Merge pull request #83436 from liggitt/automated-cherry-pick-of-#83261-upstream-release-1.13-1570075716

[1.13] Automated cherry pick of #83261: bump gopkg.in/yaml.v2 v2.2.4

Kubernetes-commit: 17c28f0e1c6733b02a62471c813b262df7681789

Godeps/Godeps.json

@@ -1,7 +1,7 @@
 {
 	"ImportPath": "k8s.io/client-go",
 	"GoVersion": "go1.11",
-	"GodepVersion": "v80",
+	"GodepVersion": "v80-k8s-r1",
 	"Packages": [
 		"./..."
 	],
@@ -56,7 +56,7 @@
 		},
 		{
 			"ImportPath": "github.com/evanphx/json-patch",
-			"Rev": "36442dbdb585210f8d5a1b45e67aa323c197d5c4"
+			"Rev": "5858425f75500d40c52783dce87d085a483ce135"
 		},
 		{
 			"ImportPath": "github.com/gogo/protobuf/proto",
@@ -192,27 +192,27 @@
 		},
 		{
 			"ImportPath": "golang.org/x/net/context",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
 		},
 		{
 			"ImportPath": "golang.org/x/net/context/ctxhttp",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
+		},
+		{
+			"ImportPath": "golang.org/x/net/http/httpguts",
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
 		},
 		{
 			"ImportPath": "golang.org/x/net/http2",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
 		},
 		{
 			"ImportPath": "golang.org/x/net/http2/hpack",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
 		},
 		{
 			"ImportPath": "golang.org/x/net/idna",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
-		},
-		{
-			"ImportPath": "golang.org/x/net/lex/httplex",
-			"Rev": "0ed95abb35c445290478a5348a7b38bb154135fd"
+			"Rev": "b1cc14aba47abf96f96818003fa4caad3a4b4e86"
 		},
 		{
 			"ImportPath": "golang.org/x/oauth2",
@@ -268,343 +268,343 @@
 		},
 		{
 			"ImportPath": "gopkg.in/yaml.v2",
-			"Rev": "5420a8b6744d3b0345ab293f6fcba19c978f1183"
+			"Rev": "f221b8435cfb71e54062f6c6e99e9ade30b124d5"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/auditregistration/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta2",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "05914d821849570fba9eacfb29466f2d8d3cd229"
+			"Rev": "dacd7df5a50b93833c2a2c2f81348f910be8bfc7"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/fuzzer",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/roundtrip",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/naming",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "2b1284ed4c93a43499e781493253e2ac5959c4fd"
+			"Rev": "01f8b7d1121a34a7fc9f9c988f4f0b1f00fccb92"
 		},
 		{
 			"ImportPath": "k8s.io/klog",
@@ -612,7 +612,7 @@
 		},
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",
-			"Rev": "c59034cc13d587f5ef4e85ca0ade0c1866ae8e1d"
+			"Rev": "fd52d7a69c206aae478f9aff43cb10eaf25e5c2a"
 		},
 		{
 			"ImportPath": "sigs.k8s.io/yaml",

discovery/cached_discovery.go

@@ -164,7 +164,7 @@ func (d *CachedDiscoveryClient) getCachedFile(filename string) ([]byte, error) {
 }
 
 func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Object) error {
-	if err := os.MkdirAll(filepath.Dir(filename), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(filename), 0750); err != nil {
 		return err
 	}
 
@@ -183,7 +183,7 @@ func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Obj
 		return err
 	}
 
-	err = os.Chmod(f.Name(), 0755)
+	err = os.Chmod(f.Name(), 0660)
 	if err != nil {
 		return err
 	}

discovery/cached_discovery_test.go

@@ -19,6 +19,7 @@ package discovery
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -95,6 +96,32 @@ func TestNewCachedDiscoveryClient_TTL(t *testing.T) {
 	assert.Equal(c.groupCalls, 2)
 }
 
+func TestNewCachedDiscoveryClient_PathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	d, err := ioutil.TempDir("", "")
+	assert.NoError(err)
+	os.RemoveAll(d)
+	defer os.RemoveAll(d)
+
+	c := fakeDiscoveryClient{}
+	cdc := newCachedDiscoveryClient(&c, d, 1*time.Nanosecond)
+	cdc.ServerGroups()
+
+	err = filepath.Walk(d, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}
+
 type fakeDiscoveryClient struct {
 	groupCalls    int
 	resourceCalls int

discovery/round_tripper.go

@@ -18,6 +18,7 @@ package discovery
 
 import (
 	"net/http"
+	"os"
 	"path/filepath"
 
 	"github.com/gregjones/httpcache"
@@ -35,6 +36,8 @@ type cacheRoundTripper struct {
 // corresponding requests.
 func newCacheRoundTripper(cacheDir string, rt http.RoundTripper) http.RoundTripper {
 	d := diskv.New(diskv.Options{
+		PathPerm: os.FileMode(0750),
+		FilePerm: os.FileMode(0660),
 		BasePath: cacheDir,
 		TempDir:  filepath.Join(cacheDir, ".diskv-temp"),
 	})

discovery/round_tripper_test.go

@@ -22,7 +22,10 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 // copied from k8s.io/client-go/transport/round_trippers_test.go
@@ -93,3 +96,52 @@ func TestCacheRoundTripper(t *testing.T) {
 		t.Errorf("Invalid content read from cache %q", string(content))
 	}
 }
+
+func TestCacheRoundTripperPathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	rt := &testRoundTripper{}
+	cacheDir, err := ioutil.TempDir("", "cache-rt")
+	os.RemoveAll(cacheDir)
+	defer os.RemoveAll(cacheDir)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	cache := newCacheRoundTripper(cacheDir, rt)
+
+	// First call, caches the response
+	req := &http.Request{
+		Method: http.MethodGet,
+		URL:    &url.URL{Host: "localhost"},
+	}
+	rt.Response = &http.Response{
+		Header:     http.Header{"ETag": []string{`"123456"`}},
+		Body:       ioutil.NopCloser(bytes.NewReader([]byte("Content"))),
+		StatusCode: http.StatusOK,
+	}
+	resp, err := cache.RoundTrip(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(content) != "Content" {
+		t.Errorf(`Expected Body to be "Content", got %q`, string(content))
+	}
+
+	err = filepath.Walk(cacheDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}

dynamic/fake/simple.go

@@ -303,6 +303,7 @@ func (c *dynamicResourceClient) List(opts metav1.ListOptions) (*unstructured.Uns
 	}
 
 	list := &unstructured.UnstructuredList{}
+	list.SetResourceVersion(entireList.GetResourceVersion())
 	for i := range entireList.Items {
 		item := &entireList.Items[i]
 		metadata, err := meta.Accessor(item)

dynamic/simple.go

@@ -17,6 +17,7 @@ limitations under the License.
 package dynamic
 
 import (
+	"fmt"
 	"io"
 
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -94,6 +95,9 @@ func (c *dynamicResourceClient) Create(obj *unstructured.Unstructured, opts meta
 			return nil, err
 		}
 		name = accessor.GetName()
+		if len(name) == 0 {
+			return nil, fmt.Errorf("name is required")
+		}
 	}
 
 	result := c.client.client.
@@ -122,6 +126,10 @@ func (c *dynamicResourceClient) Update(obj *unstructured.Unstructured, opts meta
 	if err != nil {
 		return nil, err
 	}
+	name := accessor.GetName()
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	outBytes, err := runtime.Encode(unstructured.UnstructuredJSONScheme, obj)
 	if err != nil {
 		return nil, err
@@ -129,7 +137,7 @@ func (c *dynamicResourceClient) Update(obj *unstructured.Unstructured, opts meta
 
 	result := c.client.client.
 		Put().
-		AbsPath(append(c.makeURLSegments(accessor.GetName()), subresources...)...).
+		AbsPath(append(c.makeURLSegments(name), subresources...)...).
 		Body(outBytes).
 		SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).
 		Do()
@@ -153,6 +161,10 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 	if err != nil {
 		return nil, err
 	}
+	name := accessor.GetName()
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 
 	outBytes, err := runtime.Encode(unstructured.UnstructuredJSONScheme, obj)
 	if err != nil {
@@ -161,7 +173,7 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 
 	result := c.client.client.
 		Put().
-		AbsPath(append(c.makeURLSegments(accessor.GetName()), "status")...).
+		AbsPath(append(c.makeURLSegments(name), "status")...).
 		Body(outBytes).
 		SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).
 		Do()
@@ -181,6 +193,9 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 }
 
 func (c *dynamicResourceClient) Delete(name string, opts *metav1.DeleteOptions, subresources ...string) error {
+	if len(name) == 0 {
+		return fmt.Errorf("name is required")
+	}
 	if opts == nil {
 		opts = &metav1.DeleteOptions{}
 	}
@@ -216,6 +231,9 @@ func (c *dynamicResourceClient) DeleteCollection(opts *metav1.DeleteOptions, lis
 }
 
 func (c *dynamicResourceClient) Get(name string, opts metav1.GetOptions, subresources ...string) (*unstructured.Unstructured, error) {
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	result := c.client.client.Get().AbsPath(append(c.makeURLSegments(name), subresources...)...).SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).Do()
 	if err := result.Error(); err != nil {
 		return nil, err
@@ -284,6 +302,9 @@ func (c *dynamicResourceClient) Watch(opts metav1.ListOptions) (watch.Interface,
 }
 
 func (c *dynamicResourceClient) Patch(name string, pt types.PatchType, data []byte, opts metav1.UpdateOptions, subresources ...string) (*unstructured.Unstructured, error) {
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	result := c.client.client.
 		Patch(pt).
 		AbsPath(append(c.makeURLSegments(name), subresources...)...).

plugin/pkg/client/auth/azure/azure.go

@@ -145,6 +145,7 @@ func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.r
 
 type azureToken struct {
 	token       adal.Token
+	environment string
 	clientID    string
 	tenantID    string
 	apiserverID string
@@ -219,6 +220,10 @@ func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
 	if refreshToken == "" {
 		return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken)
 	}
+	environment := ts.cfg[cfgEnvironment]
+	if environment == "" {
+		return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment)
+	}
 	clientID := ts.cfg[cfgClientID]
 	if clientID == "" {
 		return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID)
@@ -250,6 +255,7 @@ func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
 			Resource:     fmt.Sprintf("spn:%s", apiserverID),
 			Type:         tokenType,
 		},
+		environment: environment,
 		clientID:    clientID,
 		tenantID:    tenantID,
 		apiserverID: apiserverID,
@@ -260,6 +266,7 @@ func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
 	newCfg := make(map[string]string)
 	newCfg[cfgAccessToken] = token.token.AccessToken
 	newCfg[cfgRefreshToken] = token.token.RefreshToken
+	newCfg[cfgEnvironment] = token.environment
 	newCfg[cfgClientID] = token.clientID
 	newCfg[cfgTenantID] = token.tenantID
 	newCfg[cfgApiserverID] = token.apiserverID
@@ -275,7 +282,12 @@ func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
 }
 
 func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error) {
-	oauthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, token.tenantID)
+	env, err := azure.EnvironmentFromName(token.environment)
+	if err != nil {
+		return nil, err
+	}
+
+	oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
 	if err != nil {
 		return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
 	}
@@ -299,6 +311,7 @@ func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error)
 
 	return &azureToken{
 		token:       spt.Token(),
+		environment: token.environment,
 		clientID:    token.clientID,
 		tenantID:    token.tenantID,
 		apiserverID: token.apiserverID,
@@ -353,6 +366,7 @@ func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
 
 	return &azureToken{
 		token:       *token,
+		environment: ts.environment.Name,
 		clientID:    ts.clientID,
 		tenantID:    ts.tenantID,
 		apiserverID: ts.apiserverID,

plugin/pkg/client/auth/azure/azure_test.go

@@ -53,6 +53,13 @@ func TestAzureTokenSource(t *testing.T) {
 
 	wantCfg := token2Cfg(token)
 	persistedCfg := persiter.Cache()
+
+	wantCfgLen := len(wantCfg)
+	persistedCfgLen := len(persistedCfg)
+	if wantCfgLen != persistedCfgLen {
+		t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen)
+	}
+
 	for k, v := range persistedCfg {
 		if strings.Compare(v, wantCfg[k]) != 0 {
 			t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k])
@@ -103,6 +110,7 @@ type fakeTokenSource struct {
 func (ts *fakeTokenSource) Token() (*azureToken, error) {
 	return &azureToken{
 		token:       newFackeAzureToken(ts.accessToken, ts.expiresOn),
+		environment: "testenv",
 		clientID:    "fake",
 		tenantID:    "fake",
 		apiserverID: "fake",
@@ -113,6 +121,7 @@ func token2Cfg(token *azureToken) map[string]string {
 	cfg := make(map[string]string)
 	cfg[cfgAccessToken] = token.token.AccessToken
 	cfg[cfgRefreshToken] = token.token.RefreshToken
+	cfg[cfgEnvironment] = token.environment
 	cfg[cfgClientID] = token.clientID
 	cfg[cfgTenantID] = token.tenantID
 	cfg[cfgApiserverID] = token.apiserverID

rest/transport.go

@@ -74,9 +74,10 @@ func (c *Config) TransportConfig() (*transport.Config, error) {
 			KeyFile:    c.KeyFile,
 			KeyData:    c.KeyData,
 		},
-		Username:    c.Username,
-		Password:    c.Password,
-		BearerToken: c.BearerToken,
+		Username:        c.Username,
+		Password:        c.Password,
+		BearerToken:     c.BearerToken,
+		BearerTokenFile: c.BearerTokenFile,
 		Impersonate: transport.ImpersonationConfig{
 			UserName: c.Impersonate.UserName,
 			Groups:   c.Impersonate.Groups,

tools/cache/reflector.go

@@ -24,10 +24,8 @@ import (
 	"net"
 	"net/url"
 	"reflect"
-	"strconv"
 	"strings"
 	"sync"
-	"sync/atomic"
 	"syscall"
 	"time"
 
@@ -95,17 +93,10 @@ func NewReflector(lw ListerWatcher, expectedType interface{}, store Store, resyn
 	return NewNamedReflector(naming.GetNameFromCallsite(internalPackages...), lw, expectedType, store, resyncPeriod)
 }
 
-// reflectorDisambiguator is used to disambiguate started reflectors.
-// initialized to an unstable value to ensure meaning isn't attributed to the suffix.
-var reflectorDisambiguator = int64(time.Now().UnixNano() % 12345)
-
 // NewNamedReflector same as NewReflector, but with a specified name for logging
 func NewNamedReflector(name string, lw ListerWatcher, expectedType interface{}, store Store, resyncPeriod time.Duration) *Reflector {
-	reflectorSuffix := atomic.AddInt64(&reflectorDisambiguator, 1)
 	r := &Reflector{
-		name: name,
-		// we need this to be unique per process (some names are still the same) but obvious who it belongs to
-		metrics:       newReflectorMetrics(makeValidPrometheusMetricLabel(fmt.Sprintf("reflector_"+name+"_%d", reflectorSuffix))),
+		name:          name,
 		listerWatcher: lw,
 		store:         store,
 		expectedType:  reflect.TypeOf(expectedType),
@@ -173,13 +164,10 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error {
 	// to be served from cache and potentially be delayed relative to
 	// etcd contents. Reflector framework will catch up via Watch() eventually.
 	options := metav1.ListOptions{ResourceVersion: "0"}
-	r.metrics.numberOfLists.Inc()
-	start := r.clock.Now()
 	list, err := r.listerWatcher.List(options)
 	if err != nil {
 		return fmt.Errorf("%s: Failed to list %v: %v", r.name, r.expectedType, err)
 	}
-	r.metrics.listDuration.Observe(time.Since(start).Seconds())
 	listMetaInterface, err := meta.ListAccessor(list)
 	if err != nil {
 		return fmt.Errorf("%s: Unable to understand list result %#v: %v", r.name, list, err)
@@ -189,7 +177,6 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error {
 	if err != nil {
 		return fmt.Errorf("%s: Unable to understand list result %#v (%v)", r.name, list, err)
 	}
-	r.metrics.numberOfItemsInList.Observe(float64(len(items)))
 	if err := r.syncWith(items, resourceVersion); err != nil {
 		return fmt.Errorf("%s: Unable to sync list result: %v", r.name, err)
 	}
@@ -239,7 +226,6 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error {
 			TimeoutSeconds: &timeoutSeconds,
 		}
 
-		r.metrics.numberOfWatches.Inc()
 		w, err := r.listerWatcher.Watch(options)
 		if err != nil {
 			switch err {
@@ -291,11 +277,6 @@ func (r *Reflector) watchHandler(w watch.Interface, resourceVersion *string, err
 	// Stopping the watcher should be idempotent and if we return from this function there's no way
 	// we're coming back in with the same watch interface.
 	defer w.Stop()
-	// update metrics
-	defer func() {
-		r.metrics.numberOfItemsInWatch.Observe(float64(eventCount))
-		r.metrics.watchDuration.Observe(time.Since(start).Seconds())
-	}()
 
 loop:
 	for {
@@ -351,7 +332,6 @@ loop:
 
 	watchDuration := r.clock.Now().Sub(start)
 	if watchDuration < 1*time.Second && eventCount == 0 {
-		r.metrics.numberOfShortWatches.Inc()
 		return fmt.Errorf("very short watch: %s: Unexpected watch close - watch lasted less than a second and no items received", r.name)
 	}
 	klog.V(4).Infof("%s: Watch close - %v total %v items received", r.name, r.expectedType, eventCount)
@@ -370,9 +350,4 @@ func (r *Reflector) setLastSyncResourceVersion(v string) {
 	r.lastSyncResourceVersionMutex.Lock()
 	defer r.lastSyncResourceVersionMutex.Unlock()
 	r.lastSyncResourceVersion = v
-
-	rv, err := strconv.Atoi(v)
-	if err == nil {
-		r.metrics.lastResourceVersion.Set(float64(rv))
-	}
 }

tools/clientcmd/client_config.go

@@ -228,6 +228,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
 	// blindly overwrite existing values based on precedence
 	if len(configAuthInfo.Token) > 0 {
 		mergedConfig.BearerToken = configAuthInfo.Token
+		mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
 	} else if len(configAuthInfo.TokenFile) > 0 {
 		tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
 		if err != nil {
@@ -499,8 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error)
 		if server := config.overrides.ClusterInfo.Server; len(server) > 0 {
 			icc.Host = server
 		}
-		if token := config.overrides.AuthInfo.Token; len(token) > 0 {
-			icc.BearerToken = token
+		if len(config.overrides.AuthInfo.Token) > 0 || len(config.overrides.AuthInfo.TokenFile) > 0 {
+			icc.BearerToken = config.overrides.AuthInfo.Token
+			icc.BearerTokenFile = config.overrides.AuthInfo.TokenFile
 		}
 		if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 {
 			icc.TLSClientConfig.CAFile = certificateAuthorityFile

tools/clientcmd/client_config_test.go

@@ -548,6 +548,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 				},
 			},
 		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "token-from-override",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
 		{
 			overrides: &ConfigOverrides{},
 		},
@@ -556,13 +580,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 	for _, tc := range tt {
 		expectedServer := "https://host-from-cluster.com"
 		expectedToken := "token-from-cluster"
+		expectedTokenFile := "tokenfile-from-cluster"
 		expectedCAFile := "/path/to/ca-from-cluster.crt"
 
 		icc := &inClusterClientConfig{
 			inClusterConfigProvider: func() (*restclient.Config, error) {
 				return &restclient.Config{
-					Host:        expectedServer,
-					BearerToken: expectedToken,
+					Host:            expectedServer,
+					BearerToken:     expectedToken,
+					BearerTokenFile: expectedTokenFile,
 					TLSClientConfig: restclient.TLSClientConfig{
 						CAFile: expectedCAFile,
 					},
@@ -579,8 +605,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 {
 			expectedServer = overridenServer
 		}
-		if overridenToken := tc.overrides.AuthInfo.Token; len(overridenToken) > 0 {
-			expectedToken = overridenToken
+		if len(tc.overrides.AuthInfo.Token) > 0 || len(tc.overrides.AuthInfo.TokenFile) > 0 {
+			expectedToken = tc.overrides.AuthInfo.Token
+			expectedTokenFile = tc.overrides.AuthInfo.TokenFile
 		}
 		if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 {
 			expectedCAFile = overridenCAFile
@@ -592,6 +619,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if clientConfig.BearerToken != expectedToken {
 			t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken)
 		}
+		if clientConfig.BearerTokenFile != expectedTokenFile {
+			t.Errorf("Expected tokenfile %v, got %v", expectedTokenFile, clientConfig.BearerTokenFile)
+		}
 		if clientConfig.TLSClientConfig.CAFile != expectedCAFile {
 			t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile)
 		}

transport/token_source.go

@@ -47,14 +47,14 @@ func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) htt
 func NewCachedFileTokenSource(path string) oauth2.TokenSource {
 	return &cachingTokenSource{
 		now:    time.Now,
-		leeway: 1 * time.Minute,
+		leeway: 10 * time.Second,
 		base: &fileTokenSource{
 			path: path,
-			// This period was picked because it is half of the minimum validity
-			// duration for a token provisioned by they TokenRequest API. This is
-			// unsophisticated and should induce rotation at a frequency that should
-			// work with the token volume source.
-			period: 5 * time.Minute,
+			// This period was picked because it is half of the duration between when the kubelet
+			// refreshes a projected service account token and when the original token expires.
+			// Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
+			// This should induce re-reading at a frequency that works with the token volume source.
+			period: time.Minute,
 		},
 	}
 }