Packages changed: cilium (1.6.3 -> 1.6.5) cni conmon (2.0.3 -> 2.0.9) cri-o cri-tools (1.16.1 -> 1.17.0) hello-kubic (1.2 -> 1.3) k9s (0.9.3 -> 0.12.0) kernel-default-base (5.4.7 -> 5.4.10) kernel-firmware (20191220 -> 20200107) kernel-source (5.4.7 -> 5.4.10) kubernetes (1.16.3 -> 1.17.0) kubic-control (0.9.0 -> 0.9.1) metallb (0.8.2 -> 0.8.3) patterns-containers podman (1.6.4 -> 1.7.0) rook (1.1.7+git0.g50c6ca1f -> 1.2.1+git0.gccc10604) === Details === ==== cilium ==== Version update (1.6.3 -> 1.6.5) - Update to version 1.6.5: * Important Bug Fixes - Envoy is updated to release 1.12.2, including important security fixes (CVE-2019-18801, CVE-1019-18802, CVE-1019-18838) * Bug fixes - Fix disabling health-checks in chaining mode - Delete endpoint xxx_next directories during restore - Fix typo in io.cilium/shared-service annotation - Fix issue where services would not be updated when comparing two services - Fix bugtool support for aead encryption algorithm * Misc - Add github actions to cilium - Fix AKS installation guide - Disable masquerading in all chaining documentation guides - Update golang to 1.12.14 - Add delay between reconnect attempts to containerd - Decrease log level for "service not found" message * CI - Use force flag in Cilium install apply command - Move missed kubectl apply calls to Apply calls - Add nil check for init container terminated state - Remove obsolete Groups tag (fate#326485) ==== cni ==== - Set correct CNI version for 99-loopback.conf ==== conmon ==== Version update (2.0.3 -> 2.0.9) - Add TimedOutMessage to config to share with go code - Fix format string to limit the size of the string to 10 characters - Persist oom files on cgroup v2 - Revert the check for the OOM counter on cgroups v1 before writing OOM file - Add --persist-dir flag to allow important container files to be written to a persistent directory - Check OOM counter on cgroups v1 before writing OOM file - Use splice(2) to copy from stdin - Kill the process group on timeout - Add --persist-dir to allow callers to specify a directory that conmon should mirror certain important files that should persist reboots (right now, just the container exit file) - Fix tight loop on OOM ==== cri-o ==== Subpackages: cri-o-kubeadm-criconfig - Add prevent-local-loopback-teardown-rh1754154.patch to stop local loopback interfaces being torndown before cluster is bootstrapped - Make cgroup-driver for kubelet be cgroupfs for SLE to be consistent with the cri-o configuration ==== cri-tools ==== Version update (1.16.1 -> 1.17.0) - Update to v1.17.0: * crictl * Bump cri-tools version in markdown docs * Vendor kubernetes v1.17.0 * Update golang dependencies * Print the previous log of the container(just like kubectl) * Add rmi --prune command * Update README.md to contain latest version hint * Download golangci-lint via wget * Fix pod and container name filter for JSON/YAML output * Fix e2e tests by pinning CRI-O and conmon * Fixed Tim St. Clair's username * Add fish shell completion support ==== hello-kubic ==== Version update (1.2 -> 1.3) - Update to version 1.3 - add kustomize support ==== k9s ==== Version update (0.9.3 -> 0.12.0) - Update to version 0.12.0 - Performance fixes - Searchable Logs - APIServer Dud - FullScreen Logs - Update to version 0.11.2 - Many bug fixes - Prelimary support for Helm 3 charts - Major rework of the core - Custom skins per cluster ==== kernel-default-base ==== Version update (5.4.7 -> 5.4.10) - Remove iscsi_ibft (bsc#1157460) ==== kernel-firmware ==== Version update (20191220 -> 20200107) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20200107 (git commit 67d4ff59bf33): * Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714 * radeon: update oland rlc microcode from amdgpu * amdgpu: update vega20 microcode for 19.50 * amdgpu: update vega12 microcode for 19.50 * amdgpu: update vega10 microcode for 19.50 * amdgpu: update picasso microcode for 19.50 * amdgpu: update raven2 microcode for 19.50 * amdgpu: update raven microcode for 19.50 * amdgpu: update navi10 microcode for 19.50 * amdgpu: update navi14 microcode for 19.50 * amdgpu: add TA microcode for Raven asics * qed: Add firmware 8.42.2.0 * Adjust WHENCE entry to check_whence doesn't complain * qcom: Switch SDM845 WLAN firmware * linux-firmware: add NXP firmware licence file ==== kernel-source ==== Version update (5.4.7 -> 5.4.10) - Linux 5.4.10 (bnc#1012628). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (bnc#1012628). - commit 556a6fe - Linux 5.4.9 (bnc#1012628). - drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found (bnc#1012628). - nvme_fc: add module to ops template to allow module references (bnc#1012628). - nvme-fc: fix double-free scenarios on hw queues (bnc#1012628). - drm/amdgpu: add check before enabling/disabling broadcast mode (bnc#1012628). - drm/amdgpu: add header line for power profile on Arcturus (bnc#1012628). - drm/amdgpu: add cache flush workaround to gfx8 emit_fence (bnc#1012628). - drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are equal (bnc#1012628). - drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle (bnc#1012628). - drm/amd/display: Change the delay time before enabling FEC (bnc#1012628). - drm/amd/display: Reset steer fifo before unblanking the stream (bnc#1012628). - drm/amd/display: update dispclk and dppclk vco frequency (bnc#1012628). - nvme/pci: Fix write and poll queue types (bnc#1012628). - nvme/pci: Fix read queue count (bnc#1012628). - iio: st_accel: Fix unused variable warning (bnc#1012628). - iio: adc: max9611: Fix too short conversion time delay (bnc#1012628). - PM / devfreq: Fix devfreq_notifier_call returning errno (bnc#1012628). - PM / devfreq: Set scaling_max_freq to max on OPP notifier error (bnc#1012628). - PM / devfreq: Don't fail devfreq_dev_release if not in list (bnc#1012628). - afs: Fix afs_find_server lookups for ipv4 peers (bnc#1012628). - afs: Fix SELinux setting security label on /afs (bnc#1012628). - RDMA/cma: add missed unregister_pernet_subsys in init failure (bnc#1012628). - rxe: correctly calculate iCRC for unaligned payloads (bnc#1012628). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bnc#1012628). - scsi: qla2xxx: Use explicit LOGO in target mode (bnc#1012628). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bnc#1012628). - scsi: qla2xxx: Don't call qlt_async_event twice (bnc#1012628). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bnc#1012628). - scsi: qla2xxx: Configure local loop for N2N target (bnc#1012628). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bnc#1012628). - scsi: qla2xxx: Don't defer relogin unconditonally (bnc#1012628). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bnc#1012628). - scsi: iscsi: qla4xxx: fix double free in probe (bnc#1012628). - scsi: libsas: stop discovering if oob mode is disconnected (bnc#1012628). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bnc#1012628). - staging/wlan-ng: add CRC32 dependency in Kconfig (bnc#1012628). - drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit (bnc#1012628). - drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware (bnc#1012628). - drm/nouveau/kms/nv50-: fix panel scaling (bnc#1012628). - usb: gadget: fix wrong endpoint desc (bnc#1012628). - net: make socket read/write_iter() honor IOCB_NOWAIT (bnc#1012628). - afs: Fix mountpoint parsing (bnc#1012628). - afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP (bnc#1012628). - raid5: need to set STRIPE_HANDLE for batch head (bnc#1012628). - md: raid1: check rdev before reference in raid1_sync_request func (bnc#1012628). - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits (bnc#1012628). - s390/cpum_sf: Avoid SBD overflow condition in irq handler (bnc#1012628). - RDMA/counter: Prevent auto-binding a QP which are not tracked with res (bnc#1012628). - IB/mlx4: Follow mirror sequence of device add during device removal (bnc#1012628). - IB/mlx5: Fix steering rule of drop and count (bnc#1012628). - xen-blkback: prevent premature module unload (bnc#1012628). - xen/balloon: fix ballooned page accounting without hotplug enabled (bnc#1012628). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (bnc#1012628). - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bnc#1012628). - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bnc#1012628). - PCI: Add a helper to check Power Resource Requirements _PR3 existence (bnc#1012628). - ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a driver (bnc#1012628). - PCI: Fix missing inline for pci_pr3_present() (bnc#1012628). - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen (bnc#1012628). - tcp: fix data-race in tcp_recvmsg() (bnc#1012628). - shmem: pin the file in shmem_fault() if mmap_sem is dropped (bnc#1012628). - taskstats: fix data-race (bnc#1012628). - ALSA: hda - Downgrade error message for single-cmd fallback (bnc#1012628). - netfilter: nft_tproxy: Fix port selector on Big Endian (bnc#1012628). - block: add bio_truncate to fix guard_bio_eod (bnc#1012628). - mm: drop mmap_sem before calling balance_dirty_pages() in write fault (bnc#1012628). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bnc#1012628). - ALSA: usb-audio: fix set_format altsetting sanity check (bnc#1012628). - ALSA: usb-audio: set the interface format after resume on Dell WD19 (bnc#1012628). - ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bnc#1012628). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bnc#1012628). - drm/sun4i: hdmi: Remove duplicate cleanup calls (bnc#1012628). - drm/amdgpu/smu: add metrics table lock (bnc#1012628). - drm/amdgpu/smu: add metrics table lock for arcturus (v2) (bnc#1012628). - drm/amdgpu/smu: add metrics table lock for navi (v2) (bnc#1012628). - drm/amdgpu/smu: add metrics table lock for vega20 (v2) (bnc#1012628). - MIPS: BPF: Disable MIPS32 eBPF JIT (bnc#1012628). - MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig (bnc#1012628). - MIPS: Avoid VDSO ABI breakage due to global register variable (bnc#1012628). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call (bnc#1012628). - media: cec: CEC 2.0-only bcast messages were ignored (bnc#1012628). - media: cec: avoid decrementing transmit_queue_sz if it is 0 (bnc#1012628). - media: cec: check 'transmit_in_progress', not 'transmitting' (bnc#1012628). - mm/memory_hotplug: shrink zones when offlining memory (bnc#1012628). - mm/zsmalloc.c: fix the migrated zspage statistics (bnc#1012628). - memcg: account security cred as well to kmemcg (bnc#1012628). - mm: move_pages: return valid node id in status if the page is already on the target node (bnc#1012628). - mm/oom: fix pgtables units mismatch in Killed process message (bnc#1012628). - ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less (bnc#1012628). - pstore/ram: Write new dumps to start of recycled zones (bnc#1012628). - pstore/ram: Fix error-path memory leak in persistent_ram_new() callers (bnc#1012628). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bnc#1012628). - locks: print unsigned ino in /proc/locks (bnc#1012628). - selftests/seccomp: Zero out seccomp_notif (bnc#1012628). - seccomp: Check that seccomp_notif is zeroed out by the user (bnc#1012628). - samples/seccomp: Zero out members based on seccomp_notif_sizes (bnc#1012628). - selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV (bnc#1012628). - dmaengine: Fix access to uninitialized dma_slave_caps (bnc#1012628). - dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B (bnc#1012628). - Btrfs: fix infinite loop during nocow writeback due to race (bnc#1012628). - compat_ioctl: block: handle Persistent Reservations (bnc#1012628). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (bnc#1012628). - compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (bnc#1012628). - bpf: Fix precision tracking for unbounded scalars (bnc#1012628). - ata: libahci_platform: Export again ahci_platform_able_phys() (bnc#1012628). - ata: ahci_brcm: Fix AHCI resources management (bnc#1012628). - ata: ahci_brcm: Add missing clock management during recovery (bnc#1012628). - ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE (bnc#1012628). - libata: Fix retrieving of active qcs (bnc#1012628). - gpio: xtensa: fix driver build (bnc#1012628). - gpiolib: fix up emulated open drain outputs (bnc#1012628). - clocksource: riscv: add notrace to riscv_sched_clock (bnc#1012628). - riscv: ftrace: correct the condition logic in function graph tracer (bnc#1012628). - rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30 (bnc#1012628). - tracing: Fix lock inversion in trace_event_enable_tgid_record() (bnc#1012628). - tracing: Avoid memory leak in process_system_preds() (bnc#1012628). - tracing: Have the histogram compare functions convert to u64 first (bnc#1012628). - tracing: Fix endianness bug in histogram trigger (bnc#1012628). - samples/trace_printk: Wait for IRQ work to finish (bnc#1012628). - io_uring: use current task creds instead of allocating a new one (bnc#1012628). - mm/gup: fix memory leak in __gup_benchmark_ioctl (bnc#1012628). - apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock (bnc#1012628). - dmaengine: virt-dma: Fix access after free in vchan_complete() (bnc#1012628). - gen_initramfs_list.sh: fix 'bad variable name' error (bnc#1012628). - ALSA: cs4236: fix error return comparison of an unsigned integer (bnc#1012628). - ALSA: pcm: Yet another missing check of non-cached buffer type (bnc#1012628). - ALSA: firewire-motu: Correct a typo in the clock proc string (bnc#1012628). - scsi: lpfc: Fix rpi release when deleting vport (bnc#1012628). - exit: panic before exit_mm() on global init exit (bnc#1012628). - arm64: Revert support for execute-only user mappings (bnc#1012628). - ftrace: Avoid potential division by zero in function profiler (bnc#1012628). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bnc#1012628). - drm/msm: include linux/sched/task.h (bnc#1012628). - PM / devfreq: Check NULL governor in available_governors_show (bnc#1012628). - sunrpc: fix crash when cache_head become valid before update (bnc#1012628). - arm64: dts: qcom: msm8998-clamshell: Remove retention idle state (bnc#1012628). - nfsd4: fix up replay_matches_cache() (bnc#1012628). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (bnc#1012628). - HID: i2c-hid: Reset ALPS touchpads on resume (bnc#1012628). - net/sched: annotate lockless accesses to qdisc->empty (bnc#1012628). - kernel/module.c: wakeup processes in module_wq on module unload (bnc#1012628). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bnc#1012628). - perf callchain: Fix segfault in thread__resolve_callchain_sample() (bnc#1012628). - iommu/vt-d: Remove incorrect PSI capability check (bnc#1012628). - of: overlay: add_changeset_property() memory leak (bnc#1012628). - cifs: Fix potential softlockups while refreshing DFS cache (bnc#1012628). - firmware: arm_scmi: Avoid double free in error flow (bnc#1012628). - xfs: don't check for AG deadlock for realtime files in bunmapi (bnc#1012628). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bnc#1012628). - netfilter: nf_queue: enqueue skbs with NULL dst (bnc#1012628). - net, sysctl: Fix compiler warning when only cBPF is present (bnc#1012628). - watchdog: tqmx86_wdt: Fix build error (bnc#1012628). - regulator: axp20x: Fix axp20x_set_ramp_delay (bnc#1012628). - regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops (bnc#1012628). - spi: uniphier: Fix FIFO threshold (bnc#1012628). - regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask (bnc#1012628). - powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace (bnc#1012628). - Bluetooth: btusb: fix PM leak in error case of setup (bnc#1012628). - Bluetooth: delete a stray unlock (bnc#1012628). - Bluetooth: Fix memory leak in hci_connect_le_scan (bnc#1012628). - arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node (bnc#1012628). - arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node (bnc#1012628). - media: flexcop-usb: ensure -EIO is returned on error condition (bnc#1012628). - regulator: ab8500: Remove AB8505 USB regulator (bnc#1012628). - media: usb: fix memory leak in af9005_identify_state (bnc#1012628). - dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example (bnc#1012628). - arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning (bnc#1012628). - phy: renesas: rcar-gen3-usb2: Use platform_get_irq_optional() for optional irq (bnc#1012628). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bnc#1012628). - cifs: Fix lookup of root ses in DFS referral cache (bnc#1012628). - fs: cifs: Fix atime update check vs mtime (bnc#1012628). - fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP (bnc#1012628). - ath9k_htc: Modify byte order for an error message (bnc#1012628). - ath9k_htc: Discard undersized packets (bnc#1012628). - drm/i915/execlists: Fix annotation for decoupling virtual request (bnc#1012628). - xfs: periodically yield scrub threads to the scheduler (bnc#1012628). - net: add annotations on hh->hh_len lockless accesses (bnc#1012628). - ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps (bnc#1012628). - btrfs: get rid of unique workqueue helper functions (bnc#1012628). - Btrfs: only associate the locked page with one async_chunk struct (bnc#1012628). - s390/smp: fix physical to logical CPU map for SMT (bnc#1012628). - mm/sparse.c: mark populate_section_memmap as __meminit (bnc#1012628). - xen/blkback: Avoid unmapping unmapped grant pages (bnc#1012628). - lib/ubsan: don't serialize UBSAN report (bnc#1012628). - efi: Don't attempt to map RCI2 config table if it doesn't exist (bnc#1012628). - perf/x86/intel/bts: Fix the use of page_private() (bnc#1012628). - net: annotate lockless accesses to sk->sk_pacing_shift (bnc#1012628). - hsr: avoid debugfs warning message when module is remove (bnc#1012628). - hsr: fix error handling routine in hsr_dev_finalize() (bnc#1012628). - hsr: fix a race condition in node list insertion and deletion (bnc#1012628). - mm/hugetlb: defer freeing of huge pages if in non-task context (bnc#1012628). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. - commit 605842d - libertas: Fix two buffer overflows at parsing bss descriptor (CVE-2019-14896 bsc#1157157 CVE-2019-14897 bsc#1157155). - commit 434d4ff - tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's" (bsc#1159152). - tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts" (bsc#1159152). - tpm: Revert "tpm_tis: reserve chip for duration of tpm_tis_core_init" (bsc#1159152). - USB: Fix: Don't skip endpoint descriptors with maxpacket=0 (bsc#1159811). - commit 52394e7 - Linux 5.4.8 (bnc#1012628). - Revert "MIPS: futex: Restore \n after sync instructions" (bnc#1012628). - Revert "MIPS: futex: Emit Loongson3 sync workarounds within asm" (bnc#1012628). - scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bnc#1012628). - scsi: lpfc: Fix discovery failures when target device connectivity bounces (bnc#1012628). - scsi: mpt3sas: Fix clear pending bit in ioctl status (bnc#1012628). - scsi: lpfc: Fix locking on mailbox command completion (bnc#1012628). - scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (bnc#1012628). - gpio: mxc: Only get the second IRQ when there is more than one IRQ (bnc#1012628). - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bnc#1012628). - Input: atmel_mxt_ts - disable IRQ across suspend (bnc#1012628). - f2fs: fix to update time in lazytime mode (bnc#1012628). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bnc#1012628). - tools/power/x86/intel-speed-select: Remove warning for unused result (bnc#1012628). - platform/x86: peaq-wmi: switch to using polled mode of input devices (bnc#1012628). - iommu: rockchip: Free domain on .domain_free (bnc#1012628). - iommu/tegra-smmu: Fix page tables in > 4 GiB memory (bnc#1012628). - dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset (bnc#1012628). - scsi: target: compare full CHAP_A Algorithm strings (bnc#1012628). - scsi: lpfc: Fix hardlockup in lpfc_abort_handler (bnc#1012628). - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices (bnc#1012628). - scsi: csiostor: Don't enable IRQs too early (bnc#1012628). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (bnc#1012628). - scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (bnc#1012628). - powerpc/pseries: Mark accumulate_stolen_time() as notrace (bnc#1012628). - powerpc/pseries: Don't fail hash page table insert for bolted mapping (bnc#1012628). - Input: st1232 - do not reset the chip too early (bnc#1012628). - selftests/powerpc: Fixup clobbers for TM tests (bnc#1012628). - powerpc/tools: Don't quote $objdump in scripts (bnc#1012628). - dma-debug: add a schedule point in debug_dma_dump_mappings() (bnc#1012628). - dma-mapping: Add vmap checks to dma_map_single() (bnc#1012628). - dma-mapping: fix handling of dma-ranges for reserved memory (again) (bnc#1012628). - dmaengine: fsl-qdma: Handle invalid qdma-queue0 IRQ (bnc#1012628). - leds: lm3692x: Handle failure to probe the regulator (bnc#1012628). - leds: an30259a: add a check for devm_regmap_init_i2c (bnc#1012628). - leds: trigger: netdev: fix handling on interface rename (bnc#1012628). - clocksource/drivers/asm9260: Add a check for of_clk_get (bnc#1012628). - clocksource/drivers/timer-of: Use unique device name instead of timer (bnc#1012628). - dtc: Use pkg-config to locate libyaml (bnc#1012628). - selftests/powerpc: Skip tm-signal-sigreturn-nt if TM not available (bnc#1012628). - powerpc/security/book3s64: Report L1TF status in sysfs (bnc#1012628). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bnc#1012628). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bnc#1012628). - ext4: iomap that extends beyond EOF should be marked dirty (bnc#1012628). - jbd2: Fix statistics for the number of logged blocks (bnc#1012628). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bnc#1012628). - scsi: lpfc: Fix unexpected error messages during RSCN handling (bnc#1012628). - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow (bnc#1012628). - f2fs: fix to update dir's i_pino during cross_rename (bnc#1012628). - clk: qcom: smd: Add missing pnoc clock (bnc#1012628). - clk: qcom: Allow constant ratio freq tables for rcg (bnc#1012628). - clk: clk-gpio: propagate rate change to parent (bnc#1012628). - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary (bnc#1012628). - irqchip: ingenic: Error out if IRQ domain creation failed (bnc#1012628). - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long (bnc#1012628). - iommu/arm-smmu-v3: Don't display an error when IRQ lines are missing (bnc#1012628). - i2c: stm32f7: fix & reorder remove & probe error handling (bnc#1012628). - iomap: fix return value of iomap_dio_bio_actor on 32bit systems (bnc#1012628). - Input: ili210x - handle errors from input_mt_init_slots() (bnc#1012628). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bnc#1012628). - scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane) (bnc#1012628). - PCI: rpaphp: Fix up pointer to first drc-info entry (bnc#1012628). - scsi: ufs: fix potential bug which ends in system hang (bnc#1012628). - powerpc/pseries/cmm: Implement release() function for sysfs device (bnc#1012628). - PCI: rpaphp: Don't rely on firmware feature to imply drc-info support (bnc#1012628). - PCI: rpaphp: Annotate and correctly byte swap DRC properties (bnc#1012628). - PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info (bnc#1012628). - powerpc/security: Fix wrong message when RFI Flush is disable (bnc#1012628). - powerpc/eeh: differentiate duplicate detection message (bnc#1012628). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bnc#1012628). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (bnc#1012628). - clk: pxa: fix one of the pxa RTC clocks (bnc#1012628). - bcache: at least try to shrink 1 node in bch_mca_scan() (bnc#1012628). - HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse (bnc#1012628). - dt-bindings: Improve validation build error handling (bnc#1012628). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (bnc#1012628). - HID: i2c-hid: fix no irq after reset on raydium 3118 (bnc#1012628). - ARM: 8937/1: spectre-v2: remove Brahma-B53 from hardening (bnc#1012628). - libnvdimm/btt: fix variable 'rc' set but not used (bnc#1012628). - HID: Improve Windows Precision Touchpad detection (bnc#1012628). - HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device (bnc#1012628). - watchdog: imx7ulp: Fix reboot hang (bnc#1012628). - watchdog: prevent deferral of watchdogd wakeup on RT (bnc#1012628). - watchdog: Fix the race between the release of watchdog_core_data and cdev (bnc#1012628). - powerpc/fixmap: Use __fix_to_virt() instead of fix_to_virt() (bnc#1012628). - scsi: pm80xx: Fix for SATA device discovery (bnc#1012628). - scsi: ufs: Fix error handing during hibern8 enter (bnc#1012628). - scsi: scsi_debug: num_tgts must be >= 0 (bnc#1012628). - scsi: NCR5380: Add disconnect_mask module parameter (bnc#1012628). - scsi: target: core: Release SPC-2 reservations when closing a session (bnc#1012628). - scsi: ufs: Fix up auto hibern8 enablement (bnc#1012628). - scsi: iscsi: Don't send data to unbound connection (bnc#1012628). - scsi: target: iscsi: Wait for all commands to finish before freeing a session (bnc#1012628). - f2fs: Fix deadlock in f2fs_gc() context during atomic files handling (bnc#1012628). - habanalabs: skip VA block list update in reset flow (bnc#1012628). - gpio/mpc8xxx: fix qoriq GPIO reading (bnc#1012628). - platform/x86: intel_pmc_core: Fix the SoC naming inconsistency (bnc#1012628). - platform/x86: intel_pmc_core: Add Comet Lake (CML) platform support to intel_pmc_core driver (bnc#1012628). - gpio: mpc8xxx: Don't overwrite default irq_set_type callback (bnc#1012628). - gpio: lynxpoint: Setup correct IRQ handlers (bnc#1012628). - tools/power/x86/intel-speed-select: Ignore missing config level (bnc#1012628). - Drivers: hv: vmbus: Fix crash handler reset of Hyper-V synic (bnc#1012628). - apparmor: fix unsigned len comparison with less than zero (bnc#1012628). - drm/amdgpu: Call find_vma under mmap_sem (bnc#1012628). - scripts/kallsyms: fix definitely-lost memory leak (bnc#1012628). - powerpc: Don't add -mabi= flags when building with Clang (bnc#1012628). - cifs: Fix use-after-free bug in cifs_reconnect() (bnc#1012628). - um: virtio: Keep reading on -EAGAIN (bnc#1012628). - io_uring: io_allocate_scq_urings() should return a sane state (bnc#1012628). - of: unittest: fix memory leak in attach_node_and_children (bnc#1012628). - cdrom: respect device capabilities during opening action (bnc#1012628). - cifs: move cifsFileInfo_put logic into a work-queue (bnc#1012628). - perf diff: Use llabs() with 64-bit values (bnc#1012628). - perf script: Fix brstackinsn for AUXTRACE (bnc#1012628). - perf regs: Make perf_reg_name() return "unknown" instead of NULL (bnc#1012628). - s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR (bnc#1012628). - mailbox: imx: Clear the right interrupts at shutdown (bnc#1012628). - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h (bnc#1012628). - s390/unwind: filter out unreliable bogus %r14 (bnc#1012628). - s390/cpum_sf: Check for SDBT and SDB consistency (bnc#1012628). - ocfs2: fix passing zero to 'PTR_ERR' warning (bnc#1012628). - mailbox: imx: Fix Tx doorbell shutdown path (bnc#1012628). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (bnc#1012628). - selftests: vm: add fragment CONFIG_TEST_VMALLOC (bnc#1012628). - mm/hugetlbfs: fix error handling when setting up mounts (bnc#1012628). - kernel: sysctl: make drop_caches write-only (bnc#1012628). - userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK (bnc#1012628). - Revert "powerpc/vcpu: Assume dedicated processors as non-preempt" (bnc#1012628). - sctp: fix err handling of stream initialization (bnc#1012628). - Revert "iwlwifi: assign directly to iwl_trans->cfg in QuZ detection" (bnc#1012628). - netfilter: ebtables: compat: reject all padding in matches/watchers (bnc#1012628). - 6pack,mkiss: fix possible deadlock (bnc#1012628). - powerpc: Fix __clear_user() with KUAP enabled (bnc#1012628). - net/smc: add fallback check to connect() (bnc#1012628). - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() (bnc#1012628). - inetpeer: fix data-race in inet_putpeer / inet_putpeer (bnc#1012628). - net: add a READ_ONCE() in skb_peek_tail() (bnc#1012628). - net: icmp: fix data-race in cmp_global_allow() (bnc#1012628). - hrtimer: Annotate lockless access to timer->state (bnc#1012628). - tomoyo: Don't use nifty names on sockets (bnc#1012628). - uaccess: disallow > INT_MAX copy sizes (bnc#1012628). - drm: limit to INT_MAX in create_blob ioctl (bnc#1012628). - xfs: fix mount failure crash on invalid iclog memory access (bnc#1012628). - cxgb4/cxgb4vf: fix flow control display for auto negotiation (bnc#1012628). - net: dsa: bcm_sf2: Fix IP fragment location and behavior (bnc#1012628). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bnc#1012628). - net: phy: aquantia: add suspend / resume ops for AQR105 (bnc#1012628). - net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device (bnc#1012628). - net/sched: add delete_empty() to filters and use it in cls_flower (bnc#1012628). - net_sched: sch_fq: properly set sk->sk_pacing_status (bnc#1012628). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (bnc#1012628). - ptp: fix the race between the release of ptp_clock and cdev (bnc#1012628). - tcp: Fix highest_sack and highest_sack_seq (bnc#1012628). - udp: fix integer overflow while computing available space in sk_rcvbuf (bnc#1012628). - bnxt_en: Fix MSIX request logic for RDMA driver (bnc#1012628). - bnxt_en: Free context memory in the open path if firmware has been reset (bnc#1012628). - bnxt_en: Return error if FW returns more data than dump length (bnc#1012628). - bnxt_en: Fix bp->fw_health allocation and free logic (bnc#1012628). - bnxt_en: Remove unnecessary NULL checks for fw_health (bnc#1012628). - bnxt_en: Fix the logic that creates the health reporters (bnc#1012628). - bnxt_en: Add missing devlink health reporters for VFs (bnc#1012628). - mlxsw: spectrum_router: Skip loopback RIFs during MAC validation (bnc#1012628). - mlxsw: spectrum: Use dedicated policer for VRRP packets (bnc#1012628). - net: add bool confirm_neigh parameter for dst_ops.update_pmtu (bnc#1012628). - ip6_gre: do not confirm neighbor when do pmtu update (bnc#1012628). - gtp: do not confirm neighbor when do pmtu update (bnc#1012628). - net/dst: add new function skb_dst_update_pmtu_no_confirm (bnc#1012628). - tunnel: do not confirm neighbor when do pmtu update (bnc#1012628). - vti: do not confirm neighbor when do pmtu update (bnc#1012628). - sit: do not confirm neighbor when do pmtu update (bnc#1012628). - net/dst: do not confirm neighbor for vxlan and geneve pmtu update (bnc#1012628). - net: dsa: sja1105: Reconcile the meaning of TPID and TPID2 for E/T and P/Q/R/S (bnc#1012628). - net: marvell: mvpp2: phylink requires the link interrupt (bnc#1012628). - gtp: fix wrong condition in gtp_genl_dump_pdp() (bnc#1012628). - gtp: avoid zero size hashtable (bnc#1012628). - bonding: fix active-backup transition after link failure (bnc#1012628). - tcp: do not send empty skb from tcp_write_xmit() (bnc#1012628). - tcp/dccp: fix possible race __inet_lookup_established() (bnc#1012628). - hv_netvsc: Fix tx_table init in rndis_set_subchannel() (bnc#1012628). - gtp: fix an use-after-free in ipv4_pdp_find() (bnc#1012628). - gtp: do not allow adding duplicate tid and ms_addr pdp context (bnc#1012628). - bnxt: apply computed clamp value for coalece parameter (bnc#1012628). - ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set (bnc#1012628). - net: phylink: fix interface passed to mac_link_up (bnc#1012628). - net: ena: fix napi handler misbehavior when the napi budget is zero (bnc#1012628). - vhost/vsock: accept only packets with the right dst_cid (bnc#1012628). - mmc: sdhci-of-esdhc: fix up erratum A-008171 workaround (bnc#1012628). - mmc: sdhci-of-esdhc: re-implement erratum A-009204 workaround (bnc#1012628). - mm/hugetlbfs: fix for_each_hstate() loop in init_hugetlbfs_fs() (bnc#1012628). - commit 582f5cb - Update config files. Turn off CONFIG_HARDENED_USERCOPY as it causes issues on s390 (bnc#1156053). Until this gets resolved upstream... - commit 76565ad - Update patches.kernel.org/5.4.3-088-vcs-prevent-write-access-to-vcsu-devices.patch (bnc#1012628 CVE-2019-19252 bnc#1157813). - commit d0d7407 ==== kubernetes ==== Version update (1.16.3 -> 1.17.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Add kubeadm-opensuse-flexvolume.patch so kubeadm uses same path as kubelet (bsc#1084766) - Increase memory _constraints for ppc64le to avoid build failure w/ kubernetes version 1.17.0 "defaulter.go:288] cannot import package..." - Exclude ppc64 - Update to version 1.17.0: * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Switch addon resizer to 1.8.7 * Deflake pod readiness e2e * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Fix iscsi refcounter in the case of no Block iscsi volumes * Ensure webhook backend requests are not artificially rate-limited * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * fix: padded base64 encoded docker auth field * apiextensions: filter required nullable to workaround kubectl validation * update cadvisor dependency to v0.35.0 * Bumped the number of times a node tries to lookup itself * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * Fix GKE upgrade test. * Use plugin name for filtering metrics * Provided a mechanism to re-register hidden metrics. * Deep copying EndpointSlices in reconciler before modifying them. * Set node cidr mask size ipv4/ipv6 config * Revert "kube-proxy: check KUBE-MARK-DROP" * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.1. * Initialize FeatureGate map for KubeProxy config. #1929 * Fill in default node cidr mask size when dual stack is not enabled * apiextensions: fixup go-openapi constructor invocations * hack/pin-dependency.sh github.com/go-openapi/validate v0.19.5 * apiextensions: add items+type integration test * fix multiple node cidr masks in providerless build * add providerless tag to vsphere volume code * add providerless tags to new awsebs code * fix providerless build post-CSI migration * Plumb authorization webhook version from CLI to config * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Addon Manager: Fix parsing KUBECTL_EXTRA_PRUNE_WHITELIST * Remove metric be hidden log temporarily. * apiextensions: freeze & doc supported v1.16 OpenAPI formats * fix stress test: it's not doing anything * Skip Node printing in kubectl column test * fix nasty bug * inline GC in expiring cache * Add single-item list/watch to delegated authentication reader role * add comments for compatibility * Disabling EndpointSlice feature gate by default * apiextensions: ratcheting update validation for atomic item of set list-type * apiextensions: factor out predicate iterator in validation * Fix label mutation in endpoints controller * Reverting managed-by-setup annotation * Jump out of spec translation early if the spec is not migratable. Unit tests work after all! * Add CSINodes to AttachDetachControllerRecovery test * Panic on error when creating fake volume host, add a TODO to clean up later * De-race some CSI unit tests that were initializing the plugin manager?ger (and plugins) twice. Set some const variables earlier to support node info manager initialization and wait for initialization to complete before finishing plugin setup. * Update attachdetach-controller role to include permissions to get, list, and watch csinodes for CSIMigration * Flip CSIMigration and CSIMigrationGCE to Beta * kubeadm: Use only stdout when calling kubelet for its version * apiextensions: validate that list-type set has atomic items * apiextensions: clarify validation errors * apiextension: clarify what atomic means * Remove pkg/util/mount (moved out of tree) * kubeadm: use the right name for the no validator function * e2e: promote CRD defaulting test to conformance test * service topology: remove redundant API validation for local external traffic policy * Increase cache size for endpointslices. * pager.go: Don't set ResourveVersion on subsequent List calls * Add logic for translating zone/zones/allowtopologies * Autogenerated files * Flip CSIMigrationAWS flag to be beta and off by default * kube-proxy: sync rules when current node labels change detected * Service Topology implementation * Add API for feature gate ServiceTopology * Restrict mirror pod owner references (#84657) * Allow multiple node cidr masks in cm * Revert "Enable snapshot e2e test for csi pd driver" * Update inline volume translated PV Name to be unique per disk so that staging paths are unique * Separate staging/publish and unstaging/unpublish logics for block * Change publish path for CSI block volume per pod * Disable in-tree plugins migrated to CSI * Brushed up fairqueuing package * Split CustomBlockVolumeMapper and CustomBlockVolumeUnmapper * Refactor BlockVolumeMapper and BlockVolumeUnmapper interface * Move test inputs for EncryptionConfiguration tests into testdata. * migrate token cache to cache.Expiring * Add an expiring cache for the caching token authenticator * Avoid constructing table printer on every componentstatus request * Add support for --runtime-config=api/beta=false, --feature-gates=AllBeta=false * update pd csi driver controller manifests * Ensuring EndpointSlice controller does not start when feature gate or API are disabled * Use CSINodes v1 API in scheduler * Enable snapshottable e2e test for csi pd driver - add pd driver manifests - modify snapshottable test case * Move RegisterNodeFlags() to e2e_node test * Fix --resource-version handling in kubectl * rename PluginConfigArgs to AlgorithmConfigArgs * Change mount.NewOSExec to utilexec.New * Change getDeviceMajorMinor to use unix.Stat * Fix error messages in operation_generator.go * Remove remaining empty file in unmapBindMountDevice * Rename IsBindMountExist to IsDeviceBindMountExist * Remove klog for output error instead return err with context * Improve comments for volume path hanlder and volume.go * Check and return error first in IsSymlinkExist and IsBindMountExist * Move MapBlockVolume call to operation_generator and add UnmapBlockVolume * Make descriptor lock per pod and release it per pod * Change globalMapPath to bind mount from symlink * Check error return from closing connection * Update debian-iptables image digests for v12.0.1 build * Update debian-iptables iptables-wrapper script * Update debian-iptables image digests for v12.0.0 build * Add mode-detecting iptables wrappers to the debian-iptables image * Update debian-base image digests for v2.0.0 build * Bump debian-base to buster * add table convertor to componentstatus * add retry to etcd operations * Specify a port range to ILB firewall rule create. * Renamed FeatureGate RequestManagement to APIPriorityAndFairness * Regenerated pb.go for flowcontrol/v1alpha1 * updated generated files * applied gofmt * Identify cluster scope by a boolean field rather than a special namespace * Enabled discrimination on target namespace * Include *intstr.IntOrString in API compatibility tests * refactor apparmor utils in e2e * Correct the checking of robinIndex * Updating kube-proxy to support new EndpointSlice address types * pkg/kubeapiserver: fix staticcheck warning * pkg/client: fix staticcheck warning * Hide scheduler metrics that have been deprecated in 1.14 * Hide apiserver metrics that have been deprecated in 1.15 * add DeleteOptions conversion * Hide apiserver metrics that have been deprecated in 1.14 Update E2E test accordingly. * test(cr::update): add corresponding tests * add unit tests * remove disk locks per vm * tests: Adds large requests tests * Promoting EndpointSlices to beta * Update dependency vmware/govmomi to v0.20.3 * Update bucket for scheduler framework latency histograms. * Retire mount.Exec for k8s.io/utils/exec * guard kubeadm dependencies on k8s.io/kubernetes * Wait for terminating pods to be deleted * Add TODOs for removing invalid e2e dependencies * Strip nullable for Server-side apply * Update structured-merge-diff to latest version * Update CHANGELOG-1.16.md for v1.16.3. * Update CHANGELOG-1.14.md for v1.14.9. * Update CHANGELOG-1.15.md for v1.15.6. * report cache mises in cached token authenticator benchmark * Refactored PriorityLevelConfiguration * make client authentication optional for test kube-apiserver * Revert "76093 restructure LICENSES file generation" * Revert "76586 Add generated license files" * Increase cache size for leases * Remove an infinite poll * Store topology spread constraints in metadata with labels.Selector * fixed golint errors in pkg/apis/extensions register.go and types.go * Fixed lint and staticcheck oversights * Continue removing file in ManagerImpl#removeContents * kubeadm: enable kubelet client certificate rotation on primary CP nodes * Convert volume binder to use CSINode GA * Expand unit tests for topology translation in csi-translation-lib * Use CSI translation lib in VolumeBinderPredicate * Convert zones to volume topology in CSI translation lib * dynamic reload cluster authentication info for aggregated API servers * add RequiresExactMatch for label.Selector * Add Reset() API to stability framework * Hide proxy metrics that have been deprecated in 1.14 * Added overlooked BUILD files * fix wrong link * Brushing up queueset * Remove memory resource constraint * Windows: Fixes termination-file mounting for containerd * scheduler: make algorithm source an option * Use log functions of core framework on e2e/storage/utils * Add startupProbe result handling to kuberuntime * feat(scale): update CR in UpdatedObjectInfo impl * feat: graduate ResourceQuotaScopeSelectors to GA * Add comments to explain golang.org replace directives * Remove unused func and struct from pod.go * Hide metrics that have been deprecated in 1.14 * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Add metrics flag to show hidden metrics to kube-apiserver * Add common flag validation functionality shared by kube-binaries * 76586 Add generated license files * vsphere: check if volume exists before create * Remove unused function from e2e framework rest.go * 76093 restructure LICENSES file generation * serve hns.psm1 StackdriverLogging-v1-9.exe GetGcePdName.dll from GCS * Pass InformerFactory instead of indivisual informers in scheduler configuration logic * fix vmss dirty cache issue * Amend service controller code/test regarding finalizer GA * Promote service load balancer finalizer feature gate to GA * BUILD files * Relax namespace restriction for critical pods * Replaces modifying node object with returning a map of labels - Adds label to update flow so can be picked up by an existing node * Fix incorrect message on describe netpol * Move functions from e2e/framework/util.go Part-4 * allow individual ca bundles to be empty in union * update coredns version to 1.6.5, update manifest and corefile-migration version * Adding e2e tests covering EndpointSlice and Endpoints Controllers * bump vendor of corefile-migration lib to 1.0.4 which support migration of coredns up to version 1.6.5 * bump coredns version and update manifest * Add scheduler plugin execution duration metric. * create utilities inspecting server TLS certs * review changes - *Locked updates * Splitting IP address type into IPv4 and IPv6 for EndpointSlices * review changes * Updated NewSnapshot interface to accept a NodeInfoMap instead of lists of nodes and pods * fairqueuing implementation with unit tests * Quick steps for generating hyperkube image * Merging selectors for spreading into one * remove global variable dep in admission * tests: Replaces guestbook with agnhost equivalent * Promote WebhookAdmissionConfiguration to v1 * kubeadm: Amend the hyperkube deprecation change * AdmissionConfiguration v1 * Promote resource quota admission configuration to v1 * Eliminate couple unnecessary conversions * client-go/tools: Docs: Clarify what's "old" core/v1 and what's "new" events/v1beta1 * Removed clientset param from InjectContent * Remove argument "cs clientset.Interface" from testFlexVolume * Removed 2nd arg "cs" from TestVolumeClient * fixtures.go: Removed unused parameter "client" in testVolumeContent() * utils.go: Changed bashExec to shExec, bash not guaranteed. * test/e2e: Reduce need to use local kubectl * modify url https://github.com/kubernetes/kubernetes/pull62853 to https://github.com/kubernetes/kubernetes/pull/62853 * kube-proxy/ipvs get local addr just once per sync * modify istio url:https://istio.io/news/2018/announcing-0.8/ to https://istio.io/news/2018/announcing-0.8/ * alpha certs tries to read in-cluster config * Convert scheduler to use CSINode GA * Update hostpath CSI driver manifest * Enable volume limits e2e tests for CSI hostpath driver * Promote volume limits to GA * Ensure that Node lease has OwnerReference set * Fix data race in client-go UpdateTransportConfig * Remove unnecessary judgment * remove system validators package from kubeadm and use k8s.io/system-validators instead * - Delete backing string set from a threadSafeMap index when the string set length reaches 0. * generated * Switch kubelet/aggregated API servers to use v1 subjectaccessreviews * Switch kubelet/aggregated API servers to use v1 tokenreviews * Azure: Filter disks with ToBeDetached flag from attach/detach- UT * Azure: Filter disks with ToBeDetached flag from attach/detach * Remove plugin watching of deprecated directory {kubelet_root_dir}/plugins and support for CSI V0 in accordance with deprecation announcement in https://v1-13.docs.kubernetes.io/docs/setup/release/notes/ * adjust token cache benchmarks to get more accurate behavior * Moving WindowsRunAsUserName to beta * Check that endpoint has subset before accessing first subset * remove factory.Config struct and NewFromConfig * make Configurator.Create return a Scheduler * Removed unused method from e2e test framework * Add MetadataProducerFactory for predicates * Plumb configured acceptContentType to client config * kubeadm: Deprecate hyperkube use * alpha certs skip missing files * close scheduler kube-apiserver * publishing: bump Go versions in rules * Update Bazel * Fix RS informer handlers and handling expectations on delete * fix kubectl diff panic * move bindVolumes behind RunPermitPlugins * VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests * Always negotiate a decoder using ClientNegotiator * test: Exit early during resource helper test * test: kubectl unit tests should be using codecs without conversion * test: Set RateLimiter via client config vs direct casting * dynamic: The dynamic client no longer needs a special cased watch * test: Watch should fail immediately on negotiate errors * Create a shim for Codecs that handles client duties * Detect watch protocol errors via an e2e test for apimachinery * Remove deprecated-dynamic client * pkg/credentialprovider: fix staticcheck warning * Fix a typo in pkg/controller * Fix golint issues in pkg/registry/core/service/storage * kubeadm: always use a short timeout for clientset creation * Handle error return from allocatePodResources * Fix golint issues in pkg/apis/autoscaling/validation (#85041) * Print progress updates to stdout and publish to URL * kubeadm: remove the deprecated "--cri-socket" flag for "upgrade apply" * kubeadm: use the secure ports for kube-scheduler and kcm health checks * Fix golint issues in pkg/apis/policy * Fix golint issues in pkg/apis/authorization * set default percentageOfNodesToScore in kube-scheduler back to 0 (maning adaptive) * kubeadm: fix skipped etcd upgrade on secondary cp nodes * added nodeSelector: beta.kubernetes.io/os: linux * kubetestgen implementation * Support specifying a custom subnet for ILB ip * Adding new label to indicate what is managing an EndpointSlice * let standalone npd use kubelet credentials * Move stackdriver startup block after HNS stabilizes. Stackdriver is not functional if metadata-server doesnt respond. At this stage of the init script, metadata server is available * update github.com/docker/libnetwork to f0e46a7 - which bumps it's dependency to github.com/vishvananda/netlink to v1.0.0 * update github.com/vishvananda/netlink to v1.0.0 * Remove potential Goroutine leak in kubeadm wait.go * Update test logic to simulate NodeReady/False and NodeReady/Unknown events correctly * Add translation logic for EBS storage class fstype parameter * Move functions from e2e framework util.go * Enable verify-import-aliases check in CI * Add unit test to catch scheduler's node order evaluation regressions * unit tests * fix a panic when ipam tries to allocate an out of range pre-existing cidr * add featuregate inspection as admission plugin initializer * Add error detail * Remove unused function from e2e framework util.go * Add appProtocol to EndpointSlice.Port * Remove leftover factory directory * noderestriction: update node restriction unit tests to use stable instance-type label * Set TypeSetter in get print flags, like we do everywhere else * scheduler: max attachable volume predicate should also check stable instance-type label * cloud node controller: apply stable instance-type label with backfill to existing nodes * kubelet: add unit tests for backfilling stable os/arch/zone/region/instance-type labels * kubelet: apply both beta and stable instance-type label * api/core/v1: add stable node instance-type label * Move mount/fake.go to mount/fake_mount.go * move exec files back * copy exec file to preserve history * Move password retrieval to openstack_test.go * Remove json-iterator depth patch * bump github.com/json-iterator/go v1.1.8 * Autogenerated * Correctly autogenerate conversions for autoscaling v2beta2 * Revert changes to WaitForStableCluster in scheduler e2e test * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector and mark metrics with ALPHA. * Add envs for configuring hollow-node resource usage. * fixing docker fake client InspectExec * feat(scheduler): convert InterPodAffinity to score plugin * pkg/apis: fix staticcheck warning * typo list-type s/associative/map/ * flowcontrol rest storage implementation * clean up PriorityFunction * Add testcases covering large valid patches * fix race condition when attach/delete disk * Add NewLazyMetricWithTimestamp() API to stability framework. * Aggregate mulitple NodePreference custom priorities to a single score plugin. * test/e2e: check both beta and zone label for getting cluster zone * pkg/util/node: update GetZoneKey to check both beta and GA labels * kubelet: set both deprecated Beta and GA labels for zone/region topology from the cloud provider * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector for kubelet * node controller: set both deprecated Beta and GA labels for Zone/Region topology * core/v1: update well known labels for zones/regions to topology.kubernetes.io/zone and topology.kubernetes.io/region, mark beta labels as deprecated * fix: return NodeScore in even pods spread priority * Stop Watching when there is encoding error * Setting Hostname from Pods on EndpointSlice to match Endpoints behavior. * Add --certificate-key flag to token create * Set go version in fluentd-elasticsearch addon * Limiting the scope of new kubectl get e2e tests to decrease flakiness * close the kube-apiserver for taint tests * allow a verifyoptionsfunc to indicate that no certpool is available * Fix the import aliase nodev1beta1 * e2e_kubeadm: fix missing suite --test* flags * make azure fail if feature gates are not registered * update to version 7.3.2 * bumping up log level for not updated node * Update e2e framework WaitForStableCluster function * Add reclaimPolicy,volumeBindMode,allowVolumeExpandsion to kubectl get storage class * feat(scheduler): remove deprecated pattern in scheduler priority * Migrate CheckServiceAffinity custom predicate to Filter plugin * Add CustomCollectAndCompare to testutils which especially for custom collector Add GetRawDesc() to Desc. * json unmarshal coded error at function applyJSPatch() * Check for terminated reason appropriate for containerD and dockershim * adding pods lister * update k8s.io/kube-openapi to 30be4d16710a * Changed unmount function for subpath with dirs * Added test case for subpath mount with file * Renamed function * Changed test case to use `filepath.Walk` * Unmount subpath should only scan the first level dir * pkg/controller: fix staticcheck warning * delete unused func in latencies.go * Restrict visibility of prometheus to enforce usage of k8s.io/component-base/metrics * Fix record_command suppression of test errors * Fix run_kubectl_sort_by_tests * Fix run_pod_tests * Fix assert methods * e2e: Fix error where pods not logged * e2e: remove unused KubectlVersion function from framework/util * tests: Fixes tests for Windows (containerd, RunAsUserName) * Use framework.ExpectEqual() in unit test * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Migrate custom collector to stablility framework * kubeadm: fix an issue with the kube-proxy container env. variables * Added new test, fixed existing tests. * Create ILB firewall name with prefix "k8s-fw". * feat: update interpod affinity priority with map reduce pattern * remove extra white spaces in v1.16 CHANGELOG * add deprecation warning for alpha.service-controller.kubernetes.io/exclude-balancer label in v1.16 CHANGELOG * hack/update-vendor.sh * hack/lint-dependencies.sh * bump golang/x/... dependencies * bump github.com/go-openapi/jsonpointer v0.19.3 * bump kazel, bazel, gazelle * Update build to go1.13.4 * Fix hack/pin-dependency.sh for go1.13 * Fixup integration tests for TLS1.3 * Move e2e_node flag copy into TestMain * opt out of module mode for builds * Remove unused skip functions * remove featuregate hard requirement from azure legacy cloudprovider * panic in featuregate if a requested feature is unknown * delete EqualPriority priority function, and make registering it a no op * Updating EndpointSlices to use PublishNotReadyAddresses from Services. * Fix apiserver to advertise IPv6 endpoints if bound to IPv6 * skip deployment update if migration fails * Fix storage e2e clean up * add close server missing from serviceaccount test * remove clusterauthentinfo configmap if it is too large * remove exist client hooks * publish cluster authentication trust via controller * Ensure devicemanager TopologyHints are regenerated after kubelet restart * fix golint error * Drop cmd/hyperkube * Script based hyperkube * validates non-resoruce-url * Remove Framework dependency on nodeinfo snapshot * e2e: add defaulting test * apiextensions-apiserver: promote defaulting to GA * Eliminate some default conversions * added --reserved-cpus kubelet command option * Correct spelling mistakes * kubeadm: use versioned component configs * Revert "enabling fluentd on kubemark" * refactor autoscaling utils in e2e * Add sig-scalability-approvers/reviewers as kubemark approvers/reviewers * feat: convert selector spread priority to score plugin * enable profiling by default in the scheduler * Fix watch test to expect Expired instead of Gone * Fix migration tranlation library for ebs * bazel files * Move out const strings in pkg/scheduler/api/well_known_labels.go * e2e: Provide more helpful error output for failing test * Move functions from e2e/framework/util.go Part-2 * add service selector cache in endpoint controller and endpointSlice controller * Stop create hidden metrics for custom metrics * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Add collector UT, and it's also an example for custom collector * Provides API for create const metric * Provides register apis for custom collector * Provide custome collector interface and default implementation * Extend prometheus.Desc * tracking nodes with pod with affinity * tests: Fixes minor agnhost error * bump CSI version to 1.2.0 * Mark rbac v1beta1 and v1alpha1 deprecated * Change scheduler ComponentConfig fields to nilable * Support comments in hack/.golint_failures * Aggregate mulitple NodePreference custom priorities to a single score plugin. * Validate scheduler configuration from config file * Write scheduler configuration from config file * Fix golint issues in pkg/kubeapiserver * Make GCE PD Access Mode reflect readonly status when translating an inline read only volume * Modify the status code number to HTTP status semantics * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Ensure CPUManager TopologyHints are regenerated after kubelet restart * Ensure health probes are created for local traffic policy UDP services on Azure * Convert multiple node label predicates to be a single filter plugin. * add event to remove and reject waitingpods * Fix typo in error reporting in graceful shutdown test * Add some more comments to GetTopologyHints() in the devicemanager * Sync all CPU and device state before generating TopologyHints for them * Abstract removeStaleState from reconcileState in CPUManager * fix golint failures of pkg/security/apparmor * expose PredicateMetadataProducer in generic scheduler * restrict max string length in log * use time.Until instead of t.Sub(time.Now()) * Promote NodeLease feature to GA * remove github.com/pborman/uuid * Move funcs of suites.go to e2e.go * migrate callers to g/g/uuid * Build: Use a better filter on find * Fix a TaintBasedEviction integration test flake * Move json,yaml,jsonpath printers to correct locations * Fix golint issues in test/e2e_kubeadm * Isolate configuration of etcd related parameters into a separate function. * Fix golint issues in pkg/controller/volume/persistentvolume/options * Revert "Make writing file via container in tests sync for real this time by enclosing multiple commands in quotes" * support URI SANs in local signer * refactor into seperate authority package * don't use cfssl in signer * also fix nil panic in lease and add tests for #84729 * Add benchmark test to compare EvenPodsSpreadPriority and SelectorSpreadPriority * Switch debugger configuration fields to pointers * Prevent panic due to Annotations being nil map * Additional mount comments * Change wardle API group to wardle.example.com * Modularize TopologyManager policy Merge() tests * Move TopologyManager TestPolicyMerge() to shared test file * Abstract TopologyManager Policy Merge() tests into their own function * Fix comments in TopologyManager * Move function from top-level TopologyManager to best-effort policy * Add Merge() API to TopologyManager Policy abstraction * Globalize a few TopologyManager functions * Pass a list of NUMA nodes to the various TopologyManager policies * Make restricted TopologyManager policy inherit from best-effort policy * Break TopologyManager.calculateAffinity() into more modular functions * Added LessThan() and IsEqual() methods for TopologyHints * vendor github.com/google/go-cmp/cmp/cmpopts * remove dependency on cfssl * Validate custom priority policy config. * Set user agent for e2e consistently * simplify check for IPv6 in kubelet. * feat: add SSE+CMK support for azure disk * change directory permissions from 0755 to 0750 * remove hack/e2e.go * Bumpd NodeProblemDetector * Move funcs of nodeutil to cloud/nodes.go. * Refactor the process to get ip address of loopback interface * Use log functions of core framework on test/e2e/framework/kubelet * cmd:fix staticcheck warning * Autogenerated * Add tags for autogenerating conversions for Option types * Add conversion function to pointer metav1.Time * deprecate cleanup-ipvs flag * Add linux selector to kube-proxy yaml. * autogen files * Fixes error in go_pkg() * manual API changes and code refactoring * Adding e2e test to ensure kubectl get output is using custom columns when desired. * Refactor tests for configure-helper.sh by moving environment config to testdata. * Updated usage of certificate.Manager to use new rotation metric * Make writing file via container in tests sync for real this time * Move functions from e2e/framework/util.go * Optimizing some format problems (#82983) * Do some Kubectl optimizations suggested by the golangci linter * Move json/yaml printer tests to correct location * scheduler: improve some comments and validation messages * fix log and annotation :cidr mask size must be <= node mask * Move funcs of create.go to e2e/storage * publishing: fix typo in rules * cmd/kubeadm/app: fix staticcheck warning * Moves test to new print_flags_test.go * Move small test back to printers_test.go * Skip GetPodNetworkStatus when CNI not yet initialized * Rename test/data directory to testdata * Added rotation metric to certificate manager * Remove checks for PodShareProcessNamespace feature gate * adding test for retrying MarkPodsNotReady * MarkPodsNotReady retry fix * Cleaned up skip functions from e2e framework * Update k8s.io/utils dependency to latest * Ensure EndpointSlice exist if Endpoint is unchanged * Grab init containers logs in e2e tests * feat: add azure disk encryption(SSE+CMK) support * log the reconstructed device and add break * Don't use hardcoded /go GOPATH in benchmark-dockerized.sh * Add lenient decoding path for v1alpha1 kube-scheduler config * Add serathius to sig-instrumentation-reviewers * test/e2e: AddOrUpdateAvoidPodOnNode/RemoveAvoidPodsOffNode: retry when conflict hit during annotation update * feat: make prioritizeNodes private function of genericScheduler * publishing: add 1.17 rules * publishing: remove 1.13 rules * Results of running update scripts: update-openapi-spec * Use log functions of core framework on test/e2e/freamwork/psp.go * Migrate EvenPodsSpread Priority as Score plugin in map/reduce style * Fix rebase issue * Dump GKE windows test logs via diagnostics tool * Force file sync after writing file via container and wait for pod to disappear after removal in test * Change the way of synchronization in staging/.../apiserver stopAllDelegates will signal other functions to stop updating, instead of acquiring a Mutex and never unlock it * Move the common logic of checking for kms-plugin's version into gRPC client interceptor. * Add davidz627 as owner of pkg/volume/csi * Update bazel * Add scheduler cache size metrics * Fixing EndpointSlice port validation * Add HTTP 410 (Gone) status code checks to reflector and relist with RV='' * Only put un-filtered pod in podDeleteList * fixes crd per-version validation field path * propagate proxy env var to kube-proxy * fixes for tests to pass with FIPS compiler * Make k8s.io/kubernetes dependency policy explicit * RequestedToCapacityRatio as score plugin * delete nodeinfo lister * Autogenerated * tags * Cleanup clientcmd conversion * Add lenient decoding path for v1alpha1 kube-proxy * fix build failure after azure go sdk upgrade * Update Azure/azure-sdk-for-go * adding api spec change and generated files in staging * Expose filteredNodes to func PriorityMetadataProducer * Fixes staticcheck failures and golint failures * Update generated files * Add mirror pod e2e test * Inject owner references into mirror pods * update-vendor.sh; updates modules files * moved Pull-InfraContainer to the last * Moves kubectl get subcommand to staging * delete unused cache * switched to use the pause image served from gcr * Update priorities to use SharedLister instead of using the snapshot directly * Update etcd.sh to use v3 endpoint * Use DNS_SERVER_IP as --cluster-dns in all cases. * Add conformance-behavior-approvers to OWNERS_ALIASES * Adding owners file for Endpoint controller utils * switch cni plugin download to be from gcs bucket * Delete extraneous CHANGELOG-*.md files on branch. * Kubernetes version v1.18.0-alpha.0 openapi-spec file updates * retain corefile when migration fails * Cancel context to make sure all plugins are cancelled when each schedule finishes * Fix typo in admission webhook * golint changes * If an iptables proxier sync fails, retry after iptablesSyncPeriod * BoundedFrequencyRunner: add RetryAfter * Make sure score plugins are executed when no priority configured * e2e: share /dev with host in hostpath driver deployment * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Remove directly reference to Prometheus * move test specific functions from rc_util.go * [generated] ./hack/update-all.sh * adding validation * copy-pasted internal model w/ field-tags pruned * non-generated api models misc * external api models * Remove unused functions in framework.go * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Introduce GaugeFunc to stability framework * Update default etcd server to 3.4.3 * improve error handling in cloud node controller * Fix a double lock in test/utils * Fix a data race in registrytest * Prevent 2 goroutines from being leaked if proxy hangs * Handle expired errors with RV>0 in pager, don't full list if 1st page is expired * Avoid going back in time in reflector framework * bazel and gofmt fixes * Fix golint errors in pkg/credentialprovider/gcp * Convert attach-detach controller to use v1.CSINode * Update tests to use v1.CSINode * Kubelet creates v1.CSINode * Move feature gate to GA * generated files * Add CSINode to storage/v1 * Add unit test for scheduler custom policy redeclaration validation * removed powershell-yaml module dependency * kubeadm-validators: bump the latest validated Docker version to 19.03 * Autogenerated * Cleanup conversions * e2e storage: bump revision of sidecars and driver * kubeadm: always add a flex volume path for the controller-manager * add a fallback for kube-scheduler when events.k8s.io is disabled * Adds Windows build information as a label on the node * fix TestInterPodAffinity case * better HostExec - separate stdout and stderr - return command exit code - remove kubectl dependency * Remove prometheus references in test/integration * refactor(*): fix comparison to bool constant, return redundant * Update bootstrappolicy RBAC rules for migration to lease API * Migrate components to EndpointsLeases leader election lock * When schedule begins, run snapshot before prefilter plugins * unit test: TestAdmitUnderNodeConditions * use HostExec and sets.String * simplify global mount points check * Add e2e test to check for filesystem volume device mount cleanup * support local volume with block source reconstruction * Change DescribeItem to local func * kube-proxy: check KUBE-MARK-DROP * reject pods when under disk pressure * Update GetMountRefs comments * move funcs of expect.go to e2e/common * Change FuzzTime to FuzzTimeStrict for naming consistency * Kubectl certificate signing: fix certificate deny message (#84400) * Fix metrics will be hidden in current minor release issue. * remove reference to promhttp in kubelet * Convert NodeLabelPresence custom predicate to filter plugin. * Apply feature gates in scheduler policy api compatibility test * Update PredicateMetadataProducer to accept a scheduler SharedLister instead of nodeinfomap * Update GCE PD CSI Driver YAMLS to v0.6.0 for testing. Enable Raw Block tests * Change all scheduler's Node and Pod list/lookups to be from the snapshot rather than the cache. * Separate e2enetwork from e2e core framework * Handle bazel >= 0.25 in stable metric static analysis * Pass list of files through stdin to avoid hitting ARG_MAX on some environments * Adds some basic READMEs to some of the test images * add status.podIPs in downward api * Building peer-finder on s390x * Fixing comments FuzzDurationStrict and FuzzMicroTimeStrict * Dynamic SNI certificates * Remove Alpha feature Mount Containers * set config.BindAddress to IPv4 address "127.0.0.1" if not specified * Generated code for PodShareProcessNamespace GA * Promote feature PodShareProcessNamespace to GA * Fix deployment e2e test at scale * Run hack/update-generated-protobuf.sh for XMapType * Run hack/update-openapi-spec.sh for XMapType * Add validation for XMapType * Optionally run e2e pod as privileged for SELinux * rename scheduler fake listers * Enable cAdvisor ProcessMetrics collecting * Fix incorrect whitespaces plural * feat: remove suspendedDaemonPods from daemon controller * Add note on the applicability of --grace-period * Move PokeUDP() to e2e service subpkg * Feature-gate CSINode and CSIDriver informer starts * default back to original summary behavior due to prom version bump * Pin dependencies and update vendors * Resolve uncompatibility from update: etcd CAFile -> TrustedCAFIle * Replace github.com/coreos/etcd by go.etcd.io/etcd * Adding FQDN address type for EndpointSlice * kubeadm: remove commented test * drop CRD spec.scope default value in doc (#84271) * Autogenerated code * Cleanup explicitly registered functions * refactored completed metric test refactor for assert * Add strict deserialization for kubelet component config * Add event for pvc in case node expansion fails * Remove wrappers around storage-related listers in the predicate * modify detach timeout to be csiTimeout * tests: Adds guestbook app subcommand in agnhost * change kubelte nodeInfo to nodeLister * Improve iptables logging * Clarify startupProbe e2e tests * Fix service sanity check after jig.ChangeServiceType * Require exact match when calling Get method within fake clientset * Remove obsolete CSI RBAC roles * Avoid registering manual conversion twice * kubeadm: remove ObjectMeta from output.BootstrapTooken * Add XMapType to the extensions API * remove the extra space added * Fix base image discrepancy when building kubemark. * Add integration test for serving cert rotation * Dynamic serving certificate * Do not list apiextensions.k8s.io/v1beta1 in discovery when disabled * Prefer CRD v1 for internal clients * Feature-gate RuntimeClass informer starts * Feature-gate PDB informer starts * feat: remove WaitForCacheSync from scheduler factory * refactored counter_test to use assert statements and renamed variables for consistency * remove reference to promhttp in etcd-version-monitor * interpod affinity prioritize * Adding initial EndpointSlice metrics. * Move CheckLimitsForResolvConf to Kubelet#syncLoop * Update bazel * Use strict unmarshaling for metav1 fuzz targets * Move funcs of networking_utils to e2e network * Forbid label updates by nodes through pod/status * Move TranslateIPv4ToIPv6() to e2e scheduling test * Fix failing service test * Move CreatePodOrFail() * Add Scheduler validation check for redeclared plugin configs * Fix shellcheck failures SC2251 * Fix shellcheck failures SC2128 * Fix shellcheck failures SC2034 * move nodeinfo/snapshot.go into its own package * Bump shellcheck to v0.7.0 * Add an authn cache benchmark * add option to skip verifying kubelet certificates for logs * add cache read type prefix for const * switch system priority class to versioned (v1) api * Fix golint errors in pkg/apis/apps * wire up a means to dynamically reload ca bundles for kube-apiserver * Pod GC controller - use node lister * Allow pod-garbage-collector to get nodes * Make e2eservice.CheckAffinity wait longer, to avoid flakes * pkg/util/workqueue/delaying_queue: export contructor with custom clock * add dynamic cabundle from file * feat: graduate ScheduleDaemonSetPods to GA * Use v1 CRD deletion endpoints in e2e tests * Add permit_wait_duration_seconds metric for scheduler. * Fix timeouts for networking tests in large clusters * fixed node search starting point * support local volume block mode reconstruction * Addon Manager: Fix bug in generate_prune_whitelist_flags * Drop job from scale description * address some comments * Ignore staticcheck again for tableprinter.go * Updates module dependencies due to moving tabwriter.go * Updates file to reference cli-runtime printer package * Removes duplicate TabWriter. Several updates to reference the one remaining TabWriter in cli-runtime. * Moves tableprinter.go and tabwriter.go to cli-runtime/pkg/printers. Copies PrintOptions to cli-runtime/pkg/printers. * Register new explicit conversions * Autogenerated files * Explicit conversion generator * Create Slice string to bool pointer conversion * Create tags for explicit conversion * Increase ClaimProvisionTimeout to 7 minutes * Revert "move hostPID tests to common" * Adds test TestTemplateSuccess (from TestPrinters) * in pkg/controller/service rename service_controller.go to controller.go * fix golint errors in pkg/controller/service * separate listers into their own package * update getmetadata to use unsafe read * Use sigyaml for the metav1 fuzz targets * Move template printer error test to correct location template_test.go * Moves TestTemplatePanic to correct location of template_test.go * Moves TestTemplateStrings to correct location of template_test.go * add allowunsafe read * Update CHANGELOG-1.17.md for v1.17.0-alpha.3. * remove ipallocator in favor of k/utils net package * Comment out an e2eservice sanity check for now * Plumb dynamic SNI certificates * Add mtls support to add/remove-replica * BoundedFrequencyRunner: fix tests * Few improvements to cloud nat * Improve selector * Lower AWS DescribeVolume frequency * Fix volumeMode retrieval when BlockVolume feature is off * Fix startup probe test by checking updated values * feat: remove CheckNodeMemoryPressure/DiskPressure/PIDPressure/Condition predicates * Revert "Disable local block volume reconstruction test" * Upgrade all node pools for gke upgrade test. * set default value of KUBE_MASTER_URL to empty * etcd health check key should have proper prefix * Log the error even if closeFn crashes * Add fuzz targets for Duration, MicroTime, and Time * Extract PodPhase map outside Less func * rename metric for apiserver request terminations and reword corresponding documentation * Ensure script saves results even when tests fail * Add timeout info to kubectl drain logging * Issue 83458:Changed the return check for GetNodeInfo * filter plugin for cloud provider storage predicate * Fix sanity-checking of LoadBalancer services in e2eservice.TestJig * fix windows performance counter father information failed on Non-English environment * Add a metric to track number of scheduler prioritizing goroutines * Add a metric to track number of scheduler binding goroutines * Return an error when zone info is not found. * Fix typo in k8s.io/client-go/tools/cache/index.go * Add an event to pvc when node expand successfully * Stop register to prom registry from legacyregistry * deployment: Ignore namespace termination errors when creating replicasets * job: Ignore namespace termination errors when creating pods or jobs * daemonset: Ignore namespace termination errors when creating pods * replicaset: Ignore namespace termination errors when creating pods * serviceaccount: If namespace is terminating, ignore create errors * endpoints: If namespace is terminating, drop item immediately * namespace: Provide a special status cause when a namespace is terminating * Push context up to cloud node controller. * rename FilterPlugin NodeResources * storage: Deleting a namespace while spec.finalizers pending should not error * Traverse OwnerReference maps more efficiently * kubelet: Record preemptions similarly to evictions * Close the file after reading in verifydependencies#main * remove unused meta and rename lablance_allocated * LeastRequestedPriority/MostRequestedPriority/BalancedResourceAllocation as Score plugins * feat: remove FakePDBLister * feat: implement node unschedulable as a filter plugin * feat(scheduler): replace several algorithm listers with client listers * Refactor scheduler's framework permit API * Remove CSINode from scheduler cache. * feat: update taint nodes by condition to GA * remove hostnetwork from hostpath csi manifest * Clarify the role for SupportedSizeRange * migrate EvenPodsSpread Predicate to Filter plugin * Use --stamp flag in bazel builds * Add note about addon-manager image location * Update to use go1.12.12 * Move LaunchHostExecPod() to e2e network * create an ordered list of nodes instead of iterating over the tree * Use frameworkHandle to get listers * Added go-fuzz target for json serializer Encode/Decode. * Update glbc.manifest to v1.6.1 * Add Namespace to e2eservice.TestJig, make all methods use jig namespace and name * Make e2eservice.TestJig methods return errors rather than failing * Call jig.SanityCheckService automatically after changes * Create benchmarks for ToUnstructured/FromUnstructured. * [migration phase 1] MatchInterPodAffinity as filter plugin * Bugfix kube-proxy README file to list ipvs modules * Convert error messages to use event recorder remove mix protocol validation remove check nil * Clean-up and additional test cases for socket-mask unit test. * feat: several cleanups in the scheduling package * Remove an unneccessary e2eservice.TestJig method * kubectl drain: avoid leaking goroutines * remove usage of the test/test_owners.* files * Use single kms-plugin mock in unit and integration tests. * Relocate tableprinter tests (#84027) * Prefer to delete doubled-up pods of a ReplicaSet * TestGetPodsToDelete: Use field names in test cases * Fix indent in cherry_pick_pull script * GeneralPredicate as plugin config * cleanup unnecessary func parameters in genericScheduler methods * [migration phase 1] CSIMaxVolumeLimitChecker as filter plugin * Plumb dynamic serving certificates * Check PV volumeMode in kubelet even when block feature is off * Tweak use of caching objects * Do not bind block PV/PVCs when block feature gate is off * Prune inactive owners from cmd/kube-controller-manager/OWNERS. * Update Cluster Autoscaler version to 1.16.2 * feat(scheduler): implement node affinity as score plugin * Ensure TaintBasedEviction int test not rely on TaintNodeByConditions * optimize comments on exported constants (#83875) * Add kubectlPath flag to e2e_node.test * make sure filters are executed when no predicates configured * feat(scheduler): use context in the scheduler package * Move CreateNginxPod() to specific e2e * add myself to typecheck / go-srcimporter owners, move rmmh to emeritus * Update release notes for 1.14.8 to reflect AWS bugfix * Fix AWS block volume reconstruction to be like file * Add incoming pod metrics to scheduler queue. * Revert "kubeadm: enable kubelet certificate rotation on primary CP nodes" * wire dynamic tlsconfig up to apiserver * set backup value to ensure connections against kubelets eventually close * choose a more unique request timeout default * Flush data cache during unmount device for GCE-PD in Windows * add insecurebackendproxy * stop removing cni directories as they aren't installed by kubeadm * kubeadm: enhance certs check-expiration to show the expiration info of related CAs * Change node name to env value of HOSTNAME_OVERRIDE * Bump default NodeStatusReportFrequency to 5m * fix errors * Traverse resources before giving no name error * move service helpers to k8s.io/cloud-provider * e2e: remove duplicatd test suites * tests: Extends agnhost netexec udp buffers * Swtich nodelifecyclecontroller to coordination/v1 * Autogenerated * Promote WatchBookmarks feature to GA * Cleanup printer test package. * Removes unnecessary/irrelevant tests * Adds missing tests. * Updates tests to expect metav1.TableRows instead of string, since this is what the "print" functions return. * Moves tangential tests into another file. * add fuzzing targets for sig-yaml and yaml.v2 * Amend CHANGELOG-1.16.md for v1.16.2 * Reworking kube-proxy to only compute endpointChanges on apply. * Updated COS version to M77 * Fix proto.Merge of IntOrString type * Update CHANGELOG-1.16.md for v1.16.2. * Bump bbolt to v1.3.3 * Remove update-storage-objects.sh * framework: Fix a goroutine leak bug in resource_usage_gatherer.go * Update CHANGELOG-1.15.md for v1.15.5. * Update CHANGELOG-1.13.md for v1.13.12. * Update CHANGELOG-1.14.md for v1.14.8. * fix string trim func isBackendPoolOnSameLB in azure * add tombstoones handle for pdb * fix account key getting logic in azure * kubeadm: use strings in TestTokenOutput * Fix memory and timer leak in work queue * Add crictl windows binaries to workspace * Disable local block volume reconstruction test * Rename dashboard-controller.yaml to dashboard-deployment.yaml * Update CHANGELOG-1.17.md for v1.17.0-alpha.2. * fix: scheduler perf test with pod informer * This adds context from for cloud calls for Kubelet. * fix kubectl delete semantic error * remove duplicate function * Add metrics for scheduler framework. * release: lib: revert docker_registry to constant k8s.gcr.io * Hash keys used in cached token authenticator * move scheduler cache ListNodes interface to snapshot * Remove check causing informers to miss notifications * Update Calico to v3.8.3 * Removes pkg/registry/core/secret/storage from golint failures * Support dynamically set log level for kube-scheduler * bump metrics server version o v0.3.6 * Adds --prefix flag to the kubectl log command * feat(scheduler): implement NodePreferAvoidPods as score plugin * enabling fluentd on kubemark * modify error output in cniNetworkPlugin * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh - Update vendor by hack/update-vendor.sh * Remove direct reference to prometheus from apiserver/pkg/storage/value. * Add information from Lease to kubectl describe node * using pod pointers in node lifecycle controller * fix bug of kubelet flag * Upgrade to etcd server 3.3.17 * [migration phase 1] VolumeZoneChecker as filter plugin * Check error return from snapshot Restore * Add warning when --certificate-key is set and --control-plane is not. * Prune inactive owners from cloud-provider related OWNERS files. * Prune inactive owners from api-approver owned OWNERS files. * Prune inactive owners from autoscaling related OWNERS files. * Prune inactive owners from pkg/credentialprovider/* OWNERS files. * Prune inactive owners from pkg/kubelet/* network related OWNERS files. * Prune inactive owners from pkg/controller/* network related OWNERS files. * Prune inactive owners from pkg/* misc api-machinery related OWNERS files. * Prune inactive owners from pkg/volume/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/apiserver/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/client-go/* OWNERS files. * Prune inactive owners from staging/src/k8s.io/sample-controller/OWNERS. * Prune inactive owners from test/e2e/framework/providers/vsphere/OWNERS. * Remove direct references to prometheus from transformation_testcase.go * feat: implement imagelocality as a score plugin * [migration phase 1] PodFitsHostPorts as filter plugin * [migration phase 1] PodFitsResources as framework plugin * move factory package to scheduler * Prune inactive members from cluster/* OWNERS files. * update staticcheck_failures * test/e2e: move GKE/GCE tests from /lifecycle to /cloud/gcp * test/test_owners.csv: remove sig-cluster-lifecycle ownership * Replaced sortable list with native golang slice. * Prune inactive members from OWNERS_ALIASES. * Add CHANGELOG-1.17.md to CHANGELOG.md * clean up for component-base/metrics * [migration phase 1] PodMatchNodeSelector/NodAffinity as filter plugin * fix inconsistent comment in device plugin api * fix staticcheck in test/e2e/common directory * Rename e2e framework functions used locally * Remove test_verify from e2e framework package * [migration phase 1] NoDiskConflict as filter plugin * Move Initialized() to e2e framework util * Rename Generate[Read|Write]FileCmd()s * Move jbeda to emeritus status. * Amending the GMSA e2e test to allow it to run against Windows-only clusters * move PodPreemptor to scheduler * generated * Upgrade to etcd 3.3.17 * Fix crash in kubectl drain * Isolate the logic related to the configuration of kube-apiserver into a separate script. * Fix package name of psp on e2e framework * Mark 'wait until preStop hook completes the process' flaky * apiextensions: npe panic in structural schema unfold * add the ability for dynamic header names in delegated authentication * feat(scheduler): expand node score range to [0, 100] * bump k8s.io/utils to pickup bug fix for rangesize * Address staticcheck failures for test/e2e/lifecycle/bootstrap * Add RainbowMango to sig instrumentation reviewers * [migration phase 1] Implement CheckVolumeBinding as a filter plugin * Improve IPVS Module loader logic * adding support for kubemark --node-labels flag * [migration phase 1] PodFitsHost as filter plugin * fixing sed separator * Revert #83735: Update etcd client to 3.3.16 * chore(*): update election example (#82821) * Fixed bug in TopologyManager with SingleNUMANode Policy * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Introduce promhttp.HandlerFor to metrics stability framework * Add more tracing steps in generic_scheduler * feat(scheduler): expose SharedInformerFactory to the framework handle * Deal with auto-generated files. Update bazel by hack/update-bazel.sh * Refactor UT with testutil from k/k. * kubelet e2e: run resource monitor only if the actual number of nodes is * e2e test for dualstack phase2 * Implemented taints and tolerations priority function as a Score plugin * Improve 'No resource limits' message * kubeadm: add warning about 'upgrade apply/plan --config' * Add per-pod metrics for scheduler. * Audit of test/* OWNERS files * made scheduler cache and volume binder available when instantiating factories for default plugins * Gofmt. * Topology manager aligns pods of all QoS classes. * Add sig-node-approvers alias * Improve efficiency of csiMountMgr.GetAttributes * Validation: len is measured in bytes * fix static check failures * Update etcd client to 3.3.16 * feat(apiserver): add user-agent and remote info into trace log for endpoints handlers. * Validate AgnhostPod readyness status in e2e tests * Introduce sig-instrumentation aliases in OWNERS_ALISES and simplify OWNERS files * Optimize NegotiateMediaTypeOptions * Update munnerz/goautoneg dependency * kubeadm: remove OutputFlagSpecified from PrintFlags * Promote VolumeSubpathEnvExpansion feature gate to GA * Remove e2e/common package usage in volumemode testsuite * Use latest node-cache version with stubdomain fix. * remove direct references to prometheus/testutil from kubelet/metrics * eliminate direct references to prometheus * Introduce CollectAndCompare to testutils * fix unsafe JSON construction * Fixed bug in TopologyManager with SingleNUMANode Policy * Use log functions of core framework on test/e2e/storage/testsuites/topology.go * feat: feat: change the `pod_preemption_victims` to Histogram * Drop framework.GetReadySchedulableNodesOrDie * Switch admission webhook config manager to v1 * remove the no-op plugin that we used as an example plugin in default registry * Address `staticcheck` failures for `test/e2e/node/...` * Update test/e2e/storage for new GetReadySchedulableNodes stuff * feat: add pod initial/max backoff duration to config API * More work on shuffle sharding utils * Add shuffle sharding utils and tests * Deal with auto-generated files. - Update bazel by hack/update-bazel.sh * Refactor TestRunningPodAndContainerCount with metrics testutil * tag test that taints a node as disruptive * pluralize error metric name * Add RepairVolumeHandle to the csi translation struct * increase auth cache size * Don't log about deleting non-existent affinity entries in userspace OnEndpointsAdd * Addressed comments * CHANGELOG-1.16.md: add note about etcd client bug with IPv6 addresses * pkg/apis/policy: Fix "informatio" -> "information" comment typo * Remove unused method reciever for CSITranslator * Add podCgroup to process kill events to allow for correlation * Use consistent short name for receivers * Added alejandrox1 as test/* reviewer * move util/metrics to component-base * Deal with auto-generated files. Update bazel by hack/update-bazel.sh; Update vendor by hack/update-vendor.sh; * Refactor metrics test from kube-schedule queue. * cmd: fix spelling mistake * Added PredicateMetadata and PriorityMetadata as CycleState to the framework * feat(scheduler): create metadata and addPod/removePod for migration * Making iptables probability more granular in kube-proxy. * Log error from AddIndexers in NewAttachDetachController * Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin. * Up minimum go version to 1.12.4 * Remove the assumption of pod cidr of /24 in the gce window node start up script. * Add unit test for function getSizeRangesIntersection * feat(e2e): refactor hard-coded provision size * Add a new --sort-by flag to kubectl api-resources command * Add known issue to release notes for 1.14.7 * Expose Shutdown func for EventBroadcaster * kubeadm: delete boostrap-kubelet.conf after TLS bootstrap on init * kubeadm: add means to create Node objects via the API client * Mark startupProbe test as NodeAlphaFeature and fix podClient instanciation * Fix attachment of just detached AWS volumes * kubeadm: write boostrap-kubelet.conf during init * Complete output of docker info * typos in old changelogs releases * fix generated-kubelet-plugin-registration * Initial deprecation of kubeadm v1beta1 apis * fix gofmt and golint failures * run hack/update-vendor.sh * Verify metadata schema when decoding unstructured objects in resource builder * update bazel BUILD files * Move pkg/kubelet/pluginregistration and deviceplugin * Show the complete docker info command * Overriding CA file should override skip TLS and CA data * remove the repeat word in documents * Remove stale comment about resyncPeriod * tests: Simplifies image pulling tests * update internal error message * Log the error return from store.Delete * feat(scheduler): expose kubernetes client in framework handle * cleanup v1 event expansion. * Refactored e2e-test-framework util.go * kubeadm: renew certificates on "upgrade node" by default * kubeadm: use CertificateRenewal constant for "upgrade apply" * fix golint errors for pkg/master, together with cheftako * Added the first predicate as a filter plugin: PodToleratesNodeTaints. * Bump dependency github.com/godbus/dbus@v19 (2ff6f7ffd60f) * Bump dependency github.com/coreos/go-systemd@v19 (95778df) * Rename cgroupsystemd.Manager to LegacyManager * Bump dependency syndtr/gocapability@v0.0.0-20180916011248-d98352740cb2 * Bump dependency opencontainers/selinux@v1.3.1-0.20190929122143-5215b1806f52 * Bump dependency github.com/mrunalp/fileutils@7d4729fb36185a7c1719923406c9d40e54fb93c7 * Bump dependency opencontainers/runc@v1.0.0-rc9 * add mtaufen to cluster/gce owners * Requesting Review/Approve privileges for cluster/OWNERS * Move heap into its own internal package * Modified the name of the Extensions method in the scheduler's framework. * vendor: update gomega to v1.7.0 * Fix kube-proxy healthz server for proxier sync loop changes * Add jpbetz as reviewer of api-machinery code * Move privilege e2e test to common * Cleanup reflection usage in framework creation * Fix `test/integration/kubelet` staticcheck failures * remove Get/Set node condition dependency for the ccm controllers * Better distinguish the two kinds of proxy health check servers * refactor tlsConfig creation for secure serving * Reconstruct block PV name in all volume plugins * Fix volume map path during reconstruction * eliminate direct references to prometheus * Test global block directory in reconstruction tests * Return proper error message when BindPodVolumes fails * don't add extra variable for searches * improve explanatory comment about trailing dots in searches * feat(scheduler): scale the extender output in generic scheduler * feat(scheduler): rename PluginContext to CycleState * Allow users to use custom tags * nodeipam-controller:fix static check failures * 127.0.0.1-as-advertise-address * pkg/util/iptables: add Dan Winship to OWNERS * Cap the number of managedFields entries for updates at 10 * Refactor fieldmanager to be more modular * Add klueska as reviewer for CPUManager and devicemanager * Dedupe logging for PD SetUpAt and added a slow SetVolumeOwnership warning * check that N job pods succceeded instead of exactly N pods existing and succeeding * Remove hyperkube from release artifacts * Refactor scheduler.New so that all framework-related parameters are passed as options * Avoid unnecessary identifier computations * Cache encoder for auditlog backend * Clean up TODOs * Remove Prometheus addon and it's tests * Test token output * kubeadm token list: implement structured output * Add internal kubeadm output API * Ability to set up additional, bigger nodes during tests * create new api group output.kubeadm.k8s.io * Reset default namespace deletion timeout to 5 minutes * feat(scheduler): use reflect to reduce the similar pattern * Limit YAML/JSON decode size * Add CHANGELOG-1.17.md for v1.17.0-alpha.1. * Fix double counting issue for request metrics on timeout. * move PodConditionUpdater to scheduler * Update CHANGELOG-1.16.md for v1.16.1. * move hostPID tests to common * Check the return value from store.Update * bump gopkg.in/yaml.v2 v2.2.4 * Remove block volume capability from GCE PD CSI Driver because not supported in v0.5.2 * iptables.Monitor: don't be fooled by "could not get lock" errors * fix metrics-server rbac * Bump version of event-exporter and prometheus-to-sd. * adding pods to MarkPodsNotReady parameters * adding pods to DeletePods parameters * make test pass * Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" * feat(scheduler): remove MaxPriority in the scheduler api * kubectl: remove usage info from bad flag error msg * IP validates if a string is a valid IP address * Fix typo in docstring of DeepEqual * Bump nfs provisioner version to v2.2.2 * Use same 'minimum resource version' semantics both when watch cache is enabled and disabled * Run block tests for gce-pd csi driver. Improve skip block test function name * Revert "Bugfix: remove PV dir when umount raw block device" * Fix sig-node test by adding back the numNodes * bazel update * e2e log: move back to framework, part II * .github: add guineveresaenger and mrbobbytables as reviewers * e2e log: Ginkgo 1.10.1 fixes stack skip * e2e log: consistent logging of stack backtrace and failure, part II * e2e log: skip log.Failf in stack information * e2e log: fix full stacktrace with Ginkgo 1.10.0 * kubeadm: add test to detect panics when given certain feature gates * Add link to release notes documentation to PR template * Clean up sig-auth OWNERS_ALIASES * Check whether mirror pod is ciritical in managerImpl#evictPod * remove redundant quota.V1Equals * bazel and codegen files * refactor scheduler extender related API * Don't leak a go routine on panic * Switch from admission-control flag to enable-admission-plugins * A consistent interface for plugin extended functionality * add ability to authenticators for dynamic update of certs * Fix staticcheck failures in `test/utils/...` * add ability to pre-configure poststarthooks for apiservers * fix wrong test in generic-resources.sh * generated * explain lack of finalizer ordering in godoc * Update symlink warning * Use pod + nsenter instead of SSH in mount propagation tests * 1.18 entry in etcd map * Fix shellcheck failures in cluster/validate-cluster.sh * Creating function for preflight check. * Allow ipv6 urls in GetPortURL() * Change XPN firewall change message, should be required by security admin. * Convert predicates/priorities configurations to a framework plugin configs. * custom retry strategy in GenericWebhook * Remove deprecated scalability tests * Merge attach and detach common func * bump versions for v1.17 cycle * adding fakeGetPodsAssignedToNode * Cache serializations * CachingObject * scheduler: make getVolumeLimits a function instead of a method * Implement support for CacheableObject * Fix transformObject to work with CacheableObject. * CacheableObject test * Implement Encoder.Identifier() method * Add Identifier method to GroupVersioner interface * Extend interfaces to support CacheableObject * e2e: on aws, tag volumes we want the cluster to mount * Add bazel by hack/update-bazel.sh * Introduce testutil package to support metrics testing. * complete pkg/scheduler/util unit tests * Only kill process where killing failed during previous iterations * Fix host reuse for e2e tests * Update bazel by hack/update-bazel.sh * Migrate etcd version monitor to metrics stability framework * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus * Update bazel and vendor by hack/update-bazel.sh and hack/update-vendor.sh * scheduler: code clean up for predicates/metadata * Remove direct reference to Prometheus. * Removal of kubernetes error dependancies * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus from openstack * Fix dynamic kubelet config init order * Delegate topology hint gen to CPU manager policy * Update e2e testing nodePort service listening on same port but different protocols * Add nil checks for Azure CSI translation * Use imageutils instead of hardcoded image paths * Refactor CSI Translation Library into a struct that is injected into various components to simplify unit testing in future * test/e2e: Delete test namespaces asynchronously * Upgrade Calico to 3.8.2 * E2E: Add missing Bootstrap() call * Deflake TestWatchBasedManager * Fix golint issues in pkg/util/env * Fix help text in kubectl top -h * scheduler: handle error of podSpreadCache.removePod method * Update bazel by hack/update-bazel.sh * Remove direct reference to Prometheus.Label for vsphere * Update bazel by hack/update-bazel.sh * Remove direct reference to prometheus.Label for scheduler * replace bytes.Compare() with bytes.Equal() * Cleaned up skip* functions from framework/util.go * Fix aggressive VM calls for Azure VMSS * Address PR comment * Update service controller to prevent orphaned public IP addresses * Use log functions of core framework on [r-u] * using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env * add a known issue in 1.16 for kube-scheduler * Enable strict serializer with codec factory * using online instead to fix kubelet service failed with wrong number of possible NUMA nodes * Improve error message for projected tokens when API is not enabled * add test to show generic pod count counts all pods * Bugfix: remove PV dir when umount raw block device * migrate leader election to lease API * add comment explaining why we remove trailing dots in searches * Bump addon-resizer to 1.8.6 * Remove direct reference to prometheus.Label from metrics API. * use log functions of core framework * feat(scheduler): consolidate ScoreWithNormalizePlugin into ScorePlugin * A mapping from predicates/priorities to pluing configuration. * Only detecting stale connections for UDP ports in kube-proxy. * Update to use go1.12.10 * Prune should respect namespace * Update crictl to v1.16.1. * Apply current parses the yaml object 3 times * Add tests and benchmarks for endpoints and node * Fix golint errors in pkg/apis/core (#82919) * Properly close the file in makeFile * Fix typo * using short flags instead with validate * kubeadm: update OWNERS for 1.16 * bump k8s.io/utils to pickup ipallocator changes * Optimize GetControllerOf method * Use pod + nsenter instead of SSH in block volume tests * Adding lifecycle to RC, RCSet, Deployment, and Job testutils * Modify test so that +genclient:nonNamespaced tag is exercised * Corrected the pod reporting and messages * fix cpumanager reconcileState without sourceready * Plumb context to webhook calls * Propagate context to ExponentialBackoff * Fix a new staticcheck issue. vendor/k8s.io/apiextensions-apiserver/pkg/controller/finalizer/crd_finalizer.go:167:2: this value of crd is never used (SA4006) * Fix staticcheck issues: Dealing with unused functions/variables/types. (staticcheck U1000) Dealing with value never used issue. (staticcheck SA4006) Dealing with concurrency issue. (staticcheck SA2002 SA4010) Remove packages from staticcheck failure files: apiextensions-apiserver * fix default daemonset update strategy * Remove unnecessary sorting for highestSupportedVersion * Fixing EndpointSlice kubectl output * Allow disruptive conformance tests and marks 2 * Adding owners for EndpointSlice controller * Remove unnecessary traversal of pod.Status.Conditions * Stop building the kubernetes-test mondo tarball * Add e2enode.GetRandomReadySchedulableNode, replace some uses of framework.GetReadySchedulableNodesOrDie * Add e2enode.GetBoundedReadySchedulableNodes, replace some uses of framework.GetReadySchedulableNodesOrDie * Fix up e2enode.GetReadySchedulableNodes, replace many uses of framework.GetReadySchedulableNodesOrDie * An interface that allows pre-filter plugins to update their pre-calculated. * Move GetPodPriority from /scheduler/util to /api/pod * Propagate context to Authorize() calls * Add context-propagating CreateContext methods to *Review clients * Run hack/update-bazel.sh * Add support for type checking Unstructured via GVK in reflector * remove trailing dots from the parsed searches from host resolv.conf * Fix bug The statefulset have duplicate revision after resource was updated * fix Security Context should run with an image specified user ID * to use existing validating function * Update bazel by hack/update-bazel.sh Update vendor by hack/update-vendor.sh * Migrate prometheus bucket functionality to metrics stability framework. * Migrate stability level handle functionality overall metrics package * Handle metrics.StabilityLevel default value better. Provide a method setDefault() to StabilityLevel type. Update bazel by hack/update-bazel.sh * Updating EndpointSliceCache sort function to be significantly faster. * Use ipv4 in wincat port forward * Rename package socketmask to bitmask. * auth/cloud-platform is a superset of devstorage. * Fix staticcheck failures for scheduler packages * Fix staticcheck failures for pkg/scheduler/... * Fix the cluster role for typha horizontal scaler. * Updated ContextData and PluginContext with Clone methods. * Copy PrettyPrintJSON to core framework * Add strict serializer to codec factory in kube-proxy * Add KUBE_COVER_REPORT_DIR to specify coverage output dir. * make namespace-lifecycle controller more responsive * Update go mod hcsshim version to fix the kube-proxy issue cannot access service by self nodeip:port on windows * Add known issue for informer-gen for packages with dots * use vmss instance view expansion and azure-sdk v33.1.0 * Update codegen violation rules * Update generated code * Add example3.io:v1 to update-codegen.sh * Add example3.io * Revert "Updated COS version to M77" * Wrap promethues.Labels to stability framework. * fix: remove reportingInstance field in eventKey. * informer-gen: allow package names containing dots * fix docker_build_opts bound variable * Bump metrics-server version to v0.3.5 * Bump k8s.io/klog to v1.0.0 * Use log functions of core framework on test/e2e/upgrades This makes sub packages of e2e test upgrades to use log functions of core framework instead for avoiding circular dependencies. * Use log functions of core framework on test/e2e/autoscaling This makes sub packages of e2e test autoscaling to use log functions of core framework instead for avoiding circular dependencies. * hack/local-up-cluster.sh: ability to configure auth webhooks * using echo to print args * clean up code for scheduler * cleanup unused function * Fix EndpointSliceController service deletion processing * Remove unused func GetPersistentVolumeClaimVolumeMode * Minor cleanup of jsonFallbackEncoder * feat: bump github.com/prometheus/procfs to v0.0.2 * feat: bump github.com/prometheus/client_model to v0.0.0-20190129233127-fd36f4220a90 * feat: bump github.com/beorn7/perks to v1.0.0 * feat: bump github.com/prometheus/client_golang to v0.9.4 * feat: bump github.com/prometheus/common to v0.4.1 * Remove unreachable error check in RBDUtil#cleanOldRBDFile * Offical kubernetes dashboard should schedule to linux node * Come out of loop when RPC_STAGE_UNSTAGE_VOLUME is found * Fix golint failures of pkg/kubelet/status/... * Check error return from WaitForCacheSync * Bind kube-proxy containers to linux nodes to avoid Windows scheduling * fix(pkg): delete unused var or const * Remove some unused codes in stateful_set_utils.go * storage E2E: test drivers must have DNS-1123 names * use scheduler.Option in initTestSchedulerWithOptions * use scheduler.New in createConfiguratorArgsWithPodInformer * change compatibility_test struct, remove ExpectedPolicy * validate scheduler policy instead of the decoded policy in compatibility_test * remove factory.NewConfigFactory in compatibility test * Rename testCleanup to driverCleanup * add topology e2es to storage testsuite * Fix kubectl panic when handling invalid error. * Replace hyperkube with apiserver for binary path guess * docs: add comments for action. * fix map assignment to entry in nil map,when use --feature-gates in kubeadm * Register DeleteOptions conversion functions * Minor apis/meta cleanup * simplify regexp with raw string * Use framework.ExpectNotEqual() * fix(test): delete unused unused var or const * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Use framework.ExpectEqual() * Move PodPriorityResolution e2e to integration * WithAuthentication should wrap WithMaxInFlightLimit * Improve fieldmanager tests and benchmarks * Allow relaxing deleted pods checking in RC runner * Refactor the scheduler's configuration logic. * Defer the removal of labelAlphaNodeRoleExcludeBalancer to 1.18 * Fixed a scheduler panic on PodAffinity * Benchmark test for PodAffinity * TokenCleaner#evalSecret should enqueue the key * Update 1.16 CHANGELOG with introduction of feature EvenPodsSpread * eviction processing refactor * fix cni timeout * Clean up redundant post-finalizer deletions * Add a couple simple conversions * replaced logs in validators to be warnings * Fix pre pull of images in DiskPressure tests * delete unused var * Fix closing of dirs in doSafeMakeDir * Remove redundant setting. * Fix wrong comments and inaccurate logs in endpointslice_controller * Add .bazelversion file * Fix typo in v1.16 CHANGELOG * cleanup test code in upgrades and autoscaling pkg * Break out of loop when NodeHostName is found * Modified the Filter interface to pass in nodeinfo instead of node name. * exclude kms provider from health check * Convert tbe e2e to integration test * Drop v1.14.0 API test data * Add v1.16.0 API compatibility data * Update CHANGELOG-1.14.md for v1.14.7. * Update CHANGELOG-1.15.md for v1.15.4. * fix shellcheck in cluster/gce/config-common.sh * Update CHANGELOG-1.13.md for v1.13.11. * Update CHANGELOG-1.16.md for v1.16.0. * Do not query the cloud if PV has all the labels * Refactor and clean up e2e framework utils. This patch handles test/e2e/framework/pv_util.go file * fix rbd info when return warning information * Add version logging to kubemark * Return error when failed to get storage class * uses the API instead to fixemptyDir volumes pod should support shared volumes between containers * fix kubectl run --generator=xxx bug * Add metrics of authentication overall latency. Add alpha tags to authentication_attempts explicitly. * Fix static failure for package: staging/src/k8s.io/code-generator * Fix reinvokation test flake by isolating webhooks and markers * Bump github.com/heketi/heketi to c2e2a4ab7ab9 * Fix Errorf arguments in tests * dump namespace object in e2e when it doesn't get deleted * Support kube-dns stubDomains in nodelocaldns * Consolidate UID and GID * Only set ipv4/ipv6 routes when there is corresponding CIDR. * Correct the error variable for releasing CIDR * Compact memory before requesting huge pages * Add iptables.Monitor, use it from kubelet and kube-proxy * remove unused variables in scheduler api types * Move flag parse to main func from init() * autogenerated * IntOrString conversions * Remove unneded/bad conversion * fix compiling failure: execvp: /bin/bash: Argument list too long * update process name to fix pod infra containers oom-score-adj should be -998 and best effort container's should be 1000 * feat(scheduler): use api server to watch scheduled pods * fix error package name and rename struct * remove pkg/version and some of redundant copies of it * Updated COS version to M77 * Allow upgrade test to run on all cloudproviders * Metrics for ratelimited count * fix auth import statement * validations: for negative PVC storage size don't report "must be >= 0" * reference cherry pick process in hack script * kubeadm --service-cluster-ip-range supports a comma seperated list of service subnets. * Adjust nginx lb timeout in tests * fix static check failures in staging pkg * rm unnecessary return * Update bazel by hack/update-bazel.sh * optimize gc_controller.gcTerminated * del unuse var in pkg/controller * Migrate prometheus bucket functionality to metrics stability framework. * Migrate prometheus bucket functionality to metrics stability framework. * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to metrics stability framework. * local-up-cluster kube-proxy terminated error * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to metrics stability framework. * Check the length of recorder.invocations * Drop iptables firewalld monitoring support * e2e: test that both kube-proxy and kubelet recover after iptables flush * use log funcs of core framework in the auth, kubectl and windows pkg * replace with * add-err-handling-in-images/etcd/migrate * use log func in test/e2e/apimachinery * add or fix some errors return statements and ineffassign * expose and use an AddHealthChecks method directly on config * skip e2e tests that run on multi node cluster and require node independent volume for the drivers that does not support node independent volumes, like hostpath * Fixes static check failures in test/e2e_node/* * Updates to resolve shellcheck issues Removed hack/lib/test.sh from /hack/shellcheck_failures Removed and }s to satisfy shellcheck SC2004 Added double quotes to satisfy shellcheck SC2086 Converted array reference to access all elements to satisfy shellcheck SC2128 Updates to satisfy shellcheck SC2143 Updates to satisfy shellcheck SC2178 & SC2124 Updates to satisfy shellcheck SC2128 Updates to satisfy shellcheck SC2207 * Allow v1 review versions in 1.17+ * Added a noop plugin to make sure we have the dependencies worked out for the default registry of the scheduler framework. * Update CHANGELOG-1.16.md for v1.16.0-rc.2. * Verify the response audience matches one of apiAuds * Fixed an issue where duplicate containerPorts where not allowed across different address families * use log func in test/e2e/network * apiextensions: add integration test for not publishing non-structural CRDs * Fix TestBlockMapperMapDeviceNotSupportAttach informer sync race * Update golang scientific notation using hack/update-gofmt.sh * fix kubelet status http calls with truncation * Split fieldmanager with interface * Support running custom nodelocaldns yaml in gce. * Only publish openapi for structural schemas * Promote lease API test to Conformance * Omit openapi properties if spec.preserveUnknownFields=true * Ensure conversions are registered for metainternalversion codecs * migrate scheduler api types to sized integers * replace 200 with http.StatusOK * fix: azure disk detach failure if node not exists * kubeadm: preserve order of user specified apiserver authorization-mode * adding lock to node data map * Update bazel by hack/update-bazel.sh * Migrate prometheus bucket functionality to kube-metrics. * Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs. * Fix iptables version detection code to handle RHEL 7 correctly * Always set content-type & nosniff * Add note on the role of BenchmarkSimpleCache * Refactor FieldManager tests to make them simpler * Replacing deprecated seccomp. * Adding recommendations from tallclair. * Fix identation issue. * Update .in and .sed files. * Harden kube-dns to run with less privileges. * Add johnbelamaric as conformance approver * Fix ipv6 ip allocation method for standard lb * Make API constants constant * Scheduler PreBind plugins are currently allowed to return Unschedulable status, which should not according to the KEP and comments. * Check the error return from AddPlugin * Propagate and honor http.ErrAbortHandler * Break out of the loop when active endpoint is found * Add wrapper to metrics stability framework for prometheus buckets functionality * Add unit test for RS to correctly handle expectations on recreate * Exec probes should not be unbounded * Add 16MB limit to dockershim ExecSync * Add LimitWriter util * Fix EvaluatedNodes in ScheduleResult * Expose etcd metric port in tests * MOD:fix spelling errors * MOD:fix spelling errors * need to use local variable so that pluginNameToConfig map can keep correct contents * Remove duplicate logging * test: add cases to test that no images present on node or kubelet's NodeStatusMaxImages flag is set to 0. * Added OWNERS file for Topology Manager * Modify the log of kube-proxy * change envelope transformer to return status error for better monitoring * Regenerate specs * Remove alpha status from ManagedFields * dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode * Update CHANGELOG-1.16.md for v1.16.0-rc.1. * adding yastij as a reviewer for the runtimeclass admission controller * add apigroup to the data source when using kubectl describe pvc * 'imagetag' -> 'image' in edit set command examples * Log all executed iscsiadm commands * test: fix liveness pod * fix: handling unpadded base64 encoded docker auth field * add line break in kubeadm upgrade logging message * remove packages in hack/.staticcheck_failures which are passing staticcheck * Fix typos in KeyUsage constant names * Continue with remaining volumeAttached's in VerifyVolumesAreAttached * Remove me from OWNERS for GCI * Avoid encoding from competing goroutines * Nominate alculquicondor to scheduler reviewers * Generated files * Export UserInfo conversion, use authnv1.UserInfo in audit * log-dump: make logging clearer * remove packages in hack/.staticcheck_failures which are passing staticcheck * fix some ineffassigns * e2e_kubeadm: fix command flags description * tests: Replaces Redis image with Agnhost * endpoints: fix admission test types * fix some missing errors return statements * fix ineffassign * kubelet: refactor server containerLogs test to table driven test * feat: remove EnableAggregatedDiscoveryTimeout feature gate * feat: remove GCERegionalPersistentDisk feature gate * feat: remove PersistentLocalVolumes feature gates * Return proper Kind in error for Cacher * Update comment for syncHandler * Fix licenses * Match label and fields selectors in ComponentStatus List API * init check for cloud node controller * Check cache is synced first before sleeping * Handle pod addition / removal errors * fix indentation with 'kubectl describe node' * Encryption config: correctly handle overlapping providers * Added alejandrox1 as test/e2e/framework reviewer * squash: reaction to comments * add conditions for remaining object totals during ns termination * Create LoadBalancer in nginx ingress tests * kubeadm: code clean up * Clarify retry.RetryOnConflict docs * Restore retry.RetryOnConflict docs, fix up retry.OnError docs/naming * Fix reviewer typo. * use log functions of core framework in the 'test/e2e/storage/*' * fix a typo in cmd/kube-apiserver. * Promote PQDN for services DNS e2e to Conformance * Move from regexp to csv string * clean up test code * inline e2eservice.CreatePausePodDeployment into tests * Move a bunch of totally non-jiggy code out of e2eservice.TestJig * Enable block tests for Cinder * update spelling mistakes * Add e2e test for kubectl describe cronjob * Remove dead code used only in tests * fix(scheduler): remove the defer function cost * refactor: replace all calls to os.Exit() / CheckErr(). * Avoid conflicting log message when AddPodToVolume encounters error * Add comment for testing 100+ CPU usage * Bump gonvml module and remove CGO dependency. * test: fix azure disk test failure * Cleanup staticcheck from staging/src/k8s.io/client-go/tools/cache. * test: fix azure disk e2e test failure * Repaire incorrect ip version event * Remove unused func IsProxyLocked * Add unit test for DisruptionController retry logic * pkg/kubelet: fix uint64 overflow when elapsed UsageCoreNanoSeconds exceeds 18446744073 * add identification for particular certificate controllers * fix regex for go file, make it more accurate * replace time.Now().Sub with time.Since * openstack: do not delete LB in case of security group reconciliation errors * Update security contacts for kubectl * fix shellcheck failure in gci/flexvolume_node_setup.sh * volume scheduling: move metrics code into a separate pkg * Don't require any resources in race test * Mark Ceph tests as serial * hack/boilerplate/bolierplate.py: format python file according to PEP8 guidelines * fix shellcheck failures of cluster/addons/addon-manager/kube-addons.sh * fix golint failures of pkg/kubelet * e2e test: Label all nodes in pod anti-affinity test. * Fix description of diff flags. * Add debug info to kubectl e2e * Use Key() in Path composition * Fix a static check failure in controller-manager * Fix retry logic in DisruptionController * Move Update Apply conflict test to field manager test * Early return after sending to errCh in Options#eventHandler * clean-up shared metrics code and remaining references (component-base's copy is a drop in replacement) * Add new flag for whitelisting node taints * Adding termination grace period to Deployment, RC, RCSet, and Job * Add LinuxOnly tag to e2e testing session affinity * Kubenet can't fail fast on teardown * delete extra comma * Add IPv6 support to kubenet hostport * Fix broken link. * Use log functions of core framework on test/e2e/scheduling * Reword the comment for ServiceIPRange * Remove default service cidr * Updated stripFieldsTest to be run with update instead of apply * Made some spelling & grammar edits to the README * Remove Client#ClusterAvailable from interface * replace iteration with hashmap in *state_of_world * Typo fix: binded -> bound * Take the context as the first argument of Schedule * Fix sync pod log format and a func typo. * Rewrite tests for tableprinter.go * Reduce redundant Nodes().List() call * Reduce indents of DumpAllNamespaceInfo() * Explicitly handle returned error values in admission metrics_test * fix wrong typo stoageMap to storageMap * Cleanup UT test data after test done. * fix shellcheck failure in test/image/image-util.sh * Moved managed fields validation to server-side apply * Remove recursion in waitForVolumeDetachmentInternal * Break out of loop when finalizer is found * add myself to util metrics owners * replace factory.NewConfigFactory with scheduler.New in volumescheduling * Update ConfigMap test * add logicalhan to reviewers for api-machinery directories * remove blank lines * Add a method to TestContext to check if is IPv6 * use log functions of core framework * use log funcs of core framework in the test/e2e/scalability and test/e2e/cloud package * cleanup test code in lifecycle, servicecatalog and ui package * Fix typo in kubectl describe docs * Typo fix: EptyDir -> EmptyDir * fix typo in pkg * Remove unnecessary factory layer * Fix typo in EnableInf*l*ightQuotaHandler flag * Remove duplicated log. * feat: remove factory.Config from mustSetupScheduler * feat: use scheduler.New instead in createSchedulerConfigurator * Fix static failure from package: vendor/k8s.io/kube-aggregator * added override for sd testing env in event-exporter yaml * aws: sort addresses of multiple interfaces correctly * Add support for preemptible instances in node-e2e * fixed typos in kubectl book * Apply will fail with managed fields + tests * fixed a typo in kubectl book * Apply zero TerminationGracePeriodSeconds to preemption victims * remove runtime.VersionedObject from universal apimachinery * Fix Container exit message lost due to FallbackToLogsOnError is not compatible with ContainerCannotRun * Drop hyperkube use from local-up-cluster.sh * Add -s to du commands to not traverse other file systems * Fix golint failures of pkg/kubelet/qos * feat: remove deprecated include uninitialized flag * remove apiserver loopback client QPS limit * Fix informer-gen to honor nonNamespaced tag * Fix link to moved Docker image * very minor grammar fix in 10-kubeadm.conf ('generate' instead of 'generates') * removed duplicated kubectl get * removed extra hyphen in kubectl book * Fix log level for runtime error in kubelet.go * Add benchmarks for yaml marshaling and unmarshaling * Delete the redundant define test * Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" * correct the return information in scheduler.go * fix typos in if statememnt in /test/e2e_node * spelling error 'doen't' * fix syntactic error in kuberuntime_manager.go-2 ==== kubic-control ==== Version update (0.9.0 -> 0.9.1) Subpackages: kubicctl kubicd - Update to version 0.9.1 - Add support to deploy metallb and hello-kubic via kustomize ==== metallb ==== Version update (0.8.2 -> 0.8.3) - Update to version 0.8.3 - Add kustomize.yaml file ==== patterns-containers ==== Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm patterns-containers-kubernetes_utilities patterns-containers-kubic_admin patterns-containers-kubic_loadbalancer patterns-containers-kubic_worker - loadbalancer: add kubic-haproxycfg ==== podman ==== Version update (1.6.4 -> 1.7.0) Subpackages: podman-cni-config - Add: 0001-clarify-container-prune-force.patch to fix the --force flag for the "container prune" command. (https://github.com/containers/libpod/issues/4844) - Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the - -format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and - -mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys="" - The podman build command now supports the --pull and - -pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without - d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and [#4621]) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to - -authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory - Remove no longer needed workaround for *.5.md man page sources ==== rook ==== Version update (1.1.7+git0.g50c6ca1f -> 1.2.1+git0.gccc10604) - Update to v1.2.1: * Add missing env var `ROOK_CEPH_MON_HOST` for OSDs (#4589) * Avoid logging sensitive info when debug logging is enabled (#4568) * Add missing vol mount for encrypted osds (#4583) * Bumping ceph-operator memory limit to 256Mi (#4561) * Fix object bucket provisioner when rgw not on port 80 (#4508) - Update to v1.2.0: * Security audit completed by Trail of Bits found no major concerns * Ceph: Added a new "crash collector" daemon to send crash telemetry to the Ceph dashboard, support for priority classes, and a new CephClient resource to create user credentials * The minimum version of Kubernetes supported by Rook changed from 1.11 to 1.12. * Device filtering is now configurable for the user by adding an environment variable + A new environment variable DISCOVER_DAEMON_UDEV_BLACKLIST is added through which the user can blacklist the devices + If no device is specified, the default values will be used to blacklist the devices * The topology setting has been removed from the CephCluster CR. To configure the OSD topology, node labels must be applied. * See the OSD topology topic. This setting only affects OSDs when they are first created, thus OSDs will not be impacted during upgrade. * The topology settings only apply to bluestore OSDs on raw devices. The topology labels are not applied to directory-based OSDs. * Creation of new Filestore OSDs on disks is now deprecated. Filestore is in sustaining mode in Ceph. + The storeType storage config setting is now ignored + New OSDs created in directories are always Filestore type + New OSDs created on disks are always Bluestore type + Preexisting disks provisioned as Filestore OSDs will remain as Filestore OSDs * Rook will no longer automatically remove OSDs if nodes are removed from the cluster CR to avoid the risk of destroying OSDs unintentionally. To remove OSDs manually, see the new doc on OSD Management - Update csi-dummy-images.patch - Update flexvolume-dir.patch - Drop outdated patch 0001-bsc-1152690-ceph-csi-Driver-will-fail-with-error.patch