add UT for validatePSPRunAsUser

* build: fix building with spaces in directory names.

* Added e2e test for local volume provisioner discovery of new mountpoints while running.

* Disabled CheckNodeMemoryPressure and CheckNodeDiskPressure predicates if TaintNodesByCondition enabled.

* cronjob_remove_getNextStartTimeAfter

* Ensure reasons end up as comments in kubectl edit.

* log enabled admission controller in order

* Remove invalid comments in unit tests

* IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode

* `exec` away the shell for node-problem-detector

* Add cache comparison for pods and pdbs

* Scheduler cache comparer

* Use inline func to fix deadlock

* Improve PodSecurityPolicy group validate error message on out-of-range group IDs

* fix for openstack member cleanup for multiple port cases

* [advanced audit]fix comment about throttle burst

* add kubectl api-resources command

* move enum into function local

* include file name in the error when visiting files

* update bazel

* userspace: move udp echo server to proxier_test.go

* fix TODO: test more SetType

* Improve debug curl command

* add unit test for function FeatureGateSetFromMap and FeatureGateString

* remove unused htpasswd

* fix boilerplate checker of kubernetes/kubernetes

* regenerated all files and remove all YEAR fields

* add boilerplate.generatego.txt and let all code-generators use it

* [PATCH] Use nodename as key

* move openHostPorts and closeHostPorts into a common struct

* Add an alias `update` for subcommand `enable`

* Add test case for kubelet phase command

* Auto generated docs.

* Auto generated BUILD files.

* Add phase command for dynamic kubelet configuration in kubeadm.

* flag value bindings for kubectl apply commands

* add unit test for function AsScaledInt64

* Admit BestEffort if it tolerates memory pressure.

* add unit test for function ParseKindArg and ParseGroupKind

* Support snapshotting a scheduler cache

* client-go/util/cert go_library shouldn\'t depend on testdata

* translate hack/e2e.go -v to --verbose-commands

* Bugfix for erroneous upgrade needed messaging in kubernetes worker charm.

* kubeadm: add better test coverage to token.go

* `GetObjectMetricReplicas` ignores unready pods

* kubeadm: add better test coverage to reset.go

* Typo in IT translation

* remove some not used imports from python codes

* remove unused hack/lookup_pull.py

* remove --service-account-private-key-file in v1.11

* kubeadm: Add writable parameter to
*ExtraVolumes init config

* pwittrock requested removal; add pwittrock team members to sig-cli-maintainers

* refresh eviction interval periodically

* Fix local cluster leaking memory.

* Allow system critical priority classes in API validation

* autogenerated files

* subtract inactive_file from usage when setting memcg threshold

* modified

* move EtcdServersOverrides to EtcdOptions flags validate

* Update Gluster image

* Add grace period to volume_io tests

* Add pod cleanup timeout

* Fix Ceph RBD image

* Fix data race in node lifecycle controller

* apiserver clean code

* Refactor controller-manager: turn Serve func into handlerchain builder

* Do not create dangling legacy symlink if the new symlink to container logs does not exist. These dangling legacy symlink are removed by kube runtime gc, so it\'s better if we do not create them in the first place to avoid unnecessary work from kube runtime gc.

* Suppress error message from grep when checking whether a subnet has a secondary range or not.

* Remove potential sources of flakes for kms_transformation_test.go.

* Change to fix logging

* align cpu/mem for fluentd-gcp to fluentd-es plus cpu cap

* pkg/volume/nfs/nfs.go: correct error messages.

* add some uts in helpers for CRD

* Fixe golints of equiv class

* Update generated files

* Use const in equiv class

* [PATCH] Fix equiv. cache invalidation of Node condition.

* ignore the loopbackdevice error, or the rbd volume will not get detached

* fix non-nil ptr struct convert

* fix references and golint failures

* Update bootstrap policy fixture data

* Remove example change to seperate repo

* Update generated types

* Fix golints in extender

* Add preemption in scheduler extender

* Auto-create system critical prioity classes at API server startup

* kubeadm: add better test coverage to version.go

* deep copy fake client actions to avoid accidental mutation

* Instrument transformer.go with latency metrics.

* Fix iSCSI image

* fix some ineffectual assignments and misspellings for the package of \'pkg/kubelet/volumemanager\'

* Make sh2ju use awk instead of bc.

* Indicate clusterrolebinding, rolebinding subjects are optional fields

* fix the bad err

* fix todo: use a better way to keep this label unique in the tests

* Adding details to Conformance Tests using RFC 2119 standards.

* kubelet: make --cni-bin-dir accept a comma-separated list of CNI plugin directories

* kubenet: accept a list of CNI binary plugin paths

* cni: convert \"vendor\" option to multiple plugin binary search paths

* cni: clarify bin/conf directory variable names

* delete unused variable

* move persistentvolume to storage package

* supplement for the fix of issue: https://github.com/kubernetes/kubernetes/issues/60366

* apimachinery: remove note for quota serialization

* Update IPVS doc

* log an error message when imageToRuntimeAPIImage failed

* Add UT test to TestMax if equal scenario

* remove docker-email from required args for \"create secret docker-registry\"

* remove filtering by instance state

* Fix: remove keyword defer in the loop

* Regenerate files

* fix persist typo

* fix visible typo

* clean up unused const in node_lifecycle_controller.go

* flag value bindings for kubectl attach/convert/delete/drain/edit/exec commands

* implement begin-port+offset port range parsing

* fix glog.Info in volumn_host

* remove redundant fake discovery code

* Remove invalid TODOs in kubeadm constants.

* flag value bindings for kubectl create/get/set commands

* Remove val and ok in Storageos

* Do not log unchanged message if a format other than \'name\' is specified

* make read from channel other than stdout non-fatal

* Allow including both podSelector and namespaceSelector in a NetworkPolicyPeer

* Factor out duplicated NetworkPolicy validation code

* Add UT test in qos if pod has one container

* remove deprecated initresource admission plugin

* Upgraded to apps/v1 and removed rollback example

* fix the typo error due to the comments

* Support completion for kubectl cp

* clean testprinter after commit: https://github.com/kubernetes/kubernetes/pull/60117

* Add validation of apiserver-advertise-address

* kubectl: delete dead package

* kubeadm/phases: small grammar improvements

* sample-controller: generate UpdateStatus for Foo resource

* sample-controller: add status subresource support

* update bazel: adds new vclib test

* vSphere: Minimize property collection via Finder

* podtolerationrestriction: fix informer race in test

* Log warning message when failed to remove rbd lock

* Add jingax10 as both reviewer and approver in cluster/gce.

* Add test for scheduler:VolumeCountConflicts

* Adding metrics server

* Change HAIRPIN_MODE back to hairpin-veth

* Set pod priority on kube-proxy by default

* fixes #54017, remove deprecated --mode flag

* fixes document grammar

* Disable image GC when high threshold is set to 100

* Disable ImageGC when high threshold is set to 0

* Include more information when multiple security groups are tagged

* fix help message of kubeconfig

* fix #40123: add a periodical polling to update pod config

* optimize DefaultTolerationSeconds admission controller

* Respond to reviewer comments

* Add instructions on how to debug a crashed pod

* more concise to merge the array

* add description of pvc condition for kubectl describe command

* fix incorrect logic in glusterfs.go#canSupport

* remove method NewCronJobControllerFromClient

* update

* update

* should log error when error in parsing device plugin image

* fix assert.Equal argument order

* fix todo: use the ServiceTestJig replace of service

* check taints when allocating CIDR for the cloud

* fix spelling error in comment and log

* TODO has already been implemented

* clean one redundant comment of rbd.go

* add-ut-for-legacyLogSymlink

* add ut for kuberuntime-gc

* sync code from copy destination

* Change the portworx volume attribute SupportsSELinux to false

* kubectl: make error with resource list prettier

* Update glusterfs-storageclass.yaml

* Replace error string with const

* fix error message about DeleteOptions

* code refactor

* increase the podLogTimeout for downward volume test

* small nit in the annotations

* new testcase helpers_linux.go

* remove duplicated validation from podsecuritypolicy

* Disable session affinity for internal kuberntes service

* Fix bad column alignment when using custom columns from OpenAPI schema

* reduce garbage_collector test cases running time

* prevent the same path load multiple times

* remove punctuation from the end of an error string

* add unit test for v1.configmap

* Fix typo, grammar, punctuations and formatting

* Fix to avoid REST API calls at log level 2.

* add validation in kubectl create if no file in directory

* add kernel config locations for fedora and atomic

Thu Dec 13 13:00:00 2018 alvaro.saurinAATTsuse.com
- Updated to a supported version of Go (due to security reasons)

Mon Dec 3 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.11:

* Verify backend upgraded connection

* Add/Update CHANGELOG-1.10.md for v1.10.10.

* Kubernetes version v1.10.11-beta.0 openapi-spec file updates

* Add code for including shutdown nodes

* remove retry operation on attach/detach disk

* Ensure orphan public IPs deleted

* Cherry-pick metadata-agent psp binding

* fix openstack provider to handle only Cinder volumes

* Improve Azure instance metadata handling

* Change GCE LB health check interval from 2s to 8s, unhealthyThreashold to 3

* update coredns image to gcr.io

* improve azure disk attachment perf on Linux

* Fix parsing timestamp in test

* Remove old NAP tests

* Skip node cidr mask size check for cloud allocation.

* change azure file mount permission to 0777

* Fix DS tests to set their namespaces to empty node selectors so that they keep working with PodNodeSelector plugin.

* Add/Update CHANGELOG-1.10.md for v1.10.9.

* Grant permissions for batch/job to cluster-autoscaler

* Kubernetes version v1.10.10-beta.0 openapi-spec file updates

* Always reconcile extended resource capacity after kubelet restart. There are cases that nodes can be recreated (i.e., external_id changes) but still have pods assigned to it. The previous cherry-pick PR https://github.com/kubernetes/kubernetes/pull/66881 doesn\'t cover this case in 1.10 where we only reconcile with old API node state if the new node has the same external_id. We don\'t need this fix in 1.11 from which we always reconcile with old API node state.

* Don\'t run limitranger admission plugin on pod update requests

* Bump version of fluentd-gcp-scaler

* Change the portworx volume attribute SupportsSELinux to false

* Add fallbacks for getting node IP from Azure IMDS

* fix UnmountDevice failure on Windows

* Add unit tests for getting vmss node IP

* Get public IP for Azure vmss nodes

* Add volume spec to mountedPod in actual state of world

* fix bug that defer in infinite loop

* Add privileged test pod security policy to local volume provisioner test service account

* bazel: update debian-iptables and debian-hyperkube-base

* Update to use debian-iptables v10.2 and debian-hyperkube-base 0.10.2

* Install netbase in debian-iptables and debian-hyperkube-base as it is needed by ipvs

* Add support of zero nodes in vmss

* verify invalid secret/configmap/projected volumes

* Add/Update CHANGELOG-1.10.md for v1.10.8.

* Kubernetes version v1.10.9-beta.0 openapi-spec file updates

* Fix potential panic when getting azure load balancer status

* Size http2 buffers to allow concurrent streams

* Fix for duplicate revisions created by StatefulSet
fix bsc#1118198 bsc#1118260 - CVE-2018-1002105

Tue Oct 30 13:00:00 2018 mjuraAATTsuse.com
- Update regexp for SUSE images in do-not-gc-sle-kubic-images.patch, bsc#1111341

Thu Oct 11 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.8:

* Fix running e2e tests with completed kube-system pods

* Add Logf message for skipped succeeded pods

* Fix comments about default mount propagation

* when copy file from host to pod like this: 1.kubectl copy /tmp/test-file test-pod:/ 2.kubectl copy /tmp/test-file test-pod: example 1 will fail, example 2 will cause a panic. This patch fix bugs above.

* Don\'t validate HealthzBindAddress in KubeProxyConfiguration if it\'s empty

* Include unavailable API services in discovery response

* attachdetach controller: attach volumes immediately when Pod\'s PVCs are bound - Use queue to process PVCs on add/update events - Index pods by PVC key then we don\'t need to iterate to find pods

* attachdetach controller: attach volumes immediately when Pod\'s PVCs are bound - Add integration test for this feature

* Double check PVC if not found in syncVolume.

* Kubernetes version v1.10.8-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.10.md for v1.10.7.

* allow failed discovery on initial quota controller start

* Log real file\'s name and line

* Added test for scheduler informers

* Fix scheduler Pod informers to receive events when pods are scheduled by other schedulers.

* Fix parameter for fluentd-gcp-scaler

* apiserver: forward panic in WithTimeout filter

* Bump ip-masq-agent to v2.1.1 - Update debian-iptables image for CVEs. - Change chain name to IP-MASQ to be compatible with the pre-injected masquerade rules.

* Fix VMWare VM freezing bug by reverting #51066

* support cross resource group for azure file

* Add namespace for (cluster)role(binding) cloud-provider.

* Cluster Autoscaler 1.2.3

* Bump versions of components with latest security patches.

* Fixed GCE PD tests to wait for pod deletion after usage, and to not force detach PD\'s from nodes

Wed Aug 29 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.7:

* Report node DNS info with --node-ip

* Add missing binaryData field to the ConfigMap Hash

* Return vmUUID when renewing nodeinfo in VCP

* fix acr sp access issue

* Kubernetes version v1.10.7-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.10.md for v1.10.6.

* Bump to k8s.gcr.io/metadata-proxy:v0.1.10

* Detect if GCE PD udev link is wrong and try to correct it

* Reconcile extended resource capacity after kubelet restart.

* Stub out BackendService check in Ingress upgrade test.

* Rework multi-volume test to use StatefulSet

* A large set of improvements to the Stackdriver components.

* Add NoSchedule and NoExecute tolerations to ip-masq-agent

* Fixed vsphere volume plugin unsafe type cast; added unit tests

* Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA

* Escape illegal characters in remote extra keys

* fill in normal restmapping info with the legacy guess

* Ignore EIO error in unmount path

* Upgrade debian-base to 0.3.1 for CVEs

* ensure qemu-ARCH-static binary is world readable and executable

* Only register qemu-user-static when necessary.

* Bump debian-base to 0.3.2

* Add missing tmpdir path to chmod

* Update to use debian-base:0.3.2

* Update to debian-iptables v10.1 and hyperkube-base 0.10.1

* fix an issue in NodeInfo.Clone()

* should cast va instead of pv

Thu Aug 9 14:00:00 2018 mjuraAATTsuse.com
- Drop patch bsc1095131-cadvisor-btrfs-walk-volumes.patch

* It was merged in upstream

Thu Aug 2 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.6:

* fix IsLikelyNotMountPoint func on Windows

* add IsLikelyNotMountPoint test on Windows

* Ensure /etc/hosts has a header always - Fix conformance test

* Fix issue #63183 that pods on different nodes mount Ceph RBD PVC stuck on ContainerCreating.

* apiextensions: fix concurrent map access copying items\' ObjectMeta in Unstructured

* Disable session affinity for internal kuberntes service

* Fix some log issues in flexvolume

* Kubernetes version v1.10.6-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.10.md for v1.10.5.

* update cadvisor godeps to v0.29.2

* Remove item from taint manager workqueue on completion

* Pass cluster_location argument to Heapster

* Fix scheduler config decoding

* update NPD version to v0.5.0 for gci

* etcd: reuse leases for keys in a time window

* Fix UnmountDevice with deleted pod.

* Fix cleanup of volume metadata json file.

* Add a GPUClusterDowngrade test.

* BUGFIX: must use ID, not name, of the node security group when adding rules to it

* In case storage class parameters are empty, create a new map for Portworx volume labels

* remove format operation in WaitForAttach

* Remove optimization from getWork in resourcequota/controller.go

* Bug fix: Should allow alias range size equals to max number of pods
* 2

* skip nic that are in failing state

* add external resource group support for azure disk

* fix comments

* specify external resource group in ResizeDisk

* fix azure disk issue for external resource group

* azure: Add validation of resourceGroup option

* Reload systemd config files before starting kubelet.

* fix smb mount security issue

* gc: remove crd and apiservice from ignored resources

* Fix RunAsGroup.

* set EnableHTTPSTrafficOnly in storageAccount creation

* Fix truncating and buffering backends integration.

* Update Calico addon yamls to make it work for both 2.x and 3.x. versions.

* A few cleanups (remove duplicated env vars & unnecessary comments) on yaml files.

* Add a helper function to customize K8s addon yamls and use it to customize Calico addons on GKE.

* Remove unnecessary spaces ahead of custom yaml.

* Fix pod worker deadlock.

* Removes defaulting of CSI fsType to ext4

* Adding generated files

* Fix NPD preload.

* Make kubelet `ReadLogs` backward compatible.

* Compare stateful set updates semantically

* Remove patch retry conflict detection

* Fix locating resporce-pool for volume provisioning

* Reverting commit #56600 as GCE PD is allocated in chunks of GiB instead of GBs

* Fixing E2E tests for disk resizing

* Return correct error type and HTTP Status code for operation errors

* extend timeout to workaround slow arm64 math

* re-reorder authorizers (RBAC before Webhook).

Mon Jul 23 14:00:00 2018 mjuraAATTsuse.com
- Fix kubelet-config.yaml by adding authentication and authorization section

Fri Jul 20 14:00:00 2018 mjuraAATTsuse.com
- Include kubectl-rpmlintrc and kubelet-config.yaml files into kubernetes.spec
and kubectl.spec

Thu Jul 19 14:00:00 2018 jmassaguerplaAATTsuse.com
- Get the commit id from the obsinfo file.
This way this is automatic and we don\'t have a regression
of bsc#1065972

Thu Jul 19 14:00:00 2018 mjuraAATTsuse.com
- Move deprecated options to kubelet-config.yaml for kubelet service

* add file kubelet-config.yaml

Wed Jul 18 14:00:00 2018 jmassaguerplaAATTsuse.com
- Add kubectl.spec file so we can create the kubectl package separetely
(fix bsc#1097473 and bsc#1101010 and fate#325820)

Tue Jul 17 14:00:00 2018 mmeisterAATTsuse.com
- Use the full path to the plugin dir
follow up for bsc#1084766

Thu Jul 5 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.5+32ac1c9073b132b8ba18aa830f46b77dcceb0723:

* bump(github.com/evanphx/json-patch): 94e38aa1586e8a6c8a75770bddf5ff84c48a106b

* fix formatAndMount func issue on Windows

* add formatAndMount unit test on Windows

* pkg: kubelet: remote: increase grpc client default size

* pkg: kubelet: remote: increase grpc client default size to 16MiB

* Fix panic while provisioning Azure security group rules

* Fix job\'s backoff limit for restart policy OnFailure

* Never clean backoff in job controller

* Test job backoffLimit correctly

* Rate limit only when an actual error happens, not on update conflicts

* Kubernetes version v1.10.5-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.10.md for v1.10.4.

* Add gpu cluster upgrade test.

* Skip updating status for DaemonSet being deleted

* Update GCE cloud provider to use Cloud TPU v1 API

* Update dependency

* Skip Sysctl tests against v1.11.0-alpha.0 and newer

* Remove all upstream BUILD, BUILD.bazel, and WORKSPACE files from vendor/

* Update to gazelle 0.10.1

* Vendor gazelle

* Vendor kazel

* Remove kube::util::go_install_from_commit

* Don\'t change GOPATH or PATH in a script lib

* Update kazel to include openapi tag detection fix

* Cherry pick of #64255: fix field removal in mutating admission webhooks

* Fixed taints being applied to master if NoTaintMaster is true

* Create cluster-autoscaler role and introduce it to CA start-up script

* Fix setup of configmap/secret/projected/downwardapi

* kubeadm - increase upgrade manifest timeout

* Add kms-plugin-container.manifest to release manifest tarball.

* Add RBAC policy rules for csi-external-provisioner and csi-external-attacher

* Wait a minimum amount of time for polling operations

* Use context with timeout instead of context.Background

* use the latest json-iter

* make json serializer case sensitive

Mon Jun 18 14:00:00 2018 mmeisterAATTsuse.com
- Fix bsc#1084766

* override volume plugin dir

* create /var/lib/kubelet as k8s tmpdir

Mon Jun 18 14:00:00 2018 mmeisterAATTsuse.com
- Fix volume detection under btrfs (bsc#1095131)
when the kubelet directory is not a subvolume, we need to go back
within the file system until we reach the subvolume path, otherwise
kubelet will refuse to start
this has previously been a warning and is promoted to a fatal error
since k8s 1.10

* adds bsc1095131-cadvisor-btrfs-walk-volumes.patch

Fri Jun 15 14:00:00 2018 jmassaguerplaAATTsuse.com
- Update kubernetes-client in Public Cloud to the version that will
be available in CaaSP 3 (bsc#1097830)

Thu Jun 14 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.4+5ca598b4ba5abb89bb773071ce452e33fb66339d:

* Only mount subpath as readonly if specified in volumeMount

* CSI fix for gRPC conn leak, test updates

* Fix extra-log flag for node e2e.

* Fix kubelet flags.

* properly skip cadvisor proxy test

* DaemonSet internals are still in extensions

* Fix DsFromManifest() after we switch from extensions/v1beta1 to apps/v1 in cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml.

* Update nvidia-gpu-device-plugin to apps/v1 and use RollingUpdate updateStrategy.

* Fix nodeport repair for ESIPP services

* Wait for the job to be removed

* Fix CSI volume detach when the volume is already detached.

* Return attach error to A/D controller.

* Add SELinux support to CSI

* Add GetSELinuxSupport to mounter.

* Fix GKE Regional Clusters upgrade tests

* fix azure file size grow issue

* Wait longer in pod cleanup

* Add retry to AssertCleanup

* Fix incorrectly set resource version in List

* Add unit tests for findRule()

* Add verbose logs for azure cloud provider

* Check LoadBalancingRulePropertiesFormat for azure load balancers

* kubeadm - do not generate etcd ca/certs for external etcd

* Implement Skip() for ingress upgrade test

* Prevent 1.10 e2es testing deprecated CAdvisorPort in 1.11

* etcd client add dial timeout

* Add/Update CHANGELOG-1.10.md for v1.10.3.

* Add a way to pass extra arguments to etcd.

* Kubernetes version v1.10.4-beta.0 openapi-spec file updates

* new event exporter config with support for new stackdriver resource types

* kubeadm: surface external etcd preflight validation errors

* Wait for pod deletion instead of termination

* gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup

* Don\'t panic is admission options is nil

* log error for os.NewComputeV2

* unhide deprecated Kubelet flags

* update godeps to use latest pflag

* Update libcontainer to include PRs with fixes to systemd cgroup driver

* Always Start pvc-protection-controller and pv-protection-controller

Thu Jun 14 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.3+2bba0127d85d5a46ab4b778548be28623b32d0b0:

* Use inclien func to ensure unlock is executed

* Add environment variable to control truncating backend.

* Implemented truncating audit backend

* fix formatting for memcg threshold

* Cluster Autoscaler 1.2.2

* kubeadm - fix external etcd upgrades

* Revert \"Openstack: register metadata.hostname as node name\"

* Revert \"Split out the hostname when default dhcp_domain is used in nova.conf\"

* Revert \"Specify DHCP domain for hostname\"

* Support kubeadm upgrade with remote etcd cluster

* Cherrypick: Enable CUSTOM_INGRESS_YAML to replace the glbc manifest

* fix commands running crictl

* Close all kubelet->API connections on heartbeat failure

* Always track kubelet -> API connections

* Avoid copying aggregated admin/edit/view roles during bootstrap

* renable nodeipam in kube-controller-manager

* Backport MAX_PODS_PER_NODE env from #63114 to 1.10

* Remove check for hash label and selector mutation. This is deprecated in future releases and breaks upgrade tests.

* Check successfully assigned event message for 1.10 and 1.11.

* fix status subresource

* generated

* Cherrypick kube-openapi changes

* Improve where we load builds from for kubeadm upgrade jobs

* Use the logging agent\'s node name as the metadata agent URL.

* Bump Heapster to v1.5.3

* adding support for VM name with extra Separator String

* passthrough readOnly to subpath

* PR #62903 changed error string GetMountRefs() returned, which broke test `should fail due to non-existent path`. Remove error string check to fix test.

* Show deprecated kube-apiserver flags

* Fix dockershim CreateContainer error handling.

* IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode

* Update 1.10 test gpu_util.go to use the 1.10 nvidia-gpu device-plugin yaml.

* Add/Update CHANGELOG-1.10.md for v1.10.2.

* Kubernetes version v1.10.3-beta.0 openapi-spec file updates

* Fix race between stopping old and starting new endpoint

* Add unit test for configure-helper.

* Revert \"revert resource disablement, 1.10\"

* Refactor subpath reconstruction tests to use util test

* Added more UT for invalid case.

* Removed e2e test on empty NodeAffinity.

* Remove METADATA_AGENT_VERSION config option

* Fix Etcd Rollback

* Add etcd L7 check on upgrade

* Modify the kubeadm upgrade DAG for the TLS Upgrade

* Update test-case, fix nil-pointer bug, and improve error message

* Implement etcdutils with Cluster.HasTLS()

* Implement ReadStaticPodFromDisk

* fix mirror-pod hash race condition

* test: Disable ui dashboard test for gke

* Fix bash command for liveness probes in the metadata agents.

* Make integration test etcd store unique

* loopback webhook integration test

* generated

* fixup on dirty reverts

* Revert \"refactor resource_config.go thoroughly and remove useless code in registry\"

* Revert \"remove support enable-disable api resources\"

* Revert \"pass APIEnablement through apiserver chain\"

* Fix upgrade to Kubernetes v1.9.3+

* avoid dobule RLock() in cpumanager

* Manage Metadata Agent Config with Addon Manager

* Detach bug fix

* Fix ILB issue updating backend services

* add metrics to cinder

* Fix subnet cleanup logic when using IP-aliases with custom subnets

* Fix IP-alias subnet creation logic

* When using custom network with IP-alias, use the former\'s subnet for the latter too

* respect fstype in Windows for azure disk

* Move istio-injection label to default namespace

* Update Istio addon to 0.6.0 and mirror images in gcr

* Enforce not using newer kubeadm to upgrade older kubeadm

* Adds migrations to the kubeadm upgrade phase config

* Generated build files

* Bump GLBC manifest to v1.1.1

* Removed no-empty validation of nodeSelectorTerm.matchExpressions.

* Fix volume node affinity to OR node selector terms

* Use local provisioner version that uses beta API

* Honor existing CA bundle and TLS server name in webhook client

* ensure tls server name is used in transport

* distinguish custom dialers in transport cache

* Ensure service routing resolves kubernetes.default.svc correctly

* fix devicePath update issue in Azure WaitForAttach func

* Fix use visible files creation for windows

* Fix machineID getting for vmss nodes when using instance metadata

* Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver.

* CSI - Apply fsGroup volume ownership when pv not readOnly

* Update e2e test with private mount propagation

* Add private mount propagation to API.

* Revert \"git: Use VolumeHost.GetExec() to execute stuff in volume plugins\"

* remove default fsypte in azure disk

* fix comments

* remove IsAbs validation on local volume

* Ensure expected load balancer is selected for Azure

* Fix daemon-set-controller bootstrap RBAC policy

* Fix flaky crd e2e tests

* fix nsenter GetFileType issue

* Increase cpu/mem thresholds for c-m in density test

* Fix PodStore to wait for being initialized

* Add/Update CHANGELOG-1.10.md for v1.10.1.

* Kubernetes version v1.10.2-beta.0 openapi-spec file updates

* Cluster Autoscaler 1.2.1

* Use relative path for creating socket files

* add tests for GetFileType

* fix incompatible file type checking on Windows

* Add support to ingest log entries to Stackdriver against new \"k8s_container\" and \"k8s_node\" resources.

* Fix umask to actually intended behavior.

* Switch to k8s-1.10 branch of the installer in release-1.10 branch.

* Add wildcard toleration to nvidia-gpu-device-plugin.

* Fix resize test for Regional Clusters

* Fix restart nodes tests for Regional Clusters

* Fix dns autoscaling test for Regional Clusters

* Fix resize nodes tests for Regional Clusters

* Fix disruptive tests for GKE regional clusters

* Introduce multimaster clusters support to e2e framework for GKE

* return error if get NodeStageSecret and NodePublishSecret failed

* Cleanup CRD/CR confusion in webhook e2e tests

* add e2e case for crd webhook

* apiserver\'s webhook admission use its own scheme

* Specify DHCP domain for hostname

* Use provided node object in volume binding predicate

* Update the stackdriver agents yaml to include a deployment for cluster level resources

* fix typo that redefines variable and breaks code

* fix local volume issue on windows

* avoid resource leak when both `--rm` and `--expose` are specified

* kubectl: fix a panic when createGeneratedObject failed

* Add CRI container log format support back.

* Update GLBC manifest to v1.0.1

* Fix Issue #61123, call syncer.Update on add event.

* Fix #61363, Bounded retries for cloud allocator.

* Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don\'t generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3.

* Tolerate 406 mime-type errors attempting to load new openapi schema

* Restore show-kind function when printing multiple kinds

* Backport etcd.manifest fixes for HA clusters from #61241 to 1.10

* add udev to hyperkube and bump versions

* Removed detailed internal storage metrics

* Add pod deletion to subpath tests, and subpath as file with container restart

* Ensure -o yaml populates kind/apiVersion

* Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure

* e2e:Enable CSI tests

* Add/Update CHANGELOG-1.10.md for v1.10.0.

* Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS

* Support new NODE_OS_DISTRIBUTION \'custom\' on GCE

* Kubernetes version v1.10.1-beta.0 openapi-spec file updates

* Update event-exporter image

* Use O_PATH to avoid errors on Openat

* Cluster Autoscaler 1.2.0

* Fix `PodScheduled` bug for static pod.

* Remove \'system\' prefix from Metadata Agent rbac configuration

* Bump Heapster to v1.5.2

* Use inner volume name instead of outer volume name for subpath directory

* disable DaemonSet scheduling feature for 1.10

* Add/Update CHANGELOG-1.10.md for v1.10.0-rc.1.

* Update CHANGELOG-1.7.md for v1.7.15.

* Update CHANGELOG-1.8.md for v1.8.10.

* Update CHANGELOG-1.9.md for v1.9.5.

* Added network-unavailable tolerations for hostNetwork=true.

* Wait for only enough no. of RC replicas to be running in testutil

* Patch glbc manifest to use version 1.0.0. Also add rate limiting flags

* Fix cpu cfs quota flag with pod cgroups

* Fix a bug where malformed paths don\'t get written to the destination dir.

* Fix e2e tests for emptydir

* Prevent garbage collector from attempting to sync with 0 resources

* Add AUTOSCALER_ENV_VARS to kube-env to hotfix cluster autoscaler

* Add unit test TestGarbageCollectorSync

* Fix creation of subpath with SUID/SGID directories.

* Bump fluentd-gcp-scaler version

* Added unscheduable taint.

* Fix issue with race condition during pod deletion

* Fixes \'Zone is empty\' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters

* Fail the ingress test if it timesout getting address for IP address

* Bump fluentd-gcp-scaler version

* Fix deprecated gcloud compute networks --mode switches.

* Backoff only when failed pod shows up

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.4.

* Update CHANGELOG-1.10.md for v1.10.0-beta.4.

* fix kubectl_filedir completion

* Updates kubeadm default to use 1.10

* Use pod UID as cache key instead of namespace/name

* Increase apiserver mem-threshold in density test

* Fix subpath e2e tests on multizone cluster.

* Add atomic writer subpath e2e tests

* Detect backsteps correctly in base path detection

* Exclude commas when pulling the tag out of the git export-subst format string

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.3.

* Update CHANGELOG-1.10.md for v1.10.0-beta.3.

* Add missing container-runtime \"remote\" option

* Add missing v1.7.14 release note entries.

* Add missing v1.9.4 release note entries.

* Find most recent modified date for fluentd buffers recursively.

* Update CHANGELOG-1.7.md for v1.7.14.

* Update CHANGELOG-1.9.md for v1.9.4.

* Update CHANGELOG-1.8.md for v1.8.9.

* kubelet initial flag parse should normalize flags

* fix show-all option description modified: pkg/kubectl/cmd/util/printing.go

* set readOnly for CSI mounter

* fix option --audit-webhook-initial-backoff

* reduce nesting

* Fixes the races around devicemanager Allocate() and endpoint deletion.

* Bump to etcd 3.1.12 to pick up critical fix

* Make admission webhooks work in custom apiservers.

* [e2e service] Fix CleanupGCEResources for regional test

* use temp kubeconfig for fake factory

* match KindFor first

* [e2e service] Fix gke failure: move apiserver restart validation logic into util

* Revert \"Use quotas in default performance tests\"

* Use grpc to improve the CPU utilization of the logging agent.

* Fix use of \"-w\" flag to iptables-restore

* Revert \"[Test change - don\'t merge] Skip load test\"

* Fix upgrade tests for GKE Regional Clusters

* Fix broken gke regional logging test.

* added missing error check

* Get external IP for azure standard nodes

* Check whether it is running locally when UseInstanceMetadata

* Make admission webhooks not ignore scheme

* Fix default auditing options.

* Increase verbosity of frequently printed logline in scheduler_binder

* Make log audit backend configurable in GCE

* [Test change - don\'t merge] Skip load test

* Rollback etcd server version to 3.1.11 due to #60589

* Task 2: Schedule DaemonSet Pods by default scheduler.

* auto check the current year

* [e2e service] Refine apiserver restart logic

* Update cadvisor to v0.29.1

* Vendor newest GCP Go client

* Update CHANGELOG-1.10.md for v1.10.0-beta.2.

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.2.

* Change regional PD cloud provider references to use the beta API

* Mark reconstructed volumes as reported InUse

* Avoid reallocating of map in PodToSelectableFields

* Add OWNERS file to test/typecheck/

* Add cblecker to test/ approvers

* purge all the -v references from e2e.go

* log enabled admission controller in order

* Use cert util to get cert data.

* Auto generated BUILD files.

* Remove 1.8-1.9 upgrade codes of kubeadm

* Add sys/windows/svc to vendor

* Add support for binaries to run as Windows services

* Setting REMOUNT_VOLUME_PLUGIN_DIR for COS images in kube-env

* Update Kubelet command option description for IPv6

* Add retrying to audit logging e2e tests

* Create fake /etc/hosts for conformance test

* Bump Cluster Autoscaler to 1.1.2

* Fixing e2e CSI test, II

* Run hack/update-all.sh

* Prevent webhooks from affecting admission requests for webhooks

* Fix DaemonSet e2e test for OnDelete

* fix test failure and delete unused code

* Pass in etcd TLS credentials during migrate and rollback

* Bump etcd server patch version to 3.2.16

* Fixing e2e CSI test

* oidc: add rithujohn191 as a reviewer

* Run server-side print tests only on k8s 1.10+

* Fix initializing watch cache

* [fluentd-gcp addon] Fix passing location to event exporter

* Add e2e test for deletion

* Add feature gate for subpath

* Add subpath e2e tests

* Lock subPath volumes

* Add unit tests for parseConfig

* Enable maximumLoadBalancerRuleCount config for azure yaml config file

* Fix broken useManagedIdentityExtension for azure cloud provider

* Update documentation for azure-shared-securityrule

* Code cleanup: group consts togather

* Update liveness probes to exec etcdctl /w mTLS for kubeadm etcd static pods

* Generate client certificates for healthchecking kubeadm etcd static pods

* Update README.md of sample-apiserver.

* Promote LocalStorageCapacityIsolation feature to beta

* Swithcing to Official CSI 0.2.0 tag

* improve daemonset\'s retry creating failed daemon pods e2e test

* requires string input

* Update gazelle to latest to fix vendoring issue

* Expect NetworkTier not to be set as GCE value (all uppercase)

* Cap max number of nodes to use for local PV e2e tests

* Remove mapping to /host/lib from fluentd-gcp container.

* increase amount of memory filled by memory allocatable eviction test

* kubelet: notify systemd that kubelet has started

* bump(6644d4): spf13/cobra: support bash completion for aliases

* Fix a grammatical error in a comment

* update Mount propagation version in comment

* Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation

* Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859

* Add support for `make verify WHAT=typecheck`.

* Add selector to DaemonSet in newDaemonSet function so that the v1 apis function for e2e

* Add //test/e2e/... and //test/integration/... to //build/visible_to:COMMON_testing

* I forgot the fact that the DevicePlugin test itself restarts Kubelet for testing purpose. Move that test back to Serial but constructs a smaller test without kubelet restart that we may run during presubmit.

* Do not count failed pods as unready in HPA controller

* Add retries to resource deletions in testing framework

* remove anti-affinity

* Add buffering to the log audit backend

* Added dashboard banner passthrough to GCE kube-up.

* Increase loging verbosity for deleting stateful set pods

* Update CHANGELOG-1.7.md for v1.7.13.

* remove \"scale job\" from help info

* fix warning info format

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.1.

* Update CHANGELOG-1.10.md for v1.10.0-beta.1.

* add remount logic for azure file plugin

* API Changes for RunAsGroup and Implementation and e2e

* Only install etcd for verify tests that need it.

* Set default vmtype to standard if not set

* Relax time tolerance on KMS test, limit to platforms with unix sockets available

* fix todo:Get rid of this duplicate function IsRetryableAPIError in favour of the one in test/utils

* add m1093782566 to milestone maintainer since he is a PM member on behalf of SIG-Network

* improve get description

* Check nil error in IsProbableEOF()

* Remove spxtr from various OWNERS files.

* Adds daemonset conformance tests

* Add integration test for server side printing

* Add missing table converters for server side printing

* run update bazel

* remove unused rest/versions.go

* cloud-controller-manager get /healthz instead of calling restclient.ServerAPIVersions to wait for apiserver being healthy

* Fix stackdriver logging test

* remove gcloud docker -- since it\'s deprecated

* update the relevant BUILD file

* Add node-e2e test for ShareProcessNamespace

* add TestUpdateStatus for horizontalpodautoscaler

* Added unscheduable node UT for DaemonSet.

* add unit test case for nodenames comparison

* generated

* client-go: add an exec-based client auth provider

* gce: add support for enabling TokenRequest feature

* Allow update/patch of CRD while terminating

* Update godeps

* Update unit tests and bazel files

* Setup docker hostconfig for windows containers

* Setup windows container config to kubelet CRI

* enable IPVS feature gateway by default since it\'s already beta

* Support cluster-level extended resources in kubelet and kube-scheduler

* implement token authenticator for new id tokens

* svcacct: move getters to use an external clientset

* Fix typos

* Switch to a dedicated CA for kubeadm etcd identities

* Code Cleanup

* Fix kubectl completion so that file names are listed

* Adding Data Encryption Key (DEK) Key Encryption Key (KEK) integration tests via KMS Plugin Mock.

* Update kubectl e2e test manifests to apps/v1

* Changing Flexvolume plugin directory on COS in GCE to a durable directory

* Ensure status bar displays full progress.

* Ensure generated files are present before typechecking.

* Add test/typecheck, a fast typecheck for all build platforms.

* Fix build tag for grpc_service_unix_test.go.

* Vendor golang\'s go/types to include a fix for CGo typechecking.

* Move linux-only getProxyMode tests to a linux-only file.

* Add a few \"+build linux\" tags where appropriate.

* Make a few code paths compile cleanly with 32-bit Go.

* Remove unused variables (only assigned to) from test code.

* Refactor common parts of scheduler_perf into reusable utils

* Temporary fix for LeaderElect for kube-scheduler

* Auto-updated BUILD files

* [kube-proxy] Mass service/endpoint info functions rename and comments

* [kube-proxy] Unit test for unmatched IP version

* [kube-proxy] Harden change tracker and proxiers for unmatched IP versions

* [kube-proxy] Make the import name of utilproxy consistent

* [kube-proxy] Add more IP version related utils

* [kube-proxy] Move ipv6 related funcs to utils pkg

* [kube-proxy] Move Service/EndpointInfo common codes to change tracker

* Use consts defined in api instead of defining another ones.

* Run hack/update-bazel.sh

* E2E: add tests for PSP from the \"policy\" API Group.

* sh2ju.sh: suppress `which` command output when gdate not found in $PATH.

* Fixed log calls in VolumeManager

* Fix nested volume mounts for read-only API data volumes

* Include EOF errors also as retryable errors

* Validate path in external metric name

* Implement external metrics in HPA

* Add external metrics client to HPA rest client

* Remove old featureGate flag

* update bazel

* update import

* Make Scale() for RC poll-based until #31345 is fixed

* update golint_failures

* move fs into seperate directory to break cycle import

* merge util into one file

* Extract volumepathhandler into seperate directory

* Extract recycler client into seperate directory

* Volume deletion should be idempotent

* clean up example unit test

* fix nodenames slices comparison para.

* Add Cloud TPU v1alpha1 API dependency

* Update device plugin e2e_node test to not changing Kubelet config as DevicePlugins feature is enabled by default now.

* GCE: support Cloud TPU API in cloud provider

* Delete the Redundant define tc

* Add scheduling.k8s.io to the known groups for audit logging on GCE.

* Remove passing packages from hack/.golint_failures

* Run hack/update-all.sh

* Remove dep-reviewers

* don\'t (remote) cache release-tars

* Update code generators

* run hack/update-staging-godeps.sh

* run hack/godep-save.sh

* Update gengo version

* Remove cassandra example

* Adding beta feature flag for regional PDs.

* Added MountDevice/UnmountDevice pass-through to NodeStageVolume/NodeUnstageVolume for CSI Volume Plugin. Added related unit tests. Vendored CSI Spec to HEAD

* Increase timeout of integration tests

* fix bug where character devices are not recognized

* Update gke nvidia-gpu-device-plugin to the latest version that supports both v1alpha and v1beta1 device plugin versions. Re-enables nvidia-gpus e2e test after verifying the test passes now.

* rbac: allow system:node role to make TokenRequests for all service accounts

* noderestriction: restrict nodes TokenRequest permission

* auth: allow nodes to create tokones for svcaccts of pods

* Add CPU/Memory pod stats for CRI stats.

* Let image manager return a copy of image list.

* promote GC e2e tests to conformance tests

* Update to use Stackdriver Agent image.

* bzl: fix update-bazel.sh

* Adding dummy and dummy-attachable example Flexvolume drivers; adding DaemonSet deployment example

* Reduce number of pods created for local PV stress test

* Add myself to dep-approvers OWNER alias

* Differentiate between target and target average value

* auth: reregister auth providers

* Better PROXY_LOG and verbosity in the command line

* Use feature-gates command line for kube-proxy

* fix static checks

* update bazel

* auto generated codes

* userspace part changes

* ipvs part implementation

* iptables part implementation

* create netwowrk interface util

* validate nodeport-addresses

* add nodeport-addresses flag for kube-proxy

* don\'t use storage cache during apiserver unit test

* Add external metrics client

* Use rbd-nbd if present for rbd volume map and unmap operations, if rbd fails.

* hack/lib/protoc.sh: don\'t split find-binary output.

* hack/lib/util.sh: remove shadowed case statements.

* hack/lib/util.sh: do not iterate over ls output.

* hack/lib/util.sh: improve staging api finding.

* hack/lib/util.sh: add double quotes.

* hack/lib/init.sh: prevent splitting in \'dirname\' result.

* hack/lib/golang.sh: use double quotes.

* hack/lib/golang.sh: do not split on array items.

* hack/lib/golang.sh: split strings into arrays safely.

* Fix regional clusters startup

* update aws plugin for block support

* adjust filtered object test to reflect old weird behavior

* Revert \"fix resource filter for generic printers on get\"

* Add support for external metrics in kubectl

* Move retry-based updates to a different pkg

* Return missing ClusterID error instead of ignoring it

* Add clusterid tags to the instances in AWS tests

* Use quotas in default performance tests

* Update Dashboard version to v1.8.3

* add --experimental-server-print tests

* remove default priority cache in Priority admission controller

* Fix registry flunder and fisher strategy method names to a standard

* statefulset validate collisionCount

* fix package name error modified: plugin/pkg/admission/priority/admission.go modified: plugin/pkg/admission/priority/admission_test.go

* Delete two same if in photon_pd

* Conformance: Add StatefulSet tests.

* Added local storage e2e test for VolumeMode: block

* vendoring latest version of google-api-go-client

* Run hack/update-bazel.sh

* Use `Int32Ptr` function from utils instead of self-written versions

* add unit test for static pod name generation

* kubeadm create token using config file

* autogenerated files

* correct the expected value in plugintest

* Move kubelet flag generation from the node to the client, and pass the kubelet flags through a new variable in kube-env (KUBELET_ARGS).

* tokenrequest: tokens bound to pods running as other svcaccts

* Added unschedulabe predicate.

* Support Running local-up-cluster in CI

* Update vendor spf13/cobra to fix completion error in bash 3

* CSI code changes

* vendor files update

* Partial revert to fix local-up-cluster.sh

* CRD should have server side printing

* Add tests for Deployments Recreate strategy when there are pods in terminal state present

* Fix Deployment with Recreate strategy not to wait on Pods in terminal phase

* FIX the os.Stat() func in volume file/kind bug

* fix references

* Delete the two same if in func TestPlugin

* fix \"make test\"

* kubectl: flag value bindings for common utils

* move storageclass/setdefault into pkg/admission/storage

* flag value bindings for kubectl label/patch/taint/top commands

* fix cli example

* fix device name change issue for azure disk

* kubeadm: use localhost for API server liveness probe

* Add Local PV stress test

* adding replication-type in GCE PD parameters

* Made a couple API changes to deviceplugin/v1beta1 to avoid future incompatible changes: - Add GetDevicePluginOptions rpc call. This is needed when we switch from Registration service to probe-based plugin watcher. - Change AllocateRequest and AllocateResponse to allow device requests from multiple containers in a pod. Currently only made mechanical change on the devicemanager and test code to cope with the API but still issues an Allocate call per container. We can modify the devicemanager in 1.11 to issue a single Allocate call per pod. The change will also facilitate incremental API change to communicate pod level information through Allocate rpc if there is such future need.

* add comments

* Update autogenerated docs

* Fix typos

* Change SANs for etcd serving and peer certs

* Add more test cases for volume binding in the scheduler

* Secure etcd API /w TLS on kubeadm init [kubeadm/#594] - Generate Server and Peer cert for etcd - Generate Client cert for apiserver - Add flags / hostMounts for etcd static pod - Add flags / hostMounts for apiserver static pod

* integration: refactor, cleanup, and add more tests for TokenRequest

* autogenerated api changes

* k8s csi code change

* api changes

* expunge the word \'manifest\' from Kubelet\'s config API

* update GCE plugin for block support

* Allow TTLs to be plumbed through to webhook authn/authz in gce scripts.

* Revert \"Allow env to be updated via specific key in resource\"

* Include generated files

* Introduce External Metrics API

* update generated files

* Add Categories to CRD spec

* generated code

* Update e2e and integration to use apps/v1 for DaemonSet

* Update versioned portions of kubectl to use apps/v1 with DaemonSet

* Fix golint warning

* Enable PV protection test by default

* handle Table response in client

* Only run connection-rejecting rules on new connections

* simplify kubectl testing factory

* apiserver: fix testing etcd config in preparation for etcd 3.2.16+

* dockershim: Return Labels as Info in ImageStatus.

* generated

* Add a metric exposing number of objects per type

* Autoscaler e2e - fix getting initial pool size

* Fix grammar and log issue in volume cache code

* fix freespace for image GC

* [kube-proxy]enhance kubeproxy init flag

* clean up sysctl code

* initialize all known client auth plugins

* Remove conntrack entry on udp rule add.

* Add e2e test for configurable pod resolv.conf

* More unit test for configurable pod resolv.conf

* remove unused function negotiate() and writeYAML()

* Reuse the \"min
*Nodes\" slices to save the GC time.

* Disable mount propagation for windows containers

* generated: bazel

* Make Service storage a wrapper around other storages

* fix proxy mode comment message

* fix proxy mode comment message in v1alpha1

* kms: rename KMSService to KeyManagmentService

* add description of mount options to StorageClass describe printer

* Add node e2e test for log rotation.

* Generated code

* Use container log manager in kubelet

* Add kubelet container log manager

* fix new typos when rebasing

* add spelling checking script

* vendor misspell

* fix typo and remove inaccurate TODO

* Refactor tests

* Discovery client and aggregator downloader use /openapi/v2 endpoint

* clean up KubeletConfigOk condition construction

* add me to iptables/kube-proxy reviewers

* gce: allow extra addons to be sourced form a url

* generated files

* multi-zone PD e2e tests

* Remove k8s prefix from gcr.io/k8s-ingress-gce-image-push repo

* godeps: bump go-openapi

* Fixes for HTTP/2 max streams per connection setting

* examples/podsecuritypolicy: add owners.

* Add smart retries to resource creations in testing framework

* Fix incorrectly formatted URL

* Results of running update scripts: update-openapi-spec update-federation-openapi-spec

* Update description for valid reclaim policies

* backoff runtime errors in kubelet sync loop

* Update the DaemonSet controller to use the apps/v1 API

* Remove subnet size restriction for IPv6

* Introduce buffered audit backend

* Run hack/update-bazel.sh

* Modify PodSecurityPolicy admission plugin to additionally allow authorizing via \"use\" verb in policy API group.

* update generated files

* add subresources for custom resources

* update cadvisor godeps and ignore per-cpu metrics

* Namespace should support table printing

* bump coredns feature gates to beta

* update version and manifest

* Fix nsenter on Mac

* Validation for HPA external metrics

* Remove ClientSetForVersion & ClientConfigForVersion from factory

* Modify tests

* Autogenerated code for HPA external metrics

* Add external metric type to HPA API

* Remove unnecessary return parameter from NewCmdTopPod

* Add kubectl create job --from=cronjob/

* Fixes #47538: Add functionality for manually creating a Job instance from a CronJob

* deprecate --show-all

* remove metrics client factory method

* Add CSI volume attributes generated API code

* Make CSI volume attributes first class

* Allow env to be updated via specific key in resource

* Fix passing gcloud command output to error check

* Improves backoff policy in JobController

* Unset CDPATH in build script to fix path generation

* Review #1

* update bazel

* kube-proxy make use of generic apiserver profiling

* kube-scheduler make use of generic apiserver profiling

* controller-manager make use of generic apiserver profiling

* Avoid explicit mention of glusterfs in error strings.

* Cleanup node type checking for azure nodes

* add lock before detaching azure disk

* Get dirFsInfo from docker image filesystem

* Set FsId and usedBytes for windows image file system

* Add GetDiskFreeSpaceEx and export winstats.StatsClient

* set default enabled admission plugins by official document

* Set shared PID namespace mode based on PodSpec

* remove f.PrintObjectSpecificMessage

* Build files generated

* Critical pods priorityClass addition

* fix todo: add validate method for &schedulerapi.Policy

* DevicePlugins feature is beta in 1.10 release

* Document k8s.gcr.io/etcd image upgrade/downgrade support

* Introduce some plumbing which makes it possible to specify which ingress image to upgrade to for the upgrade test

* Extracting common logic related to integration testing of storage transforms.

* Make the `Unschedulable Queue` interface private

* Change printDeprecationWarning to use fmt.Fprintf instead of glog

* Deprecate kubectl scale job

* add support for /token subresource in serviceaccount registry

* Update kubectl describe to print out PV node affinity

* Test cases to verify container log stats

* Minor improvements to scheduling queue

* Bump dependencies for build tag fixes bump github.com/vmware/govmomi/vim25 to HEAD bump bitbucket.org/bertimus9/systemstat to HEAD

* remove unneeded factory codec methods

* bump(go-openapi/validate): d509235108fcf6ab4913d2dcb3a2260c0db2108e

* [e2e ingress-gce] Reduce numExtraLarge to 99

* Generated code for Shared Process Namespace

* Fix kubectl describe for priority class objects.

* Kubernetes API for Shared Process Namespace

* Deprecate KubeletConfiguration flags

* adding new tag bumping SHA

* Remove Feature from StorageProtection E2E tests as Storage Protection feature is brought into beta.

* StorageProtection Brought to Beta in 1.10 Release

* readme update for fluentd-gcp-scaler

* collapse printing paths

* Introduce e2e test for Metadata Agent

* Remove pkg/client/unversioned

* Pass location parameter to event exporter.

* Make sure node pool is deleted in autoscaler e2e tests.

* Return information about which int tests failed in the summary - followup

* Fix getting pool size in autoscaling e2e tests

* [fluentd-gcp addon] Update event-exporter

* Migrate deviceplugin api from v1alpha to v1beta1

* Invoke PreStart RPC call before container start, if desired by plugin

* Adding per container stats for CRI runtimes

* fix resource filter for generic printers on get

* rename StorageProtection to StorageObjectInUseProtection

* Improve scheduling queue\'s logic

* add deployment proportional scaling e2e test

* [e2e ingress-gce] Bump num of ingresses for scale test

* cloud: don\'t require application default credentials to run unit tests

* returning an empty array instead of returning an array with empty string for kubemci get status

* autogenerated

* remove deprecated /proxy paths

* fix running with no eviction thresholds

* Delete unused ForwardingRule fakes

* Use shared variable names. Define hooks on mock objects

* Move shared variables and fakeGCECloud method to top

* Define hooks for inserting Forwarding Rules and Addresses in all versions

* Move and make exported lbScheme types into cloud/constants.go

* Move NetworkTiers into cloud/constants.go

* Add test for wrong networktier resource deletion

* svcacct: make token authenticator fully generic

* Disallow setting both alpha and beta PV nodeAffinity Allow setting PV nodeAffinity if previously unset

* Bump addon-manager to v8.6

* Test cases fix after path expansion

* bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43

* bzl: use --local_test_jobs

* Drop init container annotations during conversion

* Fix device unmap for non-attachable plugin case

* cleanup printers some more

* Add new openapi endpoint in aggregator server

* Bump kube-openapi to add new openapi endpoint

* Reformat and update error strings.

* Fix race in healthchecking etcds leading to crashes

* Increase allowed lag for ssh key sync loop for tunneler

* Fix grammar eror of azure cloudprovider

* Remove unused code and modify tests to include set based selector

* glusterfs: refer to upstream gluster documentation

* glusterfs: fix a comment typo

* glusterfs: Remove an outdated comment about GB vs GiB

* Fix typos in configmaplock

* Update generated files.

* Update examples to use PSPs from the policy API group.

* Introduce PodSecurityPolicy in the policy/v1beta1 API group.

* AllowVolumExpansion field to describe printer.

* Add cluster-location to GCE instance attributes

* autogenerated files

* Changed API doc

* autogenerated files

* refactor kubeadm join command generation

* dockertools: disable MemorySwap on Linux

* Removed newlines from e2e log statements.

* Fixing CSI E2E test

* collect metrics on the /kubepods cgroup on-demand

* Taint node when it under PID pressure.

* Add API docs for multiple PriorityClasses marked as globalDefault

* Updated comments to correct flag of taint.

* Generated files

* Volume node affinity enforcement

* Add new volume-scheduler cluster role to scheduler

* Add VolumeNodeAffinity to PersistentVolumeSpec

* Pick the PriorityClass with the lowest value of priority in case more than one global default exists

* Do not add kubeconfig while running kubemci

* Fix e2e node setKubeletConfiguration helper

* Don\'t assume SG is for ELB; pass tags directly

* Pass ProjectRouter to mocks

* Require boilerplate on Bazel Skylark source files

* Autogenerated: hack/update-bazel.sh

* Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies

* Move ipvs module loading logic

* [e2e ingress-gce] Enhance cleanup logic for pre-shared-cert test

* Updating code to use TempDir in manifest test

* bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b

* oidc authentication: generate testdata and delete old test packages

* oidc authentication: switch to v2 of coreos/go-oidc

* svcacct: default expiration of TokenRequest

* Add code and yaml for Istio as an addon

* Refactor k8s core csi bits for CSI Spec 0.2.0

* Updating vendor file and dependency

* Add myself to owner aliases

* Allow Metadata Agent to get and list resources

* Bump default Metadata Agent version

* reevaluate eviction thresholds after reclaim functions

* Split self-signed cert and CA

* add an admission decorator chain

* Revert \"add node shutdown taint\"

* Add quotas to density and load tests

* use prometheus-to-sd 0.2.4 and fluentd-gcp-image 2.0.16

* Move code only used by gce out of common.sh and into gce/util.sh.

* Add AWS cloud provider option for IAM role

* Updating kubemci e2e test to not add kubeconfig flag for get-status

* Remove extraneous CHANGELOGS on the 1.10 branch.

* wait for bound pvc metric updated before validating

* collect ephemeral storage capacity on initialization

* Index PVs by StorageClass in assume cache

* Fix pod scheduled.

* Change the strategic-merge-patch link to https://git.k8s.io/community/contributors/devel/strategic-merge-patch.md

* [e2e ingress-gce] Add test for backside re-encryption

* In etcd-version-monitor, Remove grpc labels used only in etcd 3 format when translating metric back to 3.0 format

* Use consts as predicate name in handlers

* Log the command line flags

* Add cloud-provider policies to be applied via addon mgr

* cluster/images/hyperkube: Fix typo in Dockerfile for aggregator symlink

* Add deprecation notices

* Re-add OWNERS files to Godeps/vendor dirs

* Enforce OWNERS file in Godeps and vendor dirs

* Add cblecker to dep approvers

* kubelet: revert the get pod status

* Update reviewers for sig-scheduling.

* code review: create err chan via helper

* gke-certificates-controller: rm -rf

* Avoid call to get cloud instances

* Add some more tests for routes.

* enable mutating and validating admission webhook by default on gce and centos clusters setup by kube/cluster-up.sh

* Add a reviewer to addon-manager

* Enable mount propagation tests by default

* Update build deps for Bazel and zz_generated

* Add configuration item to allow kubeadm join to use a dns name pointing to control plane

* Container Liveness probe InitialDelay time increased to accomodate slow machines

* Rework volume manager log levels

* update -o name format to kind.group/name

* fix fluentd-gcp-scaler to look at correct fluentd-gcp version

* Clean-up not needed method.

* Fix cluster autoscaler test to support regional clusters.

* Store labels and fields with object

* csi: Remove stale volume path

* Process existing cloud nodes in CCM

* Fix the broken link in Markdown

* Try longer to fetch initial token.

* Rename ConfigOK to KubeletConfigOk

* Standardize on KUBE_PROXY_MODE (not KUBEPROXY_MODE)

* apiserver: fix some typos from refactor

* Move the kubeletconfig v1alpha1 API to beta, rename to kubelet.config.k8s.io

* force node name in generated static pod name lowercase

* kubelet: revert the status HostIP behavior

* Kubernetes version v1.11.0-alpha.0 openapi-spec file updates

* trivial change to fix test issue

* Improve comments for kubelet

* Partial revert of fb5caac2da063cd5e992e2c9fda5b0bf30776871

* Update to latest gophercloud/gophercloud

* Check if netstat or iproute2 is available

* Pipe error message from openapi/swaggerspec verify checks to stderr

* kubeadm: Demote controlplane passthrough flags to phases alpha

* Correct error strings and variable name.

* fixing diskIsAttached func

* kubectl port-forward support resolving service port to target port, and support Service as resource type

* Add jsafrane as AWS approver.

* vendor caddy

* Fix DownwardAPI refresh race.

* Add retries to PrepareNodes utility function

* Fake docker-client assigns random IPs to containers

* Add golang.org/x/tools/benchmark/parse godep.

* update-bazel.sh

* Save benchmark data in perfdash-friendly format.

* add e2e test for bound/unbound pv/pvc count metrics

* add number measurement for bound/unbound pv/pvc

* cmd/controller-manager: add OWNERS for generic controller-manager code

* Fix instanceID for vmss nodes

* Addressed jeffvance\'s review comments

* rename func ValidatePodSecurityContext to ValidatePod

* Secure Kubelet\'s componentconfig defaults while maintaining CLI compatibility

* fix README for admission webhook test image

* kubemark using cobra commands

* Addressed review comments

* Add vmType checking in Azure disk controller common

* deprecate kubelet\'s cadvisor port

* fix json tag on Azure.config

* use caddy for translation

* improve tests

* add federations translation

* kube-dns configmap translate

* Configuration changes

* fix markdown formatting for test image

* Add criSocket to kubeadm MasterConfiguration manifest

* WIP - create read/writer rate limiter

* juju: Fix broken ingress after upgrade-charm

* Remove unused DeltaFIFO compressor argument to NewDeltaFIFO

* Add started state to the processor to protect against double starts

* Add a test case for the race in #59822

* Avoid hook errors when effecting label changes.

* removing production code usage from e2e tests code

* Upload container runtime log to sd/es.

* local-up-cluster.sh should be conformant out-of-the-box

* add reviewers to util/mount

* kubectl port-forward allows using resource name to select a matching pod

* libffi-dev dependency added in fluent-es-image Dockerfile to solve the docker build error

* Remove duplicated definition of ResourceList in Metrics API

* Add criSocket to kubeadm NodeConfiguration manifest

* hack/update-codegen.sh: fix finding api names.

* hack/update-codegen.sh: fix finding items in an array.

* hack/update-codegen.sh: split string into array robustly.

* Don\'t create no-op iptables rules for services with no endpoints

* run update bazel

* pass listener in integration test to prevent port in use flake

* Increase timeout on waiting on cluster resize in autoscaling tests

* staging: add boilerplate header

* hack/grab-profiles.sh: fix typos in error strings and variables.

* hack/grab-profiles.sh: bash script cleanups.

* hack/grab-profiles.sh: use double quotes in trap.

* hack/grab-profiles.sh: fix typo in variable name.

* Update generated files

* controller-manager: add authz/n to options, nil by default

* controller-manager: add SecureServingOptions

* apiserver: make SecureServingOptions and authz/n options re-usable

* controller-manager: switch to config/option struct pattern

* Review #2

* Review #1

* Fix: change basic auth password should keep admin in masters group

* Detect CIDR IPv4 or IPv6 version to select nexthop

* Fix typos

* add --go-header-file to use kube boilerplate

* code-generator: add boilerplate header

* Remove myself (timothysc) from OWNERS files on areas that I do not actively maintain.

* Dynamic client support subresource create/get/update/patch verbs

* bazel: update busybox digest to latest (~1.28.0)

* Add etcd 3.x minor version rollback support to migrate-if-needed.sh

* bazel: update digest for debian-iptables-amd64

* Bump GLBC to 0.9.8-alpha.2 and change back to --verbose

* Ignore 0% and 100% eviction thresholds

* Auto-generated files for CustomPodDNS Beta API

* Promote configurable pod resolv.conf (CustomPodDNS) to Beta

* kubelet: check for illegal phase transition

* compare Pods by UID, not by name and namespace

* Remove unused getClusterCIDR()

* kubeadm: add configuration option to not taint master

* Fix #59601: AWS: Check error code returned from describeVolume

* Remove /ui/ redirect

* use new account generation method for blob disk

* Add unit tests for mapLoadBalancerNameToVMSet

* Map correct vmset name for internal load balancers

* Fix godeps for client-go

* Fix unit tests for vmss

* update azure API for auth

* Add azure disk support of vmss

* Use new clients for vmss cache

* Update Azure GO SDK to v12.4.0-beta

* Update vmss fake clients

* Update vmss client to new version

* Abstract disk operation interfaces in VMSet

* Use full instanceID as lun lock key

* Add unit tests for extractVmssVMName

* fix typo, this let\'s us -> this lets us

* format some import statements in scheduler pkg

* Requesting new credentials when node names change

* Fix kubelet PVC metrics using a volume stats collector.

* Add ipset binary for IPVS, context: https://github.com/kubernetes/kubernetes/issues/57321

* fix some syntax related errors

* Make command-line flag --feature-gates compatible

* Update fuzzer to reflect FeatureGates type change.

* Auto generated files.

* Migrate FeatureGates type of kube-proxy from string to map[string]bool

* create storage account if necessary when create azure file pvc

* Update README.md

* remove unused function printIndentedJson and printAllPods in test/integration/scheduler

* New github id - FengyunPan -> FengyunPan2

* util/goroutinemap code cleanup

* Adjust unit tests for vmss

* Use generic cache for vmss

* auto-generated

* fix all the typos across the project

* Use SeekStart, SeekCurrent, and SeekEnd repalace of deprecated constant

* fix deleting dummy device error in kube-proxy.log when run cluster in local

* fix \"destroying ipset\" error in kube-proxy.log when run cluster in local

* some typo

* Check etcd port instead of process name

* taint also node controller

* nit: remove CSI plugin from ProbeExpandableVolumePlugins

* Add tests for schedulercache

* release local ephemeral storage resource when removing pod

* Autogenerated BUILD changes

* Adding kubemci e2e test for conformance

* Extend timeout to deal with pkg/master flake.

* Update CHANGELOG-1.8.md for v1.8.8.

* juju: Fix kube-proxy failing to identify local endpoints

* Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName.

* Enable Audit Logs Behind a Feature Gate

* Update CHANGELOG-1.9.md for v1.9.3.

* vSphere test infrastructure improvement and new node-unregister test

* Autogenerated files

* Refactor volumehandler in operationexecutor

* fix --watch on multiple requests

* Bump GLBC version to 0.9.8-alpha.1

* devicemanager testing: time out sooner

* Update Kubeadm proxy handling for IPv6

* Workaround patch using cached version in TestPatch

* CSI - Auto-generated code updates

* CSI - Marking CSIPersistentVolumeSource Beta

* Disable symbol resolution by pprof in profile-gatherer

* Print stderr from go tool pprof in profile gatherer

* Remove bootstrap kubelet config on reset

* Enable scaling fluentd-gcp resources using ScalingPolicy.

* Add HTTPProxyCheck for API servers

* devicemanager testing: dynamically choose tmp dir

* Add error handling and new tests

* correct the ConstructVolumeSpec func path value

* update bazel BUILD

* Pass pod labels to controller revision

* ipvs part changes

* iptables proxier part changes

* proxy endpoints part changes

* proxy service part changes

* Avoid race condition when updating equivalence cache.

* kubeadm: Support imagePullPolicy option in the kubeadm init configuration file

* remove unused function in pkg/controller/replicaset/replica_set_test.go

* Task 0: Added Alpha flag for NoDaemonSetScheduler feature.

* Bury KubeletConfiguration.ConfigTrialDuration for now

* bazel: support using SOURCE_DATE_EPOCH to override date

* Update azure_loadbalancer.md

* fix incorrect logic in canSupport

* [e2e ingress-gce] Scale test to measure ingress create/update latency

* Pass pvc namespace and annotations to Portworx Create API

* Update endpoint value in test code

* Rename and restructure local PV tests

* Add cache for route tables

* Add cache for network security groups

* Add cache for load balancer

* Add cache for virtual machines

* New unit tests for timedCache

* Make azure cache general for all objects

* Create pkg/kubelet/apis/deviceplugin/v1beta1 directory.

* Add a new environment variable to the startup scripts called KUBE_PROXY_MODE

* Remove unnecessary summary api call.

* Update cadvisor to 6116f265302357cbb10f84737af30b1f13ce2d6c

* remove CAdvisorPort from KubeletConfiguration

* make context the first arg in AddInstanceHook/RemoveInstanceHook

* generate mocked methods with context as the first arg, because golint

* Adding benchmarks to envelop encryption integration tests

* Cleanup and add category doc

* Fixes the regression of GCEPD not provisioning correctly on alpha clusters.

* Add \'none\' option to EnforceNodeAllocatable

* dockershim: don\'t check pod IP in StopPodSandbox

* Mark kubemark images w/ random tags to avoid race b/w runs

* Unify image registry value in kubemark setup scripts

* kubelet: add support for pod PID namespace sharing

* validation_test.go: move test cases for AllowPrivilegeEscalation option from TestValidatePodSpec to TestValidateSecurityContext.

* Add node e2e to verify hugepages feature

* Add shyamjvs to cluster/images/kubemark/OWNERS

* Fix bug with profile-gathering waitgroup in scale tests

* Skip TestRoutes when there are no vm(s)

* Extract instantiation of cloud provider

* AWS: Do not ignore errors from EC2::DescribeVolumee in DetachDisk

* return a more human readable error message if mount an unformatted volume as readonly

* add more error logs in kubectl run

* update staging godeps

* Collect prometheus metrics for custom resources

* client-gen: remove base input dirs

* fix using defer in loop in cors test

* run update bazel staging-dep

* add wait ready for mutating/validating webhook configuration

* admission registration use shared informer instead of poll

* add node shutdown taint

* Add apiserver profiling to our scalability tests

* fix describe when allocatable CPU/Memory is 0

* Fix golint errors in `pkg/scheduler` based on golint check

* Set instanceID to azure resource ID format while useInstanceMetadata is enabled

* Change critical pods’ template to use priority

* Enable golint for `pkg/scheduler`

* return error if New-SmbGlobalMapping failed in azure file mount

* Route verify-godep-licenses output to stderr

* Route verify-godeps output to stderr

* Route verify-boilerplate output to stderr

* Route verify-gofmt output to stderr

* Route verify-bazel output to stderr

* Switch to k8s.gcr.io vanity domain

* Add useInstanceMetadata param back in Azure cloud provider

* Revert \"add number measurement for bound/unbound pv/pvc\"

* Moved validation to the API side

* run hack/update-all.sh

* add test case

* audit support wildcard matching subresources

* Add verify script for kms generated file

* Change provider ID to uuid

* Add generated script for kms api pb file

* Remove configfile for kms in encryption config

* Update for review comments

* Only support unix socket for kms gRPC, also add Version method

* Fix verify error and address review comments

* Update kms provider config for gRPC client service

* Add gRPC client service for envelope transformer

* Remove experimental keystone authenticator

* run update-bazel.sh, lint on mock.go

* verify no extra RS was created when re-creating a deployment

* Add mountpoint as CRI image filesystem storage identifier.

* remove newline before err checks. address pr comments

* use getInstanceByName to check for node presence, instead of DeleteInstance)

* Cleanup of ipvs utils

* test updateExternalLoadBalancer removes nodes

* check firewall creation + deletion for healthcheck firewall

* fix deployment\'s collision avoidance mechanism

* Handle fetch of container logs of error containers during pod termination

* Create short name for cronjob

* isolate node creation into separate function, address PR comments

* Disallow PriorityClass names with \'system-\' prefix for user defined priority classes

* vclib: enable VM disk attach test

* godep: update vmware/govmomi

* Move workload registries to apps package

* cleanup

* Split out a KUBE-EXTERNAL-SERVICES chain so we don\'t have to run KUBE-SERVICES from INPUT

* remove mapper dependency - PrintSuccess

* Allow passing request-timeout from NewRequest all the way down to actual request

* Indicate endpoint subsets are an optional field

* Return information about which int tests failed in the summary

* clean up unused function GetKubeletDockerContainers

* fix todo: use selector.DeepCopy replace of hard code

* add keyring parameter in Ceph RBD provisioner

* devicemanager: increase code coverege of endpoint\'s unit test

* Reimplement 2 tests using fakeexec

* Enable HPA tests on large clusters

* Remove duplicated comment

* Increment CRI version from v1alpha1 to v1alpha2

* Update kubelet for enumerated CRI namespaces

* Switch CRI NamespaceOption from bools to enums

* Remove provisioner configuration from info message.

* delete unused generated file

* abstract proxy servicePort and endpoints

* auto generated items

* regenerated files

* add k8s:conversion-gen to internalversion

* Change log format: replace () to []

* simplify the if logic

* Removed unnecessary test code.

* Make kubelet flags of kube-up.sh configurable.

* autogenerated files

* Update PriorityClassName API doc

* add AddInstanceHook mock method, test insertion of new instace

* check presence of healthcheck

* test loadbalancer resources created & deleted

* Move shared load balancer variables out of test.lb update/delete tests

* Add TestEmsireExternalLoadBalancer test

* remove a todo which is out of date

* Fix to register priority function ResourceLimitsPriority correctly.

* fix TODO: moving driver name check in API validation

* Use SetInformers method to register for Node events. (#449)

* [e2e ingress-gce] Plumb the Logger interface and avoid assertion in util functions

* Initial local PV block device plugin checkin.

* Ensure euqiv hash calculation per schedule

* test: bump timeout on //pkg/master

* authentication: remove TokenRequest from authentication.k8s.io/v1beta1

* Better timeout in slower virtual machines

* svcacct: move claim generation out of TokenGenerator

* kube-scheduler: Use default predicates/prioritizers if policy config does not specify them

* Add context to all relevant cloud APIs

* IPv6: Ensure calculated node CIDR size for pod subnets is valid

* Fix flaky AdmissionWebhook e2e-crd tests

* move makeHostUrl to gce_instances (only used there)

* use comparable host path instead of full url when creating a targetpool

* split docker-logins logic into 2 handlers

* fix apply --force w/ invalid AND conflicting resource

* Update generated code

* Update etcd version from 3.1.10 to 3.2.14 when upgrading a K8s cluster to use IP aliases.

* Document kubeadm API

* Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface.

* kubectl: cannot set --all and --selector at the same time

* StorageOS support for containerized kubelet and mount options

* Update storageos api dependency to 0.3.4

* fix golint warnings in daemon controller

* Fix RBAC permissions for metadata agent.

* add unchedule information to kubectl describe node

* make sure mounter not nil and fix some typo

* add testapigroup of apimachinery to go-to-protobuf

* Remove defaultV18AdmissionControl in 1.10 cycle

* Ensure public IP removed after service deleted

* fix invalid match rules for advanced audit policy

* fix typo in kubeadm

* Ensure daemon opts are in effect before docker login

* Refactor and add some tests.

* clean temporary para for require-kubeconfig

* Fix typo: constucts -> constructs

* Fix TestPlugin func has two same if code/kind bug

* clean up code

* Use direct struct comparison, not reflection

* Scheduler is not able to read from config file if configmap is not present

* Equiv class volume fixes

* Test ports are covered by firewall

* Fix the wrong comment in cri constants.

* Fix local PV node affinity tests and only run once

* bzl: make integration tests actually work

* certs: allow cert controller to delete csrs

* Clarify that ListOptions.Timeout is not conditional on inactivity

* Patch ingress upgrade test to ignore checking certain GCP resources

* Redesign and implement volume reconstruction work

* Ability to run an external binary instead of hyperkube cloud-controller-manager

* Add comments about potential race in delta fifo.

* Fix StatefulSet set selector bug

* Add GCE instance UpdateNetworkInterface API to beta.

* autogenerated

* add minimal types for service account TokenRequest API

* Use beta instead of alpha GCE Compute API to add an alias range to an instance.

* Remove --service-sync-period flag which was not in use

* kubelet ignores hugepages if hugetlb is not enabled

* Revert \"Add self anti-affinity to kube-dns pods\"

* Don\'t recycle PVs that are used by a pod

* Pass pod informer to PV controller

* add example for kubectl config unset, this will help user use

* fix todo:Move function readinessCheck to util

* add kube-root for file directory

* core/v1 should be first in discovery order

* build: fix a logic error in shell script.

* Update kubeadm supported etcd version to 3.2.14 in 1.10

* Ignore OWNERS file in verify-godeps

* Add OWNERS for translations folder

* Add unit test for endpoint allocate

* Add OWNERS for third_party folder

* Add OWNERS for Godeps and vendor folders

* Use `blkid` to get fs type of device.

* Adding volume metrics support for vSphere Cloud Provider

* Fix golint for openstack and cinder packages

* fix typo in client-go

* Remove resources that were moved to kubernetes/examples repo

* refactor NsenterWriter to utilize pkg/util/nsenter

* run hack/update-all.sh

* add Annotations to audit event

* When using the bootstrap cert, update the store

* Cap how long the kubelet waits when it has no client cert

* Add Annotations from the deviceplugin to the runtime

* Regenerate the deviceplugin protobuf file

* Add annotations to the deviceplugin API

* Remove comment from Cluster Autoscaler manifest

* fix todo: migrate to use framework.AddOrUpdateLabelOnNode/framework.RemoveLabelOffNode replace of updateNodeLabels

* fix typo in cluster

* Reformat log to show more details

* fixing node labels for random tests invocation

* Update etcd server version to 3.2.13

* Sort firewall params

* Remove validation failure of Pod priority when the feauter is disabled

* autogenerated files

* Replace nominateNodeName annotation with PodStatus.NominatedNodeName in scheudler logic

* nodelifecycle: set OutOfDisk unknown on node timeout

* patch cmd/kubeadm/test/cmd/BUILD for bazel 0.10

* Promote v1alpha1 meta to v1beta1

* Use `blkid` to get fs type of device.

* Add mwielgus and MaciekPytel to GCE owners

* Cluster Autoscaler 1.1.1

* Add Terminating state to PVs

* Cleaning up loopback removal process

* Add e2e test for PV protection

* fix irregular descriptive docs

* Introduce apiserver profile-gathering library in testing framework

* Conversion from typed to unstructured should set GVK

* delete duplicate function for getting volume source

* fix the format for github error

* fix TODO:change to a api-server watch

* Configurable etcd quota backend bytes

* kubeadm init: skip checking cri socket in preflight checks

* Move MountPropagation to beta.

* Fix typo in CHANGELOG-1.10.md.

* initialize ipvs proxy owners file

* fix todo: Move isDecremented to pkg/apis/core/validation

* update bazel

* check ErrorNotFound in netlink.go to fix cross build error

* Add tests for pkg/serviceaccount.

* update bazel BUILD

* fix review comments

* validate ipset entry before adding in ipvs proxier

* validate entry in ipset

* validate set in ipset

* refactor ipset interface AddEntry()

* add basic functionality deployment integration tests

* [e2e ingress-gce] Retrieve the correct health check resource

* Update CHANGELOG-1.10.md for v1.10.0-alpha.3.

* bumping timeouts for apiserver communication.

* suggest using describe cmd to list pod containers

* kubelet: only register api source when connecting

* Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node.

* Add IPv6 to ref page descriptions.

* [GCE Ingress e2e] Add test for pre-shared certificate

* Revert \"fail earlier on discovery failures\"

* Ensure that the runtime mounts RO volumes read-only

* cluster/gce: remove salt comments from manifests

* cluster: remove kube-registry-proxy

* cluster: remove unreferenced vars

* cluster: remove unused kubelet token

* cluster: delete image staging

* cluster: remove some cvm stuff

* cluster: remove unused functions

* gce: delete opencontrail vars

* Fix typos

* Fix typo

* Expose etcd compaction interval param for kubemark apiserver

* Add UT test TestCheckOpenStackOptsfunc

* Auto generated BUILD files.

* Update test framework featuregates type.

* fix a typo in pkg/cloudprovider/providers/azure/azure_loadbalancer.go

* Fix typo (a -> an)

* fix a typo in pkg/apis/core/fuzzer/fuzzer.go

* Make predicate errors more human readable

* Add GCE ingress test case for modified health check

* kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address

* Elaborate deprecation warning

* fix typo in package apiserver

* aesgcm - passing

* add upstream

* use node-e2e framework for testing cadvisor

* Update Calico to version v2.6.7

* Fix cross-build breakage after #58174

* Disable JUnit-style reporting for benchmark script

* Adding lower() to kubernetes master\'s usage of allow-privileged.

* remove alpha when running cloud-controller-manager with hyperkube

* Fixing issue with capitalization causing odd behaviors for allow-privileged configuration option.

* Expose etcd compaction time via environmental variable in GCE

* refactor kube-aggregator api group install

* Add policy for pv protection controller

* Add PV protection controller

* existing PV controller changes

* reuse PVC protection admission plugin for PV protection

* Rename PVCProtection feature gate so that PV protection can share the feature gate with PVC protection

* Change feature gate PreRelease to Beta

* Use v1beta1 VolumeAttachment

* update all

* PVC Protection E2E Tests for Failed Scheduling

* sample-controller: document minimum kube version

* Add Beta VolumeAttachment API

* Add call to addCredentialProviderFlags

* Do not use ifupdown commands

* reopen #58913 Fix TODO move GetPauseImageNameForHostArch func

* fix the format for github error

* modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go

* Use `blkid` to get fs type of device.

* Build Kubernetes binaries with valid Semantic Version

* codeClean-merge-logfAndFailnow-to-fatalf

* fix rebase error

* Fix typo and comments

* Ensure IP is set for Azure internal loadbalancer

* fix some typos in filters

* Update tests to use the hostexec:1.1 image

* e2e test: use sleep to wait in hostexec

* Fixes ci-ingress-gce-upgrade-e2e

* Client ca post start hook now checks if the system namespace already exists before creating it.

* cloudprovider/openstack: fix bug the tries to use octavia client to query flip

* Change manifest file perms to remove execute

* Autogenerated files

* Add NominatedNodeName to PodStatus

* Fixing upgrade charm failing if upgrading from an old enough charm(pre Nov 2017).

* Fix PodPidsLimit and ConfigTrialDuration on internal KubeletConfig type

* Add deprecation comment to PersistentVolumeReclaimRecycle

* Add crds as CustomResourceDefinition shortname

* Add test/fix for ErrShortBuffer edgecase

* Make eviction manager work with CRI container runtime.

* When installing vendored godep, ensure that it\'s in path

* Remove unneeded code

* Remove port from HTTPProxyCheck

* Reset DeferredDiscoveryRESTMapper before use

* Don\'t go get godep in jenkins scripts

* initial work for azure file grow size implementation

* Fix race condition in fake runtime test.

* remove some unused functions in validation.go

* Add UT test to openstack and two para in configFromEnv

* deprecate insecure http flags and remove already deprecated public-address-override

* Correct the URL of openstack and make test case more detail

* Add detailed err in ensure docker process error

* fix mistaken info print

* Remove setInitError.

* Add HyperVContainer feature gates

* Add experimental hyperv containers support on Windows

* [GCE] Set --kubelet-preferred-address-types on apiserver by default

* fix portallocator comments

* Update to go1.9.3

* Update bazelbuild/rules_go to support go1.9.3

* Fix flaky AdmissionWebhook e2e tests.

* Support GetLabelsForVolume In OpenStack

* Generate cri apis automatically

* Add windows config to CRI

* Skip rescheduler test.

* update e2e test for resourceQuota support on extended resources

* resourceQuota support for extended resources

* Forcing get_node_name to continue searching for a node name if the returned list of nodes doesn\'t include this one.

* Set generate-kubelet-config-file to true by default.

* Perform resize of mounted volume if necessary

* CRI: Add a call to reopen log file for a container

* Add more tests.

* Improve messaging on resize

* Fix setting qps in density test.

* removes the remainder from ScalerFor method

* Fix pod sandbox privilege.

* pkg: kubelet: do not assume anything about images names

* Kubelet flags take precedence

* correct typo in HorizontalPodAutoscaler status condition

* Removal of KubeletConfigFile feature gate: Step 3 (final)

* remove dead prefix field

* fix parameter advertise_address should be --advertise-address

* Remove unused test for node auto-repair. This test is testing GKE only feature and should use different infrastructure.

* remove --tls-ca-file which had no effect

* remove dead testing code

* Fix TC resource Leak

* Expose default service IP CIDR in apiserver

* pass listener in apiextentions-apiserver test to prevent port in use flake

* use info instead of infof when no format

* add RequireKubeConfig back for pull-kubernetes-e2e-kops-aws

* run update bazel

* code cleanup in integration framework

* The TODO has been completed, so remove the comments

* Only rotate certificates in the background

* Fix self link for cluster scoped custom resources

* fix webhook admission README

* refactor resource_config.go thoroughly and remove useless code in registry

* fix GetCustomResourceListerCollectionDeleter comments

* remove support enable-disable api resources

* fix `make quick-verify`

* Revert \"Change equivalence class hashing function\"

* kubelet: remove the rktshim directory

* Fix pod security policy capability test.

* Add e2e tests for GPU monitoring.

* Add brackets and quotes where needed

* Contain variable names in shell2unit Also correct unbound assertions variable error on line 176

* Add cblecker to shell2junit OWNERS You break it, you bought it.

* Add in godeps verification for hack/lib/ and build/

* Split ClientConfigFor()

* fix url parsing for staging/dev endpoint

* Update CHANGELOG-1.10.md for v1.10.0-alpha.2.

* Adds breadcrumb to crictl warning

* csi: Update version comparison model

* Mark ServiceProxyAllowExternalIPs feature as deprecated

* Add deprecated stage of feature gates

* Add a metric to track usage of inflight request limit.

* Clean up unused functions and consts

* Make REST mappings for resources a unique list

* mini fix about typo

* Prefer exact resource name matches to shortname expansions

* Prefer apps/v1 storage for daemonsets, deployments, replicasets

* Revert \"Remove changes on SECONDARY_RANGE_NAME.\"

* fix some log param error modified: pkg/cloudprovider/providers/vsphere/vsphere_util.go modified: pkg/controller/certificates/cleaner/cleaner.go modified: pkg/controller/volume/pvcprotection/pvc_protection_controller.go modified: pkg/volume/azure_dd/azure_mounter.go

* Remove changes on SECONDARY_RANGE_NAME.

* Only run verify-staging-godeps if staging/godeps are touched

* fix runtime-config bug in kube-aggregator

* Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132.

* Fixing spaces issue found with tests. Had some missing parameters for some functions.

* Tag multi-az cluster volume e2e test with sig-storage

* Add allowPrivilegeEscalation to kubectl describe psp

* Add storage-backend configuration option to kubernetes-master charm.

* Change flags to variables so that they can be passed through make

* Set KUBE_JUNIT_REPORT_DIR on dockerized test

* Fix unset variables in shell2junit

* Produce junit results for verify job

* Use ipc-utils container in HostIPC tests.

* Add new e2e-test container to export ipcs from util-linux

* Refactor handling of IpcMode for the actual container

* Don\'t assume ipcmk command supports size suffix.

* Make it possible to override the driver installer daemonset url from test-infra.

* Skip NoNewPrivileges test when SELinux is enabled

* Move multizone e2e to sig scheduling path

* Fix adding FileContentCheck

* Fix kubectl explain for cronjobs

* fixing array out of bound by checking initContainers instead of containers

* Add UT test to openstack_test.go

* remove unused func in FakeConfigurator of scheduler

* Rename package deviceplugin => devicemanager.

* serviceaccount: handle jwt flow specific validation in seperate validator struct

* serviceaccount: check token is issued by correct iss before verifying

* Use GlobalMemoryStatusEx to get total physical memory on Windows node

* use containing API group when resolving shortname from discovery

* Fix equivalence cache hash tests.

* Move equivalence class hash code.

* Change equivalence hash function.

* Add benchmark for equivalence hashing.

* Fix equiv. cache invalidation of Node condition.

* fix neg e2e test

* Increase KUBE_PARALLEL_BUILD_MEMORY to 40G.

* Tag Security Group created for AWS ELB with same additional tags as ELB

* Adding downgrade test for ingress-gce

* Fix bug in dockerized benchmarking script

* Created bootstrap logic for vSphere test

* Removal of KubeletConfigFile feature gate: Step 1

* selinux/mustrunas_test.go(TestMustRunAsValidate): add more test cases to improve code coverage.

* selinux/mustrunas_test.go(TestMustRunAsValidate): make PSP SeLinux options configurable.

* selinux/mustrunas_test.go(TestMustRunAsValidate): rename a member to make its meaning obvious.

* Update autogenerated files.

* PSP: when comparing categories in SELinux levels, ignore its order.

* bump version of addon manager

* Ensure config has been created before attempting to launch ingress.

* switch hyper to cobra

* Create benchmark results file before writing to it

* kube-apiserver flag --admision-control is deprecated, use the new --enable-admission-plugins

* Add list of pods that use a volume to multiattach events

* Don\'t bind PVs and PVCs with different access modes.

* run update code-gen

* remove newline after range

* Add preferred self anti-affinity to kube-dns pods

* Make the pause image a manifest list

* add e2e test for bound/unbound pv/pvc count metrics

* Distinguish service unavailable errors in client-go

* By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access.

* move service account signing to using go-jose

* resource version parsing should all be in one place

* godep: vendor gopkg.in/square/go-jose.v2/jwt

* Use SSH tunnel for webhook communication iff the webhook is deployed as a service

* Add some more azure unit tests.

* vclib: update bazel

* vclib: add VirtualMachine tests

* vclib: add Folder tests

* vclib: add Datastore tests

* vclib: add test constants for use with vcsim

* Add better event handling for deleted Pods

* generated

* add apiregistration v1

* Adding network spaces support for kubeapi-load-balancer.

* update if statement

* Adding network spaces support for kubernetes-master.

* Update README.md with punctuation improvements

* Return ServiceUnavailable error consistently from proxy

* Skip unavailable services during e2e remaining content check

* Wait for healthy extension server before registering APIService

* Checked node.Unscheulable in Toleration predicate.

* Add a e2e test for binary data in configmap

* run a full round trip scenario

* generated code and docs

* Add support for binary file in configmap

* Add a container type to the runtime labels

* Openstack: Fill size attribute for the V3 API volumes

* update bazel BUILD

* ignore no such address error when unbind ip for IPVS service

* Fix possible panic when getting primary IPConfig

* Reduce verbose logs

* Expose the generate stub for compute API

* Fix logs message formating

* Fix non-interface type ErrResourceNotFound on left

* Remove salt configuration from the fluentd-gcp configuration.

* Add additional unit tests.

* fix invalid admission name LimitPodHardAntiAffinityTopology

* Update Instances to use generated code

* Improve the upgrade test for ingress.

* Add gce-ingress e2e test for sync failure case

* Force use of Makefile for update

* kubectl: Use metrics-server for kubectl top commands

* Fixing some flake8 issues

* Refactor gcp.go methods for testability, add tests

* Use correct pv annotation to fetch volume ID.

* Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size.

* Don\'t run godep restore in jenkins verify

* don\'t stop informer delivery on error

* Use backup location to load cloud config for OpenStack

* Support out-of-tree / external cloud providers

* ref -> $ref

* run update bazel and staging-godep

* pass APIEnablement through apiserver chain

* Hide generated files only on github

* fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation.

* fix the wrong err print of assumepod

* Updated priority of mirror pod by PriorityClass.

* Use /proc/net/nf_conntrack.

* bugfix(mount): lstat with abs path of parent instead of \'/..\'

* Fix autoscaler deployment bug

* fix userid validation

* Update unavailable aggregated APIs to 503s instead of 404s

* Remove op field as it is no longer needed

* Moved func WaitForPersistentVolumeClaimBeRemoved Among Other WaitFor Functions

* Kubelet provides an updated and complete status of local-static Pods

* GCE: invalid location was used in regional and zonal operations

* Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value

* sync code from copy destination

* Update NEG to use generated code

* Fix master regex when running multiple clusters

* [e2e util] Remove static IP functions based on gcloud

* Fixes some typos/spaces in the GCE cloudprovider

* Resulting generated code

* Add logging in all generated GCE calls

* Generate bindata.go and k8s.mo

* dockershim: clean up the legacy interface

* switch to new detect-exeptiions plugin release 0.0.9

* use original pos filenames again

* dockershim: call DockerService.Start() during grpc server startup

* Fix all the unit tests and update the bazel files

* dockershim: remove the use of kubelet\'s internal API

* A couple of more changes: 1) revert the changes on assigning subnetwork_url from selfLink as it may break if using an overrided api endpoint; 2) update etcd version to the latest.

* Bump metadata proxy to v1.9

* Send correct resource version for delete events from watch cache

* generated

* Never let cluster-scoped resources skip webhooks

* fix provider-id bad param in local-up-cluster

* Adding support for changing default backend and nginx container images

* Make IsConnectionReset work with more error implementations.

* GCE: Check that the key is valid for each call

* GCE: Fix Valid() to check for proper region/zone names

* return reason for allowed rbac authorizations

* tolerate more than one gvklist item

* generated

* add options for min tls levels

* Skip log path tests when they are expected to fail.

* Benchmarking script pretty-prints results into a separate file

* Show all the annotations in ingress rules

* updated iamge & configmap versions

* updated fluentd configmap with 1.1.0 compatible version

* Remove github.com/juju/ratelimit

* Switch from juju/ratelimit to golang.org/x/time/rate

* Remove Saturation() from rate limiter interface

* updated fluentd-es-image to use fluentd 1.1.0

* Changing where the charm gets network addresses in order to support network spaces.

* Clean up error messages for pre-bound PVCs.

* Fix typo

* make kube-apiserver admission flag disable other plugins

* kubeadm: Allows to specify custom flag values for control plane components

* Fix UpdatePodWithRetries inline documentation

* Add Namespace to glusterfs custom volume names.

* use GetUniqueVolumeNameFromSpec instead of implementing it manually

* Update TargetPool to use generated code

* Openstack: register metadata.hostname as node name

* testcase to pkg/kubelet/cadvisor/util.go

* Update Zones to use generated code

* Update bazel

* Update Routes to use generated code

* run update bazel

* update admission test cases

* refactor admission flag: add two admission flags and make plugins auto in recommended order

* Uncomment the call to upgrade.sh

* Remove getOldSecurityGroupName() from OpenStack cloud provider

* Get windows kernel version directly from registry

* fix event message when processing loadbalancer update

* Minior changes on comments.

* Minior changes on comments.

* A couple of minior changes: a) fetch the subnetwork url from subnets describe command rather than compose it from env vars; b) explicit specify etcd version env vars before running upgrade.sh to avoid prompt.

* Add liggitt to hack approvers

* add pkg/util/ipset OWNERS file

* Remove ignoring of object not found on deletion

* Fix reference to Items in internal load balancer

* Update bazel

* Update Forwarding rules to use generated code

* Update bazel

* Update Firewall to use generated code

* Update bazel builds

* [GCE cloud provider] external lb - move target pool operation into its own function

* [GCE cloud provider] Update hosts in EnsureLoadBalancer()

* Update TargetProxy to use generated code

* Update e2e test utils with the new interfaces

* Update InstanceGroup to use generated code

* Update Certs to use generated code

* Update Healthcheck to use generated code

* Update BackendService to use generated code

* Update UrlMap to use generated code

* Update Addresses to use generated code

* Use the pkg_tar wrapper from kubernetes/repo-infra

* Bump bazelbuild/rules_go and kubernetes/repo-infra to tip

* Add multi-vc configuration for e2e tests

* Update cluster addon Calico to v2.6.6

* Remove apiVersion from scheduler extender example configuration

* CHANGELOG: feature flag is \"AdvancedAuditing\" not \"AdvancedAudit\"

* Update code for GCE cloud provider

* Add handling for method that use Pages() to retrieve results

* Fix flake8 lint error in kubernetes-master charm

* Update CHANGELOG-1.9.md for v1.9.2.

* trace patch operations

* uniquify resource lock identities

* Update generated code

* Enable privileged containers for apiserver and controller

* make the kubelet cobra command complete

* handle scheduler without exposed ports

* Ability to specify OS_
* variables for OpenStack configuration

* Add apiserver metric for number of requests dropped by \'inflight-request\' filters.

* make the controller manager create and use a valid cobra command

* admit upgrading storage class of pvc from beta annotation to spec field

* run update bazel

* upgrade to apps/v1 deployment

* fix some typos in comments

* Promote SS to apps/v1

* Fix loading structured admission plugin config

* Surface error loading admission plugin config

* fix a little typo in BalancedResourceAllocation

* remove duplicated check of device path in aws attacher

* kubeadm: remove Initializers (still in alpha) from admission control

* Enable --external-cloud-volume-plugin/--provider-id for local-up-cluster

* Update gce call to use wrapper in gce_loadbalancer_external

* inject 60 second interval in deployment rollout

* new testcases to util.go

* configurable scopes for gcp default credentials

* Better check for GCE VM

* apps api is now stable, use it

* Add deprecation warnings for rktnetes flags

* Update release note links for 1.10

* kubelet: imagegc: exempt sandbox image

* Adding support for custom TLS ciphers in api server and kubelet

* client-go: fix bootstrap token imports

* Rework method of updating atomic-updated data volumes

* low hanging fruit for using cobra commands

* bump addon version in makefile

* Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set

* Track run status explicitly rather than non-nil check on stopCh

* Update comments for getting and removing loopback device at iSCSI,FC,RBD

* Reduce Metrics Server memory requirement

* handle uniquified holder identities

* set fsGroup by securityContext.fsGroup in azure file

* hack/update-swagger-spec.sh(cleanup): fix signal handler to really cleanup etcd and minor improvements.

* create auto-gen files

* Add generic Bootstrap Token constants and helpers to client-go

* Delete redundant symbols

* Recheck if transformed data is stale when doing live lookup during update

* Add get volumeattachments support to Node authorizer

* Plumb versioned informers to authz config

* Fixed spelling of Promethus to Prometheus

* improve error message for expired tokens

* remove duplicated import

* Update CHANGELOG-1.8.md for v1.8.7.

* fail earlier on discovery failures

* Allow version arg in \"kubeadm upgrade apply\" optional

* remove flaky label from eviction tests

* Change default volume source to regular emptydir for e2e volume servers

* hack/update-swagger-spec.sh: when API server fails to start, show the last lines of logs.

* cluster: delete saltbase

* cluster: remove gce dependencies out of salt

* cluster: remove centos dependency on saltbase

* azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request

* say which lease is being acquired

* Call Dial in blocking mode

* Regenerating code of fake clientset

* fix(fakeclient): write event to watch channel on add/update/delete

* fix azure TestGetInstanceIDByNodeName data race

* Benchmark non docker specific

* move prometheus init to k8s.io/apiserver/pkg/endpoints/metrics/metrics.go

* bump(gopkg.in/yaml.v2): 670d4cfef0544295bc27a114dbac37980d83185a

* auto generated code

* Add fsType for CSI

* Add support for submitting/receiving CRD objects as yaml

* Return correct error when submitting patch in unsupported format

* Add error helpers and constants for NotAcceptable and UnsupportedMediaType

* Add more unit tests

* Fix azure fake clients: use pointers

* Rename filenames for clear

* Convert nodeName to lower case for vmss instances

* Create Conformance document to display all tests that belong to Conformance suite

* Log message at a better level

* Limit all category to apps group for ds/deployment/replicaset

* csi: Fix versioning error message

* Fix comparison of golang versions

* remove outdate package

* Return the correct set of supported mime types for non-streaming requests

* Update generated files

* admission: do not leak admission config types outside of the plugins

* cmd/kube-apiserver/app/aggregator.go: add comments for explaining the group/version fields.

* Add script to run integration benchmark tests in dockerized env

* Review fixes

* Show findmt command output in case of error

* kubectl scale: support Unstructured objects

* unstructured helpers: print path in error

* remove invalid and useless functions from unit test

* Extend the ListNextResults methods with the resource group and instrument them

* Remove unused code in UT files in pkg/

* use shared informers for TokenCleaner controller

* Rename func name according TODO

* add ut for localhost nodeport

* fix nodeport localhost martian source error

* fix some bad url

* Updated PID pressure node condition.

* Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9

* cluster: move logging library to hack/

* periodically flush writer

* cluster: remove support for cvm from gce kube-up

* cluster: remove kube-push

* fix typeos in cloud-controller-manager

* -Add scheduler optimization options, short circuit all predicates if one predicate fails

* Added metrics for preemption victims, pods preempted and duration of preemption

* Improved readability for messages being logged

* Remove vmUUID check in VSphere cloud provider

* Remove salt support for providers that no longer exist.

* Check grpc server ready properly

* Use the bazel version check function from bazel-skylib

* Revert \"Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD\"

* Install gazelle from bazelbuild/bazel-gazelle instead of rules_go

* Adjust the Stackdriver Logging length test

* Bump runc to d5b4a3e

* Bump fluentd-gcp version

* hack/generate-bindata.sh: make output cleanly by suppressing pushd/popd output.

* Fix endpoint not work issue

* The lbaas.opts.SubnetId should be set by subnet id.

* add KUBE_ROOT in directory

* Instrument the Azure API calls for Prometheus monitoring

* the changes introduced in this commit plumbs in the generic scaler into kubectl.

* Use GinkgoRecover to avoid panic.

* Use linux commands instead of docker commands.

* Build files generated

* Metrics for predicate and priority evaluation

* use shared informers for BootstrapSigner controller

* fix a typo

* update generated code

* Set pids limit at pod level

* Get the node before attempting to get its Alias IP ranges

* Fix CHANGELOG urls for release 1.9.1

* Removing Flexvolume feature tag in e2e tests and alpha tag in Flex path arguments because Flexvolume is now GA.

* Fix golint errors on test/e2e/e2e.go

* Fixing logs for cri stats

* bump(k8s.io/kube-openapi): a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3

* remove OpenAPI import from types

* [FC Plugin] Create proper volumeSpec during ConstructVolumeSpec

* Add kawych to Metrics Server owners

* add hostPorts to pod describer

* remove provides which has been deleted

* fix windows ut for proxy mode

* Fixed crash when path has multiple leading slashes

* Update bazel.

* Add custom volumename option to GlusterFS dynamic PVs.

* Remove the deprecated vagrant kube-up implementation.

* Add e2e test logic for device plugin

* Add zouyee as a reviewer for the cluster/centos directory.

* Don\'t rewrite device health

* fix ipvs proxy mode kubeadm usage

* add number measurement for bound/unbound pv/pvc

* integration: add retries to node authorizer tests

* Add `cloud` for the generated GCE interfaces, support structs

* Fix quota controller worker deadlock

* Create a feature flag for sharing PID namespace

* remove support for container-linux in gce kube-up

* Fix cadvisor flag registration for cross build

* remove deprecated photon controller

* added fluent-plugin-detect-exceptions plugin to fluentd-es-image

* Fix policy conflict in the CPU manager node e2e test.

* Mark kubelet PID namespace flag as deprecated

* manuallly handle encoding and decoding in the scale client

* move detach out of os volumes attach

* generated code for iSCSI plugin change

* Block volumes Support: iSCSI plugin update

* fix for local-up-cluster.sh bad cloud_config_arg

* added fluent-plugin-detect-exceptions plugin to fluentd-es-image

* fixed some bad url

* Fix bug:Kubelet failure to umount mount points

* Add volID based delete() and resize() if volID is available in pv spec.

* Add azClientConfig to pass all essential information to create clients

* typo of errUnsuportedVersion

* Fix lint and bazel

* Clean up azure rateLimiter and verbose logs

* Add wrappers for azure clients

* Remove options.md, which is outdated and doesn\'t contain any useful information.

* Move common functions together

* All Kubelet flags should be explicitly registered

* Revert \"no need delete endpoint explicitly in endpoint controller\"

* Update generated code to stable order

* hack/ scripts to keep the generated code in sync

* cmd/kubectl: fix broken error formatting for run

* Remove glog dependency in the generator

* Fix gofmt

* Ignore golint failures for bad compute API names

* Clean up documentation.

* BUILD

* Hand written unit test for exercising the mock

* Special custom code for handling the Projects resource

* Generated code (see gen/main.go for the source)

* support interfaces for the generated code

* code generation

* long running operation support

* documentation

* Implementation of the compute \"filter\" handling for List()

* \"meta\" type descriptions used for code generation

* Support utilities

* Remove aws from the cluster/ directory.

* Remove the empty vsphere directory from cluster/

* Let mutating webhook defaults the object after applying the patch sent back by the webhook

* Treat staging repos as authoritative for all files

* Remove unnecessary docker specific logic in node e2e test.

* Add getCRIClient and set default values for CRI related flags

* removed deprecated libvirt-coreos kube-up/ from cluster

* remove deprecated openstack heat

* removed deprecated windows install script from cluster

* make controller port exposure optional

* [kubeadm] Bump kube-dns to 1.14.8

* Move some old security controls to KubeletFlags and mark them deprecated

* etcd client: add keepalive

* kubeadm: more random tokens

* Add volumemetrics for glusterfs plugin.

* Handle Unhealthy devices Update node capacity with sum of both healthy and unhealthy devices. Node allocatable reflect only healthy devices.

* Make code generators log to stderr by default

* Refactor retry logic away from updateCIDRAllocation()

* Fix vm cache in concurrent case

* [Kubectl] Update RunCreate to follow more conventions

* Fix exists status for azure GetLoadBalancer

* Update spec dependency to point to 0.1 tag

* run update bazel and staging-godep

* refactor customresource handler

* remove unnecessary function getBuggyHostportChain

* fix rbd ConstructVolumeSpec bug

* update apiserver key/crt with a long expire time

* Abstract cmd valid args get behind the factory

* Refactor HostIP predicate algorithm

* Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup.

* Renews cached NodeInfo with new vSphere connection

* enable on-demand metrics for eviction

* generated: update staging godeps

* client-go: remove import of github.com/gregjones/httpcache

* Add vSphere Cloud Provider simulator based tests

* Update vmware/govmomi godeps

* Allow oadm drain to continue w ds-managed pods w local storage

* pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests.

* include kube-dns deployment check

* Bump fluentd-gcp image used to 2.0.13

* Add gnufied as AWS approver.

* Add jsafrane as util/mount approver.

* Fixed TearDown of NFS with root squash.

* Enable support for etcd3

* Add support for cloud-controller-manager in local-up-cluster.sh

* Containerized kubelet is no longer experimental

* remove deplicate func

* Add CustomResourceValidation example in sample-controller

* add remount logic if original mount path is invalid

* fix csi attach ut print

* fix csi mounter ut print

* use danglingerror

* Fix build and test errors from etcd 3.2.13 upgrade

* Update staging deps for etcd 3.2.13 version bump

* Version bump to grpc-gateway v1.3.0

* Version bump to grpc v1.7.5

* Version bump to etcd v3.2.13

* tiny fix

* fix populateDesiredStateOfWorld bug for attach/detach controller

* Fix Typo in apiserver README

* forbid unnamed context

* Add test coverage for metrics/utilization.go

* use sets.String to replace slice when sort []string

* update bazel

* remove useless service watch in APIServiceRegistrationController

* Adding support for Block Volume to rbd plugin

* Make sure is not nil

* Add proxy_read_timeout flag to kubeapi_load_balancer charm.

* fix typos in kubectl pkg

* Do not set BaseURI again

* add folder named custom in gce

* Fix scheduler refs in BUILD files.

* Move scheduler code out of plugin directory.

* Update kube-dns to 1.14.8

* Remove dependency on v1 API in base credential provider

* Remove mikedanese from kubeadm owners since he\'s no longer actively working on the project.

* Kubeadm: clean up MarshalToYamlForCodecs

* Fix local e2e test with changed error message

* Use existing subnetwork of forwarding rule

* Fix errors in Heapster deployment for google sink

* Re-add nodecontroller OWNERS file

* Removing duplicate import

* Add RESTClient Custom metrics empty test

* Small improvement of showKind get

* Enable list option modification when create list watch

* Fix a broken link in the fluentd-elasticsearch addon README

* Add fake clients

* Add generic interface for Azure clients

* Add FailedPostStartHook error message.

* Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1

* fix-bug: version info should be printed when failed to execute \'kubectl apply -f XXXXX\'

* fix bug of swallowing missing merge key error

* e2e node framework can generate a base kubelet config file

* Changed return of empty string to raise an exception as it should have been from the beginning.

* Split the NodeController into lifecycle and ipam pieces.

* Fix ExternalAddress parsing problem under IPv6

* Update CHANGELOG-1.9.md for v1.9.1.

* dockershim: bump the minimum supported docker version to 1.11

* Fixing typo in e2e test variable

* Update pause container version to 3.1

* Minor commenting fixes for Azure Disk Controllers from CR

* Allow kubectl set image/env on a cronjob

* refactor function CalculateAntiAffinityPriority by using map/reduce pattern

* fix possible panic

* Add workaround for removing VMSS reference from LB

* Update Azure GO SDK to v12.1.0

* Remove comments in get-kube.sh that imply support for environments that were removed long ago.

* update bazel

* remove hard coding Namespace

* fixed the some typo in eviction_manager

* delete the unused function in kubectl

* Return actual error when backoff fails

* fix-binary-check-cephfs

* Clarify error messages in HPA metrics

* Auto generated BUILD files

* Add kubeproxyconfig round trip test

* Move local PV negative scheduling tests to integratiom

* validate admission-control param

* Honor make variable OUT_DIR.

* Make ConfigOK status messages more human readable by including the API path to the object instead of the UID

* periodically check whether assigned kubelet config should become last-known-good

* Avoid error on closed pipe

* Invalidate resource requirements on extended resources with only request set.

* Improve comments for Azure Blob Disk Controller

* Move DefaultMaxEBSVolumes constant into scheduler

* Add myself in kubeadm reviewers

* More default fixups for Kubelet flags

* Bump fluentd-gcp version

* unify the print of pod metadata

* prefer /dev/disk/azure/scsi1/ over by-id for azure disk

* Double check before setKubeletConfiguration

* Remove unused command waitfordetach from flex volume driver

* Remove VirtualMachineClientGetWithRetry

* Pass RecommendedConfig into ExtraAdmissionInitializers

* Simplify extra initializer logic

* Remove exists return value from getVirtualMachine

* Update generated files

* Run godep-save.sh and update-staging-godeps.sh

* ignore nonexistent ns net file error when deleting container network

* Update gengo version

* RBD Plugin: Fix comments and remove unnecessary locking code.

* [PSP] always check validated policy first for update operation

* fix expand panic

* format error message and remove duplicated event for resize volume failure

* Optimizing the implementation of the error check for PriorityClass

* Split auth related config for Azure

* remove /k8s.io/kubernetes/pkg/kubectl/testing

* Run update-api-reference-docs.sh.

* Removing bootstrapper related e2e tests

* Bump metadata proxy and test versions

* Generate specs after fixing typo in documentation.

* Fix typo in field description.

* Update to latest gophercloud

* Add \'exec\' in all saltbase manifests using \'/bin/sh -c\'.

* kube-proxy: fix field name comments & json tags

* Configurable liveness probe initial delays for etcd and kube-apiserver in GCE

* Do not time-out profiler requests.

* remove redundant deleting endpoint explicitly in endpoint controller

* edit line138

* create ipvs clusterIP rules in onlyNodeLocalEndpoints mode

* Bump Metrics Server to version v0.2.1

* Regenerate all generated code

* Add generated runtime and generated device plugin to update-all

* fix type error in cteate Memory Threshold Notifier

* Update boilerplate for 2018

* Print the full path of Kubeconfig files.

* [garbage collector] fix log info

* add test for syncvirtualServer

* Add more verbose logs

* Update CHANGELOG-1.7.md for v1.7.12.

* Improve the error message.

* fix ipvs virutal server update

* add fake.DeleteRealServer UT

* Modify ipvs real server equal

* Fix vmss listing for Azure cloud provider

* remove unused input param

* process pvc watch deletion event miss in expand-controller

* optimize volumeResizeMap lock

* Use the regionless mirror alias

* Updated local-volume boostrapper/provisioner e2e test for new config format

* Use GA API for managing addresses

* Add \'ProviderID\' to the output of kubectl describe node....

* fix local up cluster startup flag bug

* update bazel build files

* Remove useInstanceMetadata param from Azure cloud provider

* Remove redundant sleep from ReRegistration unit test case

* Reduce VirtualMachineScaleSetsClient#List calls

* Fix typo of compute.VirtualMachinesClient

* Replace --init-config-dir with --config

* Fix TestCadvisorListPodStats failure under mac/darwin

* kubeadm: set kube-apiserver advertise address using downward API

* Add owners file for test images

* Add OWNERS file to pkg/bootstrap/api

* Auto generated BUILD files.

* Refactoring ValidateUsages for for bootstrap tokens.

* Fix PodCIDR flag: defaults come from the object, not as literal args to the flag function

* some code change

* bump pflag

* update vendor spf13/cobra to enforce required flags

* update kubeadm validation test to fix test error

* validate --hairpin-mode in kubelet config

* fix wrong hairpin-mode value

* Fix kubeadm upgrade unit test failure.

* Support multiple scale sets in same cluster

* Update DNS version in kubeadm of 1.10 cycle.

* Switch go binaries from (hacky) static to pure Go

* Update helper scripts to find binaries in new bazel-bin paths

* Use race=\"off\" mode instead of disabling race feature

* Autogenerate BUILD files

* Bump rules_go to 0.8.1

* remove dead code in pkg/api

* [quota controller] remove extra queue.Add()

* Fix a race in the endpoint.go

* Use multi-arch pause image for tests

* Revert back #57278

* metrics: make IMPLEMENTATIONS.md and CONTRIBUTING.md authorative in k/k

* Revert k8s.gcr.io vanity domain

* Fix AWS NLB delete error

* Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD

* Expose all GCE cloud proivder services versions, not just the GA API

* Disable the DNS autoscaler test in large clusters.

* Add cache for VirtualMachinesClient.Get in azure cloud provider

* use /dev/disk/by-id instead of /dev/sd
* for azure disk

* Add fake clients for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient

* Add generic interface for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient

* add error string reference

* rename key

* dynamic config test: use a hyphen between the config name and the unique suffix

* Performance improvement for affinity term matching.

* Changing ingress from manually scaling rc to a daemon set.

* Refactor kubelet config controller bootstrap process

* add podtolerationrestriction config to scheme

* Requeue unobserved nodes in attemptToDelete

* Allow integration test timeout override.

* Avoid array growth in FilteredList.

* Update vendor of google.golang.org/api repo

* Update CHANGELOG-1.8.md for v1.8.6.

* Avoid string concatenation when comparing pods.

* fix incorrect comment

* Fixed typos and made documentation more consistent

* add eventratelimit config to scheme

* RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one.

* hack/local-up-cluster.sh: improve messages when script was running with ENABLE_DAEMON=true

* Ensure dependents are added to virtual node before attemptToDelete

* Fixed space/tab indentation

* Get automatically created subnetwork if none is specified

* Merge 3 resource allocation priority functions

* [kubelet]fix unstandardized function name, rename new() to newSourceFile()

* Fix a bug in validating node existence.

* Print/return the text from a number of errors that were silent before.

* Update nfsprovisioner image to v1.0.9 to fix annotation race with pv controller

* Auto generated BUILD file

* Cleanup api service before namespace deletion.

* iscsi: set node.startup to manual

* Send an event just before the Kubelet restarts to use a new config

* Add scheduler benchmark tests for affinity rules.

* Set a minimum b.N for scheduler_perf benchmarks.

* Add code-of-conduct.md to staging repos

* gce: reorder authorizers

* Move multizone volume tests to separate file and update multizone volume tests to only allow gce and gke

* Update cluster-roles.yaml

* Update policy.go

* Update code-of-conduct.md

* Fix problem accessing private docker registries

* security_context_test.go(TestVerifyRunAsNonRoot): add more test cases.

* Add custom metrics e2e test with two metrics.

* Even better

* Much better

* reason key should exist

* Evicted pods should respawn

* client-go: Fix broken TCP6 listen for port forwarding

* using consts to refer to predicate names

* test: e2e: support NFS test on overlayfs

* Renamed func name according to TODO.

* cleanup useless functions and variables

* update bazel BUILD

* fix ipvs/proxier_test.go compile error

* add tests in ipvs/ipset_test.go

* Add \'/version/
*\' to the system:discovery role, since that\'s what the open api spec says.

* fix a typo

* node_e2e: do not return error if Docker\'s check-config.sh fails

* Refactor service controller to common controller pattern

* update bazel BUILD

* replace syscall with sys/unix pkg

* fix todo in \'ipvs/proxier.go\'

* implement fakeIPSet in ipset util

* Support passing kube-scheduler policy config

* Deprecate the alpha Accelerators feature gate.

* add semver metadata regex

* fabiano no longer a thing

* Collect all the assorted image URLs from e2e tests in one place

* check function return err

* improve code comment

* Revert \"Version bump to etcd v3.2.11, grpc v1.7.5\"

* apimachinery: fix typos in README

* Use old dns-ip mechanism with older cdk-addons.

* Add --retry-connrefused to all curl invocations.

* Pointing juju charms to 1.9

* printFlexPersistentVolumeSource: fix format.

* log error when error occur in CleanupLeftovers()

* Do not require the linux headers to be installed.

* Do not require the vim package to be installed

* Move output and url checks under raw flag condition

* apimachinery: remove dead code from roundtrip tester

* add Dong Liu as approver and add OWNERS in credentialprovider

* Build and push 3.1.11 etcd image

* Revert \"Add --retry-connrefused to all curl invocations.\"

* Add a version string to pause.c

* Add more validate conditions when run kubectl get with --raw

* Minor lint fix

* fix typos

* cleanup useless functions in pkg/quota/evaluator/core/services.go

* Update CoreDNS version and Corefile.

* Auto generate BUILD files.

* Use apps/v1 API in kubeadm.

* Add azure owners

* Cacher stopLock should be unlocked

* e2e: CSI Volume tests

* using RoundUpToGB function directly

* Fix build and test errors from etcd 3.2.11 upgrade

* Update staging deps for etcd 3.2.11 version bump

* Version bump to grpc-gateway v1.3.0

* Version bump to grpc v1.7.5

* kubeadm upgrade: fix unit test

* Version bump to etcd v3.2.11

* adds generic scaler to kubectl

* Add CHANGELOG-1.10.md for v1.10.0-alpha.1.

* e2e_node: use newer util-linux

* e2e_node: use mktemp when building nsenter on trusty

* add watch to requirements for quota-able resources

* Add PodSecurityPolicy OWNERS

* Add comment to gce config files advising to not use empty scopes

* Seperate loop and plugin control

* e2e test layout changes for vsphere (#398)

* Remove hard-coded pod-controller check

* implementing predicates ordering

* Fix garbage collector when leader-elect=false

* gcloud docker now auths k8s.gcr.io by default

* Use k8s.gcr.io vanity domain for container images

* wait for kubedns to be ready

* Abstract some duplicated code in the iptables proxier

* add --pod-selector opt kubectl drain

* Fix Stackdriver Logging e2e tests

* add deads to quota owner

* If minimum mig size is 0, resize to 1 before running test

* Add --retry-connrefused to all curl invocations.

* Use GetDryRunFlag to keep consistent

* Add test for Cider ExpandVolume

* Reduce CPU and memory requests for Metrics Server Nanny

* add not found error for ipset set and entry delete

* Fix minor err in kubeadm

* fix accessmode mapping error

* Fix LB lint errors

* remove useless function hasHostPortConflicts

* Auto generated BUILD files.

* Remove kube-proxy 1.8 configmap and daemonset manifests in kubeadm.

* PVC Protection Alpha Feature E2E Tests

* Propagate error up instead panic

* Restrict url check conditions when creating with --raw

* Look for requested resources in the Requests

* update bazel BUILD

* add fake ut

* test get node IP

* add pkg/util/ipvs OWNERS file

* correct the annotations in container_manager.go

* reapplied the changes after merge

* minor fixes

* get rg inside \'ensure\' methods

* delete pip by matching name and rg

* annotate service with resource group

* Allow use resource ID to specify public IP address in azure_loadbalancer

* kubeadm: Only check for well-known files in preflight

* COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming.

* Fix GCE CreateVolume allocates in chunks of GiB incorrectly

* remove unuse code in cloudprovider

* [cloudprovider]should reuse code rather than rewrite it

* Refactor TestPodContainerDeviceAllocation to make it readable and extensible

* Don\'t create PSP binding when RBAC is not enabled

* Add vikaschoudhary16 as reviewer in pkg/kubelet/cm/deviceplugin

* fix magic string for runtime type

* fix ipvs proxier nodeport

* bump netlink version because of we need to use new version RouteListFiltered

* Record volumeID in GlusterFS PV spec.

* Update kubeadm\'s minimum supported kubernetes to 1.9.

* remove white space on glogs

* Fixed kubelet error message to be more descriptive. Added Attach success event for help in debugging.

* Update CHANGELOG-1.9.md for v1.9.0.

* Fix a typo and improve some documentation.

* Do not use AddCleanup

* Autogenerated code

* Update detach logic for block volume if devicePath is empty

* Pointed to community/contributors/guide/README.md

* Use pod nanny configured with ComponentConfig in Metrics Server

* Use pod nanny configured with ComponentConfig in Heapster

* Fix format string in describers.

* Register metav1 types into samplecontroller api scheme

* remove FilterFunc and use SelectionPredicate everywhere

* Remove unused well_known_labels in kubeadm.

* Generated files

* Process cluster-scoped owners correctly

* make sure that \'ldflags\' are spaces safe

* update bazel

* add admission into RecommendedOption

* typo wrong, not \"namespace\", but \"secretName\"

* Remove mutation from pvc validation

* Improve error messages and comments in KubeAdm.

* refactored mount, attach, resize operation\'s so that all failures generate events and event generation is more consistent.

* generated: revendor

* pkg/controller/bootstrap: update jose package

* Use an s390x default-http-backend

* Add e2e test for custom metrics with Prometheus and Stackdriver

* Reduce CPU request of Dasboard addon

* remove dependency from cobra, only use option test init flag

* Adding myself as a reviewer to aws credentialprovider

* Adding myself as a reviewer to aws cloud provider

* Raise RBAC DENY log level

* Refactor flex pv to allow secret namespace

* gce: split legacy kubelet node role binding and bootstrapper role binding

* Move \'DefaultTerminationGracePeriodSeconds\' into a separate const group

* GCE: bump COS image version to cos-stable-63-10032-71-0

* Modified local-volume provisioner e2e tests to use bind mounts

* kubectl: point info url to user guide overview

* Schedule Calico components even on tainted nodes

* Fix admission metrics tests

* Fix NLB icmp permission duplication

* Test probe for redirect endpoint

* added more description for flag \'--watch-cache-sizes\' to make the format of the flag clearer.

* update staging godeps

* Update debian setup script to match GCI.

* allow convert to default on a per object basis

* make quota reusable

* expose special storage locations for downstream consumption

* fix incorrect log

* replace ConfigFast with ConfigCompatibleWithStandardLibrary

* add benchmark for ConfigCompatibleWithStandardLibrary

* fixed typo in kubeadm/v1alpha1/defaults.go

* Kubectl: Move no-headers flag get out of for loop

* bump(github.com/json-iterator/go): 13f86432b882000a51c6e610c620974462691a97

* auto generated file

* enhance kube-schedule init flag

* Fix unit tests

* Add load balancer implementation of vmSet

* Initialize vmSet based on vmType setting and call vmSet interface instead of azureClient

* Add availability sets implementation of VMSet interface

* Add scale set implementation of VMSet interface

* Add a general VMSet interface for both scale sets and availability sets

* Define default role for full kubelet API access

* Enhance proxy mode validation

* added defaults for --watch-cache-sizes description.

* make kube-dns addon optional

* Check ns setup error during e2e

* Extend YAMLDecoder Read tests

* Add VolumeMode in GlusterFS PV spec.

* Remove trailing commas from test-swagger.json

* Add tests for accept content-type fallback

* Add e2e test for when a webhook does not return.

* gce: tighten up perms on kube-env

* Fixes issue#392.

* check for empty label before assigning

* apilb template writes a log file to /var/log/nginx.
*.log and not into the nginx directory where the log rotation is setup. Adding a log rotation file for these logs.

* Display apiGroups before resources in PolicyRule

* remove useless validation from pod\'s resourcequota admission

* remove internal version api from apply

* ignore images in used by running containers when GC

* check and set promiscuous mode with netlink because vishvananda/netlink already supports it

* Sort default cidrs for reproducible builds

* Fix YAMLDecoder Read behaviour

* remove dead code

* typo

* Make AWS attach/detach operations faster

* examples: Make messages more informative

* LimitRange ignores objects previously marked for deletion

* Remove unused federation docs

* Remove unused ScrubDNS interface from cloudprovider

* Remove ExternalTrafficLocalOnly from kube_feature gate

* Reword double negative; link to readme

* HugePages feature is beta in 1.10 release

* Convert scheduler_perf tests to use subtest.

* Add xfsprogs to hyperkube baseimage

* Decrease the number of completions for flaky test

* Bump fluentd-gcp version

* fix rbd volume plugin ConstructVolume

* enable flexvolume on Windows

* Remove unused code in pkg/api/,pkg/apis/

* refactor getting uninitialized in kubectl get

* old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go

* Use gcloud beta instead of alpha for alias ops.

* Update kube-up.sh

* Add resource limits to prometheus-to-sd to guarantee qos

* Improve etcd-version-monitor metrics proxying, add etcd 3.1 gprc metric support

* Add ConnorDoyle as approver in /pkg/kubelet/cm.

* Limit number of pods listed as master liveness check.

* enable podpreset by default in local up cluster

* Update CHANGELOG.md

* Fix a comment in hack/lib/version.sh about which tags are used to get the version.

* use gnu-cp in building etcd image

* Update the comments on webhook failure policy.

* Drop using cloud provider to set host address feature

* Typo

* update type-check to use printers.PritnHandler

* ensure PrinterForCommand is consumed through cmdutil.Factory

* remove dead code in lifecycle admission

* also check pod securityContextt hostNetwork in exec admission controller

* Ensure PVL controller is next pending initializer before labeling the PV

* Remove useless error

* Use hostname for CCM resource lock id

* warn if kubectl create with extra argument

* outdent err block

* Hit ILB endpoint in ILB e2e test

* Use struct key for TLS cache

* Update systemstat9 to allow compilation on OSX

* Set NON_MASQUERADE_CIDR in gce/config-test

* fluentd-elasticsearch add-on: Improve README

* Fix typo

* rename mustrunas to capabilities

* Remove hacks added for mesos

* Simple code and typo fixed.

* Move some tests to use go sub-test

* Fix issue #390

* Add e2e test for volume resizing

* Fix typo in test comment.

* Cleanup for service API validation

* fix wording in kube-scheduler warning

* Fix flake8 error

* Add job controller test verifying if backoff is reseted on success

* kube-apiserver: fix runtime-config flag docs

* should not ignore return messages from wait function

* remove deadcode

* remove unnecessary condition judgement

* Fix a typo in kubectl/diff cmd long description.

* Auto generated BUILD files.

* Move some kubelet constants to a common place.

* fix error typo of rbd volume teardown

* use rbac client with explicit version

* Revert changes in sync.go and sync_test.go as the error it intends to resolve becomes transient.

* Add rbac policies for NetworkPolicy

* Add hyperkube to make quick-release

* Fix session out issue while creating volume and error message coming up while attaching the volume

* Remove do-restart states

* Change Auto-Repair e2e test tags.

* Update bazel

* conversion-gen: add godocs for peer dirs

* client-gen: use --output-package instead of --clientset-path

* code-gen: uniform reusable main.go logic

* remove extra level check of glog

* return error when create azure share failed

* new testcase to cgroup_manager_linux.go

* fix typo

* Heap is not thread safe in scheduling queue

* relax server list option, set Blackhole field

* Heketi documentats incorrectly about sizes in GBs

* validate container state transitions

* security_context_test.go(TestVerifyRunAsNonRoot): remove unused variables.

* Fixed typo

* Addressing Comments from Code Review

* add better error handling for unstructured helpers

* Handling the case of an upgrade from a non-rolling master with resource change

* update bazel BUILD

* remove winkernel dead test code

* change default azure file/dir mode to 0755

* should check the return value of os.DiskIsAttached

* cleanup useless functions

* Improve handling of snap resources

* kubelet: include runtime error in event on CreatePodSandbox failure

* WIP: extend node e2e test suite with containerized Kubelet

* fix binary check for glusterfs.go

* The change in channels will be caught config change after the upgrade.

* fix bad output format for attaching pods

* fix scheduling queue unit test

* use ListByResourceGroup instead of List()

* auto-generated BUILD file

* completely remove the option to use auto-detect

* update bazel BUILD file

* test ipvs proxy mode when feature gateway set

* Change `GCEDiskAlphaAPI` to `DiskAlphaAPI`

* Fix master upgrade cornercases

* e2e: test containers projected volume updates should not exit

* use policy client with explicit version

* use authentication client with explicit version

* fix bug when cloud is nil

* Do not log trailing whitespace.

* test ipvs proxy mode when feature gateway unset

* refactor canUseIPVSMode and test it

* client-gen: separate input-base logic from CustomArgs

* client-gen: clarify clientset-api-path

* fix spaces around the /

* Cpu manager reconclie loop can restore state

* Log actual return code, not the default value.

* clean up failure domain from InterPodAffinityPriority

* fix typo and adjust import sequence

* e2e: Only create PSP if RBAC is enabled

* should check return err

* Validate IPVSConfiguration only when IPVS mode is enable.

* Add parent PR title to cherry-picked PR title

* Add test case for validate kube-proxy configuration.

* Improve kubeadm validation unit test coverage.

* Merge PR #56260 again.

* Add -s (--slient) option to curl.

* A couple of more changes. Specifically, a) make the same changes to master-helper.sh for gci as container-linux.sh does; b) revert changes to sync.go and sync_test.go.

* use core client with explicit version

* Send events on ip and port allocator repair controller errors

* admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value.

* admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value.

* Use file store utility for device plugin check-pointing

* Remove redundant code in container manager.

* export ENABLE_POD_PRIORITY_PREEMPTION=true to enable Pod priority and preemption

* Remove unused directories.

* Smoke test for OpenAPI paths in the test server

* update IPVS readme

* fix comment about PodAffinityTerm in api

* put pod controllerref to metadata

* fix binary check for nfs.go

* wrong number of args in apiserver/pkg

* Minor cleanup in kubeadm.

* Add test case for RunCreateToken

* Remove PVCLister and use informer directly.

* Skip pods that refer to PVCs that are being deleted

* Retry on adding secondary ranges to a subnet.

* declare in front

* Change wording in OpenStack Provider

* Add a missing ) to glog.Waringf.

* fix typos in this file

* Synced the changed made in PR #56260.

* HugePages require cpu or memory

* missing format args in apiserver/pkg/endpoints

* Use batch client with explicit version

* Addressed bowei\'s comments.

* Add NODE_LOCAL_SSDS_EXT to config-test

* return routes for unknown next hops

* CPU Manager panics on state initialization error.

* Add balajismaniam, ConnorDoyle node-e2e approvers

* hack: fix godep license parsing for gopkg.in packages

* Lowecasing the hostname on the known nodes entry

* use extensions client with explicit version

* Fix typo.

* refactor(service-controller/gce/ensureInternalBackendService): delete unused variable

* add more test case in TestValidateStatefulSet

* Lowercase hostnames when used as node names in k8s

* Trying to make error message similar to what is expected in tests

* remove useless const

* make quick-verify: make the output a bit more readable by showing script names without full paths.

* Fix test failure in sync_test.go.

* pkg/controller/garbagecollector/garbagecollector.go: fix string format.

* add mount options for azure disk

* exponential backoff with timeout

* fix ci problems

* fix some errors

* Using exponential backoff instead of linear

* modify some wording

* probeAttachedVolume improvement in Cinder

* delete useless params containerized

* some test enhance, comments enhance and duplicate code reduce

* Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE.

* Add docker-logins config to kubernetes-worker

* make k8s support cephfs fuse mount

* Auto generated BUILD files.

* Remove kubeadm fuzzer from api testing

* remove dead code

* refactor kubectl autoscale to use the new generator

* Use structured generator for kubectl autoscale

* Update for cronJob

* Replace type switches in Rollback with Visitor pattern

* fix download link for fedora libvirt vagrant box

* kubelet summary api test updates

* CPU manager no-op policy is on by default.

* Create sig-autoscaling-maintainers alias

* Remove incorrect dead code.

* Fix version indication for ServiceNodeExclusion

* Fix a typo in kubeadm/GetEtcdPodSpec

* Use `sets` instead of `for` statement in \"IsValidAuthorizationMode\"

* httpserver should be close since the issue has been fixed

* Added nodeAffinity in validation error msg.

* remove unused code in pkg/apimachinery

* pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function.

* add UT for apk/apis/core/toleration.go

* fix comment typo and use wait.Forever

* Kubectl explain now also prints the Kind and APIVersion of the resource

* NC should log the whole node condition.

* bug(cli):fix kubectl rollout status not recoginze resource namespace

* add UT for testapi.go

* CreateContainerSecurityContext: rename; modify its arguments intead of returning a copy.

* CreatePodSecurityContext: rename; modify its arguments instead of returning a copy.

* remove internal version api from kubectl label command

* remove internal version api from kubectl annotate command

* add more ipv6 support in userspace proxier

* move pod-check forward

* Simplify the sorting codes

* add apiServerCertSANs case for test GetAltNames

* update BUILD

* Use Error with no value format and fix typo error messages

* add unit test for replicaset

* add unit test for statefulset

* kubeadm: Utilize transport defaults from API machinery for http calls

* Append --feature-gates option iff TestContext.FeatureGates is not nil

* Make StatefulSet report an event when recreating failed pod

* #50598: Added NodeAffinity test case for nodeShouldRunDaemonPod

* #50598: Formatted code using gofmt

* Fix autoscaling API documentation

* Update daemon_controller_test.go

* #50598: Removed obsolete volume mount in TestNodeShouldRunDaemonPod

* #50598: Added more test cases for nodeShouldRunDaemonPod

* Fix protobuf generator for aliases to repeated types

* Use []byte in place of string in envelope.Service.

* Fix a typo in NewManager function

* refactor method to pkg/util/node

* Fix Makefile doc for quick-release

* The printing level for node updated failed info should be used WARNING type

* Add complementary unittest for kubectl logs

* COS: Keep the docker network checkpoint

* Update Quobyte API

* Should use Fatalf while need to format the output

* Bugfix: Update AddNodeaHandler error logs

* delete archive

* Correct TestUpdatePod comment

* Allow Ceph server some time to start

* allow setting --cgroup-parent for docker run commands

* remove unused comment

* fix defer

* Fix typo

* fix the bad code comment

* small tfix in cmd factory comment

* fix broken link

* git: Use VolumeHost.GetExec() to execute stuff in volume plugins

* fix incorrect comparison in /pkg/volume error message

* Fix typo in comment

* fix the typo of wtih

* delete unused const

Tue Jun 12 14:00:00 2018 mmeisterAATTsuse.com
- Require kubernetes-kubelet for kubeadm (bsc#1084765)

Mon Jun 11 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.2+81753b10df112992bf51bbc2c2f85208aad78335:

* Bump Heapster to v1.5.2

* Remove \'system\' prefix from Metadata Agent rbac configuration

* Use O_PATH to avoid errors on Openat

* Update event-exporter image

* Kubernetes version v1.10.1-beta.0 openapi-spec file updates

* Support new NODE_OS_DISTRIBUTION \'custom\' on GCE

* Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS

* Add/Update CHANGELOG-1.10.md for v1.10.0.

* e2e:Enable CSI tests

* Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure

* Ensure -o yaml populates kind/apiVersion

* Add pod deletion to subpath tests, and subpath as file with container restart

* Removed detailed internal storage metrics

* add udev to hyperkube and bump versions

* Backport etcd.manifest fixes for HA clusters from #61241 to 1.10

* Restore show-kind function when printing multiple kinds

* Tolerate 406 mime-type errors attempting to load new openapi schema

* Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don\'t generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3.

* Fix #61363, Bounded retries for cloud allocator.

* Fix Issue #61123, call syncer.Update on add event.

* Update GLBC manifest to v1.0.1

* Add CRI container log format support back.

* kubectl: fix a panic when createGeneratedObject failed

* avoid resource leak when both `--rm` and `--expose` are specified

* fix local volume issue on windows

* fix typo that redefines variable and breaks code

* Update the stackdriver agents yaml to include a deployment for cluster level resources

* Use provided node object in volume binding predicate

* Specify DHCP domain for hostname

* apiserver\'s webhook admission use its own scheme

* add e2e case for crd webhook

* Cleanup CRD/CR confusion in webhook e2e tests

* return error if get NodeStageSecret and NodePublishSecret failed

* Introduce multimaster clusters support to e2e framework for GKE

* Fix disruptive tests for GKE regional clusters

* Fix resize nodes tests for Regional Clusters

* Fix dns autoscaling test for Regional Clusters

* Fix restart nodes tests for Regional Clusters

* Fix resize test for Regional Clusters

* Add wildcard toleration to nvidia-gpu-device-plugin.

* Switch to k8s-1.10 branch of the installer in release-1.10 branch.

* Fix umask to actually intended behavior.

* Add support to ingest log entries to Stackdriver against new \"k8s_container\" and \"k8s_node\" resources.

* fix incompatible file type checking on Windows

* add tests for GetFileType

* Use relative path for creating socket files

* Cluster Autoscaler 1.2.1

* Kubernetes version v1.10.2-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.10.md for v1.10.1.

* Fix PodStore to wait for being initialized

* Increase cpu/mem thresholds for c-m in density test

* fix nsenter GetFileType issue

* Fix flaky crd e2e tests

* Fix daemon-set-controller bootstrap RBAC policy

* Ensure expected load balancer is selected for Azure

* remove default fsypte in azure disk

* Revert \"git: Use VolumeHost.GetExec() to execute stuff in volume plugins\"

* CSI - Apply fsGroup volume ownership when pv not readOnly

* Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver.

* Fix machineID getting for vmss nodes when using instance metadata

* Fix use visible files creation for windows

* fix devicePath update issue in Azure WaitForAttach func

* Ensure service routing resolves kubernetes.default.svc correctly

* distinguish custom dialers in transport cache

* ensure tls server name is used in transport

* Honor existing CA bundle and TLS server name in webhook client

* Use local provisioner version that uses beta API

* Fix volume node affinity to OR node selector terms

* Removed no-empty validation of nodeSelectorTerm.matchExpressions.

* Bump GLBC manifest to v1.1.1

* Generated build files

* Adds migrations to the kubeadm upgrade phase config

* Enforce not using newer kubeadm to upgrade older kubeadm

* Update Istio addon to 0.6.0 and mirror images in gcr

* Move istio-injection label to default namespace

* respect fstype in Windows for azure disk

* When using custom network with IP-alias, use the former\'s subnet for the latter too

* Fix IP-alias subnet creation logic

* Fix subnet cleanup logic when using IP-aliases with custom subnets

* Fix ILB issue updating backend services

* Detach bug fix

* Manage Metadata Agent Config with Addon Manager

* avoid dobule RLock() in cpumanager

* Fix upgrade to Kubernetes v1.9.3+

* Revert \"pass APIEnablement through apiserver chain\"

* Revert \"remove support enable-disable api resources\"

* Revert \"refactor resource_config.go thoroughly and remove useless code in registry\"

* fixup on dirty reverts

* generated

* loopback webhook integration test

* Make integration test etcd store unique

* Fix bash command for liveness probes in the metadata agents.

* test: Disable ui dashboard test for gke

* fix mirror-pod hash race condition

* Implement ReadStaticPodFromDisk

* Implement etcdutils with Cluster.HasTLS()

* Update test-case, fix nil-pointer bug, and improve error message

* Modify the kubeadm upgrade DAG for the TLS Upgrade

* Add etcd L7 check on upgrade

* Fix Etcd Rollback

* Remove METADATA_AGENT_VERSION config option

* Removed e2e test on empty NodeAffinity.

* Added more UT for invalid case.

* Revert \"revert resource disablement, 1.10\"

Mon Jun 11 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.10.0+fc32d2f3698e36b93322a3465f63a14e9f0eaead:

* make-e2e_node-run-over-distro-bins.patch: rebase patch

* delete unused const

* fix the typo of wtih

* Fix typo in comment

* fix incorrect comparison in /pkg/volume error message

* git: Use VolumeHost.GetExec() to execute stuff in volume plugins

* fix broken link

* small tfix in cmd factory comment

* fix the bad code comment

* Fix typo

* fix defer

* remove unused comment

* allow setting --cgroup-parent for docker run commands

* Allow Ceph server some time to start

* Correct TestUpdatePod comment

* delete archive

* Bugfix: Update AddNodeaHandler error logs

* Should use Fatalf while need to format the output

* Update Quobyte API

* COS: Keep the docker network checkpoint

* Add complementary unittest for kubectl logs

* The printing level for node updated failed info should be used WARNING type

* Fix Makefile doc for quick-release

* refactor method to pkg/util/node

* Fix a typo in NewManager function

* Use []byte in place of string in envelope.Service.

* Fix protobuf generator for aliases to repeated types

* #50598: Added more test cases for nodeShouldRunDaemonPod

* #50598: Removed obsolete volume mount in TestNodeShouldRunDaemonPod

* Update daemon_controller_test.go

* Fix autoscaling API documentation

* #50598: Formatted code using gofmt

* #50598: Added NodeAffinity test case for nodeShouldRunDaemonPod

* Make StatefulSet report an event when recreating failed pod

* Append --feature-gates option iff TestContext.FeatureGates is not nil

* kubeadm: Utilize transport defaults from API machinery for http calls

* add unit test for statefulset

* add unit test for replicaset

* Use Error with no value format and fix typo error messages

* update BUILD

* add apiServerCertSANs case for test GetAltNames

* Simplify the sorting codes

* move pod-check forward

* add more ipv6 support in userspace proxier

* remove internal version api from kubectl annotate command

* remove internal version api from kubectl label command

* CreatePodSecurityContext: rename; modify its arguments instead of returning a copy.

* CreateContainerSecurityContext: rename; modify its arguments intead of returning a copy.

* add UT for testapi.go

* bug(cli):fix kubectl rollout status not recoginze resource namespace

* NC should log the whole node condition.

* Kubectl explain now also prints the Kind and APIVersion of the resource

* fix comment typo and use wait.Forever

* add UT for apk/apis/core/toleration.go

* pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function.

* remove unused code in pkg/apimachinery

* Added nodeAffinity in validation error msg.

* httpserver should be close since the issue has been fixed

* Use `sets` instead of `for` statement in \"IsValidAuthorizationMode\"

* Fix a typo in kubeadm/GetEtcdPodSpec

* Fix version indication for ServiceNodeExclusion

* Remove incorrect dead code.

* Create sig-autoscaling-maintainers alias

* CPU manager no-op policy is on by default.

* kubelet summary api test updates

* fix download link for fedora libvirt vagrant box

* Replace type switches in Rollback with Visitor pattern

* Update for cronJob

* Use structured generator for kubectl autoscale

* refactor kubectl autoscale to use the new generator

* remove dead code

* Remove kubeadm fuzzer from api testing

* Auto generated BUILD files.

* make k8s support cephfs fuse mount

* Add docker-logins config to kubernetes-worker

* Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE.

* some test enhance, comments enhance and duplicate code reduce

* delete useless params containerized

* probeAttachedVolume improvement in Cinder

* modify some wording

* Using exponential backoff instead of linear

* fix some errors

* fix ci problems

* exponential backoff with timeout

* add mount options for azure disk

* pkg/controller/garbagecollector/garbagecollector.go: fix string format.

* Fix test failure in sync_test.go.

* make quick-verify: make the output a bit more readable by showing script names without full paths.

* remove useless const

* Trying to make error message similar to what is expected in tests

* Lowercase hostnames when used as node names in k8s

* add more test case in TestValidateStatefulSet

* refactor(service-controller/gce/ensureInternalBackendService): delete unused variable

* Fix typo.

* use extensions client with explicit version

* Lowecasing the hostname on the known nodes entry

* hack: fix godep license parsing for gopkg.in packages

* Add balajismaniam, ConnorDoyle node-e2e approvers

* CPU Manager panics on state initialization error.

* return routes for unknown next hops

* Add NODE_LOCAL_SSDS_EXT to config-test

* Addressed bowei\'s comments.

* Use batch client with explicit version

* missing format args in apiserver/pkg/endpoints

* HugePages require cpu or memory

* Synced the changed made in PR #56260.

* fix typos in this file

* Add a missing ) to glog.Waringf.

* Change wording in OpenStack Provider

* declare in front

* Retry on adding secondary ranges to a subnet.

* Skip pods that refer to PVCs that are being deleted

* Remove PVCLister and use informer directly.

* Add test case for RunCreateToken

* Minor cleanup in kubeadm.

* wrong number of args in apiserver/pkg

* fix binary check for nfs.go

* put pod controllerref to metadata

* fix comment about PodAffinityTerm in api

* update IPVS readme

* Smoke test for OpenAPI paths in the test server

* Remove unused directories.

* export ENABLE_POD_PRIORITY_PREEMPTION=true to enable Pod priority and preemption

* Remove redundant code in container manager.

* Use file store utility for device plugin check-pointing

* admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value.

* admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value.

* Send events on ip and port allocator repair controller errors

* use core client with explicit version

* A couple of more changes. Specifically, a) make the same changes to master-helper.sh for gci as container-linux.sh does; b) revert changes to sync.go and sync_test.go.

* Add -s (--slient) option to curl.

* Merge PR #56260 again.

* Improve kubeadm validation unit test coverage.

* Add test case for validate kube-proxy configuration.

* Add parent PR title to cherry-picked PR title

* Validate IPVSConfiguration only when IPVS mode is enable.

* should check return err

* e2e: Only create PSP if RBAC is enabled

* fix typo and adjust import sequence

* clean up failure domain from InterPodAffinityPriority

* Log actual return code, not the default value.

* Cpu manager reconclie loop can restore state

* fix spaces around the /

* client-gen: clarify clientset-api-path

* client-gen: separate input-base logic from CustomArgs

* refactor canUseIPVSMode and test it

* test ipvs proxy mode when feature gateway unset

* Do not log trailing whitespace.

* fix bug when cloud is nil

* use authentication client with explicit version

* use policy client with explicit version

* e2e: test containers projected volume updates should not exit

* Fix master upgrade cornercases

* Change `GCEDiskAlphaAPI` to `DiskAlphaAPI`

* test ipvs proxy mode when feature gateway set

* update bazel BUILD file

* completely remove the option to use auto-detect

* auto-generated BUILD file

* use ListByResourceGroup instead of List()

* fix scheduling queue unit test

* fix bad output format for attaching pods

* The change in channels will be caught config change after the upgrade.

* fix binary check for glusterfs.go

* WIP: extend node e2e test suite with containerized Kubelet

* kubelet: include runtime error in event on CreatePodSandbox failure

* Improve handling of snap resources

* cleanup useless functions

* should check the return value of os.DiskIsAttached

* change default azure file/dir mode to 0755

* remove winkernel dead test code

* update bazel BUILD

* Handling the case of an upgrade from a non-rolling master with resource change

* add better error handling for unstructured helpers

* Addressing Comments from Code Review

* Fixed typo

* security_context_test.go(TestVerifyRunAsNonRoot): remove unused variables.

* validate container state transitions

* Heketi documentats incorrectly about sizes in GBs

* relax server list option, set Blackhole field

* Heap is not thread safe in scheduling queue

* fix typo

* new testcase to cgroup_manager_linux.go

* return error when create azure share failed

* remove extra level check of glog

* code-gen: uniform reusable main.go logic

* client-gen: use --output-package instead of --clientset-path

* conversion-gen: add godocs for peer dirs

* Update bazel

* Change Auto-Repair e2e test tags.

* Remove do-restart states

* Fix session out issue while creating volume and error message coming up while attaching the volume

* Add hyperkube to make quick-release

* Add rbac policies for NetworkPolicy

* Revert changes in sync.go and sync_test.go as the error it intends to resolve becomes transient.

* use rbac client with explicit version

* fix error typo of rbd volume teardown

* Move some kubelet constants to a common place.

* Auto generated BUILD files.

* Fix a typo in kubectl/diff cmd long description.

* remove unnecessary condition judgement

* remove deadcode

* should not ignore return messages from wait function

* kube-apiserver: fix runtime-config flag docs

* Add job controller test verifying if backoff is reseted on success

* Fix flake8 error

* fix wording in kube-scheduler warning

* Cleanup for service API validation

* Fix typo in test comment.

* Add e2e test for volume resizing

* Fix issue #390

* Move some tests to use go sub-test

* Simple code and typo fixed.

* Remove hacks added for mesos

* rename mustrunas to capabilities

* Fix typo

* fluentd-elasticsearch add-on: Improve README

* Set NON_MASQUERADE_CIDR in gce/config-test

* Update systemstat9 to allow compilation on OSX

* Use struct key for TLS cache

* Hit ILB endpoint in ILB e2e test

* outdent err block

* warn if kubectl create with extra argument

* Use hostname for CCM resource lock id

* Remove useless error

* Ensure PVL controller is next pending initializer before labeling the PV

* also check pod securityContextt hostNetwork in exec admission controller

* remove dead code in lifecycle admission

* ensure PrinterForCommand is consumed through cmdutil.Factory

* update type-check to use printers.PritnHandler

* Typo

* Drop using cloud provider to set host address feature

* Update the comments on webhook failure policy.

* use gnu-cp in building etcd image

* Fix a comment in hack/lib/version.sh about which tags are used to get the version.

* Update CHANGELOG.md

* enable podpreset by default in local up cluster

* Limit number of pods listed as master liveness check.

* Add ConnorDoyle as approver in /pkg/kubelet/cm.

* Improve etcd-version-monitor metrics proxying, add etcd 3.1 gprc metric support

* Add resource limits to prometheus-to-sd to guarantee qos

* Update kube-up.sh

* Use gcloud beta instead of alpha for alias ops.

* old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go

* refactor getting uninitialized in kubectl get

* Remove unused code in pkg/api/,pkg/apis/

* enable flexvolume on Windows

* fix rbd volume plugin ConstructVolume

* Bump fluentd-gcp version

* Decrease the number of completions for flaky test

* Add xfsprogs to hyperkube baseimage

* Convert scheduler_perf tests to use subtest.

* HugePages feature is beta in 1.10 release

* Reword double negative; link to readme

* Remove ExternalTrafficLocalOnly from kube_feature gate

* Remove unused ScrubDNS interface from cloudprovider

* Remove unused federation docs

* LimitRange ignores objects previously marked for deletion

* examples: Make messages more informative

* Make AWS attach/detach operations faster

* typo

* remove dead code

* Fix YAMLDecoder Read behaviour

* Sort default cidrs for reproducible builds

* check and set promiscuous mode with netlink because vishvananda/netlink already supports it

* ignore images in used by running containers when GC

* remove internal version api from apply

* remove useless validation from pod\'s resourcequota admission

* Display apiGroups before resources in PolicyRule

* apilb template writes a log file to /var/log/nginx.
*.log and not into the nginx directory where the log rotation is setup. Adding a log rotation file for these logs.

* check for empty label before assigning

* Fixes issue#392.

* gce: tighten up perms on kube-env

* Add e2e test for when a webhook does not return.

* Add tests for accept content-type fallback

* Remove trailing commas from test-swagger.json

* Add VolumeMode in GlusterFS PV spec.

* Extend YAMLDecoder Read tests

* Check ns setup error during e2e

* make kube-dns addon optional

* added defaults for --watch-cache-sizes description.

* Enhance proxy mode validation

* Define default role for full kubelet API access

* Add a general VMSet interface for both scale sets and availability sets

* Add scale set implementation of VMSet interface

* Add availability sets implementation of VMSet interface

* Initialize vmSet based on vmType setting and call vmSet interface instead of azureClient

* Add load balancer implementation of vmSet

* Fix unit tests

* enhance kube-schedule init flag

* auto generated file

* bump(github.com/json-iterator/go): 13f86432b882000a51c6e610c620974462691a97

* Kubectl: Move no-headers flag get out of for loop

* fixed typo in kubeadm/v1alpha1/defaults.go

* add benchmark for ConfigCompatibleWithStandardLibrary

* replace ConfigFast with ConfigCompatibleWithStandardLibrary

* fix incorrect log

* expose special storage locations for downstream consumption

* make quota reusable

* allow convert to default on a per object basis

* Update debian setup script to match GCI.

* update staging godeps

* added more description for flag \'--watch-cache-sizes\' to make the format of the flag clearer.

* Test probe for redirect endpoint

* Fix NLB icmp permission duplication

* Fix admission metrics tests

* Schedule Calico components even on tainted nodes

* kubectl: point info url to user guide overview

* Modified local-volume provisioner e2e tests to use bind mounts

* GCE: bump COS image version to cos-stable-63-10032-71-0

* Move \'DefaultTerminationGracePeriodSeconds\' into a separate const group

* gce: split legacy kubelet node role binding and bootstrapper role binding

* Refactor flex pv to allow secret namespace

* Raise RBAC DENY log level

* Adding myself as a reviewer to aws cloud provider

* Adding myself as a reviewer to aws credentialprovider

* remove dependency from cobra, only use option test init flag

* Reduce CPU request of Dasboard addon

* Add e2e test for custom metrics with Prometheus and Stackdriver

* Use an s390x default-http-backend

* pkg/controller/bootstrap: update jose package

* generated: revendor

* refactored mount, attach, resize operation\'s so that all failures generate events and event generation is more consistent.

* Improve error messages and comments in KubeAdm.

* Remove mutation from pvc validation

* typo wrong, not \"namespace\", but \"secretName\"

* add admission into RecommendedOption

* update bazel

* make sure that \'ldflags\' are spaces safe

* Process cluster-scoped owners correctly

* Generated files

* Remove unused well_known_labels in kubeadm.

* remove FilterFunc and use SelectionPredicate everywhere

* Register metav1 types into samplecontroller api scheme

* Fix format string in describers.

* Use pod nanny configured with ComponentConfig in Heapster

* Use pod nanny configured with ComponentConfig in Metrics Server

* Pointed to community/contributors/guide/README.md

* Update detach logic for block volume if devicePath is empty

* Autogenerated code

* Do not use AddCleanup

* Fix a typo and improve some documentation.

* Update CHANGELOG-1.9.md for v1.9.0.

* Fixed kubelet error message to be more descriptive. Added Attach success event for help in debugging.

* remove white space on glogs

* Update kubeadm\'s minimum supported kubernetes to 1.9.

* Record volumeID in GlusterFS PV spec.

* bump netlink version because of we need to use new version RouteListFiltered

* fix ipvs proxier nodeport

* fix magic string for runtime type

* Add vikaschoudhary16 as reviewer in pkg/kubelet/cm/deviceplugin

* Don\'t create PSP binding when RBAC is not enabled

* Refactor TestPodContainerDeviceAllocation to make it readable and extensible

* [cloudprovider]should reuse code rather than rewrite it

* remove unuse code in cloudprovider

* Fix GCE CreateVolume allocates in chunks of GiB incorrectly

* COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming.

* kubeadm: Only check for well-known files in preflight

* Allow use resource ID to specify public IP address in azure_loadbalancer

* annotate service with resource group

* delete pip by matching name and rg

* get rg inside \'ensure\' methods

* minor fixes

* reapplied the changes after merge

* correct the annotations in container_manager.go

* add pkg/util/ipvs OWNERS file

* test get node IP

* add fake ut

* update bazel BUILD

* Look for requested resources in the Requests

* Restrict url check conditions when creating with --raw

* Propagate error up instead panic

* PVC Protection Alpha Feature E2E Tests

* Remove kube-proxy 1.8 configmap and daemonset manifests in kubeadm.

* Auto generated BUILD files.

* remove useless function hasHostPortConflicts

* Fix LB lint errors

* fix accessmode mapping error

* Fix minor err in kubeadm

* add not found error for ipset set and entry delete

* Reduce CPU and memory requests for Metrics Server Nanny

* Add test for Cider ExpandVolume

* Use GetDryRunFlag to keep consistent

* Add --retry-connrefused to all curl invocations.

* If minimum mig size is 0, resize to 1 before running test

* add deads to quota owner

* Fix Stackdriver Logging e2e tests

* add --pod-selector opt kubectl drain

* Abstract some duplicated code in the iptables proxier

* wait for kubedns to be ready

* Use k8s.gcr.io vanity domain for container images

* gcloud docker now auths k8s.gcr.io by default

* Fix garbage collector when leader-elect=false

* implementing predicates ordering

* Remove hard-coded pod-controller check

* e2e test layout changes for vsphere (#398)

* Seperate loop and plugin control

* Add comment to gce config files advising to not use empty scopes

* Add PodSecurityPolicy OWNERS

* add watch to requirements for quota-able resources

* e2e_node: use mktemp when building nsenter on trusty

* e2e_node: use newer util-linux

* Add CHANGELOG-1.10.md for v1.10.0-alpha.1.

* adds generic scaler to kubectl

* Version bump to etcd v3.2.11

* kubeadm upgrade: fix unit test

* Version bump to grpc v1.7.5

* Version bump to grpc-gateway v1.3.0

* Update staging deps for etcd 3.2.11 version bump

* Fix build and test errors from etcd 3.2.11 upgrade

* using RoundUpToGB function directly

* e2e: CSI Volume tests

* Cacher stopLock should be unlocked

* Add azure owners

* Use apps/v1 API in kubeadm.

* Auto generate BUILD files.

* Update CoreDNS version and Corefile.

* cleanup useless functions in pkg/quota/evaluator/core/services.go

* fix typos

* Minor lint fix

* Add more validate conditions when run kubectl get with --raw

* Add a version string to pause.c

* Revert \"Add --retry-connrefused to all curl invocations.\"

* Build and push 3.1.11 etcd image

* add Dong Liu as approver and add OWNERS in credentialprovider

* apimachinery: remove dead code from roundtrip tester

* Move output and url checks under raw flag condition

* Do not require the vim package to be installed

* Do not require the linux headers to be installed.

* log error when error occur in CleanupLeftovers()

* printFlexPersistentVolumeSource: fix format.

* Pointing juju charms to 1.9

* Add --retry-connrefused to all curl invocations.

* Use old dns-ip mechanism with older cdk-addons.

* apimachinery: fix typos in README

* Revert \"Version bump to etcd v3.2.11, grpc v1.7.5\"

* improve code comment

* check function return err

* Collect all the assorted image URLs from e2e tests in one place

* fabiano no longer a thing

* add semver metadata regex

* Deprecate the alpha Accelerators feature gate.

* Support passing kube-scheduler policy config

* implement fakeIPSet in ipset util

* fix todo in \'ipvs/proxier.go\'

* replace syscall with sys/unix pkg

* update bazel BUILD

* Refactor service controller to common controller pattern

* node_e2e: do not return error if Docker\'s check-config.sh fails

* fix a typo

* Add \'/version/
*\' to the system:discovery role, since that\'s what the open api spec says.

* add tests in ipvs/ipset_test.go

* fix ipvs/proxier_test.go compile error

* update bazel BUILD

* cleanup useless functions and variables

* Renamed func name according to TODO.

* test: e2e: support NFS test on overlayfs

* using consts to refer to predicate names

* client-go: Fix broken TCP6 listen for port forwarding

* Evicted pods should respawn

* reason key should exist

* Much better

* Even better

* Add custom metrics e2e test with two metrics.

* security_context_test.go(TestVerifyRunAsNonRoot): add more test cases.

* Fix problem accessing private docker registries

* Update code-of-conduct.md

* Update policy.go

* Update cluster-roles.yaml

* Move multizone volume tests to separate file and update multizone volume tests to only allow gce and gke

* gce: reorder authorizers

* Add code-of-conduct.md to staging repos

* Set a minimum b.N for scheduler_perf benchmarks.

* Add scheduler benchmark tests for affinity rules.

* Send an event just before the Kubelet restarts to use a new config

* iscsi: set node.startup to manual

* Cleanup api service before namespace deletion.

* Auto generated BUILD file

* Update nfsprovisioner image to v1.0.9 to fix annotation race with pv controller

* Print/return the text from a number of errors that were silent before.

* Fix a bug in validating node existence.

* [kubelet]fix unstandardized function name, rename new() to newSourceFile()

* Merge 3 resource allocation priority functions

* Get automatically created subnetwork if none is specified

* Fixed space/tab indentation

* Ensure dependents are added to virtual node before attemptToDelete

* hack/local-up-cluster.sh: improve messages when script was running with ENABLE_DAEMON=true

* RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one.

* add eventratelimit config to scheme

* Fixed typos and made documentation more consistent

* fix incorrect comment

* Avoid string concatenation when comparing pods.

* Update CHANGELOG-1.8.md for v1.8.6.

* Update vendor of google.golang.org/api repo

* Avoid array growth in FilteredList.

* Allow integration test timeout override.

* Requeue unobserved nodes in attemptToDelete

* add podtolerationrestriction config to scheme

* Refactor kubelet config controller bootstrap process

* Changing ingress from manually scaling rc to a daemon set.

* Performance improvement for affinity term matching.

* dynamic config test: use a hyphen between the config name and the unique suffix

* rename key

* add error string reference

* Add generic interface for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient

* Add fake clients for VirtualMachineScaleSetsClient and VirtualMachineScaleSetVMsClient

* use /dev/disk/by-id instead of /dev/sd
* for azure disk

* Add cache for VirtualMachinesClient.Get in azure cloud provider

* Disable the DNS autoscaler test in large clusters.

* Expose all GCE cloud proivder services versions, not just the GA API

* Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD

* Fix AWS NLB delete error

* Revert k8s.gcr.io vanity domain

* metrics: make IMPLEMENTATIONS.md and CONTRIBUTING.md authorative in k/k

* Revert back #57278

* Use multi-arch pause image for tests

* Fix a race in the endpoint.go

* [quota controller] remove extra queue.Add()

* remove dead code in pkg/api

* Bump rules_go to 0.8.1

* Autogenerate BUILD files

* Use race=\"off\" mode instead of disabling race feature

* Update helper scripts to find binaries in new bazel-bin paths

* Switch go binaries from (hacky) static to pure Go

* Update DNS version in kubeadm of 1.10 cycle.

* Support multiple scale sets in same cluster

* Fix kubeadm upgrade unit test failure.

* fix wrong hairpin-mode value

* validate --hairpin-mode in kubelet config

* update kubeadm validation test to fix test error

* update vendor spf13/cobra to enforce required flags

* bump pflag

* some code change

* Fix PodCIDR flag: defaults come from the object, not as literal args to the flag function

* Refactoring ValidateUsages for for bootstrap tokens.

* Auto generated BUILD files.

* Add OWNERS file to pkg/bootstrap/api

* Add owners file for test images

* kubeadm: set kube-apiserver advertise address using downward API

* Fix TestCadvisorListPodStats failure under mac/darwin

* Replace --init-config-dir with --config

* Fix typo of compute.VirtualMachinesClient

* Reduce VirtualMachineScaleSetsClient#List calls

* Remove redundant sleep from ReRegistration unit test case

* Remove useInstanceMetadata param from Azure cloud provider

* update bazel build files

* fix local up cluster startup flag bug

* Add \'ProviderID\' to the output of kubectl describe node....

* Use GA API for managing addresses

* Updated local-volume boostrapper/provisioner e2e test for new config format

* Use the regionless mirror alias

* optimize volumeResizeMap lock

* process pvc watch deletion event miss in expand-controller

* remove unused input param

* Fix vmss listing for Azure cloud provider

* Modify ipvs real server equal

* add fake.DeleteRealServer UT

* fix ipvs virutal server update

* Improve the error message.

* Update CHANGELOG-1.7.md for v1.7.12.

* Add more verbose logs

* add test for syncvirtualServer

* [garbage collector] fix log info

* Print the full path of Kubeconfig files.

* Update boilerplate for 2018

* fix type error in cteate Memory Threshold Notifier

* Add generated runtime and generated device plugin to update-all

* Regenerate all generated code

* Bump Metrics Server to version v0.2.1

* create ipvs clusterIP rules in onlyNodeLocalEndpoints mode

* edit line138

* remove redundant deleting endpoint explicitly in endpoint controller

* Do not time-out profiler requests.

* Configurable liveness probe initial delays for etcd and kube-apiserver in GCE

* kube-proxy: fix field name comments & json tags

* Add \'exec\' in all saltbase manifests using \'/bin/sh -c\'.

* Update to latest gophercloud

* Fix typo in field description.

* Generate specs after fixing typo in documentation.

* Bump metadata proxy and test versions

* Removing bootstrapper related e2e tests

* Run update-api-reference-docs.sh.

* remove /k8s.io/kubernetes/pkg/kubectl/testing

* Split auth related config for Azure

* Optimizing the implementation of the error check for PriorityClass

* format error message and remove duplicated event for resize volume failure

* fix expand panic

* [PSP] always check validated policy first for update operation

* RBD Plugin: Fix comments and remove unnecessary locking code.

* Update gengo version

* ignore nonexistent ns net file error when deleting container network

* Run godep-save.sh and update-staging-godeps.sh

* Update generated files

* Remove exists return value from getVirtualMachine

* Simplify extra initializer logic

* Pass RecommendedConfig into ExtraAdmissionInitializers

* Remove VirtualMachineClientGetWithRetry

* Remove unused command waitfordetach from flex volume driver

* Double check before setKubeletConfiguration

* prefer /dev/disk/azure/scsi1/ over by-id for azure disk

* unify the print of pod metadata

* Bump fluentd-gcp version

* More default fixups for Kubelet flags

* Add myself in kubeadm reviewers

* Move DefaultMaxEBSVolumes constant into scheduler

* Improve comments for Azure Blob Disk Controller

* Invalidate resource requirements on extended resources with only request set.

* Avoid error on closed pipe

* periodically check whether assigned kubelet config should become last-known-good

* Make ConfigOK status messages more human readable by including the API path to the object instead of the UID

* Honor make variable OUT_DIR.

* validate admission-control param

* Move local PV negative scheduling tests to integratiom

* Add kubeproxyconfig round trip test

* Auto generated BUILD files

* Clarify error messages in HPA metrics

* fix-binary-check-cephfs

* Return actual error when backoff fails

* delete the unused function in kubectl

* fixed the some typo in eviction_manager

* remove hard coding Namespace

* update bazel

* Remove comments in get-kube.sh that imply support for environments that were removed long ago.

* Update Azure GO SDK to v12.1.0

* Add workaround for removing VMSS reference from LB

* fix possible panic

* refactor function CalculateAntiAffinityPriority by using map/reduce pattern

* Allow kubectl set image/env on a cronjob

* Minor commenting fixes for Azure Disk Controllers from CR

* Update pause container version to 3.1

* Fixing typo in e2e test variable

* dockershim: bump the minimum supported docker version to 1.11

* Update CHANGELOG-1.9.md for v1.9.1.

* Fix ExternalAddress parsing problem under IPv6

* Split the NodeController into lifecycle and ipam pieces.

* Changed return of empty string to raise an exception as it should have been from the beginning.

* e2e node framework can generate a base kubelet config file

* fix bug of swallowing missing merge key error

* fix-bug: version info should be printed when failed to execute \'kubectl apply -f XXXXX\'

* Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1

* Add FailedPostStartHook error message.

* Add generic interface for Azure clients

* Add fake clients

* Fix a broken link in the fluentd-elasticsearch addon README

* Enable list option modification when create list watch

* Small improvement of showKind get

* Add RESTClient Custom metrics empty test

* Removing duplicate import

* Re-add nodecontroller OWNERS file

* Fix errors in Heapster deployment for google sink

* Use existing subnetwork of forwarding rule

* Fix local e2e test with changed error message

* Kubeadm: clean up MarshalToYamlForCodecs

* Remove mikedanese from kubeadm owners since he\'s no longer actively working on the project.

* Remove dependency on v1 API in base credential provider

* Update kube-dns to 1.14.8

* Move scheduler code out of plugin directory.

* Fix scheduler refs in BUILD files.

* add folder named custom in gce

* Do not set BaseURI again

* fix typos in kubectl pkg

* Add proxy_read_timeout flag to kubeapi_load_balancer charm.

* Make sure is not nil

* Adding support for Block Volume to rbd plugin

* remove useless service watch in APIServiceRegistrationController

* update bazel

* use sets.String to replace slice when sort []string

* Add test coverage for metrics/utilization.go

* forbid unnamed context

* Fix Typo in apiserver README

* fix populateDesiredStateOfWorld bug for attach/detach controller

* tiny fix

* Version bump to etcd v3.2.13

* Version bump to grpc v1.7.5

* Version bump to grpc-gateway v1.3.0

* Update staging deps for etcd 3.2.13 version bump

* Fix build and test errors from etcd 3.2.13 upgrade

* use danglingerror

* fix csi mounter ut print

* fix csi attach ut print

* add remount logic if original mount path is invalid

* Add CustomResourceValidation example in sample-controller

* remove deplicate func

* Containerized kubelet is no longer experimental

* Add support for cloud-controller-manager in local-up-cluster.sh

* Enable support for etcd3

* Fixed TearDown of NFS with root squash.

* Add jsafrane as util/mount approver.

* Add gnufied as AWS approver.

* Bump fluentd-gcp image used to 2.0.13

* include kube-dns deployment check

* pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests.

* Allow oadm drain to continue w ds-managed pods w local storage

* Update vmware/govmomi godeps

* Add vSphere Cloud Provider simulator based tests

* client-go: remove import of github.com/gregjones/httpcache

* generated: update staging godeps

* enable on-demand metrics for eviction

* Renews cached NodeInfo with new vSphere connection

* Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup.

* Refactor HostIP predicate algorithm

* Abstract cmd valid args get behind the factory

* update apiserver key/crt with a long expire time

* fix rbd ConstructVolumeSpec bug

* remove unnecessary function getBuggyHostportChain

* refactor customresource handler

* run update bazel and staging-godep

* Update spec dependency to point to 0.1 tag

* Fix exists status for azure GetLoadBalancer

* [Kubectl] Update RunCreate to follow more conventions

* Fix vm cache in concurrent case

* Refactor retry logic away from updateCIDRAllocation()

* Make code generators log to stderr by default

* Handle Unhealthy devices Update node capacity with sum of both healthy and unhealthy devices. Node allocatable reflect only healthy devices.

* Add volumemetrics for glusterfs plugin.

* kubeadm: more random tokens

* etcd client: add keepalive

* Move some old security controls to KubeletFlags and mark them deprecated

* [kubeadm] Bump kube-dns to 1.14.8

* make controller port exposure optional

* removed deprecated windows install script from cluster

* remove deprecated openstack heat

* removed deprecated libvirt-coreos kube-up/ from cluster

* Add getCRIClient and set default values for CRI related flags

* Remove unnecessary docker specific logic in node e2e test.

* Treat staging repos as authoritative for all files

* Let mutating webhook defaults the object after applying the patch sent back by the webhook

* Remove the empty vsphere directory from cluster/

* Remove aws from the cluster/ directory.

* Support utilities

* \"meta\" type descriptions used for code generation

* Implementation of the compute \"filter\" handling for List()

* documentation

* long running operation support

* code generation

* support interfaces for the generated code

* Generated code (see gen/main.go for the source)

* Special custom code for handling the Projects resource

* Hand written unit test for exercising the mock

* BUILD

* Clean up documentation.

* Ignore golint failures for bad compute API names

* Fix gofmt

* Remove glog dependency in the generator

* cmd/kubectl: fix broken error formatting for run

* hack/ scripts to keep the generated code in sync

* Update generated code to stable order

* Revert \"no need delete endpoint explicitly in endpoint controller\"

* All Kubelet flags should be explicitly registered

* Move common functions together

* Remove options.md, which is outdated and doesn\'t contain any useful information.

* Add wrappers for azure clients

* Clean up azure rateLimiter and verbose logs

* Fix lint and bazel

* typo of errUnsuportedVersion

* Add azClientConfig to pass all essential information to create clients

* Add volID based delete() and resize() if volID is available in pv spec.

* Fix bug:Kubelet failure to umount mount points

* fixed some bad url

* added fluent-plugin-detect-exceptions plugin to fluentd-es-image

* fix for local-up-cluster.sh bad cloud_config_arg

* Block volumes Support: iSCSI plugin update

* generated code for iSCSI plugin change

* move detach out of os volumes attach

* manuallly handle encoding and decoding in the scale client

* Mark kubelet PID namespace flag as deprecated

* Fix policy conflict in the CPU manager node e2e test.

* added fluent-plugin-detect-exceptions plugin to fluentd-es-image

* remove deprecated photon controller

* Fix cadvisor flag registration for cross build

* remove support for container-linux in gce kube-up

* Create a feature flag for sharing PID namespace

* Fix quota controller worker deadlock

* Add `cloud` for the generated GCE interfaces, support structs

* integration: add retries to node authorizer tests

* add number measurement for bound/unbound pv/pvc

* fix ipvs proxy mode kubeadm usage

* Don\'t rewrite device health

* Add zouyee as a reviewer for the cluster/centos directory.

* Add e2e test logic for device plugin

* Remove the deprecated vagrant kube-up implementation.

* Add custom volumename option to GlusterFS dynamic PVs.

* Update bazel.

* Fixed crash when path has multiple leading slashes

* fix windows ut for proxy mode

* remove provides which has been deleted

* add hostPorts to pod describer

* Add kawych to Metrics Server owners

* [FC Plugin] Create proper volumeSpec during ConstructVolumeSpec

* remove OpenAPI import from types

* bump(k8s.io/kube-openapi): a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3

* Fixing logs for cri stats

* Fix golint errors on test/e2e/e2e.go

* Removing Flexvolume feature tag in e2e tests and alpha tag in Flex path arguments because Flexvolume is now GA.

* Fix CHANGELOG urls for release 1.9.1

* Get the node before attempting to get its Alias IP ranges

* Set pids limit at pod level

* update generated code

* fix a typo

* use shared informers for BootstrapSigner controller

* Metrics for predicate and priority evaluation

* Build files generated

* Use linux commands instead of docker commands.

* Use GinkgoRecover to avoid panic.

* the changes introduced in this commit plumbs in the generic scaler into kubectl.

* Instrument the Azure API calls for Prometheus monitoring

* add KUBE_ROOT in directory

* The lbaas.opts.SubnetId should be set by subnet id.

* Fix endpoint not work issue

* hack/generate-bindata.sh: make output cleanly by suppressing pushd/popd output.

* Bump fluentd-gcp version

* Bump runc to d5b4a3e

* Adjust the Stackdriver Logging length test

* Install gazelle from bazelbuild/bazel-gazelle instead of rules_go

* Revert \"Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD\"

* Use the bazel version check function from bazel-skylib

* Check grpc server ready properly

* Remove salt support for providers that no longer exist.

* Remove vmUUID check in VSphere cloud provider

* Improved readability for messages being logged

* Added metrics for preemption victims, pods preempted and duration of preemption

* -Add scheduler optimization options, short circuit all predicates if one predicate fails

* fix typeos in cloud-controller-manager

* cluster: remove kube-push

* cluster: remove support for cvm from gce kube-up

* periodically flush writer

* cluster: move logging library to hack/

* Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9

* Updated PID pressure node condition.

* fix some bad url

* fix nodeport localhost martian source error

* add ut for localhost nodeport

* Rename func name according TODO

* use shared informers for TokenCleaner controller

* Remove unused code in UT files in pkg/

* Extend the ListNextResults methods with the resource group and instrument them

* remove invalid and useless functions from unit test

* unstructured helpers: print path in error

* kubectl scale: support Unstructured objects

* Show findmt command output in case of error

* Review fixes

* Add script to run integration benchmark tests in dockerized env

* cmd/kube-apiserver/app/aggregator.go: add comments for explaining the group/version fields.

* admission: do not leak admission config types outside of the plugins

* Update generated files

* Return the correct set of supported mime types for non-streaming requests

* remove outdate package

* Fix comparison of golang versions

* csi: Fix versioning error message

* Limit all category to apps group for ds/deployment/replicaset

* Log message at a better level

* Create Conformance document to display all tests that belong to Conformance suite

* Convert nodeName to lower case for vmss instances

* Rename filenames for clear

* Fix azure fake clients: use pointers

* Add more unit tests

* Add error helpers and constants for NotAcceptable and UnsupportedMediaType

* Return correct error when submitting patch in unsupported format

* Add support for submitting/receiving CRD objects as yaml

* Add fsType for CSI

* auto generated code

* bump(gopkg.in/yaml.v2): 670d4cfef0544295bc27a114dbac37980d83185a

* move prometheus init to k8s.io/apiserver/pkg/endpoints/metrics/metrics.go

* Benchmark non docker specific

* fix azure TestGetInstanceIDByNodeName data race

* fix(fakeclient): write event to watch channel on add/update/delete

* Regenerating code of fake clientset

* Call Dial in blocking mode

* say which lease is being acquired

* azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request

* cluster: remove centos dependency on saltbase

* cluster: remove gce dependencies out of salt

* cluster: delete saltbase

* hack/update-swagger-spec.sh: when API server fails to start, show the last lines of logs.

* Change default volume source to regular emptydir for e2e volume servers

* remove flaky label from eviction tests

* Allow version arg in \"kubeadm upgrade apply\" optional

* fail earlier on discovery failures

* Update CHANGELOG-1.8.md for v1.8.7.

* remove duplicated import

* improve error message for expired tokens

* Fixed spelling of Promethus to Prometheus

* Plumb versioned informers to authz config

* Add get volumeattachments support to Node authorizer

* Recheck if transformed data is stale when doing live lookup during update

* Delete redundant symbols

* Add generic Bootstrap Token constants and helpers to client-go

* create auto-gen files

* hack/update-swagger-spec.sh(cleanup): fix signal handler to really cleanup etcd and minor improvements.

* set fsGroup by securityContext.fsGroup in azure file

* handle uniquified holder identities

* Reduce Metrics Server memory requirement

* Update comments for getting and removing loopback device at iSCSI,FC,RBD

* Track run status explicitly rather than non-nil check on stopCh

* Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set

* bump addon version in makefile

* low hanging fruit for using cobra commands

* Rework method of updating atomic-updated data volumes

* client-go: fix bootstrap token imports

* Adding support for custom TLS ciphers in api server and kubelet

* kubelet: imagegc: exempt sandbox image

* Update release note links for 1.10

* Add deprecation warnings for rktnetes flags

* apps api is now stable, use it

* Better check for GCE VM

* configurable scopes for gcp default credentials

* new testcases to util.go

* inject 60 second interval in deployment rollout

* Update gce call to use wrapper in gce_loadbalancer_external

* Enable --external-cloud-volume-plugin/--provider-id for local-up-cluster

* kubeadm: remove Initializers (still in alpha) from admission control

* remove duplicated check of device path in aws attacher

* fix a little typo in BalancedResourceAllocation

* Surface error loading admission plugin config

* Fix loading structured admission plugin config

* Promote SS to apps/v1

* fix some typos in comments

* upgrade to apps/v1 deployment

* run update bazel

* admit upgrading storage class of pvc from beta annotation to spec field

* make the controller manager create and use a valid cobra command

* Add apiserver metric for number of requests dropped by \'inflight-request\' filters.

* Ability to specify OS_
* variables for OpenStack configuration

* handle scheduler without exposed ports

* make the kubelet cobra command complete

* Enable privileged containers for apiserver and controller

* Update generated code

* uniquify resource lock identities

* trace patch operations

* Update CHANGELOG-1.9.md for v1.9.2.

* Fix flake8 lint error in kubernetes-master charm

* Add handling for method that use Pages() to retrieve results

* Update code for GCE cloud provider

* CHANGELOG: feature flag is \"AdvancedAuditing\" not \"AdvancedAudit\"

* Remove apiVersion from scheduler extender example configuration

* Update cluster addon Calico to v2.6.6

* Add multi-vc configuration for e2e tests

* Bump bazelbuild/rules_go and kubernetes/repo-infra to tip

* Use the pkg_tar wrapper from kubernetes/repo-infra

* Update Addresses to use generated code

* Update UrlMap to use generated code

* Update BackendService to use generated code

* Update Healthcheck to use generated code

* Update Certs to use generated code

* Update InstanceGroup to use generated code

* Update e2e test utils with the new interfaces

* Update TargetProxy to use generated code

* [GCE cloud provider] Update hosts in EnsureLoadBalancer()

* [GCE cloud provider] external lb - move target pool operation into its own function

* Update bazel builds

* Update Firewall to use generated code

* Update bazel

* Update Forwarding rules to use generated code

* Update bazel

* Fix reference to Items in internal load balancer

* Remove ignoring of object not found on deletion

* add pkg/util/ipset OWNERS file

* Add liggitt to hack approvers

* A couple of minior changes: a) fetch the subnetwork url from subnets describe command rather than compose it from env vars; b) explicit specify etcd version env vars before running upgrade.sh to avoid prompt.

* Minior changes on comments.

* Minior changes on comments.

* fix event message when processing loadbalancer update

* Get windows kernel version directly from registry

* Remove getOldSecurityGroupName() from OpenStack cloud provider

* Uncomment the call to upgrade.sh

* refactor admission flag: add two admission flags and make plugins auto in recommended order

* update admission test cases

* run update bazel

* Update Routes to use generated code

* Update bazel

* Update Zones to use generated code

* testcase to pkg/kubelet/cadvisor/util.go

* Openstack: register metadata.hostname as node name

* Update TargetPool to use generated code

* use GetUniqueVolumeNameFromSpec instead of implementing it manually

* Add Namespace to glusterfs custom volume names.

* Fix UpdatePodWithRetries inline documentation

* kubeadm: Allows to specify custom flag values for control plane components

* make kube-apiserver admission flag disable other plugins

* Fix typo

* Clean up error messages for pre-bound PVCs.

* Changing where the charm gets network addresses in order to support network spaces.

* updated fluentd-es-image to use fluentd 1.1.0

* Remove Saturation() from rate limiter interface

* Switch from juju/ratelimit to golang.org/x/time/rate

* Remove github.com/juju/ratelimit

* updated fluentd configmap with 1.1.0 compatible version

* updated iamge & configmap versions

* Show all the annotations in ingress rules

* Benchmarking script pretty-prints results into a separate file

* Skip log path tests when they are expected to fail.

* add options for min tls levels

* generated

* tolerate more than one gvklist item

* return reason for allowed rbac authorizations

* GCE: Fix Valid() to check for proper region/zone names

* GCE: Check that the key is valid for each call

* Make IsConnectionReset work with more error implementations.

* Adding support for changing default backend and nginx container images

* fix provider-id bad param in local-up-cluster

* Never let cluster-scoped resources skip webhooks

* generated

* Send correct resource version for delete events from watch cache

* Bump metadata proxy to v1.9

* A couple of more changes: 1) revert the changes on assigning subnetwork_url from selfLink as it may break if using an overrided api endpoint; 2) update etcd version to the latest.

* dockershim: remove the use of kubelet\'s internal API

* Fix all the unit tests and update the bazel files

* dockershim: call DockerService.Start() during grpc server startup

* use original pos filenames again

* switch to new detect-exeptiions plugin release 0.0.9

* dockershim: clean up the legacy interface

* Generate bindata.go and k8s.mo

* Add logging in all generated GCE calls

* Resulting generated code

* Fixes some typos/spaces in the GCE cloudprovider

* [e2e util] Remove static IP functions based on gcloud

* Fix master regex when running multiple clusters

* Update NEG to use generated code

* sync code from copy destination

* Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value

* GCE: invalid location was used in regional and zonal operations

* Kubelet provides an updated and complete status of local-static Pods

* Moved func WaitForPersistentVolumeClaimBeRemoved Among Other WaitFor Functions

* Remove op field as it is no longer needed

* Update unavailable aggregated APIs to 503s instead of 404s

* fix userid validation

* Fix autoscaler deployment bug

* bugfix(mount): lstat with abs path of parent instead of \'/..\'

* Use /proc/net/nf_conntrack.

* Updated priority of mirror pod by PriorityClass.

* fix the wrong err print of assumepod

* fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation.

* Hide generated files only on github

* pass APIEnablement through apiserver chain

* run update bazel and staging-godep

* ref -> $ref

* Support out-of-tree / external cloud providers

* Use backup location to load cloud config for OpenStack

* don\'t stop informer delivery on error

* Don\'t run godep restore in jenkins verify

* Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size.

* Use correct pv annotation to fetch volume ID.

* Refactor gcp.go methods for testability, add tests

* Fixing some flake8 issues

* kubectl: Use metrics-server for kubectl top commands

* Force use of Makefile for update

* Add gce-ingress e2e test for sync failure case

* Improve the upgrade test for ingress.

* Update Instances to use generated code

* fix invalid admission name LimitPodHardAntiAffinityTopology

* Add additional unit tests.

* Remove salt configuration from the fluentd-gcp configuration.

* Fix non-interface type ErrResourceNotFound on left

* Fix logs message formating

* Expose the generate stub for compute API

* Reduce verbose logs

* Fix possible panic when getting primary IPConfig

* ignore no such address error when unbind ip for IPVS service

* update bazel BUILD

* Openstack: Fill size attribute for the V3 API volumes

* Add a container type to the runtime labels

* Add support for binary file in configmap

* generated code and docs

* run a full round trip scenario

* Add a e2e test for binary data in configmap

* Checked node.Unscheulable in Toleration predicate.

* Wait for healthy extension server before registering APIService

* Skip unavailable services during e2e remaining content check

* Return ServiceUnavailable error consistently from proxy

* Update README.md with punctuation improvements

* Adding network spaces support for kubernetes-master.

* update if statement

* Adding network spaces support for kubeapi-load-balancer.

* add apiregistration v1

* generated

* Add better event handling for deleted Pods

* vclib: add test constants for use with vcsim

* vclib: add Datastore tests

* vclib: add Folder tests

* vclib: add VirtualMachine tests

* vclib: update bazel

* Add some more azure unit tests.

* Use SSH tunnel for webhook communication iff the webhook is deployed as a service

* godep: vendor gopkg.in/square/go-jose.v2/jwt

* resource version parsing should all be in one place

* move service account signing to using go-jose

* By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access.

* Distinguish service unavailable errors in client-go

* add e2e test for bound/unbound pv/pvc count metrics

* Make the pause image a manifest list

* Add preferred self anti-affinity to kube-dns pods

* remove newline after range

* run update code-gen

* Don\'t bind PVs and PVCs with different access modes.

* Add list of pods that use a volume to multiattach events

* kube-apiserver flag --admision-control is deprecated, use the new --enable-admission-plugins

* Create benchmark results file before writing to it

* switch hyper to cobra

* Ensure config has been created before attempting to launch ingress.

* bump version of addon manager

* PSP: when comparing categories in SELinux levels, ignore its order.

* Update autogenerated files.

* selinux/mustrunas_test.go(TestMustRunAsValidate): rename a member to make its meaning obvious.

* selinux/mustrunas_test.go(TestMustRunAsValidate): make PSP SeLinux options configurable.

* selinux/mustrunas_test.go(TestMustRunAsValidate): add more test cases to improve code coverage.

* Removal of KubeletConfigFile feature gate: Step 1

* Created bootstrap logic for vSphere test

* Fix bug in dockerized benchmarking script

* Adding downgrade test for ingress-gce

* Tag Security Group created for AWS ELB with same additional tags as ELB

* Increase KUBE_PARALLEL_BUILD_MEMORY to 40G.

* fix neg e2e test

* Fix equiv. cache invalidation of Node condition.

* Add benchmark for equivalence hashing.

* Change equivalence hash function.

* Move equivalence class hash code.

* Fix equivalence cache hash tests.

* use containing API group when resolving shortname from discovery

* Use GlobalMemoryStatusEx to get total physical memory on Windows node

* serviceaccount: check token is issued by correct iss before verifying

* serviceaccount: handle jwt flow specific validation in seperate validator struct

* Rename package deviceplugin => devicemanager.

* remove unused func in FakeConfigurator of scheduler

* Add UT test to openstack_test.go

* fixing array out of bound by checking initContainers instead of containers

* Fix kubectl explain for cronjobs

* Fix adding FileContentCheck

* Move multizone e2e to sig scheduling path

* Skip NoNewPrivileges test when SELinux is enabled

* Make it possible to override the driver installer daemonset url from test-infra.

* Don\'t assume ipcmk command supports size suffix.

* Refactor handling of IpcMode for the actual container

* Add new e2e-test container to export ipcs from util-linux

* Use ipc-utils container in HostIPC tests.

* Produce junit results for verify job

* Fix unset variables in shell2junit

* Set KUBE_JUNIT_REPORT_DIR on dockerized test

* Change flags to variables so that they can be passed through make

* Add storage-backend configuration option to kubernetes-master charm.

* Add allowPrivilegeEscalation to kubectl describe psp

* Tag multi-az cluster volume e2e test with sig-storage

* Fixing spaces issue found with tests. Had some missing parameters for some functions.

* Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132.

* fix runtime-config bug in kube-aggregator

* Only run verify-staging-godeps if staging/godeps are touched

* Remove changes on SECONDARY_RANGE_NAME.

* fix some log param error modified: pkg/cloudprovider/providers/vsphere/vsphere_util.go modified: pkg/controller/certificates/cleaner/cleaner.go modified: pkg/controller/volume/pvcprotection/pvc_protection_controller.go modified: pkg/volume/azure_dd/azure_mounter.go

* Revert \"Remove changes on SECONDARY_RANGE_NAME.\"

* Prefer apps/v1 storage for daemonsets, deployments, replicasets

* Prefer exact resource name matches to shortname expansions

* mini fix about typo

* Make REST mappings for resources a unique list

* Clean up unused functions and consts

* Add a metric to track usage of inflight request limit.

* Add deprecated stage of feature gates

* Mark ServiceProxyAllowExternalIPs feature as deprecated

* csi: Update version comparison model

* Adds breadcrumb to crictl warning

* Update CHANGELOG-1.10.md for v1.10.0-alpha.2.

* fix url parsing for staging/dev endpoint

* Split ClientConfigFor()

* Add in godeps verification for hack/lib/ and build/

* Add cblecker to shell2junit OWNERS You break it, you bought it.

* Contain variable names in shell2unit Also correct unbound assertions variable error on line 176

* Add brackets and quotes where needed

* Add e2e tests for GPU monitoring.

* Fix pod security policy capability test.

* kubelet: remove the rktshim directory

* Revert \"Change equivalence class hashing function\"

* fix `make quick-verify`

* remove support enable-disable api resources

* fix GetCustomResourceListerCollectionDeleter comments

* refactor resource_config.go thoroughly and remove useless code in registry

* fix webhook admission README

* Fix self link for cluster scoped custom resources

* Only rotate certificates in the background

* The TODO has been completed, so remove the comments

* code cleanup in integration framework

* run update bazel

* add RequireKubeConfig back for pull-kubernetes-e2e-kops-aws

* use info instead of infof when no format

* pass listener in apiextentions-apiserver test to prevent port in use flake

* Expose default service IP CIDR in apiserver

* Fix TC resource Leak

* remove dead testing code

* remove --tls-ca-file which had no effect

* Remove unused test for node auto-repair. This test is testing GKE only feature and should use different infrastructure.

* fix parameter advertise_address should be --advertise-address

* remove dead prefix field

* Removal of KubeletConfigFile feature gate: Step 3 (final)

* correct typo in HorizontalPodAutoscaler status condition

* Kubelet flags take precedence

* pkg: kubelet: do not assume anything about images names

* Fix pod sandbox privilege.

* removes the remainder from ScalerFor method

* Fix setting qps in density test.

* Improve messaging on resize

* Add more tests.

* CRI: Add a call to reopen log file for a container

* Perform resize of mounted volume if necessary

* Set generate-kubelet-config-file to true by default.

* Forcing get_node_name to continue searching for a node name if the returned list of nodes doesn\'t include this one.

* resourceQuota support for extended resources

* update e2e test for resourceQuota support on extended resources

* Skip rescheduler test.

* Add windows config to CRI

* Generate cri apis automatically

* Support GetLabelsForVolume In OpenStack

* Fix flaky AdmissionWebhook e2e tests.

* Update bazelbuild/rules_go to support go1.9.3

* Update to go1.9.3

* fix portallocator comments

* [GCE] Set --kubelet-preferred-address-types on apiserver by default

* Add experimental hyperv containers support on Windows

* Add HyperVContainer feature gates

* Remove setInitError.

* fix mistaken info print

* Add detailed err in ensure docker process error

* Correct the URL of openstack and make test case more detail

* deprecate insecure http flags and remove already deprecated public-address-override

* Add UT test to openstack and two para in configFromEnv

* remove some unused functions in validation.go

* Fix race condition in fake runtime test.

* initial work for azure file grow size implementation

* Don\'t go get godep in jenkins scripts

* Reset DeferredDiscoveryRESTMapper before use

* Remove port from HTTPProxyCheck

* Remove unneeded code

* When installing vendored godep, ensure that it\'s in path

* Make eviction manager work with CRI container runtime.

* Add test/fix for ErrShortBuffer edgecase

* Add crds as CustomResourceDefinition shortname

* Add deprecation comment to PersistentVolumeReclaimRecycle

* Fix PodPidsLimit and ConfigTrialDuration on internal KubeletConfig type

* Fixing upgrade charm failing if upgrading from an old enough charm(pre Nov 2017).

* Add NominatedNodeName to PodStatus

* Autogenerated files

* Change manifest file perms to remove execute

* cloudprovider/openstack: fix bug the tries to use octavia client to query flip

* Client ca post start hook now checks if the system namespace already exists before creating it.

* Fixes ci-ingress-gce-upgrade-e2e

* e2e test: use sleep to wait in hostexec

* Update tests to use the hostexec:1.1 image

* fix some typos in filters

* Ensure IP is set for Azure internal loadbalancer

* Fix typo and comments

* fix rebase error

* codeClean-merge-logfAndFailnow-to-fatalf

* Build Kubernetes binaries with valid Semantic Version

* Use `blkid` to get fs type of device.

* modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go

* fix the format for github error

* reopen #58913 Fix TODO move GetPauseImageNameForHostArch func

* Do not use ifupdown commands

* Add call to addCredentialProviderFlags

* Add Beta VolumeAttachment API

* sample-controller: document minimum kube version

* PVC Protection E2E Tests for Failed Scheduling

* update all

* Use v1beta1 VolumeAttachment

* Change feature gate PreRelease to Beta

* Rename PVCProtection feature gate so that PV protection can share the feature gate with PVC protection

* reuse PVC protection admission plugin for PV protection

* existing PV controller changes

* Add PV protection controller

* Add policy for pv protection controller

* refactor kube-aggregator api group install

* Expose etcd compaction time via environmental variable in GCE

* Fixing issue with capitalization causing odd behaviors for allow-privileged configuration option.

* remove alpha when running cloud-controller-manager with hyperkube

* Adding lower() to kubernetes master\'s usage of allow-privileged.

* Disable JUnit-style reporting for benchmark script

* Fix cross-build breakage after #58174

* Update Calico to version v2.6.7

* use node-e2e framework for testing cadvisor

* add upstream

* aesgcm - passing

* fix typo in package apiserver

* Elaborate deprecation warning

* kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address

* Add GCE ingress test case for modified health check

* Make predicate errors more human readable

* fix a typo in pkg/apis/core/fuzzer/fuzzer.go

* Fix typo (a -> an)

* fix a typo in pkg/cloudprovider/providers/azure/azure_loadbalancer.go

* Update test framework featuregates type.

* Auto generated BUILD files.

* Add UT test TestCheckOpenStackOptsfunc

* Expose etcd compaction interval param for kubemark apiserver

* Fix typo

* Fix typos

* gce: delete opencontrail vars

* cluster: remove unused functions

* cluster: remove some cvm stuff

* cluster: delete image staging

* cluster: remove unused kubelet token

* cluster: remove unreferenced vars

* cluster: remove kube-registry-proxy

* cluster/gce: remove salt comments from manifests

* Ensure that the runtime mounts RO volumes read-only

* Revert \"fail earlier on discovery failures\"

* [GCE Ingress e2e] Add test for pre-shared certificate

* Add IPv6 to ref page descriptions.

* Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node.

* kubelet: only register api source when connecting

* suggest using describe cmd to list pod containers

* bumping timeouts for apiserver communication.

* Update CHANGELOG-1.10.md for v1.10.0-alpha.3.

* [e2e ingress-gce] Retrieve the correct health check resource

* add basic functionality deployment integration tests

* refactor ipset interface AddEntry()

* validate set in ipset

* validate entry in ipset

* validate ipset entry before adding in ipvs proxier

* fix review comments

* update bazel BUILD

* Add tests for pkg/serviceaccount.

* check ErrorNotFound in netlink.go to fix cross build error

* update bazel

* fix todo: Move isDecremented to pkg/apis/core/validation

* initialize ipvs proxy owners file

* Fix typo in CHANGELOG-1.10.md.

* Move MountPropagation to beta.

* kubeadm init: skip checking cri socket in preflight checks

* Configurable etcd quota backend bytes

* fix TODO:change to a api-server watch

* fix the format for github error

* delete duplicate function for getting volume source

* Conversion from typed to unstructured should set GVK

* Introduce apiserver profile-gathering library in testing framework

* fix irregular descriptive docs

* Add e2e test for PV protection

* Cleaning up loopback removal process

* Add Terminating state to PVs

* Cluster Autoscaler 1.1.1

* Add mwielgus and MaciekPytel to GCE owners

* Use `blkid` to get fs type of device.

* Promote v1alpha1 meta to v1beta1

* patch cmd/kubeadm/test/cmd/BUILD for bazel 0.10

* nodelifecycle: set OutOfDisk unknown on node timeout

* Replace nominateNodeName annotation with PodStatus.NominatedNodeName in scheudler logic

* autogenerated files

* Remove validation failure of Pod priority when the feauter is disabled

* Sort firewall params

* Update etcd server version to 3.2.13

* fixing node labels for random tests invocation

* Reformat log to show more details

* fix typo in cluster

* fix todo: migrate to use framework.AddOrUpdateLabelOnNode/framework.RemoveLabelOffNode replace of updateNodeLabels

* Remove comment from Cluster Autoscaler manifest

* Add annotations to the deviceplugin API

* Regenerate the deviceplugin protobuf file

* Add Annotations from the deviceplugin to the runtime

* Cap how long the kubelet waits when it has no client cert

* When using the bootstrap cert, update the store

* add Annotations to audit event

* run hack/update-all.sh

* refactor NsenterWriter to utilize pkg/util/nsenter

* Remove resources that were moved to kubernetes/examples repo

* fix typo in client-go

* Fix golint for openstack and cinder packages

* Adding volume metrics support for vSphere Cloud Provider

* Use `blkid` to get fs type of device.

* Add OWNERS for Godeps and vendor folders

* Add OWNERS for third_party folder

* Add unit test for endpoint allocate

* Add OWNERS for translations folder

* Ignore OWNERS file in verify-godeps

* Update kubeadm supported etcd version to 3.2.14 in 1.10

* build: fix a logic error in shell script.

* core/v1 should be first in discovery order

* add kube-root for file directory

* fix todo:Move function readinessCheck to util

* add example for kubectl config unset, this will help user use

* Pass pod informer to PV controller

* Don\'t recycle PVs that are used by a pod

* Revert \"Add self anti-affinity to kube-dns pods\"

* kubelet ignores hugepages if hugetlb is not enabled

* Remove --service-sync-period flag which was not in use

* Use beta instead of alpha GCE Compute API to add an alias range to an instance.

* add minimal types for service account TokenRequest API

* autogenerated

* Add GCE instance UpdateNetworkInterface API to beta.

* Fix StatefulSet set selector bug

* Add comments about potential race in delta fifo.

* Ability to run an external binary instead of hyperkube cloud-controller-manager

* Redesign and implement volume reconstruction work

* Patch ingress upgrade test to ignore checking certain GCP resources

* Clarify that ListOptions.Timeout is not conditional on inactivity

* certs: allow cert controller to delete csrs

* bzl: make integration tests actually work

* Fix local PV node affinity tests and only run once

* Fix the wrong comment in cri constants.

* Test ports are covered by firewall

* Equiv class volume fixes

* Scheduler is not able to read from config file if configmap is not present

* Use direct struct comparison, not reflection

* clean up code

* Fix TestPlugin func has two same if code/kind bug

* Fix typo: constucts -> constructs

* clean temporary para for require-kubeconfig

* Refactor and add some tests.

* Ensure daemon opts are in effect before docker login

* fix typo in kubeadm

* fix invalid match rules for advanced audit policy

* Ensure public IP removed after service deleted

* Remove defaultV18AdmissionControl in 1.10 cycle

* add testapigroup of apimachinery to go-to-protobuf

* make sure mounter not nil and fix some typo

* add unchedule information to kubectl describe node

* Fix RBAC permissions for metadata agent.

* fix golint warnings in daemon controller

* Update storageos api dependency to 0.3.4

* StorageOS support for containerized kubelet and mount options

* kubectl: cannot set --all and --selector at the same time

* Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface.

* Document kubeadm API

* Update etcd version from 3.1.10 to 3.2.14 when upgrading a K8s cluster to use IP aliases.

* Update generated code

* fix apply --force w/ invalid AND conflicting resource

* split docker-logins logic into 2 handlers

* use comparable host path instead of full url when creating a targetpool

* move makeHostUrl to gce_instances (only used there)

* Fix flaky AdmissionWebhook e2e-crd tests

* IPv6: Ensure calculated node CIDR size for pod subnets is valid

* Add context to all relevant cloud APIs

* kube-scheduler: Use default predicates/prioritizers if policy config does not specify them

* svcacct: move claim generation out of TokenGenerator

* Better timeout in slower virtual machines

* authentication: remove TokenRequest from authentication.k8s.io/v1beta1

* test: bump timeout on //pkg/master

* Ensure euqiv hash calculation per schedule

* Initial local PV block device plugin checkin.

* [e2e ingress-gce] Plumb the Logger interface and avoid assertion in util functions

* Use SetInformers method to register for Node events. (#449)

* fix TODO: moving driver name check in API validation

* Fix to register priority function ResourceLimitsPriority correctly.

* remove a todo which is out of date

* Add TestEmsireExternalLoadBalancer test

* Move shared load balancer variables out of test.lb update/delete tests

* test loadbalancer resources created & deleted

* check presence of healthcheck

* add AddInstanceHook mock method, test insertion of new instace

* Update PriorityClassName API doc

* autogenerated files

* Make kubelet flags of kube-up.sh configurable.

* Removed unnecessary test code.

* simplify the if logic

* Change log format: replace () to []

* add k8s:conversion-gen to internalversion

* regenerated files

* auto generated items

* abstract proxy servicePort and endpoints

* delete unused generated file

* Remove provisioner configuration from info message.

* Switch CRI NamespaceOption from bools to enums

* Update kubelet for enumerated CRI namespaces

* Increment CRI version from v1alpha1 to v1alpha2

* Remove duplicated comment

* Enable HPA tests on large clusters

* Reimplement 2 tests using fakeexec

* devicemanager: increase code coverege of endpoint\'s unit test

* add keyring parameter in Ceph RBD provisioner

* fix todo: use selector.DeepCopy replace of hard code

* clean up unused function GetKubeletDockerContainers

* Return information about which int tests failed in the summary

* Indicate endpoint subsets are an optional field

* Allow passing request-timeout from NewRequest all the way down to actual request

* remove mapper dependency - PrintSuccess

* Split out a KUBE-EXTERNAL-SERVICES chain so we don\'t have to run KUBE-SERVICES from INPUT

* cleanup

* Move workload registries to apps package

* godep: update vmware/govmomi

* vclib: enable VM disk attach test

* Disallow PriorityClass names with \'system-\' prefix for user defined priority classes

* isolate node creation into separate function, address PR comments

* Create short name for cronjob

* Handle fetch of container logs of error containers during pod termination

* fix deployment\'s collision avoidance mechanism

* check firewall creation + deletion for healthcheck firewall

* test updateExternalLoadBalancer removes nodes

* Cleanup of ipvs utils

* use getInstanceByName to check for node presence, instead of DeleteInstance)

* remove newline before err checks. address pr comments

* Add mountpoint as CRI image filesystem storage identifier.

* verify no extra RS was created when re-creating a deployment

* run update-bazel.sh, lint on mock.go

* Remove experimental keystone authenticator

* Add gRPC client service for envelope transformer

* Update kms provider config for gRPC client service

* Fix verify error and address review comments

* Only support unix socket for kms gRPC, also add Version method

* Update for review comments

* Remove configfile for kms in encryption config

* Add generated script for kms api pb file

* Change provider ID to uuid

* Add verify script for kms generated file

* audit support wildcard matching subresources

* add test case

* run hack/update-all.sh

* Moved validation to the API side

* Revert \"add number measurement for bound/unbound pv/pvc\"

* Add useInstanceMetadata param back in Azure cloud provider

* Switch to k8s.gcr.io vanity domain

* Route verify-bazel output to stderr

* Route verify-gofmt output to stderr

* Route verify-boilerplate output to stderr

* Route verify-godeps output to stderr

* Route verify-godep-licenses output to stderr

* return error if New-SmbGlobalMapping failed in azure file mount

* Enable golint for `pkg/scheduler`

* Change critical pods’ template to use priority

* Set instanceID to azure resource ID format while useInstanceMetadata is enabled

* Fix golint errors in `pkg/scheduler` based on golint check

* fix describe when allocatable CPU/Memory is 0

* Add apiserver profiling to our scalability tests

* add node shutdown taint

* admission registration use shared informer instead of poll

* add wait ready for mutating/validating webhook configuration

* run update bazel staging-dep

* fix using defer in loop in cors test

* client-gen: remove base input dirs

* Collect prometheus metrics for custom resources

* update staging godeps

* add more error logs in kubectl run

* return a more human readable error message if mount an unformatted volume as readonly

* AWS: Do not ignore errors from EC2::DescribeVolumee in DetachDisk

* Extract instantiation of cloud provider

* Skip TestRoutes when there are no vm(s)

* Fix bug with profile-gathering waitgroup in scale tests

* Add shyamjvs to cluster/images/kubemark/OWNERS

* Add node e2e to verify hugepages feature

* validation_test.go: move test cases for AllowPrivilegeEscalation option from TestValidatePodSpec to TestValidateSecurityContext.

* kubelet: add support for pod PID namespace sharing

* Unify image registry value in kubemark setup scripts

* Mark kubemark images w/ random tags to avoid race b/w runs

* dockershim: don\'t check pod IP in StopPodSandbox

* Add \'none\' option to EnforceNodeAllocatable

* Fixes the regression of GCEPD not provisioning correctly on alpha clusters.

* Cleanup and add category doc

* Adding benchmarks to envelop encryption integration tests

* generate mocked methods with context as the first arg, because golint

* make context the first arg in AddInstanceHook/RemoveInstanceHook

* remove CAdvisorPort from KubeletConfiguration

* Update cadvisor to 6116f265302357cbb10f84737af30b1f13ce2d6c

* Remove unnecessary summary api call.

* Add a new environment variable to the startup scripts called KUBE_PROXY_MODE

* Create pkg/kubelet/apis/deviceplugin/v1beta1 directory.

* Make azure cache general for all objects

* New unit tests for timedCache

* Add cache for virtual machines

* Add cache for load balancer

* Add cache for network security groups

* Add cache for route tables

* Rename and restructure local PV tests

* Update endpoint value in test code

* Pass pvc namespace and annotations to Portworx Create API

* [e2e ingress-gce] Scale test to measure ingress create/update latency

* fix incorrect logic in canSupport

* Update azure_loadbalancer.md

* bazel: support using SOURCE_DATE_EPOCH to override date

* Bury KubeletConfiguration.ConfigTrialDuration for now

* Task 0: Added Alpha flag for NoDaemonSetScheduler feature.

* remove unused function in pkg/controller/replicaset/replica_set_test.go

* kubeadm: Support imagePullPolicy option in the kubeadm init configuration file

* Avoid race condition when updating equivalence cache.

* proxy service part changes

* proxy endpoints part changes

* iptables proxier part changes

* ipvs part changes

* Pass pod labels to controller revision

* update bazel BUILD

* correct the ConstructVolumeSpec func path value

* Add error handling and new tests

* devicemanager testing: dynamically choose tmp dir

* Add HTTPProxyCheck for API servers

* Enable scaling fluentd-gcp resources using ScalingPolicy.

* Remove bootstrap kubelet config on reset

* Print stderr from go tool pprof in profile gatherer

* Disable symbol resolution by pprof in profile-gatherer

* CSI - Marking CSIPersistentVolumeSource Beta

* CSI - Auto-generated code updates

* Workaround patch using cached version in TestPatch

* Update Kubeadm proxy handling for IPv6

* devicemanager testing: time out sooner

* Bump GLBC version to 0.9.8-alpha.1

* fix --watch on multiple requests

* Refactor volumehandler in operationexecutor

* Autogenerated files

* vSphere test infrastructure improvement and new node-unregister test

* Update CHANGELOG-1.9.md for v1.9.3.

* Enable Audit Logs Behind a Feature Gate

* Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName.

* juju: Fix kube-proxy failing to identify local endpoints

* Update CHANGELOG-1.8.md for v1.8.8.

* Extend timeout to deal with pkg/master flake.

* Adding kubemci e2e test for conformance

* Autogenerated BUILD changes

* release local ephemeral storage resource when removing pod

* Add tests for schedulercache

* nit: remove CSI plugin from ProbeExpandableVolumePlugins

* taint also node controller

* Check etcd port instead of process name

* some typo

* fix \"destroying ipset\" error in kube-proxy.log when run cluster in local

* fix deleting dummy device error in kube-proxy.log when run cluster in local

* Use SeekStart, SeekCurrent, and SeekEnd repalace of deprecated constant

* fix all the typos across the project

* auto-generated

* Use generic cache for vmss

* Adjust unit tests for vmss

* util/goroutinemap code cleanup

* New github id - FengyunPan -> FengyunPan2

* remove unused function printIndentedJson and printAllPods in test/integration/scheduler

* Update README.md

* create storage account if necessary when create azure file pvc

* Migrate FeatureGates type of kube-proxy from string to map[string]bool

* Auto generated files.

* Update fuzzer to reflect FeatureGates type change.

* Make command-line flag --feature-gates compatible

* fix some syntax related errors

* Add ipset binary for IPVS, context: https://github.com/kubernetes/kubernetes/issues/57321

* Fix kubelet PVC metrics using a volume stats collector.

* Requesting new credentials when node names change

* format some import statements in scheduler pkg

* fix typo, this let\'s us -> this lets us

* Add unit tests for extractVmssVMName

* Use full instanceID as lun lock key

* Abstract disk operation interfaces in VMSet

* Update vmss client to new version

* Update vmss fake clients

* Update Azure GO SDK to v12.4.0-beta

* Use new clients for vmss cache

* Add azure disk support of vmss

* update azure API for auth

* Fix unit tests for vmss

* Fix godeps for client-go

* Map correct vmset name for internal load balancers

* Add unit tests for mapLoadBalancerNameToVMSet

* use new account generation method for blob disk

* Remove /ui/ redirect

* Fix #59601: AWS: Check error code returned from describeVolume

* kubeadm: add configuration option to not taint master

* Remove unused getClusterCIDR()

* compare Pods by UID, not by name and namespace

* kubelet: check for illegal phase transition

* Promote configurable pod resolv.conf (CustomPodDNS) to Beta

* Auto-generated files for CustomPodDNS Beta API

* Ignore 0% and 100% eviction thresholds

* Bump GLBC to 0.9.8-alpha.2 and change back to --verbose

* bazel: update digest for debian-iptables-amd64

* Add etcd 3.x minor version rollback support to migrate-if-needed.sh

* bazel: update busybox digest to latest (~1.28.0)

* Dynamic client support subresource create/get/update/patch verbs

* Remove myself (timothysc) from OWNERS files on areas that I do not actively maintain.

* code-generator: add boilerplate header

* add --go-header-file to use kube boilerplate

* Fix typos

* Detect CIDR IPv4 or IPv6 version to select nexthop

* Fix: change basic auth password should keep admin in masters group

* Review #1

* Review #2

* controller-manager: switch to config/option struct pattern

* apiserver: make SecureServingOptions and authz/n options re-usable

* controller-manager: add SecureServingOptions

* controller-manager: add authz/n to options, nil by default

* Update generated files

* hack/grab-profiles.sh: fix typo in variable name.

* hack/grab-profiles.sh: use double quotes in trap.

* hack/grab-profiles.sh: bash script cleanups.

* hack/grab-profiles.sh: fix typos in error strings and variables.

* staging: add boilerplate header

* Increase timeout on waiting on cluster resize in autoscaling tests

* pass listener in integration test to prevent port in use flake

* run update bazel

* Don\'t create no-op iptables rules for services with no endpoints

* hack/update-codegen.sh: split string into array robustly.

* hack/update-codegen.sh: fix finding items in an array.

* hack/update-codegen.sh: fix finding api names.

* Add criSocket to kubeadm NodeConfiguration manifest

* Remove duplicated definition of ResourceList in Metrics API

* libffi-dev dependency added in fluent-es-image Dockerfile to solve the docker build error

* kubectl port-forward allows using resource name to select a matching pod

* add reviewers to util/mount

* local-up-cluster.sh should be conformant out-of-the-box

* Upload container runtime log to sd/es.

* removing production code usage from e2e tests code

* Avoid hook errors when effecting label changes.

* Add a test case for the race in #59822

* Add started state to the processor to protect against double starts

* Remove unused DeltaFIFO compressor argument to NewDeltaFIFO

* juju: Fix broken ingress after upgrade-charm

* WIP - create read/writer rate limiter

* Add criSocket to kubeadm MasterConfiguration manifest

* fix markdown formatting for test image

* Configuration changes

* kube-dns configmap translate

* add federations translation

* improve tests

* use caddy for translation

* fix json tag on Azure.config

* deprecate kubelet\'s cadvisor port

* Add vmType checking in Azure disk controller common

* Addressed review comments

* kubemark using cobra commands

* fix README for admission webhook test image

* Secure Kubelet\'s componentconfig defaults while maintaining CLI compatibility

* rename func ValidatePodSecurityContext to ValidatePod

* Addressed jeffvance\'s review comments

* Fix instanceID for vmss nodes

* cmd/controller-manager: add OWNERS for generic controller-manager code

* add number measurement for bound/unbound pv/pvc

* add e2e test for bound/unbound pv/pvc count metrics

* Save benchmark data in perfdash-friendly format.

* update-bazel.sh

* Add golang.org/x/tools/benchmark/parse godep.

* Fake docker-client assigns random IPs to containers

* Add retries to PrepareNodes utility function

* Fix DownwardAPI refresh race.

* vendor caddy

* Add jsafrane as AWS approver.

* kubectl port-forward support resolving service port to target port, and support Service as resource type

* fixing diskIsAttached func

* Correct error strings and variable name.

* kubeadm: Demote controlplane passthrough flags to phases alpha

* Pipe error message from openapi/swaggerspec verify checks to stderr

* Check if netstat or iproute2 is available

* Update to latest gophercloud/gophercloud

* Partial revert of fb5caac2da063cd5e992e2c9fda5b0bf30776871

* Improve comments for kubelet

* trivial change to fix test issue

* Kubernetes version v1.11.0-alpha.0 openapi-spec file updates

* kubelet: revert the status HostIP behavior

* force node name in generated static pod name lowercase

* Move the kubeletconfig v1alpha1 API to beta, rename to kubelet.config.k8s.io

* apiserver: fix some typos from refactor

* Standardize on KUBE_PROXY_MODE (not KUBEPROXY_MODE)

* Rename ConfigOK to KubeletConfigOk

* Try longer to fetch initial token.

* Fix the broken link in Markdown

* Process existing cloud nodes in CCM

* csi: Remove stale volume path

* Store labels and fields with object

* Fix cluster autoscaler test to support regional clusters.

* Clean-up not needed method.

* fix fluentd-gcp-scaler to look at correct fluentd-gcp version

* update -o name format to kind.group/name

* Rework volume manager log levels

* Container Liveness probe InitialDelay time increased to accomodate slow machines

* Add configuration item to allow kubeadm join to use a dns name pointing to control plane

* Update build deps for Bazel and zz_generated

* Enable mount propagation tests by default

* Add a reviewer to addon-manager

* enable mutating and validating admission webhook by default on gce and centos clusters setup by kube/cluster-up.sh

* Add some more tests for routes.

* Avoid call to get cloud instances

* gke-certificates-controller: rm -rf

* code review: create err chan via helper

* Update reviewers for sig-scheduling.

* kubelet: revert the get pod status

* Add cblecker to dep approvers

* Enforce OWNERS file in Godeps and vendor dirs

* Re-add OWNERS files to Godeps/vendor dirs

* Add deprecation notices

* cluster/images/hyperkube: Fix typo in Dockerfile for aggregator symlink

* Add cloud-provider policies to be applied via addon mgr

* Log the command line flags

* Use consts as predicate name in handlers

* In etcd-version-monitor, Remove grpc labels used only in etcd 3 format when translating metric back to 3.0 format

* [e2e ingress-gce] Add test for backside re-encryption

* Change the strategic-merge-patch link to https://git.k8s.io/community/contributors/devel/strategic-merge-patch.md

* Fix pod scheduled.

* Index PVs by StorageClass in assume cache

* collect ephemeral storage capacity on initialization

* wait for bound pvc metric updated before validating

* Remove extraneous CHANGELOGS on the 1.10 branch.

* Updating kubemci e2e test to not add kubeconfig flag for get-status

* Add AWS cloud provider option for IAM role

* Move code only used by gce out of common.sh and into gce/util.sh.

* use prometheus-to-sd 0.2.4 and fluentd-gcp-image 2.0.16

* Add quotas to density and load tests

* Revert \"add node shutdown taint\"

* add an admission decorator chain

* Split self-signed cert and CA

* reevaluate eviction thresholds after reclaim functions

* Bump default Metadata Agent version

* Allow Metadata Agent to get and list resources

* Add myself to owner aliases

* Updating vendor file and dependency

* Refactor k8s core csi bits for CSI Spec 0.2.0

* Add code and yaml for Istio as an addon

* svcacct: default expiration of TokenRequest

* oidc authentication: switch to v2 of coreos/go-oidc

* oidc authentication: generate testdata and delete old test packages

* bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b

* Updating code to use TempDir in manifest test

* [e2e ingress-gce] Enhance cleanup logic for pre-shared-cert test

* Move ipvs module loading logic

* Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies

* Autogenerated: hack/update-bazel.sh

* Require boilerplate on Bazel Skylark source files

* Pass ProjectRouter to mocks

* Don\'t assume SG is for ELB; pass tags directly

* Fix e2e node setKubeletConfiguration helper

* Do not add kubeconfig while running kubemci

* Pick the PriorityClass with the lowest value of priority in case more than one global default exists

* Add VolumeNodeAffinity to PersistentVolumeSpec

* Add new volume-scheduler cluster role to scheduler

* Volume node affinity enforcement

* Generated files

* Updated comments to correct flag of taint.

* Add API docs for multiple PriorityClasses marked as globalDefault

* Taint node when it under PID pressure.

* collect metrics on the /kubepods cgroup on-demand

* Fixing CSI E2E test

* Removed newlines from e2e log statements.

* dockertools: disable MemorySwap on Linux

* refactor kubeadm join command generation

* autogenerated files

* Changed API doc

* autogenerated files

* Add cluster-location to GCE instance attributes

* AllowVolumExpansion field to describe printer.

* Introduce PodSecurityPolicy in the policy/v1beta1 API group.

* Update examples to use PSPs from the policy API group.

* Update generated files.

* Fix typos in configmaplock

* glusterfs: Remove an outdated comment about GB vs GiB

* glusterfs: fix a comment typo

* glusterfs: refer to upstream gluster documentation

* Remove unused code and modify tests to include set based selector

* Fix grammar eror of azure cloudprovider

* Increase allowed lag for ssh key sync loop for tunneler

* Fix race in healthchecking etcds leading to crashes

* Reformat and update error strings.

* Bump kube-openapi to add new openapi endpoint

* Add new openapi endpoint in aggregator server

* cleanup printers some more

* Fix device unmap for non-attachable plugin case

* Drop init container annotations during conversion

* bzl: use --local_test_jobs

* bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43

* Test cases fix after path expansion

* Bump addon-manager to v8.6

* Disallow setting both alpha and beta PV nodeAffinity Allow setting PV nodeAffinity if previously unset

* svcacct: make token authenticator fully generic

* Add test for wrong networktier resource deletion

* Move NetworkTiers into cloud/constants.go

* Move and make exported lbScheme types into cloud/constants.go

* Define hooks for inserting Forwarding Rules and Addresses in all versions

* Move shared variables and fakeGCECloud method to top

* Use shared variable names. Define hooks on mock objects

* Delete unused ForwardingRule fakes

* fix running with no eviction thresholds

* remove deprecated /proxy paths

* autogenerated

* returning an empty array instead of returning an array with empty string for kubemci get status

* cloud: don\'t require application default credentials to run unit tests

* [e2e ingress-gce] Bump num of ingresses for scale test

* add deployment proportional scaling e2e test

* Improve scheduling queue\'s logic

* rename StorageProtection to StorageObjectInUseProtection

* fix resource filter for generic printers on get

* Adding per container stats for CRI runtimes

* Invoke PreStart RPC call before container start, if desired by plugin

* Migrate deviceplugin api from v1alpha to v1beta1

* [fluentd-gcp addon] Update event-exporter

* Fix getting pool size in autoscaling e2e tests

* Return information about which int tests failed in the summary - followup

* Make sure node pool is deleted in autoscaler e2e tests.

* Pass location parameter to event exporter.

* Remove pkg/client/unversioned

* Introduce e2e test for Metadata Agent

* collapse printing paths

* readme update for fluentd-gcp-scaler

* StorageProtection Brought to Beta in 1.10 Release

* Remove Feature from StorageProtection E2E tests as Storage Protection feature is brought into beta.

* adding new tag bumping SHA

* Deprecate KubeletConfiguration flags

* Kubernetes API for Shared Process Namespace

* Fix kubectl describe for priority class objects.

* Generated code for Shared Process Namespace

* [e2e ingress-gce] Reduce numExtraLarge to 99

* bump(go-openapi/validate): d509235108fcf6ab4913d2dcb3a2260c0db2108e

* remove unneeded factory codec methods

* Bump dependencies for build tag fixes bump github.com/vmware/govmomi/vim25 to HEAD bump bitbucket.org/bertimus9/systemstat to HEAD

* Minor improvements to scheduling queue

* Test cases to verify container log stats

* Update kubectl describe to print out PV node affinity

* add support for /token subresource in serviceaccount registry

* Deprecate kubectl scale job

* Change printDeprecationWarning to use fmt.Fprintf instead of glog

* Make the `Unschedulable Queue` interface private

* Extracting common logic related to integration testing of storage transforms.

* Introduce some plumbing which makes it possible to specify which ingress image to upgrade to for the upgrade test

* Document k8s.gcr.io/etcd image upgrade/downgrade support

* DevicePlugins feature is beta in 1.10 release

* fix todo: add validate method for &schedulerapi.Policy

* Critical pods priorityClass addition

* Build files generated

* remove f.PrintObjectSpecificMessage

* Set shared PID namespace mode based on PodSpec

* set default enabled admission plugins by official document

* Add GetDiskFreeSpaceEx and export winstats.StatsClient

* Set FsId and usedBytes for windows image file system

* Get dirFsInfo from docker image filesystem

* add lock before detaching azure disk

* Cleanup node type checking for azure nodes

* Avoid explicit mention of glusterfs in error strings.

* controller-manager make use of generic apiserver profiling

* kube-scheduler make use of generic apiserver profiling

* kube-proxy make use of generic apiserver profiling

* update bazel

* Review #1

* Unset CDPATH in build script to fix path generation

* Improves backoff policy in JobController

* Fix passing gcloud command output to error check

* Allow env to be updated via specific key in resource

* Make CSI volume attributes first class

* Add CSI volume attributes generated API code

* remove metrics client factory method

* deprecate --show-all

* Fixes #47538: Add functionality for manually creating a Job instance from a CronJob

* Add kubectl create job --from=cronjob/

* Remove unnecessary return parameter from NewCmdTopPod

* Add external metric type to HPA API

* Autogenerated code for HPA external metrics

* Modify tests

* Remove ClientSetForVersion & ClientConfigForVersion from factory

* Validation for HPA external metrics

* Fix nsenter on Mac

* update version and manifest

* bump coredns feature gates to beta

* Namespace should support table printing

* update cadvisor godeps and ignore per-cpu metrics

* add subresources for custom resources

* update generated files

* Modify PodSecurityPolicy admission plugin to additionally allow authorizing via \"use\" verb in policy API group.

* Run hack/update-bazel.sh

* Introduce buffered audit backend

* Remove subnet size restriction for IPv6

* Update the DaemonSet controller to use the apps/v1 API

* backoff runtime errors in kubelet sync loop

* Update description for valid reclaim policies

* Results of running update scripts: update-openapi-spec update-federation-openapi-spec

* Fix incorrectly formatted URL

* Add smart retries to resource creations in testing framework

* examples/podsecuritypolicy: add owners.

* Fixes for HTTP/2 max streams per connection setting

* godeps: bump go-openapi

* Remove k8s prefix from gcr.io/k8s-ingress-gce-image-push repo

* multi-zone PD e2e tests

* generated files

* gce: allow extra addons to be sourced form a url

* add me to iptables/kube-proxy reviewers

* clean up KubeletConfigOk condition construction

* Discovery client and aggregator downloader use /openapi/v2 endpoint

* Refactor tests

* fix typo and remove inaccurate TODO

* vendor misspell

* add spelling checking script

* fix new typos when rebasing

* Add kubelet container log manager

* Use container log manager in kubelet

* Generated code

* Add node e2e test for log rotation.

* add description of mount options to StorageClass describe printer

* kms: rename KMSService to KeyManagmentService

* fix proxy mode comment message in v1alpha1

* fix proxy mode comment message

* Make Service storage a wrapper around other storages

* generated: bazel

* Disable mount propagation for windows containers

* Reuse the \"min
*Nodes\" slices to save the GC time.

* remove unused function negotiate() and writeYAML()

* More unit test for configurable pod resolv.conf

* Add e2e test for configurable pod resolv.conf

* Remove conntrack entry on udp rule add.

* initialize all known client auth plugins

* clean up sysctl code

* [kube-proxy]enhance kubeproxy init flag

* fix freespace for image GC

* Fix grammar and log issue in volume cache code

* Autoscaler e2e - fix getting initial pool size

* Add a metric exposing number of objects per type

* generated

* dockershim: Return Labels as Info in ImageStatus.

* apiserver: fix testing etcd config in preparation for etcd 3.2.16+

* simplify kubectl testing factory

* Only run connection-rejecting rules on new connections

* handle Table response in client

* Enable PV protection test by default

* Fix golint warning

* Update versioned portions of kubectl to use apps/v1 with DaemonSet

* Update e2e and integration to use apps/v1 for DaemonSet

* generated code

* Add Categories to CRD spec

* update generated files

* Introduce External Metrics API

* Include generated files

* Revert \"Allow env to be updated via specific key in resource\"

* Allow TTLs to be plumbed through to webhook authn/authz in gce scripts.

* update GCE plugin for block support

* expunge the word \'manifest\' from Kubelet\'s config API

* api changes

* k8s csi code change

* autogenerated api changes

* integration: refactor, cleanup, and add more tests for TokenRequest

* Secure etcd API /w TLS on kubeadm init [kubeadm/#594] - Generate Server and Peer cert for etcd - Generate Client cert for apiserver - Add flags / hostMounts for etcd static pod - Add flags / hostMounts for apiserver static pod

* Add more test cases for volume binding in the scheduler

* Change SANs for etcd serving and peer certs

* Fix typos

* Update autogenerated docs

* add comments

* Made a couple API changes to deviceplugin/v1beta1 to avoid future incompatible changes: - Add GetDevicePluginOptions rpc call. This is needed when we switch from Registration service to probe-based plugin watcher. - Change AllocateRequest and AllocateResponse to allow device requests from multiple containers in a pod. Currently only made mechanical change on the devicemanager and test code to cope with the API but still issues an Allocate call per container. We can modify the devicemanager in 1.11 to issue a single Allocate call per pod. The change will also facilitate incremental API change to communicate pod level information through Allocate rpc if there is such future need.

* adding replication-type in GCE PD parameters

* Add Local PV stress test

* kubeadm: use localhost for API server liveness probe

* fix device name change issue for azure disk

* fix cli example

* flag value bindings for kubectl label/patch/taint/top commands

* move storageclass/setdefault into pkg/admission/storage

* kubectl: flag value bindings for common utils

* fix \"make test\"

* Delete the two same if in func TestPlugin

* fix references

* FIX the os.Stat() func in volume file/kind bug

* Fix Deployment with Recreate strategy not to wait on Pods in terminal phase

* Add tests for Deployments Recreate strategy when there are pods in terminal state present

* CRD should have server side printing

* Partial revert to fix local-up-cluster.sh

* vendor files update

* CSI code changes

* Update vendor spf13/cobra to fix completion error in bash 3

* Support Running local-up-cluster in CI

* Added unschedulabe predicate.

* tokenrequest: tokens bound to pods running as other svcaccts

* Move kubelet flag generation from the node to the client, and pass the kubelet flags through a new variable in kube-env (KUBELET_ARGS).

* correct the expected value in plugintest

* autogenerated files

* kubeadm create token using config file

* add unit test for static pod name generation

* Use `Int32Ptr` function from utils instead of self-written versions

* Run hack/update-bazel.sh

* vendoring latest version of google-api-go-client

* Added local storage e2e test for VolumeMode: block

* Conformance: Add StatefulSet tests.

* Delete two same if in photon_pd

* fix package name error modified: plugin/pkg/admission/priority/admission.go modified: plugin/pkg/admission/priority/admission_test.go

* statefulset validate collisionCount

* Fix registry flunder and fisher strategy method names to a standard

* remove default priority cache in Priority admission controller

* add --experimental-server-print tests

* Update Dashboard version to v1.8.3

* Use quotas in default performance tests

* Add clusterid tags to the instances in AWS tests

* Return missing ClusterID error instead of ignoring it

* Move retry-based updates to a different pkg

* Add support for external metrics in kubectl

* Revert \"fix resource filter for generic printers on get\"

* adjust filtered object test to reflect old weird behavior

* update aws plugin for block support

* Fix regional clusters startup

* hack/lib/golang.sh: split strings into arrays safely.

* hack/lib/golang.sh: do not split on array items.

* hack/lib/golang.sh: use double quotes.

* hack/lib/init.sh: prevent splitting in \'dirname\' result.

* hack/lib/util.sh: add double quotes.

* hack/lib/util.sh: improve staging api finding.

* hack/lib/util.sh: do not iterate over ls output.

* hack/lib/util.sh: remove shadowed case statements.

* hack/lib/protoc.sh: don\'t split find-binary output.

* Use rbd-nbd if present for rbd volume map and unmap operations, if rbd fails.

* Add external metrics client

* don\'t use storage cache during apiserver unit test

* add nodeport-addresses flag for kube-proxy

* validate nodeport-addresses

* create netwowrk interface util

* iptables part implementation

* ipvs part implementation

* userspace part changes

* auto generated codes

* update bazel

* fix static checks

* Use feature-gates command line for kube-proxy

* Better PROXY_LOG and verbosity in the command line

* auth: reregister auth providers

* Differentiate between target and target average value

* Add myself to dep-approvers OWNER alias

* Reduce number of pods created for local PV stress test

* Adding dummy and dummy-attachable example Flexvolume drivers; adding DaemonSet deployment example

* bzl: fix update-bazel.sh

* Update to use Stackdriver Agent image.

* promote GC e2e tests to conformance tests

* Let image manager return a copy of image list.

* Add CPU/Memory pod stats for CRI stats.

* auth: allow nodes to create tokones for svcaccts of pods

* noderestriction: restrict nodes TokenRequest permission

* rbac: allow system:node role to make TokenRequests for all service accounts

* Update gke nvidia-gpu-device-plugin to the latest version that supports both v1alpha and v1beta1 device plugin versions. Re-enables nvidia-gpus e2e test after verifying the test passes now.

* fix bug where character devices are not recognized

* Increase timeout of integration tests

* Added MountDevice/UnmountDevice pass-through to NodeStageVolume/NodeUnstageVolume for CSI Volume Plugin. Added related unit tests. Vendored CSI Spec to HEAD

* Adding beta feature flag for regional PDs.

* Remove cassandra example

* Update gengo version

* run hack/godep-save.sh

* run hack/update-staging-godeps.sh

* Update code generators

* don\'t (remote) cache release-tars

* Remove dep-reviewers

* Run hack/update-all.sh

* Remove passing packages from hack/.golint_failures

* Add scheduling.k8s.io to the known groups for audit logging on GCE.

* Delete the Redundant define tc

* GCE: support Cloud TPU API in cloud provider

* Update device plugin e2e_node test to not changing Kubelet config as DevicePlugins feature is enabled by default now.

* Add Cloud TPU v1alpha1 API dependency

* fix nodenames slices comparison para.

* clean up example unit test

* Volume deletion should be idempotent

* Extract recycler client into seperate directory

* Extract volumepathhandler into seperate directory

* merge util into one file

* move fs into seperate directory to break cycle import

* update golint_failures

* Make Scale() for RC poll-based until #31345 is fixed

* update import

* update bazel

* Remove old featureGate flag

* Add external metrics client to HPA rest client

* Implement external metrics in HPA

* Validate path in external metric name

* Include EOF errors also as retryable errors

* Fix nested volume mounts for read-only API data volumes

* Fixed log calls in VolumeManager

* sh2ju.sh: suppress `which` command output when gdate not found in $PATH.

* E2E: add tests for PSP from the \"policy\" API Group.

* Run hack/update-bazel.sh

* Use consts defined in api instead of defining another ones.

* [kube-proxy] Move Service/EndpointInfo common codes to change tracker

* [kube-proxy] Move ipv6 related funcs to utils pkg

* [kube-proxy] Add more IP version related utils

* [kube-proxy] Make the import name of utilproxy consistent

* [kube-proxy] Harden change tracker and proxiers for unmatched IP versions

* [kube-proxy] Unit test for unmatched IP version

* [kube-proxy] Mass service/endpoint info functions rename and comments

* Auto-updated BUILD files

* Temporary fix for LeaderElect for kube-scheduler

* Refactor common parts of scheduler_perf into reusable utils

* Remove unused variables (only assigned to) from test code.

* Make a few code paths compile cleanly with 32-bit Go.

* Add a few \"+build linux\" tags where appropriate.

* Move linux-only getProxyMode tests to a linux-only file.

* Vendor golang\'s go/types to include a fix for CGo typechecking.

* Fix build tag for grpc_service_unix_test.go.

* Add test/typecheck, a fast typecheck for all build platforms.

* Ensure generated files are present before typechecking.

* Ensure status bar displays full progress.

* Changing Flexvolume plugin directory on COS in GCE to a durable directory

* Update kubectl e2e test manifests to apps/v1

* Adding Data Encryption Key (DEK) Key Encryption Key (KEK) integration tests via KMS Plugin Mock.

* Fix kubectl completion so that file names are listed

* Code Cleanup

* Switch to a dedicated CA for kubeadm etcd identities

* Fix typos

* svcacct: move getters to use an external clientset

* implement token authenticator for new id tokens

* Support cluster-level extended resources in kubelet and kube-scheduler

* enable IPVS feature gateway by default since it\'s already beta

* Setup windows container config to kubelet CRI

* Setup docker hostconfig for windows containers

* Update unit tests and bazel files

* Update godeps

* Allow update/patch of CRD while terminating

* gce: add support for enabling TokenRequest feature

* client-go: add an exec-based client auth provider

* generated

* add unit test case for nodenames comparison

* Added unscheduable node UT for DaemonSet.

* add TestUpdateStatus for horizontalpodautoscaler

* Add node-e2e test for ShareProcessNamespace

* update the relevant BUILD file

* remove gcloud docker -- since it\'s deprecated

* Fix stackdriver logging test

* cloud-controller-manager get /healthz instead of calling restclient.ServerAPIVersions to wait for apiserver being healthy

* remove unused rest/versions.go

* run update bazel

* Add missing table converters for server side printing

* Add integration test for server side printing

* Adds daemonset conformance tests

* Remove spxtr from various OWNERS files.

* Check nil error in IsProbableEOF()

* improve get description

* add m1093782566 to milestone maintainer since he is a PM member on behalf of SIG-Network

* fix todo:Get rid of this duplicate function IsRetryableAPIError in favour of the one in test/utils

* Relax time tolerance on KMS test, limit to platforms with unix sockets available

* Set default vmtype to standard if not set

* Only install etcd for verify tests that need it.

* API Changes for RunAsGroup and Implementation and e2e

* add remount logic for azure file plugin

* Update CHANGELOG-1.10.md for v1.10.0-beta.1.

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.1.

* fix warning info format

* remove \"scale job\" from help info

* Update CHANGELOG-1.7.md for v1.7.13.

* Increase loging verbosity for deleting stateful set pods

* Added dashboard banner passthrough to GCE kube-up.

* Add buffering to the log audit backend

* remove anti-affinity

* Add retries to resource deletions in testing framework

* Do not count failed pods as unready in HPA controller

* I forgot the fact that the DevicePlugin test itself restarts Kubelet for testing purpose. Move that test back to Serial but constructs a smaller test without kubelet restart that we may run during presubmit.

* Add //test/e2e/... and //test/integration/... to //build/visible_to:COMMON_testing

* Add selector to DaemonSet in newDaemonSet function so that the v1 apis function for e2e

* Add support for `make verify WHAT=typecheck`.

* Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859

* Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation

* update Mount propagation version in comment

* Fix a grammatical error in a comment

* bump(6644d4): spf13/cobra: support bash completion for aliases

* kubelet: notify systemd that kubelet has started

* increase amount of memory filled by memory allocatable eviction test

* Remove mapping to /host/lib from fluentd-gcp container.

* Cap max number of nodes to use for local PV e2e tests

* Expect NetworkTier not to be set as GCE value (all uppercase)

* Update gazelle to latest to fix vendoring issue

* requires string input

* improve daemonset\'s retry creating failed daemon pods e2e test

* Swithcing to Official CSI 0.2.0 tag

* Promote LocalStorageCapacityIsolation feature to beta

* Update README.md of sample-apiserver.

* Generate client certificates for healthchecking kubeadm etcd static pods

* Update liveness probes to exec etcdctl /w mTLS for kubeadm etcd static pods

* Code cleanup: group consts togather

* Update documentation for azure-shared-securityrule

* Fix broken useManagedIdentityExtension for azure cloud provider

* Enable maximumLoadBalancerRuleCount config for azure yaml config file

* Add unit tests for parseConfig

* Lock subPath volumes

* Add subpath e2e tests

* Add feature gate for subpath

* Add e2e test for deletion

* [fluentd-gcp addon] Fix passing location to event exporter

* Fix initializing watch cache

* Run server-side print tests only on k8s 1.10+

* oidc: add rithujohn191 as a reviewer

* Fixing e2e CSI test

* Bump etcd server patch version to 3.2.16

* Pass in etcd TLS credentials during migrate and rollback

* fix test failure and delete unused code

* Fix DaemonSet e2e test for OnDelete

* Prevent webhooks from affecting admission requests for webhooks

* Run hack/update-all.sh

* Fixing e2e CSI test, II

* Bump Cluster Autoscaler to 1.1.2

* Create fake /etc/hosts for conformance test

* Add retrying to audit logging e2e tests

* Update Kubelet command option description for IPv6

* Setting REMOUNT_VOLUME_PLUGIN_DIR for COS images in kube-env

* Add support for binaries to run as Windows services

* Add sys/windows/svc to vendor

* Remove 1.8-1.9 upgrade codes of kubeadm

* Auto generated BUILD files.

* Use cert util to get cert data.

* log enabled admission controller in order

* purge all the -v references from e2e.go

* Add cblecker to test/ approvers

* Add OWNERS file to test/typecheck/

* Avoid reallocating of map in PodToSelectableFields

* Mark reconstructed volumes as reported InUse

* Change regional PD cloud provider references to use the beta API

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.2.

* Update CHANGELOG-1.10.md for v1.10.0-beta.2.

* Vendor newest GCP Go client

* Update cadvisor to v0.29.1

* [e2e service] Refine apiserver restart logic

* auto check the current year

* Task 2: Schedule DaemonSet Pods by default scheduler.

* Rollback etcd server version to 3.1.11 due to #60589

* [Test change - don\'t merge] Skip load test

* Make log audit backend configurable in GCE

* Increase verbosity of frequently printed logline in scheduler_binder

* Fix default auditing options.

* Make admission webhooks not ignore scheme

* Check whether it is running locally when UseInstanceMetadata

* Get external IP for azure standard nodes

* added missing error check

* Fix broken gke regional logging test.

* Fix upgrade tests for GKE Regional Clusters

* Revert \"[Test change - don\'t merge] Skip load test\"

* Fix use of \"-w\" flag to iptables-restore

* Use grpc to improve the CPU utilization of the logging agent.

* Revert \"Use quotas in default performance tests\"

* [e2e service] Fix gke failure: move apiserver restart validation logic into util

* match KindFor first

* use temp kubeconfig for fake factory

* [e2e service] Fix CleanupGCEResources for regional test

* Make admission webhooks work in custom apiservers.

* Bump to etcd 3.1.12 to pick up critical fix

* Fixes the races around devicemanager Allocate() and endpoint deletion.

* reduce nesting

* fix option --audit-webhook-initial-backoff

* set readOnly for CSI mounter

* fix show-all option description modified: pkg/kubectl/cmd/util/printing.go

* kubelet initial flag parse should normalize flags

* Update CHANGELOG-1.8.md for v1.8.9.

* Update CHANGELOG-1.9.md for v1.9.4.

* Update CHANGELOG-1.7.md for v1.7.14.

* Find most recent modified date for fluentd buffers recursively.

* Add missing v1.9.4 release note entries.

* Add missing v1.7.14 release note entries.

* Add missing container-runtime \"remote\" option

* Update CHANGELOG-1.10.md for v1.10.0-beta.3.

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.3.

* Exclude commas when pulling the tag out of the git export-subst format string

* Detect backsteps correctly in base path detection

* Add atomic writer subpath e2e tests

* Fix subpath e2e tests on multizone cluster.

* Increase apiserver mem-threshold in density test

* Use pod UID as cache key instead of namespace/name

* Updates kubeadm default to use 1.10

* fix kubectl_filedir completion

* Update CHANGELOG-1.10.md for v1.10.0-beta.4.

* Add/Update CHANGELOG-1.10.md for v1.10.0-beta.4.

* Backoff only when failed pod shows up

* Fix deprecated gcloud compute networks --mode switches.

* Bump fluentd-gcp-scaler version

* Fail the ingress test if it timesout getting address for IP address

* Fixes \'Zone is empty\' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters

* Fix issue with race condition during pod deletion

* Added unscheduable taint.

* Bump fluentd-gcp-scaler version

* Fix creation of subpath with SUID/SGID directories.

* Add unit test TestGarbageCollectorSync

* Add AUTOSCALER_ENV_VARS to kube-env to hotfix cluster autoscaler

* Prevent garbage collector from attempting to sync with 0 resources

* Fix e2e tests for emptydir

* Fix a bug where malformed paths don\'t get written to the destination dir.

* Fix cpu cfs quota flag with pod cgroups

* Patch glbc manifest to use version 1.0.0. Also add rate limiting flags

* Wait for only enough no. of RC replicas to be running in testutil

* Added network-unavailable tolerations for hostNetwork=true.

* Update CHANGELOG-1.9.md for v1.9.5.

* Update CHANGELOG-1.8.md for v1.8.10.

* Update CHANGELOG-1.7.md for v1.7.15.

* Add/Update CHANGELOG-1.10.md for v1.10.0-rc.1.

* disable DaemonSet scheduling feature for 1.10

* Use inner volume name instead of outer volume name for subpath directory

* Fix `PodScheduled` bug for static pod.

* Cluster Autoscaler 1.2.0

Tue Jun 5 14:00:00 2018 dcassanyAATTsuse.com
- Make use of %license macro

Mon May 28 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.8+c138b85178156011dc934c2c9f4837476876fb07:

* Use pod UID as cache key instead of namespace/name

* Avoid copying aggregated admin/edit/view roles during bootstrap

* generated

* Cherrypick kube-openapi changes

* Improve where we load builds from for kubeadm upgrade jobs

* Backport MAX_PODS_PER_NODE env from #63114 to 1.9

* passthrough readOnly to subpath

* add udev to hyperkube and bump versions

* RBD Plugin: Fix comments and remove unnecessary locking code.

* RBD Plugin: Pass monitors addresses in a comma-separated list instead of trying one by one.

* Fix race between stopping old and starting new endpoint

* Make integration test etcd store unique

* loopback webhook integration test

* Honor existing CA bundle and TLS server name in webhook client

* ensure tls server name is used in transport

* distinguish custom dialers in transport cache

* Ensure service routing resolves kubernetes.default.svc correctly

* Fix upgrade to Kubernetes v1.9.3+

* Detach bug fix

* Fix ILB issue updating backend services

* Fix subnet cleanup logic when using IP-aliases with custom subnets

* Fix IP-alias subnet creation logic

* When using custom network with IP-alias, use the former\'s subnet for the latter too

* Add/Update CHANGELOG-1.9.md for v1.9.7.

* Kubernetes version v1.9.8-beta.0 openapi-spec file updates

* Fix use visible files creation for windows
fix bsc#1096773

Wed Apr 25 14:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.7+dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92:

* Fix conformance testdata OWNERS file.

* add semver metadata regex

* Fix bug:Kubelet failure to umount mount points

* Increase RSS limit for runtime from 300MB to 350MB on test creating 100 pods per node.

* Fix kubelet PVC metrics using a volume stats collector.

* Return missing ClusterID error instead of ignoring it

* Add clusterid tags to the instances in AWS tests

* fix bug where character devices are not recognized

* add remount logic for azure file plugin

* Fixes for HTTP/2 max streams per connection setting

* use new account generation method for blob disk

* Make admission webhooks work in custom apiservers.

* Fixes the races around devicemanager Allocate() and endpoint deletion.

* Add missing container-runtime \"remote\" option

* added missing error check

* reduce nesting

* Fixes \'Zone is empty\' errors in PD upgrade tests; skips pd tests with inline volume in multizone clusters

* Fix creation of subpath with SUID/SGID directories.

* Fix e2e tests for emptydir

* e2e test: use sleep to wait in hostexec

* Update tests to use the hostexec:1.1 image

* Support new NODE_OS_DISTRIBUTION \'custom\' on GCE

* Bump debian-iptables-amd64 digest for release 1.9

* IsNotFound should check ErrDefault404 and ErrUnexpectedResponseCode

* Kubernetes version v1.9.7-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.6.

* Bump Heapster to v1.5.2

* Use inner volume name instead of outer volume name for subpath directory

* Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for CVE-2016-8859

* Added chmod a+x for local SSD when disk is created with NODE_LOCAL_SSDS

* Fix upgrade tests for GKE Regional Clusters

* Fix use of \"-w\" flag to iptables-restore

* Update fluentd-gcg and event-exporter images

* Use O_PATH to avoid errors on Openat

* Add a test case for the race in #59822

* Add started state to the processor to protect against double starts

* Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure

* Backport Cloud CIDR allocator fixes to 1.9

* use danglingerror

* move detach out of os volumes attach

* Remove mutation from pvc validation

* Add pod deletion to subpath tests, and subpath as file with container restart

* Use relative path for creating socket files

* Backport etcd.manifest fixes for HA clusters from #61241 to 1.9

* Register metav1 types into samplecontroller api scheme

* Update kube-dns to Version 1.14.9. Major changes: - Fix for kube-dns returns NXDOMAIN when not yet synced with apiserver. - Don\'t generate empty record for externalName service. - Add validation for upstreamNameserver port. - Update go version to 1.9.3.

* apiserver\'s webhook admission use its own scheme

* add e2e case for crd webhook

* Introduce multimaster clusters support to e2e framework for GKE

* Fix disruptive tests for GKE regional clusters

* Fix resize nodes tests for Regional Clusters

* Fix dns autoscaling test for Regional Clusters

* Fix restart nodes tests for Regional Clusters

* Fix resize test for Regional Clusters

* fix incompatible file type checking on Windows

* add tests for GetFileType

* Fix deprecated gcloud compute networks --mode switches.

* Fix daemon-set-controller bootstrap RBAC policy

* Fix PodStore to wait for being initialized

* fix nsenter GetFileType issue

* Cleanup CRD/CR confusion in webhook e2e tests

* Fix flaky crd e2e tests

* Ensure expected load balancer is selected for Azure

* remove default fsypte in azure disk

* Fix gofmt

* Update kube-dns to Version 1.14.10. Major changes: - Fix a bug in DNS resolution for externalName services and PTR records that need to query from upstream nameserver.

Tue Apr 17 14:00:00 2018 fcastelliAATTsuse.com
- Update services files to make use of KUBE_FEATURE_GATES flag
feature#feature-gates

Fri Apr 13 14:00:00 2018 rfernandezlopezAATTsuse.com
- Prevent the Kubernetes image GC from cleaning the images that have been
loaded using container-feeder.
- Added patch:

* do-not-gc-sle-kubic-images.patch
Fixes: bsc#1069469

Thu Apr 12 14:00:00 2018 fcastelliAATTsuse.com
- Put all the Kubernetes related services under the podruntime slice. This the
recommended deployment to allow fine resource control on Kubernetes.
bsc#1086185

Fri Mar 23 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.6+9f8ebd171479bec0ada837d7ee641dec2f8c6dd1:

* Temporary fix for LeaderElect for kube-scheduler

* Added dashboard banner passthrough to GCE kube-up.

* Bump Cluster Autoscaler to 1.1.2

* Fix exists status for azure GetLoadBalancer

* Add unit test TestGarbageCollectorSync

* Prevent garbage collector from attempting to sync with 0 resources

* Fix a bug where malformed paths don\'t get written to the destination dir.

* Kubernetes version v1.9.6-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.5.

* Always Start pvc-protection-controller

* Backport pv-protection-controller Finalizer Removal Part

Thu Mar 22 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.5+f01a2bf98249a4db383560443a59bed0c13575df:

* fix invalid match rules for advanced audit policy

* add lock before detaching azure disk

* Update hosts in EnsureLoadBalancer()

* external lb - move target pool operation into its own function

* Update event-exporter

* Drop init container annotations during conversion

* backoff runtime errors in kubelet sync loop

* Fixes the regression of GCEPD not provisioning correctly on alpha clusters.

* Allow update/patch of CRD while terminating

* Bugfix: Fix ordering of ValidateObjectMetaUpdate method arguments for PodTemplate validation

* 1.9 edition: Pass in etcd TLS credentials during migrate and rollback

* e2e/monitoring: Use non-deprecated proxy API

* purge all the -v references from e2e.go

* purge all the -v references from e2e.go

* Using G instead of Gi for GCE PD dynamic provisioning tests; change PV size check to >= instead of =

* Check whether it is running locally when UseInstanceMetadata

* Get external IP for azure standard nodes

* Kubernetes version v1.9.5-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.4.

* Fix CleanupGCEResources for regional test

* Detect backsteps correctly in base path detection

* Add atomic writer subpath e2e tests

* Exclude commas when pulling the tag out of the git export-subst format string

* Add retrying to audit logging e2e tests

* Skip deprecated /ui redirect check against 1.10.0-alpha.0 and newer

* Skip deprecated proxy prefix tests against 1.10.0-alpha.0 and newer

* prevent v1alpha1.Table tests in 1.9 from running against >=1.10

* bugfix(mount): lstat with abs path of parent instead of \'/..\'

* Fix subpath e2e tests on multizone cluster.

* check server version at correct point in e2e flow
- fix bsc#1086412

Tue Mar 13 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.4+bee2d1505c4fe820744d26d41ecd3fdd4a3d6546:

* Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details (#61046, bsc#1085009)

* Ensure public IP removed after service deleted

* Use GlobalMemoryStatusEx to get total physical memory on Windows node

* Kubernetes version v1.9.4-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.3.

* Update to go1.9.3

* kubelet: only register api source when connecting

* Set instanceID to azure resource ID format while useInstanceMetadata is enabled

* Change provider ID to uuid

* Implement upgrade-aliases.sh to migrate a route-based k8s cluster to use IP aliases in GCE.

* Still proceed to sync on aliases from node\'s spec and cloud even if the mode is not the expect one.

* Fix GCE IP Aliases CI https://k8s-testgrid.appspot.com/google-gce#gci-gce-ip-alias failure cause by pull #56132

* Update vendor of google.golang.org/api repo

* Use beta instead of alpha GCE Compute API to add an alias range to an instance.

* Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface.

* Pass pvc namespace and annotations to Portworx Create API

* return error if New-SmbGlobalMapping failed in azure file mount

* Map correct vmset name for internal load balancers

* Detect CIDR IPv4 or IPv6 version to select nexthop

* Use SetInformers method to register for Node events. (#449)

* Improve performance of scheduling queue by adding a hash map to track all pods in with a nominatedNodeName.

* Fix race in healthchecking etcds leading to crashes

* Increase allowed lag for ssh key sync loop for tunneler

* fix device name change issue for azure disk

* create storage account if necessary when create azure file pvc

* Ensure that the runtime mounts RO volumes read-only

* Fix Deployment with Recreate strategy not to wait on Pods in terminal phase

* Fix comparison of golang versions

* Add tests for Deployments Recreate strategy when there are pods in terminal state present

* Add etcd 3.x minor version rollback support to migrate-if-needed.sh

* hack: when installing gazelle, checkout older version of buildtools

* Update Dashboard version to v1.8.3

* Fix nested volume mounts for read-only API data volumes

* Lock subPath volumes

* Add subpath e2e tests

* Add feature gate for subpath

Wed Mar 7 13:00:00 2018 kukukAATTsuse.de
- Add /var/lib/cni to kubernetes.tmp.conf
- Fix %post kubelet section to correctly create /var/lib/cni as
subvolume on CaaSP3 only.

Mon Mar 5 13:00:00 2018 rfernandezlopezAATTsuse.com
- Do not create `/opt/cni/bin` subvolume or folder , we\'ll use `/var/lib/kubelet/cni/bin` instead

Thu Mar 1 13:00:00 2018 kmacinnesAATTsuse.com
- Fix CNI subvolume creation in kubelet\'s post install script

Wed Feb 14 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.3+d2835416544f298c919e2ead3be3d0864b52323b:

* Recheck if transformed data is stale when doing live lookup during update

* Fix garbage collector when leader-elect=false

* Track run status explicitly rather than non-nil check on stopCh

* admission: do not leak admission config types outside of the plugins

* Fix loading structured admission plugin config

* Surface error loading admission plugin config

* Kubernetes version v1.9.3-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.2.

* Reduce Metrics Server memory requirement

* Adjust the Stackdriver Logging length test

* Rework method of updating atomic-updated data volumes

* Initialize node ahead in case we need to refer to it in error cases. This is a backport of https://github.com/kubernetes/kubernetes/pull/58186. We cannot intact backport to it due to a refactor PR https://github.com/kubernetes/kubernetes/pull/56352.

* Send correct resource version for delete events from watch cache

* Add resource limits to prometheus-to-sd to guarantee qos

* Introduce METADATA_CONCEALMENT_NO_FIREWALL to prevent firewall from being set

* Bump metadata proxy to v1.9

* Revise the log err when failed to get the node.

* Use /proc/net/nf_conntrack.

* Make IsConnectionReset work with more error implementations.

* Rewrite go_install_from_commit to handle pkgs that aren\'t in HEAD

* Use the bazel version check function from bazel-skylib

* Update cluster addon Calico to v2.6.6

* Make it possible to override the driver installer daemonset url from test-infra.

* Add apiserver metric for number of requests dropped by \'inflight-request\' filters.

* Add a metric to track usage of inflight request limit.

* Never let cluster-scoped resources skip webhooks

* generated

* fixing array out of bound by checking initContainers instead of containers

* Use SSH tunnel for webhook communication iff the webhook is deployed as a service

* Split ClientConfigFor()

* By default block service proxy to external IP addresses. Service proxy uses redirects to Pods instead of direct access.

* Add deprecated stage of feature gates

* Mark ServiceProxyAllowExternalIPs feature as deprecated

* azure disk: if the disk is not found, immediately detach it. This prevents azure keeps the bad request and stops issuing new request

* Bump Metrics Server to version v0.2.1

* Get windows kernel version directly from registry

* Updated priority of mirror pod by PriorityClass.

* Update Calico to version v2.6.7

* Client ca post start hook now checks if the system namespace already exists before creating it.

* Set --kubelet-preferred-address-types on apiserver by default

* Remove setInitError.

* Expose etcd compaction time via environmental variable in GCE

* cloudprovider/openstack: fix bug the tries to use octavia client to query flip

* Cluster Autoscaler 1.1.1

* Ensure IP is set for Azure internal loadbalancer

* Configurable etcd quota backend bytes

* Remove duplicate function.

* fix apiserver crash caused by nil pointer and ensure CRD schema validator can be constructed during validation.

* ref -> $ref

* fix GetCustomResourceListerCollectionDeleter comments

Fri Feb 9 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.9.2+5fa2db2bd46ac79e5e00a4e6ed24191080aa463b:

* kubenet: remove code forcing bridge MAC address

* Prevent deadlock on azure zone fetch in presence of failure

* Clean up some service related description

* Fixes range for min value in imagepolicy admission

* fix typo in config_test.go

* Allow to specify tls config for coredns provider

* Expect that path to files will be provided not raw data

* kubelet: fix inconsistent display of terminated pod IPs by using events instead

* fix error print

* flexvol: remove a mount directory in a error case

* kubectl config get-contexts: sort output

* avoid newline \"\
\" in the error to break log msg to 2 lines

* Remove duplicate code fixing empty name error

* Mark volume as detached when node does not exist for photon

* Fixed a small comment typo

* Fix AnnotationProvidedIPAddr for externalCloudProvider

* Fix kube-proxy to use proper iptables commands for IPv6 operation

* Clean up diskLooksUnformatted literal

* Create container log symlink for all containers

* fix kubectl set resource/selector/subject output

* Add YAML example to kubectl patch.

* set proxy when build containers for users behind proxy

* Use cloud environment to instantiate client

* Variable mismatch

* remove redundant error test case in autoscaling validation

* Support completions for --clusterrole of kubectl create clusterrolebinding

* Add Kubernetes user agent to GCP API calls.

* support nodeSelector in kubefed init

* If command.Execute() return err, print to stdErr

* Run go fmt

* Add fmt.printf for other need

* provider_test.go: use existing method instead of own copy of it.

* migrate sig-ui e2e test

* fix-review

* Fix typo in docs of remote package

* fix conditional for warning while starting KCM without secret file

* add ut for pkg/kubectl/deployment.go

* fix minor typo

* Add CII Best Practices Badge

* fix issue(49965)kubectl scale also says that it can work based on a label selector or all

* remove duplicated import

* e2e test session affinity

* add unit test for describe secret

* debug cost time

* Fix NodeIdentifier godocs: IdentifyNode -> NodeIdentity

* Add bash test for kubectl scale --selector and --all

* Refactor federation dns test case with sets.String

* Remove useless code

* add UT for pkg/kubecl clusterrolebinding

* fix bug in admission test

* remove useless allocation of map

* Improved Italian translation for kubectl

* Rebase runtime-config branch on top of master

* Use --oom-score-adj flag for kube-proxy

* Remove cgo flag for oom package

* change AddEventHandlerWithResyncPeriod to AddEventHandler in factory.go

* Pointer receiver support for MarshalQueryParameter()

* Add a kubelet metric to track certificate expiration.

* Fix format specifiers in Azure cloud provider

* Remove plugins entry from hack/.golint_failures

* Fix documentation golint warnings

* Change error variable identifiers to ErrFoo

* Rename PluginsEnvVarPluginLoader to stop stutter

* Rename XDGDataPluginLoader to be uniform

* add unit test case for networkpolicy storage

* Address panic in TestCancelAndReadd

* ensure unstructured resources in kubectl get

* Azure: expose services on non-default subnets

* add ipvs default sync period

* squash the commits into one

* should use time.Since instead of time.Now().Sub

* Fix apiserver help message

* kubectl: Move utility functions to util package

* remove todo(#42787)Add fallback for cronjobs, and move some useful function to cmdutil

* migration of federation test

* fix comment for cronjob utils.go

* Refactor cronjob test case with sets.String

* rename the name of eventsource in controller-manager

* add verify case in index_test.go

* add err message if / pairs specified under --local

* add Local and Unstructured builder attributes

* update bazel

* Moving disk-related cloud provider operations to gce_disks.go

* fix annoying leader election typo

* Add cmluciano to NetworkPolicy reviewers

* ignore unknown resource version in scaler error

* add --list option to label cmd

* Add an OWNERS file for deviceplugin package. Update OWNERS file for gpu package.

* ProducesObject should only update the returned API object resource documentation

* Add examples pods to demonstrate CPU manager.

* add readme file of ipvs

* rsync ipvs proxier to HEAD of iptables

* update bazel

* vendor libnetwork which support flush API

* support ipvs flush API

* Fix failure to load volume plugins for #52048

* Add required family flag for conntrack IPv6 operation

* acknowledge --show-all=false with --watch

* Clean up kublet secret and configmap unit test

* move specialDefaultResourcePrefixes out of vendor/k8s.io/apiserver

* adding kube-controller-manager starting option tests

* Add `ReclaimPolicy` field to `kubectl describe storageclass` output.

* validate federation cluster spec CIDR

* client-go: simplify deepcopy calls

* Fix some comment in hack/jenkins/
*-dockerized.sh

* Change TimeAdded to pointer

* Generated files

* Add cmluciano to milestone maintainers

* inode eviction only requires filling 200k inodes

* Fixes issues noted in review

* e2e: minor changes to network/service testing utils

* add test case

* Allow kubectl cp large amounts of files from container

* Ensure we log the flag apiserver starts with.

* Add more test coverage for kubeadm uploadconfig especially with idempotent case.

* Remove backward compatibility of hostportChainName

* Fix golint errors in `pkg/controller/podautoscaler`

* Modify `apimachinery` imports using `staging`

* Do deep copy instead of to and from JSON encoding

* fix kubectl cp command error. it happens when copy directory to pod and the directory path ends with \'/\'. for example: kubectl cp /XX/XX/ XX-POD:/XX/XX

* add lease endpoint reconciler

* dockershim: remove support for legacy containers

* adds two new fields to AdmissionOption.

* Avoid printing node list for LoadBalancer in log file

* Parse out numeric portion of semantic version.

* correct to handler

* Always populate volume status from node

* fix issue(#52244)kubectl describe serviceaccount have redundance null line, we should keep accordance for kubectl describe command

* fix return 0 error in DefaultSubCommandRun

* remove repeated import\'k8s.io/client-go/kubernetes\' in controllermanager.go

* print HostPathType for kubectl describe

* allow windows mount path

* add FlagPersistent flag in nodePort and other situation

* remove unless healthz.DefaultHealthz() in controller-manager

* ut test load ipvs config

* Add testcase for SelfLink function

* Fix typo in kubelet kuberuntime container test

* Fix incorrect status msg in podautoscaler

* Add specific errors for pod affinity predicates

* Add some comments to the version and user-agent changes.

* Updated pd.go tests to use GCE API instead of GCloud Commands

* Add cdk-service-kicker to kubernetes charms

* error msg fixes

* E2E test to make sure controller does not crash because of nil volume spec.

* add ut for pkg/kubectl/autoscale_test.go

* storage, etcd3: add an option for configuring interval of compaction requests from apiserver

* Implement metrics for Windows Nodes

* typo in annotations

* fix issue(11233)enhance kubectl config command

* Test gcloud exit when detecting master for e2e

* fix kubectl get cronjob lose age info

* Removing PrometheusPushGateway --prom-push-gateway flag from e2e tests.

* add/update tests

* improve the relation of ExecInContainer and Exec

* Release note should not be NONE or similar things.

* Refactor node taint conditions

* add age column for storageclass and cronjob test

* golint version and fix versioning doc link

* Add s390x to juju kubernetes

* Remove warning about changes in default token TTLs

* Bugfix to check overcommit for hugepages.

* Drop --experimental-bootstrap-token-auth flag.

* Remove deprecated stale flags of kubele

* Use NC to fix deprecated taint key name

* Add redirection test for service using request host. Transport has no scheme and host.

* Handles redirection when service returns absolute path with request\'s host.

* client-go: Truncate body based on Verbosity level

* Initial changes for adding forward rules

* Do not set message when terminationMessagePath not found

* Unable to detach the vSphere volume from Powered off node

* Switching to apps/v1beta2

* fix typos: remove duplicated word in comments

* Add IPv6 support to iptables proxier

* Some kubelet flags do not accept their default values

* Fix url for Saltstack administration document

* Add default value for RouteReconciliationPeriod in cloud controller manager

* Improve codes which checks whether sandbox contains containers

* Need to validate taint effect when removing taints.

* optimize then function in kind visitor

* Remove unused variables and constant from pkg/apis/componentconfig/v1alpha1/defaults.go

* Use const instead of hard code for volume plugin

* Consolidate extended resources and hugepages in Scheduler.

* Add pod disruption budgets to admin/edit/view roles

* To be consistent with http package, check also no_proxy

* s390x ingress controller support

* Remove federation manifests which are no longer used

* Auto generated bazel build file

* add generic printer test of structured obj

* Bulk Verify Volumes Implementation for vSphere

* Fixing kubelet restart

* bazel: make //cmd/kubectl:kubectl binary publicly visible

* Refactoring and improvements for iSCSI and FC

* Only register floatingIP for external loadbalancer service

* Fix missing floatingip when calling GetLoadBalancer()

* fix the bad code comment and make the format unify

* Add test file for go file

* stop the Timer

* Fix typo in e2e-node-test.sh

* Multi-arch allowPrivilegeEscalation tests

* Validate that cronjob names are less than 52 characters

* Fix GCE LB resource cleanup for service e2e tests.

* Collapse all metrics handlers into common code

* Track gauge of all long running API requests

* fix typo

* Minor fix: make sure that gluster implement interface ExpandableVolumePlugin

* fix typo

* Remove the deprecated env \"ENABLE_CRI\"

* add feature: azurefile mount on windows node

* TestIoHandler should not run on unsupported platforms

* Add comment for controller manager default values

* fix service hash flags

* update comment code mistake

* only allow cifs mount on windows node

* default service resolver for webhook admission

* Enable go race detection for bazel tests.

* CRI: Allow configuring stdout/stderr streams for Exec/Attach requests

* Adjust the validating messages

* Conditionally run detect-project in log-dump

* generic_scheduler.go: Fix link in comment

* pkg/controller/node/scheduler/rate_limited_queue.go:correct a small spelling mistake

* add UT for podPreset storage

* Add version info to kube-scheduler, kube-proxy and kubelet logs.

* Remove cloud provider rackspace

* Fix broken statefulset e2e test

* Fixed logic with updates in initializer plugin

* Make feature gate enablement checks lock-free

* dockershim: fine-tune network-ready handling on sandbox teardown and removal

* bazel: bump rules_go

* Build hyperkube image with Bazel

* Set the default value of service-cluster-ip-range in kube-apiserver

* Remove orphaned rules

* Use buildozer to remove deprecated automanaged tags

* Use buildozer to delete licenses() rules

* add tags to e2e and integration tests

* Tag broken examples test as manual

* bazel: use autogenerated all-srcs rules instead of manually-curated sources rules

* bazel: build/test almost everything

* Added device plugin e2e kubelet failure test

* Allow dns e2e test case for ExternalName to run on aws

* Don\'t need to check useAnnotation in dns e2e test

* the feature of Flex volume API and Improved lifecycle hasnot merge v1.6

* fix some error link of changelog.md and changelog-1.6.md

* fix error of func TestValidateStatefulSet that updateStrategy

* make configFactory private

* remove rackspace related code

* refactor parsing cluster autoscaler status

* Moved fakes to a separate file usable by other tests

* Modified test/e2e_node/gpu-device-plugin.go to make sure it passes.

* kubelet: remove the --docker-exec-handler flag

* Add cos as an alias for gci in the upgrade script

* Add docs for secret literal and file combinations

* Update CHANGELOG.md for v1.9.0-alpha.1.

* Update CHANGELOG.md for v1.8.0-rc.1.

* Preserve leading and trailing slashes on proxy subpaths

* Cleaning up unused functions in /pkg/controller/deployment/util

* kubeadm golint clean up

* volunteer to help with external cloud providers

* Add a negotiate method media type for use in explicit contexts

* Simplify some deployment utilities

* add ipvs sync period parameters

* refactor tests, and add soft eviction test

* Added service annotation to set Azure DNS label for public IP

* Update gophercloud to Handle New Identity Endpoints

* bug(cli)fix kubectl config unset unexist map key will add this key, should tell user this key not exist

* Switching to rbac/v1

* Include audit log in master log capture

* Add support for skeleton in GetSigner

* squash the commits into one

* fix 404 link in changelog-1.6

* Limit 52-character cronjob name validation to create

* Update kubelet\'s \'pod-manifest-path\' description

* Use arg cgroupRoot,not nodeConfig.CgroupRoot

* fix-todo

* improve cgroupmanager in qosContainerManager

* Improve `horizontal.go` documentation

* Fix oversized comment line, lint error

* Add round trip tests for conversion to go-openapi types

* use patch PodStatus to avoid overwriting potential pending status updates

* Change RBAC storage version to v1 for 1.9

* bump(github.com/go-openapi/spec): 7abd5745472fff5eb3685386d5fb8bf38683154d

* enable scale to 0 test for gke

* oidc client auth: better error when refresh response is missing id_token

* Fix test selector

* Move prometheus metrics for docker operations into dockershim

* Adjust audit policy for scale issues

* AllowPrivilegeEscalation: add validations for caps and privileged

* Move deployment collision avoidance e2e test to integration

* Refactor function

* Mark Cluster Autoscaler as GA (1.0.0)

* godep revendor google api go clients

* add neg to gce cloud provider

* add alpha wrapper function for backend service and health check

* e2e additional tests for local volume

* Endpoints can add a get or connect options type in their group

* Use PollImmediate and shorter interval in integration test

* Add check for IPv6 \'::\' when calculating kube-proxy\'s node IP

* Add msau42 to storage e2e approvers

* Fixes the flaky TestDevicePluginReRegistration. In the current test, there is a race that the new device plugin endpoint may not be added to the device plugin manager endpoints at the time when we call manager.Devices(). Added the checking and waiting for endpoint updates before calling manager.Devices() in the test.

* Fixed intermittant e2e aggregator test on GKE.

* Fix --kube-reserved storage key name and add test cases for node allocatable reservation

* refactor nsenter to new pkg/util

* use GetFileType per mount.Interface to check hostpath type

* auto-gen

* fix some typos in api types

* Fix a potential file leak

* auto-gen

* Add switch to control use of pv for etcd in federation CI jobs

* Fix couple of minor issues in federation deployment scripts

* Remove unnecessarily included scripts in federation deployment scripts

* Move logs related to etcd pvc creation inside conditional

* Use custom error for \"unimplemented\"

* federation: simplify deepcopy calls

* Fix wrong deprecated option info in

* remove unused code

* Detect major version mismatches between kubeadm and kubelet.

* fix fuzz of micro time

* Improve HT detection

* Ring buffer for notifications

* Get fallback termination msg from docker when using journald log driver

* Fix the version detection of OpenStack Cinder

* Removes creation of CSR approval CR from kubeadm

* cluster size autoscaling tests fixes

* Allow kubelet metrics tests to run on gke

* Add more reviewers for volume components

* fix missing apps/replicaset in kubectl

* Support apps.ReplicaSet in kubectl describe

* Align imagefs eviction defaults with image gc defaults

* Allow to use version labels in kubeadm upgrade apply

* federation/pkg/federation-controller/util: fix swallowed errors

* Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled

* Modify traces in deletion handler

* More descriptive error message for `make test`

* Remove touch-lock init container from kube-proxy

* Fix kube-proxy addon OWNERS file

* Add documentation comments for volume expand controller

* [OpenStack] Service LoadBalancer defaults to external

* support run ipvs UTs in windows platform

* Fix host network flake tests

* Update gophercloud: Remove v1/appiversions

* Added openstack instance metadata search order

* kubeadm-reset: notify about a non-default certificates directory

* remove ipv4 in pkg/util/ipvs

* All cloud-providers not required out-of-tree

* fix broken cloud provider info urls

* clusterrolebindings duplicate create in local-up-cluster.sh Changes to be committed: modified: hack/local-up-cluster.sh

* Fix version comparison for versions with preRelease components

* Add a label which prevents a node from being added to a cloud load balancer.

* Metadata order search tests

* outputs for colums not found

* Update kube-dns to version 1.14.5

* Update kubeadm to 1.14.5

* Revert \"Make kubelet touch iptables lock file during initialization\"

* improve code

* Normalize RepoTags before checking for match

* Improve PVC ref volume metric test robustness

* kubectl cp support coping remote file into local dir

* enable to specific unconfined AppArmor profile

* k8s.io/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch: Fix swallowed errors in diffLists()

* k8s.io/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch: Fix swallowed errors in normalizeSliceOrder()

* Address review comments

* vendor/k8s.io/client-go/tools/record: Fix two swallowed errors in tests

* Retry when checking Azure storage account readiness

* Move k/test/e2e_federation package to k/federation/test/e2e

* Move k/test/integration/federation to k/federation/test/integration

* Auto generated build files

* implement delete real server for fakeIPVS and add UTs

* remove ipv4 constraints of Node IPs in ipvs proxier

* fix sample-apiserver artifacts

* new version number for kubeadm constants.go

* Fix lint error on kubernetes-worker

* gce:restrict file permissions for PKI assets

* fix #52462. Do not GC exited containers in running pods

* bazel: set --incompatible_disallow_set_constructor=false to fix breakage

* Fix indentation and skip leading v on the semver.

* Change ImageGCManage to consume ImageFS stats from StatsProvider

* Fix another space vs tab formatting error.

* Improve deb and rpm packaging

* Add 201/202 to the list of returned codes.

* Make sure GOPATH/bin is in PATH

* Centralize godep version number

* Kubeadm: Change the marshal code to use ApiMachinery code.

* Let node test subcommand be an arg

* Fix kubeadm upgrade grammar.

* Abort if not default nor conformance

* Update CHANGELOG.md for v1.6.11.

* Update CHANGELOG.md for v1.8.0.

* Make HPA tolerance a flag

* Remove storage-class annotations in examples

* Fix a scheduler flaky e2e test

* Move 1.6.11 changelog to CHANGELOG-1.6.md

* Update CHANGELOG.md for v1.7.7.

* remove unused filed

* remove unused function addStorageLimit

* rename test file name

* Improve error logging and comments

* Fix broken links in kubelet

* Fix basic audit in GCE deploy scripts

* fix comment

* Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled

* Fix sed command to not try shell redirection

* Calculate patches for commands using input version

* Fixes a flakiness in GPUDevicePlugin e2e test. Waits till nvidia gpu disappears from all nodes after deleting the device plug DaemonSet to make sure its pods are deleted from all nodes.

* Fix 1.8.0 binery checksums

* Let local node e2e return error.

* Go fmt

* Bazel fmt

* Enable node certificate autorotation

* prepull images after disk eviction tests

* gce: remove compute-rw, see what breaks

* Fix user-agent append string component order.

* Move make clean to a static list

* Update file location in comment

* Fix merge conflicts.

* Allow users to configure the service account made available on their nodes

* add get alpha backend service into cloud provider

* Fix imagefs stats.

* Clean up godep scripts to be self-contained

* Vendor godep v79 and use it

* openapi: Validate unregistered type, if they can be found

* Fix failing import in juju master namespace actions.

* Panic on failure to calculate index key

* pass labelSelector to server side opaquely

* Fix bad format of 1.8 release notes

* Elimenate extra CRI call

* Correct APIGroup for RoleBindingBuilder Subjects

* Enhance scheduler for TaintNodeByCondition.

* Update CHANGELOG.md for v1.5.8.

* fluentd-elasticsearch add-on: Upgrade to Elasticsearch/Kibana 5.6.2

* fluentd-elasticsearch add-on: Upgrade API versions

* moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver

* Rename TPR to CRD to be consistent

* Updated known issues for kubelet --cert-dir

* create separate transports for liveness and readiness probes

* Implement CRI stats in dockershim for Windows

* Update influxdb and grafana controller to latest version

* Add audit-logging, feature-gates & few admission plugins to kubemark

* Send VolumeMismatch event to PVC

* make isAutoscalerEnabled check work with min size 0

* Fixed counting of unbound PVCs towards limit of attached volumes.

* refactor test to work on GKE

* Wording in missing config from cluster response errantly says \"don\'t how to\".

* remove containers of deleted pods once all containers have exited

* Don\'t referece not-exist addon manager manifests in comment

* etcd: update version to 3.1.10

* Version should be quoted so jq doesn\'t interpret it as numeric

* add --selector flag support

* Beginning of rewrite apply merge-logic using visitor pattern.

* Address PR comments

* container-vm is deprecated, so don\'t use it for GCE test clusters

* Kubeadm: Add some validation for external etcd config

* Fixes test/e2e_node/gpu_device_plugin.go test failure.

* stop assigning satnam reviews

* Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role

* add timeout for Openstack cloud provider

* don\'t recreate static pods when node gets deleted

* Version should be quoted so jq doesn\'t interpret it as numeric

* cmd: kubectl: remove golint_failures entry

* Change default --cert-dir for kubelet to a non-transient location

* support imagePullSecrets and imagePullPolicy in kubefed init

* Fix test skip condition

* Disable autoscaling before removing autoscaled node pool

* Increase backoffLimit for job that we expect to fail several times

* Remove conformance tag for internet connectivity

* Dynamically determine default docker machine memory

* Add permisions for Metrics Server to read resources on cluster level

* default fail-swap-on to false for kubelet on kubernetes-worker charm

* Remove swagger 1.2 validation

* Add IPv6 option for e2e iPerf test

* fluentd-elasticsearch add-on: Rename Elasticsearch Docker image tag

* removes Authorizer and ExternalClientSet from kubeapiserver\'s admission initializer.

* Merge kube-dns templates into a single file

* Merge kube-dns-autoscaler templates into a single file

* Rewrite `kubectl explain` to use openapi

* openapi: Add fake resource to simplify tests

* Add test for explain

* Fixes a regression introduced by PR 52290 that extended resource capacity may temporarily drop to zero after kubelet restarts and PODs restarted during that time window could fail to be scheduled.

* add note about kubeletremoved flag --api-servers

* Support field selectors for CRDs

* Fix spam of multiattach errors in event logs

* Improve explanation of ReplicaSet.

* fix typo in health check url

* Verify clean up of stale VM\'s for vSphere dynamic provisioning

* e2e tests need a ping6 test for IPv6-only clusters

* Minior cleanup in pkg/controller/node/ipam/sync/sync.go

* Add a flag to customize config relative dir

* Create e2e test for Custom Metrics - Stackdriver Adapter

* Support completions for kubectl config rename-context

* Enable prometheus client metrics in apiserver

* Update bazel

* cleaning tests from deprecated usecases due to unsupported version

* Add /var/lib/kubelet error to known issues

* code-generator: rename _test to _examples

* code-generator: turn hack/update-codegen.sh into re-usable generate-{internal,}-groups.sh scripts

* sample-apiserver: port to k8s.io/code-generator/generate-internal-groups.sh

* verify-pkg-names.sh: exclude generated informers

* Update generated files

* kubelet: add metrics to network plugin manager

* Ignore notFound when deleting firewall

* moves admission.v1alpha1.NewAdmissionReview to webhook plugin

* Use pointer for PSP allow escalation

* revert the comment change from Run to run

* Bump default snap channel to 1.8/stable in juju charms

* New controller to GC CSRs.

* Allow setting --concurrent-service-syncs for kube-controller-manager in GCE startup scripts

* Refactor network policy e2e tests, and add additional logging when tests fail

* Handle missing subnet for auto networks and legacy networks

* Fix the defaultServerImage name of hyperkube in kubefed

* cmd: cloud-controller: remove golint_failures entry

* Fixed alpha e2e test failure.

* Enable event logging in the service controller

* Update CHANGELOG-1.7.md for v1.7.8.

* Removed the IPv6 prefix size limit for cluster-cidr

* PV recycler: don\'t reuse old recycler pod.

* Add test for HPA

* Fixed metrics API group name in audit configuration

* Add API version apps/v1

* Enable apps/v1 by default

* Skip auto-generated apps/v1 codes in golint

* Fix typo in apps/v1beta2 default test

* Move certificate manager to client.

* Add cblecker to build/ owners

* Adjust defaults of audit webhook backends

* Add throttling to the batching audit webhook

* Ignore unexported fields in import_known_versions_test

* Ability to run the openstack tests against DevStack

* Add group by default to kubeadm token create

* Add cheftako to CP reviewers and wlan0 to approvers.

* Autogen

* Remove deprecated const from apps/v1beta2 and apps/v1

* Added integration test for TaintNodeByCondition.

* implement fakeIPVS update virtual server

* log when node is initialized in cloud controller manager

* sync(k8s.io/gengo): 70ad626ed2d7a483d89d2c4c56364d60b48ee8fc

* code-generator: unify generator main.go files

* client-gen: stratify main.go

* Update generated files

* apimachinery: remove Scheme.Copy

* Autoscaler metrics-server with pod-nanny

* apimachinery: remove Scheme.DeepCopy

* Skip e2e check for logs API path if provider is local

* add --dry-run option to kubectl drain

* PSP: teach fuzzer about fsGroup/supplementalGroups strategies.

* add tests

* Updating Calico to v2.6.1

* apiextensions/examples: remove unnecessary function

* apimachinery: mechanical removal of ObjectCopier plumbing

* [GCE kube-up] Allow creating/deleting custom network

* Allow kubemark to use custom network for instance creation

* Removes TTY flag from etcd image build process

* In DevicePluginHandlerImpl.Allocate(), skips untracked extended resources. Otherwise, we would fail a Pod allocation request that has an extended resource not managed by any device plugin.

* kubeadm/cmd: fix typos, punctuation and capitalization

* common.sh fix to detect ip instead of ifconfig

* clarify pridicates message when no nodes available

* remove replicaset unit tests that are converted to integration tests

* revamp replicaset e2e tests

* Update generated files

* Strip tokens from `kubeadm-config` config map

* sort top pod and top node output by namespace/name

* Fix a grammatical problem in a comment

* Add missing short names to kubectl help text

* format some code in dockershim

* Fallback to internal addrs in e2e tests when no external addrs available

* Device Plugin now closes client connexion

* [OpenStack]Add codes to check the count of nodes(members)

* fix duplicate unbind action

* remove repeated type conversion

* RBAC: Add test for create clusterrolebindding

* validate kube-proxy options

* generators: allow +groupName everywhere in doc.go

* add possibility to ignore volume label in dynamic provisioning

* Load kernel modules automatically inside a kube-proxy pod

* RBAC work on PoC

* Update worker actions to use client creds

* Use new kube-control interface

* Update e2e to use new control interface

* Fix ingress and microbot

* Use the updated (RBAC enabled) cdk-addons

* Move ingress to kube-system. Rename enable-rbac to authorization-mode.

* Fix trimmed files comming from leadership

* address code-gen issue https://github.com/kubernetes/code-generator/issues/7

* Return an error if metric cannot be registered

* Add launching Cluster Autoscaler in Kubemark

* Avoid unnecessary gcloud call if test was skipped

* Do not set auto-detect cloud provider as the default in kubelet

* Clean up in `cluster_size_autoscaling.go`

* Return err when delete volume failed

* Add client and server versions to the e2e.test output.

* Remove local PV tests using TestContainerOutput because it doesn\'t wait for unmount

* query --incompatible_comprehension_variables_do_not_leak=false

* move initializer to the generic apiserver

* generated

* Add no-negcache flag to kube-dns

* add ApproximatePodTemplateForObject factory method

* add user-specified ns to --dry-run created obj

* removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin.

* Don\'t skip mounts if we can\'t find the volume

* Fix potential problem when scaling --replicas=0

* Update search string for failed scheduling

* Updates RangeSize func and tests for IPv6.

* Fix a typo.

* Bump GLBC to 0.9.7

* revamp replicaset integration tests

* bump cni vendor to v0.6.0

* Remove build/cni

* not necessary to use disk letter in azure file mount

* Change --etcd-quorum-read default to true

* remove getAvailableDriveLetter func and test

* fix kubemark, juju, and libvirt-coreos README.md (from minion to node)

* Support autoprobing node-security-group for openstack cloud provider

* fix generate-groups.sh

* Make CoreID\'s platform unique

* Enable HorizontalPodAutoscalerUseRESTClients option

* Make unnecessary hpa public funcs private

* code-generator: fix flag check in generate-internal-groups.sh

* Enable API chunking and promote to beta for 1.9

* Fill partial pages on the server rather than forcing client to

* Promote continuation token schema to v1

* Use watch cache when rv=0 even when limit is set

* Avoid intermediate List allocations as items added to the list

* Make feature gates loadable from a map[string]bool

* cleaning node controller from code that ensures backward compatibility for unsupported versions

* Bump kube-dns version used in e2e

* Add no-negcache flag to kube-dns in kubeadm

* wait for pod to be fully deleted

* clarifying CLI output

* Add \'ETCD_DOCKER_REPOSITORY\' environment variable override to \'cluster/\' scripts.

* Fix to prevent downward api change break on older versions

* Append an alpha label to the exclude load balancer annotation.

* Fix typo in StatefulSet e2e test

* GCE kube-down: Delete all remaining firewall rules when KUBE_DELETE_NETWORK is set

* kubectl: Remove swagger 1.2 entirely.

* Make sure we use rwlocks not just RLock

* preserve specified destination path

* Add extra log and node env support.

* move ippart() to util

* consume endpoints IPPart function in util

* fix avset nil issue in azure loadbalancer

* add instrumented serivce unit test of version

* Using assertions

* kubelet/cm: remove unneeded fork of \'cat\'

* Release NodePorts at the end of test cases

* clean up winkernel proxy

* apiextensions-apiserver: stop cacher on CRD update

* apiextensions: create storage with accepted, not spec\'ed names

* The Securty Group name should be unique

* Fix hpa scaling above max replicas w/ scaleUpLimit

* Use gcloud for enabling/disabling autoscaling in e2e tests

* Fix flake for volume detach metrics

* pkg/api: move
*_test.go -> pkg/api/testing

* SimpleNameGenerator: unify to use k8s.io/apiserver/pkg/storage/names

* Work on upgrade path

* update wrong comments

* add tests

* The DBusFakeConnection should have locks to prevent races

* Mulligan: Remove deprecated and experimental fields from KubeletConfiguration

* feature gate local storage allocatable eviction

* fixed tests

* Parse cluster-cidr only if it is specified

* Move 1.5.x changelog entries

* Move 1.7.x changelog entries

* Move 1.9.x changelog entries

* Regenerate CHANGELOG TOCs

* Minior fix on getting subnet mode by gcloud

* Update comments in pkg/kubeapiserver/authenticator/config.go

* Tests to verify volume provisioning on a clustered datastore

* Create new targets for running in existing containers (GCB).

* Reduce log spam in qos container manager

* fix azureDisk warns about disk format failure

* avoid kubelet converts and validates pods multiple times

* Add CHANGELOG-1.8.md for v1.8.1.

* generic webhook: set a default timeout for webhook requests

* Move 1.8.x release notes

* Don\'t exit early in diff.ObjectReflectDiff on slices

* Fix broken url

* support micro time for advanced audit

* run hack/update-all.sh

* Fix incorrect link in kubeadm

* Avoid fetching entire discovery tree when possible

* Try to use bazel to build/push kubemark image

* update cluster printer to enable --show-labels

* Fix errors in cephfs_test.go

* Split downward API e2e test case for pod/host IP into two

* Improve e2e tests of audit logging.

* Clean up unused func checkKnownProxyMode

* Added more unit tests for kube-scheduler.

* remove redundancy code in setCPUCgroupConfig

* Add e2e test case for downward API exposing pod UID

* User separate client for leader election in scheduler

* Mark etcd-quorum-read as deprecated.

* Get rid of pkg/api/util

* Fix incorrect link in api

* generated when exec hack/update-all.sh

* Update CockroachDB tag to v1.1.0

* Don\'t use strokes in the logo SVG

* kubeadm: prepare for v1.9 cycle

* Optimize random string generator to avoid multiple locks & use bitmasking

* kube-dns-anti-affinity: kube-dns never-co-located-in-the-same-node

* kubelet evictions take priority into account

* perform nil check before iterating over keys

* Fix possibly flake in multiattach unit test

* Ensure base image includes the modprobe binary

* Updated hash and version of image debian-hyperkube-base-amd64

* Change name from sourceHost to sourceRequestHost.

* split configmap, downwardapi, and secrets, into two files each volume/non-volume and moved sig labels to front of the description string

* quote valid strings for field validation

* Add IPv6 and negative UT test cases for proxier\'s deleteEndpointConnections

* fix flex installer directory create

* fix print format of rootScoped resourced

* Use regexp instead of specifing uid.

* defer func of kubelet volume testing

* Define pod UID version.

* Tweak kube-schuduler unit test cases.

* refactor NewCmdJoin function

* unused para in quantity_test

* add m1093782566 to pkg/proxy/OWNERS

* remove hairpin constant

* This patch improve kubectl cp command from two aspects A.support soft link better before this patch \"kubectl cp\" command will copy the soft link to destination as an empty regular file after this patch \"kubectl cp\" command will behave the same as tar command this patch improves it on both from container and to container

* add test case for querying rootScoped resources in cli

* fed: Move cluster generator & constants from kubectl to kubefed pkg

* capitalize the first letter

* Volunteer to help with sig/openstack

* Update BUILD file by executing update-bazel.sh

* apiextensions: keep CRD storage for updates outside of spec and accepted names

* apiextensions: fix test loop for CRD validation

* Make sure pkg/controller/service does not depend on cmd/kubeadm/app

* Remove cmd/kubeadm from pkg/controller

* Remove cmd/kubelet dependency from pkg/kubelet/volumemanager

* Remove cmd/kubelet dependency from pkg/kubelet

* Fix license boilerplate

* Drop cmd/gke-certificates-controller from bazel build script

* Add import-boss directives

* Ignore .import-restrictions when checking against generated docs

* Add benchmark for random string generation utility

* kubelet syncPod throws specific events

* decode admission responses into a fresh object

* NewProxierWithNoProxyCIDR: fix handling IPv6 URLs

* kubeadm: add Priority to admission control

* Improve generated proxy URLs for cluster-info

* Make kubemark push a manual target

* Allow kube-proxy using InClusterConfig()

* [GCE kube-up] Don\'t provision kubeconfig file on nodes when kube-proxy run as a DaemonSet

* Do not crash when groupVersion doesn\'t have a group

* Remove the old Kubelet TLS Bootstrapping mode

* kube-dns-anti-affinity: Adjust to match different scheme

* When only one node after predicate, just return it

* Update all binary download references to v0.6.0

* Update debs/rpm packages to use v0.6.0

* Try in-cluster config before using localhost:8080

* add unit test for cloud-controller-manager

* glusterfs service endpoint prefix should be `glusterfs-dynamic-`.

* Warn user if Pod/Service networks will be accessed via proxy.

* Added PreShutdownHooks to the apiserver

* Duplicate a constant - LabelNodeRoleMaster

* Update many misspelled word initializer

* Update rules_go, repo-infra, and rules_docker dependencies

* Use -proto=legacy with gazelle, and manually fix staging/ import paths

* update BUILD files

* PodSecurityPolicy: Do not mutate nil privileged field to false

* PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil

* PodSecurityPolicy: avoid unnecessary mutation of container capabilities

* PodSecurityPolicy: avoid unnecessary mutation of supplemental groups

* PodSecurityPolicy: pass effective capabilities to validation interface

* PodSecurityPolicy: limit validation to provided groups

* PodSecurityPolicy: pass effective selinux options to validate

* PodSecurityPolicy: pass effective runAsNonRoot and runAsUser to user validation interface

* GC: Add check for nil interface

* SecurityContext: Add accessors/mutators for effective container security context

* PodSecurityPolicy: avoid unnecessary securitycontext mutation

* PodSecurityPolicy: Order by name, prefer non-mutating policies, require
*api.Pod, allow GC updates

* clean up pkg/apis/meta/v1/time.go

* update Godeps grpc to pick up data race fix

* Add sample-apiserver namespace manifest

* Always retry network connection error in webhook

* Auto-calculate master disksize and cluster IP range in kubemark

* Make EVENT_PD variable useful for kubemark

* enable scale from 0 test in GKE

* Make test case description more accurate.

* Added PreShutdownHook functions for endpoint reconcilers

* Verify the bootstrap client cert before using it

* An expired certificate is not compatible

* Delete the private key for the bootstrap client cert on failure

* If CSR is deleted, exit immediately

* Collapse duplicate code into pkg/util/csr

* Kubelet should exit if the current client cert has expired

* cache.ListWatchUntil should return err.ErrWaitTimeout

* Have the certificate manager decide if the server is healthy

* Fix expected result in Custom Metrics - Stackdriver Adapter e2e test

* update-bazel.sh: fix on Mac

* build/common.sh: silence kube::build::has_ip on Mac

* add proxy metrics in app level

* Move pkg/kubelet/util/csr into client-go

* Fixed the lease endpoint reconciler creation of kubernetes endpoint and lease file ttl

* Upgrade to go1.9

* Update bazelbuild/rules_go to support go1.9

* add deads to admission owners

* RBAC for Calico Typha Horizontal Autoscaler

* E2E test cases for Invalid user inputs - disksize, datastore, fstype

* Move kubectl type conversion libs out of the resource & util package and into the conversion command.

* add replicaset upgrade test

* Fix unmatched bold marker in ISSUE_TEMLATE.md

* refactor pd.go for future tests

* review comments: some refactoring in testPDPod() and simplified Logf()

* Adding vishh as an Owner for hack directory

* start generating rbac serialization for v1

* allow
*/subresource in rbac policy rules

* Extract gnu-sed detection into a function

* Change scheduler to skip pod with only annotations updates

* Add named port ingress test.

* review: condense 2 more Its into 1

* Add check-network-mode to support both new and deprecated network mode fields

* Delete redundant parameter flag

* Fix admission webhook test failure in go1.9

* validate ipvs scheduler

* fix CI error for session affinity

* review: condense 2 Contexts into 1

* Add extra information in status functions in CRI.

* Since replenishmentControllers was generated by ctx.InformerFactory, remove \"replenishmentControllers []cache.Controller\" which is never used.

* Remove Sprintf when there are no placeholders in the formatting.

* kubelet falls back to parse generic version string if not semver

* Increase l7-lb-controller\'s memory check threshold in density test

* add windows implementation of GetMountRefs

* Fix typo in function name.

* admission_test.go: remove unused createNamespaceForTest() and createSAForTest() functions.

* add TestStatus to instrumented_services_test

* Fix lint warnings for useless err checks.

* [Kubectl]Fix example and annotation in convert

* staging README: update code-generator to published

* Do not remove kubelet labels during startup

* add unit tests in /pkg/api/v1helper

* Provide aggregated validation errors for version and kind

* Make scheduler integration test faster

* Add a file store utility package in kubelet

* Change dockershim to use the common store package

* Update bazel file

* Remove repeated random string generations in scheduler volume predicate

* review: improve disruptive node tests

* Addressing review comments

* Add GCE_GLBC_IMAGE to allow override glbc image

* Increase waiting time (120s) for docker startup in health-monitor.sh

* Introduce GCE-specific addon directory

* Remove dangling shell functions

* Ensure network policy conversion round trips nil from field

* correct the kubeDeps.Cloud

* kubelet: remove the --network-plugin-dir flag

* Remove dependency on internal types from pkg/kubectl/resource.

* fix the bad code comment in scheduler package

* fix bug

* fix PV Recycle issue when running on multi-arch

* Create new unit tests for version and kind validation

* Fixing a glog message to not print managed zones when it is empty

* fix build vendor

* Fix typo in comment.

* Update generated code.

* Move global scheme to pkg/api/legacyscheme

* More generated files.

* Bump cluster autoscaler to 1.0.1-beta1

* Add pod related conformance annotations

* Updated cluster/addons readme to match and point to docs

* pkg/api/legacyscheme: fixup imports

* Update bazel

* Enable metadata concealment for tests

* Switch to v1.List instead of allowing the conversion fn to be provided.

* Move --enable-cusom-metrics to KubeletFlags and mark it deprecated

* Create api-{approvers,reviewers} alias

* Ignore OWNERS files in hack/verify-api-reference-docs.sh

* add nested encoder and decoder to admission config

* allow fail close webhook admission

* update .dockercfg content to config.json

* Fix loss of selector during RC/RS conversion.

* Fix loss of MinReadySeconds on RC/RS conversion.

* Fix loss of Conditions during RC/RS conversion.

* Fix LastTransitionTime for NamesAccepted condition

* Remove redundant staging/src/k8s.io/api/core/OWNERS

* Add fuzz test for RC/RS conversion.

* Revert \"kube-dns-anti-affinity: kube-dns never-co-located-in-the-same-node\"

* split up large rest handling file

* add ingress conformance test for NEG

* add e2e test for switching ingress mode between NEG and IG

* Restrict Azure NSG rules to allow external access only to load balancer IP

* exit with correct exit code on plugin failure

* Add sample CustomResourceDefinition controller

* bazel cleanup: remove --incompatible workaround flags

* Fix retry logic in service controller

* Fix dockershim panic when listing images

* adding e2e test for statefulsets for vsphere cloud provider

* Fixing usage of clustered datastore to be absolute datastore

* add event broadcaster logging for all contoller managers

* Versioned busybox docker image

* use multi-arch busybox for e2e

* pass stop channel to route-controller main goroutine

* Pass zone name instead of zone url to GCE API to update NIC setting for alias range.

* Revert pkg/cloudprovider/providers/gce/BUILD made by GoSublime, which is irrelevant to the fix.

* Fix typos: replace SECONDARY-RANGE-NAME with SECONDARY_RANGE_NAME.

* add ProxyModeIPVS in proxy mode validation

* eviction/detach test

* delete NONE and N/A

* fix error message of custrom resource validation

* kubeadm/cmdutil.go: minor improvements

* Update CHANGELOG-1.7.md for v1.7.9.

* add url path for admission webhooks

* generated

* Speed up volume tests by reducing pod grace period

* Fixes spam from node status updates

* Adding config option to add additional SANs to the master\'s certificate. Regenerate certificate if data on certificate changes. This includes IP address and SANs. Restart API server after updating certificate.

* update admission webhook to accept client config

* Add timothysc to test approvers

* actually check for a live discovery endpoint before aggregating

* update resource selector - kubectl drain

* minor test fixes; update test-cmd tests to match updated resource selector behavior

* Add link to k8s.io/sample-controller

* [client-go] avoid Registry in fake REST client

* [client-go] fake discovery returns server groups

* [client-go] Polymorphic Scale Client

* Fuzz label selectors

* Update extensions fuzzer to use selector fuzzer

* update readme about strategic-merge-patch

* fix dl.k8s.io

* Make HPA controller use polymorphic scale client

* [make-rules] test grep should treat binary as text

* [client-go] Add fake scale client

* Make AllocateResponse artifacts global across all devices per container in device plugin API

* bump device plugin version to v1alpha2 to reflect the change to AllocateResponce API

* Disabling k8s.io/kubernetes/pkg/kubelet/cm TestPodContainerDeviceAllocation due to #54100

* Fix `kubeadm upgrade plan` for offline operation

* default admission hook failure safely

* Skip ILB e2e test on GCP if cluster size exceeds limit

* Use RFC1918 addresses in tests

* Update CHANGELOG-1.7.md for v1.7.9.

* revamp deployment upgrade test

* Kubeadm should check for bridge-nf-call-ip6tables

* Use GetByKey() in typeLister_NonNamespacedGet

* Directly using std{in,out} for test helper subproc

* Regenerate code with hack/update-codegen.sh

* cleaning newNodeController from unsupported kubelet version

* Unit tests for Azure service session affinity

* Use PROVIDER_VARS

* restore staging api owners

* Run hack/update-bazel.sh

* Allow absent Weight if PrioritizeVerb is empty

* Address comments, fix lint failures, and bazel complaints

* Aggregator test uses framework namespace.

* added BUILD; review comments

* Fixing spacing issue

* fix bug in OnError() of apimachinery

* doTestPlugin func delete volumePath in nfsvolume

* unnecessary functions cleanup for deviceplugin

* Check the count of cloud node for LoadBalancer service

* fix some small errors in \'kubectl set\' series command

* fix Federation: Google Cloud DNS provider does not handle missing domains correctly

* generate bazel

* Implement InstanceExistsByProviderID() for cloud providers

* fix issue(51245)kubectl printObj should not print header when occur error

* Abstract contains func to common place

* Remove redundant code of checking path

* Cluster Autoscaler 1.0.1

* Change config.changed to config.changed.extra_sans so we only try to update certificates when the SAN entries change

* Update openapi to use kube-openapi code

* Update bootstrap policy with replicaset/daemonset permissions in the apps API group

* addons/dns: changing probes for SRV record type

* Fix kube-proxy panic on cleanup

* Add conformance annotations for expansion and service tests

* Use public ClientSet and update to CoreV1 and NetworkingV1 apis.

* update linker libraries now that we reference networkingv1

* Add a notice for node e2e config files

* Fix scheduler permission to patch pods

* Ensure port on resolved service host

* bump debian-hyperkube-base to 0.5 since CNI gets bumped

* remove hard code of session affinity timeout in win-proxy

* Add PodDisruptionBudget to scheduler cache.

* Autogenerated files

* Log error when a healthz check fails

* Add service latency and secret related conformance annotations

* Remove redundant call to StartLogging in service_controller. Fixes #54339

* Improve \'kubectl completion` to override short flags

* sample-controller: add usage instructions to README

* [addon/storage-class] update storageclass groupversion in storage-class

* [cluster/centos] fix https

* [images/hyperkube]add kube-aggerator link

* Delete unused yaml files

* Better error check for kubectl cluster-info

* Add some indent in CHANGELOG-1.7

* Fix detach metric flake by not using exact equals

* let the caller log error message

* migrate resource related files to sig scheduling

* Delete redundant err check

* correct the error info when resourceName equals to hugepage

* missing the format string

* [OpenStack]Remove the LbaasV1 of OpenStack cloud provider

* Update gophercloud: cleanup lbaas v1

* Move fluentd-gcp out of host network

* Make OpenStack LBaaS v2 Provider configurable

* Add README and LICENSE to staging repos

* Revert \"update gRPC to pick up data race fix\"

* Volunteer to be reviewer of NodeController.

* Volunteer to be reviewer of DaemonSet

* Fix etcd hostnames

* Use CIDR-aware proxy resolver for SPDY RoundTripper

* Fix a grammatical problem in a comment

* change alpha-endpoint-reconciler-type to endpoint-reconciler-type

* E2E stress test for vSphere Cloud Provider Volume lifecycle operations addressed jeffvance\'s review comments

* update admission webhook to handle multiple auth domains

* add kubectl create --raw -f

* Garbage collector e2e can create too many pods for cluster

* Implement `kubectl alpha diff` to diff resources

* Move runtime-related flags from KubeletConfiguration to KubeletFlags

* Add conformance annotations for proxy and scheduler predicate tests

* Missed approvers for controller/service

* certs: remove always nil error from New signature

* adding E2E test to verify workflow for deleting PVC when PVC is in use

* Adds support for v4/v6 loopback dns bind address.

* Refactor RBD volume

* Refactor RBD volume (Generated files)

* Fix govet in pkg/kubectl/apply

* Modify serve-hostname image to handle graceful termination

* Update kube-dns 1.14.7

* Add comments to explain difference between req.URL.Host and req.Host.

* Add documentation for alpha diff

* add e2e test for syncing endpoints to NEG

* add manifest for NEG e2e test

* add e2e test for rolling update backend with NEG

* Adding unit tests to methods of file\'s util

* Removed compatibality code for kubelet 1.2.

* Combine deployment rollback e2e tests

* Move deployment e2e test for rollback with no revision to integration

* [cluster/log-dump] bump daemonset version

* fix review comments

* [examples.storage/minio] update deploy config version

* apply/strategy: Improve test performance

* implement dummy device operation by netlink

* Move deployment e2e test for hash label adoption to integration

* RBD Plugin: rbdStatus only check output of successful `rbd status` run

* migrate ip cmd to netlink

* update scheduler to use schedulerName selector

* remove redendancy code for cni

* error log message in buildCNIRuntimeConf

* Amend the error messages in install_test.go

* Delete maxNumPVs and maxNumPVCs const of persistent_volume.go

* a typo in dockershim.cm.containerManager.doWork

* Update openapi bazel build to support vendored build

* Fix NPE in time.Equal method

* Deprecate the SSH Tunneling functionality in API Server

* service_controller: Include service key in error messages

* gce_loadbalancer_external: Critical path logging cleanup

* Set \"--kubelet-preferred-address-types\" if ssh tunnel is not used. In additional don\'t advertise external address.

* remove mutual exclusivity check - local, unstructured builder attrs

* Fix hyperkube kubelet --experimental-dockershim

* Update CHANGELOG-1.8.md for v1.8.2.

* Move device plugin related files under pkg/kubelet/cm/deviceplugin/.

* Device plugin code refactoring to cope with file move.

* Deprecate using cloud provider to set host address feature

* Change type of scheduling queue from cache.FIFO to a new interface

* Autogenerated files

* client-go: Update CRUD example

* client-go: use retry util in CRUD example

* client-go: fix err scope in CRUD example

* Added functionality to replace default kube-dns deployment with a GKE specific one

* Move podDevices code into a separate file.

* local up cluster in ipvs mode by add env \'KUBEPROXY_MODE=ipvs\'

* audit backend run before http server start and register presShutdown hook

* Fix nil pointer panic in service LB e2e tests

* add scheduling.k8s.io to apiVersionPriorities

* fix#50150: azure disk mount failure on coreos

* fix newline in raw string in e2e net perf case

* Added unit test cases for the public methods of pkg/util/taints.go

* change default kind value of azure disk pv

* Add conformance annotations for projected volume tests

* Address lint errors

* delete the hostport from usedmap

* Delete the parentheses in volumes.go

* RBD Plugin: Prepare to implement Attacher/Detacher interfaces.

* in persistent_volumes-local.go has the parentheses of var define

* RBD Plugin: Implement Attacher/Detacher interfaces.

* RBD Plugin: Remove deviceMountPath before return on error Attach.MountDevice.

* Enhanced the network policy describer

* updating-bazel with pkg/apis/networking

* RBD Plugin: No need to acquire advisory lock any more! With central attachdetach controller, we don\'t need to lock the image any more. But for backward compatibility, we should:

* hack: rename verify-{staging- -> }imports.sh

* importverifier: fix isPathUnder for base == path

* update the wrong format of string TargetPort

* Remove kubectl create namespace dependencies on kubernetes/pkg/api

* Update kubectl drain command to use policy V1Beta1 instead of unversioned API

* import-verifier: use yaml for inline comments

* Fix kubeadm e2e CI build

* Volunteer to help review examples

* Address more comments

* fix incorrect log

* sample-apiserver: add docs

* Update CHANGELOG-1.6.md for v1.6.12.

* ScaleIO - API source code update

* ScaleIO - Generated files

* Update fluentd-gcp DaemonSet

* Move hardcoded constants to the beginning of the script.

* Add probe, pre_stop, and networking related container annotations.

* Add Windows support to the system verification check

* fix #54499. Removed containers are not waiting

* Add go flags to go-to-protobuf

* cmd/kubeadm/app/util/apiclient: fix swallowed errors

* Optimize Repeated registration of AlgorithmProvider when ApplyFeatureGates Add InsertPredicateKeyToAlgorithmProviderMap() and RemovePredicateKeyFromAlgorithmProviderMap() to insert/remove fit predicate key of all algorithmProviders which in algorithmProviderMap Add Func RemovePredicateKeyFromAlgoProvider() AND InsertPredicateKeyToAlgoProvider() which can insert/remove fit predicate key to specific algorithmProvider

* Adding unit tests to methods of netsh

* Adding unit tests to methods of \'plugin/pkg/scheduler/algorithm/priorities/util\'

* check for illegal container state transition

* move getMaxVols function to predicates.go and change the params of NewMaxPDVolumeCountPredicate funcs

* remove the clean entirely and defer func format

* Update vendored kube-openapi to latest

* Update kazel hash to latest

* fix azure pv crash due to readOnly nil

* add HA gate and minVersion validation

* fix issue(#52994)kubectl set resource can not update multi resource in local

* Fix incorrect parameter tip

* migrate cluster dns test to sig network

* merge func list and listwatch into one

* Update invalid TOC anchor of 1.4 CHANGELOG

* Update invalid TOC anchor of 1.6 CHANGELOG

* enable webhook admission in local up cluster

* move webhook admission to generic apiserver

* make printing deterministic

* Fix log collection for kubeadm-gce tests

* Add node e2e tests for pulling images from credential providers

* fix a syntax error in a comment

* Bump version of prometheus-to-sd to 0.2.2.

* Updates kube-dns in kubeadm to 1.14.7

* Add bsalamat to milestone maintainers

* Added Cpu Manager file state

* State file test fixes

* Added service annotation for AWS ELB SSL policy

* Update volume OWNERS to reflect active sig-storage reviewers

* reorganize rbac addon dir into subdirectories

* don\'t add kubelet legacy binding if we aren\'t registering the master kubelet

* Remove ./federation path

* Remove all traces of federation

* Add openssh-client to the debian-hyperkube-base image

* Better error messages and logging while registering device plugins.

* Remove unused pods in genericScheduler

* Add unit test for get pod -o wide

* update rbac apiversion

* remove +linux restriction in ipvs/fake

* Add fake remote runtime service

* use core client with explicit version globally

* remove redundant code

* kubeadm-doc

* generated-doc-placeholders

* fix netsh checkIPExists in Chinese

* e2e-node:the value of bestEffortCgroup is wrong

* Don\'t cache exec and mounter in RBD volume plugin

* Remove iptables log on restore failure

* examples/podsecuritypolicy/rbac: fix names in comments and sync with examples repository.

* Update core quota framework

* Update quota controller to monitor all types

* Update admission control framework for quota

* Update e2e and integration tests

* Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm

* Prevent successful containers from restarting with OnFailure restart policy

* remove the nesting directory webhook/webhook

* Updating NewCIDRSet return value

* Remove unneeded deps

* convert testFailedDeployment e2e test to integration test

* godep update

* Don\'t log error in getInstanceFromProjectInZoneByName

* Support api chunking in kubectl get

* create an instance of registry and scheme for kubectl

* Add framework.ConformanceIt as the new way to declare conformance tests.

* Add conformance test regression test.

* update-bazel

* Add a e2e test for the admission webhook

* webhook source code

* update bazel

* Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false

* Metadata concealment e2e

* Update AWS SDK to 1.12.7

* kubectl apply does not send empty patch request

* switch some commands to use its own scheme

* print priority and priorityClassName when describe pod

* update wrong group for priorityclasses

* clean up ipvs proxy startup in local-up.sh

* Update PR template

* update ipvs proxy readme

* wqFlag gate node exclusion for service load balancers.

* Specify correct subresource discovery info

* Use GVK from storage in API registration

* Test scale subresource discovery

* audit backend run shutdown gracefully after http handler finish

* Make HugePages const name consistent.

* Add generated files

* Fix the DNS addon bind address

* Remove Google Cloud KMS integration for encryption-at-rest.

* Fix TestCRD Flake

* Validate that PersistentVolumeSource is not changed during PV Update.

* Remove Google cloudkms dependency.

* Added comments & examples/tests to kubectl env package

* if judgement always true in e2e

* Make github hide generated files in diffs

* fix import warning

* apiserver: return 4xx for invalid patch

* Add CRI log format support in fluentd.

* Revert \"audit backend run shutdown gracefully after http handler finish\"

* kubenet: yield lock while executing CNI plugin.

* admission: unify plugin constructors

* make iptables wait flag generic; increase the max wait time from 2 seconds to 5 seconds

* Review updates

* Fix and update comment with api.Scheme

* Remove all api.Scheme references by using explicit package aliases

* Change bucket info of volume operations

* remove created-by annotation

* cluster: build gci mounter like other go binaries

* diff: Propragate errors when diffing

* Do not clobber KUBERNETES_PROVIDER - fix kubeadm/gce log collection

* Inline completions

* Added a test for proper `%s` handling when display last applied configuration

* Validate apps/v1 DaemonSet selector immutable on updates

* Lift embedded structure out of ManifestURLHeader field

* Add downward api and docker container conformance annotations

* update cadvisor godeps to v0.27.2

* Add explain for preempt sunction.

* Improve kubectl error messages

* fix TODO one of min-available/max-available must be specified when create pdb

* Remove azure-sdk-for-go workaround that is no longer needed

* Move get into its own package

* fix IPV6 judgement bug and add UTs

* debug e2e fail cases

* Add sig-storage prefix for common e2e tests

* optimize-intergration-test-rc

* support kube-proxy ipvs mode for kubeadm

* Update conformance testdata for storage test

* Move printing the valid resource types to a function

* add test for pdb

* remove dependency from service generator

* Add test case for validateClientConnectionConfiguration.

* Add test case for validateHostPort.

* remove dependency from top command

* remove dependency from kubectl/metricsutil

* Add test case for validateIPVSSchedulerMethod.

* improve setting cgroupparent

* Adjust resources for Metrics Server

* Rename Detach() parameter.

* Describe IPBlock for NetworkPolicyIngressRule.

* Allow HPA to get custom metrics

* Describe NetworkPolicyEgressRule.

* Add test case for NetworkPolicyEgressRule.

* fix a grammatical problem in a comment

* fix testSupport in downwardapi_test

* add apply --force --overwrite deployment lables e2e test enhance

* Update `truncateBody` to not truncate with high level

* ClusterAutoscaler 1.0.2-beta2

* Initial integration test setup for DaemonSet controller

* trigger endpoint update on pod deletion

* convert testOverlappingDeployment e2e test to integration test

* Fix hook failure in kubernetes-worker charm due to iptables conflict

* DaemonSet e2e should wait for history creation

* Fix one line, remove fprintf

* Remove spaces

* Fix a bug checking DaemonSet pods are updated in e2e test

* Remove docker dep in kubelet startup

* Update the get command to follow more conventions

* Rev Azure SDK to v11.1.1

* Error for missing context is no longer altered

* Allow extra volumes to be defined

* Update storageclass version to v1 in examples

* migrate network_partition to sig apps

* update autogen BUILD files

* Improve cronjob concurrency policy doc

* switch convert to use pkg/api/legacyscheme

* validation to GPU and hugepages

* Describe PolicyTypes for Network Policy.

* add test for convert

* rename metric reflector_xx_last_resource_version to reflector_last_resource_version{name=\"xx\"}

* fix panic in kubelet

* Fix kubectl Pod Disruption Budget V2 max-unavailable parameter

* kubectl Pod Disruption Budget V1 min-available parameter is not required

* kubectl Pod Disruption Budget V2 selector parameter is required

* Fix kubectl Pod Disruption Budget assertion error messages

* Remove kubectl Pod Disruption Budget V2 deprecated min-available default

* fix kubelet startup args

* Add kubectl Pod Disruption Budget tests

* Print type representation on errors when checking parameter types

* kube-proxy IPVS: Fix IPVS availability check

* Split unstructured.go into several parts

* Useful helper functions for Unstructured

* Add selfHosted etcd API

* Add generated files

* Add metrics.UnregisterMetricAndUntrackRateLimiterUsage function

* Check RegisterMetricAndTrackRateLimiterUsage error when starting controllers

* Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle.

* Fix error for strategic merge patch of custom resources

* Removes \'rwx\' permissions for global users

* Add unit test coverage for network policy validation.

* Kubeadm - Added initial support for Windows worker nodes to join cluster using kubeadm

* Allow override of cluster level (default, whitelist) tolerations by namespace level empty (default, whitelist) tolerations.

* Adding extra_sans option to load balancer to allow custom SAN entries on the certificate Adding support for restarting nginx on the load balancer Added better support for knowing when certificates are written. This helps the master restart the apiserver appropriately.

* Add dns, configmap, and custom resource definition conformance annotations.

* Optimize the suboptimal image locality algorithm

* Fixing indent

* Small refactorings for kubectl/apply merge packages

* kubectl apply parse libraries copy extensions to references and list elements

* pkg/controller/deployment: unit tests for syncRolloutStatus

* pkg/controller/deployment: syncRolloutStatus additional unit test case

* Inventory of kubectl dependency on main repository

* set leveled logging (v=4) for \'updating container\' message

* Add GCP addon PodSecurityPolicies & Bindings

* GCP PodSecurityPolicy configuration

* Remove dependency on drv_cfg binary for querying scalio devices

* Changing the way we clear the certificate written flag to use a helper function in the tls layer.

* Upgrade go-autorest to 9.1.0

* Update CHANGELOG-1.9.md for v1.9.0-alpha.2.

* Don\'t hide proto files

* PodSecurityPolicy E2E tests

* refactor replicaset sync call tree

* add admission handler for device resources allocation

* update unit test for plugin resources allocation reinforcement

* cmd: genutils: remove golint_failure entry

* Update vendored package heredoc

* Update Godeps LICENSES

* clean up legacy ipv4/32 in ipvs proxy

* Check dup NodePort with protocols when update services

* Add unit test for checking dup NodePort with protocols

* Add e2e test for checking dup NodePort with protocols

* Add containerd e2e.

* Improve deleteOptions doc

* Improve deleteOptions doc (generated)

* [test/e2e_node]Redirect dl.k8s.io to the kubernetes-release GCS bucket

* update readme in ipvs proxy

* When cert dir is relative, cert rotation builds incorrect symlinks

* [cli] exit when Validate() return an error

* add wiring for validating admission

* admission: { -> Mutating}Admit(admission.Attributes)

* admission: split MutationInterface out of Interface

* admission: complete plumbing of validation admission

* admission: wire create+update validation func into kube registries

* admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e}

* Update bazel

* Fix kubectl autoscale help message

* Update translations

* should check and return err when visit failure

* Reduce metadata-proxy cpu requests to 30m

* kubeadm: reset: use crictl to reset containers

* Explicitly set route_localnet on nodes & masters.

* conversion-gen: cut off kube dependencies in extra-peer-dirs

* Update kube-openapi to use validation

* Add empty dir and host related conformance annotations

* Support retainkeys strategy in new apply merge code

* Only parse ClusterCIDR, ServiceCIDR if AllocateNodeCIDRs

* Disable the grace termination period for the calico/node pod

* Node autoprovisioning e2e test.

* Check for available volume before attach/delete in EBS

* remove empty creationTimestamp field

* StopPodSandbox should not log when container is already removed

* Remove redundant comment and improve documentation.

* Enable DevicePlugins feature on GCE clusters with accelerators attached.

* Add node label to GCE nodes with accelerators attached.

* Run nvidia-gpu device-plugin daemonset as an addon on GCE nodes that have nvidia GPUs attached.

* cleanup kubectl/resource tests dependency

* [e2e] make sure to specify APIVersion in HPA tests

* Promotes the StatefulSet, ControllerRevision, Deployment, and ReplicaSet kinds to the apps/v1 group version.

* Integration test keeps marking pods ready until deployment is complete

* Wait for markPodsReady goroutine to finish

* Add integration test for deployment rolling update, rollback, rollover

* Fix calico network policy for opensource.

* discovery client not depend on pkg/api/legacyscheme

* kubelet: dockershim: remove orphaned checkpoint files

* Fix go-autorest dependency in client-go staging

* Sandbox Support for Windows + CNI

* fix kube-proxy mode

* [client-go] Add apps.Scale support to Scale client

* Update deletionTimestamp with information about finalizer effect

* remove duplicate healthz check register

* Fix wrong format and output.

* kubectl/config/rename: fix wording

* haveSame is suboptimal, fix it as well as the name

* Remove version check in kubectl e2e test.

* Nods which is not present not need updateAddress

* refactor admission handler and add UT

* Don\'t need to check version for auth e2e test

* Auto generated BUILD file

* Add more comments for HandlerImpl struct

* Add scale down to 1 e2e test.

* make easy validation admission plugins into validators

* Fix a typo.

* fix exported method run\'s comment

* Remove check for SubResourcePodProxyVersion and SubResourceServiceAndNodeProxyVersion

* Remove TPR remnants

* generated files: remove tpr

* remove generated files with tpr

* remove tpr from test_owners.csv

* Remove version check for kubectl portfoward.

* Auto generated BUILD file

* Clarify what each \"version\" means.

* autogenerated code

* gets the correct version of kubernetes client for DaemonSet and StatefulSet History and Rollback and updates test-cmd for new versions

* Add prometheus-to-sd-exporter to metadata-proxy addon; bump to proxy to v0.1.4 and e2e to v0.0.2; remove configmag

* Close the file before renaming in FileStore

* Adds Support for Configurable Kubeadm Probes.

* New master takes over

* move the GenericAdmissionWebhook plugin to be after ResourceQuota to avoid charge quota prematurely

* Update CHANGELOG-1.7.md for v1.7.10.

* refactor authorizer to return a tristate decision

* move authorizers over to new interface

* modify the union authorizer to return on the first Approve or Deny and to continue on Unknown

* add deny to SAR API

* autogenerated

* Removing flush_auth_for_departed

* The cp command must call Close() on files, and does not pass on Mac

* Container manager has a bad fake interface

* Tmpdir can be a symlink, also fake mount needs to call nested mounter

* vendor update: github.com/golang/protobuf

* move KubeProxyConfiguration out of componentconfig API group

* auto generated files

* Use const GroupName instead of hard-code.

* Use global Scheme for API group.

* NewOptions doesn\'t need to return error in signature.

* Rename kubeproxy config pkg and group.

* Use \"kubeproxy.config.k8s.io\" as final group name.

* Add limitrange e2e test for LocalStorageCapacityIsolation feature

* Add resource quota e2e test for LocalStorageCapacityIsolation feature

* Add downward_api e2e test for LocalStorageCapacityIsolation feature

* update staging files

* Clean up redundant DNS related kubelet codes

* Hide openapi-spec in diffs

* [trival]remove duplicated code from unit test

* remove dynamic client

* typed client: add tags and script for code generation

* typed client: add generated files

* update apiextensions-apiserver godeps

* fix scheduler predicates test that may violate DNS label rules

* Stop using the PersistentVolumeLabel admission controller in v1.9

* remove the wrongly checked in binary

* Add support for configmap resource lock type to CCM

* stop timer

* kubeadm mount path \'/lib/modules\'

* add namespace parameters on command

* implement SafeWaitGroup without race issue

* rename selector to labelSelector

* add fieldSelector for kubectl get

* Don\'t share nodePort service in session affinity tests

* Switch field types to PodSelector and NamespaceSelector

* remove unused function in keymutex_test.go file modified: pkg/util/keymutex/keymutex_test.go

* add tests

* code-gen: allow overlapping prefixes in GroupNames

* code-gen: add example2 type to test +groupGoName

* apiserver: remove scheme arg from NewUnsecuredEtcd3TestClientServer

* Cluster Autoscaler 1.0.2

* Update generated code

* tolerate discovery errors in the restmapper

* kubeadm: don\'t create duplicate volume/mount

* Retry pod listing call in load test if possible instead of failing

* split some admission plugins into mutation and validation halves

* apiserver: fix Cacher.Stop() race

* Fix divide by zero issue in calculating spread priority for zones

* audit policy: reject audit policy files without apiVersion and kind

* CHANGELOG: loosen language around audit policy file kind and apiVersion

* apiserver: protect registry cleanup against concurrent access

* Set the NON_MASQUERADE_CIDR to 0/0 by default in GCE/GKE which disables masquerade rules setup by the kubelet. Add masquerade rules based on NON_MASQUERADE_CIDR being set to 0/0.

* Fixing \'targetport\' to service \'port\' mapping

* Fix GoFmt error

* Add hook information when rejecting a request

* Added logic for custom kube proxy yaml for GKE

* Make selector immutable the default behavior, except for legacy versions

* Adding an e2e test for gce multi cluster ingress

* Add extra-args configs for scheduler and controller-manager

* Add named port egress test

* Add windows kernel mode kubeproxy reviewers

* partial fix crd patch failing

* delete if-else branch

* Make CRI logs parsing to a library

* Run hack/update-bazel.sh

* migration pod relevant e2e tests to sig node

* update autogen BUILD files

* fix kubeproxy in hack/local-up-cluster.sh

* fix panic bug

* Use \"==\" instead of DeepEqual for simple structs comparing.

* Return error instead of crashing apiserver when updating services with duplicate nodeports

* Work around heapster panic.

* use versiond group clients from client-go

* add create subcommand for priorityclass

* Raise log level to avoid log spam

* fix lint errors in kubeproxyconfig types.

* Checking Cinder disk when tickers are delivered

* Adds e2e tests for Node Autoprovisioning: - shouldn\'t add new node group if not needed - shouldn\'t scale up if cores limit too low, should scale up after limit is changed

* try ipset in ipvs proxy mode

* remove unused constant

* code-generators: remove distinction of 1st and 2nd comment block for tags

* Support copying options in resolv.conf into pod sandbox when dnsPolicy is Default

* Fix `kubeadm init --token-ttl=0`/config `tokenTTL: \"0\"`.

* kubeadm: remove priority admission controller for v1.9

* Add some error handling in place of ilusory one.

* Update generated files

* Refactor scheduler config API

* Adds e2e tests for Node Autoprovisioning: - should create new node if there is no node for node selector

* Make ReconcileOptions reusable

* Add the iptables wait flag change to more places

* fixup: remove useless errexit setting

* kubenet: disable DAD in the container.

* update podtolerations admission to mutate and validate separately

* split serviceaccount admission into mutation and validation

* adding coredns as a featuregate

* Fix namespace support in kubectl aging plugin

* Re-allow 0 for kube-proxy conntrack settings

* Update bazel

* Clarify DefaultAddCapabilities behavior

* generated code

* Tolerate partial discovery in garbage collector

* Skip ESIPP [Slow] suite of networking tests for huge clusters

* Deduplicate RC/RS controller code.

* Add enisoc to RC/RS OWNERS.

* Add ReplicationController integration tests.

* RC/RS dedup: Add protection against future RS versions.

* GCE: provide an option to disable docker\'s live-restore

* Dockershim: print docker info output at startup

* vSphere scale tests

* Fix \'Schedulercache is corrupted\' error

* proxy: cleanup old build file

* Stop running unit tests outside of Bazel.

* Adding documentation on using domains and / in taint/label keys; Also clarified both key and value to labels can be 63 characters long

* remove redundant code in admission initializer

* Test to verify volume attach status after master kubelet restart

* refactor builder in kubectl factory

* Use go native func after upgrading to go1.9

* Add conditions to DaemonSet API

* Autogen

* Bump minimum supported go version to 1.9.1

* [trivil] fix comment in kube-scheduler

* enable webhook admission in local up cluster

* Add shyamjvs to test/OWNERS

* Remove the comparison of ReadyReplicas to zero.

* Conditionally mount flexvolume

* Remove backfile-kubeletauth-certs from gce upgrade

* Replace some occurances of kubernetes internal api types in kubectl

* Refactor Priority Reduce functions

* Fix GKE failure, set default in configure.sh.

* Add extra-args configs to kubernetes-worker charm

* reflector: exit retry loop on closed stopCh

* apiserver: add validating admission tests

* Update CHANGELOG-1.8.md for v1.8.3.

* kubeadm: Extended KubeletVersionCheck

* Fix data race in TestCRD

* Remove hack for CLUSTER_IP_RANGE in e2e framework no longer needed

* certificate manager: reduce max backoff from 128s to 32s

* update apps/v1 types.go comments for controller spec selector

* update auto-gen code

* update the inconsistent description of TopologyKey in PodAffinityTerm

* removed unused defaultClientConfigForVersion() functions from cmd_test.go.

* Should return when claim.Spec.VolumeName is null

* Fixes service controller update race condition

* generated files

* update ipvs readme file

* Fix typo and progress messages.

* Use const instead of hard-code for kubeadm usages

* Refactor HistoryViewerFor to use Visitor design pattern

* Symbol links of key and cert are no longer used.

* move InitStorageAccount into azure disk provision func

* openstack: fetch volume path from metadata service

* kubeadm: use the CRI for preflights checks

* Use volumeutil.LoadPodFromFile for pod spec

* Move core api to pkg/apis/core

* pkg/apis/core: fixup package names

* pkg/apis/core: fix code generation

* pkg/apis/core: fixup conversion func names in dependencies

* pkg/apis/core: mechanical import fixes in dependencies

* pkg/apis/core: restrict imports

* Update generated files

* Delete network by default in kube-down unless using default network

* Refactoring of priority function(CaculateSpreadPriority) by using map/reduce pattern

* compute pod selectors in priority meta data producer

* Make swap check as an error

* code-generator: move kube group list out of client-gen

* admission: split PodSecurityPolicy into mutating and validating part

* resync status on apiservices for aggregator

* code-generator: add NewFilteredSharedInformerFactory function

* run hack/update-codegen.sh

* run hack/update-bazel.sh

* Add performance test phase timing export.

* Update configure-helper.sh

* Switch to autoscaling.Scale internally

* generated files

* Enable scale subresources for apps/v1

* Generated files

* E2E Performance test to print latency numbers for vsphere volume lifecycle operations

* updated elasticsearch and kibana version to version 5.6.4

* Rename ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration

* Update generated files

* Disable service e2e on type and port change for huge clusters

* kubadm/cmd: wording and punctuation fixes

* move cmd/util/printing.go#PrintResourceInfoForCommand -> factory_builder.go

* Added conditions to statefulset

* Autogenerated

* Rearrange kubelet networking codes

* Add MutatingWebhookConfiguration type

* Update generated files for MutatingWebhookConfiguration

* Add apelisse to OWNERS

* Add sig storage label to multizone static PV test

* Capture git export-subst strings in version.sh for \'git archive\' use.

* Add several validation to persistentvolume

* Revert \"Validate if service has duplicate targetPort\"

* remove out of date TODO

* Mark BetaStorageClassAnnotation as deprecated

* Add support for CronJob to kind_visitor

* gracefully shutdown apiserver after all non-long running requests finish

* update bazel and staging godep

* rename test file and remove unused code

* add hostip protocol to the hostport predicates and make unit test adapt to the code change

* add e2e test on the hostport predicates

* add unit test for VisitPodConfigmapNames

* not calculate new priority when user update pods

* Fix influxdb e2e test failure.

* Review comments addressed.

* cache admission webhook restClient

* update bazel

* Adds e2e tests for Pod Priority and Preemption in Clucter Autoscaler: - shouldn\'t scale up when expendable pod is created - should scale up when non expendable pod is created - shouldn\'t scale up when expendable pod is preempted - should scale down when expendable pod is running - shouldn\'t scale down when non expendable pod is running

* Add alpha feature for mount containers

* Add ExecMounter

* Add mount containers to kubelet

* extracted elasticsearch-logging service name as environment variable ELASTICSEARCH_SERVICE_NAME with fallback on default

* Support multizone clusters in GCE and GKE e2e tests

* add windows mount path test

* Use HPA permissions to read custom metrics in Custom Metrics e2e test

* bump base images to debian stretch

* Fix an unreachable kubectl explain field lookup test

* bump(k8s.io/gengo): b58fc7edb82e0c6ffc9b8aef61813c7261b785d4

* apimachinery: Remove cloner from scheme

* deepcopy: remove deepcopy register tags

* kubeadm: fix deepcopy generation due to missing opt-in tag

* Update generated code

* Adjust GKE spec to validate images with kernel version 4.10+

* remove todo: switch UpdatePodSpecForObject to work on v1.PodSpec, use info.VersionedObject, and avoid conversion completely

* Allocate map for ManifestURLHeader

* Support collecting log for alternative container runtime in e2e test.

* Disallow parent approvals.

* Add README.md to test/conformance.

* Refer to instructions when the test fails.

* Don\'t clobber KUBE_VERBOSE in verify script

* Fix CRI fluentd config.

* add NamespaceSelector to the api

* generated

* Source PodSecurityPolicies from addon subdir

* Reorganize addon PodSecurityPolicies

* Add optional addon PSPs

* Remove SSL cert volumes from heapster addons

* Use whitelisted test image

* ccm: move all argument handling to server

* hyperkube: add cloud-controller-manager

* ccm: make missing --cloud-provider fatal

* hyperkube: add alpha subcommand

* respond to luxas\'s feedback

* respond to wlan0\'s feedback

* validation of CRD custom resources: alpha->beta

* Update cAdvisor.

* Fix TestSummaryProvider.

* Expose accelerator metrics in the summary API.

* Vendor JeffAshton/win_pdh and remove lxn/win

* This PR fixes issue #55031 where kubelet.exe crashes on Windows Server Core. The root cause is that kubelet.exe depends on package lxn/win pdh and kernel32 wrapper for node metrics. However, opengl32.dll is not available in Server Core and lxn/win requires the presence of all win32 DLLs. This PR uses a slim win32 package JeffAshton/win_pdh since most win32 APIs needed are PDH API. Also this PR makes own implementation of GetPhysicallyInstalledSystemMemory until golang Windows syscall has it or lxn/win fixes opengl32 issue. Also this PR modifies the way to get Windows version.

* Adds Support for Node Resource IPv6 Addressing

* Set CONTAINER_RUNTIME default value to \'docker\'

* allow configuring of the docker storage driver on gce

* [kube-proxy] Fix session affinity with local endpoints traffic

* build: speed up .tar.gz by 10x

* move IsMissingVersion comments

* Improve chinese translate for kubectl i18n

* Fix .git rsync filter

* Add URL beside service

* generated

* fix docs and validation

* generated

* kubeadm enable endpoint-reconciler for ha

* Add concurrent service sync flag to CCM

* Refactoring staticpod and waiter functions

* Using --show-labels with incompatible ‘kubectl get’ arguments should error out

* ResourceQuota support for hugepages

* Validate usage strings when creating bootstrap tokens via kubeadm

* update unit test for hugepage resourceQuota support

* replace sets.List() with sets.UnsortedList()

* fixtypo

* Make sure that storage request of pvc is not zero

* add kubeadm alpha phase kubeconfig option(--output)

* fix bug: without Unlock in error case, and remove unrelated test cases

* use versionedObject replace internal in kubectl set selector

* remove redundant code in ValidateDiscovery

* Validate podCIDR of node spec.

* Fix typo in e2e test name.

* fix ipvs proxier getLocalIPs() error

* Make sure the ports is valid when parsing portString

* rbac api changes for aggregation

* generated

* add clusterrole aggregation controller

* handle clusterrole migration

* Use results of kube-controller-manager leader election in addon manager

* split limitranger admission

* add type assertions to admission plugins

* kubeadm-doc-gen

* code-generator: fix multiple internal groups in generate-internal-groups.sh

* code-generator: complete PkgName, GroupName, GoName separation

* Regional support in CA tests.

* admission: don\'t update psp annotation on update

* ip6tables should be set in the noop plugin

* Validate that PV capacity and PVC capacity requests are greater than zero

* Apply taint when a volume is stuck in attaching state on node

* Bump Cluster Autoscaler version to 1.1.0-alpha1

* Parse the last partial line in CRI logs

* Enforce use of fixed size int types in the API

* let validation webhook convert objects to the external version before sending them

* Add CoreDNS as an optional addon in kube-up

* Extend test/e2e/scheduling/nvidia-gpus.go to track resource usage of installer and device plugin containers. To support this, exports certain functions and fields in framework/resource_usage_gatherer.go so that it can be used in any e2e test to track any specified pod resource usage with the specified probe interval and duration.

* Webhook e2e test: PUT and PATCH operations

* Combine downward api e2e test cases.

* Update conformance testdata for downward api test

* dockershim: remove corrupt checkpoints immediately upon detection

* Complete test case for kubeletconfig validation

* Using lower case of fmt.Errorf

* using regexp match achieve find efficiently

* E2E test to verify pod failover during node power-off

* pass devices of previous endpoint into re-registered one to avoid potential orphaned devices upon re-registration

* Removed unused function.

* Removed unnecessary type conversion

* Add e2e test for mount propagation

* Review fixes

* remove duplicated import

* code-generator: add complete internal group test cases

* code-generator: smoke test _example by compiling

* Update generated code

* fix failed to access service of e2e test

* convert this warning to an error in kubeadm

* Remove unused pkg/apis/policy/v1alpha1

* Do not crash on empty NODE_NAMES array.

* wrapper ipset util

* Update Gophercloud dependency for reauth problem

* Fix cross-compliation of mount_exec.go

* Fix resource requests & limits of metadata-proxy

* Pass pod name and namespace argss to prom-to-sd sidecar of metadata-proxy

* Add brackets around IPv6 addrs in e2e test IP:port endpoints

* Ensure GCE AlphaFeatureGate initialized

* remove bad defaulting for exec and attach options

* make the parameter codec include defaulters

* Enable file state in static policy

* Cpu manager file state tests

* kubeadm: fix crictl command for reset

* Add admission metrics

* Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086

* Fix admission metrics to track mutating/validating correctly

* Remove is_system_ns from admission metrics

* disable container disk metrics when using the CRI stats integration

* include rbd command output in errors, simplify ifelse logic

* Webhook e2e test: fail open and fail closed

* Swap NetworkPolicy storage to networking.k8s.io/v1

* Align admission metric names with prometheus guidelines

* comment

* gce: readd kubelet-bootstrap to kubelet user

* Revert \"allow configuring of the docker storage driver on gce\"

* Modify the AWS cloud provider to ensure additional load balancer tags are added to existing load balancers

* Don\'t test flexvolume-dir creation

* Move category expander out of kubectl/resource

* Adds jiayingzAATT and vishAATT as approvers for pkg/kubelet/cm/deviceplugin/.

* Update URLs for nvidia gpu device plugin and nvidia driver installer.

* Reorganize the admission webhook code.

* Introduce storage v1alpha1 and VolumeAttachment

* Generated files for new VolumeAttachemnt object

* Set up alternate mount point for SCSI/NVMe local SSD by UUID in /mnt/disks/by-uuid/, set up ability to have unformatted disk symlinked in /dev/disk/by-uuid/. Added tests. Preserved backwards compatibility.

* verify token file

* remove AddToGroupVersion in kubeproxy scheme

* update bazel

* Reorganize the code in webhook admission plugin.

* generated bazel

* Add a cloud-init script to disable live-restore

* Fix hostport duplicate chain names

* Remove bugy chains as well to clean up old chain/rule

* Add tests to test if legacy chains/rules can be cleaned up

* Only attempt to construct GC informers for watchable resources

* Support AWS ECR credentials in China

* swap the return statements

* add testcase for aws china region

* fix awsStandardDNSSuffix

* wrap ipset in proxy ipvs

* Bump Heapster version to 1.5.0-beta.1

* use ipset doing snat and packet filter in ipvs proxy

* kubeadm: change in logic of getDNSIP

* Improve messages around waiting for pods.

* Bump addon manager version used to 6.5

* kubectl explain: ignore trailing period

* add visibility of cmd/testing to kubectl/explain

* WaitForCacheSync fail should return for service controller

* Add special tag for disabling ESIPP and HPA-related tests on large clusters

* Clean up no longer used k8sVersion param

* move cmd/util/printing.go#PrintSuccess to factory_builder.go

* create fn for dns manifests

* StorageClass API changes for VolumeBindingMode

* generated files

* Kubelet: Relative paths in local config file

* Revert get version change due to the overlap in PR #55143

* Add defaulting to VolumeBindingMode

* Clarify ExternalNames are hostnames

* Move DNS related kubelet codes into its own package

* Fixes Issue 55816: Removes unneeded IPPart error

* openapi: Add EmptyResource/CreateOpenAPISchemaFunc test utils

* Show openapi custom columns in `kubectl get`

* Restore default polling period of resource-gatherer

* Return nil error if checkpoint returns with KeyNotFound error

* Update CHANGELOG-1.9.md for v1.9.0-alpha.3.

* Rename log-dump env to `LOG_DUMP_SYSTEMD_SERVICES`.

* Wait for server resources.

* Move ungated \'alpha\' KubeletConfiguration fields and self-registration fields to KubeletFlags

* Guarantee that status errors have a kind set

* If mountPath is missing, prefix with root dir.

* auth/gcp: capture stderr from gcloud config-helper

* Fix TestForgivenessAdmission.

* Fix typo in CloudControllerManager

* Use file-backed state for all cpumanager policies

* support mount options in azure file

* add vers mountoptions and fix comments

* registry: cut-off kube dependencies from registrytest

* registry: move generic registry tester into k8s.io/apiserver

* add test for slice

* Be less agressive and more patient when creating large master.

* RBD Plugin: Fix bug in checking command not found error.

* Clone documentation utility from //pkg/kubectl/cmd/templates

* kubeadm-doc-preflight

* Allow use of Octavia endpoint

* Stop executing Pod Priority and Preemption e2e tests on GKE.

* Set resource-gathering and probe-duration period for kubemark

* kubectl: Add Terminating state to PVCs

* Fix dangling attach errors

* LimitRange e2e test improved.

* Retry transient errors when fetching cfssl
*.

* fix indent

* deviceplugin: fix race when multiple plugins are registered

* Refactor `reconcileAutoscaler` method in hpa

* ensure config file exists before loading configuration in imagePolicyWebhook

* Revert \"Add options for mounting SCSI or NVMe local SSD though Block or Filesystem and do all of that with UUID\"

* local-up-cluster.sh should start scheduler with FEATURE_GATES

* Adds node auto-repair e2e tests.

* add rest/request backoffMgr and throttle setters

* Removed opaque integer resources.

* fix flaky allocatable test

* sarapprover: ignore authz errors

* sarapprover: increase base delay of per item rate limit

* Move regexp.MustCompile to global variable

* Move unstructured conversion into pkg/runtime

* Scheme should support Unstructured conversion natively

* Scheme should provide ObjectTyper for Unstructured objects as well

* Make edit test use subtests to identify flake

* certs: start deprecation of signing asset default paths

* kubeadm-markmaster

* kubectl apply edit-last-applied should fail when version is missing

* Fix accelerator stats API to follow API conventions.

* Kubernetes version v1.10.0-alpha.0 openapi-spec file updates

* update API, remove validation.

* Correct clean up actions in e2e tests

* fix underlying bug: double close channel when stop

* Lift embedded structure out of eviction-related KubeletConfiguration fields

* omitempty

* Kubeadm supports for Kubelet Dynamic Configuration.

* Consolidate DNS codes in kubelet pkg

* Replace node\'s alpha taint key with GA

* Auto generated files.

* Run TryStartKubelet conditionally; replace hard-code with constants.

* add Standard GRS, RAGRS support for azure disk

* Use framework.ConformanceIt for node e2e conformance tests

* Update conformance testdata for e2e node conformance tests

* Update BUILD file to include e2e_node tests

* remove initialize storage account pool process

* Control logs verbosity in resource gatherer

* Add kawych to cluster-monitoring deployment owners

* Set -w flag on all iptables calls during master startup

* Add GA toleration key and leave alpha ones untouched

* Table printers and server generation should always copy ListMeta

* API chunking tests should fail if limit is breached

* conversion-gen: check for nil pkg in getManualConversionFunctions

* Set defaults for KubeletConfiguration

* Fix representation of the pv\'s capacity which provisioned by glusterfs

* ColonSeparatedMultimapStringString: allow multiple Set invocations with default override

* omitempty

* Generating docs for v1.9.0-beta.0 on release-1.9

* Set up alternate mount point for SCSI/NVMe local SSD by UUID in /mnt/disks/by-uuid/, set up ability to have unformatted disk symlinked in /dev/disk/by-uuid/. Added tests. Preserved backwards compatibility.

* Fix protobuf generation for empty struct

* Admission request/response handling

* Updating vSphere Cloud Provider (VCP) to support k8s cluster spead across multiple ESXi clusters, datacenters or even vSphere vCenters

* add detail to flag help

* Adds custom expansions to the listers for apps/v1

* CSI - API change for CSI volume source type

* CSI - Generated source code

* Upgrade to go1.9.2

* Explicitly download go1.9.2 in Bazel WORKSPACE

* codgen

* Filter out duplicated container stats

* Add unit test for \"filter out duplicated container stats\"

* seccomp is an alpha feature and not feature gated

* fix network value for stats summary

* KubeletConfiguration should be a member of MasterConfiguration

* Add phase kubelet

* Make updateNodeWithConfigMap public

* Retry when update node with configmap fails.

* Add test case for phase kubelet.

* add andyzhangx as reviewer

* Adding the mutating webhook

* generated bazel

* Rename the testdata package to testcerts.

* fix webhook e2e test cleanup

* Update generated proto for empty structs

* Master now supports delayed upgrades. It will wait until specifically told to upgrade with an action unless the configuration option require-manual-upgrade is false.

* Add VolumeType api to PV and PVC

* generated code for VolumeMode api change

* remove disk allocatable evictions

* Allow resource.Builder to modify requests per client

* Allow constructing spdy executor from existing transports

* use SecretObject to reference iSCSI CHAP secret

* generated files

* Fix potential unexpected object mutation that can lead to data races

* fix cadvisor.New signature for cross build

* Adding etcd upgrade to kubeadm upgrade apply

* Add ExtendedResourceToleration admission controller.

* Rename GenericAdmissionWebhook to ValidatingAdmissionWebhook

* fix fakeIPSet ut error

* [advanced audit]add a policy wide omitStage

* run hack/update-all.sh

* address review comments

* Fix panic when assigning configmap UID of kubelet configuration.

* Unstructured cleanups

* Check if SleepDelay of AWS request is nil before sign.

* fix bad return error text

* KubeletConfiguration.BaseConfig.ClusterDNS defaults to the tenth address of MasterConfiguration.Networking.ServiceSubnet

* Auto generated BUILD files.

* Move GetDNSIP to a \"higher level\" pkg.

* fix CreateVolume: search mode for Dedicated kind

* search by accounttype in CreateVolume func

* kubeadm: Fix a small bug in the self-hosting code

* Re-engineer the kubeadm join logic.

* Auto generated BUILD files.

* kubeadm-improve-doc1

* Added a new scheduling queue based on priority queue.

* Autogenerated files

* Revert \"refactor builder in kubectl factory\"

* Unify unstructured and versioned object in resource.Builder

* Builder should allow moving between unstructured / versioned easily

* Remove use of VersionedObject and simplify builder in generic methods

* Apply set last applied should not need to fetch latest

* Add a lazy discovery interface for Unstructured

* Remove unstructured error checking from affected code

* Unify Object and UnstructuredObject

* All commands must declare Unstructured or Internal

* rollingupdate should use explicit casting

* Avoid wrong filling of glusterfs volume spec in ConstructVolumeSpec()

* admission/webhook: move webhook initializer into plugin

* apiserver: remove unneeded scheme from registry tester

* include error message for volumeManager during attach and mount

* update comment that are out of date

* Improve kubeadm apply error logging style

* Add Amazon NLB support

* Add aws elbv2 to vendor

* #55183 follow up: Reinstate admission chain composition and ns test

* admission: make metrics compositional and move to metrics sub-package

* Add condition \"len(cfg.DiscoveryToken) != 0\" to ValidateArgSelection.

* Regenerate API server serving certificates when upgrading.

* Adds the statefulset.kubernetes.io/pod-name label allowing users to attach a Service to an individual Pod.

* Azure load balancer general improvement

* fix documents, and correct typo

* rename azure interfaces to conform with golang convention

* code-review- add logs and comments (#11)

* naming, comment, typo correction

* address more code review comments

* fix azure bazel BUILD

* for error case, return nil for SG

* fix fake name convention

* refactor fake Delete function

* add azure_fakes.go Boilerplate header

* make newFake
* functions unexported

* clean up retry logic, since we try at least once

* assign random ip instead of hard code

* add test for flipServiceInternalAnnotation

* Option to consolidate Azure NSG rules for services (#13)

* correct doc for reconcileSecurityGroup

* fix rebase test error

* Update CHANGELOG-1.8.md for v1.8.4.

* BlockVolumesSupport: CRI, VolumeManager and OperationExecutor changes

* generated code for Volumemanager change

* apiextensions: fix object keys in fuzzer to exclude escape characters

* consolidate printer OutputOpts w PrintOpts

* pass printOpts by pointer

* VolumeMode binding logic update

* Update debian-hyperkube-base to 0.7

* Merging handler into manager API

* Block volumes Support: FC plugin update

* generated code for FC plugin change

* Add \'None\' option to DNSPolicy and define DNSConfig field in Pod API

* support openapi in strategic merge patch

* rbac bootstrap policy: add selfsubjectrulesreviews to basic-user

* Update the validating webhook plugin to be a ValidatingInterface, rather than a MutatingInterface

* convert testScaledRolloutDeployment e2e test to integration test

* Add validation check for PodDNSConfig and \'None\' DNSPolicy

* Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior.

* Suppress warning when a pod in binding cannot be expired

* Autogenerated codes for Custom Pod DNS API

* Support Custom Pod DNS in kubelet, gated by feature gate

* Add Pod-level local ephemeral storage metric in Summary API

* Add constants in CRI.

* Add fluentd support.

* Add kubeletconfig round trip test

* Add service.UID into security group name

* Changes nvidia-gpu device plugin addon config settings: - Runs as system critical pod - Makes resource limits to match its resource requets - Modifies test/e2e/scheduling/nvidia-gpus.go to cope with the recent change of running the device plugin as a system addon. - The resource settings of the addon is based on the test results from 8 nvidia-tesla-k80 gpus.

* Add EnsureOldSecurityGroupDeleted to delete old security group

* Block Volume: cmdline printer update

* pass listener to genericapiserver

* Use GetVersion() API instead of ver command

* complish feature gate dependency in kubeadm

* Addition of bootstrap checkpointing

* Don\'t call BeforeEach() again in ingress suite

* Update generated and dep addition of safefile

* Fix panic when AlphaFeatureGate isn\'t configured for gce.

* Import gophercloud package first

* Add logic to account for pods nominated to run on nodes, but are not running yet. Add tests for the new logic.

* fixup! Add logic to account for pods nominated to run on nodes, but are not running yet. Add tests for the new logic.

* Autogenerated files

* add cleanup-ipvs flag

* Add initial VMType (via vmType param) in azure cloud provider

* Add utils for vmss typed instances

* Support getting instanceID, type and IP for vmss instances

* Add fake clients and unit tests

* Extends deviceplugin to gracefully handle full device plugin lifecycle. - Instead of using cm.capacity field to communicate device plugin resource capacity, this PR changes to use an explicit cm.GetDevicePluginResourceCapacity() function that returns device plugin resource capacity as well as any inactive device plugin resource. Kubelet syncNodeStatus call this function during its periodic run to update node status capacity and allocatable. After this call, device plugin can remove the inactive device plugin resource from its allDevices field as the update is already pushed to API server. - Extends device plugin checkpoint data to record registered resources so that we can finish resource removing even upon kubelet restarts. - Passes sourcesReady from kubelet to device plugin to avoid removing inactive pods during grace period of kubelet restart.

* Extends gpu_device_plugin e2e_node test to verify that scheduled pods can continue to run even after device plugin deletion and kubelet restarts.

* fix storageclass unit tests

* implement cinder resize

* kubeadm-bootstrap

* generated files

* Implement individual control for kubeadm preflight checks

* allow ELB HC configuration via Service annotations

* Add environment variable to enable support for new Stackdriver resource model

* add versioned webhook admission config

* Graduate admission API to v1beta1; graduate webhook related admissionregistration API to v1beta1

* take disk requests into account during evictions

* support openapi in apply

* update godep

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* Enable cpu manager only if the test is not skipped. - Also, if KubeReserved is nil, allocate a map.

* findSecurityRule returns true when it matches most of characteristics.

* fixing issue of feature gate not being turned off properly

* generated

* make admission config scheme configurable

* update coredns manifest

* comment on findSecurityRule and fmt

* change storage, registry, discovery version for admissionregistration

* remove reference to v1alpha1

* fix hack/local-cluster-up.sh

* manual fix required to run hack/update-all.sh

* update-all generated

* Adds device plugin registration count metric and allocation latency metric.

* make client-gen behave correctly when there is no types in a group that needs client.

* oidc auth: fix prefix flag plumbing

* Kubelet flags take precedence over config from files/ConfigMaps

* CSI - API source code implementation

* CSI - Generated source code

* CSI - GoDeps dependency updates

* Do not add new field in fluentd CRI log format.

* change DefaultGarbageCollectionPolicy to DeleteDependents for workload controllers

* Fix incorrect localhost seccomp profile path

* Verify seccomp absolute path in dockershim

* Update bazel and remove unused data files

* Refactor PV selection into a common call for scheduler and PV controller

* Refactor bindVolumeToClaim() into 1) forming new PV object 2) making API and cache update

* Expose single annotation/label via downward API

* fixes issue 56041

* Revert \"Kubelet flags take precedence over config from files/ConfigMaps\"

* In findMatchingVolumes: - Delay binding until Pod is scheduled - Check for PV node affinity and access modes - Exclude volumes from being matching

* Add assume cache for PVs

* Cache for pod bindings

* Library for scheduler volume binding

* fix controlplane unit tests

* Auto generated BUILD files.

* Address review comments.

* Make expired cert check more clear.

* Add unit test case for new funcs

* Scheduler volume cache plumbing and predicate invalidation

* Add predicate to find volume matches

* Add assume/bind volume functions to scheduler

* update build files

* Add import restriction

* Add scheduler and pv controller integration test

* Local e2e tests

* Add note to feature gate

* install ipset in debian-iptables docker image and bump tag to v10

* Auto generated BUILD files.

* Write marshalled kubeletconfig object to init-config-dir

* Refactoring writing kubeletconfig.

* Fix deadlock of writing file on node.

* Support VolumeV3 for OpenStack cloud Provider

* Extend apiserver testserver such that in can be used in integration tests abstract out etcd server creation test/integration/framework: cleanup master_utils.go kube-apiserver: move StartTestServer tests into test/integration/master Fix the failing scale test kube-apiserver\'s TestServer now returns a struct instead of individual values

* Update gophercloud for supporting OpenStack Cinder v3

* Restructure cmd/kubeadm/OWNERS

* Fix long even handler in cloud cidr allocator

* Fix setting resources in fluentd-gcp plugin

* Support ceph rbd resize

* fix fmt wording error

* Adding etcd version for kubeadm upgrade plan

* Dump last curl output if cluster fails to come up.

* Bump Heapster version to v1.5.0-beta.2

* require webhook admission kubeconfigfile to be absolute

* Should make dir before writing file.

* Add deployment for Stackdriver Metadata Agent with version and resource requirement controlled by env variable

* kubeadm: add `--print-join-command` flag for token create.

* log errors while trying to GC resources

* support upgrade plan for coredns

* udpate cadvisor dependency to v0.28.2

* move the MutatingAdmissionWebhook to the last in the mutating amdission plugin chain.

* Add pod-level metric for CPU and memory stats

* Install kmod instead of module-init-tools in iptables image

* Add PDB support during pod preemption

* Autogenerated files

* Add owners for podsecuritypolicy package

* allow exceptions to be specified to handle conflicting group and resourc enames

* Add new Events API group

* generated

* Create a separate conversion function for the field labels used by downward API

* Optimize PSP authorization

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* Allow node to update PVC\'s status

* Add Feature tag to CPU Manager node e2e test.

* Rename tree state from \'git archive\' to \'archive\'

* Use git archive to produce kubernetes-src.tar.gz when possible

* Migrate CIDR allocators to shared node informer

* Implement file system resizing support on kubelet start

* clear resourceversion for migrated cluster roles

* Implement resizing support for GCE

* Enable PersistentVolumeClaimResize admission plugin in default cluster settings

* Update CHANGELOG-1.6.md for v1.6.13.

* Fixing etcd version for 1.10.X kubernetes

* Fix NewProxyServer

* Validate key subscript for metadata.annotations and metadata.labels separately

* Implement disk resizing for AWS

* Update kubeadm config for setting kube-proxy bind address

* Integrating cadvisor stats to CRI Pod stats collection

* Modifying cri stats test cases

* support flexvlome in psp

* generated

* Bump CPU requirements of L7 LB controller.

* Added PVC Finalizing Controller feature switch.

* PVC Being Deleted Checks in kubelet

* Admission Controller PVC Finalizer Plugin

* Added PVC Protection Controller

* Add policy for the PVC Protection Controller

* kubeadm: rename flag to --ignore-preflight-errors

* AWS: Implement fix for detaching volume from stopped instances

* Use PATCHs instead of PUTs in CIDR allocator

* Allow healthchecks to be skipped with --ignore-checks-errors too

* Only check Readiness of masters, not every node

* Remove SupportIPVSProxyMode feature gate in kubeadm.

* Auto generated BUILD files.

* Update NetworkUnavailable condition in ipam controller

* Fix panic in GCE loadbalancer library

* Add validation of kubelet configuration in kubeadm.

* Auto generated BUILD files.

* Only set defaults when DynamicKubeletConfig feature gate is on.

* Enable kube-proxy validation in kubeadm validation.

* Run the kubeletconfig defaulter in kubeadm defaults

* Wait for controllerrevision informer to sync on statefulset controller startup

* fix bad return Error

* add kube config file of kube-proxy to kube-proxy config map

* Use full gopath for externalTypes

* Use full gopath for externalTypes of missing API groups.

* Update CHANGELOG-1.7.md for v1.7.11.

* Reduce memory footprint of admission metrics

* Unmute curl when fetching cfssl.

* Requeue failed updates for retry in CIDR allocator

* Move audit logs e2e to the default test suite.

* Include ServerName in tls transport cache key

* Mark v1beta1 NetworkPolicy types as deprecated

* Fix TestAggregatedAPIServer setup

* Add [sig-node] to some unowned e2e_node tests

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* Implement resource limit priority function. This function checks if the input pod\'s resource limits are satisfied by the input node\'s allocatable resources or not. If yes, the node is assigned a score of 1, otherwise the node\'s score is not changed.

* Fix AppArmor upgrade test

* LBaaS v1 is no longer supported

* Set bs-version to auto for tests

* Skip TestRoutes if extension or router-id is missing

* certs: add month buckets

* Allow volume test to run outside an actual OpenStack VM

* Fix GC sync race condition

* Ensure sync failures are correctly retried

* Find a server name and router id to test TestRoutes

* Add more GC sync logging

* Add a GC deadlock note

* Code Generator: Link back to examples and articles

* Support autoprobing floating-network-id for openstack cloud provider

* Document CustomPodDNS feature gates for DNSConfig and None dnsPolicy

* Update gophercloud networking for autoprobing external network

* Add generated files

* Fix typo in component name of prometheus-to-sd config.

* Add checking HPA_USE_REST_CLIENTS in addition to ENABLE_METRICS_SERVER when disabling REST clients use for HPA

* Allow choosing min CPU architecture for master VM on gce

* Remove gke from expected providers of audit e2e test.

* Return original error instead of negotiation one

* e2e: eviction test redirect dd stderr

* Update Dashboard add-on to version 1.8.0

* add-on fluentd-elasticsearch: Add missing fluentd-es-ds selector

* Do not fake /bin/bash, just use the real bash

* Configure metadata concealment iptables rules in node startup.

* Make sure node is ready before calling getLocalNode to fix test failure.

* mock container networking and fix filtering bug

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* Revert \"Merge pull request #55336 from oracle/for/upstream/master/53462\"

* Updates Kube-proxy validators to allow Windows \'kernelspace\' mode.

* Fix Content negotiation incorrect when Accept header uses type parameters

* Fix --min-cpu-platform argument to gcloud in kube-up

* Allow config and ignore-preflight to be specified together

* Add brackets around IPv6 kube-dns liveness probe addrs

* Fix configuration of Metadata Agent daemon set

* kubelet: MustRunAsNonRoot should reject a pod if it has non-numeric USER.

* Generated code NP v1beta1

* Remove conditions from PVC after successful resize

* Do not resize file system on a read-only mount

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* update build/root/WORKSPACE and cluster/images/hyperkube/Makefile for the new tag

* nvidia-gpu-device-plugin daemonset should tolerate nvidia.com/gpu taint.

* Create volumeMount and hostPath for cloud config file

* Add wildcard tolerations to kube-proxy.

* kubeadm etcd modifying recover steps

* Makes modes OS-specific (+ fixes tests).

* bump kubectl version to 1.8.4

* Return no volume match if prebound PV node affinity doesn\'t match node

* kubeadm: Use the v1.9 branch by default

* declare ipvs proxier beta

* Make audit batch webhook backend configurable

* AWS: Support for mounting nvme volumes

* Update CHANGELOG-1.9.md for v1.9.0-beta.1.

* Add/Update CHANGELOG-1.9.md for v1.9.0-beta.1.

* Update nvidia-gpu-device-plugin addon.

* remove time waiting after create storage account

* Fix static IP issue for Azure internal LB

* kube-apiserver: enable admission registration v1beta by default

* fix inter-pod anti-affinity issue

* admission: do not require v1alph1 for v1beta1

* Cluster Autoscaler 1.1.0-beta1

* Fix for the network partition tests (and cluster autoscaling too potentially)

* build patch from openapi only for registered types

* kubeadm: Fix a couple of upgrade/downgrade-related bugs

* Restore CHANGELOG.md

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* delete a node from its cache if it gets node not found error

* VolumeHost.GetNodeName method added for CSI fix

* CSI - feature gate fix, gated RBAC rules, csi nodeID label

* Fix PV counter predicate in eclass

* Add pvc as part of equivalence hash

* Update generated bazel

* CSI - Fix so VolumeAttachment.Spec.Attacher use driverName

* CSI - Extract volume attributes from PV annotations\"

* Enable SD custom metric autoscaling e2e on GKE

* Revert \"Fix for the network partition tests\"

* Add DisabledForLargeClusters tag to audit tests.

* Disable GCE target

* cloud-provider needs cluster-role to apply taint to the node

* coredns 1.0.0

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* fake docker client can remove containers which have not been started

* add yaml-quote for GCE_GLBC_IMAGE

* Separates validation per-runtime.

* Override recycler pod image in GCE

* Re-uses device plugin resources allocated to init containers. Implements option 2 mentioned in https://github.com/kubernetes/kubernetes/issues/56022#issuecomment-348286184

* fix gce.conf multi-value parameter processing

* add apps/v1beta2 deprecation comments

* Autogen

* Make audit webhook backend configurable in startup scripts

* Results of running update scripts: update-openapi-spec generate-docs update-federation-openapi-spec

* make requirements less precise for disk eviction test

* fix test

* release-1.9: Run hack/update-generated-docs.sh

* Check both name and ports for azure health probes

* Modify \'restore-from-backup.sh\' to work in multinode etcd cluster.

* Bump Heapster version to v1.5.0-beta.3

* Update CHANGELOG-1.8.md for v1.8.5.

* Update CHANGELOG-1.9.md for v1.9.0-beta.2.

* Add/Update CHANGELOG-1.9.md for v1.9.0-beta.2.

* Update cadvisor godeps to v0.28.3

* Cluster Autoscaler 1.1.0

* CSI - Multiple bug fixes for NodeProbe, vol data file, mount dir create

* fix bug in container lifecycle event generation

* BUmped Heapster to v1.5.0

* kubeadm: Don\'t downgrade etcd on cluster downgrade

* Doc updates for 1.9

* kubelet should use the value of the cri container runtime endpoint from cadvisor

* Mark Flexvolume as GA

* Update nvidia-gpu-device-plugin addon.

* gce/upgrade.sh: Prompt if etcd version is unspecified.

* gce: split legacy kubelet node role binding and bootstrapper role binding

* Switch to k8s-1.9 branch of the installer in release-1.9 branch of kubernetes

* Kubernetes version v1.9.1-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.0.

* enable flexvolume on Windows

* return error when create azure share failed

* change default azure file/dir mode to 0755

* fix accessmode mapping error

* Use pod nanny configured with ComponentConfig in Heapster

* Use pod nanny configured with ComponentConfig in Metrics Server

* Process cluster-scoped owners correctly

* Add --retry-connrefused to all curl invocations.

* Reduce CPU and memory requests for Metrics Server Nanny

* old test file will create a leak file in current directory. this patch fix this. modified: pkg/kubelet/cm/deviceplugin/manager_test.go

* Fix problem accessing private docker registries

* node_e2e: do not return error if Docker\'s check-config.sh fails

* Fix session out issue while creating volume and error message coming up while attaching the volume

* Fix issue #390

* Fixes issue#392.

* Reduce CPU request of Dasboard addon

* Fix a bug in validating node existence.

* Update CoreDNS version and Corefile.

* kubeadm: Only check for well-known files in preflight

* Get automatically created subnetwork if none is specified

* Ensure dependents are added to virtual node before attemptToDelete

* Requeue unobserved nodes in attemptToDelete

* Configurable liveness probe initial delays for etcd and kube-apiserver in GCE

* Update boilerplate for 2018

* Add generated runtime and generated device plugin to update-all

* Regenerate all generated code

* COntroller-manager is crashing in customer environment as vSphere Cloud Provider is not using lower case naming while creating clientBuilder. With this fix, ClientBuilder is created using lowercase naming.

* Add \'exec\' in all saltbase manifests using \'/bin/sh -c\'.

* update godep for etcd-client to 3.1.11 in 1.9 branch

* Kubernetes version v1.9.2-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.9.md for v1.9.1.

* Honor make variable OUT_DIR.

* update etcd version to 3.1.11 in 1.9 branch

* use /dev/disk/by-id instead of /dev/sd
* for azure disk

* prefer /dev/disk/azure/scsi1/ over by-id for azure disk

* Support passing kube-scheduler policy config

* Schedule Calico components even on tainted nodes

* Update kube-dns to 1.14.8

* add remount logic if original mount path is invalid

* add folder named custom in gce

* Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup.

* Use existing subnetwork of forwarding rule

* Renews cached NodeInfo with new vSphere connection

* Avoid error on closed pipe

* Fix quota controller worker deadlock

* Fix errors in Heapster deployment for google sink

* Let mutating webhook defaults the object after applying the patch sent back by the webhook

* The lbaas.opts.SubnetId should be set by subnet id.

* Add cache for VirtualMachinesClient.Get in azure cloud provider

* Remove exists return value from getVirtualMachine

* Remove VirtualMachineClientGetWithRetry

* Return actual error when backoff fails

* Fix vm cache in concurrent case

* Fix conflicts

Fri Jan 26 13:00:00 2018 jmassaguerplaAATTsuse.com
- Fix requirements to require docker-kubic instead of docker_1_12_6
since docker_1_12_6 has been renamed to docker-kubic

Thu Jan 18 13:00:00 2018 opensuse-packagingAATTopensuse.org
- Update to version 1.8.7+b30876a5539f09684ff9fde266fda10b37738c9c:

* Disable GCE target

* Kubernetes version v1.8.6-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.5.

* kubelet falls back to parse generic version string if not semver

* Fix PV counter predicate in eclass

* move InitStorageAccount into azure disk provision func

* remove initialize storage account pool process

* Add cos as an alias for gci in the upgrade script

* fix bug in container lifecycle event generation

* remove time waiting after create storage account

* Add pvc as part of equivalence hash

* Update generated bazel

* Check both name and ports for azure health probes

* change default azure file/dir mode to 0755

* return error when create azure share failed

* enable flexvolume on Windows

* fix CreateVolume: search mode for Dedicated kind

* search by accounttype in CreateVolume func

* Temporary implementation of count metrics for PodSecurityPolicy

* Add --retry-connrefused to all curl invocations.

* Kubernetes version v1.8.7-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.6.

* Fix a bug in validating node existence.

* Remove a file that isn\'t in the 1.8 branch

* Get automatically created subnetwork if none is specified

* Update boilerplate for 2018

* Add generated runtime and generated device plugin to update-all

* Regenerate all generated code

* Configurable liveness probe initial delays for etcd and kube-apiserver in GCE

* Add \'exec\' in all saltbase manifests using \'/bin/sh -c\'.

* Rename tree state from \'git archive\' to \'archive\'

* Use git archive to produce kubernetes-src.tar.gz when possible

* Honor make variable OUT_DIR.

* use /dev/disk/by-id instead of /dev/sd
* for azure disk

* prefer /dev/disk/azure/scsi1/ over by-id for azure disk

* delete a node from its cache if it gets node not found error

* add remount logic if original mount path is invalid

* Updated Flexvolume setup mechanisms for COS instance image. - If REMOUNT_VOLUME_PLUGIN_DIR is set to true, VOLUME_PLUGIN_DIR is remounted with `exec` option during cluster startup. This allows any writable location to be used as the plugin directory. - New HostPath added to controller-manager deployment to enable access to volume plugin directory. - Improved how the default directory is passed to master and node setup.

* Use existing subnetwork of forwarding rule

* Avoid error on closed pipe

Tue Dec 12 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.8.5+cce11c6a185279d037023e02ac5249e14daa22bf:

* Kubernetes version v1.8.5-beta.0 openapi-spec file updates

* Set -w flag on all iptables calls during master startup

* conversion-gen: check for nil pkg in getManualConversionFunctions

* Add/Update CHANGELOG-1.8.md for v1.8.4.

* Fix panic when AlphaFeatureGate isn\'t configured for gce.

* Tolerate partial discovery in garbage collector

* oidc auth: fix prefix flag plumbing

* Use v0.0.0 gitVersion on branches in support of new .gitattributes solution.

* kubeadm: Fix a small bug in the self-hosting code

* Fix incorrect localhost seccomp profile path

* Verify seccomp absolute path in dockershim

* Update bazel and remove unused data files

* add user-specified ns to --dry-run created obj

* add tests

* Fix setting resources in fluentd-gcp plugin

* Fix panic in GCE loadbalancer library

* support mount options in azure file

* add vers mountoptions and fix comments

* If mountPath is missing, prefix with root dir.

* update API, remove validation.

* Include ServerName in tls transport cache key

* remove disk allocatable evictions

* Fix TestAggregatedAPIServer setup

* update cadvisor godeps to v0.27.3

* add Standard GRS, RAGRS support for azure disk

* Fix typo in component name of prometheus-to-sd config.

* Changed GetAllZones to only get zones with nodes that are currently running (renamed to GetAllCurrentZones). Added E2E test to confirm this behavior.

* Initial changes for adding forward rules

* Review updates

* log errors while trying to GC resources

* Wait for controllerrevision informer to sync on statefulset controller startup

* adjust the expected output based kubectl verison

* update comment that are out of date

* [e2e] make sure to specify APIVersion in HPA tests

* kubelet: MustRunAsNonRoot should reject a pod if it has non-numeric USER.

* This was missed when I cherry picked the original CL back. Also fix the test startup script to match the GCE startup script.

* Fix scheduler cache panic when updating pod conditions

* Update Dashboard add-on to version 1.8.0

* certs: add month buckets

* fix inter-pod anti-affinity issue

* fix gce.conf multi-value parameter processing

Fri Nov 24 13:00:00 2017 mjuraAATTsuse.com
- After upgrade to Kubernetes v1.8.4 drop the patches:

* kubectl-fix-duplicate-proto-error-bsc-1057277.patch

* kubelet-support-btrfs-fixes-bsc-1042383.patch

Tue Nov 21 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.8.4+9befc2b8928a9426501d3bf62f72849d5cbcd5a3:

* Add bind mount /etc/resolv.conf from host to containerized mounter

* Enhance message in cluster-info dump

* Change second StorageClass Column to provisioner Some provisioners have key-value pairs in parameters map which key is type, here TYPE in StorageClass columns may be confused

* Re-enable federated ingress test that was disabled due to a federated service deletion bug.

* Add ceph-common to hyperkube image

* Return clusterErr rather than err

* Add default=false to usage of kube-apiserver allow-privileged flag

* Tune Cinder approvers

* kubectl: \'apply view-last-applied\' must not use printf(), as this will cause format codes in the YAML/JSON to be interpreted.

* fix self link error of generic resources in describe command

* Use variadic nature of
*cobra.Command.AddCommand to add group of commands to a parent command

* Remove duplicate error message output in hyperkube.

* fix err message in namespace_policy

* Adding option to set the federation api server port if nodeport is set

* Add statefulset to the completion candidates of kubectl scale

* Check uper limit of port and ensure 0 corresponds to random port

* Add ownership for the future of scheduler_perf and kubemark

* add test for kubectl create pdb

* Ignore ErrNotFound when delete LB resources

* Mark deprecated info in short description of deprecated commands.

* Delete meaningless err check

* Suggest user to use \'hack/install-etcd.sh\' when running integration tests without etcd found.

* add validate to not allow mix --config with other arguments

* Delete unuse err check

* volumes: SetNodeStatusUpdateNeeded on error

* allow output patch string in edit command

* removing unnecessary shallow copy see #46703

* Do not retunr svc in case of error. Rename apiServerNodePortPort.

* Added logic to copy-to-staging to avoid copying if the same file already exists in gce

* Add a feature gate for Debug Containers

* Deleting ServiceReaper

* add ContainerRuntimeVersion to `kubectl get nodes -o=wide` output

* fix comment of isDir

* Fix the typo in translations\' README.md

* Improve code coverage for pkg/printer

* Removed mesos related labels.

* Create output_dir if doesn\'t exist

* Use t.Fatalf instead

* fix some err message

* Adds --insecure to cockroachdb client command

* Add git branch to make build short hash unique

* fix JSONPath parser will not filter strings containing parentheses

* add more unit test

* Add test case for namespace

* add cmd test for kubectl auth can-i

* [Federation][Kubefed] Support documentation for kubefed and its sub commands

* [Federation][Kubefed] Add placeholders for generated docs

* Fixed a comment typo

* fix parse pairs

* Fix const nameing in node/metrics

* Improve error reporting when flex driver has failed to initialize.

* Shorten issue template

* Add OpenAPI README file

* Fix print type of podname

* Fixing style errors

* Fix comments

* extending DefaultExternalHost for any registred cloud provider see #46567

* controller-manager: fix horizontal-pod-autoscaler-use-rest-clients flag help info

* Pipe in GCE master/node tags through flags for e2e test

* deletePod handler in the deployment controller shouldn\'t set owner refs

* Make firewall test get tag from config instead of instance and fix multi-zone issue

* kuberuntime: cleanup TestGenerateContainerConfig

* Add Validate() function for audit options

* Delete reduandant err definition

* controller: fix error message

* Allow NetworkPolicy.spec updates

* Remove unnecessary wrapper flags

* Cleanup federation/cluster scripts from deprecated bringup method

* Auto generated file

* Fix a typo in deletion log of apiserver

* Kubelet doesn\'t override addrs from Cloud provider

* Fix restart action on juju kubernetes-master

* Fix local isolation for pod requesting only overlay

* Fix setting juju worker labels during deployment

* Run cAdvisor on the same interface as kubelet

* [trivial]fix function name in comment

* Fix mismatched types Verbose and bool Fix invalid operation: mismatched types Verbose and bool

* correct the script name for generating swagger doc

* Updated comments for functions.

* Change cephfs secret related logs level

* owners: remove euank from sig-node-reviewers

* Fix local isolation for pod requesting only scratch

* scheduler/util: remove bad print format

* Validate if service has duplicate targetPort

* shows how to wire admission control in a sample api server.

* Add IPv6 test cases to kube-proxy server test.

* Using only the exit code to decide when to fall back on logs

* AWS: Set CredentialsChainVerboseErrors

* E2E:Delete unecessary check

* Use a pointer to mark the nodeport port, if any.

* delete unused return

* Add timothysc to kubeadm reviewers

* fix env flag

* Moved md5 comand to a separate function and added comments

* remove unneeded variable

* Use reflect.DeepEqual to replace sliceEqual

* Refactor slice intersection

* Fix broken command in registry addon document

* Moved gsutil_get_tar_md5 function before copy-to-staging function

* Changes node e2e tests to use new Ubuntu image

* Deprecate keep-terminated-pod-volumes

* print non-existent key in configmap

* fix-review

* Only do string trim when it\'s necessary

* AWS: Fix suspicious loop comparing permissions

* deprecate created-by annotation for e2e test framework

* rebase gophercloud to support HTTP status 300 in pagination, so listing Cinder v1/v2 API versions won\'t break

* fix naming for testgrid

* iSCSi plugin: Remove redundant nil check

* Replace capacity with allocatable to calculate pod resource

* Clean up Deployment overlap annotation code

* Add rbac support to fluentd-elasticsearch

* Create a kubectl alpha subcommand

* Speed up attach/detach controller integration tests

* fixed the logging of which conversions.

* Speed up PV integration tests

* storageclass ceph add imageformat parameter

* Add `imageFeatures` parameter for RBD volume plugin, which is used to customize RBD image format 2 features. Update RBD docs in examples/persistent-volume-provisioning/README.md.

* Only `layering` RBD image format 2 feature should be supported for now.

* deprecate created-by annotation for pod drain

* add owners for sh2ju

* Don\'t bother with a mutable transformer for identity

* Modify NewVolumeManager() function return value Since function NewVolumeManager() will always return vm and nil, we do not need the second return value, it will always be nil.

* Output TYPE for getting service

* use appsv1beta1 for statefulsets and controller history

* Update admission control args

* Small fix for number of pods and nodes in test function

* Delete pre-commit hook

* Fix typo in cross-repo link

* es discovery support args apiserver-host and kubeconfig

* add extra args validate

* delete the for loops that done nothing

* Use more meaningful and consistent variable names in glusterfs plugin.

* Lower etcd compacted loglevel

* Make different container runtimes constant

* Get rid of 30s ResyncPeriod in endpoint controller

* Add \"alpha phase preflight\" command

* don\'t pass CRI error through to waiting state reason

* Remove repeat type conversions

* Also rename leftCapacity to leftAllocatable

* Fix a typo

* Add websocket protocol authentication method

* Use websocket protocol authenticator in apiserver

* Set default User-Agent on http probe

* Remove redirect verb parsing

* Insert Cynerva and Kjackal to approvers list

* Run hack/verify-govet.sh as part of verify make target This commit ensures that: - go vet will be run as part of the make verify target - the vet make-rule script won\'t be run directly, as generated_files won\'t be run in that case - that go vet errors show up in the build log with a start time, finish time, and SUCCESS/FAILED message as part of the verify make rule script

* dockershim: checkpoint HostNetwork property

* Make fluentd log to stdio instead of a dedicated file

* Add ApiEndpoint support to GCE config.

* Remove e2e test for least requested prioirty function

* support to build hyperkube image on ppc64le

* Fix invalid filename in kubelet log

* fix systemd service file for custom args. Signed-off-by: xuxinkun

* remove dead code in rbac helper

* Add type conversion judgment

* split v1/register.go to regsiter.go and builder.go move api/v1 to k8s.io/api/v1 duplicate some global variables/functions in pkg/api/v1/builder.go, add todo to remove these

* run pkg/api/v1/rewrite....sh, pkg/api/v1 (not including subdir) compile

* run root-rewrite-v1-..., compile

* let conversion-gen to choose localSchemeBuiler

* revert before merge? remove a dependency from pkg/apis/componentconfig to clientset, probably we should fix it later. i removed the dependency to test if pkg/apis compile

* Bump event-exporter version to reduce warnings noise

* Don\'t revert, necessary change to make helpers to include k8s.io/api

* unify register.go formats: networking/v1/register.go staging/src/k8s.io/kube-apiextensions-server/pkg/apis/apiextensions/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/custom_metrics/v1alpha1/register.go staging/src/k8s.io/metrics/pkg/apis/metrics/v1alpha1 register.go

* pkg/apis/move-external-types-for-apis.sh, k8s.io/api compiles

* run pkg/apis/make-origin-dir-compile, pkg/apis compile

* run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles

* run fix-casttype.sh

* manually fix unit tests in pkg/api/v1

* vendorless path for informer-gen

* hack/lib/init.sh util.sh update-codegen.sh

* manually fix protogen

* manually remove pkg/client/listers/policy/v1alpha1

* some copy.sh changes

* change hack/update-codecgen.sh

* run hack/update-codegen.sh

* run ./remove-original-proto.sh to remove the old proto

* run root-rewrite-import-client-go-api-types

* run hack/update-staging-client-go, somehow we copied listers/

* make all works. generated harmless covnersion/deepcoy chagnes

* manually fix unit tests

* manually fix hack/verify-staging-imports.sh

* manually fix kubectl openapi unit test

* manually fix openapi-gen

* revert!! temporary change to hack/update-all.sh

* run hack/update-all

* revert hack/update-all to its original form

* run update-staging-godeps.sh; the script asks user to manually commit changes for each repo

* incluster config will be used when creating external shared informers.

* Bump up npd version to v0.4.1

* Don\'t audit log tokens in TokenReviews

* kubelet should resume csr bootstrap

* update e2e for GCE ApiEndpoint support

* include k8s.io/api in update-godep-staging.sh

* generated Godeps.json

* Remove limits from ip-masq-agent for now. ip-masq-agent when issuing an iptables-save will read any configured iptables on the node. This means that the ip-masq-agent\'s memory requirements would grow with the number of iptables (i.e. services) on the node.

* enable docs and man page autogeneration for cloud-controller-manager

* fix nits in kubelet server

* [Federation] Convert the ReplicaSet controller to a sync controller.

* update the err of hostPorts in psp

* Update cadvisor to v0.26.1.

* Move seccomp helper methods and tests to platform-specific files.

* update openstack metadata-service url

* Remove service on termination when exec \'kubectl run\' command with flags \"--rm\" and \"--expose\"

* fix CopyStrings and ShuffleStrings for slice when slice is nil

* add level for print flags

* fix comment mistake

* OpenStack for cloud-controller-manager

* Added helper funcs to schedulercache.Resource.

* [trivial]fix function name in comment

* Add client cert authentication for Azure cloud provider

* Fix tests after rebasing

* Add the pcks12 package to the build of Azure cloud provider

* Fix test name

* Fix dependencies order after rebase

* Add more pdbs in autoscaling e2e

* Bumped Heapster to v1.4.0-beta.0

* Add annotation constants to glusterfs plugin.

* Use %q formatter for error messages from the AWS SDK. #47789

* Implement e2e test for Stackdriver event exporter

* Removes alpha feature gate for affinity annotations. Beta fields should be used.

* add compression to GET and LIST api requests

* removed \'Storage\' option from \'kubectl top\' like options

* detach getClusterNodes() func from provisioner method.

* Display for clusterIP and port when service is ExternalName

* Fix output extra comma

* kubectl: rename Run() -> RunRun() to clarify purpose

* kubectl: rewrite docstrings in several files

* cmd: make createDeployment a private function

* cmd: refactor common err expr into helper function

* kubectl: simplify code with help of linter

* kubectl: note a bug with a comment

* kubectl: refactor addFromEnvFile, write tests

* kubectl: fix inaccurate usage messages for --windows-line-endings

* e2e: bump kubelet\'s resurce usage limit

* Bump Cluster Autoscaler to 0.6.0-beta2

* make proto time precision match json

* deprecate created-by annotation for cronjob

* include object fieldpath in event key

* [Federation] Account for caching in kubectl

* Strip versions from known api groups in audit policy

* Enable vmodule support for all components

* Fixed Monitoring e2e test

* openapi: Fetch protobuf rather than Json

* Save docker image tarfiles in _output/release-images/$arch/.

* [esipp-e2e] Change service port to avoid collision

* Use a different env var to enable the ip-masq-agent addon. We shouldn\'t mix setting the non-masq-cidr with enabling the addon.

* Move e2e fromManifest funcs to manifest package

* Pipe clusterID into gce_loadbalancer_external.go

* Update e2e tests to pipe in clusterID for gce resource cleanup

* Encodes ReportPrefix into the generated metrics file names

* Adds IPv6 test cases

* Remove e2e test that checked scheduler priority function for ReplicationController spreading

* Do not set CNI on a private master when enabling network policy.

* Extending timeout waiting for delete node to become ready before the test ends

* [Federation]Fix forgeting to close file

* Plumb preferred version to nested object encoder

* [Federation]Remove duplicate constants

* Fix kubectl api-versions caching

* Bump e2e mounttest image version to 0.8

* kubeadm: Remove the validate phase as it\'s not needed nor used

* kubeadm: Cleanup version gates for the Node Authorizer when targeting v1.8

* Update CHANGELOG.md for v1.7.0-rc.1.

* Remove stubs from docs/

* [Federation][Kubefed] Address review comment

* Checked whether balanced Pods were created.

* Move the workload e2e tests to it\'s own package

* apiextensions-apiserver: fix build

* revert 45764

* Reflect kubeadm-specific kubelet changes in the bazel debs

* Update kube-dns to 1.14.4

* Multi Arch test images

* modify the meassage in kubectl secret command when the envFile path is not an file path

* godoc update for scheduler predicates.

* kubeadm: Make kube-proxy RollingUpgradeable

* Port some more images

* kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns

* Add a failsafe for etcd not returning a connection string

* Add err judgment

* Retry service syncs with exponential backoff in endpoints-controller

* Remove old node role label that is not used by kubeadm

* IPv6 support for getting node IP

* Move LoadPodFromFile to volume utils

* Fix lint errors

* Revert \"Decrese fluentd cpu request\"

* Add e2e for cluster-autoscaler scale-up from 0

* Bump Cluster Autoscaler to 0.6.0

* Move more printers to TablePrinter

* add options enable tokencleaner,bootstrapsigner controller

* Fix error in local-cluster-up

* Retry finding RBAC version if not found in discovery cache

* garbage collector controller propagates DeletePropagationForeground policy if the object doesn\'t already have finalizers.

* prioritize messages for long steps

* Move iptables logging in kubeproxy from Errorf to V(2).Infof

* cmd/create_deployment: refactor & test long function

* cmd/run: use util function to deduplicate logic

* Enables memcg notification in cluster/node e2e tests

* Make big clusters work again after introduction of subnets

* Fix test commands in cluster/gce/util.sh

* Skip Deployment upgrade test on 1.5 and earlier.

* Add priority to Kubernetes API

* Make doc generation on cherry-picks optional

* bazel: update rules_docker and use official busybox base image

* s/count/total/ in audit prometheus metrics

* Autogenerated files

* Update CR example in client-go

* Formatted Dockerfile to be cleaner and precise

* Move DaemonSet to table printer

* Ensures node becomes schedulable at the end of tests that delete nodes

* Update docs for user-guide

* Allocate clusterIP when change service type from ExternalName to ClusterIP

* Modify e2e tests for service type update.

* modify some mistake

* Add Pod UID (metadata.uid) to downward API env var

* Use endpoints informer for the endpoint controller

* Improve security of Juju deployed clusters

* Set cluster-autoscaler node balancing flag

* Fix typo in cluster-autoscaler config

* Fix ebtables_test.go to actually get run, and to pass

* Fix the names of some iptables tests

* Fix fluentd-gcp configuration to facilitate JSON parsing

* Fix typo

* Support IPv6 in kubenet_linux.go

* Adding a retry to the master version checking

* openapi: Read Accept-Content to send gzip if needed

* Add NYTimes/gziphandler dependency

* Bump GCE ContainerVM to container-vm-v20170627

* kubectl/cmd: many small refactors

* Add unit test case for initClusterIP and updateNodePort

* Kubelet: Centralize Capacity discovery of standard resources in Container manager. Have storage derive node capacity from container manager. Move certain cAdvisor interfaces to the cAdvisor package in the process.

* Validate --storage-backend type.

* Follow up for https://github.com/kubernetes/kubernetes/pull/47003

* Populate endpoints and allow ports with headless service

* Disable anonymous-auth

* Add generic NoSchedule toleration to fluentd in gcp config as a quick-fix for #44445

* Fix kube-proxy panic when running with \"--cleanup-iptables=true\"

* add volumes test

* Fix minor bug in autoscaler e2e cleanup

* kubeadm: Start using Tolerations in yaml code again

* Fix bug cluster-subnet logic

* Move go build to image-utils

* Bumped Heapster to v1.4.0

* Add OWNERS file to kubelet gpu package

* Use multiple clients in the density test

* Add retry to RC creation in autoscaler e2e

* Log the OS images used during cluster creation

* Fix Unstructured field accessor

* Add traceroute logging on connection failure

* Allow creating special node for heapster in GCE

* Allow log-dumping only N randomly-chosen nodes in the cluster

* Log get PVC/PV errors in MaxPD predicate only at high verbosity

* Add Google cloudkms dependency

* Add KUBE_GCE_API_ENDPOINT for GCE API endpoint config.

* Add Google cloudkms service to gce cloud provider

* [Federation] Convert the deployment controller to a sync controller.

* Write output into the correct dir

* Add node e2e tests for runAsUser

* Implement GetCapacity in container_manager_unsupported

* Used const variable in scheduler test.

* remove unused codes in loadSystemLanguage

* allow impersonate serviceaccount in cli

* Set a Quobyte quota for newly created volumes

* Partially revert \"Do not fire InsufficientResourceError when there are intentional reasons.\"

* fix #45780 slightly differently

* support NoExecute and NoSchedule taints correctly in DaemonSet controller

* Update addon-resizer version

* Fix removing finalizer for garbage collector

* remove useless argument \"name\"

* Update Quobyte API repo

* Make the Quota creation optional

* Update comment for garbagecollector

* Fix completions for --namespace to override flags

* Rename function to follow other similar functions

* Change KUBE_GCE_API_ENDPOINT to GCE_API_ENDPOINT

* Add configuration for swift container name

* Add unit test coverage for nvidiaGPUManager initialization

* testing fixed hack/verify-gofmt.sh and hack/verify-flags-underscore.py

* TestLoopbackHostPort should accept IPv6 loopback host

* Do not fail on error when deleting ingress

* add dockershim checkpoint node e2e test

* eliminate kubectl dependency on k8s.io/kubernetes/pkg/util

* move crlf to kubectl/util

* Cleanup lint errors in the pkg/kubelet/server/... directory

* Refactor unstructured converter

* remove useless check from impersonation filter

* Update CHANGELOG.md for v1.7.0.

* pull the release notes from k8s.io/features/release-1.7/release-notes-draft.md

* Remove duplicated line from ceph-secret-admin.yaml

* Fix share name generation in azure file provisioner.

* Fix broken mardown format in v1.7 CHANGELOG

* Added scale-down-to-0 e2e for cluster autoscaler

* HTTPExtender: shoud close resp.Body even when StatusCode not ok

* remove redundant alias

* Fix review comments - luxas, ixdy

* don\'t accept delete tokens that are waiting to be reaped

* Fix verify-golint

* Fix issue with not waiting for nodes to be fully schedulable during test cleanup

* Make cluster IP range an argument to ginkgo to fix firewall test

* kubeadm: Remove some old comments

* kubeadm: Remove old feature gates and unused functions

* Fix deleting empty monitors

* kubelet: remove unused bandwidth shaping teardown code

* kubelet: remove NET_PLUGIN_CAPABILITY_SHAPING

* Ensure get_password is accessing a file that exists.

* Add bazel build file

* Return a slightly more verbose error when \"go get\" fails.

* allow heapster clusterrole to see deployments

* set snat to false

* meta.EachListItem should support runtime.Unstructured

* Add testing manifests for (node upgrade) etcd test.

* Add (node upgrade) etcd test.

* move term to kubectl/util

* Add local volume bug to known issues

* update-bazel

* Updated OWNERS_ALIASES for scheduler, and added scheduler integration test owners.

* split util/slice

* Added case on \'terminated-but-not-yet-deleted\' for Admit.

* Fix kubectl describe for controllerRef

* Support completion for kubectl config delete-cluster

* Provide a way to setup the limit NO files for rkt Pods

* Add Cleanup section to apiextensions client-go

* Checked container spec when killing container.

* fix style of yaml and text

* Group and order imported packages.

* Updated comments of func in testapi.

* GuaranteedUpdate must write if stored data is not canonical

* Remove useless error

* Use helper to init ClusterIP and NodePort in Create of service

* Pass cluster name to Heapster with Stackdriver sink.

* add validate for advanced audit policy

* update events\' ResponseStatus at Metadata level

* Covert Stackdriver Logging load tests to soak tests

* Non leaders should overwrite any local copies of keys they have with what the leader has.

* Fix kubernetes charms not restarting services after snap upgrades

* Fix: namespace-create have kubectl in path

* remove tpr API access

* allow a deletestrategy to opt-out of GC

* make the panic handler first

* Fix charms leaving services running after unit removal

* configure kube-proxy to run with unset conntrack param when in lxc

* Remove unused sub-pkgs in pkg/util

* Fix lint errors of pkg/util/net/sets/ipnet.go

* Use the azure certificate password when decoding the certificate

* Fix 401/403 apiserver errors do not return \'Status\' objects

* \"rbd: image xxx is locked by other nodes\" is misleading

* remove unused function and variable from audit backend

* fix error type

* kubeadm: Move app/master into a separate phase directory

* kubeadm: Harmonize import names in the controlplane phase with all the other code

* fix test selector

* Fix secret/configmap/projected update tests to work for large clusters

* Add ability to enable patch conversion detector

* Introducing a cluster-scoped resource in the wardle.k8s.io group. The cluster scoped resource has a field that indicates Flunder.Names that are disallowed. The resource is going to be used by an admission plugin. The admission plugin will list the cluster-scope resources and check against banned names.

* Removed dependencies to testapi.

* Properly nest code blocks

* recheck pod volumes before marking pod as processed

* update test function calls

* fix the pr number

* Ensure namespace exists as part of RBAC reconciliation

* Factored out simulate from nodeShouldRunDaemonPod.

* Validated expected event numbers for damoncontroller test.

* Add a new default printer handler for HumanReadable

* Pods which exits and won\'t restart should not be in the Endpoints.NotReadyAddresses

* schduler: fix validation test

* Check if golint exists first in hack/verify-golint.sh

* fix-review

* Skip errors when unregistering juju kubernetes-workers

* Launch kubemark with an existing Kubemark Master

* Add a README to the pre-existing provdier

* Move test-webserver from contrib/for-demos to kubernetes/test/images

* Add a refreshing discovery client

* bulk delete of tpr packages

* Refactor cached discovery client

* Update CHANGELOG.md for v1.6.7.

* fix cross build for windows

* [e2e-ingress] Get node tags from instance under GKE

* Fix e2e_test.go

* expose lock release error from iptables util

* share iptables util client within kubenet

* Move the kubelet certificate management code into a single package

* Enable Service Affinity for OpenStack cloudprovider.

* Cleanup useless metrics.go for garbagecollector

* word spell error

* eliminate kubectl dependency on kubelet

* Fix Audit-ID header key

* Fix a dead link in cluster/update-storage-objects.sh

* Allows to use versions like 1.6.4 instead v1.6.4

* Add node-name flag to `join` phase

* Fix invalid Content-Type for 403 error

* Volunteer to help with OpenStack provider reviews

* Add initial support for the Azure instance metadata service.

* kubeadm: Make self-hosting work and split out to a phase

* kubeadm self-hosting: unit tests and bazel

* Update CockroachDB tag to v1.0.3

* Kubelet run() should accept partial KubeletDeps

* Add prometheus plugin on fluentd image.

* flush conntrack entry for udp service when # of backend changes from 0 to non-0

* refactor updateEndpointMap and updateServiceMap results

* fix unit tests

* Use network project id for firewall/route mgmt and zone listing

* Use API that utilizes networkProjectId

* follow our go code style: error->err

* Remove shouldAssignNodePorts logic in initNodePort; add test cases.

* update release notes for 1.7

* fix parse resource in setting selector

* run must output message on container error

* Use Secrets for files that self-hosted pods depend on

* Fix ClusterIP leak flake and potential NodePort leak

* Check opts of cloud config file

* remove useless code

* Fix subPath existence check to not follow symlink

* Move metrics_grabbert to test/e2e

* client-go: remove TPR example

* IPv6 support for getting IP from default route

* remove dead code

* Fix Stackdriver Logging e2e soak tests

* Changes for partial eviction flake

* Warn if aws has no cluster id provided

* proxy/userspace: honor listen IP address as host IP if given

* examples/volumes/flexvolume/nfs: check for jq and simplify quoting.

* Bump image version on makefile and DS.

* fed: Remove flakey and redundant replicaset unit test

* fed: Remove redundant replicaset e2e

* fed: Remove redundant deployment e2e tests

* godep-save.sh: add sanity checks

* Make kube-proxy\'s MetricsBindAddress configurable via flag

* Record 429 and timeout errors to prometheus

* Unify generic proxy code in apimachinery

* make externalAdmissionHookConfigurationManager distinguish API disabled error

* proxy/userspace: suppress \"LoadBalancerRR: Removing endpoints\" message

* Prepare to introduce websockets for exec and portforward

* move leaderelection package to client-go

* Move pkg/apimachinery/test to apimachinery

* add test resource carp and change name

* obvious fix

* let scheduler use client-go\'s client when initilaizer leaderelection

* update bazel

* support json output for log backend of advanced audit

* remove extra WriteHeader function

* Run verify-godeps.sh fully if hack/ dir changes

* Fix godep verify to use godep restore script

* audit: fix deepcopy registration

* apimachinery+apiserver: extract test types to work w/ deepcopy-gen

* Update generated files

* hack/OWNERS: add myself (sttts)

* bump rules_docker to pickup performance improvements

* fully implement kubeadm-phase-certs - stash

* apimachinery: remove unneeded GetObjectKind() impls

* Commit-1: Improved code coverage for equivalence cache.

* revert workaround in PR 46246 as APIs have been consistent

* use built-in path separator instead of hard coded

* Update heketi vendor dependencies.

* generated: bazel / godeps

* Move SPDY specific code into its own package

* Removed mesos as cloud provider from Kubernetes.

* Workaround tcpv4-only-systems connect issue in test

* amend the comment

* Removed old mesos deps.

* remove svg mime type extension

* godep-save.sh: add verbosity

* godep-save.sh: workaround broken vendor/github.com/docker/docker/project/CONTRIBUTING.md symlink

* Use glog.
*f when a format string is passed

* add a regression test for Audit-ID http header

* Fix function and type names in the comments

* glusterfs: retry without auto_unmount only when it\'s not supported

* Rackspace for cloud-controller-manager

* Remove dead code for OpenStack provider

* jsonpath filter: allow intermediate missing keys

* Added pod evictors for new zone.

* Bump event-exporter version

* Setting default FlexVolume driver directory on COS images.

* Adds statefulset replicated sql upgrade test. Relies on image code that lives elsewhere.

* Name change: s/timstclair/tallclair/

* Allow missing NETWORK_PROJECT_ID env var

* Begin polling for bootstrap cluster info immediately.

* Fix issue when setting fileysystem capacity in container manager

* dockershim: clean up unused security context code

* Improve node restriction message

* squash the commits into one

* Workaround docker-wait freeze with 17.06.0

* Fix flaky test Test_Run_OneVolumeAttachAndDetachMultipleNodesWithReadWriteMany

* controller: cleanup complete deployments only

* Update labels.yaml

* Add generated clients. modify codegen script to make modification easier and to allow it to work from the root of the sample server.

* Fixes bind-mount teardown failure with non-mount point Local volumes

* Use Container-optimzed OS images for node

* Update NODE_OS_DISTRIBUTION from debian to gci

* Leave the test jobs running on CVM after all.

* Leave testing on CVM by default

* Correctly filter terminated pods in kubectl

* Helper methods dealing with ControllerRef

* integration-tests: remove unneeded post hook wait workaround

* kube-apiserver: make apiserver chain testable

* kube-apiserver: add integration test with real Run() func

* Removed mesos flags from known-flags.txt.

* Improved code coverage for pkg/kubelet/types/pod_update

* fix pdb validation bug on spec

* Fix panic of DeleteRoute()

* Move performance tests to test/e2e/scalability subdirectory

* Implement kubectl describe

* Add node-name flag to `init` phase

* Enable logexporter mechanism to dump logs from k8s nodes to GCS directly

* Update godeps.

* Bazel files.

* Add in build files.

* Code updates for new SDK.

* update bazel and godep after rebase.

* Change fluentd-gcp monitoring to use metrics exposed by SD plugin

* cmd/version: refactor to use the -Options pattern

* mountpath should be absolute

* maxinflight handler should let panicrecovery handler call NewLogged

* Move kubectl e2e tests to their own directory and prefix the test names with [sig-cli]

* Change the default kubeadm bootstrap token TTL to 24 hours.

* Make storage e2e tests start with [sig-storage] instead of [k8s.io].

* Remove volume tags.

* Change [Volume] tags to [sig-storage].

* Move empty_dir_wrapper.go into the storage directory.

* scheduler e2e: make container name shorter

* vSphere for cloud-controller-manager

* Fix typo

* Add test for kubectl resource filter.

* kubeadm: Start to remove old envparams

* support GCE alpha beta API override

* pull compute alpha api client

* fed: Replace NamespacedName for namespace sync compatibility

* fed: Provide client config to adapter factory

* fed: Move namespace propagation to the sync controller

* Moving disruption controller e2es to workload/

* Add test image name to the OS image field of the perf metrics

* Allow verify-sh to run in SILENT mode.

* use overrided api endpoint in gce cloud provider

* Add quick-verify make rule.

* add [sig-apps] prefix to workload e2e tests

* add [sig-apps] identifier to relevant upgrade tests

* add testmain setup func to the integration framework

* use testmain in integration tests

* add make bazel-test-integration target

* Changes for converting node to v1 in drain

* Update CHANGELOG.md for v1.8.0-alpha.2.

* Remove address getter from CreateAddress(Region and Global)

* Delete reduandant
*

* Correct the comment in PSP examples.

* Fixed cluster validation for multizonal clusters.

* Add e2e test for readOnlyRootFilesystem containers

* add more logs for debugging to autoscaling tests

* remove error since err is always nil

* use v1.ResourcePods instead of hard coding \'pods\'

* Added localPV e2e tests with two pods and refactored existing tests

* Fix parsing empty CIDR

* Fix the order of deletion

* Set default snap channel on charms to 1.7 stable

* Add current members of autoscaling teams to autoscaling tests OWNERS

* Added `CriticalAddonsOnly` toleration for npd.

* Revert \"Merge pull request #48560 from nicksardo/gce-network-project\"

* fed: Enable the namespace controller in integration tests

* remove some people from OWNERS so they don\'t get reviews anymore

* Do not persist SelfLink into etcd storage

* Fix issues for local storage allocatable feature

* Add cos-beta-60-9592-52-0 to benchmark tests

* Add known GCE issue for 1.7.0

* Support IPv6 addresses for getListener()

* Updates Docker Engine API

* update verify-staging-imports.sh

* client-go: add canonical import comment

* replace hardcoded use of \"kubectl\" in apply warning msg

* move sig-apps upgrade tests to its directory

* fix gce cloud provider projects api

* azure: msi: add managed identity field, logic

* azure: refactor azure.go to make auth reusable

* azure: acr docker cred provider reuses auth

* add pkg/credentailprovider/azure to hack/.linted_packages

* Update dependencies

* Log error when fail to execute command in with-retry()

* Import kubectl tests in e2e_test.go so they start running.

* add approvers to pkg/controller/garbagecollector

* kubeadm: fix broken `kubeadm init --config` flag.

* remove apimachinery\'s dependency on k8s.io/api

* Correcting two spelling mistakes Reustable->Reusable adversly->adversely

* Update CHANGELOG.md for v1.7.1.

* Add Azure managed disk support

* Adopt debian-base as baseimage

* remove duplicated word file in error

* Use go-ansiterm version matching docker/pkg/term/windows v1.11

* Remove max-pods density test

* Fix typo in ExecCommandParam

* Log error when failed to renew lease.

* add redirect notice in all readme files

* kubeadm: add a warning about the default token TTL changing in 1.8

* Supports customized system spec in the node conformance test and creates the GKE system spec

* Fix comments and typo in the error message.

* use port configuration

* [Federation] Handle federation up timeouts

* Use local PX endpoint for mount, unmount, detach and attach calls

* Fix logging levels in Portworx volume driver and add doc for getPortworxDriver function

* Add more detailed comment for localOnly flag in getPortworxDriver function

* no warning event on dns search deduplication

* add fc volume attacher

* Move api-machinery related e2e tests to a \'api-machinery\' e2e test subdirectory.

* Use $(location) to find generated output paths.

* VirtualMachinesClient.Get backoff in lb pool logic

* backing off az.getIPForMachine in az.NodeAddresses

* Revert \"Use go-ansiterm version matching docker/pkg/term/windows v1.11\"

* Fix compilation failure in dockershim for windows

* Added logging to AWS api calls. #46969

* Mark sig-scheduling tests with [sig-scheduling] so they can be selected for the testdash dashboard.

* Allow setting service account with kubectl run

* Never prevent deletion of resources as part of namespace lifecycle

* Fix tls config copy in dial test

* do not close os.Stdin manually

* Further removal of Gets from Creates

* Renamed nodeutil to v1node.

* Sig-instrumentation e2e tests refactoring

* Remove use of (Label|Field)SelectorParam

* Remove \"special\" restclient parameters

* Remove Kube specific api constructs from restclient

* log node-problem-detector

* github.com/stretchr/testify - main desired update. Old version has bugs.

* Explicitly set --cluster-ip-range --clean-start --minStartupPods

* Move seccomp from anntations to security context

* Run hack/update-generated-runtime.sh

* fix sort-by output problem

* Use const value maxPriority instead of immediate value 10

* hpa: Prevent scaling below MinReplicas if desiredReplicas is zero

* Add test for kube-proxy running with \"--cleanup-iptables=true\"

* forget pod first after bind failed

* Fix condition in autoscaler e2e

* PV controller: resync informers manually

* kubeadm: Remove the old KubernetesDir envparam

* Reduce SD Logging soak test duration & fix problem with multiple nodes

* Group every two services into one in load test

* Update yaml and json with multi arch test images

* Create 64-core masters for huge clusters

* Added comments on not set node network/inode condition to unknown.

* iptables_test should not run on OSX or Windows

* minor adjustments in the sample apiserver around resource creation.

* prevent unsetting of nonexistent previous port in kubeapi-load-balancer charm

* Sanitize test names before using them as namespaces

* Fix if condition in cluster/log-dump/log-dump.sh

* check for negative index values

* kubeadm: Make kube-proxy tolerate the uninitialized cloud taint

* Export BaseControllerRefManager

* Update some tests to fall back to InternalIP if ExternalIP isn\'t set

* Make sure that image tags contain only allowed characters.

* cluster/gke: If NODE_INSTANCE_GROUP is set, don\'t execute any bash

* Invert .linted_packages into .golint_failures.

* Scripted migration from clientset_generated to client-go.

* Manual changes.

* Migrate api.Scheme to scheme.Scheme

* Migrate api.Registry to testapi.Groups in tests.

* manual changes

* import all types for controller manager

* update-bazel.sh

* bootstrap token auth: don\'t accept deleted tokens

* api types: fix protobuf names that are different from JSON name

* generated

* Add cos-beta-60-9592-52-0 to the benchmark tests

* Test Ubuntu image using GKE image spec

* Always use gcr.io/google_containers for side-loaded Docker images

* Improve the warning message if the rbd command is not found.

* correcting spell mistake

* fix NamespaceLifecycle admission

* adding validations on kube-apiserver audit log options

* Make \"kubectl version\" json output more readable.

* Shared Informer Run blocks until all goroutines finish

* Improve Start functions

* Refactor Start functions into an object

* use https to check healthz in hack/local-up-cluster.sh

* cleanup the conversion of ObjectReference

* OpenAPI bug: Array/Map Ptr Elements\' handing was incorrect

* bump(k8s.io/gengo): 712a17394a0980fabbcf3d968972e185d80c0fa4

* update golang version to go1.8

* Refactor: pkg/util into sub-pkgs

* deepcopy: add interface deepcopy funcs

* deepcopy: misc fixes for static deepcopy compilation

* deepcopy: run deepcopy-gen in client-go

* staging/copy.sh: don\'t strip tags anymore with k8s.io/api

* Update generated code

* Add customresourcedefinition and its shortcut in \"kubectl get\"

* kubeadm: Split out markmaster to its own phase

* k8s.io/metrics: restrict k8s.io/metrics imports

* update-staging-godeps: do not exclude k8s.io/metrics

* Cleanup usage of cmd/kubeadm/app/images in addons

* Added delaying deliverer to retry ensureDNSRecords

* Auto generated files

* add InstanceID to fake cadvisor (used in Kubemark)

* Fix health check node port test flake

* Make sure the previous symlink file is deleted before trying to create a new one.

* Add approvers to owners file for hpa

* Fix findmnt parsing in containerized kubelet

* Remove affinity annotations leftover

* Restore cAdvisor prometheus metrics to the main port

* Add extra logging to azure API calls

* This patch add new storage class parameter called `volumeoptions` which can be used to set various volume options. for eg# if you want to enable encryption on volumes, the values like `client.ssl on`, `server.ssl on`..etc can be passed to `volumeoptions` parameter in storageclass.

* [Federation] Make arguments to scheduling type adapter methods generic

* gce: don\'t add kubelet bearer token to known tokens

* Update factory.go informers to update equivalence cache

* Protect against nil panic in apply

* Update generated bazel

* Tolerate a missing MasterName (for GKE)

* add svc and netpol to discovery

* expose RegisterAllAdmissionPlugins so that admission chains can be built reused

* Move GPU e2e tests under owning SIG.

* add a union category expander

* make sure that the template param is the right type before using it

* Modify podpreset lister to use correct namespace

* expose method to allow externally setting defaults on an external type

* Flag support in kubectl plugins

* Add utility function to install go package at a particular commit

* Switch from gazel to kazel, and move kazelcfg into build/root

* update cli owner

* kubectl/deployment: add BaseDeploymentGenerator to reduce duplication

* move admission/v1alpha1 to k8s.io/api

* Move pkg/api/v1/ref -> client-go/tools/reference

* IPv6 support for ChooseHostInterface (part 3 of 3)

* Pass logexporter config through e2e framework

* aggr: don\'t write empty CA files

* generated

* azure: acr: support auth to preview ACR w/ MSI+AAD

* gce: make some global variables local

*
*: remove --insecure-allow-any-token option

* gce: don\'t print every file in mounter to stdout

* Add PriorityClass API

* addressed reviewer comments

* autogenerated files

* volume i/o tests for storage plugins

* Add AzureFile,Flex,Flocker volume source to describe printer.

* Added golint check for pkg/kubelet.

* # This is a combination of 2 commits. # The first commit\'s message is:

* Build files generated

* Add seccomp profile in sandbox security context

* Set default CIDR to /16

* Fix the Azure file to work within different cloud environments

* Add the azure cloud provider dependency to azure file plugin

* Fall back on Azure public cloud endpoint when no Azure cloud provider is found

* Fix comment to conform to golint

* Restrict the dir and file permissions of the mounted volume

* Add tests for other cloud providers

* Add the fake cloud provider to azure file build

* Remove unused import after rebase

* Remove clientset from azure file test build

* Support \"fstype\" parameter in dynamically provisioned PVs

* Rev Calico\'s Typha daemon to v0.2.3 in add-on deployment.

* Allow to override build date

* check for nil value in interface for proxier health

* If the init fails for whatever reason, plugin is nil and cannot be used.

* fix leader-elect-resource-lock\'s description

* add test case for pdb printer

* remove redundant param in e2e_node/remote

* Fix too extensive logging in Stackdriver Logging e2e tests

* Add more logging to PD node delete test

* Bump rescheduler version to v0.3.1

* [Federation] Update to enable all apis in integration tests

* [Federation] Update to enable all apis in e2e tests

* Fix test

* add some more deprecation warnings to cluster

* fixit: break sig-cluster-lifecycle tests into subpackage

* Restrict the visibility of two packages in pkg/client/

* test/OWNERS: add zmerlynn

* tighten quota controller interface

* Remove deprecated cluster/log-dump.sh

* use informers for quota evaluation of core resources where possible

* Fix up imds, also refactor for better testing.

* Tolerate Flavor information for computing instance type

* glbc: change the label of the l7-lb-controller pod

* Refactoring taints to reduce sprawl

* Build files generated

* Respect KUBE_BUILD_PLATFORMS set by user

* Check whether NODE_LOCAL_SSDS=0 and handle this case appropriately.

* Remove hostname label condition in SchedulerPredicates

* bump(github.com/coreos/go-oidc): a4973d9a4225417aecf5d450a9522f00c1f7130f

* Updating staging Godeps

* Update wordpress to 4.8.0

* Fix on-premises term in error string and comments

* reenable garbage collector e2e tests

* Move e2e dependent images from kubernetes/kubernetes.github.io repo

* remove types.generated.go generated for internal API types

* Move cmd/libs/go2idl/
* to staging/src/k8s.io/kube-gen/cmd

* Fixup go2idl references

* Make staging hack/update-codec.sh scripts relocatable and kube independent

* Update godeps

* Can not set struct pointer directly to interface(kubelet panic)

* fix the typo of Kubernetes Worker

* [e2e] Also verify content returned by kube-proxy healthz server

* remove duplicated bug-fix item

* make default values as const vars

* Simplify master-worker relation missing message

* fix bug when azure cloud provider configuration file is not specified

* bump(golang.org/x/sys): 7a4fde3fda8ef580a89dbae8138c26041be14299

* Remove myself from a bunch of places

* Unify fuzzers and roundtrip tests

* fix mutation in statefulset sync

* fix typo

* kubelet: remove code for handling old pod/containers paths.

* Don\'t fail fast if LoadBalancer section is missing

* Update status to show failing services.

* Fix master disk size variable usage

* Fix bug with sed in log-dump script

* ParseEncryptionConfiguration: simplify code.

* add e2e tests for bootstrap signer

* add e2e for bootstrap token cleaner

* add integration testing for bootstrap token auth

* update-codecgen.sh: add staging dir support to tsort logic

* allow exceptions to be specified to handle conflicting group and resourc enames

* fuzzer: remove unreachable code

* Add yujuhong to test/e2e_node/OWNERS

* kubeadm: Make the hostPath volume mount code more secure

* Make NodeRestriction admission allow evictions for bounded pods

* Add new API version apps/v1beta2

* Don\'t enable apps/v1beta2 by default

* Mark apps/v1beta2 as WIP in types.go

* The `backup-volfile-servers` mount option allows to specify more than one server to be contacted in single mount command. With this option in place, it is not required to iterate over all the servers in the addrlist. A mount attempt with this option will fetch all the servers mentioned in the list, Reference # https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html/Administration_Guide/sect-Native_Client.html

* update import

* update godep

* fix golint

* Cleanup storage e2e test names by removing redundant [sig-storage] tags and [Volume] tags

* Use custom port for node-problem-detector

* Avoid looking up instance id until we need it

* Enable RBAC by default in hack/local-up-cluster.sh

* remove deprecated flags LowDiskSpaceThresholdMB and OutOfDiskTransitionFrequency

* kubeadm: don\'t customize etcd selinux label

* Use AppsV1beta1 instead of Apps clienset

* Fix golint failures by skipping auto-generated codes

* Mark apps/v1beta2 runtime Objects for code-gen

* Autogen

* Added utility functions for scheduler integration testing and cleaned up scheduler_test.go

* Converted a couple of e2e priority tests to integration tests.

* Deleted the converted e2e tests

* update bazel

* Addressed reviewer comments

* update things

* Do not allow vendored code to import staging code

* Fix network/subnet url logic

* Add project to pd delete node gcloud command

* Bump up minNodesHealthCheckVersion in gce_healthcheck due to known issues

* Fix issue in installing containerized mounter

* Fix TODO: rename podInfraContainerID to podSandboxID

* Move event type

* Auto-calculate master disk and root disk sizes in GCE

* Reduce hollow proxy mem/node

* SetNewReplicaSetAnnotations() should compare revisions as numbers than strings

* Add UT and upgrade this test suite with go sub-test

* remove unused function

* fix invalid issue link on api conversion

* Review Comments

* [trival] fix typo

* add namespace for describe pdb

* Explicitly use Core() client when creating eventClint

* Do not try to restart services

* switch from package syscall to x/sys/unix

* Use Eventfd() from x/sys/unix

* Fix: PV metric is not namespaced

* Update CHANGELOG.md for v1.7.2.

* Pass clientset\'s Interface to CreateScheduler.

* Add client side event rate limiting

* add cronjobs to all

* Use specified ServerName in aggregator TLS validation

* more robust stat handling from ceph df output

* rate limiting should not affect system masters

* Update cos-dev image in benchmark tests to cos-dev-61-9759-0-0

* copy OWNERS to k8s.io/api

* [client-go] Add dynamic.Interface

* fix race in proxy unit test

* Update to version gate CRDs to 1.7 and greater

* Fix unstructured marshaler to handle all JSON types

* generate clientset, external listers, and external informers to client-go directly

* fixed conflict resolution behavior while apply podpresets

* remove external clientset, listers, informers from kubernetes

* remove update-staging-client-go.sh. Note that client-go/pkg/version is copied from kubernetes

* move clientset\'s import_known_versions.go to kube-controller-manager

* update README.md

* Fix duplication in scheduler.

* rename pkg/api/v1/builder.go to register.go to be consistent with others

* generated innocuous change

* Fix controller crash because of nil volume spec

* Change e2e-framework behavior to retry retriable API errors

* Use absolute path when updating staging godeps

* Move Godeps.json into correct path for metrics and kube-gen

* Add Readme files to staging Godeps

* Garbage collector e2e tests create deployments with unique labels, and unique podTemplate

* squash the commits into one

* Delete redundant err definition

* Rename test dir to allude sig-apps ownership

* Moves networking e2e tests to test/e2e/network

* Do not spin forever if kubectl drain races with other removal

* fix f.Errorf

* fix para

* Use a client interface instead of a concrete type

* Add node e2e tests for GKE environment

* statefulset_expansion.go delete ps define

* Fixed glusterfs mount options

* apimachinery: fail early with deepcopy problems during roundtrip tests

* hack/update-staging-godep.sh: check for staging repos in GOPATH

* continue Fix error format and info for get_test.go

* Fix ha_master tests

* Allow unmounting bind-mounted directories.

* Set external hostname in local-up-cluster

* tune iscsi and fc volume owner

* Fix bug in command retrying in kubemark

* allowPrivilegeEscalation: modify api types & add functionality

* allowPrivilegeEscalation: apply to correct docker api versions

* test/images: add no_new_privs test container

* allowPrivilegeEscalation: add integration test with setuid binary

* StatefulSet: Stop using `initialized` annotation in e2e tests.

* StatefulSet: Remove `pod.alpha.kubernetes.io/initialized` annotation.

* allowPrivilegeEscalation: update docs

* allowPrivilegeEscalation: update code generation

* Add ubuntu to gluster and nfs tests

* Providing kubeconfig file is now the switch for standalone mode

* increate GC orphan test timeout

* Add some logs to certificate rotation

* [client-go] Add fake dynamic Client/ClientPool

* kubeadm: Make sure --config can be mixed with --skip-
* flags

* unify tag syntax for genclient tags and add onlyVerbs and skipVerbs

* update tags in types for new genclient syntax

* regenerate clients to pickup updated genclient:noStatus comment

* update staging clients

* Added sig-storage labels to upgrade tests and moved them to appropriate directory

* regenerate clients

* let garbage collector send orphaning patches in parallel

* Test GCE ILB functionality

* Add Service table printer

* Fix Operation names for subresources

* Update swagger and OpenAPI spec

* Implement Envelope encryption Transformer

* Add unit tests for envelope transformer

* Add benchmarks for envelope transformer

* Add [sig-network] prefix to network e2e tests

* remove duplicated import and wrong alias name of api package

* Add ingress table printer

* Expose Informer constructors

* Re-generate informers

* Fix make help

* Add statefulset table printer

* Add Endpoint table printer

* Add Node table printer

* set default adminid for rbd deleter

* update json-patch to fix nil value issue when creating mergepatch

* update related files

* Added node taints labels.

* add namespace test

* use demorgans to make startRouteController implementation more readable

* Add shiywang to sig-cli help out review code

* Update maintainers for Juju charm layers

* Enhance scheduler cache unit tests to cover OIR in pod spec

* Change pod config to manifest

* Change log level for pod manifest

* remove deads2k from volume reviewer

* add reflector metrics

* Fix bug in cluster/log-dump and add OWNERS file

* Log abridged set of rules at v2 in kube-proxy on error

* kube-apiserver: add CRD initializer test

* Use case-insensitive header keys for `--requestheader-group-headers`.

* apimachinery: fix meta/v1alpha1.Table deepcopy

* Add sig-testing OWNERS_ALIASES

* openapi: refactor into more generic structure

* DS: add to v1beta2/types.go

* DS: added v1beta2/defaults

* DS: added unversioned type apps.DaemonSet and validation

* DS: Add conversion functions

* DS: changes to server and storage

* DS: kubectl changes

* DS: RBAC changes

* Bump required golang version to 1.8

* Add jq and remove godep from kube-cross

* rsync git directories into kube-build

* Simplify output of ensure_godep_version

* Log times to restore godeps

* Dockerize update-staging-godeps

* DS: Api Machinery Fixes

* DS: autogen

* DNS name error message improvement

* Add ext4 and xfs tests to GCE PD basic mount tests

* Updates godep for etcd-client to 3.1.10.

* Move cmd/kubelet/app/bootstrap.go to a kubelet subpackage

* Move client cert bootstrap to a kubelet package

* Rebase hyperkube image on debian-hyperkube-base, based on debian-base.

* move sig-node related e2e tests to node subdir

* skip downloading and extracting tarballs and docker images when they are preloaded.

* Replace duplicate cAdvisor Mock chain code with function

* Converted usage of federation internal clientset to versioned clientset

* Stop generating federation internal clientset

* When faild create pod sandbox record event.

* Remove federation internal clienset

* Auto generated files

* improve log for pod deletion poll loop

* compact rules which has the same ResourceName

* validate cadvisor rootpath

* change Errorf to Error when no printer format

* simplify if and else for code

* enhance kubectl run error message

* remove redundant comment

* add daemonset to all categories

* add empty lines to separate unimplemented elements

* replicaset fix typo

* update auto-gen

* Better message if we dont find appropriate BlockStorage API

* Cassandra example, use nodetool drain in preStop

* use the core client with version

* Fix registered ownerName in prometheus

* Run mount in its own systemd scope.

* Add termination gracePeriod

* Update vendor of gopkg.in/gcfg from v1 to v1.2.0

* Wrap gce.conf parse with FatalOnly error filter

* Adding metrics support to local volume

* Bump ReplicaSet to apps/v1beta2

* Fix ReplicaSet federation e2e test: use explicit cluster.ReplicaSets

* Remove default binding of system:node role to system:nodes group

* adds an admission plugin initializer to the sample apiserver. the plugin initializer is going to be used by an admission plugin that will use generated informers/listers to list the cluster-scoped resources.

* Autogen

* StatefulSet: Remove `initialized` annotation from apps/v1beta2.

* Move the audit e2e test out of the node SIG

* Unit test unknown value in config

* make admission tolerate object without objectmeta for errors

* Fixes bug where the network used in the cloud provider was not taken from the /etc/gce.conf configuration.

* make it possible to allow discovery errors for controllers

* Adding unit test for ensureStaticIP

* Check volumespec is nil in FindPluginBySpec

* Add OWNERS file for Calico add-on

* Replace duplicate pod status code with function

* Fix log-dump script wrt logexporter

* improve detectability of deleted pods

* FC volume plugin: remove unmount of global mount

* Add inter-pod-affinity integration tests and remove corresponding e2e tests

* fix arg type error in printf

* Use MetricsStatsFs to expose RBD volume plugin metrics.

* Add apiserver metric for response sizes split by namespace scope

* Reduce GC e2e test flakiness

* Adding old juju maintainers

* set k8s master charm state to blocked if the services appear to be failing

* Fix some typos

* fix apps DeploymentSpec conversion issue

* Display list of failed tests to the user

* reverting deprecatin of vcenter port

* kubeadm: use kubelet bootstrap instead of reimplementing

* skip WaitForAttachAndMount for terminated pods in syncPod

* Azure: Allow VNet to be in a separate Resource Group

* StatefulSetReaper#Stop: use the timeout we calculate

* fix the typo of intializing

* Pod affinity test clean up as AffinitInAnnotation is removed.

* cloudprovider/photon: remove unneeded bash exec

* Volunteer to review Cinder related code

* Lowercases hostname for kubeadm cert slice

* Supply Portworx StorageClass paramters in volume spec labels for server-side processing

* Add comment for parameter parsing logic in Portworx volume create

* update the link to client-gen doc

* Add priority admission controller

* squash the commits into one

* revert most of the changes, add comments

* Emit event and retry when fail to start healthz server on kube-proxy.

* Don\'t use cacher if uninitialized

* Revert \"Remove old node role label that is not used by kubeadm\"

* Remove blank lines-review comments

* add podsecuritypolicy in kubectl describe command

* Add waitForFailure for e2e test framework

* Fix the matching rule of instance ProviderID

* Add a support for GKE regional clusters in e2e tests.

* Move ResourceQuota plugin at the end of the admission plugin chain.

* Fix crd delete nil pointer

* Enable garbage collection of custom resources

* Log attach detach controller skipping pods at higher priority

* Add conversion-gen between extensions and apps

* remove useless conversion-gen tags

* Autogen

* We never want to modify the globally defined SG

* Add admission controller API to config and externalize ADMISSION_CONTROL

* Enable node authorizer in local-up-cluster

* conversion-gen: support recursive types

* Relax restrictions on environment variable names.

* Fix bug and add log statements to log-dump script

* Revert \"Aggregate OpenAPI specs\"

* Revert \"Separate Build and Serving parts of OpenAPI spec handler\"

* Add KMS plugin registry

* Add unit tests for KMS transformer initialization

* Add cloudprovidedkms provider support

* Emit event when failed to create route

* Update generic errors with the new http package codes

* Report non-resource URLs in max-in-flight correctly

* Timeout filter returns 504 and an inconsistent error body

* Return a status cause for disruption budget that contains more details

* generated: bazel

* SuggestClientDelay is not about retrying, clarify message and header

* Filter duplicate ips or hostnames for ingress

* rename this file to delete.go to avoid confusion

* fix missing verb at end of format string

* Add test items for job utils

* Renamed packge name to apiv1

* fix swallowed error in kubectl rolling_updater

* send volumesInUse sorted in node status updates

* update dashboard image version

* fix error message for cronjob

* add label examples for kubectl run

* amend the message

* fix spelling

* adding kube-apiserver starting option tests

* refactor capabilities to a singleton struct

* Reduce kubectl calls from O(#nodes) to O(1) in cluster logdump

* Added taints node by condition feature flag.

* Add parallelism to GCE cluster upgrade

* Renamed zoneNotReadyOrUnreachableTainer to zoneNoExecuteTainer.

* Renamed doTaintingPass to doNoExecuteTaintingPass.

* Add KUBE_COVER help to \"make test\"

* Make \"kubeadm version\" json format output more readable.

* Fix issue: https://github.com/kubernetes/kubernetes/issues/49728 Let user choose ADVERTISE_ADDRESS in case the apiserver heuristic for the external address is broken

* Fix a bug that --flag=val causes completion error in zsh

* Add missing ugorji codecs for auth/v1, settings/v1alphav1 and storage/v1

* bump(k8s.io/gengo): 9e661e9308f078838e266cca1c673922088c0ea4

* update generated deepcopy code

* Fix initial exec terminal dimensions

* autogenerated files

* Refactor logging e2e tests, add new checks

* ignore udp metrics in k8s

* kubeadm: make rpm use --bootstrap-kubeadm

* Set default vmodule flag in integration tests

* [addon-manager] Remove unneeded annotation codes

* Fixes kubernetes/kubeadm#347

* set nodeOODCondition

* Fix usage a make(struct, len()) followed by append()

* kubectl: deploy generators don\'t need to impl Generator iface

* bump(github.com/googleapis/gnostic):0c5108395e2de

* FC volume plugin: remove block device at DetachDisk

* Use --sandbox_fake_username with bazel build

* gce: make append_or_replace.. atomic

* gce: extend CLOBBER_CONFIG to support known_tokens.csv

* Add clusterroles for approving CSRs easily

* ScaleIO Volume Plugin - volume attribute updates

* Fix indent of ginkgo-e2e.sh

* generated: clarification on RetryAfterSeconds field

* refactor function is-preloaded in configure.sh

* fix alpha/beta endpoint when api endpoint is specified

* metadata improvements.

* Update images used in the node e2e benchmark tests

* If err does not add continue, type conversion will be error. If do not add continue, pod. (
* V1.Pod) may cause panic to run.

* Add basic local volume provisioner e2e tests

* add UpdateContainerResources function to CRI

* fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go

* fix winspace wrong comment message

* Validate if service has duplicate port

* Add e2e test for privileged containers

* Allow mode in e2e-framework to gather metrics only from master

* Update Godeps to use kube-openapi

* Update main repo references to new kube-openapi repo

* Aggregate OpenAPI spec

* Update Bazel

* Update OpenAPI spec

* Delete redundant print \'got:\'

* Add [sig-autoscaling] prefix to autoscaling e2e tests

* Add gmarek to hack/ OWNERS

* Multiarch nonewprivs test image

* Update the DeleteReplicaSet in rs_util.go to use server side reaper

* Allow configuration of logrorate in GCE

* adds an admission plugin to the sample apiserver. the admission plugin checks whether Flunder.Name is not on the banned list. including a unit test with various test scenarios.

* Fix duplicate metrics collector registration attempted error

* Don\'t stop log-dumping if logexporter fails

* Allow update to GC fields for RBAC resources

* GC shouldn\'t send empty patch

* This adds an etcd health check endpoint to kube-apiserver addressing https://github.com/kubernetes/kubernetes/issues/48215.

* cmd/explain: make \'recursive\' local var (not global)

* certificate manager: close existing client conns once cert rotates

* generated:

* increate gc e2e test timeout

* fix example apiservice.yaml to add groupPriorityMinimum and versionPriority

* rename OWNER to OWNERS

* Increase default value of DeploymentSpec.RevisionHistoryLimit to 10

* auto-gen

* Rename e2e sig framework files

* Fix Getpath() description

* Correctly handle empty watch event cache

* update submit-queue URL in README.md

* Add [sig-scalability] prefix to scalability e2e tests

* Bugfix: verify-no-vendor-cycles.sh detects wrong cycles

* Have a uniform format for filenames across controllers

* change the StatefulSet observedGeneration from a pointer to an int for consistency

* auto-gen

* Remove deprecated kubectl command aliases

* Improve shared informer notification dispatching

* fed/clustercontroller: fix race when updating data

* remove dead log handler and increase verbosity

* Enabled SD monitoring e2e tests on GCE

* Do not allow empty topology key for pod affinities.

* Remove extraneous white space

* Add missing UID in SubjectAccessReviewSpec

* create default storage selection functions

* Add --feature-gate flags to kubeadm

* VCLib Package - A common framework using by vsphere cloud provider for managing all vsphere entities

* vSphere Cloud Provider code refactoring

* e2e test changes

* Move left networking e2e tests to test/e2e/network

* cleanup dead installer code

* client-gen: don\'t return a nil client interface value

* generated

* Add cblecker to hack/ approvers

* Upgrade Elasticsearch/Kibana to 5.5.1 and use official Kibana image

* Update repo-infra and rules_go Bazel workspace dependencies

* Fail on swap enabled and deprecate experimental-fail-swap-on flag

* Fix premature return

* AttachDisk should not call detach inside of Cinder volume provider

* Fix typo in test/images/port-forward-tester/Makefile

* Adding cassandra test server manifests.

* Correctly cast port to string

* fix typo

* Update kazel to include kubernetes/repo-infra#21

* Update kazelcfg to kazel everything

* Make hack/boilerplate/test files use a more appropriate package name

* Run hack/update-bazel.sh to generate BUILD files

* Fix BUILD files

* remove temporary file after apt-get install

* Fix incorrect owner in OWNERS

* Remove [k8s.io] tag and redundant [sig-storage] tags from tests

* Do not try run preStop hook when the gracePeriod is 0 Add UT for lifeCycle hooks

* Add Event table printer

* Add namespace table printer

* Add secret table printer

* Add serviceAccount table printer

* Add persistentVolume table printer

* Add persistentVolumeClaim table printer

* Add componentStatus table printer

* Add table printer for 3rdpartyResource and deployment

* Add table printer for hpa

* Add table printer for configMap

* Add table printer for psp

* Add table printer for cluster

* Add table printer for rolebinding clusterRoleBinding

* Add table printer for csr

* Add some more table printer

* fix secret printer

* address comments

* Fix pointer bug in local volume e2e test

* add possibility to use multiple floating pools

* Fix comment of request.go

* Remove traces of go2idl

* Moved node condition check into Predicats.

* Fix comment of isHTTPSURL

* Remove 0,1,3 from rand.String, to avoid \'bad words\'

* Enable overriding fluentd resources in GCP

* Update CHANGELOG.md for v1.7.3.

* Allow for some pods not to get scheduled in CA tests.

* Fix etcd migration for HA clusters

* Remove v2 data when upgrading to 3.1.
* version

* add fieldSelector podIP

* Explicitly use Core client as EventClient in hollow node

* UTs for pkg/kubectl generate_test.go

* apiextensions: fix panix with KUBE_API_VERSIONS set

* Cover get equivalence cache in core

* Update generated files

* Bump GLBC version to 0.9.6

* fix data race in storage (during addition)

* Remove failure check from deployment controller

* Adding IPv6 to cidr_set and cidr_set_test

* Adding cassandra test.

* Update OWNERS files for networking components

* Add kube-proxy change notice to v1.7.3 release note

* Added field CollisionCount to StatefulSetStatus

* Update CHANGELOG.md for v1.6.8.

* Move remaining cert helper functions to client-go/util/cert - Move public key functions to client-go/util/cert - Move pki file helper functions to client-go/util/cert - Standardize on certutil package alias - Update dependencies to client-go/util/cert

* fix outofdisk condition not reported

* Fix incorrect call to \'bind\' in scheduler

* Let controllers ignore initialization timeout error when creating a pod.

* support multiple ec2 ips in aws provider

* increase the GC e2e test timeout because the API re-discovery increases the latency

* Return Audit-Id http header for trouble shooting

* Removed un-used InodePressure condition.

* validate token length in tokenReview

* Display healthcheck nodeport and other fields in describe service

* kube-gen: move client-gen tests into test dir

* kube-gen: fixup moved tests

* verify-staging-import: ignore k8s.io/kube-gen/test

* kube-gen: cut off protobuf-gen from apimachinery

* kube-gen: cut off conversion-gen from k8s.io/apimachinery

* kube-gen: unify update-codecgen.sh scripts

* Update generated files

* fix typos in federation-controller

* Update OWNERS to correct members\' handles.

* codegen: skip generation of informers and listers on resources with missing verbs

* Don\'t expect internal clientset to be generated for groups without new types

* Add metav1.MicroTime to exceptions in tag tests

* Add MicroTime to DeepEquals overrides

* Fix swallowed errors in RS and deployment tests

* Add e2e test for cronjob chained removal

* Add basic install and mount flexvolumes e2e tests

* Move proxy code to its own package

* Ensure proxy server code is logically distinct

* Allow the UpgradeAwareProxy to have an upgrade specific transport

* React to changes in UpgradeAwareProxy

* Use the UpgradeAwareProxy in `kubectl proxy`

* Add e2e test for kubectl exec via kubectl proxy

* Add pkg/kubectl/proxy to list of pkg/kubectl/util consumers

* Fix includeObject parameter parsing

* Refactored the fluentd-es addon files, moved the fluentd configuration to ConfigMap

* kubeadm: Replace
*clientset.Clientset with clientset.Interface

* Handle errors more consistently in scheduler

* Update build requirements

* openapi: Remove cache mechanism

* c-go: Use http Etag cache

* c-go: Add dependencies for http-cache

* c-go/transport: Add test for CacheRoundTripper

* Add info about staging repos to staging/README.md

* Add node e2e test for Docker\'s shared PID namespace

* Fix local storage test failures

* Use \'Infof\' instead of \'Errorf\' for a debug log

* fix the link of doc

* fix typo

* use status code instead of response body for checking kube-proxy URLs

* Remove deprecated ESIPP beta annotations

* kubeadm: Add back labels for the Static Pod control plane

* fully implement kubeadm-phase-kubeconfig

* Fix typo in certificate

* Fix typo in comment

* [Federation] hpa controller

* Fixed typo in comment in eviction_manager

* Fixed typo in rkt

* Fix typo in variable of remote

* [Federation] Make the hpa scale time window configurable

* plugin/pkg/client/auth: add openstack auth provider

* [OpenStack] Add more detail error message

* Migrate to GetControllerOf from meta/v1 package

* Migrate to NewControllerRef from meta/v1 package

* Migrate to IsControlledBy from meta/v1 package

* client-gen: stop embedding of GroupVersion client intfs

* Fix code implicitly casting clientsets to getters

* Fix printer hack to get a versioned client

* Update generated code

* getHashEquivalencePod also returns if equivalence pod is found

* Remove duplicate logging code

* Remove duplicate command example

* Add whitespace to improve error msg clarity

* Modify e2e.go to arbitrarily pick one of zones we have nodes in for multizone tests.

* Fix NotFound errors do not line up with API endpoint\'s group version

* Move the sig-instrumentation test to a dedicated folder

* Fix Stackdriver Logging soak tests issues

* Ignore the available volume when calling DetachDisk

* Fix storage tests for multizone test configuration.

* Handled taints on node in batch.

* Added toleration for node condition taints.

* There is no need to split service key repeatedly

* convert default predicates to use the default

* Enable selfHosted feature flag

* Add a simple cloud provider for e2e tests on kubemark

* Arbitrarily chose first (lexicographically) subnet in AZ on AWS.

* Handle missing OpenAPI specs on aggregated servers

* provide the failing health as part of the controller error

* add job controller

* add fed job e2e test

* implement statefulset scale subresource

* Make ClusterID required for AWS. #48954

* Add irfanurrehman as approver for federation.

* Add Shashi as approver for e2e_federation

* Revert \"Merge pull request #47353 from apelisse/http-cache\"

* Move ownership of proxy test to sig-network directory

* Copy annotations from StatefulSet to ControllerRevisions it owns

* Addressed reviewer comments

* add LocalZone into gce.conf and refactor gce cloud provider configuration to allow avoiding external communication

* Deprecate Deployment rollbackTo field and remove rollback endpoint

* Conversion code for apps/v1beta2 Deployment

* Remove some apps/v1beta2 generated files so that codegen works

* Autogen

* Moved node/testutil to upper dir.

* add some checks for fedration-apiserver options

* Update mrubin to matchstick in OWNERS

* Honor --use-service-account-credentials and warn when missing private key

* Change test to work around restmapper pluralization bug

* Add error return for the Marshal object invocation.

* simplify logic around LB deletion

* Added monitoring sidecar for Heapster

* kubeadm: Centralize commonly used paths/constants to the constants pkg

* Block on master-creation step for large clusters (>50 nodes) in kube-up

* Remove ScheduledJobs support

* Detect systemd on mounter startup

* Generated changes after removing ScheduledJobs

* Update gophercloud to support list interfaces of OpenStack instance

* Fix conflict about getPortByIp

* Add blank import for node tests

* validate kube-apiserver options

* Add unittests for GenerateLink

* Ensure that pricing expander is used by default in Cluster Autoscaler

* Dynamic Kubelet Configuration

* additional generated files

* core generated files

* Retry fed-lb-svc creation on diff NodePort during e2e tests

* Add debug logs to log-dump

* GKE deployment: Kill cluster/gke

* Change default update strategy to rolling update

* Autogenerated

* Break up node controller into packages

* RawExtension unmarshal will produce empty objects if the original object was nil #50323

* Rewrite staging import verifier in Go

* golint fixes

* fix dump

* Clean validation_test go file When i wrote test cases for local storage quota, found some unused vars and useless code, remove them

* fix error message for scale

* delete redundant test para.

* Remove some helpers associated with ESIPP.

* checking if disk is already attached for photon.

* Reduce hollow-kubelet cpu request

* correct the allocated element number of pod selectable field set

* Improve GC discovery sync performance

* Bugfix: set resources only for fluentd-gcp container.

* Fix unused Secret export logic.

* Add MemoryPressure/DiskPressure toleration for no BestEffort pod.

* wires ban flunder admission plugin to the sample server

* Don\'t call one of pointless conversions

* Added changes as a result of running make update

* kubeadm: Upload configuration used at \'kubeadm init\' time to ConfigMap for easier upgrades

* autogenerated bazel

* Use local JSON log buffer in parseDockerJSONLog.

* Add explicit API kind and version to the audit policy file on GCE

* Use zero TerminationGracePeriodSeconds in fixture

* Admit sysctls for other runtime.

* New get-kube.sh option: KUBERNETES_SKIP_RELEASE_VALIDATION

* remove apps/v1beta2 defaulting codes for obj.Spec.Selector and obj.Labels

* csr: add resync to csr approver

* Make socket address parsing work on FreeBSD.

* Add rbac.authorization.k8s.io/v1

* Generated files

* Adds v1.Service.PublishUnreadyAddresses and deprecates service.alpha.kubernetes.io/tolerate-unready-endpoints

* generated code

* Fix dropped errors in vsphere_volume

* Simplify hack/verify-flags-underscore.py

* Remove redundant files

* Add leader election support for controller-manager

* Auto generated files

* AddOrUpdateTaint should ignore duplicate Taint.

* Target godep script change verifications

* code format for test/integration/framework/master_utils.go

* Add token group adder component

* Add token cache component

* Add union token authenticator

* Simplify bearer token auth chain, cache successful authentications

* kubeadm: Move all node bootstrap token related code in one phase package

* kubeadm: Add the \'kubeadm phase bootstrap-token\' command

* autogenerated

* Remove repeated reviewers names

* remvoe redundant words in Type Taint

* auto-gen

* add grabbing CA metrics in e2e tests

* jsonpath: fix comments

* Simplify a command for unmounting mounted directories under /var/lib/kubelet.

* apimachinery: remove pre-apigroups import prefix logic

* Update etcd path test to always use kindWhiteList

* Add functionality needed by Cluster Autoscaler to Kubemark Provider.

* add Cluster Autoscaler scalability test suite

* Typedef visitor to document parameters

* FC plugin: Support WWID for volume identifier

* Autogenerated files

* Detect missing steps in edit testcases

* Specify node labels for fakeVolumeHost when testing

* remove the duplicate address of glusterfs

* GCE: filter addresses by IP when listing

* kubeadm: add pubkeypin package (public key pinning hash implementation).

* kubeadm: implement TLS discovery root CA pinning.

* kubeadm: generated deepcopy for `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm` and `k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1`.

* Add a heap data store to client-go

* autogenerated files

* move logs to kubectl/util

* Kubelet manage hosts file for HostNetwork Pods instead of Docker

* Fix my incorrect username in #46649

* Adds IPv6 test case to kubeadm bootstrap

* Correct case for starting character of option string

* Fix grammatical error

* GCE: Specify alpha in annotation key, deprecate lower case of LB type

* Add node benchmark tests for cos-m60 with docker 1.12.6

* forbid kubectl edit an empty list

* Tainted node by condition.

* get_test.go fix error format and info

* Fix typos in kubefed package

* Fix the method name of BuiltInAuthenticationOptions

* add fuzzer dir for each apigroup

* Requeue DaemonSets if non-daemon pods were deleted.

* add cmd-test for sort-by command

* Moved node condition filter into a predicates.

* fix a typo

* Update Stackdriver event exporter version

* Pass config to external Kubemark cluster in e2e tests

* Add variables for passing test args to kubemark master components

* apimachinery: remove misleading NewDefaultRESTMapper

* Bump Cluster Autoscaler to 0.7.0-alpha1

* Bump rules_go

* Use gazelle and kazel together to manage BUILD files

* Autogenerate BUILD files

* Remove deprecated cgo_genrules

* Use buildozer to remove deprecated automanaged tags

* Use buildozer to delete licenses() rules except under third_party/

* Add metric for remaining life of authenticating certificates

* Add a SUPPORT.md file for github

* Added jdumars to OWNERS file for Azure cloud provider

* openapi: Move Fakes to testing package

* Renamed to RegisterMandatoryFitPredicate.

* select an RBAC version for kubefed it knows how to speak

* openapi: Add validation logic

* deprecation of .spec.templateGeneration from extensions/v1beta1 DaemonSet to apps/v1beta2

* auto-gen

* move UDP conntrack operations together to pkg/proxy/util/conntrack.go

* Delete load balancers if the UIDs for services don\'t match.

* fix-review

* do-rebase

* Refactor updateClusterStatus to reduce locking

* Refactor TestUpdateClusterRace and TestUpdateClusterStatusOK

* Use DiscoveryClient from kube clientSet instead of creating new one

* Auto generated file

* Cleanup locking in configz

* add validation for fed-apiserver

* Remove packages which aren\'t relied on by heapster anymore.

* Remove deprecated flag \"long-running-request-regexp\".

* Adding support for internal IP for e2e tests

* Avoid rsync of .git directory

* Support seccomp profile from container\'s security context

* Use seccomp from security context

* Rename runtime/default to docker default

* run hack/update-bazel.sh

* Implement kind visitor library for kubectl

* Support for using a client-go client from kubectl

* Mark volume as detached when node does not exist for vsphere

* [VSphere] Don\'t return err when node doesn\'t exist in DetachDisk()

* Fix node allocatable resource validation GetNodeAllocatableReservation gets all the reserved resource, and we need to compare it with capacity

* Make endpoints controller update based on semantic equality

* fix apply_set_last_applied dry-run output issue

* remove useless comments in node_controller.go

* Add image e2e-net-amd64 to CommonImageWhiteList

* some small fix in verify-flags-underscore

* Changes for updating serviceaccount of a resource.

* NodeConditionPredicates should return NodeOutOfDisk error.

* simplify disruption controller

* Add prefix to common networking e2e tests

* update clientset.Core() to clientset.CoreV1() in test

* Increase kibana CPU limit to sped up the startup

* Log error from ensureDNSRecords

* Add Exec interface to VolumeHost

* Add pluginName to VolumeHost.GetMouter

* SafeFormatAndMount should use volume.Exec provided by VolumeHost

* Typed static/mirror pod UID translation

* [Federation] Kubefed doc fix

* Set cluster autoscaler version to 0.6.1-beta2

* Move all staticpod utils to separate package

* Main work -- move etcd to separate phase and hook up most things

* Add CLI commands

* Autogenerated bazel etc.

* [Federation] Autogenerated file changes for kubefed doc fix

* Use Describe to add prefix

* Refactor addons into multiple packages

* Update bazel

* Migrate sig-auth e2e tests.

* Use `select` to disable building static binaries if `--cpu=darwin`.

* Remove package from hack/.golint_failures

* Add ReclaimPolicy field to StorageClass

* Generated StorageClass.ReclaimPolicy code

* Remove the status of the terminated containers in the summary endpoint

* Fix kubernetes-worker charm hook failure when applying labels

* Bumped Heapster version to 1.4.1

* Use nodePortOp for allocating healthCheck nodePort

* Extend SetHeader Requests method ito accept multiple values

* FeatureGate: update comments

* move retry to client-go

* refactor entries added by hostAlias into a separate method and be explicit about the source

* Creates /var/lib/kubelet as root

* add HostAlias support for HostNetwork pods

* remove validation disallowing hostAlias with hostNetwork

* Bump gce metadata-proxy from 0.1.2 to 0.1.3

* Allow passing image description from e2e node test config

* Add resouer into scheduler reviewer

* Log name if Azure file share cannot be created

* OpaqueIntResourceName unit tests

* Added logic and tests for creating and using a tmpfs volume in localPV e2e tests

* Move taints e2e test to sig-scheduling

* apiservers: add synchronous shutdown mechanism on SIGTERM+INT

* fix typo

* Modify the initialization of results in generic_scheduler.go

* Mark the volumes as detached when node does not exist

* fix some typo

* fix some typo

* kubectl show node role if defined

* Port internal extensions/Network
* to networking.k8s.io API group

* Update generated files

* Remove deprecated lookup cache flags.

* apiserver: simplify deepcopy calls

* Implement batching audit webhook graceful shutdown

* apimachinery: simplify deepcopy calls

* apiextensions: simplify deepcopy calls

* kubeadm: Centralize client create-or-update logic in one package

* autogenerated bazel

* Update RegisterMandatoryFitPredicate to avoid double register.

* registries: simplify deepcopy calls

* Base Fluentd image off debian:stretch-slim for systemd with LZ4

* Small code cleanups

* Small improvements on CLI messages

* fix two typos in quobyte error message

* move KubeletConfiguration out of componentconfig API group

* Allow injection of policy in RBAC post start hook

* Fix make cross build failure

* Adds IPv6 test cases to kubeadm certs and validation pkgs.

* Fix comment of limitranges

* Dump installation and configuration logs for master

* Added Device plugin API

* Added script to generate the Device Plugin API

* Added script to verify the generated Device Plugin API

* Fix forkedjson.LookupPatchMetadata for pointers.

* Bump Cluster Autoscaler to 0.6.1

* mark created-by annotation as deprecated

* remove deprecated command \'kubectl stop\'

* Using hash/fnv to generate the vmName

* Move List (the type) into metav1 but preserve the exposed type

* remove leaked socket file after unit test

* update it

* Support autoprobing subnet-id for openstack cloud provider

* Make kube::util::ensure_clean_working_dir more verbose in log files

* move some e2e tests to SIG respectively

* Promote CronJobs to batch/v1beta1

* Generated changes for CronJobs in batch/v1beta1

* Replaced bool map to string set.

* fix panic in e2e

* Replace hard-code \"cpu\" and \"memory\" to consts

* kubectl: simplify deepcopy calls

* continue fix the typo

* upgrade advanced audit to v1beta1

* run hack/update-all.sh

* audit: disable new v1beta1 types until incompatible changes are done

* Don\'t SSH to master for metrics in case of GKE

* Make removing nodes public for Kubemark controller

* Delete \"hugetlb\" from whitelistControllers

* Refactor RBAC authorizer entry points

* apimachinery: Print unknown transport type

* Re-enable OIR e2e tests.

* Feature-gate self-hosted secrets

* Remove BUILD reference to removed files

* move i18n to kubectl/util

* enables apps/v1beta2 and removes WIP comments from documentation

* generated code

* Remove duplicate unused function.

* Address PR comments

* Bump repo-infra/kazel dependency

* fix-review

* Re-run init containers if the pod sandbox needs to be recreated

* OIR predicate includes namespaced resources.

* Generated files

* Remove incorrect patch-merge directives.

* On AttachDetachController node status update, do not retry when node doesn\'t exist but keep the node entry in cache

* Regenerate all BUILD files in vendor/ from scratch using gazelle

* Disables Docker\'s health check

* Remove kubectl\'s dependence on schema file in pkg/api/validation.

* address review comments.

* add some e2e for node authz

* Remove redundant err definition

* fix issue(#50821)Add image check, if image not changed, transform false

* Add ControllerRevision to apps/v1beta2

* Added auto-generated changes

* Delete useless code

* Honor --use-service-account-credentials in cloud-controller-manager

* update CRD strategy for status updates

* fix kubectl issue(#52)kubectl run --expose continues after error (missing port)

* move IsLocalIP() and ShouldSkipService() to pkg/proxy/util

* verify pkg/util contains no code

* fix GPU resource validation incorrectly allows zero limits

* auto-gen

* update testcase err msg

* Fixed several typos in CHANGELOG.md.

* Make metav1.(Micro)?Time functions take pointers

* Rename k8s.io/{kube-gen -> code-generator}

* fix issue(#49695)kubectl set image deployment is ignoring --selector

* fix issue(#49883) Add selector example

* kubeadm: Fix self-hosting race condition

* newline to separate unimplemented elements

* Small improvement in ban flunder admission plugin. After the changes a name will be also taken directly from meta field. Previously a name was taken only via attributes.GetName() method, which in turns derived a name from a URL address. This didn\'t work as we don\'t allow to pass a name when POSTing a resource.

* fix incorrect logic

* allow default option values - kube top node|pod

* Fixup after k8s.io/{kube-gen -> code-generator} rename

* cni: print better error when a CNI .configlist is put into a .config

* Update CHANGELOG.md for v1.7.4.

* Update GCP API package

* NR Infrastructure agent example daemonset

* Fix e2e_node for changes to /api/compute/v0.beta package

* Add e2e aggregator test.

* Updates Kubeadm Master Endpoint for IPv6

* Proposal to add AATTwlan0 to appropriate owner files

* Make route-controller list only relevant routes instead of all of them

* Update with PR comments

* make admission plugins handle mutating spec of uninitialized pods

* Set ExecSync timeout in liveness prober.

* Clear collections between each test of TestList

* Verify TableConversion behavior in resttest

* Make generic metadata conform to documented name column convention

* Enable server side printers for converted types

* add tests

* Change API version of statefulset scale subresource e2e test to v1beta2

* Added lister expansions for DaemonSet, Deployment, ReplicaSet, and StatefulSet for apps/v1beta2

* Add instance metadata from flag even when using image config.

* Add enj to OWNERS for test/integration/etcd/etcd_storage_path_test.go

* Add node e2e test for Docker\'s live-restore

* Use \'Infof\' instead of \'Errorf\' for a debug log

* Add enj as reviewer to OWNERS

* add cmd test kubectl set image

* Fix admission plugin registration

* CollisionCount should have type int32 across controllers that use it for collision avoidance

* auto-gen

* Reduce one time url direction

* remove dead code for cloner

* validate nonResourceURL in create clusterrole

* support fieldSelector spec.schedulerName

* Cleanup makeEventRecorder function drop KubeletConfiguration arg since it is unused

* Main work -- refactor certs phase

* Main work -- cleanup certs CLI command

* Autogenerated bazel files

* [advanced audit api] fuzz Event with random value

* Fix zsh completion for kubeadm

* Stackdriver Logging e2e: Explicitly check for docker and kubelet logs presence

* add diff details to pod validation error

* kubeadm: Adds dry-run support for kubeadm using the \'--dry-run\' option

* Use CollisionCount for collision avoidance in StatefulSet controller

* Implemented support for using images from CI builds

* Autogenerated

* oidc auth: make the OIDC claims prefix configurable

* Refactor cluster_upgrade to include statefulset upgrade tests.

* bump(github.com/google/cadvisor): 27e1acbb4ef0fe1889208b21f8f4a6d0863e02f6

* Don\'t register the kubeletconfig group with the default Scheme

* Allow zsh completion to be autoloaded by compinit

* Update help/example for kubectl completion

* kubeadm: Make the self-hosting with certificates in Secrets mode work again

* kubeadm: Adding unit tests for newly added funcs

* autogenerated bazel

* Updated gRPC version to support Keep Alive

* Fix threshold notifier build tags This was preventing cross builds from darwin

* Increase latency threshold for list api calls

* Fix duplicate field in kubeconfig

* Clean /run/kubernetes on kubeadm reset

* Revert #50362.

* Expand the test to include other flags as well

* Remove seemingly obsolete binaries

* bump QEMU to new version 2.9.1

* fix issue(#50937)Fix kubectl get pvc lose volume name

* fix bad url

* don\'t try to add pool id if pool doesn\'t exist

* kubeadm: Add back labels for the Static Pod control plane (attempt 2)

* kubeadm: Tell the user when a static pod is created

* Fix unhandled error

* Create the directory for cadvisor if needed

* kubeadm: Use kube-dns manifests based on the kubernetes version

* Factor out endpoint address generation, skip unneeded endpoint updates

* Fix legacy floatingip

* Support ServiceAnnotationLoadBalancerFloatingNetworkId for LB v1

* use more-specific arm32v7 instead of deprecated armhf organization

* use more-specific arm64v8 instead of deprecated aarch64 organization

* Replace the deprecated function with the suggest function

* Address TestEtcdStoragePath flakes

* fix bad url in the README file

* bump new version due to base image changed

* Revert \"Don\'t register the kubeletconfig group with the default Scheme\"

* update to rbac v1 in yaml file

* Made the difference between scale-up timeout and cluster set-up timeout explicit.

* Fixed code comments that were not updated

* Auto-calculate CLUSTER_IP_RANGE based on no. of nodes

* Fix GC integration test race

* iSCSI volume plugin: iSCSI initiatorname support

* gce external LB: add a function to verify the requested IP address

* Validate against OpenAPI schema (if available)

* openapi: Use \"group\" to look for resources

* openapi: Handle properly empty/null fileds

* openapi-validation: Handle List special case

* openapi validation: Ignore unknown types

* Autogenerated files

* Show events when describing service accounts

* teach gce cloud to handle alpha/beta operations

* [sig-network-e2e] Remove redundant sig prefix from tests

* Revert \"Merge pull request #51008 from kubernetes/revert-50789-fix-scheme\"

* adding version.Components(), .Major(), .Minor() .Patch() etc.

* kubeadm preflight - enforce maximum supported Kubernetes version

* StatefulSet controller no longer attempts to mutate v1.PodSpec.Hostname or v1.PodSpec.Subdomain

* StatefulSet: Deflake e2e \"Saturate\" phase.

* addressed comments

* Add ncdc to client-go/tools/cache OWNERS

* run go fmt

* Fix StatefulSet update validation

* Makefile cleanups

* Message cleanup on update-all

* Add debug logs to conversion-gen

* More PR comments

* Fix swallowed errors in statefulset tests

* fix bad url

* Multi-Attach volume fix for vSphere

* update to rbac v1 in bootstrappolicy test

* fix-review

* fix issue(51027)kubect logs --selector ignoring --tail=-1

* Add ephemeral local storage resource name first

* add merge key to initializers.pending

* daemon_controller: fix typo.

* Add flags for prometheus-to-sd components.

* azure: Don\'t exec \'cat\' to read files.

* azure: Use VolumeHost.GetExec() to execute stuff in volume plugins

* generate files before scheduler perf

* Correct error strings in glusterfs

* Replace validateGlusterfs() with validateGlusterfsVolumeSource for consistency.

* Print root cause failure message in StartTestServerOrDie()

* Fix README registry error

* FlexVolume: Add capability to disable SELinux Relabeling during the driver\'s init phase

* Always check if default labels on node need to be updated in kubelet

* ScaleIO: use a fresh mounter for every SetUp/TearDown

* ScaleIO: Use VolumeHost.GetExec() to execute utilities

* add UT for pkg/apis/autoscaling/v2alpha1/defaults.go

* Refactor kuberuntime test case with sets.String

* fix confusion in service_controller

* fibre channel: Remove unused exe interface

* Support for specifying external LoadBalancerIP on openstack

* Add Humble as GlusterFS approver.

* gluster: Remove unused exe interface

* gluster: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Revert \"Updated gRPC vendoring to support Keep Alive\"

* nfs: Use VolumeHost.GetExec() to execute stuff in volume plugins

* quobyte: Use VolumeHost.GetExec() to execute stuff in volume plugins

* rbd: Use VolumeHost.GetExec() to execute stuff in volume plugins

* StorageOS: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Fix comment to more accurately

* kubeadm: Add node-cidr-mask-size to pass to kube-controller-manager for IPv6

* kubeadm: Implement the \'kubeadm config\' command

* Skip \"Simple pod should support exec through kubectl proxy\" test

* add alpha api gate at gce cloud provider

* Don\'t silence `go get` during verify scripts

* Add cpuset helper library.

* Run multiarch/qemu-user-static:register before building cross-arch images

* Remove crash loop detection from the dynamic kubelet config feature

* Fix unready endpoints bug introduced in #50934

* Enable finalizers independent of GC enablement

* Clarify finalizer function

* GCE: Add functions for Alpha address and forwarding rules

* Enable overlay2 on cos-m60 in node e2e tests

* Set GCE_ALPHA_FEATURES environment variable in gce.conf

* GCE: add a new label \"version\" for metrics

* Adding script to set up FlexVolume on a COS instance using mounting utility image in GCR.

* Changing Flexvolume plugin directory to a location reachable by containerized kubelet.

* Enable apps/v1beta2 Deployment, ReplicaSet, DaemonSet in federation

* add the caller ip into rsync hosts allow list

* Use Fatalf instead of Errorf when mounter/unmounter if nil in volume tests

* Renamed CPUSet.AsSlice() => CPUSet.ToSlice()

* Add CPUSetBuilder, make CPUSet immutable.

* implement proposal 34058: hostPath volume type

* update e2e tests and yaml files

* set default HostPathType to empty

* run nsenter in host namespace for containerized kubelet

* Fix swallowed error in attachdetach tests

* Italian translation

* auto-gen

* Move package `app/cmd/features` to `app/features` + bazel files

* Add CLI flag for `cfg.FeatureFlags`

* Add some debug statements to logdump script

* Add initiatorname in iscsi describe printer.

* Fix backward compatibility for renamed OpenAPI definitions

* Update OpenAPI spec

* kubeadm selfhosting CLI improvements

* Include $USER in network name to not clash for different users\' clusters

* iscsi: Use VolumeHost.GetExec() to execute stuff in volume plugins

* Print multiple node roles, remove kubeadm-specific annotation from kubectl

* Removing push_api_data on kube-api.connected seems to be dead code

* provide a default field selector for name and namespace

* remove unnecessary field conversions

* Revert default service-cidr config on kubernetes-master charm

* kubeapiserver: rename `--experimental-bootstrap-token-auth` to `--enable-bootstrap-token-auth`.

* roundtrip: fix error messages

* Update cos-m61 image in benchmark tests

* Update cos image to cos-stable-60-9592-84-0

* Bumped gRPC version to 1.3.0

* Avoid explicit mention of plugin name in error strings.

* Add volume operation metrics to operation executor and PV controller

* output junit dir for easier debug

* Add liggitt as an API approver. Note that bgrant0607 is an approver, but shouldn\'t be auto-assigned.

* Update CHANGELOG.md for v1.6.9.

* basic logging for healthz installer

* Add an OrDie version for AddPostStartHook

* Bump repo-infra dependency to fix go_genrule without sandboxing

* openapi: Change reference to be first-class

* add sig leads to owners-aliases

* StatefulSet: Deflake e2e \"restart\" phase.

* Add signal handler for catching Ctrl-C on hack/e2e

* Update CHANGELOG.md for v1.8.0-alpha.3.

* Allow remote runtimes to pass apparmor host validation

* Fix swallowed error in registrytest

* clean up LocalPort in proxier.go

* Add AddAliasToInstance() to gce cloud provider

* remove deprecated rbac rule

* Removes redundant prefix in cluster-lifecycle e2e test names

* fix status in deployment_rollback response

* fix fuzzer for hostpath type that the path can be an empty string

* update related files

* [Federation]hpa controller controls distribution of target objects

* [Federation]build files for hpa controller controlling target objects

* fix invalid url link

* refactor(flexvolume): simplify capabilities handling

* fix e2e network wrong output message

* update kubeadm to use hostpath type

* Distribute pods efficiently in CA scalability tests

* Change the FakeCloudAddressService to store Alpha objects internally

* azure file volume: add secret namespace api

* generated files

* RBD Plugin: Log RBD Attach/Mount/Unmout actions at logging level 3

* [Federation] Update hpa e2e utils to enable reuse in fed hpa tests

* AllowedNotReadyNodes allowed to be not ready for absolutely
*any
* reason

* Let the initializer admission plugin set the metadata.intializers to nil if an update makes the pendings and the result both nil

* StatefulSet: Deflake e2e `kubectl exec` commands.

* Update example to CockroachDB v1.0.5

* refactor CephFS PV spec to use SecretReference

* generated files

* Add IPBlock to NetworkPolicy

* Add networking fuzzer

* IPBlock generated code

* cleaning dettach logic since it\'s not needed

* add unit test

* generated

* Always create vendor/BUILD in hack/update-bazel.sh

* Regenerate the vendor/BUILD file

* Adding fsGroup check before mounting a volume

* let resourcequota evaluator handle uninitialid pod and pvc

* Call the right cleanup function

* Issue fix in hpa e2e util

* bazel: use fast docker_pull

* statefulSet kubectl rollout command

* Allow bearer requests to be proxied by kubectl proxy

* Revert \"Skip \"Simple pod should support exec through kubectl proxy\" test\"

* Add InstanceExists
* methods to cloud provider interface for CCM

* cloudprovider.Zones should support external cloud providers

* set --audit-log-format default to json

* Fix validation return value

* Block instance identity, block recursive=true

* Add kube-proxy daemonset as a cluster addon.

* Local storage does not manage overlay any more

* fix validation return error

* Cloud Controller Manager now sets Node.Spec.ProviderID

* Remove deprecated init-container in annotations

* handle failed mounts for fc volumes

* Made the tests ensure that Cluster Autoscaler is on before running.

* Paramaterize stickyMaxAgeMinutes for service in API

* auto gen code

* admission api: cut off api from k8s.io/apiserver

* kubeadm: Resolve tech debt; move commonly used funcs to a general package instead of duplicating

* kubeadm: Add \'kubeadm upgrade plan\' and \'kubeadm upgrade apply\' CLI commands

* Add unit tests for kubeadm upgrade|plan

* Added test case for Predicates.

* Add kubectl set env command

* Generated documentation for kubectl set env

* Add bash test for kubectl set env command

* Fix benchmarks to really test reverse order of the keys.

* autogenerated bazel

* Implement GetZoneByProviderID and GetZoneByNodeName for openstack

* modify an little gammer error.

* Revert \"Revert \"Merge pull request #47353 from apelisse/http-cache\"\"

* c-go: Update diskv to get atomic fs cache write

* Consume new config value for network project id

* GCE: Add a fake forwarding rule service

* add an starting info log of namespace controller.

* kubeadm: Fully implement \'kubeadm init --dry-run\'

* Set flexvolumeplugin.host so that it\'s not nil

* client-go: Update RoundTrippers to be Unwrappable

* Fixed gke auth update wait condition.

* Adding dynamic Flexvolume plugin discovery capability, using filesystem watch.

* Make coreos test images sshd not allow password login.

* Revert \"Ensure empty serialized slices are zero-length, not null\"

* Generated files

* Update fixture data

* Don\'t update pvc.status.capacity if pvc is already Bound

* Unshadow error in registrytest

* Change StatsProvider interface to provide container stats from either cadvisor or CRI and implement this interface using cadvisor

* fix ReadOnlyPort, HealthzPort, CAdvisorPort defaulting/documentation

* address test & doc comments

* Add host mountpath for controller-manager for flexvolume dir

* refactor method name as per comments

* handle iscsi failed mounts

* Default ABAC to off in GCE/GKE (for new clusters).

* Audit policy v1beta1 now supports matching subresources and resource names.

* Add extra group constants and validation to `pkg/bootstrap/api`.

* Add debugging to the codegen process

* Change eviction policy to manage one single local storage resource

* Change validation for local ephemeral storage

* Implement `auth-extra-groups` in bootstrap token authenticator.

* kubeadm: add `--groups` flag for `kubeadm token create`.

* kubeadm: add extra group info to `token list`.

* Fix NoNewPrivs and also allow remote runtime to provide the support.

* generated: update API resources

* change godoc based on feedback from luxas

* kubeadm: Move the uploadconfig phase right in the beginning of cluster init

* Implement stop function in streaming server.

* add deprecation warnings for auto detecting cloud providers

* Create kube::util::create-fake-git-tree function

* Add option to copy output when running the build shell

* Modify rsync filter to retain output across runs

* Revert \"GCE: Consume new config value for network project id\"

* Moved node condition filter into a predicates.

* Allow PSP\'s to specify a whitelist of allowed paths for host volume

* generated files

* Fix forbidden message format

* Fix swallowed errs in volume util package

* Refres equal cache if node condition changed.

* Fix swallowed error in storageos

* Fix swallowed error in scaleio package tests

* Fix swallowed errors in portworx tests

* Fix swallowed errors in tests of photon_pd package

* Fix swallowed error in iscsi package

* Add local storage to downwards API

* Fix swallowed error in tests of host_path package

* Fix swallowed errors in tests of gce_pd

* Fix swallowed error in tests for flocker package

* Fix swallowed error in fc

* auto generated code

* hack/local-up-cluster.sh defaults to allow swap

* kubectl get show uninitialized resources

* update related files due to api change

* kubectl add global flag --include-uninitialized

* Add local storage support in Quota

* Add feature gate for local storage quota

* Remove private and unused codes

* Add cluster e2es to verify scheduler local storage support

* Fixes cross platform build failure

* Add test cases to test local ephemeral storage for limitrange

* adding validations on kubelet starting configurations

* Use constants instead of magic string for runtime names

* run hack/update-bazel.sh

* Fix swallowed errors in aws_ebs tests

* kubeadm: Use the --enable-bootstrap-token-auth flag when possible

* Test loading Kubelet config from a file

* Revert \"Re-enable OIR e2e tests.\"

* WaitForAttach refactoring for iSCSI attacher/detacher

* Support iscsi volume attach and detach

* Remove previous local storage resource name \'scratch\" and \"overlay\"

* refactor codes in volume iscsi to improve readability

* fix typo in pkg tunneler

* kubeadm: Rename FeatureFlags to FeatureGates

* Make it possible to fake the ServerVersion in the FakeDiscovery implementation

* autogenerated code

* kubeadm: Cut unnecessary kubectl dependency

* Fix list-features script

* fix the bad position of code comment

* Replicate the persistent volume label admission plugin in a controller in the cloud-controller-manager

* Add support to recompute partial predicate metadata upon adding/removing pods

* bazel update

* [kube-proxy] Use glog instaed of fmt.Printf

* Autodetect kubemark Cloud Provider

* AWS: check validity of KSM key before creating a new encrypted disk.

* Make threshold for glbc mem-usage scale with nodes in density test

* add long description for --list aware user

* Feature gate initializers field

* Made blacklist stricter to deal with alternate versions of true

* Unify cloudprovided and normal KMS plugins

* Add liggitt to client-go approvers

* Consume new config value for network project id

* Add MountOptions field to PV spec

* Generated PV.Spec.MountOptions code

* Moving filesystem mock to pkg/util, and added some functionality

* Fix `gcloud compute instance-groups managed list` call

* Make Prometheus cAdvisor metrics labels consistent

* Set up KUBE_PROXY_DAEMONSET env for GCE and common.sh.

* Add kube-proxy daemonset track to GCE startup scripts (GCI, Debian and CoreOS).

* Add --request-timeout to allow the global request timeout of 60 seconds to be configured.

* Use the pre-built docker binaries on Ubuntu for benchmark tests

* Add --append-hash flag to kubectl create configmap/secret

* remove failure policy from intializer configuration

* generated

* add retainKeys in patchStrategy

* Adding e2e SELinux test for local storage

* unify the validation rules on initializer name

* Refactoring for filesystem mock move

* update initializer names to valid ones in tests

* add apply test for retainKeys

* update generated files

* Admit NoNewPrivs for remote and rkt runtimes

* GCE: Add annotations and helper functions for network tiers

* update bazel

* e2e: Add tests for network tiers in GCE

* return reasonable error when connection closed

* Add Google Cloud KMS plugin for encryption

* fixing package comment of v1

* Enable batch/v1beta1.CronJobs by default

* Fix handling of APIserver errors when saving provisioned PVs.

* simplify Run in controllermanager

* add some period in cloud controller manager\'s options

* modifying the comment of BeforeDelete function to improve readibility

* implementation of GetZoneByProviderID and GetZoneByNodeName for AWS

* Added an end-to-end test ensuring that Cluster Autoscaler does not scale up when all pending pods are unschedulable.

* Renamed ClusterSize and WaitForClusterSize to NumberOfReadyNodes and WaitForReadyNodes, respectively.

* Add CPU manager interfaces.

* fix typo about volumes

* fix extra blanks in cloud controller manager\'s options

* check job ActiveDeadlineSeconds

* Add feature gate and validate test for local storage limitrange

* Fix setNodeAddress when a node IP and a cloud provider are set

* update scheduler to return structured errors instead of process exit

* Ignored node condition predicates if TaintsByCondition enabled.

* Add storageClass.mountOptions and use it in all applicable plugins

* Generated storageClass.mountOptions code

* allow disabling the scheduler port

* Add types for validation of CustomResources

* Add generated code

* Validate CustomResource

* Add integration tests

* Update godeps

* Add feature gate for CustomResourceValidation

* Retry master instance creation in case of retriable error (with sleep)

* Move rotating kubelet client certificate to beta.

* Set up ENABLE_POD_PRIORITY env for GCE and common.sh

* Configure pod priority for kube-proxy when enabled

* Add upgrades tests for kube-proxy daemonset migration path

* controllers: simplify deepcopy calls

* scheduler: simplify deepcopy calls

* admission plugins: simplify deepcopy calls

* pkg/api: simplify deepcopy calls

* e2e/integration: simplify deepcopy calls

* Add unit test for UploadConfig in Kubeadm

* kubeadm: preflight check for enabled swap

* Fix prefixing bug in import verifier

* Correct default cluster-ip-range subnet

* Adding Flexvolume plugin dir piping for master on COS

* Improve description for --masquerade-all flag

* Improve --cluster-cidr description

* rbd: default image format to v2 instead of deprecated v1

* test/e2e/auth: fix audit log test format parsing

* Add v1 API as a default conversion peer

* Enable switching to alpha GCE disk API

* Skip system container cgroup stats if undefined

* libnetwork ipvs godeps

* wrapper ipvs API as util

* implement ipvs mode of kube-proxy

* [Scheduler] regroup packages

* Fix splitProviderID for Azure

* Fix InstanceTypeByProviderID for Azure

* Switch away from gcloud deprecated flags in compute resource listings

* Fix pod local ephemeral storage usage

* Add pod local ephemeral storage usage e2e test cases

* Add PVCRef to VolumeStats

* fix taint controller panic

* kubectl: Clean up documentation for rollout_status.go

* refactor function

* kubectl: Remove ending punctuation from error strings

* Fix typo in docs.

* Only list hollow-node pods while trying to count them

* Fix godoc comments.

* Fix iSCSI WaitForAttach not mounting a volume

* [Scheduler] Fix typo in info message

* Share /var/lib/kubernetes on startup

* Allow -n namespaces/

* Added in-memory CPU manager state.

* Added none policy for CPU manager.

* Added CPU manager unit tests (none policy)

* CPU manager config and feature gate.

* CPU Manager initialization and lifecycle calls.

* Fix printISCSIVolumeSource to show kubectl describe properly

* Add preemption victim selector logic to scheduler

* Add specific types for PredicateMetadata and PredicateMetadataProducer

* autogenerated files

* Add the logic to pick one node for preemption

* do not update init containers status if terminated

* Fix regex\'s and redirect port

* Reserve internal address for ILBs

* Change SizeLimit to a pointer

* Remove deprecated and experimental fields from KubeletConfiguration

* Generated files

* add reconcile command to kubectl auth

* ignore selector changes for deployment, replicaset and daemonset prior update

* Adds the rand.SafeEncodeString function and uses this function to generate names for ReplicaSets and ControllerRevisions.

* Separate feature gates for dynamic kubelet config vs loading from a file

* c-go cache: Only cache discovery requests

* c-go cache: Use diskv TempDir to get atomic write

* client-go cache: Make caching layer Unwrappable

* Adding vishh to test approvers

* Update the label manifest with new do-not-merge labels

* Split APIVersion into APIGroup and APIVersion in audit events

* run hack/update-codecgen.sh and hack/update-bazel.sh

* fixing a typo in staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go

* make these tests table-driven

* update Deprecated code and fix bug not return when list pod failed

* Added cpu-manager-reconcile-period config.

* rsync iptables

* add tests for apps/v1beta2 conversion

* enforce include-uninitialized in several kubectl commands

* add tests

* Create a secondary range for the services instead of a subnetwork

* Allow audit to log authorization failures

* add information for subresource kind determination:

* generated

* Update CHANGELOG.md for v1.7.5.

* update GC controller to wait until controllers have been initialized once

* make api request verb can be overrided and make \"GET\" pod log request reported as \"CONNECT\" pod log request for metrics

* Fix local storage code to follow go style

* Make feature gate threadsafe

* apiextensions: add maximum for validation

* Add tests for stripping \"namespaces/\" from passed-in namespace

* Update Bazel configuration for flag.go and overrides_test.go

* Revert \"Enable batch/v1beta1.CronJobs by default\"

* Adds check for external CA

* Ensures that the DaemonSet controller does not launch a Pod on a Node while waiting for a Pod that it has previously created to terminate.

* Add bowei to the OWNER for cluster/gce

* Fix changelog to add discovery/controller-manager fixes. Improve release notes for entries that say \"automated cherrypick\".

* Support remote runtimes with native cAdvisor support

* Edit owner files for kube-proxy

* Generate deb and rpms package with correct versions.

* Make cluster/common.sh work even if ${HOME} is unset.

* Add some initial shell parsing tests.

* Add KUBE_APISERVER_REQUEST_TIMEOUT_SEC env var.

* Simplify describe events table

* Added basic Flexvolume dynamic plugin discovery e2e test; added Flexvolume prober unit tests.

* Test image utils for multi arch test images

* Update the yaml file with multiarch images

* Fix bazel

* Port e2e tests for multi architecture

* Set NODE_NETWORK and NODE_SUBNETWORK in kube-up

* fix bug on kubectl deleting uninitialized resources

* add tests

* Fix providerID update validation

* audit real impersonated user info

* Delete the federation namespace from fcp instead of individual objects

* Fix scheduling e2e test case for local ephemeral storage

* Add explain for register TaintTolerationPriority function.

* Use json-iterator for JSON, kill off codecgen

* Add json-iterator dep, remove ugorji dep

* Remove generated JSON code

* test fix

* fix kube-proxy panic

* remove explictly set timeout value

* Remove DynamicVolumeProvisioning from feature gate

* Switch audit output to v1beta1

* Do not mutate original object even temporarily to avoid data races

* add selfsubjectrulesreview api

* generated

* create the methods in the generated expansion files

* add missing sub-resources test actions

* code-generator: allow to customize generated verbs and add custom verb

* update bazel

* generate UpdateScale and GetScale verbs for scalable resources

* Make etcd prefix configurable in migration script

* Fix pod and node names switched around in error message.

* Add a new paging utility for client side ranging

* Enable paging for all list watchers

* Server side implementation of paging for etcd3

* Integration test for API paging

* API for server paging

* generated: api changes

* expose discovery information on scalable resources

* Slow-start batch pod creation of rs, rc, ds, jobs

* Fixes grace period in delete

* Change default validation to openapi

* openapi: Remove unused test structure and code.

* GCE: Add \"Network Tiers\" as an Alpha feature for L4 load balancers

* Revert \"CPU manager wiring and `none` policy\"

* e2e: test using reserved IP with network tiers

* Expose PVC metrics via kubelet prometheus

* Depend on //cluster/lib instead of :all-srcs.

* make url parsing in apiserver configurable

* Fixed integer overflow when matching PVPVC claims. Added tests to guard this behavior.

* Create an EventRateLimit admission control plug-in for the API Server. The EventRateLimit plug-in limits the number of events that the API Server will accept in a given time period. It allows for server-wide, per-namespace, per-user,and per-source+object rate limiting.

* Clear values for disabled alpha fields

* Added Device Plugin Manager

* Drop alpha/beta init containers annotations on conversion

* Device Plugin Kubelet integration

* Testing

* Alpha feature integration

* Kubelet side extension to support device allocation

* update API v1 Job object

* Generate files from v1.JobSpec modification

* Move custom metrics APIs to v1beta1

* Move HPA to use custom-metrics/v1beta1

* Rename custom metrics API to custom.metrics.k8s.io

* Build controller roles/bindings on demand

* Update d.status.unavailableReplicas api comment

* Add feature gate for mount propagation

* Add API for mount propagation.

* Regenerate API

* Add mount propagation to CRI protocol

* Implement mount propagation in docker shim

* Implement mount propagation in kubelet

* Add RBAC, healthchecks, autoscaler and update Calico to v2.5.0, Typha to 0.4.0

* Map a resource to multiple signals in eviction manager

* (ALPHA GCP FEATURE) Add IPAM controller

* Update d.spec.progressDeadlineSeconds comment

* Update godep-licenses script to work on darwin This change ensures that the BSD (darwin) and GNU (linux) versions of the md5sum util have the same output.

* Update godep licences

* Implement GetZoneByProviderID & GetZoneByNodeName

* Deprecates extension/v1beta DaemonSet Deployment and ReplicaSet Deprecates apps/v1beta1 Deployment StatefulSet and ControllerRevision

* Add `secondary-range-name` to the gce.conf

* auto generated

* Revert to using isolated PID namespaces in Docker

* Explicitly enable docker shared-pid for e2e_node

* Make logdump for kubemark logs independent of KUBERNETES_PROVIDER

* Changed volume IO e2e test to verify file hash instead of content.

* Make logdump work for GKE with \'use_custom_instance_list\' defined

* Update to debian-iptables-amd64:v8 in bazel WORKSPACE

* Kubernetes version v1.8.0-beta.0 file updates

* Generating docs for v1.8.0-beta.0 on release-1.8.

* Changes in OpenStack cloud provider for latest gophercloud

* Bug Fix - Adding an allowed address pair wipes port security groups

* Update sys spec to support docker 1.11-1.13 and overlay2.

* Update the label manifest with new milestone labels

* update generated protobuf for audit v1beta1 api

* Regenerate openapi for 1.9

* Revert \"Remove deprecated and experimental fields from KubeletConfiguration\"

* Fixes a cross-build failure introduced in PR 51209. FYI, issue 51863.

* Provide whole delegate chain to kube aggregator

* Consolidate local OpenAPI specs and APIServices\' spec into one data structure

* Update Godep for kube-openapi

* Enable batch/v1beta1.CronJobs by default

* Correct CronJob group version at remaining places

* update bazel

* Fully implement the kubeadm upgrade functionality

* Add unit tests for kubeadm upgrade

* autogenerated bazel

* Job failure policy support in JobController

* client-go: fix \'go build ./...\'

* kubeadm: Add omitempty tags to nullable values and use metav1.Duration

* autogenerated code

* kubeadm: Detect kubelet readiness and error out if the kubelet is unhealthy

* Build test targets for all server platforms

* Fix arm (32-bit) e2e.test compile failure

* Introduced Metrics Server

* Made metrics-server critical service managed by addon-manager

* Implement necessary API changes

* Implement controller for resizing volumes

* Add rbac policy change for expand controller

* Update generated files - api, bazel, json

* Clear alpha MountPropagation fields.

* implementation of GetZoneByProviderID and GetZoneByNodeName for azure

* Provide a way to omit Event stages in audit policy

* generated: update API resources

* Correct logdump logic for kubemark master

* Un-revert \"CPU manager wiring and `none` policy\"

* Fixed nil InternalContainerLifecycle in cm stubs.

* Fix Start signature in container_manager_windows.

* Add topology helper and tests to cpumanager.

* Added cpu assignment helpers.

* Added static cpumanager policy.

* Add tests for the static cpumanager policy.

* Add liggitt to registry approvers

* Gracefully handle permission errors when attempting to create firewall rules

* audit: fix fuzzer

* Use different project id for network ops & always set subnet

* make clean will remove all gitignored files

* Fix Stackdriver Logging tests for large clusters

* Tolerate group discovery errors in e2e ns cleanup

* remove OutOfDisk from controllers

* wait for container cleanup before deletion

* update vendor kube-openapi

* remove dup pkg and update reference

* GCE Cloud provider changes to enable RePD

* Enable dynamic provisioning of GCE Regional PD

* Modify VolumeZonePredicate to handle multi-zone PV

* Remove redundant redunancy in gce_alpha.go

* Make
*fakeMountInterface in container_manager_unsupported_test.go implement mount.Interface again.

* fix docstring of advanced audit policy

* set AdvancedAuditing feature gate to true by default

* Fix kubemark master-size and num-nodes config

* Make heapster VM creation work with IP aliases

* HugePage changes in API and server

* Kubelet changes to support hugepages

* Scheduler support for hugepages

* Node validation restricts pre-allocated hugepages to single page size

* Support for hugetlbfs in empty dir volume plugin

* Adding getHugePagesMountOptions function and tests

* check block owner ref on finalizers subresource

* Add EgressRule to NetworkPolicy

* Add PolicyTypes to NetworkPolicy Spec

* EgressRule generated code

* Extends device_plugin_handler to checkpoint device to container allocation information.

* Limit APIService healthz check to startup

* Make local APIService objects available on create

* Prevent flutter of CRD APIServices on start

* Sync local APIService objects once

* add permissions to workload controllers to block owners

* Set up DNS server in containerized mounter path

* update cadvisor, docker, and runc godeps

* Enabling aggregator functionality on kubemark, gce

* Graduate metrics/v1alpha1 to v1beta1

* Update HPA REST metrics client to metrics/v1beta1

* Rename metrics to metrics.k8s.io

* GCE: pass GCE_ALPHA_FEATURES if it is set

* Category expansion fully based on discovery

* use validatePod to validate update of uninitialized pod

* Disable rbac/v1alpha1 settings/v1alpha1 scheduling/v1alpha1

* Implement KubeProxyUpgradeTest and KubeProxyDowngradeTest

* Decouple kube-proxy migration tests from upgradeTests

* Move Autoscaling v2{alpha1 --> beta1}

* Move consumers of autoscaling/v2alpha1 to v2beta1

* Make hugepages comparison work on 32-bit platforms

* Add cluster up configuration for certificate signing duration.

* COS/GCE: Ensure TasksMax is sufficient for docker

* Fix unbound variable in configure-helper.sh

* Fix dynamic discovery error in e2e

* add a test for validating update of uninitialized pod

* enable the quota e2e test

* bazel

* Fixed CCM service controller start jitter

* fix issue(#47976)Invalid value error when creating service from exported config

* PodSecurityPolicy.allowedCapabilities: add support for using
* to allow to request any capabilities.

* Update autogenerated files.

* Bump cluster autoscaler to 0.7.0-alpha2

* Fix panic in expand controller when checking PVs

* enhance unit tests of advance audit feature

* Implement StatsProvider using CRI stats

* Charge quota for uninitialized objects at different time

* bazel

* Fix pod update test descriptions to match the test cases

* kubeadm: Upgrade Bootstrap Tokens to beta when upgrading to v1.8

* Fall back to network if subnet is unknown

* Revert \"remove dup pkg and update reference\"

* soft eviction timer works

* Added large topology tests for static policy in CPU Manager. - Added comments for tests cases.

* e2e: network tiers should retry on 404 errors

* update-all.sh.

* StatefulSet: Deflake e2e RunHostCmd.

* Move paused deployment e2e tests to integration

* Fix duplicate proto error in kubectl 1.8.0-alpha.

* kubeadm: add addons command

* Disable default paging in list watches

* Add sttts to code-generator OWNERS

* client-gen: avoid panic for empty groups

* kubeadm: Set the new BT auth group on the init token

* Fix cross-build

* Improve how JobController use queue for backoff

* Provide field info in storage configuration

* code-generator/protobuf: cut-off kubernetes specifics

* Multiarch support for pets images

* Fix proxied request-uri to be valid HTTP requests

* German Translation

* Fix AppArmor test at scale

* Bubble reservation error to the user when the address is specified.

* Move error check in TestFindDeviceForPath()

* Address comments

* Verify that AppArmor pod is colocated with the loader

* Rerun hack/update-bazel.sh

* Pipe in upgrade image target to kube-proxy migration tests

* ScaleIO - Specify SDC GUID value via node label

* Use COS for nodes in cluster by default, and bump COS.

* Convert deprecated gcloud --regexp flag into --filter

* fsync config checkpoint files after writing

* Add pod eviction logic for scheduler preemption Add Preempt to scheduler interface Add preemption to the scheduling workflow Minor changes to the scheduler integration test library

* autogenerated files

* Fix RBAC rules to allow scheduler update annotations of pods.

* Improve dynamic kubelet config e2e node test and fix bugs

* dockershim: check if f.Sync() returns an error and surface it

* Kubernetes version v1.8.0-beta.1 file updates

* fix format of forbidden messages

* Update CHANGELOG.md for v1.8.0-beta.1.

* Extend test/e2e/scheduling/nvidia-gpus.go to include a device plugin based nvidia gpu e2e test.

* Log a warning when --audit-policy-file not passed to apiserver

* Replace \'misc\' with more specific at-mentions bugs and feature-requests. Replace ReplicaSets with Deployments as example, because ReplicaSets are dated. Generalize join example.

* fix prober ticking shift for kubelet restarted cases

* Fix pointer receivers handling in unstructured converter

* A policy with 0 rules should return an error

* apiserver: separate apiserver specific configs into ExtraConfig

* apiserver: make config completion structural recursion

* apiserver: allow disabling authz/n via options

* apiserver: stratify versioned informer construction

* Update set image description to remove job from resources that can update container image

* Revert commit 9dc3a661d71c18e33ac93a6125bb187fa83b8853

* apiserver: split core API creation from secure serving

* apiserver: avoid panics on nil sub-option structs

* Bump cluster autoscaler to 0.7.0-alpha3

* Fill in creationtimestamp in audit events

* Add bskiba to cluster-autoscaler config owners

* kube-aggregator: use shared informers from RecommendedConfig

* Update bazel

* bump(github.com/google/cadvisor): cda62a43857256fbc95dd31e7c810888f00f8ec7

* Fix deployment timeout reporting

* Allow watch cache to be disabled per type

* Restore OWNERS file for k8s.io/metrics

* Remove links to GCE/AWS cloud providers from PersistentVolumeController

* kubeadm: Perform TLS Bootstrapping in kubeadm join for v1.7 kubelets but not v1.8 ones

* kubeadm: Enable certificate rotation

* Version gates the ephemeral storage e2e test

* Use credentials from providers for docker sandbox image

* Add warning for kube-proxy DaemonSet option

* Fix discovery restmapper finding resources in non-preferred versions

* Move 1.2.
* release notes into separate file CHANGELOG-1.2.md

* Update TOC of CHANGELOG

* Note equivalence class for dev and other fix

* Portworx driver changes dependent on updated vendor\'ed code.

* add some test case

* suspect nil pointer for HostPathType

* Port Guestbook tests to mutiarch

* fix kubectl set env --list description

* RBD Plugin: Omit volume.MetricsProvider field and add some testcases.

* [fluentd-gcp addon] Update event-exporter to address metrics problem

* fix condition-taint labels

* Added node e2e tests for the CPU Manager feature.

* Extract config common across CIDR allocators

* Summary tests should report rss usage now

* Ignore pods for quota that exceed deletion grace period

* Glusterfs expands in units of GB not GiB

* Use cAdvisor constant for crio imagefs

* Add bsalamat to sig-scheduling-maintainers

* \'
*\' is valid for allowed seccomp profiles

* Add OWNERS for build/debs

* kubeadm: Mark self-hosting alpha in v1.8

* Fix glusterfs creating volumes in GiB

* bazel: update sha256sum on rules_go and io_bazel dependencies

* Revert \"Add cluster up configuration for certificate signing duration.\"

* Small fix in salt manifest for kube-apiserver for request-timeout flag

* enable azure disk mount on windows node

* fix azure disk mounter issue

* Normalize WATCHLIST to WATCH in metrics

* Report scope on all apiserver metrics

* Report \"resource\" scope where possible

* Report scope in e2e test metrics

* [fluentd-gcp addon] Restore the metric for the number of read log entries

* Fix pagesize mount option name

* Prevent enabling alpha APIs by default

* Switch default audit policy to beta and omit RequestReceived stage

* Log at higher verbosity levels some common SyncPod errors

* StatefulSet: Deflake e2e RunHostCmd more.

* fix kubeadm token create error

* fix Kubeadm phase addon

* Make log-dump use \'gcloud ssh\' for GKE also

* Remove the conversion of client config, because client-go is authoratative now

* Extends GPUDevicePlugin e2e test to exercise device plugin restarts.

* Make CPU manager release allocated CPUs when container enters completed phase.

* [fluentd-gcp addon] Trim too long log entries due to Stackdriver limitation

* log gcloud command error

* Add new api groups to the GCE advanced audit policy

* Fix bug with gke in logdump

* Bump Cluster Autoscaler to 0.7.0-beta1

* Make advanced audit policy on GCP configurable

* Don\'t crash density test on missing a single measurement

* Workaround go-junit-report bug for TestApps

* use specified discovery information if possible

* Add e2e test for storageclass.reclaimpolicy

* Make CPU constraint for l7-lb-controller in density test scale with #nodes

* Allow metadata firewall & proxy on in GCE, off by default

* Move cloudprovider initialization to after token controller and use clientBuilder

* Add more tests on pod preemption

* Bumped Heapster to v1.5.0-beta.0

* Update CHANGELOG.md for v1.6.10.

* kubelet: enable CRI container metrics

* Implement support for updating resources

* Update the test under audit policy

* Fix e2e Flaky Apps/Job BackoffLimit test

* Get nodes from GKE node pool by checking labels

* Update CHANGELOG.md for v1.7.6.

* Changes the node cloud controller to use its name for events

* [fluentd-gcp addon] Remove trimming e2e tests out of blocking suites

* Add env var to enable kubelet rotation in kube-up.sh.

* Use separate client for node status loop

* Fixes device plugin re-registration handling logic to make sure: - If a device plugin exits, its exported resource will be removed. - No capacity change if a new device plugin instance comes up to replace the old instance.

* plumb the proxyTransport to the webhook admission plugin; set the ServerName in the config for webhook admission plugin.

* fix the webhook unit test; the server cert needs to have a valid CN; fix a fuzzer;

* Add Windows Kernel Proxy support

* Fix Bazel build

* Vendor changes

* Move 1.3.
* release notes out of CHANGELOG.md

* Add cluster name option for cloud controller manager

* Support kubernetes-anywhere provider

* Enable overriding Heapster resource requirements in GCP

* Revert \"Update addon-resizer version\"

* Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1

* Update defaults (successful|failed)JobsHistoryLimit in batch/v1beta1 - generated changes

* [fluentd-gcp addon] By default ingest audit logs in JSON format

* Increase sliding window to 5hr for request_latencies metric

* Add extra steps to delete resource handler trace

* Bumped Metrics Server to v0.2.0

* Added OWNERS for metrics-server

* Enable autoscaling/v2beta1 by default

* Recreate pod sandbox when the sandbox does not have an IP address.

* Attempt at fixing UTs

* Add configuration support for signing duration.

* etcd3 store: retry w/live object on conflict

* Do not install metrics/v1at lpah1 by default

* [fluentd-gcp] Update Stackdriver plugin to version 0.6.7

* Add bootstrap policy for HPA metrics REST clients

* fix addon error

* Add statefulset upgrade tests to be run as part of all upgrade testsuites

* update tag

* Fix nil dereference if storage id is nil

* Handle nil WritableLayer

* Fix CRI container/imagefs stats.

* Fix panic in ControllerManager when GCE external loadbalancer healthcheck is nil

* use allocatable instead of capacity for node memory

* Add exception to golint check

* Resize plugin should only check for increase in size

* Fixes some races in deviceplugin manager_test.go and manager.go.

* Fix volume remount on reboot

* bazel: set --incompatible_comprehension_variables_do_not_leak=false

* Fix FC WaitForAttach not mounting a volume

* use allocatable instead of capacity

* Remove kargakis from OWNERS, add tnozicka

* Add support for Instances

* godep: add dhcp4 and dhcp4client dependencies

* Move 1.4.
* release notes out of CHANGELOG.md

* Move 1.5.
* release notes out of CHANGELOG.md

* Move 1.6.
* release notes out of CHANGELOG.md

* Fix mistype that causes breakage of e2e test.

* Add concurrency to cloud CIDR allocator & make it non-blocking on NodeSpec updates

* Say the valid IP range in IP errors

* Retry if possible while creating latency pods in density test

* Fix: update system spec to support Docker 17.03

* Make statefulset tests part of separate testsuite

* FC plugin: Return target wwn + lun at GetVolumeName()

* Add mount options e2e test

* Made image as deliberately optional in v1 Container struct.

* Generated code.

* Fixed test issue for image validation.

* k8s.io/code-generator: hide gen test output from go tools

* Update generated files

* [fluentd-gcp addon] Remove audit logs from the fluentd configuration

* adjust parameter in cluster autoscaling test

* conversion-gen: make staging dirs independent of living in vendor/

* Fix conversion of CRD schema to go-openapi types

* add pdbs for more kube-system pods in scale down test

* update-staging-godeps: only mangle staging repos in Godeps.json

* restore e2fsprogs in hyperkube image

* Update staging godeps

* bump tags

* Add e2e test for volume metrics

* Fixed nil dereference in dynamic provisioning e2e tests

* Mark the LBaaS v1 of OpenStack cloud provider deprecated

* Add e2e test to verify PVC metrics

* Don\'t specify clusterIP in dns e2e test

* Increase api latency threshold for cluster-scoped list calls

* improve PDBs cleanup

* improve retrying logic when checking CA status

* deprecate warning for persistent volume admission controller

* Debug for issues #50945

* Address review comments

* Address review comment

* Remove GC rate limiter metrics

* Checking GlusterFS error output https://github.com/kubernetes/kubernetes/issues/50463

* improve setting pdbs for kube-system pods

* Fake out the kubernetes version in phase testing in order to avoid resolving things manually (which can lead to flakes)

* Use the release-1.8 branch by default

* Fix volume metric flake

* Bump cluster autoscaler to 0.7.0-beta2

* Kubernetes version v1.8.0-rc.1 file updates

* Preserve leading and trailing slashes on proxy subpaths

* AllowPrivilegeEscalation: add validations for caps and privileged

* Mark Cluster Autoscaler as GA (1.0.0) in 1.8 branch

* Fixed intermittant e2e aggregator test on GKE.

* fix missing apps/replicaset in kubectl

* Support apps.ReplicaSet in kubectl describe

* Update kube-dns to version 1.14.5

* Update kubeadm to 1.14.5

* Fix host network flake tests

* Normalize RepoTags before checking for match

* Kubernetes version v1.8.0 file updates

* Kubernetes version v1.8.1-beta.0 file updates

* Kubernetes version v1.8.1-beta.0 openapi-spec file updates

* Service LoadBalancer defaults to external

* Change ImageGCManage to consume ImageFS stats from StatsProvider

* Calculate patches for commands using input version

* Fix sed command to not try shell redirection

* Fix basic audit in GCE deploy scripts

* Fixes a flakiness in GPUDevicePlugin e2e test. Waits till nvidia gpu disappears from all nodes after deleting the device plug DaemonSet to make sure its pods are deleted from all nodes.

* Correct APIGroup for RoleBindingBuilder Subjects

* Enable node certificate autorotation

* Don\'t try to migrate to new roles and rolebinding within 1.7 upgrades

* Fix imagefs stats.

* Upgrade version of heaspter to v1.4.3.

* Remove conformance tag for internet connectivity

* Added device plugin e2e kubelet failure test

* Modified test/e2e_node/gpu-device-plugin.go to make sure it passes.

* Fixes test/e2e_node/gpu_device_plugin.go test failure.

* remove containers of deleted pods once all containers have exited

* Add permisions for Metrics Server to read resources on cluster level

* Version should be quoted so jq doesn\'t interpret it as numeric

* Change default --cert-dir for kubelet to a non-transient location

* code-generator: rename _test to _examples

* code-generator: turn hack/update-codegen.sh into re-usable generate-{internal,}-groups.sh scripts

* sample-apiserver: port to k8s.io/code-generator/generate-internal-groups.sh

* verify-pkg-names.sh: exclude generated informers

* Update generated files

* Ignore notFound when deleting firewall

* Use pointer for PSP allow escalation

* Handle missing subnet for auto networks and legacy networks

* Add group by default to kubeadm token create

* Fixes a regression introduced by PR 52290 that extended resource capacity may temporarily drop to zero after kubelet restarts and PODs restarted during that time window could fail to be scheduled.

* bazel: set --incompatible_disallow_set_constructor=false to fix breakage

* query --incompatible_comprehension_variables_do_not_leak=false

* In DevicePluginHandlerImpl.Allocate(), skips untracked extended resources. Otherwise, we would fail a Pod allocation request that has an extended resource not managed by any device plugin.

* Bump GLBC to 0.9.7

* fix generate-groups.sh

* code-generator: fix flag check in generate-internal-groups.sh

* Strip tokens from `kubeadm-config` config map

* gce:restrict file permissions for PKI assets

* Add client and server versions to the e2e.test output.

* Fix to prevent downward api change break on older versions

* Make CoreID\'s platform unique

* Fix flake for volume detach metrics

* fix #52462. Do not GC exited containers in running pods

* Kubernetes version v1.8.1 file updates

* Kubernetes version v1.8.2-beta.0 file updates

* Kubernetes version v1.8.2-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.1.

* Add /swagger.json and /swagger-2.0.0.pb-v1 to discovery role

* Update busybox image link to gcr.io for kube-proxy

* feature gate local storage allocatable eviction

* Ensure base image includes the modprobe binary

* Updated hash and version of image debian-hyperkube-base-amd64

* Removed unneeded change on WORKSPACE file

* User separate client for leader election in scheduler

* Fix hpa scaling above max replicas w/ scaleUpLimit

* Split downward API e2e test case for pod/host IP into two

* Create new targets for running in existing containers (GCB).

* Autoscaler metrics-server with pod-nanny

* Fixed metrics API group name in audit configuration

* client-gen: register standard flags

* Restrict GPU tests to use release 1.8 version of device plugins

* Bulk Verify Volumes Implementation for vSphere

* Unable to detach the vSphere volume from Powered off node

* start generating rbac serialization for v1

* PodSecurityPolicy: Do not mutate nil privileged field to false

* PodSecurityPolicy: only set runAsNonRoot when runAsUser is nil

* PodSecurityPolicy: avoid unnecessary mutation of container capabilities

* PodSecurityPolicy: avoid unnecessary mutation of supplemental groups

* PodSecurityPolicy: pass effective capabilities to validation interface

* PodSecurityPolicy: limit validation to provided groups

* PodSecurityPolicy: pass effective selinux options to validate

* PodSecurityPolicy: pass effective runAsNonRoot and runAsUser to user validation interface

* GC: Add check for nil interface

* SecurityContext: Add accessors/mutators for effective container security context

* PodSecurityPolicy: avoid unnecessary securitycontext mutation

* PodSecurityPolicy: Order by name, prefer non-mutating policies, require
*api.Pod, allow GC updates

* fix avset nil issue in azure loadbalancer

* Adjust defaults of audit webhook backends

* Add throttling to the batching audit webhook

* Enable prometheus client metrics in apiserver

* Do not remove kubelet labels during startup

* Ensure network policy conversion round trips nil from field

* Always retry network connection error in webhook

* fix error message of custrom resource validation

* apiextensions-apiserver: stop cacher on CRD update

* apiextensions: create storage with accepted, not spec\'ed names

* apiextensions: keep CRD storage for updates outside of spec and accepted names

* apiextensions: fix test loop for CRD validation

* Removed the IPv6 prefix size limit for cluster-cidr

* Update bootstrap policy with replicaset/daemonset permissions in the apps API group

* Fix kube-proxy panic on cleanup

* Cluster Autoscaler 1.0.1

* Fix etcd hostnames

* Use GetByKey() in typeLister_NonNamespacedGet

* Make OpenStack LBaaS v2 Provider configurable

* Regenerate auto-generated code

* Kubernetes version v1.8.2 file updates

* Kubernetes version v1.8.3-beta.0 file updates

* Kubernetes version v1.8.3-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.2.

* Fix retry logic in service controller

* fix#50150: azure disk mount failure on coreos

* Use cloud environment to instantiate client

* Variable mismatch

* Fix `kubeadm init --token-ttl=0`/config `tokenTTL: \"0\"`.

* change default kind value of azure disk pv

* allow windows mount path

* fix azure pv crash due to readOnly nil

* Move fluentd-gcp out of host network

* Fix detach metric flake by not using exact equals

* Move hardcoded constants to the beginning of configure.sh script

* Specify correct subresource discovery info

* Use GVK from storage in API registration

* Test scale subresource discovery

* add windows implementation of GetMountRefs

* Bump version of prometheus-to-sd to 0.2.2.

* Fixing usage of clustered datastore to be absolute datastore

* add scheduling.k8s.io to apiVersionPriorities

* Use CIDR-aware proxy resolver for SPDY RoundTripper

* Fix `kubeadm upgrade plan` for offline operation

* Add openssh-client to the debian-hyperkube-base image

* update cadvisor godeps to v0.27.2

* fix #54499. Removed containers are not waiting

* Add a label which prevents a node from being added to a cloud load balancer.

* Append an alpha label to the exclude load balancer annotation.

* wqFlag gate node exclusion for service load balancers.

* Update service_controller.go to remove merge conflict markers

* rename metric reflector_xx_last_resource_version to reflector_last_resource_version{name=\"xx\"}

* Add GCP addon PodSecurityPolicies & Bindings

* GCP PodSecurityPolicy configuration

* PodSecurityPolicy E2E tests

* trigger endpoint update on pod deletion

* Fix typo in CHANGELOG-1.8.md

* Revert \"Validate if service has duplicate targetPort\"

* Introduce GCE-specific addon directory

* Aggregator test uses framework namespace.

* Update fluentd-gcp DaemonSet

* Cluster Autoscaler 1.0.2

* Remove dependency on drv_cfg binary for querying scalio devices

* ScaleIO - API source code update

* ScaleIO - Generated files

* Revert cherry-pick #55064

* Adjust resources for Metrics Server

* Reapply cherry-pick #55064

* Fix hyperkube kubelet --experimental-dockershim

* Updating Calico to v2.6.1

* RBAC for Calico Typha Horizontal Autoscaler

* Fix \'Schedulercache is corrupted\' error

* partial fix crd patch failing

* kubeadm: don\'t create duplicate volume/mount

* Kubernetes version v1.8.3 file updates

* Kubernetes version v1.8.4-beta.0 file updates

* Kubernetes version v1.8.4-beta.0 openapi-spec file updates

* Add/Update CHANGELOG-1.8.md for v1.8.3.

* GCE: provide an option to disable docker\'s live-restore

* Dockershim: print docker info output at startup

* kubectl apply does not send empty patch request

* fix panic bug

* Allow HPA to get custom metrics

* Make swap check as an error

* Set the NON_MASQUERADE_CIDR to 0/0 by default in GCE/GKE which disables masquerade rules setup by the kubelet. Add masquerade rules based on NON_MASQUERADE_CIDR being set to 0/0.

* Capture git export-subst strings in version.sh for \'git archive\' use.

* Explicitly set route_localnet on nodes & masters.

* avoid Registry in fake REST client

* fix errors

* Fix .git rsync filter

* Check dup NodePort with protocols when update services

* Add unit test for checking dup NodePort with protocols

* Add e2e test for checking dup NodePort with protocols

* Use \"==\" instead of DeepEqual for simple structs comparing.

* Return error instead of crashing apiserver when updating services with duplicate nodeports

* mount /lib/modules to kube-proxy

* update wrong group for priorityclasses

* Use whitelisted test image

* Fix session affinity with local endpoints traffic

* Source PodSecurityPolicies from addon subdir

* Reorganize addon PodSecurityPolicies

* Add optional addon PSPs

* Remove SSL cert volumes from heapster addons

* Add a cloud-init script to disable live-restore

* Bump addon manager version used to 6.5

* fix conditional for warning while starting KCM without secret file

* add ipvs default sync period

* Set \"--kubelet-preferred-address-types\" if ssh tunnel is not used. In additional don\'t advertise external address.

* Cluster Autoscaler 1.0.3

Fri Nov 17 13:00:00 2017 mjuraAATTsuse.com
- Set KUBE_GIT_COMMIT and KUBE_GIT_TREE_STATE compilation option, (bsc#1065972)

* Please check commit_id comment in kubernetes.spec

Fri Nov 10 13:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.7+8e1552342355496b62754e61ad5f802a0f3f1fa7:

* Fix clusterip for ExternalName service test

* Third party resources should not be part of conformance

* Disable invalid test case from dns externalName e2e test

* Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty

* Update kube-dns to 1.14.5

* Kubernetes version v1.7.7 file updates

Thu Oct 19 14:00:00 2017 mjuraAATTsuse.com
- Add kubectl fix for duplicate proto error, (bsc#1057277)

* kubectl-fix-duplicate-proto-error-bsc-1057277.patch

Fri Sep 29 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.7 (bsc#1061027):

* Fix clusterip for ExternalName service test

* Third party resources should not be part of conformance

* Disable invalid test case from dns externalName e2e test

* Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty

* Update kube-dns to 1.14.5

* Kubernetes version v1.7.7 file updates

Mon Sep 18 14:00:00 2017 jmassaguerplaAATTsuse.com
- Update to 1.7.6 (fix bsc#1059207)
[fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, AATTcrassirostris)
Cluster Autoscaler 0.6.2 (#52359, AATTmwielgus)
Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, AATTjpbetz)
Fix credentials providers for docker sandbox image. (#51870, AATTfeiskyer)
Fix security holes in GCE metadata proxy. (#51302, AATTihmccreery)
Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, AATTliggitt)
Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, AATTliggitt)
Fix a kube-controller-manager crash which can result when --concurrent-resource-quota-syncs is >1 and pods exist in the system containing certain alpha/beta annotation keys. (#52092, AATTironcladlou)
Make logdump support kubemark and support gke with \'use_custom_instance_list\' (#51834, AATTshyamjvs)
Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, AATTliggitt)
In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, AATTyujuhong)
Fix providerID update validation (#51761, AATTkarataliu)
Automated cherry pick of #50381 to release-1.7 (#51871, AATTfeiskyer)
The emptyDir.sizeLimit field is now correctly omitted from API requests and responses when unset. (#50163, AATTjingxu97)
Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, AATTgunjan5)
- Update to 1.7.5
Bumped Heapster version to 1.4.2 - more details https://github.com/kubernetes/heapster/releases/tag/v1.4.2. (#51620, AATTpiosz)
Fix for Pod stuck in ContainerCreating with error \"Volume is not yet attached according to node\". (#50806, AATTverult)
Fixed controller manager crash by making it tolerant to discovery errors.(#49767, AATTdeads2k)
Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag --enable-garbage-collector=false (#51469, AATTironcladlou)
Allow attach of volumes to multiple nodes for vSphere (#51066, AATTBaluDontu)
vSphere: Fix attach volume failing on the first try. (#51217, AATTBaluDontu)
azure: support retrieving access tokens via managed identity extension (#48854, AATTcolemickens)
Fixed a bug in strategic merge patch that caused kubectl apply to error out under some conditions (#50862, AATTguoshimin)
It is now posible to use flexVolumes to bind mount directories and files. (#50596, AATTadelton)
StatefulSet: Fix \"forbidden pod updates\" error on Pods created prior to upgrading to 1.7. (#48327) (#51149, AATTkow3ns)
Fixed regression in initial kubectl exec terminal dimensions (#51127, AATTchen-anders)
Enforcement of fsGroup; enable ScaleIO multiple-instance volume mapping; default PVC capacity; alignment of PVC, PV, and volume names for dynamic provisioning (#48999, AATTvladimirvivien)
- Update to 1.7.4
Azure: Allow VNet to be in a separate Resource Group. (#49725, AATTsylr)
Fix an issue where if a CSR is not approved initially by the SAR approver is not retried. (#49788, AATTmikedanese)
Cluster Autoscaler - fixes issues with taints and updates kube-proxy cpu request. (#50514, AATTmwielgus)
Bumped Heapster version to 1.4.1: (#50642, AATTpiosz)
handle gracefully problem when kubelet reports duplicated stats for the same container (see #47853) on Heapster side
fixed bugs and improved performance in Stackdriver Sink
fluentd-gcp addon: Fix a bug in the event-exporter, when repeated events were not sent to Stackdriver. (#50511, AATTcrassirostris)
Collect metrics from Heapster in Stackdriver mode. (#50517, AATTpiosz)
fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group. (#49805, AATTnbutton23)
Updates Cinder AttachDisk operation to be more reliable by delegating Detaches to volume manager. (#50042, AATTjingxu97)
fixes kubefed\'s ability to create RBAC roles in version-skewed clusters (#50537, AATTliggitt)
Fix data race during addition of new CRD (#50098, AATTnikhita)
Fix bug in scheduler that caused initially unschedulable pods to stuck in Pending state forever. (#50028, AATTjulia-stripe)
Fix incorrect retry logic in scheduler (#50106, AATTjulia-stripe)
GCE: Bump GLBC version to 0.9.6 (#50096, AATTnicksardo)
The NodeRestriction admission plugin now allows a node to evict pods bound to itself (#48707, AATTdanielfm)
Fixed a bug in the API server watch cache, which could cause a missing watch event immediately after cache initialization. (#49992, AATTliggitt)
- Update to 1.7.3
fix pdb validation bug on PodDisruptionBudgetSpec (#48706, AATTdixudx)
kubeadm: Fix join preflight check false negative (#49825, AATTerhudy)
Revert deprecation of vCenter port in vSphere Cloud Provider. (#49689, AATTdivyenpatel)
Fluentd-gcp DaemonSet exposes different set of metrics. (#48812, AATTcrassirostris)
Fixed OpenAPI Description and Nickname of API objects with subresources (#49357, AATTmbohlool)
Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server\'s IP address, consistent with non-websocket requests. (#49353, AATTliggitt)
kubeadm: Fixes a small bug where --config and --skip-
* flags couldn\'t be passed at the same time in validation. (#49498, AATTluxas)
kubeadm: Don\'t set a specific spc_t SELinux label on the etcd Static Pod as that is more privs than etcd needs and due to that spc_t isn\'t compatible with some OSes. (#49328, AATTeuank)
Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server\'s IP address, consistent with non-websocket requests. (#49353, AATTliggitt)
kubectl drain no longer spins trying to delete pods that do not exist (#49444, AATTeparis)
Fixes #49418 where kube-controller-manager can panic on volume.CanSupport methods and enter a crash loop. (#49420, AATTgnufied)
Fix Cinder to support http status 300 in pagination (#47602, AATTrootfs)
Automated cherry pick of #49079 upstream release 1.7 (#49254, AATTfeiskyer)
Fixed GlusterFS volumes taking too long to time out (#48709, AATTjsafrane)
The IP address and port for kube-proxy metrics server is now configurable via flag --metrics-bind-address (#48625, AATTmrhohn)
Special notice for kube-proxy in 1.7+ (including 1.7.0):
Healthz server (/healthz) will be served on 0.0.0.0:10256 by default.
Metrics server (/metrics and /proxyMode) will be served on 127.0.0.1:10249 by default.
Metrics server will continue serving /healthz.
- Update to 1.7.2
Use port 20256 for node-problem-detector in standalone mode. (#49316, AATTajitak)
GCE Cloud Provider: New created LoadBalancer type Service will have health checks for nodes by default if all nodes have version >= v1.7.2. (#49330, AATTMrHohn)
Azure PD (Managed/Blob) (#46360, AATTkhenidak)
Fix Pods using Portworx volumes getting stuck in ContainerCreating phase. (#48898, AATTharsh-px)
kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm (#49017, AATTluxas)
Fix pods failing to start when subPath is a dangling symlink from kubelet point of view, which can happen if it is running inside a container (#48555, AATTredbaron)
Never prevent deletion of resources as part of namespace lifecycle (#48733, AATTliggitt)
kubectl: Fix bug that showed terminated/evicted pods even without --show-all. (#48786, AATTjanetkuo)
Add a runtime warning about the kubeadm default token TTL changes. (#48838, AATTmattmoyer)
Local storage teardown fix (#48402, AATTianchakeres)
Fix udp service blackhole problem when number of backends changes from 0 to non-0 (#48524, AATTfreehan)
hpa: Prevent scaling below MinReplicas if desiredReplicas is zero (#48997, AATTjohanneswuerbach)
kubeadm: Fix a bug where kubeadm join would wait 5 seconds without doing anything. Now kubeadm join executes the tasks immediately. (#48737, AATTmattmoyer)
Fix a regression that broke the --config flag for kubeadm init. (#48915, AATTmattmoyer)
Fix service controller crash loop when Service with GCP LoadBalancer uses static IP (#48848, AATTnicksardo) (#48849, AATTnicksardo)
- Update to 1.7.1
Added new flag to kubeadm init: --node-name, that lets you specify the name of the Node object that will be created (#48594, AATTGheRivero)
Added new flag to kubeadm join: --node-name, that lets you specify the name of the Node object that\'s gonna be created (#48538, AATTGheRivero)
Fixes issue where you could not mount NFS or glusterFS volumes using hostnames on GCI/GKE with COS images. (#42376, AATTjingxu97)
Reduce amount of noise in Stackdriver Logging, generated by the event-exporter component in the fluentd-gcp addon. (#48712, AATTcrassirostris)
Add generic NoSchedule toleration to fluentd in gcp config. (#48182, AATTgmarek)
RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup. (#48480, AATTliggitt)
Support NoSchedule taints correctly in DaemonSet controller. (#48189, AATTmikedanese)
kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns (#48050, AATTluxas)

Tue Sep 12 14:00:00 2017 mmeisterAATTsuse.com
- fix docker 1.12.6 requirement in subpackages

Sun Sep 3 14:00:00 2017 kukukAATTsuse.de
- Exclude s390
- Fix building on aarch64

Fri Sep 1 14:00:00 2017 thippAATTsuse.de
- Require docker 1.12.6:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#external-dependency-version-information

Fri Sep 1 14:00:00 2017 mmeisterAATTsuse.com
- drop redundant BuildRequires
already present with golang(API) = 1.8

Thu Aug 17 14:00:00 2017 kukukAATTsuse.de
- Remove superfluous whitespaces as requested by sle-review-team

Thu Jul 13 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.7.0:

* Kubernetes 1.7 is a milestone release that adds security, stateful application,
and extensibility features motivated by widespread production use of Kubernetes.

* Security enhancements in this release include encrypted secrets (alpha),
network policy for pod-to-pod communication, the node authorizer to limit Kubelet
access to API resources, and Kubelet client / server TLS certificate rotation (alpha).

* Major features for stateful applications include automated updates to StatefulSets,
enhanced updates for DaemonSets, a burst mode for faster StatefulSets scaling,
and (alpha) support for local storage.

* Extensibility features include API aggregation (beta), CustomResourceDefinitions (beta)
in favor of ThirdPartyResources, support for extensible admission controllers (alpha),
pluggable cloud providers (alpha), and container runtime interface (CRI) enhancements.
- patch modifications:

* modify make-e2e_node-run-over-distro-bins.patch: supply additional args to
test-e2e-node.sh

* modify build-with-debug-info.patch: hard-code go binary invocation
- add_pr_template.patch
- fix-support-for-ppc64le.patch

Mon Jun 12 14:00:00 2017 fcastelliAATTsuse.com
- Update go build requirements: do not build with go >= 1.8 until
we kubernetes 1.7 is released (see https://github.com/kubernetes/kubernetes/issues/45935)

Thu Jun 8 14:00:00 2017 robert.rolandAATTsuse.com
- Adding a /etc/kubernetes/kubelet-initial EnvironmentFile that is expected
to set the KUBELET_INITIAL_ARGS variable so that a set of arguments that
only impact kubelet on the first run can be supplied. This removes the
need to restart kubelet when you change the node labels, for example.

Wed Jun 7 14:00:00 2017 fcastelliAATTsuse.com
- Change default kubernetes log level: use warning as base level of logging,
not debug.
- Change default kubelet configuration: do not tell kubelet to look for
the API server on localhost. 90% of the times this process is located
somewhere else. This also helps to fix/mitigate bsc#1042387

Mon Jun 5 14:00:00 2017 fcastelliAATTsuse.com
- Add kubelet-support-btrfs-fixes-bsc-1042383.patch needed to fix bsc#1042383
- Removed commented line referring to a patch file no longer shipped

Fri May 19 14:00:00 2017 jmassaguerplaAATTsuse.com
- Downgrade to version 1.5.3 because we just hit some new issues
(bsc#1039663) with k8s 1.6 and we don\'t have time to properly fix
and test 1.6, to make sure there are no new bugs, before the release.

Tue Apr 11 14:00:00 2017 jengelhAATTinai.de
- Update descriptions

Thu Apr 6 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.6.1:

* Bump cluster autoscaler to 0.5.1

* Kubernetes version v1.6.1-beta.0

* update-all.sh

* Better messaging when GKE certificate signing fails.

* Update busybox dependency to fix bazel build

* update-all.sh

* don\'t wait for first kubelet to be ready

* Fix problems of not-starting image pullers

* Kubernetes version v1.6.1

Mon Apr 3 14:00:00 2017 jmassaguerplaAATTsuse.com
- Remove get-rid-of-the-git-commands-in-mungedocs.patch: no mungedocs
Review patches:

* build-with-debug-info.patch

* fix-support-for-ppc64le.patch

* git-upstream.patch

* make-e2e_node-run-over-distro-bins.patch
- Remove 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch
because mesos has been moved to the incubator project:
https://github.com/kubernetes/kubernetes/pull/33658

Mon Apr 3 14:00:00 2017 opensuse-packagingAATTopensuse.org
- Update to version 1.6.0:

* Kubernetes version v1.6.0-beta.0

* Generating docs for v1.6.0-beta.0 on release-1.6.

* update-all.sh.

* update-all.sh.

* Kubernetes version v1.6.0-beta.1

* update-staging-client-go.sh

* Kubernetes version v1.6.0-beta.2

* update-all.sh.

* Kubernetes version v1.6.0-beta.3

* update-all.sh.

* Kubernetes version v1.6.0-beta.4

* update-staging-client-go.sh

* Update NPD rbac.

* Kubernetes version v1.6.0-rc.1

* update-all.sh.

* Update a few regex patterns to support release candidates

* Added failing upgrade if there are many master replicas.

* added prompt warning if etcd3 media type isn\'t set during upgrade

* etcd upgrade warning: add docs link, fixed etcd2 behavior, print non-interactive

* in storage media upgrade prompt, provide config for using protobuf

* Kubernetes version v1.6.0

Mon Mar 27 14:00:00 2017 alvaro.saurinAATTsuse.com
- updated to to 1.5.5

Wed Mar 15 13:00:00 2017 alvaro.saurinAATTsuse.com
- updated to to 1.5.4

Thu Feb 23 13:00:00 2017 alvaro.saurinAATTsuse.com
- added some patches:
build-with-debug-info.patch, fix-support-for-ppc64le.patch,
get-rid-of-the-git-commands-in-mungedocs.patch, git-upstream.patch,
make-e2e_node-run-over-distro-bins.patch
- removed gcc-on-ppc64-and-arm.patch

Tue Jan 24 13:00:00 2017 jmassaguerplaAATTsuse.com
- exclude i586. We don\'t expect this package to build with i586

Mon Jan 23 13:00:00 2017 jmassaguerplaAATTsuse.com
- add kubernetes-rpmlintrc file to the spec file

Mon Nov 28 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix ownernship of service account key

Wed Nov 23 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix permissions in service account key

Thu Nov 17 13:00:00 2016 jmassaguerplaAATTsuse.com
- add the github PR templates or it does not build

Thu Nov 17 13:00:00 2016 asaurinAATTsuse.com
- Updated to 1.3.10
- AWS: fix volume device assignment race condition (#31090, AATTjustinsb)
- Test x509 intermediates correctly (#34524, AATTliggitt)
- Remove headers that are unnecessary for proxy target (#34076, AATTmbohlool)
- gci: decouple from the built-in kubelet version (#31367, AATTAmey-D)
- Bump GCE debian image to container-vm-v20161025 (CVE-2016-5195 Dirty… (#35825, AATTdchen1107)
- Add RELEASE_INFRA_PUSH related code to support pushes from kubernetes/release. (#28922, AATTdavid-mcmahon)

Wed Sep 14 14:00:00 2016 msabateAATTsuse.com
- Updated to 1.3.7
- Fix watch cache filtering (#29046, AATTliggitt)
- List all nodes and occupy cidr map before starting allocations (#29062, AATTbprashanth)
- Fix watch cache filtering (#28968, AATTliggitt)
- Lock all possible kubecfg files at the beginning of ModifyConfig. (#28232, AATTcjcullen)
- Removing images with multiple tags (#29316, AATTronnielai)
- kubectl: don\'t display an empty list when trying to get a single resource that isn\'t found (#28294, AATTncdc)
- Fix working_set calculation in kubelet (#29154, AATTvishh)
- Don\'t delete affinity when endpoints are empty (#28655, AATTfreehan)
- GCE bring-up: Differentiate NODE_TAGS from NODE_INSTANCE_PREFIX (#29141, AATTzmerlynn)
- Fix logrotate config on GCI (#29139, AATTadityakali)
- Do not query the metadata server to find out if running on GCE. Retry metadata server query for gcr if running on gce. (#28871, AATTvishh)
- Fix GPU resource validation (#28743, AATTtherc)
- Scale kube-proxy conntrack limits by cores (new default behavior) (#28876, AATTthockin)
- Don\'t recreate lb cloud resources on kcm restart (#29082, AATTbprashanth)
- NetworkPolicy cherry-pick 1.3 (#29556, AATTcaseydavenport)
- Allow mounts to run in parallel for non-attachable volumes (#28939, AATTsaad-ali)
- add enhanced volume and mount logging for block devices (#24797, AATTscreeley44)
- kube-up: increase download timeout for kubernetes.tar.gz (#29426, AATTjustinsb)
- Fix RBAC authorizer of ServiceAccount (#29071, AATTalbatross0)
- Update docker engine-api to dea108d3aa (#29144, AATTronnielai)
- Assume volume is detached if node doesn\'t exist (#29485, AATTsaad-ali)
- Make PD E2E Tests Wait for Detach to Prevent Kernel Errors (#29031, AATTsaad-ali)
- Fix \"PVC Volume not detached if pod deleted via namespace deletion\" issue (#29077, AATTsaad-ali)
- append an abac rule for $KUBE_USER. (#29164, AATTcjcullen)
- Update Dashboard UI to version v1.1.1 (#30273, AATTbryk)
- allow restricting subresource access (#30001, AATTdeads2k)
- Fix PVC.Status.Capacity and AccessModes after binding (#29982, AATTjsafrane)
- oidc authentication plugin: don\'t trim issuer URLs with trailing slashes (#29860, AATTericchiang)
- network/cni: Bring up the lo interface for rkt (#29310, AATTeuank)
- Fixing kube-up for CVM masters. (#29140, AATTmaisem)
- Addresses vSphere Volume Attach limits (#29881, AATTdagnello)
- Increase request timeout based on termination grace period (#31275, AATTdims)
- Skip safe to detach check if node API object no longer exists (#30737, AATTsaad-ali)
- Nodecontroller doesn\'t flip readiness on pods if kubeletVersion < 1.2.0 (#30828, AATTbprashanth)
- Update cadvisor to v0.23.9 to fix a problem where attempting to gather container filesystem usage statistics could result in corrupted devicemapper thin pool storage for Docker. (#30307, AATTsjenning)
- AWS: Add ap-south-1 to list of known AWS regions (#28428, AATTjustinsb)
- Back porting critical vSphere bug fixes to release 1.3 (#31993, AATTdagnello)
- Back port - Openstack provider allowing more than one service port for lbaas v2 (#32001, AATTdagnello)
- Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain (#32413, AATTfreehan)
- Fixes the panic that occurs in the federation controller manager when registering a GKE cluster to the federation. Fixes issue #30790. (#30940, AATTmadhusudancs)

Wed Jul 13 14:00:00 2016 tchvatalAATTsuse.com
- Run over with spec-cleaner
- Remove the prereq fillup as it is not used
- Use symlinks on fdupes not hardlinks
- Move scriptlet prior files to match rest of specs
- Switch to full url on sources for easy downloading
- Make node and master conflict, they both provide same config files
causing rpm conflicts

Tue Jul 12 14:00:00 2016 msabateAATTsuse.com
- Removed go as a build requirement
The golang-packaging build requirement already has go as a requirement.

Mon Jul 11 14:00:00 2016 msabateAATTsuse.com
- Re-added missing tmpfiles creation

Mon Jul 11 14:00:00 2016 msabateAATTsuse.com
- Improved the handling of /var/run/kubernetes

Fri Jul 8 14:00:00 2016 msabateAATTsuse.com
- Added some more macros from golang-packaging
I\'ve also done some minor changes and I\'ve merged the following two patches:
1. kubernets_change_cc_for_ppc64le.patch
2. 0001-SUSE-hack-use-native-system-compiler.patch
into the patch: gcc-on-ppc64-and-arm.patch

Wed Jul 6 14:00:00 2016 msabateAATTsuse.com
- Added %{go_nostrip} from golang-packaging
I\'ve also done some minor corrections

Tue Jul 5 14:00:00 2016 dmuellerAATTsuse.com
- fix tarball (was tar.gz instead of tar.xz)

Tue Jul 5 14:00:00 2016 cbraunerAATTsuse.com
- update to 1.3.0

* add _constraints file to get more disk space on aarch64

* fix url to show http://kubernetes.io

* remove bash completion instructions since bash completion has been removed
upstream and is replaced by a dedicated command that generates the bash
code on the fly

Thu Jun 23 14:00:00 2016 dmuellerAATTsuse.com
- add 0002-Change-DUP2-to-DUP3-in-contrib-mesos-to-build-on-arm.patch,
0001-SUSE-hack-use-native-system-compiler.patch: Build on aarch64

Thu Jun 23 14:00:00 2016 dmuellerAATTsuse.com
- update to 1.2.4:

* Ensure status is not changed during an update of PV, PVC, HPA objects (#24924, AATTmqliang)

* GCI: Add two GCI specific metadata pairs (#25105, AATTandyzheng0831)

* Update salt config to allow Debian Jessie on GCE. (#25123, AATTjlewi)

* Fix DeletingLoadBalancer event generation. (#24833, AATTa-robinson)

* GCE: Prefer preconfigured node tags for firewalls, if available (#25148, AATTa-robinson)

* Drain pods created from ReplicaSets in \'kubectl drain\' (#23689, AATTmaclof)

* GCI: Update the command to get the image (#24987, AATTandyzheng0831)

* Validate deletion timestamp doesn\'t change on update (#24839, AATTliggitt)

* Add support for running clusters on GCI (#24893, AATTandyzheng0831)

* Trusty: Add retry in curl commands (#24749, AATTandyzheng0831)

Fri May 6 14:00:00 2016 fcastelliAATTsuse.com
- Add runtime requirement to kubelet

Thu May 5 14:00:00 2016 fcastelliAATTsuse.com
- Fix version tag inside of final packages

Thu Apr 28 14:00:00 2016 normandAATTlinux.vnet.ibm.com
- enable build ppc64le
new kubernets_change_cc_for_ppc64le.patch

Tue Apr 26 14:00:00 2016 fcastelliAATTsuse.com
- Updated to kubernetes v1.2.3

Fri Mar 18 13:00:00 2016 fcastelliAATTsuse.com
- Update to kuberneted v1.2.0

Fri Feb 19 13:00:00 2016 fcastelliAATTsuse.com
- Update to kubernetes v1.1.7
- Remove change-internal-to-inteernal.patch, no longer needed
- Cleanup of the spec file

Sat Sep 19 14:00:00 2015 fcastelliAATTsuse.com
- kubernetes-node: require the Docker package to be installed at runtime

Tue Sep 8 14:00:00 2015 dmacvicarAATTsuse.de
- initial package for 1.1.0 pre from git based on Fedora
package


 
ICM