This change updates the transport.Config .Dial and .TLS.GetCert fields
to use a struct wrapper. This indirection via a pointer allows the
functions to be compared and thus makes them valid to use as map keys.
This change is then leveraged by the existing global exec auth and TLS
config caches to return the same authenticator and TLS config even when
distinct but identical rest configs were used to create distinct
clientsets.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: b69bbf362018ce4f105ff88fe118d4cf18f96706
Automated cherry pick of #111235: fix a possible panic because of taking the address of nil
Kubernetes-commit: e9dbbc3f7471c711cfda65d7a154695700f0b282
Automated cherry pick of #107311: client-go: Clear the ResourceVersionMatch on paged list calls
Kubernetes-commit: fa546d8cc76fe7c07c538d55efd2e6dd4ec919a5
the test TestHTTP1DoNotReuseRequestAfterTimeout has to wait for
request to time out to assert that subsequent requests does not
reuse the TCP connection.
It seems that current value of 100ms causes issues on some CI
environments and bumping the timeout seems to solve this flakiness,
We can bump the timeout value because is really low compared to real
scenarios and the bump still keeps it in the millisecond order.
Kubernetes-commit: fa68e8248594e54cda4cc06ab69030f6267ebbb7
Close connection and stop listening when port forwarding errors occur so that kubectl can exit
Kubernetes-commit: cd6ffff85d257ff9067d59339f2ffdbcc66dc164
This avoids the assumption that the kinds are populated in the schema,
and is arguably a little more efficient also.
Kubernetes-commit: 3bf06ff3a15a2f1fefeb7a70373a92cb4b94818f
Add wired off code for Validation rules for Custom Resource Definitions using the CEL expression language
Kubernetes-commit: 6b41d75794381487ef7204b016faa75e350a32b7
It iterates over the wrapped transports until it finds one
that implements the CloseIdleConnections method and executes it.
add test for closeidle http1 connections
add test for http1.1 reconnect with inflight request
add test to reuse connection request
add test for request connect after timeout
add test for client-go request concurrency
Kubernetes-commit: b9d865a8185b62d83e9ff81b0e3499a26ac6960d
* De-share the Handler struct in core API
An upcoming PR adds a handler that only applies on one of these paths.
Having fields that don't work seems bad.
This never should have been shared. Lifecycle hooks are like a "write"
while probes are more like a "read". HTTPGet and TCPSocket don't really
make sense as lifecycle hooks (but I can't take that back). When we add
gRPC, it is EXPLICITLY a health check (defined by gRPC) not an arbitrary
RPC - so a probe makes sense but a hook does not.
In the future I can also see adding lifecycle hooks that don't make
sense as probes. E.g. 'sleep' is a common lifecycle request. The only
option is `exec`, which requires having a sleep binary in your image.
* Run update scripts
Kubernetes-commit: 11a25bfeb6fd6e8e5c42e316b17cea15a702041c
The new releases fix logging of KObj in JSON output: klog implements the new
logr.Marshaler interface and zapr uses it instead of Stringer when logging the
ObjectRef created by KObj.
Kubernetes-commit: 169e8b65a00b45ef8bbc7a14cd985df1c835953b
Add two new constructors for versioned and unversioned RESTClients.
These new constructors allow to pass an http.Client to the RESTClient,
taking precence over the transport Config parameters.
Add a new helper function to generate an http.Client from the RESTClient
Config object.
Co-authored-by: Jordan Liggitt <liggitt@google.com>
Kubernetes-commit: 80fbc817263de1c46e1493819aca35b1ef8e3d09
enhance client-go DebugURLTiming roundtripper using golang httptrace
to provide timing statistics for:
- dns lookup
- tcp dialing
- tls handshake
- time to get a connection from the pool
- time to process a request
Kubernetes-commit: 72c35be086fed5f70fd11dc96ca34298573bff05
This allows to check for specific errors using `errors.Is`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Kubernetes-commit: a5647fa417de6d17ba200f1b4bcd2bb28cceb22c
See https://github.com/grpc/grpc-go/issues/4758 for a real world example
of this leaking 2gb+ of data.
Basically, when we do `q.queue[1:]` we are just repositioning the slice.
The underlying array is still active, which contains the object formerly
known as `q.queue[0]`. Because its referencing this object, it will not
be GCed. The only thing that will trigger it to free is eventually when
we add enough to the queue that we allocate a whole new array.
Instead, we should explicitly clear out the old space when we remove it
from the queue. This ensures the object can be GCed, assuming the users'
application doesn't reference it anymore.
Kubernetes-commit: 2a34801168dc1c70ba25b1d4200b534bf515cbc2
to keep a count of the pods that have the ready condition.
Also:
- Add feature gate JobReadyPods.
- Add Ready to describe.
Change-Id: Ib934730a430a8e2a2f485671e345fe2330006939
Kubernetes-commit: 1bff5eb44d9897e12aff3ea10f5a856580158278
This behaviour was broken by commit
39cfe232325d66bcdbc935af7aaf7022562e7010 and PR kubernetes#98057
Kubernetes-commit: b79859cb12b19222fffc17481e1fe006819de63c
- Introduce PassiveRateLimiter which implements all methods of previous RateLimiter except Accept() and Wait()
- Change RateLimiter interface to extend PassiveRateLimiter by additionally implementing Accept() and Wait()
- Make client-go/tools/record use PassiveRateLimiter
Refactor EventSourceObjectSpamFilter, EventAggregator, EventCorrelator
- EventSourceObjectSpamFilter, EventAggregator, EventCorrelator use clock.PassiveClock now.
- This won't be a breaking change because even if a clock.Clock is passed, it still implements the clock.PassiveClock interface.
- Extend clock.PassiveClock through Clock.
- Replace pacakge local implementation of realClock with clock.RealClock
- In flowcontrol/throttle.go split tokenBucketRateLimiters to use Clock and clock.PassiveClock.
- Migrate client-go/tools/record tests from using IntervalClock to using SimpleIntervalClock (honest implementation of clock.PassiveClock)
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: ac5c55f0bd853fcf883d9b8e1f5ef728a2fb5309
metaclient explicitly specifies the Content-Type when executing Delete and DeleteCollection, and add test for that
Kubernetes-commit: 8976f6f6d9af22ad40df891565c19e4dfd67f591
This updates the k8s.io/util to pull in the fix for
https://github.com/kubernetes/kubernetes/issues/104452.
Commands run:
./hack/pin-dependency.sh k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
./hack/update-vendor.sh
Kubernetes-commit: c2532351525c2822daab61303eb4f94942a017e6
This partially reverts commit 39cfe232325d66bcdbc935af7aaf7022562e7010and PR #98057
the original problem was caused by not using {end} at the end of the range
Kubernetes-commit: 5c3de9f1de913d1251ce2183991a845edc01d123
This replaces the experimental logr v0.4 with the stable v1.1.0
release. This is a breaking API change for some users because:
- Comparing logr.Logger against nil is not possible anymore:
it's now a struct instead of an interface. Code which
allows a nil logger should switch to *logr.Logger as type.
- Logger implementations must be updated in lockstep.
Instead of updating the forked zapr code in json.go, directly using
the original go-logr/zapr is simpler and avoids duplication of effort.
The updated zapr supports logging of numeric verbosity. Error messages
don't have a verbosity (= always get logged), so "v" is not getting
added to them anymore.
Source code logging for panic messages got fixed so that it references
the code with the invalid log call, not the json.go implementation.
Finally, zapr includes additional information in its panic
messages ("zap field", "ignored key", "invalid key").
Kubernetes-commit: cb6a65377775110631bc865acc06c3f957592813
* Updates ImpersonationConfig in rest/config.go to include UID
attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
rest.ImpersonationConfig field rather than manually setting the
Impersonate-Uid header
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Kubernetes-commit: d9ddfb26e10ee353fc4617b66d2c9274bf6d1c08
* Add failing test case
* Update golang.org/x/time/rate
* Call update-internal-modules from update-vendor
Kubernetes-commit: 09dc055984e9532f29f37acae7aea7a979ded764
If the informers handlers are slow processing the objects, the deltaFIFO
blocks the queue and the streamWatchers can not add new elements to the
queue, creating contention and causing different problems, like high
memory usage.
The problem is not easy to identify from a user perspective, typically
you can use pprof to identify a high memory usage on the StreamWatchers
or some handler consuming most of the cpu time, but users should not
have to profile the golang binary in order to know that.
Metrics were disabled on the reflector because of memory leaks, also
monitoring the queue depth can't give a good signal, since it never goes high
However, we can trace slow handlers and inform users about the problem.
Kubernetes-commit: d38c2df2c4b945bcf1f81714fc6bfd01bbd0f538
These were missed because our tests did not pass in the correct test
data input (the command to execute).
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: a6ac42082b4d7c0057b52900736bd7fbc2c44241
This change updates the CSR API to add a new, optional field called
expirationSeconds. This field is a request to the signer for the
maximum duration the client wishes the cert to have. The signer is
free to ignore this request based on its own internal policy. The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration. The minimum allowed
value for this field is 600 seconds (ten minutes).
This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.
Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: cd91e59f7c351fce47c064a5162c2cb79075159c
As `%v` doesn't allow error unwrapping, checks like `errors.Is` are not
working properly.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Kubernetes-commit: 6c0463bd2b616d0f22f47905bb26d66fa3b04e37
With the introduction of GVK to the fake dynamic client it made using
the fake much more cumbersome.
Specifically:
- requires manual registration of list types
- mismatch between scheme types and passed in fixtures would result in errors
The PR changes the constructor method NewSimpleDynamicClient to do the following:
- rewire the schemes to unstructured types
- typed fixtures are converted to unstructured types
- automatically register fixture gvks with the scheme
This should make the dynamic client 'flexible' with it's inputs like it was
before
Kubernetes-commit: 418fa71b6b1d1fba930daaba1f8ecf55070b4bdf
This reverts commit 5a59a43957c6743995dac67fdda42bf8e0a9ca77, reversing
changes made to 81b9789eaa7bc067f417b5e74d5695dd6dd88a46.
Kubernetes-commit: 892d4fabb845e2461e3655aa414beb6ac322fc99
The value here is that the exec plugin author can use the kubeconfig to assert
how standard input is treated with respect to the exec plugin, e.g.,
- an exec plugin author can ensure that kubectl fails if it cannot provide
standard input to an exec plugin that needs it (Always)
- an exec plugin author can ensure that an client-go process will still call an
exec plugin that prefers standard input even if standard input is not
available (IfAvailable)
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: cd83d89ac94c5b61fdd38840098e7223e5af0d34
https://github.com/kubernetes/kubernetes/pull/87795 most likely
unintentionally increased the log level of "Starting reflector" and
"Stopping reflector", with the result that since Kubernetes 1.21
clients have printed that message by default. This is undesirable, we
should use the original level 3 again.
Kubernetes-commit: fd972934e4916879b04508686302659ce82cfa75
Modify the behavior of the AnyVolumeDataSource alpha feature gate to enable
a new field, DataSourceRef, rather than modifying the behavior of the
existing DataSource field. This allows addition Volume Populators in a way
that doesn't risk breaking backwards compatibility, although it will
result in eventually deprecating the DataSource field.
Kubernetes-commit: 00dba76918e8ce5b5cff6719bbd64c2cd38ad4e2
With the client-go credential plugin functionality going GA in 1.22,
it is now time to deprecate these legacy integrations.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 6bfaeaf91658835aeea267500299de1c4a35a248
If a user specifies basic auth, then apply the same short circuit logic
that we do for bearer tokens (see comment).
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 9dee2b95c27a9d61c2bade8fe67f120b5853c4d6
runc rc95 contains a fix for CVE-2021-30465.
runc rc94 provides fixes and improvements.
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kubernetes-commit: f3cdfc488e88714f2fe695e35ad0d3f8e45ddc25
This reverts commit b1b06fe0a4d80ac0fd67fae56f29a3710934a256, reversing
changes made to 382a33986b043f78a42d3d865d0ca383687bf171.
Kubernetes-commit: 4b45d0d921051627c43d5fc014e383a6cb872ade
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kubernetes-commit: b49744f177087173d43d7771588d83b9df5a3c0b
* NewSelfSignedCACert makes Go 1.15+ compatible cert
As of Go 1.15, X.509 certificates without a SAN no longer
fall back to the CommonName of the certificate.
https://golang.org/doc/go1.15#commonname
Updating NewSelfSignedCACert to produce certificates that
work with this change.
* add missing license
Kubernetes-commit: a41a3ed4ae77a7902577bdb50b35fc5f42ed7c60
The message argument is mistakenly used as the format specifier, if it
contains the special '%' characters. This causes many '[%d|%s](MISSING)'
errors in the API server logs.
Signed-off-by: Ivan Sim <isim@redhat.com>
Kubernetes-commit: b1d0d401875b2076e73183f8468ecb95c3fe61aa
Kubelet cert rotation involves two certificate manager instances
(one for client and one for server certs) and the log lines are
identical and confusing. Since certificate manager is a utility
library it is also inappropriate to simply assume klog output is
sufficient.
certificate.Manager now accepts a Name and Logf function on its
config struct to identify the purpose of the manager and to
provide a way to redirect where output should go. If Name is
absent, the name is defaulted from the SignerName, and if that
is not found then the name is set to "client auth" if that is
a provided key usage, or "certificate" otherwise. If Logf is
not provided it defaults to klog.V(2). as today. The name is printed
in "foo: bar" form on every line, but can be converted to structured
logging in the future. The log level is not customizable and it
is up to the caller to decide whether that is an issue.
Some log messages are slightly cleaned up to more clearly indicate
their intent. One log message is removed in a utility function that
was already at v(4) and less likely to be needed.
The default behavior of the certificate manager is as before and
the kubelet now identifies the server and client signerName as
separate entities:
I0414 19:07:33.590419 1539 certificate_manager.go:263] kubernetes.io/kube-apiserver-client-kubelet: Rotating certificates
E0414 19:07:33.594154 1539 certificate_manager.go:464] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post "https://...
Kubernetes-commit: 64c669bd0ac8fda39ba97f48ef887ac1f77fb014
This changes the `/ephemeralcontainers` subresource of `/pods` to use
the `Pod` kind rather than `EphemeralContainers`.
When designing this API initially it seemed preferable to create a new
kind containing only the pod's ephemeral containers, similar to how
binding and scaling work.
It later became clear that this made admission control more difficult
because the controller wouldn't be presented with the entire Pod, so we
updated this to operate on the entire Pod, similar to how `/status`
works.
Kubernetes-commit: d22dc5cb72a627341f4004b5d58d275f3d8773b3
* Fix staticcheck failures for vendor/k8s.io/client-go/transport
* avoid the possibility of a hang
Kubernetes-commit: 02d20442a5a5f5e1d3f1ef8e6fb14945462bc36c
Whether `providerless` is present or not, the OIDC plugin
should be available.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: b1e9fc4935e60092b4823bd67e82c4d2bfb1a7fc
This implements a stream cleanup when using portforwardings. Before
applying this patch, the streams []httpstream.Stream within
`spdy/connection.go` would fill-up for each streaming request. This
could result in heavy memory usage. Now we use the stream identifier to
keep track of them and finally remove them again once they're no longer
needed.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: 6459ed6717d1851f9ca28e3f245672a6a62aa0bf
This is the result of "make update" minus the testdata update which
will be committed separately.
Kubernetes-commit: 52b758c9b634fa56ab923c31dbf9e312b1a0c171
For tracking Job Pods that have finished but are not yet counted as failed or succeeded
And feature gate JobTrackingWithFinalizers
Change-Id: I3e080f3ec090922640384b692e88eaf9a544d3b5
Kubernetes-commit: bb56a0bd04891ae0a4aebeaeb4d145b32d9ad2d9
Fix range loop when using jsonpath
Without patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
is Running
With patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
Kubernetes-commit: 39cfe232325d66bcdbc935af7aaf7022562e7010
Ensure that all label selectors are treated as atomic values,
to exclude situations when selectors are being corrupted by
different actors attempting to apply their overlapping definition
for this field with server-side-apply.
Kubernetes-commit: d8a7764b6396b90313ae7bd50a845f4da4705d67
1. Add API definitions;
2. Add feature gate and drops the field when feature gate is not on;
3. Set default values for the field;
4. Add API Validation
5. add kube-proxy iptables and ipvs implementations
6. add tests
Kubernetes-commit: 7ed2f1d94d694c6c4fdb4629638c38b1cbda7288
* Removes discovery v1alpha1 API
* Replaces per Endpoint Topology with a read only DeprecatedTopology
in GA API
* Adds per Endpoint Zone field in GA API
Kubernetes-commit: a9891b4b9b909b76533a50812c21575cd96c43b1
We are not sure why this was stdout, since stdin is what the user uses to pass
information to the exec plugin.
There is a question of backwards compatibility here. Our take is that this is a
bug, and so we are ameliorating behavior instead of breaking behavior. There are
2 main cases to consider with respect to backwards compatibility:
1. an existing exec plugin depended on stdin being hooked up to them if stdout
was a terminal (e.g., echo foo | client-go-command-line-tool); we believe
this is an anti-pattern, since the client-go-command-line-tool could be using
stdin elsewhere (e.g., echo foo | kubectl apply -f -)
2. an existing exec plugin depended on stdin not being hooked up to them if
stdout was not a terminal (e.g., client-go-command-line-tool >/dev/null);
hopefully there are very few plugins that have tried to base logic off of
whether stdin returned EOF immediately, since this could also happen when
something else is wrong with stdin
We hope to apply a stronger fix to this exec plugin user interaction stuff in a
future release.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: aea995c45ff057406b586144e28bd9575162b8df
Errors from staticcheck:
cmd/preferredimports/preferredimports.go:38:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go:36:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/tools/clientcmd/auth_loaders.go:26:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
Please review the above warnings. You can test via:
hack/verify-staticcheck.sh <failing package>
If the above warnings do not make sense, you can exempt the line or
file. See:
https://staticcheck.io/docs/#ignoring-problems
generated:
- hack/update-internal-modules.sh
- hack/lint-dependencies.sh
- hack/update-vendor.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Kubernetes-commit: d9435800b65d6787beaf061546599d757b8e87c9
docker/spdystream has been moved to moby/spdystream.
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
Kubernetes-commit: c5c938a056abdf9961962554013632d6cfd3bbd4
The new releases of klog (via klogr) and logr expose support for call
traces via a new WithCallDepth API in logr.
The new klogr can be configured to pass structured log entries into
klog instead of turning them into a single text message.
Kubernetes-commit: 562a39a2e1e26854c06ac2b317f6f8a4ebb23ac1
`debuggingRoundTripper` is a useful throbleshooting tool to debug of Kubernetes API requests and their timing.
Unfortunately, as of today, it can only be used via the `DebugWrappers` function, which automatically adjust the amount of debug information exposed by the roundTripper based on the configured `klog` verbosity.
While `DebugWrappers` definitely fits the purpose for clients using `klog`, this is currently hard to be used for controllers using `controller-runtime`, which uses `github.com/go-logr/logr` for logging.
In this PR we change the visibility of `newDebuggingRoundTripper` and `debugLevel` in order to be directly accessible from users of the `k8s.io/client-go/transport` package.
In particular, the changes proposed in this PR allow users of `controller-runtime` to use the `debuggingRoundTripper` to intercept Kubernetes API requests as follows
```go
import (
ctrl "sigs.k8s.io/controller-runtime"
)
func init() {
ctrl.SetLogger(zap.New())
}
func main() {
// wrap the http transport used by the Kubernetes client
restConfig, err := ctrl.GetConfig()
checkError(setupLog, err, "unable to get kubernetes client config")
restConfig.Wrap(func(rt http.RoundTripper) http.RoundTripper {
return transport.NewDebuggingRoundTripper(rt, transport.DebugJustURL)
})
...
}
```
Kubernetes-commit: 8de53ce96cb58d56fd00e91d8bcf7761ab498b83
Fixed a bug where initialPopulationCount should be based on the key length not list size in DeltaFIFO#Replace()
Kubernetes-commit: 7d8587c4cc3529dc9065c1536071ea382e6c725c
Note that the fake client isn't designed to work with informer. It
doesn't support resource version. It's encouraged to use a real client
in an integration/E2E test if you need to test complex behavior with
informer/controllers.
Kubernetes-commit: 942bc9b32e39bb9c6ca045c02b48cc84dfa86633
This changes the event recorder to use the equivalent of a select
statement instead of a goroutine to record events.
Previously, we used a goroutine to make event recording non-blocking.
Unfortunately, this writes to a channel, and during shutdown we then
race to write to a closed channel, panicing (caught by the error
handler, but still) and making the race detector unhappy.
Instead, we now use the select statement to make event emitting
non-blocking, and if we'd block, we just drop the event. We already
drop events if a particular sink is overloaded, so this just moves the
incoming event queue to match that behavior (and makes the incoming
event queue much longer).
This means that, if the user uses `Eventf` and friends correctly (i.e.
ensure they've returned by the time we call `Shutdown`), it's
now safe to call Shutdown. This matches the conventional go guidance on
channels: the writer should call close.
Kubernetes-commit: e90e67bd002e70a525d3ee9045b213a5d826074d
github.com/hashicorp/golang-lru is MPL 2 licensed, which means that
anyone who distributes code or binaries that incorporates it needs to
include its source code, even if they haven't made any modifications.
Since lrucacheexpire is picked up as a dependency of using the shared
informers in client-go, that's potentially a lot of distributors.
Most other deps of client-go are Apache 2.0, MIT, or BSD-like
licensed, which only requires including the license.
Rather than reverting to groupcache/lru, I just reimplemented the
functionality we need, which isn't much.
Kubernetes-commit: ecc53182475a00a4a1dc8ca1e056b0deb6bd430c
Adds unit tests covering the problematic scenarios identified
around conflicting data in child owner references
Before After
package level 51% 68%
garbagecollector.go 60% 75%
graph_builder.go 50% 81%
graph.go 50% 68%
Added/improved coverage of key functions that had lacking unit test coverage:
* attemptToDeleteWorker
* attemptToDeleteItem
* processGraphChanges (added coverage of all added code)
Kubernetes-commit: e491c3bc7056530d82590d95f0af0e8c4d8dded5
This dependency bump will allow for cleanup of duplicate code in
the dualstack e2e tests.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 5303b3fbbd52f5092bdcbd3765347eb218485ca5
Hopefully we've fixed all of these references now...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 409f22832a9f949e7fa534379574ce4fb9802394
Exec plugin implementations should be able to call
LoadExecCredentialFromEnv() in order to get everything they need to
operate (i.e., cluster information (as long as it is passed in) and
optionally per-cluster configuration).
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 875a46bd7c1b79f1fae9cd189eec5fc9c3fbf1bc
- The main idea here is that we want to 1) prevent potentially large CA
bundles from being set in an exec plugin's environment and 2) ensure
that the exec plugin is getting everything it needs in order to talk to
a cluster.
- Avoid breaking existing manual declarations of rest.Config instances by
moving exec Cluster to kubeconfig internal type.
- Use client.authentication.k8s.io/exec to qualify exec cluster extension.
- Deep copy the exec Cluster.Config when we copy a rest.Config.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: c4299d15d5289768808034676858e76a177eeae5
Address scenario where releasing a resource lock fails if a prior update fails or gets cancelled
Kubernetes-commit: 8bc8b11bcf5d970d678e28679c1699e2383610b8
Today the dynamic fake client is not aware of *List kinds, so List calls return UnstructuredList
objects without TypeMeta. This patch updates client-go's fake object tracker to store a map of
GVR to list GVKs. In this way, the list GVK can be set for UnstructuredList objects.
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Kubernetes-commit: 0845b863e89912e0d6c4380f8bc362646326386a
Prior having a mock recorder would cause panics since the lock
would be set to nil on update failures. Now the recorder will
use the cached lock
Kubernetes-commit: 5e7ed7b86d26b651f1ef78a794cdc03fa945a3ce
This allows the lock to be release normally - even with a
potentially stale lock. This flow should only occur when we're
the lease holders.
Kubernetes-commit: 8160ecfd90284c333101a16bdccd79aacc86360d
TransformingInfomer is like a regular Informer, but allows for applying
custom transform functions on the objects received via list/watch API calls.
Kubernetes-commit: efd3490076c391823095b4c8bd6e847ae18eb012
Problem:
When calling newQueue metrics can be of type noMetrics when just calling
New. When doing this a new goroutine is created to update the metrics
but in this case there are no metrics so it's just creating goroutines
that don't do anything but consume resources.
Solution:
If the incoming metrics is of type noMetrics, don't start the goroutine
Kubernetes-commit: de021396f81ff438899297a6f464c70113b58475
ThirdPartyResource has been superseded by CustomResourceDefinition
Signed-off-by: Zhou Peng <p@ctriple.cn>
Kubernetes-commit: b608a203c62f693bb1ee1c91de5969a75129db30
Currently there is no way to specify WatchListPageSize used by Controller. This PR adds a field that can be used to specify this.
Change-Id: I241454a45dd94d3ea65a91b297f530e217f843aa
Kubernetes-commit: 43f5afe1a1dd058a2564cd3b2f330fc2a401f607
Currently when ListAndWatch() receives a connection refused error, it is
assumed to be due to the apiserver being transiently unresponsive. In
situations where a controller is running outside the k8s cluster it's
controlling, it is more common for the controller to lose connection
permanently to the apiserver and needs to exponentially backoff its
retry rather than continously spamming logs with Watch attempts that
will never succeed.
Kubernetes-commit: 1ff789f2bb9bf7fbb3df35977bc249c0dd019d31
Chore: Correct words and format codes
Revert three changes
Revert 1 change
Revert again
Revert 2 changes
Kubernetes-commit: af7cf4abc6bfeb0d2cfaca76097cf7a0603c4495
The extra space was introduced in 5b854e7b17 (say which lease is being
acquired, 2018-01-16, #58341).
Kubernetes-commit: e5347d48f9e67776984fbe284f03aefc425a951d
This reverts commit 32438cf26938091bea56e7ca7c3fcf4215652f9c, reversing
changes made to bb6a6aa3915cc9f7efaaf2291f6adac8333fd33c.
Kubernetes-commit: c00dae060731f6286ee3743db24782f09c33945a
Fixes the argument order used when calling testing.NewUpdateSubresourceAction
within the fake scale client. This was causing the generated action to swap the values
of the Namespace and Subresource in the Action.
Kubernetes-commit: 34a446d812c423da7a306963f250f4002dac9be8
When dedupDeltas does the impossible and the key is already queued,
return an error rather than maintain the data structure invariants.
Kubernetes-commit: a39481a4f6cf33f9bf4555adcffa28077863e7a9
Currently, the proxy subresource is not supported for pods in client-go.
Today, invoking this requires using the REST client directly.
To make using the proxy resource easier, this commit adds a ProxyGet
method for pods in pod_expansion.go similar to the ProxyGet method
for services in service_expansion.go.
Ref: d8febccacf/staging/src/k8s.io/client-go/kubernetes/typed/core/v1/service_expansion.go
Kubernetes-commit: 72ab11193a419f0e0e66e86c4e6be9991c3682f2
Hello gophers,
Version v0.3.3 of golang.org/x/text fixes a vulnerability in the golang.org/x/text/encoding/unicode package which could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.
An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
transform.String has also been hardened not to enter an infinite loop if a Transformer keeps returning ErrShortSrc even if atEOF is true.
This issue was first filed as Issue 39491 by GitHub user abacabadabacaba and reported to the security team by Anton Gyllenberg. It is tracked as CVE-2020-14040.
Cheers,
Katie for the Go team
Kubernetes-commit: 3cef97e8b5f67b4a350ee7a51e68604732e46f58
If configuration object is used concurrently
it is not safe to mutate self.
There is no need for mutation so avoid it
just in case.
Kubernetes-commit: 9e360eb05efafd0fcabd5a065b62cb8226da94c2
Some comments and code incorrectly contemplated violating the
invariant that a keys is in `f.items` if and only if it is in
`f.queue`.
Also fixed up some comment wording.
Kubernetes-commit: 5efd727d112206ef9a8ede93c5878b0d40707ae9
If a bearer token is present in a request, the exec credential plugin should accept that as the chosen method of authentication. Judging by an [earlier comment in exec.go](c18bc7e9f7/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go (L217)), this was already intended. This would however not work since UpdateTransportConfig would set the GetCert callback which would then get called by the transport, triggering the exec plugin action even with a token present in the request. See linked issue for further details.
See #87369 for further details.
Signed-off-by: Anders Eknert <anders.eknert@bisnode.com>
Kubernetes-commit: b423216a3b781009fb4ec4d5974eeb3f882f9d2d
This commit adds the ability for users to specify an install hint for
their exec credential provider binary.
In the exec credential provider workflow, if the exec credential binary
does not exist, then the user will see some sort of ugly
exec: exec: "does-not-exist": executable file not found in $PATH
error message. If some user downloads a kubeconfig from somewhere, they
may not know that kubectl is trying to use a binary to obtain
credentials to auth to the API, and scratch their head when they see
this error message. Furthermore, even if a user does know that their
kubeconfig is trying to run a binary, they might not know how to obtain
the binary. This install hint seeks to ease the above 2 user pains.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 94e2065df2eef3b198942efb156ef6e27abcc6f9
ingress: use new serviceBackend split
ingress: remove all v1beta1 restrictions on creation
This change removes creation and update restrictions enforced by
k8s 1.18 for not allowing resource backends.
Paths are no longer
required to be valid regex and a PathType is now user-specified
and no longer defaulted.
Also remove all TODOs in staging/net/v1 types
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 2b091f60ca09d3d03923a26b7cd02fb3dc6c47e2
In some environments, where url base is "/", it can cause all paths to
be presented in metrics with "{prefix}" as `groupIndex` is with the wrong
index. To fix the behavior in such environments, it was added a
conditional branch to check if the URL base is "/" and, thus, print the
metrics with the correct path, for example "api/v1/nodes/{name}" instead
of "{prefix}".
Fixes: 99248b8fe1fe ("Rewrite finalURLTemplate used only for metrics because of dynamic client change")
Signed-off-by: André Martins <aanm90@gmail.com>
Kubernetes-commit: c039b02fa7281fc061455e23b6530ed8b4d19645
pin dependency github.com/beorn7/perks from v1.0.0 to v1.0.1
pin dependency github.com/golang/protobuf from v1.3.3 to v1.4.2
pin denpendency github.com/json-iterator/go from v1.1.8 to v1.1.9
pin dependency github.com/prometheus/common from v0.4.1 to v0.9.1
pin dependency github.com/prometheus/procfs from v0.0.5 to v0.0.11
pin dependency github.com/alecthomas/template from v0.0.0-20160405071501-a0175ee3bccc to v0.0.0-20190718012654-fb15b899a751
pin dependency github.com/alecthomas/units from v0.0.0-20151022065526-2efee857e7cf to v0.0.0-20190717042225-c3de453c63f4
pin dependency github.com/go-kit/kit from v0.8.0 to v0.9.0
pin dependency github.com/go-logfmt/logfmt from v0.3.0 to v0.4.0
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 283d9f7483d9a5b30746921a68e7a5e586c2c80e
The bazel test failures are caused by (oauth2: turn Transport.CancelRequest into a no-op)[858c2ad4c8]:
0f29369cfe...858c2ad4c8
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: eea0fea657e5955dedcb6e39bad4dca57d70553c
Fixes: kubernetes#90581 (the first part)
When `Close()` is invoked on an empty queue, the control loop inside `Pop()` has a small chance of missing the signal and blocks indefinitely due to a race condition. This PR eliminates the race and allows the control loop inside any blocking `Pop()` to successfully exit after Close() is called.
Kubernetes-commit: d8b90955519d10b99415515f8314dd6d35caae8d
kubectl: add --output jsonpath-as-json to print a json array of results
kubeadm: fix test case using jsonpath result of non-primitive type
Kubernetes-commit: ba386aba4fe02906089ca3e96ee07925bced5d4d
The fake clientset used a slice to store each kind of objects, it's
quite slow to init the clientset with massive objects because it checked
existence of an object by traversing all objects before adding it, which
leads to O(n^2) time complexity. Also, the Create, Update, Get, Delete
methods needs to traverse all objects, which affects the time statistic
of code that calls them.
This patch changed to use a map to store each kind of objects, reduced
the time complexity of initializing clientset to O(n) and the Create,
Update, Get, Delete to O(1).
For example:
Before this patch, it took ~29s to init a clientset with 30000 Pods,
and 2~4ms to create and get an Pod.
After this patch, it took ~50ms to init a clientset with 30000 Pods,
and tens of µs to create and get an Pod.
Kubernetes-commit: 7e15e31e11e48a6db855e30ca9b07dbce3047577
This fixes bug with xfs mount failing because of xfs_repair
being called. Fixes https://github.com/kubernetes/utils/issues/141
Kubernetes-commit: a1ae67d691d514d859fce68299d7bd3830686b38
Fix a bug in k8s.io/utils/net.GetIndexedIP() that wasn't working
with IPv6 addresses with leading zeros.
Kubernetes-commit: dc025534afb0c3106b3aab166f88b971102135d1
The openstack auth plugin was deprecated in v1.11 in favor of the
"client-keystone-auth" credential plugin. This change removes the
plugin in v1.19 (eight releases seems more than sufficient notice).
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 0beb8ea0fef3556474b3a713a2203d4edbbb4fc2
Introduce a verbosity level for the start and stop notifications,
so that regular calls to commands such as:
"kubectl auth ..."
would only contain the "yes" / "no" output.
Kubernetes-commit: b2677b1e572ae1cd8b823683e88005b7857d8938
Removed the incorrect promise of coherency in the answer to a query to
an informer's local cache. Removed the definition of "collection
state", because it was only used in the now-removed promise. Added a
remark about ordering of states that appear in an informer's local
cache.
Brushed up the commentary on resync period. Changed the relevant
parameter of NewSharedInformer to have the same name as the
corresponding parameter to NewSharedIndexInformer.
Kubernetes-commit: b8e2ad5926c3a6872422ad25cf9867e10e052a7d
When creating an informer, this adds a way to add custom error handling, so that
Kubernetes tooling can properly surface the errors to the end user.
Fixes https://github.com/kubernetes/client-go/issues/155
Kubernetes-commit: 435b40aa1e5c0ae44e0aeb9aa6dbde79838b3390
per https://github.com/googleapis/gnostic/releases/tag/v0.1.0, the
v0.1.0 was made specifically for use by k8s, but we still seem to be
using a random SHA. Let's try to switch to a tagged version.
Kubernetes-commit: 420d5d10c4baad0aced31de382801fd999f2c94b
The `recorder.PastEventf` method wasn't actually working as advertised.
It was supposed to accept a timestamp, which would be used when
generating the event. However, as the
[source code](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/tools/record/event.go#L316)
shows, this `timestamp` was never actually used.
In other words, `PastEventf` is identical to `Eventf`.
We have two options: one would be to fix `PastEventf` so that it works
as advertised. The other would be to delete `PastEventf` and only
support `Eventf`.
Ultimately, I could only find one use of `PastEventf` in the code base,
so I propose we just delete `PastEventf` and convert all uses to
`Eventf`.
Kubernetes-commit: 92940fa80d67593c7a2333267da4424c8b45ac88
In other parts of the system (notably in RBAC rules), the "resource/subresource" notation is common to specify an explicit subresource. This makes this notation available to tests that use the `Matches` function on client actions as well.
Backwards compatibility is kept by ignoring the `Subresource` field if no specific subresource is defined in the resource string itself.
Kubernetes-commit: 47277f281eb0e7d484555e4d210b0ddb42974793
* Move all usage of r.ctx to the beginning of Do, DoRaw, Stream, Watch
* Move tryThrottle from Do and DoRaw into request()
* Make request() and tryThrottle take a context
* In request(), remove the timeout context setting out of the loop
These changes should be entirely behavior preserving.
Kubernetes-commit: d95ed2c8470158256466fb24728e63ac3afe0899
* Move all usage of r.ctx to the beginning of Do, DoRaw, Stream, Watch
* Move tryThrottle from Do and DoRaw into request()
* Make request() and tryThrottle take a context
* In request(), remove the timeout context setting out of the loop
These changes should be entirely behavior preserving.
Kubernetes-commit: ed48ed0122c7289f458a6bc3ac616319d5c17e91
This reverts commit d1480ab49d603d0a95e509b627252ee7af8559ae.
Revert this commit due to incomplete migration path
Kubernetes-commit: 71b2a4cdcc18694387961d119c6ab71772579918
Also updated the comment inside processorListener::run, to restore
accuracy about how long the delay is.
Kubernetes-commit: d2ad469abbb1122cbbd772e15767817cd771f9f6
Background:
Before this change, DeltaFIFO emits the Sync DeltaType on Resync() and
Replace(). Seperately, the SharedInformer will only pass that event
on to handlers that have a ResyncInterval and are due for Resync. This
can cause updates to be lost if an object changes as part of the Replace(),
as it may be incorrectly discarded if the handler does not want a Resync.
What this change does:
Creates a new DeltaType, Replaced, which is emitted by DeltaFIFO on
Replace(). For backwards compatability concerns, the old behavior of
always emitting Sync is preserved unless explicity overridden.
As a result, if an object changes (or is added) on Replace(), now all
SharedInformer handlers will get a correct Add() or Update()
notification.
One additional side-effect is that handlers which do not ever want
Resyncs will now see them for all objects that have not changed during
the Replace.
Kubernetes-commit: ca1eeb99b530a6d76b464dad545abc18d4508c49
This adds ResetWatch() to the FakeControllerSource, which lets the
controller simulate a re-list-and-watch.
Kubernetes-commit: 5aacacbdf000cee2d0ec548ee4afe564f35c60bf
This change includes the cluster address in the cache key so that
using the same issuer and client ID with different tokens across
multiple clusters does not result in the wrong token being used for
authentication.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 96fe76a9ed4fde16f449995cc698dca3719ed546
* Clarify client-go issue location
While pull requests should be in kubernetes/kubernetes, it seems issues are
tracked in client-go repo.
* All Issues along with PRs (except README.md) should be opened in kubernetes/kubernetes
Kubernetes-commit: bc53b97ceb25338570a853845c4cdd295468ed61
This patch removes pkg/util/mount completely, and replaces it with the
mount package now located at k8s.io/utils/mount. The code found at
k8s.io/utils/mount was moved there from pkg/util/mount, so the code is
identical, just no longer in-tree to k/k.
Kubernetes-commit: 0c5c3d8bb97d18a2a25977e92b3f7a49074c2ecb
- Delete backing string set from a threadSafeMap index when the string set length reaches 0.
Kubernetes-commit: 41be6d65d88728f443966da83b62d545684576ab
This commit performs two refactors and fixes a bug.
Refactor 1 changes the signature of Request to take a RESTClient, which
removes the extra copy of everything on RESTClient from Request. A pair
of optional constructors are added for testing. The major functional
change is that Request no longer has the shim HTTPClient interface and
so some test cases change slightly because we are now going through
http.Client code paths instead of direct to our test stubs.
Refactor 2 changes the signature of RESTClient to take a
ClientContentConfig instead of ContentConfig - the primary difference
being that ClientContentConfig uses ClientNegotiator instead of
NegotiatedSerializer and the old Serializers type. We also collapse
some redundancies (like the rate limiter can be created outside the
constructor).
The bug fix is to negotiate the streaming content type on a Watch()
like we do for requests. We stop caching the decoder and simply
resolve it on the request. We also clean up the dynamic client
and remove the extra WatchSpecificVersions() method by providing
a properly wrapped dynamic client.
Kubernetes-commit: 3b780c64b89606f4e6b21f48fb9c305d5998b9e5
- Added thread_safe_store_test exercising new index backing string set delete at 0 functionality.
- TestThreadSafeStoreDeleteRemovesEmptySetsFromIndex logic nesting inverted.
- Added test case for usage of an index where post element delete there is non-zero count of elements and expect the set to still exist.
- Fixed date.
- Fixed awprice nits.
- Fix bazel.
Kubernetes-commit: 29a051388a719e0359969b8431de8e38e955e2a6
By correctly handling content type negotiation, we can avoid the
need for a special version of watch and use the same code path as
typed clients.
Kubernetes-commit: 3f94f80b0a79293e54d7080aaf7a64d7df8b1d4a
Make it clear that periodic resyncs fire update notifications, not
create notifications as the old comments incorrectly stated.
Kubernetes-commit: 3ae8c864de24a2ad42321c9cbd71099a2b6dcef3
Updated the --image-pull-policy=Never option with default
'IfNotPresent'. 'Never' causes the pod to be in
state: ErrImageNeverPull
Kubernetes-commit: 7400cf937b9fcc31dc29caa8d90800940602b934
Close outbound connections when using a cert callback and certificates rotate. This means that we won't get into a situation where we have open TLS connections using expires certs, which would get unauthorized errors at the apiserver
Attempt to retrieve a new certificate if open connections near expiry, to prevent the case where the cert expires but we haven't yet opened a new TLS connection and so GetClientCertificate hasn't been called.
Move certificate rotation logic to a separate function
Rely on generic transport approach to handle closing TLS client connections in exec plugin; no need to use a custom dialer as this is now the default behaviour of the transport when faced with a cert callback. As a result of handling this case, it is now safe to apply the transport approach even in cases where there is a custom Dialer (this will not affect kubelet connrotation behaviour, because that uses a custom transport, not just a dialer).
Check expiry of the full TLS certificate chain that will be presented, not only the leaf. Only do this check when the certificate actually rotates. Start the certificate as a zero value, not nil, so that we don't see a rotation when there is in fact no client certificate
Drain the timer when we first initialize it, to prevent immediate rotation. Additionally, calling Stop() on the timer isn't necessary.
Don't close connections on the first 'rotation'
Remove RotateCertFromDisk and RotateClientCertFromDisk flags.
Instead simply default to rotating certificates from disk whenever files are exclusively provided.
Add integration test for client certificate rotation
Simplify logic; rotate every 5 mins
Instead of trying to be clever and checking for rotation just before an
expiry, let's match the logic of the new apiserver cert rotation logic
as much as possible. We write a controller that checks for rotation
every 5 mins. We also check on every new connection.
Respond to review
Fix kubelet certificate rotation logic
The kubelet rotation logic seems to be broken because it expects its
cert files to end up as cert data whereas in fact they end up as a
callback. We should just call the tlsConfig GetCertificate callback
as this obtains a current cert even in cases where a static cert is
provided, and check that for validity.
Later on we can refactor all of the kubelet logic so that all it does is
write files to disk, and the cert rotation work does the rest.
Only read certificates once a second at most
Respond to review
1) Don't blat the cert file names
2) Make it more obvious where we have a neverstop
3) Naming
4) Verbosity
Avoid cache busting
Use filenames as cache keys when rotation is enabled, and add the
rotation later in the creation of the transport.
Caller should start the rotating dialer
Add continuous request rotation test
Rebase: use context in List/Watch
Swap goroutine around
Retry GETs on net.IsProbableEOF
Refactor certRotatingDialer
For simplicity, don't affect cert callbacks
To reduce change surface, lets not try to handle the case of a changing
GetCert callback in this PR. Reverting this commit should be sufficient
to handle that case in a later PR.
This PR will focus only on rotating certificate and key files.
Therefore, we don't need to modify the exec auth plugin.
Fix copyright year
Kubernetes-commit: 929b1559a0b855d996257ab3ad5364605edc253d
With support of http, https, and socks5 proxy support. We already
support configuring this via environmnet variables, but this approach
becomes inconvenient dealing with multiple clusters on different
networks, that require different proxies to connect to. Most solutions
require wrapping clients (like kubectl) in bash scripts.
Part of: https://github.com/kubernetes/client-go/issues/351
Kubernetes-commit: f3f666d5f1f6f74a8c948a5c64af993696178244
Fix DeltaFIFO bug that caused the sync delta created by a relist
for object ID X to be dropped if the DeltaFIFO already stored a
Delete delta for X. This caused SharedIndexInformer to miss create
notifications. Also, add unit test to expose the bug.
Kubernetes-commit: 9e4be54895e8c0655408b4766cd78de17b6d5b7c
It was previously possible to instantiate `Reflector` with
`*unstructured.Unstructured` as the expected type but this did not
support checking that event objects were of the correct API
type (e.g. if event object was `v1.Pod` in `Unstructured` form but
`v1.Service` was expected). This commit adds support for providing a
GVK via an `Unstructured` expected type to compare with the GVK of
event objects. The GVK will also be used in reflector log output.
Kubernetes-commit: 237dbfd8ad322dfcad4bd4d5345368480c22d82f
It is inconsistent and confusing to report pod count from all
namespaces but report message for only default namespace.
Added the namespace (default) reporting to clarify this.
Updated comments for usage clarity.
Kubernetes-commit: 31e427b54c500f2e532ebeb1990eb7580bf86729
`Get` method within the fake clientset returns an object that would not be normally returned when using the real clientset. Reproducer:
```go
package main
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
)
func main () {
cm := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "cm"},
}
client := fake.NewSimpleClientset(cm)
obj, err := client.CoreV1().ConfigMaps("").Get("", metav1.GetOptions{})
if err != nil {
panic(err)
}
fmt.Printf("obj: %#v\n", obj)
}
```
stored under `test.go` of `github.com/kubernetes/kubernetes` (master HEAD) root directory and ran:
```sh
$ go run test.go
obj: &v1.ConfigMap{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"cm", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Data:map[string]string(nil), BinaryData:map[string][]uint8(nil)}
```
As you can see fake clientset with a "test" configmap is created. When getting the object through the clientset back, I intentionally set the object name to an empty string. I would expect to get an error saying config map "" was not found. However, I get "test" configmap instead.
Reason for that is inside implementation of `filterByNamespaceAndName` private function:
```go
func filterByNamespaceAndName(objs []runtime.Object, ns, name string) ([]runtime.Object, error) {
var res []runtime.Object
for _, obj := range objs {
acc, err := meta.Accessor(obj)
if err != nil {
return nil, err
}
if ns != "" && acc.GetNamespace() != ns {
continue
}
if name != "" && acc.GetName() != name {
continue
}
res = append(res, obj)
}
return res, nil
}
```
When `name` is empty, `name != "" && acc.GetName() != name` condition is false and thus `obj` is consider as a fit.
[1] https://github.com/kubernetes/client-go/blob/master/testing/fixture.go#L481-L493
Kubernetes-commit: d32c76fc03381784516c47cb1bf62ef932189afa
Migrated code that checks for common programmer errors to a separated
function and added test coverage for it. Wrong comment stating that a
typed error is returned was also removed.
Kubernetes-commit: ad5fafd6ade2838098890a4e7727c8e347686867
If a cache was already synced, cache.WaitForCacheSync would
always take 100ms to complete because the PollUntil method will
sleep first before checking the condition. Switching to
PollImmediateUntil will ensure already synced caches will return
immediately. For code that has, for example, 20 informers, the time
to check the cache was in sync would take at least 2 seconds, but with
this change it can be as fast as you can actually load the data.
Signed-off-by: Darren Shepherd <darren@rancher.com>
Kubernetes-commit: 8a58f332dd62b68ae22c67585002defe6aeb4b04
Ginkgo 1.10.0 includes the relevant fix for dumping the full stack
(https://github.com/onsi/ginkgo/pull/590), so when using that release
we can simplify the logging unit test.
By changing the skipping, we can avoid the rather volatile util.go
entries. However, that gomega is part of the stack trace still needs
to be fixed in Gingko.
Kubernetes-commit: 02ce619078b1a75e9fa258e101f81af899719e8e
47ffc4e Add test case for detecting data race
959d342 Prevent data race in SetOutput* methods
34123a4 Test with golang 1.12.x
bf4884f Fix the log duplication issue for --log-file
dc5546c Backfill integration tests for selecting log destinations
baef93d fix broken links
07b218b Add go modules files
b33ae69 Add flag to include file's dir in logs
7c58910 correct documentation
a4033db Code Hygene - glog to klog
941d47b Revert "Fix the log duplication issue for --log-file."
314f6c4 Update godoc for the default value of logtostderr
7eb35e2 Fix the log duplication issue for --log-file.
Kubernetes-commit: 9a2de95601641aa1077734c76fc24ebe7b6026db
Golang automatically enables transport level gzip, but local network
clients may wish to disable it for better CPU usage and lower latency
(scheduler, controller-manager). Allow DisableCompression on rest.Config
to modify the underlying transport. This impacts the transport cache,
but it is expected that most clients connecting to the same servers
within a process will have the same compression config.
Kubernetes-commit: dee6de70d0e4ad381bd5de01b6d1fbd4fde004bc
If user specifies a nil callback, then error out
rather than crashing at runtime due to a nil reference.
Kubernetes-commit: 9dbbc652efee21bd421db1b1f52235ed20ffb7eb
Added definition of "collection states" and noted that informer cache
queries are answered against these.
Also added an explicit note that the concept of object identity used
in the contract here does _not_ include ObjectMeta.UID.
Also updated the description of the notifications received by a
client, to account for the fact that a client can be added after the
informer starts running.
Added references to `MetaNamespaceKeyFunc` and
`SplitMetaNamespaceKey`.
Noted that a client must process each notification promptly and added
a referral to workqueue.
Made a couple other minor clarifications and corrections.
Kubernetes-commit: 848301e11a8558f6a90e2fada870a91baace812a
2. Remove staging/src/k8s.io/client-go/tools/cache from .golint_failures;
3. Fix some typo from comments.
Kubernetes-commit: 0e0e1f7daba0a6ae6dd59df0a1bb643c323ad8cb
* Kubectl user exec should accept zero-length environment values #652
* Changing TestValidateAuthInfoExecInvalidEnv to allow for empty strings as Exec values
Kubernetes-commit: f30af9dd6da46f0f01e38b477d455907da9f1b6c
The garbage collector and quota counter should use the metadata client and protobuf to access resources
Kubernetes-commit: 91b26341f47088896ad373f4df8c7bdf5b249bcc
* Added custom error message when wrong file is provided with KUBECONFIG
* Modified test case
* Updated the code to warn the missing files
* Renamed the variable
Kubernetes-commit: a5eedcde611658c220c56d2819bf0420aded4ed6
* Fixed and clarified comments and parameter names in index.go
Fixed the comment on IndexFunc to say that it returns multiple indexed values.
Clarified the comments and parameter names in the Indexer interface to
consistently use a dichotomy between "storage keys" and "indexed
values".
* Updated comments in index.go based on review by Liggitt
Kubernetes-commit: 4160909495626262ae514bab30fe81a3ff869d39
Reflector watchHandler: make 'The resourceVersion for ... watch is too old' log Info not Warning
Kubernetes-commit: 1a15ce14473fb60bb817d1f29147ae7b70a0987e
Normal files should have permissions 644 by default,
and does not require the last bit to be
executable
Signed-off-by: Odin Ugedal <odin@ugedal.com>
Kubernetes-commit: 35cb87f9cf71776e99a970dfff751cd29ba7ebfb
This warning comes from Reflector watchHandler, from the apiserver error that
indicates a watch was restarted. This happens when etcd drops the connection
and resources are relisted. This informs the user that the watchers are
operating properly, so should be logged as Info rather than Warning.
Kubernetes-commit: a953d1542c06456c6fe97121abd99acd352545df
The cache mutation detector must use a diff function that is
designed to show differences that cause reflect.DeepEqual to return
false.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: dd4f53cd45499687e768de46a15038d61935ab96
These will be used by the garbage collector controller and others that
use higher level primitives.
Kubernetes-commit: bc89c37f32aa6cfd0f9ca975d9221d0a89320623
Only Unstructured objects worked (because unstructured implicitly
clears the .Object map when Unmarshal is called). We must reset
obj before we attempt to unmarshal into it.
Kubernetes-commit: 3b599b383d32d80188fdc73adae1613cc167cbdd
There was some weird queuing going on. The queue was implement by
spawning goroutines that would block on the "ticketer" until it was
their turn to write to the output channel. If N events where in the
watch when the consumer of the watch stopped reading events, N
goroutines would leak. In unit tests of the certificate manager, this
was causing ~10k goroutines to leak.
Fix it with a buffering event processor that uses only one routine and
cancels correctly.
Kubernetes-commit: cafc640bfa0f7362b178b1b896085962d018afe3
All queue ShutDown() calls should be able to be invoked multiple times.
```
Observed a panic: "close of closed channel" (close of closed channel)
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:76
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:65
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:51
/usr/local/go/src/runtime/asm_amd64.s:573
/usr/local/go/src/runtime/panic.go:502
/usr/local/go/src/runtime/chan.go:333
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/client-go/util/workqueue/delaying_queue.go:137
```
Use sync.Once to guarantee a single close.
Kubernetes-commit: d2f7eb5235a93556261c8947e7a87342aeeaee2b
This comment formerly contained only a contrast with "standard
informer", but there is no longer such a thing so the comment lacked
much important information.
Kubernetes-commit: 121e4741463043eac188bb4eed51f07122262d69
The old wording suggested that `Run` only gets the controller started.
Changed the wording to make it clear that `Run` only returns after the
controller is stopped.
Kubernetes-commit: fad9dec758be4dcc49735aea98ada2de46cff9fe
Pick up the bug fix for golang/oauth2#237
Bump up cloud.google.com/go as a result of updating the OAuth2 code.
This commit was generated by:
./hack/pin-dependency.sh golang.org/x/oauth2 9f3314589c9a
./hack/pin-dependency.sh cloud.google.com/go v0.34.0
./hack/update-vendor.sh
git add vendor
git add -u
Kubernetes-commit: ef492e2d70385c43c5f1dad203ce635b40699341
Refactor loops over `SupportedMediaTypes()` where mediaType is used to match a single SerializerInfo{}
Kubernetes-commit: 84b561033eea9a4dac5b04df4f387efa7a7e9940
We have an existing helper function for this: runtime.SerializerInfoForMediaType()
This is common prep-work for encoding runtime.Objects into JSON/YAML for transmission over the wire or writing to ComponentConfigs.
Kubernetes-commit: 47e52d2981dc2a5c5950042f50688cf24dd92eda
Paginate watch cache->etcd List calls & reflector init/resync List calls not served by watch cache
Kubernetes-commit: c79fbabf234bea36f7b870da8e763c542c804be0
Clarifies that requesting no conversion is part of the codec factory, and
future refactors will make the codec factory less opionated about conversion.
Kubernetes-commit: 7f9dfe58f4cbe1e1b9e80f52addff70bac87bed4
When a client requests a PartialObjectMetadata returned from the
ObjectReaction type, if the object has a GVK set use that instead
of what the schema returns, since the majority of clients getting
partial object metadata will be doing so using the metadata client
or server side conversion.
Kubernetes-commit: baf091e9dbad00db39e246815f9d7a21d148044f
This client exposes operations on generic metadata (get, list, watch, delete)
and allows patch operations. The client always uses protobuf and requests
the server transform the response into the appropriate object. Using this
client simplifies the work of generic controllers by allowing them to treat
all objects the same, and also improves performance both in the amount of
data sent as well as allowing protobuf on CRD resources.
Kubernetes-commit: 21f5e643d9dbe6b65d21713dc16ab8888de5423e
- remove dep (c0a827dad6acc5fdea09967411aeeb9a8731d58f)
- move godep to bottom (3308b07da50c9547bcbfa50297b9bb91a02e88a2)
- bump example versions (9704cd1347ee287d388aa8f2b0091d4fe09640bb)
- add go modules section (e37037f5ae7c862a4255465ef328b8a3b6db038a)
- update go get docs (cda29fd9329a29856e5e3b218250b57ce8cbcd8f)
Kubernetes-commit: c8a8fb4177dbf3449684133f92bd065df8cb0419
An example of incorrect log message:
{
"component":"virtctl",
"level":"info",
"msg":"Config loaded from fileocp/auth/kubeconfig",
"pos":"loader.go:359",
"timestamp":"2019-03-07T18:50:20.923470Z"
}
Note how the resulting message has no characters between the text and
file name.
Kubernetes-commit: 65fb63a15473589f615bdfeb2f35e56414050f94
Added CorrelatorOptions that contains options to change the
defaults in EventSourceObjectSpamFilter and EventAggregator
in EventCorrelator. Added a eventCorrelator property to the
eventBroadcasterImpl to help with this.
Kubernetes-commit: 9d8e6fb1b9cf2d3fac8139a97334287e33ff911f
There was no reason to have two types and this avoids ~10% of allocations
on the GET code path.
```
BenchmarkGet-12 100000 109045 ns/op 17608 B/op 146 allocs/op
BenchmarkGet-12 100000 108850 ns/op 15942 B/op 132 allocs/op
```
Kubernetes-commit: 0489d0b1cf139253b82f73b072578073bc5616d6
The Create, Delete, Get, Patch, Update and UpdateStatus
methods in the dynamic client all expect the name
parameter to be non-empty, but did not validate this
requirement, which could lead to a panic. Add explicit
checks to these methods.
Kubernetes-commit: a9cba032dedbed9d04828c917a79a8371305d058
Clients are required to handle watch events of type ERROR, so instead
of eating the decoding error we should pass it on to the client. Use
NewGenericServerError with isUnexpectedResponse to indicate that we
didn't get the bytes from the server we were expecting. For watch, the
415 error code is roughly correct and we will return an error to the
client that makes debugging a failure in either server watch or client
machinery much easier.
We do not alter the behavior when it appears the response is an EOF
or other disconnection.
Kubernetes-commit: 89620d5667adec6c132b2713b79efb1dd2391723
Although it is spelling mistakes, it might make an affects while reading.
Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
Kubernetes-commit: 34961dc16c91f530b84957c50be5ebdbb914380b
Make a small formatting change to make it clear that you must take the
RBAC actions regardless of whether you're using Minikube or not.
Kubernetes-commit: fb4148e5f81057cd6a2b1e2840e3562516834446
When setting up a port forwarding with the client-go library (using the
`k8s.io/client-go/tools/portforward.PortForwarder`) with a non-defined local
port (i.e. passing `:80` as `ports` parameter to `portforward.New(...)`), a
local port will be assigned dynamically.
Currently, the local port will be _always_ 0 if it was not specified initially.
This is because the assigned local port is only set on a _copy_ of the actual
`ForwardedPort` type that is obtained in a `range` loop. This PR changes this
behaviour to set the local port at the correct instance by passing a pointer
instead of a copy to the relevant functions.
Kubernetes-commit: bbddd27f0dfffe6623763afe2c02c876ba925a7c
Added missing quote cause uncommenting the line to to load all auth plugins resulted in a syntax error.
Kubernetes-commit: a968f52611a36925c3736652a6e9d786903ce090
* When user try execute command like `kubectl get pod test -o custom-columns=CONTAINER:.spec.containers[-1].name`
It will throw a panic about slice index out of bounds. This patch fix it.
* add test case
Kubernetes-commit: 1e245fad87584a28809f8f5d380b766edfa984ec
The ContextCanceller transport wrapper blocks all API requests
after the provided context is closed. Used with the leader election
step down, a controller can ensure that new requests are not made
after the client has stepped down.
Kubernetes-commit: fe74efb1f90826b1903d2908ff9e528329bebea0
Properly wrapping a transport can be tricky. Make the normal case
(adding a non-nil transport wrapper to a config) easier with a helper.
Also enforce a rough ordering, which in the future we can use to
simplify the WrapTransport mechanism down into an array of functions
we execute in order and avoid wrapping altogether.
Kubernetes-commit: 1f590e697ef64812620c787720b4b5942027e4a1
Move to github.com/munnerz/goautoneg as bitbucket is flaky!
Change-Id: Iaa6e964ef0d6f308eea59bcc6f365ecd7dbf0784
Kubernetes-commit: 16fd72d6c91ba466a0e955a1d59a6c8d9e8791bc
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.
Future PRs will actually refactor the libraries.
Updates #71004
Kubernetes-commit: 18458392ca24c85c688e655aace1afd04f864cbd
Fixes#71730
0 indicates standby, 1 indicates master, label indicates which lease.
Tweaked name and documentation
Factored in Mike Danese feedback.
Removed dependency on prometheus from client-go using adapter.
Centralized adapter import.
Fixed godeps
Fixed boilerplate.
Put in fixes for caesarxuchao
Kubernetes-commit: f1926573804ed2c172c91d1022203d0699210138
Clean up the code paths that lead to objects being transformed and output with negotiation.
Remove some duplicate code that was not consistent. Now, watch will respond correctly to
Table and PartialObjectMetadata requests. Add unit and integration tests.
When transforming responses to Tables, only the first watch event for a given type will
include the columns. Columns will not change unless the watch is restarted.
Add a volume attachment printer and tighten up table validation error cases.
Disable protobuf from table conversion because Tables don't have protobuf because they
use `interface{}`
Kubernetes-commit: 3230a0b4fd14a6166f8362d4732e199e8779c426
The current code simply exits without continuing to renew the lease, which means
participants using a slower lease duration might have to wait multiple minutes
before a new leader is elected. Allow an optional flag to be set on
LeaderElectionConfig that will release the lease when the calling context is
cancelled. Callers *must* ensure their lease guarded code has completed before
the context is cancelled, or other processes may acquire the lease before this
lease has released.
Add an example command that demonstrates how cancellation could be done.
As a convenience to users, make event recorder optional - not all users of the
lock code will need a recorder.
Kubernetes-commit: 09890b6c48da8e85237a5674d6256900f482b0a5
This commit fixes a bug in the client-go/testing fixture whereby a
watcher would fire twice for objects with no namespace.
Kubernetes-commit: bd268c9971efd4db46074a80e52ce765583e0787
This reverts commit 0af19875add7deb562b2cf7bf6b1d273c44bab1b.
Revert "Ensure the bootstrap rotation code is tested by forcing rotation"
This reverts commit de293b2d7ddb687850258370f2a7f30f224f0ec1.
Kubernetes-commit: 34642222676640b3c1dd255cc453000f2743ccde
Expose both a Stop() method (for cleanup) and a method to force
cert rotation, but only expose Stop() on the interface.
Verify that we choose the correct client.
Kubernetes-commit: de293b2d7ddb687850258370f2a7f30f224f0ec1
Not every object kind can be registered via tracker .Add() called as
part of SimpleClientset initialization. This is because .Add() relies
on UnsafeGuessKindToResource to convert object kinds into resource
type names, which is broken for some resources. An example of an
affected kind is NetworkAttachmentDefinitions CRD that uses
network-attachment-definitions as its resource type name. When
UnsafeGuessKindToResource is called for this kind, it returns
networkattachmentdefinitions (without dashes).
As per the comment inside .Add, kinds affected by
UnsafeGuessKindToResource deficiencies should instead register objects
using tracker .Create() method. Problem is, current SimpleClientset
struct definition doesn't expose the object tracker in any way, which
makes it impossible to properly register these kinds at all.
To address the issue, this change modifies the definition of
SimpleClientset struct to expose the object tracker used via Tracker()
method.
Kubernetes-commit: d68cd8a0c7e6137ca4219078a3d651ecff03c21f
Remove non-needed else condition
Remove non-needed swallow copy
Simplify return for IsClosed()
Keep amount decrement next to element extraction from the queue
Signed-off-by: Adrián Orive <adrian.orive.oneca@gmail.com>
Kubernetes-commit: 0b16c43f59b736060bc18e2e1de0e7fcc268f39b
Feedback from lavalamp and deads2k.
Changed Check() logic to be central to LeaderElector.
Further changes, especially cleaning up the test code.
Kubernetes-commit: 9c43ee6d6ec6a159b960381af906c130027bc716
This func is only used internally and was copied from
k8s.io/kubernetes/pkg/apis/certificates.
Kubernetes-commit: 41334cfdd3eefc352536943518ffd9eaf570e27c
This func is only used by the kubelet and there's no need to pollute
client-go API with it.
Kubernetes-commit: 5c073abfe16fc0b9f62310b8276fc3b0c7043e60
The rules for address parsing are:
* Explicitly specified addresses must bind successfully
* `localhost` is pinned to `127.0.0.1` and `::1` and at least one of those must bind successfully
This change also makes output of the command consistent
between runs with the same arguments.
Previously the command was using the range via map of addresses
which sometimes was producing different output because the order
of values is not guaranteed in Go.
Kubernetes-commit: 4ee2010111af602988bf9bedf66d1a0c36419b09
Currently the fake client will return a default empty Object when a
Patch action is submitted on a missing Object. The correct behavior is to
instead propagate the NotFound error.
Kubernetes-commit: 96d0588440a96c5eba8b3ba0810563ad1e1a08b6
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
The backoff value is baseDelay*2^<num-failures> in ItemExponentialFailureRateLimiter.When . But the comment is baseDelay*10^<num-failures>.
Kubernetes-commit: c1fa760b75970fbd0c142971f1142754cb4ea3fc
It's very easy to add glog.Info(config) calls for debugging (or actual
logging). In some scenarios those configs will carry sensitive tokens
and those tokens will end up in logs or response bodies.
Leaking of those stringified configs compromises the cluster.
Also implement fmt.GoStringer.
Kubernetes-commit: c9ad1d7339b164dfba0846ec49fa4a52474d3e23
This patch changes the renewed lease log level from 4 to 5 of leaderelection.go
Fix: #69743
Kubernetes-commit: 920db78bea84d4bb015970547cda5a1df4f79a04
Initial allocation of several maps as the sizes are known
Signed-off-by: Adrián Orive <adrian.orive.oneca@gmail.com>
Kubernetes-commit: 2299f45f52464beff889fce7be1f66642a92b791
Ensure that bootstrap+clientcert-rotation in the Kubelet can:
1. happen in the background so that static pods aren't blocked by bootstrap
2. collapse down to a single call path for requesting a CSR
3. reorganize the code to allow future flexibility in retrieving bootstrap creds
Fetching the first certificate and later certificates when the kubelet
is using client rotation and bootstrapping should share the same code
path. We also want to start the Kubelet static pod loop before
bootstrapping completes. Finally, we want to take an incremental step
towards improving how the bootstrap credentials are loaded from disk
(potentially allowing for a CLI call to get credentials, or a remote
plugin that better integrates with cloud providers or KSMs).
Reorganize how the kubelet client config is determined. If rotation is
off, simplify the code path. If rotation is on, load the config
from disk, and then pass that into the cert manager. The cert manager
creates a client each time it tries to request a new cert.
Preserve existing behavior where:
1. bootstrap kubeconfig is used if the current kubeconfig is invalid/expired
2. we create the kubeconfig file based on the bootstrap kubeconfig, pointing to
the location that new client certs will be placed
3. the newest client cert is used once it has been loaded
Kubernetes-commit: 0af19875add7deb562b2cf7bf6b1d273c44bab1b
update bazel and fix goftm
use defaultStorageAccountKind
fix test failure
update godep license file
fix staging godeps issue
update staging godeps
fix comments, use one API call for file creation
Kubernetes-commit: bc2c79a43af1ad47218643c0a3b58b3388606336
certificate.FileStore only handles (cert, key) combined PEM files. This
PR allows (key, cert), which is what "openssl req -out foo.pem -keyout
foo.pem" generates.
Kubernetes-commit: 4b6a6a1cd5c8df83b3c51a03ecab975b82057489
With the current behavior, when kubelet starts, a `templateChanged`
event is always fired off because it only checks if `getLastRequest`
matches `getTemplate`. The last request only exists in memory and thus
is initially `nil` and can't ever match the current template during
startup.
This causes kubelet to request the signing of a new CSR every time it's
restarted. This commit changes the behavior so that `templateChanged` is
only fired off if the currently template doesn't match both the current
certificate and the last template.
Fixes#69471
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@us.ibm.com>
Kubernetes-commit: b9ab65d689cc48353ca5dae9f210ff408726a0d2
Use `k8s.io/client-go/kubernetes/fake.Clientset` as the fake k8s client.
Signed-off-by: He Xiaoxi <xxhe@alauda.io>
Kubernetes-commit: a96a390d924d33ba7dda13761ff0eb1eb37a02b6
adds an address flag to kubectl port-forward to allow to bind to a different ip then localhost
Kubernetes-commit: 4643c6e95e0a0cf6561554fb3b9a1bc59bcead0c
If the permissions are not setup correctly the example fails.
Change-Id: I167ef68be66f8b56740236ae475c3b7fdcc0dfb5
Kubernetes-commit: d222c310aaa4ce8777094f4a37a920982aff794d
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
Kubernetes-commit: 61117761cd4a1b2e6ad9ff2d7eb915f3d2739dc6
Automatic merge from submit-queue (batch tested with PRs 67555, 68196). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Not split nodes when searching for nodes but doing it all at once
**What this PR does / why we need it**:
Not split nodes when searching for nodes but doing it all at once.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@bsalamat
This is a follow up PR of #66733.
https://github.com/kubernetes/kubernetes/pull/66733#discussion_r205932531
**Release note**:
```release-note
Not split nodes when searching for nodes but doing it all at once.
```
Kubernetes-commit: a0b457d0e5ed54646fd01eac877efcea5be3216d
Picking up https://github.com/modern-go/reflect2/pull/2 which lazy
initializes a map of all types which we don't use in k8s, saving
memory & initialization time.
Kubernetes-commit: 970e4da4c6636b835175dc79a7492d22dc11ba33
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
client: periodically reload InClusterConfig token
/sig auth
/sig api-machinery
```release-note
NONE
```
Kubernetes-commit: 7b6647a418c660f2c87f183f706b297f1cb573ca
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Kubeadm Cert Renewal
**What this PR does / why we need it**:
adds explicit support for renewal of certificates via command
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#206
**Special notes for your reviewer**:
The targeted documentation is at kubernetes/website#9712
**Release note**:
```release-note
Adds the commands `kubeadm alpha phases renew <cert-name>`
```
Kubernetes-commit: 17dde46baebe0b67421132af7b99b42d89ea4cd0
Automatic merge from submit-queue (batch tested with PRs 66960, 67545). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delegated authn/z: optionally opt-out of mandatory authn/authz kubeconfig
This adds `RemoteKubeConfigFileOptional` field to the delegated authn/z option structs. If set to true, the authn/z kubeconfig file flags are optional. If no kubeconfig is given, all token requests are considered to be anonymous and no client CA is looked up in the cluster.
Prerequisite for https://github.com/kubernetes/kubernetes/pull/64149 and https://github.com/kubernetes/kubernetes/pull/67069.
Kubernetes-commit: 1b3a2dd0830ca0e02d5b95d2ecc0161d0c93a0c7
Automatic merge from submit-queue (batch tested with PRs 67323, 66717, 67038). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused function timeoutFromListOptions()
**What this PR does / why we need it**:
It removes a function which is not exported and not called or referenced.
Re-opening #60215 after rebase.
**Which issue(s) this PR fixes**
No issue.
**Special notes for your reviewer**:
I guess it would be useful to know what this was supposed to be doing. I just happened upon it when trying to understand how watch timeouts were configured.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 1bfbf861e92410dbed2cb8debdc2f841d0fd7719
Automatic merge from submit-queue (batch tested with PRs 67894, 64097). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
HPA metrics specificity improvements
**What this PR does / why we need it**:
Improves available specificity for HPA metrics by adding metric selector fields for metrics of Pods and Objects.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Implements this KEP: https://github.com/kubernetes/community/pull/2055
**Special notes for your reviewer**:
Need to add/update tests?
**Release note**:
```release-note
Introduces autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics.
```
/assign @DirectXMan12
Kubernetes-commit: fdb5707194d56cbbd0da11c5be3a2a5653e714c9
Automatic merge from submit-queue (batch tested with PRs 67362, 67256, 67809). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
del unused func DefaultEventFilterFunc
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: da62c170f724277bae45f6efed6085eb34566bc5
Automatic merge from submit-queue (batch tested with PRs 60790, 66023, 67549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
change TRUNCATED to DATA+OMITTED in kubectl config view
**What this PR does / why we need it**:
Based on the discussion in #61573, this PR switches the replacement text for CA certificate data and client certificates and secrets printed using `kubectl config view`. Currently, `REDACTED` is used, which might give a false impression that the data is a secret (which is not true for the public certificates).
This PR changes `REDACTED` to `DATA+OMITTED`. The printed string is the base64 encoded string on the byte stream. Some trickery is involved to print a readable string (refer to [this comment](https://github.com/kubernetes/kubernetes/pull/66023/files#diff-aec000ca3f293c94dcd99b4a9d1c5c3cL86) for more info).
**Which issue(s) this PR fixes**:
Fixes#61573
**Special notes for your reviewer**:
**Release note**:
```release-note
Switched certificate data replacement from "REDACTED" to "DATA+OMITTED"
```
Kubernetes-commit: ae9beb4663329c8ca824638805b70eba0d295977
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update github.com/imdario/mergo to v0.3.5
**What this PR does / why we need it**:
Updates github.com/imdario/mergo library to v0.3.5. We were pinned because of a functionality change in the dependency, however, a new function was introduced with similar functionality to the old.
There is apparently some Debian packaging issues (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878254) because of this. I'm still not clear what those are, unless they are forcing the library to update, as opposed to using our `vendor/`.
That said, this will allow for some of those vendor conflicts to resolve for anyone else who is using client-go, so that's at least worthwhile.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
fixes#27543, fixes https://github.com/kubernetes/client-go/issues/431
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 6b4135267911b6c10ed536308d29d2a7c453eef6
Automatic merge from submit-queue (batch tested with PRs 66920, 67316, 67363, 67528, 66963). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/rest: Fix "segments segment" comment typo
The typo landed with `SubResource` in adb75e1f (kubernetes/kubernetes#29147).
```release-note
NONE
```
Kubernetes-commit: 49b295415d398a3a36b5abb7ba071d3b224087eb
Without this change, the only method to discover what local port was
bound (if port 0 was requested) is to parse it out of the "out" stream,
which isn't the most reliable method.
Kubernetes-commit: a9084923f2bd499c287b675007cb7c6c093d60ad
Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use temp file for kubeconfig in test
Followup to https://github.com/kubernetes/kubernetes/pull/67093
Updates client_config_test to use a temporary file for kubeconfig.
**Release note**:
```release-note
NONE
```
cc @deads2k @soltysh
Kubernetes-commit: 46bfa1ab17afaffc584f560ee5c752ecbbad4f61
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
#50102 Task 1: Move apimachinery/pkg/watch.Until into client-go/tools/watch.UntilWithoutRetry
**What this PR does / why we need it**:
This is a split off from https://github.com/kubernetes/kubernetes/pull/50102 to go in smaller pieces.
Moves `apimachinery/pkg/watch.Until` into `client-go/tools/watch.UntilWithoutRetry` and adds context so it is cancelable.
**Release note**:
```release-note
NONE
```
**Dev release note**:
```dev-release-note
`apimachinery/pkg/watch.Until` has been moved to `client-go/tools/watch.UntilWithoutRetry`.
While switching please consider using the new `client-go/tools/watch.UntilWithSync` or `client-go/tools/watch.Until`.
```
/cc @smarterclayton @kubernetes/sig-api-machinery-pr-reviews
/milestone v1.12
/priority important-soon
/kind bug
(bug after the main PR which is this split from)
Kubernetes-commit: b6f0aed056ab94fef0b6f54e1ca1d66a5fc228b3
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Vendor cfssl/cfssljson utilities
**What this PR does / why we need it**:
Vendors the `cfssl` and `cfssljson` tools. Updates `kube::util::ensure-cfssl` to use them.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
fixes#66995, fixes#60070
**Special notes for your reviewer**:
1. Add cfssl/cfssljson ot the required bins for saving
2. Manually cloned/checked out the new dependencies to my gopath. `godep restore` doesn't pull them down because they aren't required or already in the `Godeps.json`. Used @BenTheElder's list here: https://github.com/kubernetes/kubernetes/issues/66995#issuecomment-410594532
3. `hack/godep-save.sh` to add the packages and dependencies to godep
4. Fixed two bugs when building:
a. `golang.org/x/crypto` needed to be updated
b. `github.com/cloudflare/cfssl` needed to be updated to 56268a613a so we can vendor their fork of `crypto/tls`, as we discard their modified vendored stdlib.
5. Update staging godeps
6. Update the `kube::util::ensure-cfssl` to install from vendor
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 818e632c1fde5fb01bc8ccf9b9ee6201f33a28b4
Automatic merge from submit-queue (batch tested with PRs 67161, 67093, 67077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
improve kubeconfig file modification time
In cases where there are few destination filenames for a given
amount of contexts, but a large amount of contexts, this patch
prevents reading and writing to the same file (or small number
of files) over and over again needlessly.
**Release note**:
```release-note
Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts
```
cc @deads2k
Kubernetes-commit: 3587aa4206ddf502540d388466985bb51fc4a0e6
Trades runtime complexity for spacial complexity when modifying
large amounts of contexts on a kubeconfig.
In cases where there are few destination filenames for a given
amount of contexts, but a large amount of contexts, this patch
prevents reading and writing to the same file (or small number
of files) over and over again needlessly.
Kubernetes-commit: d5651948cf1a14ed284b4708e2057e4cbc72bcbe
Automatic merge from submit-queue (batch tested with PRs 66958, 67024). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add CancelRequest to discovery round-tripper
**Release note**:
```release-note
NONE
```
Make discovery roundtripper implement the RequestCanceler interface
cc @deads2k
Kubernetes-commit: a945b5d9281ac5cba5e4a2976a0747592c0cff87
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop adding internal types to external schemes
at some point someone starting internal types to external schemes in kubectl tests. This fixes that mistake.
@kubernetes/sig-cli-maintainers
/assign @soltysh
```release-note
NONE
```
Kubernetes-commit: dab04dc6e0103c1778f047594e5405d433cff96c
Automatic merge from submit-queue (batch tested with PRs 66870, 66929, 66837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix panic fake SAR client expansion
if the object is nil, the type assertion fails.
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Kubernetes-commit: a2223e9a9281ca83fd85814c8e7c32b3c8fde53f
Automatic merge from submit-queue (batch tested with PRs 66870, 66929, 66837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add logging to find offending transports
When a transport can't be cancelled, we're notified, but we don't which transport is missing the ability. This adds logging to give us a target type.
@kubernetes/sig-api-machinery-bugs
/assign @juanvallejo
since you hit it.
```release-note
NONE
```
Kubernetes-commit: 99f96511fdb8438f85ebeb4c22c929c97fabcbb6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dry-run: Update DynamicClient to pass Create/Update options
Change dynamic client to accept Create and Update options on Create/Update/Patch methods.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b90485560185085ae7a8ad3fab60cb417f7654bf
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add methods to apimachinery to easy unit testing
When unit testing, you often want a selective scheme and codec factory. Rather than writing the vars and the init function and the error handling, you can simply do
`scheme, codecs := testing.SchemeForInstallOrDie(install.Install)`
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Kubernetes-commit: 4a54f3f0d6fe73bcced14442b60981819a1744e2
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Percent-encode illegal characters in user.Info.Extra keys
This percent-encodes characters in `X-Remote-Extra-` and `Impersonate-Extra-` keys which aren't valid for header names per [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) (plus "%" to avoid breaking keys which contain them). The API server then blindly unescapes these keys.
Reviewer note:
Old clients sending keys which were `%`-escaped by the user will have their values unescaped by new API servers. New clients sending keys containing illegal characters (or "%") to old API servers will not have their values unescaped. This version skew incompatibility is a compromise discussed in #63682.
Fixes#63682
PTAL @mikedanese
**Release note**:
```release-note
action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers.
```
Kubernetes-commit: 6715f139292bfde5e4030e2e3f8077da04cc6d72
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Azure Go SDK to v19.0.0 and get availability zone for VirtualMachineScaleSetVM
**What this PR does / why we need it**:
Continue of #66242. This PR updates Azure Go SDK to v19.0.0 (with compute API 2018-04-01) and gets availability zones for VirtualMachineScaleSetVM.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones.
```
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Kubernetes-commit: c2cbe86f7d647f8608c9963105fe297c9c5f4508
The typo landed with SubResource in adb75e1f (generated staging area,
2016-08-06, kubernetes/kubernetes#29147).
Kubernetes-commit: e42aab6430cbc9d14891e9aaada9ec8becf62273
Instead of Transport. This fixes ExecPlugin, which fails if
restclient.Config.Transport is set.
Kubernetes-commit: 3357b5ecf42db9bcf6e54c9d2b6712cfbae077bf
Automatic merge from submit-queue (batch tested with PRs 66252, 66518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add missing OrDie variant for dynamic client construction
Generated clients have it and it is very handy for test cases.
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: 6764a795869d2631eb75f222f776ec5a80b61e37
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Kubernetes-commit: d2cc34fb07138deeacb220126e76a0cb279f340b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace info log with warn log
**What this PR does / why we need it**:
Replace info log with warn log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59356
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7f912af75ce4794b0cf089103a0e83f1f6a61d2f
The default cache for a cachedTokenSource is not always empty. In the
case of commandTokenSource, it contains calling details for the
external command that is used to generate refresh tokens. Persisting
a completely empty cache will thus break ability for the plugin to
obtain refresh tokens. This changes the roundtripper to persist
the default cache instead of assuming an empty map.
Kubernetes-commit: 73e5e43711043c6a80d41b1be080b3b2d3dfbacb
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix fake dynamic client listing bug
The fake dynamic client used for unit testing had a bug that prevented list from working. Added a test and fixed the fake client.
@kubernetes/sig-api-machinery-bugs
/assign @tnozicka
```release-note
NONE
```
Kubernetes-commit: da1bb028304504cbe33e5dab42290e1e8ea12d14
Automatic merge from submit-queue (batch tested with PRs 66212, 66256, 66263, 66193). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: fix error message spelling in rest config
**What this PR does / why we need it**:
Fixing spelling because it offends the eye.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: bfba154715012b63a3fcc8320cc48986304f819c
Automatic merge from submit-queue (batch tested with PRs 66172, 66254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: update documentation for remotecommand.StreamOptions
**What this PR does / why we need it**:
The ability to explicitly define the supported protocols was removed in commit 12c7874c0d88e9099ab2a29915d26751f0d23c2a
Adjust documentation accordingly.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e09be82ad04107f81032b82a1e2452759001819f
The ability to explicitly define the supported protocols was removed in commit 12c7874c0d88e9099ab2a29915d26751f0d23c2a
Adjust documentation accordingly.
Kubernetes-commit: f77060aa8da8256fa48412e7a0d9523245017dcb
Automatic merge from submit-queue (batch tested with PRs 64181, 65737). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
API linter framework and namesMatch API rule
**What this PR does / why we need it**:
Bump kube-openapi dependency to use the [API linter framework](https://github.com/kubernetes/kube-openapi/pull/83) in k/k OpenAPI spec generation procedure.
Currently one API rule is enforced:
"Go field names must be CamelCase. JSON field names must be camelCase. Other than capitalization of the initial letter, the two should almost always match. No underscores nor dashes in either."
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65244
**Special notes for your reviewer**:
Most code change in this PR was generated (~1700 lines). Please see commits for detail.
**Release note**:
```release-note
NONE
```
/sig api-machinery
/cc @pwittrock @mbohlool
Kubernetes-commit: 614e3adda05c5d7189c8485ba7abe1ba7ee501a7
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: use self-signed cert fixtures in integration test servers
Kubernetes-commit: 932766231342f1f7d2b8d3063b139c46a8bf9f2b
Automatic merge from submit-queue (batch tested with PRs 65052, 65594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Derive kubelet serving certificate CSR template from node status addresses
xref https://github.com/kubernetes/features/issues/267fixes#55633
Builds on https://github.com/kubernetes/kubernetes/pull/65587
* Makes the cloud provider authoritative when recording node status addresses
* Makes the node status addresses authoritative for the kube-apiserver determining how to speak to a kubelet (stops paying attention to the hostname label when determining how to reach a kubelet, which was only done to support kubelets < 1.5)
* Updates kubelet certificate rotation to be driven from node status
* Avoids needing to compute node addresses a second time, and differently, in order to request serving certificates.
* Allows the kubelet to react to changes in its status addresses by updating its serving certificate
* Allows the kubelet to be driven by external cloud providers recording node addresses on the node status
test procedure:
```sh
# setup
export FEATURE_GATES=RotateKubeletServerCertificate=true
export KUBELET_FLAGS="--rotate-server-certificates=true --cloud-provider=external"
# cleanup from previous runs
sudo rm -fr /var/lib/kubelet/pki/
# startup
hack/local-up-cluster.sh
# wait for a node to register, verify it didn't set addresses
kubectl get nodes
kubectl get node/127.0.0.1 -o jsonpath={.status.addresses}
# verify the kubelet server isn't available, and that it didn't populate a serving certificate
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
ls -la /var/lib/kubelet/pki
# set an address on the node
curl -X PATCH http://localhost:8080/api/v1/nodes/127.0.0.1/status \
-H "Content-Type: application/merge-patch+json" \
--data '{"status":{"addresses":[{"type":"Hostname","address":"localhost"}]}}'
# verify a csr was submitted with the right SAN, and approve it
kubectl describe csr
kubectl certificate approve csr-...
# verify the kubelet connection uses a cert that is properly signed and valid for the specified hostname, but NOT the IP
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
curl --cacert _output/certs/server-ca.crt -v https://127.0.0.1:10250/pods
ls -la /var/lib/kubelet/pki
# set an hostname and IP address on the node
curl -X PATCH http://localhost:8080/api/v1/nodes/127.0.0.1/status \
-H "Content-Type: application/merge-patch+json" \
--data '{"status":{"addresses":[{"type":"Hostname","address":"localhost"},{"type":"InternalIP","address":"127.0.0.1"}]}}'
# verify a csr was submitted with the right SAN, and approve it
kubectl describe csr
kubectl certificate approve csr-...
# verify the kubelet connection uses a cert that is properly signed and valid for the specified hostname AND IP
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
curl --cacert _output/certs/server-ca.crt -v https://127.0.0.1:10250/pods
ls -la /var/lib/kubelet/pki
```
```release-note
* kubelets that specify `--cloud-provider` now only report addresses in Node status as determined by the cloud provider
* kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider
```
Kubernetes-commit: 337dfe0a9cde3894eb6a26f9184df659d54007c6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors in generated client scheme
**What this PR does / why we need it**:
Adds missing error handling for schema construction code in generated clientsets.
**Which issue(s) this PR fixes**
Together with #64654fixes#51457.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: 0e7376d9cb1ec74bcb3c10a664a330bc9d60df64
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
track schemes by name for error reporting
Getting an error message about a type not being in the scheme is hard to fix if you don't know which scheme is failing. This adds a name to the scheme which can be set during creation or can be set based on the calling stack. If you use the old constructor a name is generated for you based on the stack. Something like "k8s.io/client-go/dynamic/scheme.go:28" for instance.
Also moves a typer to its point of use. This was debt from previous refactors which I noticed going through.
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Kubernetes-commit: 8e2fdb32bc84103b15310a221a375470bf567bdc
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix print format string
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7597e952d17882dca2b464d56cf744f126a037fa
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos for TestBackoffHighWaterMark
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes-commit: 692f9bb7b1fa6ca72ddd5a305607d79f9684e907
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
leader election: fix dead loop bug
**What this PR does / why we need it**:
bug fix: leader election calling apiserver without time interval. It is a dead loop.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65666
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: fc081b5941b90aa6dedbc796f97a19da373c5df9
Automatic merge from submit-queue (batch tested with PRs 65094, 65533, 63522, 65694, 65702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set leader election client and renew timeout
**What this PR does / why we need it**:
set leader-election client timeout
set timeout for tryAcquireOrRenew
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65090#65257
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 47020f331877ca77f0541c7622c33894282e9a20
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: 7786bd8c9a99974e2cda31940dd4a1ef0a31c2e5
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cleanup: remove deadcode
/kind cleanup
remove deadcode
remove unnecessary conversion
```release-note
NONE
```
Kubernetes-commit: 16dbb95c51532e8a937a3ccb90223e8568b130c3
Automatic merge from submit-queue (batch tested with PRs 63773, 65411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/examples/fake-client: add doc.go to fix go build warnings
The publishing bot is currently broken (https://github.com/kubernetes/kubernetes/issues/56876#issuecomment-399763681). This is due to the following error:
```
[24 Jun 18 15:08 UTC]: Running smoke tests for branch master
[24 Jun 18 15:08 UTC]: /bin/bash -xec "godep restore\ngo build ./...\ngo test $(go list ./... | grep -v /vendor/)\n"
+ godep restore
+ go build ./...
go build k8s.io/client-go/examples/fake-client: no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client
[24 Jun 18 15:09 UTC]: exit status 1
+ godep restore
+ go build ./...
go build k8s.io/client-go/examples/fake-client: no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client
[24 Jun 18 15:09 UTC]: exit status 1```
```
The fakeclient package does not have any non-test go files. The test file was added in https://github.com/kubernetes/kubernetes/pull/65291 2 days ago.
This causes `go build` to give a warning: `no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client`, which breaks the publishing bot. This PR adds a dummy doc.go file in the package to avoid this warning and fix the publishing bot.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7a9a30a4f7eae900bffd4b477a431a999de350dd
Automatic merge from submit-queue (batch tested with PRs 64122, 64936, 65288, 65383). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to rules_go 0.12.1 and gazelle 0.12.0 and perform related cleanups
**What this PR does / why we need it**: my initial intent was to simply update to rules_go 0.12.1 and gazelle 0.12.0.
A few internal changes / deprecations meant that I finally needed to clean up some technical debt. This also fixes#64122.
I've attempted to keep the steps as separate commits to make it easier to review:
1. Disable gazelle proto rule generation; legacy proto rules are deprecated, and we don't (currently) build protos at build time anyway, instead generating them with `hack/update-generated-protobuf.sh` and then checking them in. We can revisit this in the future if we'd like.
2. Remove the legacy `go_default_library_protos` filegroups using [buildozer](https://github.com/bazelbuild/buildtools/tree/master/buildozer). We don't use these, anyway.
3. Update the rules_go bazel workspace dependency to 0.12.1.
4. Vendor gazelle 0.12.0 and update BUILD files with `hack/update-bazel.sh`. This causes a lot of diffs, because `select()`s are no longer used in `srcs` attributes, external tests are folded into non-external tests, and vendored targets get an `importmap` attribute.
5. Set `gazelle:prefix` on `staging/src/BUILD` to make gazelle treat these correctly(ish). This allows us to remove the sed rewrite hack in `hack/update-bazel.sh`.
6. Explicitly set `# gazelle:importmap_prefix k8s.io/kubernetes/vendor` on `vendor/`, so that all vendored dependencies get the right importmap. gazelle 0.12.0 uses the bazel workspace name + `vendor/` as a prefix, which doesn't work with native go. Newer gazelle will use the go prefix (https://github.com/bazelbuild/bazel-gazelle/pull/207), but it's not released yet. Setting this correctly now also fixes later `BUILD` churn.
7. Re-run `hack/update-bazel.sh`. This causes a bunch of diffs, since anything under `staging/src` now uses the `staging/src/` path instead of `vendor/`. (Both would work for bazel, but gazelle uses the former, since `vendor/` uses symlinks.) Also `importmap`s under `vendor/` are fixed.
8. Reformat a few files (using [buildifier](https://github.com/bazelbuild/buildtools/tree/master/buildifier)) to make later diffs easier to read.
9. Rework the `go_genrule` rules to use the new `go_genrule` from https://github.com/kubernetes/repo-infra/pull/72, which is more bazely, since it uses the rules_go `go_path` rule instead of lots of shell.
10. Remove the deprecated `go_prefix` rule from the root BUILD.bazel file.
11. Set `# gazelle:importmap_prefix k8s.io/kubernetes/vendor` on `staging/src` as well, which ensures that these repos are treated as vendored dependencies. (It's basically the bazel-y way of doing the `vendor/k8s.io` symlinks.)
12. Run `hack/update-bazel.sh` one last time to fix all of the `importmap`s under `staging/src`.
Note re: point 6 above - we're pretty much ignoring the `vendor/k8s.io` symlinks entirely now under bazel. Using the `gazelle:prefix` directive ensures these get mapped into the right go importpath, and the `go_path` rule installs these correctly now too.
**Special notes for your reviewer**: this should not be submitted before https://github.com/kubernetes/repo-infra/pull/72, obviously.
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @fejta @thockin
cc @cblecker @jayconrod
Kubernetes-commit: 1ad1c8c7f80d99b9625924b2102a04a555162bfb
Automatic merge from submit-queue (batch tested with PRs 65301, 65291, 65307, 63845, 65313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add client-go example using fake client in test.
**What this PR does / why we need it**:
This adds an example showing the steps needed to get a working
SharedInformerFactory with a fake client for testing.
**Special notes for your reviewer**:
I had a really hard time figuring out how to use this utility correctly. I don't think this example is sufficient documentation, but it's a good start.
**Release note**:
```release-note
NONE
```
/sig api-machinery
/kind documentation
Kubernetes-commit: 8008c7dad945f7ac0748774a99148c864932288e
The fakeclient package does not have any non-test go files. This
causes `go build` to give a warning: `no non-test Go files in ...`.
This also causes the publishing bot to fail.
This PR adds a dummy doc.go file in the package to avoid this warning.
Kubernetes-commit: 764ae69671428987d77898b2d3c48c6c003e2fd4
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enhance leaderelection code
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 8850871891f345628f01dbef4ede727d74dd2113
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cancellable leader election
**What this PR does / why we need it**:
Adds ability to cancel leader election. Useful in integration tests where the whole app is started and stopped in each test.
**Special notes for your reviewer**:
I used the `context` package - it is impossible/hard to achieve the same behaviour with just channels without spawning additional goroutines but it is trivial with `context`. See `acquire()` and `renew()` methods.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Kubernetes-commit: 571b9beac5bdaa65fb581bead7464926fa81cdbf
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix CRD OpenAPI schema
fixes#65243
depends on https://github.com/kubernetes/kube-openapi/pull/84
without this PR, kubectl complains about creating this CRD with a validation schema (which worked in 1.10):
```yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: resources.mygroup.example.com
spec:
group: mygroup.example.com
version: v1alpha1
scope: Namespaced
names:
plural: resources
singular: resource
kind: Kind
listKind: KindList
validation:
openAPIV3Schema:
properties:
spec:
type: array
items:
type: number
```
> error: error validating "/Users/jliggitt/projects/snippets/crd/crd.yaml": error validating data: [ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): unknown field "type" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "Schema" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "JSONSchemas" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray]; if you choose to ignore these errors, turn validation off with --validate=false
that is because the types used to serialize JSONSchema require custom marshaling/unmarshaling, and the OpenAPI generator was not informed of that, so it produced this:
```json
{
"io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray": {
"description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.",
"required": [
"Schema",
"JSONSchemas"
],
"properties": {
"JSONSchemas": {
"type": "array",
"items": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
},
"Schema": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
}
}
}
```
OpenAPI isn't able to represent oneOf/anyOf types correctly currently. Until it can, we definitely shouldn't publish a schema containing required fields which aren't even part of the JSON serialization. This PR implements custom openapi type functions, which omit the properties/required/schema attributes for four specific JSONSchema types. This allows kubectl to continue creating these objects without complaining.
/sig api-machinery
/assign @sttts
```release-note
fixed incorrect OpenAPI schema for CustomResourceDefinition objects
```
Kubernetes-commit: ed6c8b7326bd1a1b845719f4bfb302073a18f03f
This adds an example showing the steps needed to get a working
SharedInformerFactory with a fake client for testing.
Kubernetes-commit: aed487b42d1b49df9ac01f7234896f6d1b4da166
Automatic merge from submit-queue (batch tested with PRs 64416, 63625, 60967, 64767, 64588). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Collapse memcached discovery client onto parallelized discovery method
```release-note
NONE
```
Kubernetes-commit: f637a259ea2852a15a4321fd059972c55aaefc9b
Automatic merge from submit-queue (batch tested with PRs 64688, 64451, 64504, 64506, 56358). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**What this PR does / why we need it**:
/kind cleanup
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b309d18a48d8054904fe88fdc49cae33a276f722
Automatic merge from submit-queue (batch tested with PRs 64142, 64426, 62910, 63942, 64548). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove inaccurate comment about watch timeout
when watch timeout, the tcp connection does not close, it is reused for another new watch.
But this makes users misunderstanding.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d0a2bfd22e8c129e0a156a4304a62e3563dc6a59
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
Kubernetes-commit: a2de1398f829ef38d645579160bdd6bfec8384d3
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-use private key after failed CSR
**What this PR does / why we need it**:
This fixes a regression introduced in 1.11.
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c855accaecb5775b515dad54799c37db6df51694
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
Kubernetes-commit: 2c0f043957d25da162fe4e1026c50e2587529ff9
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Vertical Pod Autoscaler to autoscaling/v2beta1
**What this PR does / why we need it**:
Adds Vertical Pod Autoscaler (https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/vertical-pod-autoscaler.md) to the autoscaling API (which currently has the Horizontal Pod Autoscaler).
This is needed for the Vertical Pod Autoscaler beta.
**Special notes for your reviewer**:
/cc @thockin @mwielgus @DirectXMan12
FYI. changes that add pkg/registry/autoscaling/verticalpodautoscaler/... will follow.
**Release note**:
```Add Vertical Pod Autoscaler to autoscaling/v2beta1.```
Kubernetes-commit: 63c90bb47ec99247cbf29542edfc443ffda7298b
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade container-storage-interface/spec dependency to v0.3.0
Also updated golang/protobuf to v1.1.0 to satisfy hard requirement of new CSI Spec version
/sig storage
/kind enhancement
/assign @saad-ali
```release-note
Updated Container Storage Interface specification version to v0.3.0
```
Kubernetes-commit: d12d8bd64bd25ce3a6bbda0dd43533cde359290b
Automatic merge from submit-queue (batch tested with PRs 63453, 64592, 64482, 64618, 64661). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: promote exec plugin support to beta
/sig auth
/kind feature
Adds a "v1beta1" API group for client authentication. Because of a lack of usage with the input parameters, these have been dropped for the beta. Would like to re-introduce them as users feel they require them.
updates https://github.com/kubernetes/kubernetes/issues/61796
```release-note
client-go: credential exec plugins have been promoted to beta
```
Kubernetes-commit: 819d51567f82c27ba3b7cde5b4cb3bb59c0550b6
Automatic merge from submit-queue (batch tested with PRs 64613, 64596, 64573, 64154, 64639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openapi some cleanup
Clean-up some OpenAPI code, mostly test related (there are two implementations of "Fake").
This is going for master, but I'll probably also cherry-pick/create a similar PR for feature-serverside-apply branch since we'll need that to move some code around.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c3bb41ad4b147f6159dd7542ffd2772d7042e2d8
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Refactor the Bootstrap Tokens usage in the API types
**What this PR does / why we need it**:
This PR:
- Moves some common, generic Bootstrap Token helpers and constants from `k8s.io/kubernetes/cmd/kubeadm/app/util/token` to `k8s.io/client-go/tools/bootstrap/token/`
- Breaks out the top-level Bootstrap Token fields to a dedicated `BootstrapToken` struct with helper functions.
- Instead of representing the Bootstrap Token as a plain `string`, there is now a wrapper struct `BootstrapTokenString` that can marshal/unmarshal correctly and supports validation on create, and splitting up the full token in the ID/Secret parts automatically.
- Makes kubeadm support multiple Bootstrap Tokens automatically by supporting a slice of `BootstrapToken` in the `MasterConfiguration` API object
- Consolidates the place for kubeadm to create token-related flags in an `options` package
- Supports automatic conversion from the `v1alpha1` to `v1alpha2` API
- Adds support to set token expiration directly instead of setting a TTL (Expiration and TTL are mutually exclusive)
- Removes the old `TokenDiscovery` struct we're not using anymore inside of kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related to https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This is work in progress. Please only review the first two commits for now.
I will work on splitting up this PR in smaller chunks.
I will also write unit tests tomorrow.
**Release note**:
```release-note
[action required] kubeadm: The Token-related fields in the `MasterConfiguration` object have now been refactored. Instead of the top-level `.Token`, `.TokenTTL`, `.TokenUsages`, `.TokenGroups` fields, there is now a `BootstrapTokens` slice of `BootstrapToken` objects that support the same features under the `.Token`, `.TTL`, `.Usages`, `.Groups` fields.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer @liztio
Kubernetes-commit: c7b71ebca95d9afb5c4adbadf6cde09a0988d5a7
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate the in-tree keystone plugin
**What this PR does / why we need it**:
We now have the `client-keystone-auth` in cloud-provider-openstack
repository:
https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-client-keystone-auth.md
So let's drop the in-tree one, so we can remove it in 1.12
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
in-tree support for openstack credentials is now deprecated. please use the "client-keystone-auth" from the cloud-provider-openstack repository. details on how to use this new capability is documented here - https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-client-keystone-auth.md
```
Kubernetes-commit: 10d0c5c19e8e0a0a8e3e4a1a9bfe6baf9cde1bc4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add PST to main SECURITY_CONTACTS as formality
Add the Product Security Team as the security contacts for the main
repository and they can use the OWNERS files in each subsystem/dir to find
the correct owners.
cc @liggitt @cjcullen @tallclair @philips
```release-note
NONE
```
closes#64265
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
Kubernetes-commit: 5da925ad4fd070e687dc5255c177d5e7d542edd7
Automatic merge from submit-queue (batch tested with PRs 61803, 64305, 64170, 64361, 64339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add TLS support to exec authenticator plugin
**What this PR does / why we need it**:
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/kubectl-exec-plugins.md#tls-client-certificate-support
Allows exec plugin to return raw TLS key/cert data. This data populates
transport.Config.TLS field.
This requires a change to AuthProvider interface to expose TLS configs,
not only RoundTripper.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61421
**Special notes for your reviewer**:
**Release note**:
```release-note
Exec authenticator plugin supports TLS client certificates.
```
Kubernetes-commit: f701b7529937493a64f2f2553aa9a5cd7020d9b7
Automatic merge from submit-queue (batch tested with PRs 58920, 58327, 60577, 49388, 62306). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix persist typo
I wonder this pr should pull to kubernetes/kubernetes or kubernetes/client-go ?
```
NONE
```
Kubernetes-commit: 5cf652d899d464a63a99aceaab9cf9276294b602
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add metadata to kubelet eviction event annotations
**What this PR does / why we need it**:
Add annotations to kubelet eviction events. Annotations include
"offending_containers" : comma-seperated list of containers.
"offending_containers_usage": comma-seperated list of usage.
"starved_resource": v1.ResourceName of the starved resource
**Special notes for your reviewer**:
Adding annotations to events required changing the `EventRecorder` interface to add a `AnnotatedEventf` function, which can add annotations to an event.
**Release note**:
```release-note
NONE
```
/assign @dchen1107
cc @mwielgus @schylek @kgrygiel
Kubernetes-commit: 15cd3552819367aef63114dcf7fa87b216d5dc62
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: start fresh with owner file
After client-go's OWNER file has grown to 50ish many reviewers, It's time to start fresh and re-add those who really want to review. Please don't be shy to come forward if you want to stay on that list. I will re-add you.
Kubernetes-commit: 10b9fd3a01f37b9a6f1ce636edcbd9c7332414cd
Automatic merge from submit-queue (batch tested with PRs 64175, 63893). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Expose openapi schema to handlers
**What this PR does / why we need it**:
Build an openapi spec for each api resource handler. This spec will be able to be consumed by server-side apply and server-side openapi validation.
The reason for putting it into master is so we can work on implementing server side validation against the openapi spec as well as server side apply, and it will make merging the server side apply feature branch a smaller, less risky PR
/sig api-machinery
/kind feature
cc @liggitt @lavalamp @seans3 @mbohlool @apelisse
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 28f171bd66937dec8b24a05c4b7a1414432f9fe8
Automatic merge from submit-queue (batch tested with PRs 64060, 63904, 64218, 64208, 64247). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
prevent zero for leader election timeouts
Add conditional checks for a stupid error that took me 20 minutes to find.
I don't see a reason to allow zero for any of the leader election tuning params
```release-note
NONE
```
Kubernetes-commit: 151fe855461b2e85f360435d6fc424e6f6542a97
Add the Product Security Team as the security contacts for the main
repository and they can use the OWNERS files in each subsystem/dir to find
the correct owners.
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
Kubernetes-commit: ac015892e4e2ab641a7761ab79f8cf986e1fa266
Automatic merge from submit-queue (batch tested with PRs 63598, 63913, 63459, 63963, 60464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Client-go raises error on duplicated name in kubeconfig
(for NamedCluster, NamedContext, NamedUser, NamedExtension)
**What this PR does / why we need it**:
Client should detect duplicated name when loading `name-value` based lists in kubeconfig: `users`, `clusters`, `contexts`. Currently if there are multiple value with same name, `client-python` will pick the first one, while `client-go` will pick the last.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: kubernetes-client/python#445, kubernetes-client/python-base#47
**Special notes for your reviewer**:
**Release note**:
```release-note
kubectl and client-go now detects duplicated name for user, cluster and context when loading kubeconfig and reports error
```
/sig api-machinery
cc @brendandburns @mbohlool
Kubernetes-commit: 7909712ca574c536901bc7858dfbf72a3a6ee7dd
Automatic merge from submit-queue (batch tested with PRs 63598, 63913, 63459, 63963, 60464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix event ref determination for apigroups
The event ref determination was never updated to handle apigroups so it has been returning only a group (not a version).
@kubernetes/sig-apps-bugs
```release-note
event object references with apiversion will now report an apiversion.
```
Kubernetes-commit: 4810b9ba679f4fb9cc39f3a83bbcd23b3e4accce
Automatic merge from submit-queue (batch tested with PRs 60012, 63692, 63977, 63960, 64008). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use Dial with context
**What this PR does / why we need it**:
`net/http/Transport.Dial` field is deprecated:
```go
// DialContext specifies the dial function for creating unencrypted TCP connections.
// If DialContext is nil (and the deprecated Dial below is also nil),
// then the transport dials using package net.
DialContext func(ctx context.Context, network, addr string) (net.Conn, error)
// Dial specifies the dial function for creating unencrypted TCP connections.
//
// Deprecated: Use DialContext instead, which allows the transport
// to cancel dials as soon as they are no longer needed.
// If both are set, DialContext takes priority.
Dial func(network, addr string) (net.Conn, error)
```
This PR switches all `Dial` usages to `DialContext`. Fixes#63455.
**Special notes for your reviewer**:
Also related: https://github.com/kubernetes/kubernetes/pull/59287https://github.com/kubernetes/kubernetes/pull/58532https://github.com/kubernetes/kubernetes/issues/815https://github.com/kubernetes/community/pull/1166https://github.com/kubernetes/kubernetes/pull/58677https://github.com/kubernetes/kubernetes/pull/57932
**Release note**:
```release-note
HTTP transport now uses `context.Context` to cancel dial operations. k8s.io/client-go/transport/Config struct has been updated to accept a function with a `context.Context` parameter. This is a breaking change if you use this field in your code.
```
/sig api-machinery
/kind enhancement
/cc @sttts
Kubernetes-commit: ddf551c24b7d88454f8332ce6855e53281440958
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Extract connection rotating dialer into a package
**What this PR does / why we need it**: This will be re-used for exec auth plugin to rotate connections on
credential change.
**Special notes for your reviewer**: this was split from https://github.com/kubernetes/kubernetes/pull/61803 to simplify review
**Release note**:
```release-note
NONE
```
Kubernetes-commit: da8e25c63dbc48f35065f5790f2f522bbe0c3641
* The informer code-generator now allows specifying a custom resync period for certain informer types and uses the default resync period if none is specified.
* The OpenStack auth config from is now read from the client config. If the client config is not available, it falls back to reading from the environment variables.
* The in-tree support for openstack credentials is now deprecated. Please use the `client-keystone-auth` from the cloud-provider-openstack repository. Details on how to use this new capability is documented [here](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-client-keystone-auth.md)
* 406 mime-type errors are now tolerated while attempting to load new openapi schema. This improves compatibility with older servers when creating/updating API objects.
* Support for `alpha.kubernetes.io/nvidia-gpu` resource which was deprecated in 1.10 is removed. Please use the resource exposed by `DevicePlugins` instead (`nvidia.com/gpu`).
* Alpha annotation for `PersistentVolume` node affinity has been removed. Update your `PersistentVolume`s to use the beta `PersistentVolume.nodeAffinity` field before upgrading.
*`Node.Spec.ConfigSource.ConfigMap.KubeletConfigKey` must be specified when using dynamic Kubelet config to tell the Kubelet which key of the `ConfigMap` identifies its config file.
* The `GitRepo` volume type is deprecated. To provision a container with a git repo, mount an `EmptyDir` into an `InitContainer` that clones the repo using git, then mount the `EmptyDir` into the Pod's container.
* The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). `PodSecurityPolicy` and `Pod` objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.
* The annotation `service.alpha.kubernetes.io/tolerate-unready-endpoints` is deprecated. Users should use `Service.spec.publishNotReadyAddresses` instead.
* Default mount propagation has changed from `HostToContainer` (`rslave` in Linux terminology) to `None` (`private`) to match the behavior in 1.9 and earlier releases. `HostToContainer` as a default caused regressions in some pods.
Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes.
Do not open pull requests directly against kubernetes/client-go repository (except for README.md); they will be ignored. Instead, please open pull requests and issues against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes.
This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/client-go](https://git.k8s.io/kubernetes/staging/src/k8s.io/client-go) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot).
This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/client-go](https://git.k8s.io/kubernetes/staging/src/k8s.io/client-go) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot).
Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/staging.md) for more information
Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information
etc. The Kubernetes version tag does NOT claim any backwards compatibility
guarantees for client-go. Please check the [semantic versions](#versioning) if
@@ -171,10 +168,19 @@ you care about backwards compatibility.
### How to get it
You can use `go get k8s.io/client-go/...` to get client-go, but **you will get
the unstable master branch** and `client-go`'s vendored dependencies will not be
added to your `$GOPATH`. So we think most users will want to use a dependency
management system. See [INSTALL.md](/INSTALL.md) for detailed instructions.
To get the latest version, use go1.16+ and fetch using the `go get` command. For example:
```
go get k8s.io/client-go@latest
```
To get a specific version, use go1.11+ and fetch the desired version using the `go get` command. For example:
```
go get k8s.io/client-go@v0.20.4
```
See [INSTALL.md](/INSTALL.md) for detailed instructions and troubleshooting.
### How to use it
@@ -184,9 +190,7 @@ refer to the out-of-cluster [example](examples/out-of-cluster-client-configurati
### Dependency management
If your application depends on a package that client-go depends on, and you let the Go compiler find the dependency in `GOPATH`, you will end up with duplicated dependencies: one copy from the `GOPATH`, and one from the vendor folder of client-go. This will cause unexpected runtime error like flag redefinition, since the go compiler ends up importing both packages separately, even if they are exactly the same thing. If this happens, you can either
* run `godep restore` ([godep](https://github.com/tools/godep)) in the client-go/ folder, then remove the vendor folder of client-go. Then the packages in your GOPATH will be the only copy
* or run `godep save` in your application folder to flatten all dependencies.
For details on how to correctly use a dependency management for installing client-go, please see [INSTALL.md](INSTALL.md).
### Contributing code
Please send pull requests against the client packages in the Kubernetes main [repository](https://github.com/kubernetes/kubernetes). Changes in the staging area will be published to this repository every day.
// RollingUpdateStatefulSetStrategyApplyConfiguration constructs an declarative configuration of the RollingUpdateStatefulSetStrategy type for use with
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
packagev1
import(
v1"k8s.io/api/apps/v1"
)
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration represents an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration constructs an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use with
// RollingUpdateStatefulSetStrategyApplyConfiguration constructs an declarative configuration of the RollingUpdateStatefulSetStrategy type for use with
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
packagev1beta1
import(
v1beta1"k8s.io/api/apps/v1beta1"
)
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration represents an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration constructs an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use with
// RollingUpdateStatefulSetStrategyApplyConfiguration constructs an declarative configuration of the RollingUpdateStatefulSetStrategy type for use with
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
packagev1beta2
import(
v1beta2"k8s.io/api/apps/v1beta2"
)
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration represents an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use
// StatefulSetPersistentVolumeClaimRetentionPolicyApplyConfiguration constructs an declarative configuration of the StatefulSetPersistentVolumeClaimRetentionPolicy type for use with
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
