Update dependencies to v0.25.0-beta.0 tag

2026-06-16 14:56:00 +00:00 · 2022-08-05 00:25:27 +00:00
48 changed files with 336 additions and 4480 deletions
--- a/applyconfigurations/batch/v1/jobspec.go
+++ b/applyconfigurations/batch/v1/jobspec.go
@@ -21,7 +21,7 @@ package v1
 import (
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/client-go/applyconfigurations/core/v1"
-	metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
 )

 // JobSpecApplyConfiguration represents an declarative configuration of the JobSpec type for use
@@ -30,9 +30,8 @@ type JobSpecApplyConfiguration struct {
 	Parallelism             *int32                                    `json:"parallelism,omitempty"`
 	Completions             *int32                                    `json:"completions,omitempty"`
 	ActiveDeadlineSeconds   *int64                                    `json:"activeDeadlineSeconds,omitempty"`
-	PodFailurePolicy        *PodFailurePolicyApplyConfiguration       `json:"podFailurePolicy,omitempty"`
 	BackoffLimit            *int32                                    `json:"backoffLimit,omitempty"`
-	Selector                *metav1.LabelSelectorApplyConfiguration   `json:"selector,omitempty"`
+	Selector                *v1.LabelSelectorApplyConfiguration       `json:"selector,omitempty"`
 	ManualSelector          *bool                                     `json:"manualSelector,omitempty"`
 	Template                *corev1.PodTemplateSpecApplyConfiguration `json:"template,omitempty"`
 	TTLSecondsAfterFinished *int32                                    `json:"ttlSecondsAfterFinished,omitempty"`
@@ -70,14 +69,6 @@ func (b *JobSpecApplyConfiguration) WithActiveDeadlineSeconds(value int64) *JobS
 	return b
 }

-// WithPodFailurePolicy sets the PodFailurePolicy field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the PodFailurePolicy field is set to the value of the last call.
-func (b *JobSpecApplyConfiguration) WithPodFailurePolicy(value *PodFailurePolicyApplyConfiguration) *JobSpecApplyConfiguration {
-	b.PodFailurePolicy = value
-	return b
-}
-
 // WithBackoffLimit sets the BackoffLimit field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the BackoffLimit field is set to the value of the last call.
@@ -89,7 +80,7 @@ func (b *JobSpecApplyConfiguration) WithBackoffLimit(value int32) *JobSpecApplyC
 // WithSelector sets the Selector field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Selector field is set to the value of the last call.
-func (b *JobSpecApplyConfiguration) WithSelector(value *metav1.LabelSelectorApplyConfiguration) *JobSpecApplyConfiguration {
+func (b *JobSpecApplyConfiguration) WithSelector(value *v1.LabelSelectorApplyConfiguration) *JobSpecApplyConfiguration {
 	b.Selector = value
 	return b
 }
--- a/applyconfigurations/batch/v1/podfailurepolicy.go
+++ b/applyconfigurations/batch/v1/podfailurepolicy.go
@@ -1,44 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-// PodFailurePolicyApplyConfiguration represents an declarative configuration of the PodFailurePolicy type for use
-// with apply.
-type PodFailurePolicyApplyConfiguration struct {
-	Rules []PodFailurePolicyRuleApplyConfiguration `json:"rules,omitempty"`
-}
-
-// PodFailurePolicyApplyConfiguration constructs an declarative configuration of the PodFailurePolicy type for use with
-// apply.
-func PodFailurePolicy() *PodFailurePolicyApplyConfiguration {
-	return &PodFailurePolicyApplyConfiguration{}
-}
-
-// WithRules adds the given value to the Rules field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Rules field.
-func (b *PodFailurePolicyApplyConfiguration) WithRules(values ...*PodFailurePolicyRuleApplyConfiguration) *PodFailurePolicyApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithRules")
-		}
-		b.Rules = append(b.Rules, *values[i])
-	}
-	return b
-}
--- a/applyconfigurations/batch/v1/podfailurepolicyonexitcodesrequirement.go
+++ b/applyconfigurations/batch/v1/podfailurepolicyonexitcodesrequirement.go
@@ -1,63 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-import (
-	v1 "k8s.io/api/batch/v1"
-)
-
-// PodFailurePolicyOnExitCodesRequirementApplyConfiguration represents an declarative configuration of the PodFailurePolicyOnExitCodesRequirement type for use
-// with apply.
-type PodFailurePolicyOnExitCodesRequirementApplyConfiguration struct {
-	ContainerName *string                                 `json:"containerName,omitempty"`
-	Operator      *v1.PodFailurePolicyOnExitCodesOperator `json:"operator,omitempty"`
-	Values        []int32                                 `json:"values,omitempty"`
-}
-
-// PodFailurePolicyOnExitCodesRequirementApplyConfiguration constructs an declarative configuration of the PodFailurePolicyOnExitCodesRequirement type for use with
-// apply.
-func PodFailurePolicyOnExitCodesRequirement() *PodFailurePolicyOnExitCodesRequirementApplyConfiguration {
-	return &PodFailurePolicyOnExitCodesRequirementApplyConfiguration{}
-}
-
-// WithContainerName sets the ContainerName field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the ContainerName field is set to the value of the last call.
-func (b *PodFailurePolicyOnExitCodesRequirementApplyConfiguration) WithContainerName(value string) *PodFailurePolicyOnExitCodesRequirementApplyConfiguration {
-	b.ContainerName = &value
-	return b
-}
-
-// WithOperator sets the Operator field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Operator field is set to the value of the last call.
-func (b *PodFailurePolicyOnExitCodesRequirementApplyConfiguration) WithOperator(value v1.PodFailurePolicyOnExitCodesOperator) *PodFailurePolicyOnExitCodesRequirementApplyConfiguration {
-	b.Operator = &value
-	return b
-}
-
-// WithValues adds the given value to the Values field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Values field.
-func (b *PodFailurePolicyOnExitCodesRequirementApplyConfiguration) WithValues(values ...int32) *PodFailurePolicyOnExitCodesRequirementApplyConfiguration {
-	for i := range values {
-		b.Values = append(b.Values, values[i])
-	}
-	return b
-}
--- a/applyconfigurations/batch/v1/podfailurepolicyonpodconditionspattern.go
+++ b/applyconfigurations/batch/v1/podfailurepolicyonpodconditionspattern.go
@@ -1,52 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-import (
-	v1 "k8s.io/api/core/v1"
-)
-
-// PodFailurePolicyOnPodConditionsPatternApplyConfiguration represents an declarative configuration of the PodFailurePolicyOnPodConditionsPattern type for use
-// with apply.
-type PodFailurePolicyOnPodConditionsPatternApplyConfiguration struct {
-	Type   *v1.PodConditionType `json:"type,omitempty"`
-	Status *v1.ConditionStatus  `json:"status,omitempty"`
-}
-
-// PodFailurePolicyOnPodConditionsPatternApplyConfiguration constructs an declarative configuration of the PodFailurePolicyOnPodConditionsPattern type for use with
-// apply.
-func PodFailurePolicyOnPodConditionsPattern() *PodFailurePolicyOnPodConditionsPatternApplyConfiguration {
-	return &PodFailurePolicyOnPodConditionsPatternApplyConfiguration{}
-}
-
-// WithType sets the Type field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Type field is set to the value of the last call.
-func (b *PodFailurePolicyOnPodConditionsPatternApplyConfiguration) WithType(value v1.PodConditionType) *PodFailurePolicyOnPodConditionsPatternApplyConfiguration {
-	b.Type = &value
-	return b
-}
-
-// WithStatus sets the Status field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Status field is set to the value of the last call.
-func (b *PodFailurePolicyOnPodConditionsPatternApplyConfiguration) WithStatus(value v1.ConditionStatus) *PodFailurePolicyOnPodConditionsPatternApplyConfiguration {
-	b.Status = &value
-	return b
-}
--- a/applyconfigurations/batch/v1/podfailurepolicyrule.go
+++ b/applyconfigurations/batch/v1/podfailurepolicyrule.go
@@ -1,66 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-import (
-	v1 "k8s.io/api/batch/v1"
-)
-
-// PodFailurePolicyRuleApplyConfiguration represents an declarative configuration of the PodFailurePolicyRule type for use
-// with apply.
-type PodFailurePolicyRuleApplyConfiguration struct {
-	Action          *v1.PodFailurePolicyAction                                 `json:"action,omitempty"`
-	OnExitCodes     *PodFailurePolicyOnExitCodesRequirementApplyConfiguration  `json:"onExitCodes,omitempty"`
-	OnPodConditions []PodFailurePolicyOnPodConditionsPatternApplyConfiguration `json:"onPodConditions,omitempty"`
-}
-
-// PodFailurePolicyRuleApplyConfiguration constructs an declarative configuration of the PodFailurePolicyRule type for use with
-// apply.
-func PodFailurePolicyRule() *PodFailurePolicyRuleApplyConfiguration {
-	return &PodFailurePolicyRuleApplyConfiguration{}
-}
-
-// WithAction sets the Action field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Action field is set to the value of the last call.
-func (b *PodFailurePolicyRuleApplyConfiguration) WithAction(value v1.PodFailurePolicyAction) *PodFailurePolicyRuleApplyConfiguration {
-	b.Action = &value
-	return b
-}
-
-// WithOnExitCodes sets the OnExitCodes field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the OnExitCodes field is set to the value of the last call.
-func (b *PodFailurePolicyRuleApplyConfiguration) WithOnExitCodes(value *PodFailurePolicyOnExitCodesRequirementApplyConfiguration) *PodFailurePolicyRuleApplyConfiguration {
-	b.OnExitCodes = value
-	return b
-}
-
-// WithOnPodConditions adds the given value to the OnPodConditions field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the OnPodConditions field.
-func (b *PodFailurePolicyRuleApplyConfiguration) WithOnPodConditions(values ...*PodFailurePolicyOnPodConditionsPatternApplyConfiguration) *PodFailurePolicyRuleApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithOnPodConditions")
-		}
-		b.OnPodConditions = append(b.OnPodConditions, *values[i])
-	}
-	return b
-}
--- a/applyconfigurations/internal/internal.go
+++ b/applyconfigurations/internal/internal.go
@@ -3041,9 +3041,6 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: parallelism
      type:
        scalar: numeric
-    - name: podFailurePolicy
-      type:
-        namedType: io.k8s.api.batch.v1.PodFailurePolicy
    - name: selector
      type:
        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
@@ -3101,58 +3098,6 @@ var schemaYAML = typed.YAMLObject(`types:
      type:
        namedType: io.k8s.api.batch.v1.JobSpec
      default: {}
- name: io.k8s.api.batch.v1.PodFailurePolicy
-  map:
-    fields:
-    - name: rules
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.api.batch.v1.PodFailurePolicyRule
-          elementRelationship: atomic
- name: io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement
-  map:
-    fields:
-    - name: containerName
-      type:
-        scalar: string
-    - name: operator
-      type:
-        scalar: string
-      default: ""
-    - name: values
-      type:
-        list:
-          elementType:
-            scalar: numeric
-          elementRelationship: associative
- name: io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern
-  map:
-    fields:
-    - name: status
-      type:
-        scalar: string
-      default: ""
-    - name: type
-      type:
-        scalar: string
-      default: ""
- name: io.k8s.api.batch.v1.PodFailurePolicyRule
-  map:
-    fields:
-    - name: action
-      type:
-        scalar: string
-      default: ""
-    - name: onExitCodes
-      type:
-        namedType: io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement
-    - name: onPodConditions
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern
-          elementRelationship: atomic
 - name: io.k8s.api.batch.v1.UncountedTerminatedPods
  map:
    fields:
@@ -9593,41 +9538,6 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: number
      type:
        scalar: numeric
- name: io.k8s.api.networking.v1alpha1.ClusterCIDR
-  map:
-    fields:
-    - name: apiVersion
-      type:
-        scalar: string
-    - name: kind
-      type:
-        scalar: string
-    - name: metadata
-      type:
-        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
-      default: {}
-    - name: spec
-      type:
-        namedType: io.k8s.api.networking.v1alpha1.ClusterCIDRSpec
-      default: {}
- name: io.k8s.api.networking.v1alpha1.ClusterCIDRSpec
-  map:
-    fields:
-    - name: ipv4
-      type:
-        scalar: string
-      default: ""
-    - name: ipv6
-      type:
-        scalar: string
-      default: ""
-    - name: nodeSelector
-      type:
-        namedType: io.k8s.api.core.v1.NodeSelector
-    - name: perNodeHostBits
-      type:
-        scalar: numeric
-      default: 0
 - name: io.k8s.api.networking.v1beta1.HTTPIngressPath
  map:
    fields:
--- a/applyconfigurations/meta/v1/listmeta.go
+++ b/applyconfigurations/meta/v1/listmeta.go
@@ -1,66 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-// ListMetaApplyConfiguration represents an declarative configuration of the ListMeta type for use
-// with apply.
-type ListMetaApplyConfiguration struct {
-	SelfLink           *string `json:"selfLink,omitempty"`
-	ResourceVersion    *string `json:"resourceVersion,omitempty"`
-	Continue           *string `json:"continue,omitempty"`
-	RemainingItemCount *int64  `json:"remainingItemCount,omitempty"`
-}
-
-// ListMetaApplyConfiguration constructs an declarative configuration of the ListMeta type for use with
-// apply.
-func ListMeta() *ListMetaApplyConfiguration {
-	return &ListMetaApplyConfiguration{}
-}
-
-// WithSelfLink sets the SelfLink field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the SelfLink field is set to the value of the last call.
-func (b *ListMetaApplyConfiguration) WithSelfLink(value string) *ListMetaApplyConfiguration {
-	b.SelfLink = &value
-	return b
-}
-
-// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the ResourceVersion field is set to the value of the last call.
-func (b *ListMetaApplyConfiguration) WithResourceVersion(value string) *ListMetaApplyConfiguration {
-	b.ResourceVersion = &value
-	return b
-}
-
-// WithContinue sets the Continue field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Continue field is set to the value of the last call.
-func (b *ListMetaApplyConfiguration) WithContinue(value string) *ListMetaApplyConfiguration {
-	b.Continue = &value
-	return b
-}
-
-// WithRemainingItemCount sets the RemainingItemCount field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the RemainingItemCount field is set to the value of the last call.
-func (b *ListMetaApplyConfiguration) WithRemainingItemCount(value int64) *ListMetaApplyConfiguration {
-	b.RemainingItemCount = &value
-	return b
-}
--- a/applyconfigurations/networking/v1alpha1/clustercidr.go
+++ b/applyconfigurations/networking/v1alpha1/clustercidr.go
@@ -1,247 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/types"
-	managedfields "k8s.io/apimachinery/pkg/util/managedfields"
-	internal "k8s.io/client-go/applyconfigurations/internal"
-	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
-)
-
-// ClusterCIDRApplyConfiguration represents an declarative configuration of the ClusterCIDR type for use
-// with apply.
-type ClusterCIDRApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
-	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *ClusterCIDRSpecApplyConfiguration `json:"spec,omitempty"`
-}
-
-// ClusterCIDR constructs an declarative configuration of the ClusterCIDR type for use with
-// apply.
-func ClusterCIDR(name string) *ClusterCIDRApplyConfiguration {
-	b := &ClusterCIDRApplyConfiguration{}
-	b.WithName(name)
-	b.WithKind("ClusterCIDR")
-	b.WithAPIVersion("networking.k8s.io/v1alpha1")
-	return b
-}
-
-// ExtractClusterCIDR extracts the applied configuration owned by fieldManager from
-// clusterCIDR. If no managedFields are found in clusterCIDR for fieldManager, a
-// ClusterCIDRApplyConfiguration is returned with only the Name, Namespace (if applicable),
-// APIVersion and Kind populated. It is possible that no managed fields were found for because other
-// field managers have taken ownership of all the fields previously owned by fieldManager, or because
-// the fieldManager never owned fields any fields.
-// clusterCIDR must be a unmodified ClusterCIDR API object that was retrieved from the Kubernetes API.
-// ExtractClusterCIDR provides a way to perform a extract/modify-in-place/apply workflow.
-// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
-// applied if another fieldManager has updated or force applied any of the previously applied fields.
-// Experimental!
-func ExtractClusterCIDR(clusterCIDR *networkingv1alpha1.ClusterCIDR, fieldManager string) (*ClusterCIDRApplyConfiguration, error) {
-	return extractClusterCIDR(clusterCIDR, fieldManager, "")
-}
-
-// ExtractClusterCIDRStatus is the same as ExtractClusterCIDR except
-// that it extracts the status subresource applied configuration.
-// Experimental!
-func ExtractClusterCIDRStatus(clusterCIDR *networkingv1alpha1.ClusterCIDR, fieldManager string) (*ClusterCIDRApplyConfiguration, error) {
-	return extractClusterCIDR(clusterCIDR, fieldManager, "status")
-}
-
-func extractClusterCIDR(clusterCIDR *networkingv1alpha1.ClusterCIDR, fieldManager string, subresource string) (*ClusterCIDRApplyConfiguration, error) {
-	b := &ClusterCIDRApplyConfiguration{}
-	err := managedfields.ExtractInto(clusterCIDR, internal.Parser().Type("io.k8s.api.networking.v1alpha1.ClusterCIDR"), fieldManager, b, subresource)
-	if err != nil {
-		return nil, err
-	}
-	b.WithName(clusterCIDR.Name)
-
-	b.WithKind("ClusterCIDR")
-	b.WithAPIVersion("networking.k8s.io/v1alpha1")
-	return b, nil
-}
-
-// WithKind sets the Kind field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Kind field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithKind(value string) *ClusterCIDRApplyConfiguration {
-	b.Kind = &value
-	return b
-}
-
-// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the APIVersion field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithAPIVersion(value string) *ClusterCIDRApplyConfiguration {
-	b.APIVersion = &value
-	return b
-}
-
-// WithName sets the Name field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Name field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithName(value string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.Name = &value
-	return b
-}
-
-// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the GenerateName field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithGenerateName(value string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.GenerateName = &value
-	return b
-}
-
-// WithNamespace sets the Namespace field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Namespace field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithNamespace(value string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.Namespace = &value
-	return b
-}
-
-// WithUID sets the UID field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the UID field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithUID(value types.UID) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.UID = &value
-	return b
-}
-
-// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the ResourceVersion field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithResourceVersion(value string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.ResourceVersion = &value
-	return b
-}
-
-// WithGeneration sets the Generation field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Generation field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithGeneration(value int64) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.Generation = &value
-	return b
-}
-
-// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the CreationTimestamp field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.CreationTimestamp = &value
-	return b
-}
-
-// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.DeletionTimestamp = &value
-	return b
-}
-
-// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	b.DeletionGracePeriodSeconds = &value
-	return b
-}
-
-// WithLabels puts the entries into the Labels field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, the entries provided by each call will be put on the Labels field,
-// overwriting an existing map entries in Labels field with the same key.
-func (b *ClusterCIDRApplyConfiguration) WithLabels(entries map[string]string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	if b.Labels == nil && len(entries) > 0 {
-		b.Labels = make(map[string]string, len(entries))
-	}
-	for k, v := range entries {
-		b.Labels[k] = v
-	}
-	return b
-}
-
-// WithAnnotations puts the entries into the Annotations field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, the entries provided by each call will be put on the Annotations field,
-// overwriting an existing map entries in Annotations field with the same key.
-func (b *ClusterCIDRApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	if b.Annotations == nil && len(entries) > 0 {
-		b.Annotations = make(map[string]string, len(entries))
-	}
-	for k, v := range entries {
-		b.Annotations[k] = v
-	}
-	return b
-}
-
-// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
-func (b *ClusterCIDRApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithOwnerReferences")
-		}
-		b.OwnerReferences = append(b.OwnerReferences, *values[i])
-	}
-	return b
-}
-
-// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Finalizers field.
-func (b *ClusterCIDRApplyConfiguration) WithFinalizers(values ...string) *ClusterCIDRApplyConfiguration {
-	b.ensureObjectMetaApplyConfigurationExists()
-	for i := range values {
-		b.Finalizers = append(b.Finalizers, values[i])
-	}
-	return b
-}
-
-func (b *ClusterCIDRApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
-	if b.ObjectMetaApplyConfiguration == nil {
-		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
-	}
-}
-
-// WithSpec sets the Spec field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Spec field is set to the value of the last call.
-func (b *ClusterCIDRApplyConfiguration) WithSpec(value *ClusterCIDRSpecApplyConfiguration) *ClusterCIDRApplyConfiguration {
-	b.Spec = value
-	return b
-}
--- a/applyconfigurations/networking/v1alpha1/clustercidrspec.go
+++ b/applyconfigurations/networking/v1alpha1/clustercidrspec.go
@@ -1,70 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1 "k8s.io/client-go/applyconfigurations/core/v1"
-)
-
-// ClusterCIDRSpecApplyConfiguration represents an declarative configuration of the ClusterCIDRSpec type for use
-// with apply.
-type ClusterCIDRSpecApplyConfiguration struct {
-	NodeSelector    *v1.NodeSelectorApplyConfiguration `json:"nodeSelector,omitempty"`
-	PerNodeHostBits *int32                             `json:"perNodeHostBits,omitempty"`
-	IPv4            *string                            `json:"ipv4,omitempty"`
-	IPv6            *string                            `json:"ipv6,omitempty"`
-}
-
-// ClusterCIDRSpecApplyConfiguration constructs an declarative configuration of the ClusterCIDRSpec type for use with
-// apply.
-func ClusterCIDRSpec() *ClusterCIDRSpecApplyConfiguration {
-	return &ClusterCIDRSpecApplyConfiguration{}
-}
-
-// WithNodeSelector sets the NodeSelector field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the NodeSelector field is set to the value of the last call.
-func (b *ClusterCIDRSpecApplyConfiguration) WithNodeSelector(value *v1.NodeSelectorApplyConfiguration) *ClusterCIDRSpecApplyConfiguration {
-	b.NodeSelector = value
-	return b
-}
-
-// WithPerNodeHostBits sets the PerNodeHostBits field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the PerNodeHostBits field is set to the value of the last call.
-func (b *ClusterCIDRSpecApplyConfiguration) WithPerNodeHostBits(value int32) *ClusterCIDRSpecApplyConfiguration {
-	b.PerNodeHostBits = &value
-	return b
-}
-
-// WithIPv4 sets the IPv4 field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the IPv4 field is set to the value of the last call.
-func (b *ClusterCIDRSpecApplyConfiguration) WithIPv4(value string) *ClusterCIDRSpecApplyConfiguration {
-	b.IPv4 = &value
-	return b
-}
-
-// WithIPv6 sets the IPv6 field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the IPv6 field is set to the value of the last call.
-func (b *ClusterCIDRSpecApplyConfiguration) WithIPv6(value string) *ClusterCIDRSpecApplyConfiguration {
-	b.IPv6 = &value
-	return b
-}
--- a/applyconfigurations/utils.go
+++ b/applyconfigurations/utils.go
@@ -46,7 +46,6 @@ import (
 	flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2"
 	imagepolicyv1alpha1 "k8s.io/api/imagepolicy/v1alpha1"
 	networkingv1 "k8s.io/api/networking/v1"
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
 	nodev1 "k8s.io/api/node/v1"
 	nodev1alpha1 "k8s.io/api/node/v1alpha1"
@@ -92,7 +91,6 @@ import (
 	applyconfigurationsimagepolicyv1alpha1 "k8s.io/client-go/applyconfigurations/imagepolicy/v1alpha1"
 	applyconfigurationsmetav1 "k8s.io/client-go/applyconfigurations/meta/v1"
 	applyconfigurationsnetworkingv1 "k8s.io/client-go/applyconfigurations/networking/v1"
-	applyconfigurationsnetworkingv1alpha1 "k8s.io/client-go/applyconfigurations/networking/v1alpha1"
 	applyconfigurationsnetworkingv1beta1 "k8s.io/client-go/applyconfigurations/networking/v1beta1"
 	applyconfigurationsnodev1 "k8s.io/client-go/applyconfigurations/node/v1"
 	applyconfigurationsnodev1alpha1 "k8s.io/client-go/applyconfigurations/node/v1alpha1"
@@ -449,14 +447,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &applyconfigurationsbatchv1.JobStatusApplyConfiguration{}
 	case batchv1.SchemeGroupVersion.WithKind("JobTemplateSpec"):
 		return &applyconfigurationsbatchv1.JobTemplateSpecApplyConfiguration{}
-	case batchv1.SchemeGroupVersion.WithKind("PodFailurePolicy"):
-		return &applyconfigurationsbatchv1.PodFailurePolicyApplyConfiguration{}
-	case batchv1.SchemeGroupVersion.WithKind("PodFailurePolicyOnExitCodesRequirement"):
-		return &applyconfigurationsbatchv1.PodFailurePolicyOnExitCodesRequirementApplyConfiguration{}
-	case batchv1.SchemeGroupVersion.WithKind("PodFailurePolicyOnPodConditionsPattern"):
-		return &applyconfigurationsbatchv1.PodFailurePolicyOnPodConditionsPatternApplyConfiguration{}
-	case batchv1.SchemeGroupVersion.WithKind("PodFailurePolicyRule"):
-		return &applyconfigurationsbatchv1.PodFailurePolicyRuleApplyConfiguration{}
 	case batchv1.SchemeGroupVersion.WithKind("UncountedTerminatedPods"):
 		return &applyconfigurationsbatchv1.UncountedTerminatedPodsApplyConfiguration{}

@@ -1208,12 +1198,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 	case networkingv1.SchemeGroupVersion.WithKind("ServiceBackendPort"):
 		return &applyconfigurationsnetworkingv1.ServiceBackendPortApplyConfiguration{}

-		// Group=networking.k8s.io, Version=v1alpha1
-	case networkingv1alpha1.SchemeGroupVersion.WithKind("ClusterCIDR"):
-		return &applyconfigurationsnetworkingv1alpha1.ClusterCIDRApplyConfiguration{}
-	case networkingv1alpha1.SchemeGroupVersion.WithKind("ClusterCIDRSpec"):
-		return &applyconfigurationsnetworkingv1alpha1.ClusterCIDRSpecApplyConfiguration{}
-
 		// Group=networking.k8s.io, Version=v1beta1
 	case networkingv1beta1.SchemeGroupVersion.WithKind("HTTPIngressPath"):
 		return &applyconfigurationsnetworkingv1beta1.HTTPIngressPathApplyConfiguration{}
--- a/go.mod
+++ b/go.mod
@@ -5,29 +5,27 @@ module k8s.io/client-go
 go 1.19

 require (
-	github.com/Azure/go-autorest/autorest v0.11.27
-	github.com/Azure/go-autorest/autorest/adal v0.9.20
 	github.com/davecgh/go-spew v1.1.1
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
 	github.com/golang/protobuf v1.5.2
 	github.com/google/gnostic v0.5.7-v3refs
-	github.com/google/go-cmp v0.5.8
+	github.com/google/go-cmp v0.5.6
 	github.com/google/gofuzz v1.1.0
 	github.com/google/uuid v1.1.2
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7
 	github.com/imdario/mergo v0.3.6
 	github.com/peterbourgon/diskv v2.0.1+incompatible
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.8.0
-	golang.org/x/net v0.7.0
+	github.com/stretchr/testify v1.7.0
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
-	golang.org/x/term v0.5.0
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 	google.golang.org/protobuf v1.28.0
-	k8s.io/api v0.25.7
-	k8s.io/apimachinery v0.25.7
+	k8s.io/api v0.25.0-beta.0
+	k8s.io/apimachinery v0.25.0-beta.0
 	k8s.io/klog/v2 v2.70.1
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
@@ -36,11 +34,6 @@ require (
 )

 require (
-	cloud.google.com/go v0.97.0 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
@@ -48,7 +41,6 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
-	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -59,9 +51,8 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -70,6 +61,6 @@ require (
 )

 replace (
-	k8s.io/api => k8s.io/api v0.25.7
-	k8s.io/apimachinery => k8s.io/apimachinery v0.25.7
+	k8s.io/api => k8s.io/api v0.25.0-beta.0
+	k8s.io/apimachinery => k8s.io/apimachinery v0.25.0-beta.0
 )
--- a/go.sum
+++ b/go.sum
@@ -13,19 +13,6 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -44,41 +31,19 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
-github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
-github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
-github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
-github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
-github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -90,14 +55,9 @@ github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -115,9 +75,6 @@ github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5F
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
-github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -131,8 +88,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -146,12 +101,9 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
@@ -165,20 +117,14 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -186,27 +132,17 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -238,8 +174,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
-github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
+github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
+github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -247,44 +183,32 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -307,8 +231,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -317,9 +239,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -348,32 +267,13 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -385,8 +285,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -412,42 +310,18 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -494,21 +368,11 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
@@ -526,18 +390,6 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -569,39 +421,13 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -614,20 +440,6 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -640,7 +452,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -652,7 +463,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
@@ -667,10 +477,10 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.7 h1:r+J8U7CPhPNNTvyow1yw6IzdLt6nBCvPQEW8Cdglep8=
-k8s.io/api v0.25.7/go.mod h1:9epkK0wROSVQJKaKW3eY/thGtfbILsLqweTq99qKynk=
-k8s.io/apimachinery v0.25.7 h1:kDtoW8uvDkwKc9Lq2sablqWTMZUloRjJVZWURFrdAiI=
-k8s.io/apimachinery v0.25.7/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk=
+k8s.io/api v0.25.0-beta.0 h1:7gOhPDIb64uxBn9IADZDU2Kz3R7/HzYGMOQ4REsz6rE=
+k8s.io/api v0.25.0-beta.0/go.mod h1:N4fOjxA9rFu2Trkid57zYj46pZjtumuyuhDaq30UquA=
+k8s.io/apimachinery v0.25.0-beta.0 h1:D+AORv53PNNqTb98A0MgWonJP4bTPpWXfNDLWM++0ro=
+k8s.io/apimachinery v0.25.0-beta.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
--- a/informers/generic.go
+++ b/informers/generic.go
@@ -47,7 +47,6 @@ import (
 	flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1"
 	flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2"
 	networkingv1 "k8s.io/api/networking/v1"
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
 	nodev1 "k8s.io/api/node/v1"
 	nodev1alpha1 "k8s.io/api/node/v1alpha1"
@@ -273,10 +272,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 	case networkingv1.SchemeGroupVersion.WithResource("networkpolicies"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1().NetworkPolicies().Informer()}, nil

-		// Group=networking.k8s.io, Version=v1alpha1
-	case networkingv1alpha1.SchemeGroupVersion.WithResource("clustercidrs"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha1().ClusterCIDRs().Informer()}, nil
-
 		// Group=networking.k8s.io, Version=v1beta1
 	case networkingv1beta1.SchemeGroupVersion.WithResource("ingresses"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1beta1().Ingresses().Informer()}, nil
--- a/informers/networking/interface.go
+++ b/informers/networking/interface.go
@@ -21,7 +21,6 @@ package networking
 import (
 	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
 	v1 "k8s.io/client-go/informers/networking/v1"
-	v1alpha1 "k8s.io/client-go/informers/networking/v1alpha1"
 	v1beta1 "k8s.io/client-go/informers/networking/v1beta1"
 )

@@ -29,8 +28,6 @@ import (
 type Interface interface {
 	// V1 provides access to shared informers for resources in V1.
 	V1() v1.Interface
-	// V1alpha1 provides access to shared informers for resources in V1alpha1.
-	V1alpha1() v1alpha1.Interface
 	// V1beta1 provides access to shared informers for resources in V1beta1.
 	V1beta1() v1beta1.Interface
 }
@@ -51,11 +48,6 @@ func (g *group) V1() v1.Interface {
 	return v1.New(g.factory, g.namespace, g.tweakListOptions)
 }

-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
-	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
-}
-
 // V1beta1 returns a new v1beta1.Interface.
 func (g *group) V1beta1() v1beta1.Interface {
 	return v1beta1.New(g.factory, g.namespace, g.tweakListOptions)
--- a/informers/networking/v1alpha1/clustercidr.go
+++ b/informers/networking/v1alpha1/clustercidr.go
@@ -1,89 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"context"
-	time "time"
-
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	watch "k8s.io/apimachinery/pkg/watch"
-	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
-	kubernetes "k8s.io/client-go/kubernetes"
-	v1alpha1 "k8s.io/client-go/listers/networking/v1alpha1"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// ClusterCIDRInformer provides access to a shared informer and lister for
-// ClusterCIDRs.
-type ClusterCIDRInformer interface {
-	Informer() cache.SharedIndexInformer
-	Lister() v1alpha1.ClusterCIDRLister
-}
-
-type clusterCIDRInformer struct {
-	factory          internalinterfaces.SharedInformerFactory
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// NewClusterCIDRInformer constructs a new informer for ClusterCIDR type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewClusterCIDRInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredClusterCIDRInformer(client, resyncPeriod, indexers, nil)
-}
-
-// NewFilteredClusterCIDRInformer constructs a new informer for ClusterCIDR type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewFilteredClusterCIDRInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
-	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
-			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.NetworkingV1alpha1().ClusterCIDRs().List(context.TODO(), options)
-			},
-			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.NetworkingV1alpha1().ClusterCIDRs().Watch(context.TODO(), options)
-			},
-		},
-		&networkingv1alpha1.ClusterCIDR{},
-		resyncPeriod,
-		indexers,
-	)
-}
-
-func (f *clusterCIDRInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredClusterCIDRInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
-}
-
-func (f *clusterCIDRInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&networkingv1alpha1.ClusterCIDR{}, f.defaultInformer)
-}
-
-func (f *clusterCIDRInformer) Lister() v1alpha1.ClusterCIDRLister {
-	return v1alpha1.NewClusterCIDRLister(f.Informer().GetIndexer())
-}
--- a/informers/networking/v1alpha1/interface.go
+++ b/informers/networking/v1alpha1/interface.go
@@ -1,45 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
-)
-
-// Interface provides access to all the informers in this group version.
-type Interface interface {
-	// ClusterCIDRs returns a ClusterCIDRInformer.
-	ClusterCIDRs() ClusterCIDRInformer
-}
-
-type version struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// ClusterCIDRs returns a ClusterCIDRInformer.
-func (v *version) ClusterCIDRs() ClusterCIDRInformer {
-	return &clusterCIDRInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
-}
--- a/kubernetes/clientset.go
+++ b/kubernetes/clientset.go
@@ -53,7 +53,6 @@ import (
 	flowcontrolv1beta1 "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1"
 	flowcontrolv1beta2 "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2"
 	networkingv1 "k8s.io/client-go/kubernetes/typed/networking/v1"
-	networkingv1alpha1 "k8s.io/client-go/kubernetes/typed/networking/v1alpha1"
 	networkingv1beta1 "k8s.io/client-go/kubernetes/typed/networking/v1beta1"
 	nodev1 "k8s.io/client-go/kubernetes/typed/node/v1"
 	nodev1alpha1 "k8s.io/client-go/kubernetes/typed/node/v1alpha1"
@@ -105,7 +104,6 @@ type Interface interface {
 	FlowcontrolV1beta1() flowcontrolv1beta1.FlowcontrolV1beta1Interface
 	FlowcontrolV1beta2() flowcontrolv1beta2.FlowcontrolV1beta2Interface
 	NetworkingV1() networkingv1.NetworkingV1Interface
-	NetworkingV1alpha1() networkingv1alpha1.NetworkingV1alpha1Interface
 	NetworkingV1beta1() networkingv1beta1.NetworkingV1beta1Interface
 	NodeV1() nodev1.NodeV1Interface
 	NodeV1alpha1() nodev1alpha1.NodeV1alpha1Interface
@@ -157,7 +155,6 @@ type Clientset struct {
 	flowcontrolV1beta1           *flowcontrolv1beta1.FlowcontrolV1beta1Client
 	flowcontrolV1beta2           *flowcontrolv1beta2.FlowcontrolV1beta2Client
 	networkingV1                 *networkingv1.NetworkingV1Client
-	networkingV1alpha1           *networkingv1alpha1.NetworkingV1alpha1Client
 	networkingV1beta1            *networkingv1beta1.NetworkingV1beta1Client
 	nodeV1                       *nodev1.NodeV1Client
 	nodeV1alpha1                 *nodev1alpha1.NodeV1alpha1Client
@@ -325,11 +322,6 @@ func (c *Clientset) NetworkingV1() networkingv1.NetworkingV1Interface {
 	return c.networkingV1
 }

-// NetworkingV1alpha1 retrieves the NetworkingV1alpha1Client
-func (c *Clientset) NetworkingV1alpha1() networkingv1alpha1.NetworkingV1alpha1Interface {
-	return c.networkingV1alpha1
-}
-
 // NetworkingV1beta1 retrieves the NetworkingV1beta1Client
 func (c *Clientset) NetworkingV1beta1() networkingv1beta1.NetworkingV1beta1Interface {
 	return c.networkingV1beta1
@@ -569,10 +561,6 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset,
 	if err != nil {
 		return nil, err
 	}
-	cs.networkingV1alpha1, err = networkingv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient)
-	if err != nil {
-		return nil, err
-	}
 	cs.networkingV1beta1, err = networkingv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient)
 	if err != nil {
 		return nil, err
@@ -684,7 +672,6 @@ func New(c rest.Interface) *Clientset {
 	cs.flowcontrolV1beta1 = flowcontrolv1beta1.New(c)
 	cs.flowcontrolV1beta2 = flowcontrolv1beta2.New(c)
 	cs.networkingV1 = networkingv1.New(c)
-	cs.networkingV1alpha1 = networkingv1alpha1.New(c)
 	cs.networkingV1beta1 = networkingv1beta1.New(c)
 	cs.nodeV1 = nodev1.New(c)
 	cs.nodeV1alpha1 = nodev1alpha1.New(c)
--- a/kubernetes/fake/clientset_generated.go
+++ b/kubernetes/fake/clientset_generated.go
@@ -84,8 +84,6 @@ import (
 	fakeflowcontrolv1beta2 "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2/fake"
 	networkingv1 "k8s.io/client-go/kubernetes/typed/networking/v1"
 	fakenetworkingv1 "k8s.io/client-go/kubernetes/typed/networking/v1/fake"
-	networkingv1alpha1 "k8s.io/client-go/kubernetes/typed/networking/v1alpha1"
-	fakenetworkingv1alpha1 "k8s.io/client-go/kubernetes/typed/networking/v1alpha1/fake"
 	networkingv1beta1 "k8s.io/client-go/kubernetes/typed/networking/v1beta1"
 	fakenetworkingv1beta1 "k8s.io/client-go/kubernetes/typed/networking/v1beta1/fake"
 	nodev1 "k8s.io/client-go/kubernetes/typed/node/v1"
@@ -319,11 +317,6 @@ func (c *Clientset) NetworkingV1() networkingv1.NetworkingV1Interface {
 	return &fakenetworkingv1.FakeNetworkingV1{Fake: &c.Fake}
 }

-// NetworkingV1alpha1 retrieves the NetworkingV1alpha1Client
-func (c *Clientset) NetworkingV1alpha1() networkingv1alpha1.NetworkingV1alpha1Interface {
-	return &fakenetworkingv1alpha1.FakeNetworkingV1alpha1{Fake: &c.Fake}
-}
-
 // NetworkingV1beta1 retrieves the NetworkingV1beta1Client
 func (c *Clientset) NetworkingV1beta1() networkingv1beta1.NetworkingV1beta1Interface {
 	return &fakenetworkingv1beta1.FakeNetworkingV1beta1{Fake: &c.Fake}
--- a/kubernetes/fake/register.go
+++ b/kubernetes/fake/register.go
@@ -49,7 +49,6 @@ import (
 	flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1"
 	flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2"
 	networkingv1 "k8s.io/api/networking/v1"
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
 	nodev1 "k8s.io/api/node/v1"
 	nodev1alpha1 "k8s.io/api/node/v1alpha1"
@@ -106,7 +105,6 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 	flowcontrolv1beta1.AddToScheme,
 	flowcontrolv1beta2.AddToScheme,
 	networkingv1.AddToScheme,
-	networkingv1alpha1.AddToScheme,
 	networkingv1beta1.AddToScheme,
 	nodev1.AddToScheme,
 	nodev1alpha1.AddToScheme,
--- a/kubernetes/scheme/register.go
+++ b/kubernetes/scheme/register.go
@@ -49,7 +49,6 @@ import (
 	flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1"
 	flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2"
 	networkingv1 "k8s.io/api/networking/v1"
-	networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
 	nodev1 "k8s.io/api/node/v1"
 	nodev1alpha1 "k8s.io/api/node/v1alpha1"
@@ -106,7 +105,6 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 	flowcontrolv1beta1.AddToScheme,
 	flowcontrolv1beta2.AddToScheme,
 	networkingv1.AddToScheme,
-	networkingv1alpha1.AddToScheme,
 	networkingv1beta1.AddToScheme,
 	nodev1.AddToScheme,
 	nodev1alpha1.AddToScheme,
--- a/kubernetes/typed/networking/v1alpha1/clustercidr.go
+++ b/kubernetes/typed/networking/v1alpha1/clustercidr.go
@@ -1,197 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"context"
-	json "encoding/json"
-	"fmt"
-	"time"
-
-	v1alpha1 "k8s.io/api/networking/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	networkingv1alpha1 "k8s.io/client-go/applyconfigurations/networking/v1alpha1"
-	scheme "k8s.io/client-go/kubernetes/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-// ClusterCIDRsGetter has a method to return a ClusterCIDRInterface.
-// A group's client should implement this interface.
-type ClusterCIDRsGetter interface {
-	ClusterCIDRs() ClusterCIDRInterface
-}
-
-// ClusterCIDRInterface has methods to work with ClusterCIDR resources.
-type ClusterCIDRInterface interface {
-	Create(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.CreateOptions) (*v1alpha1.ClusterCIDR, error)
-	Update(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.UpdateOptions) (*v1alpha1.ClusterCIDR, error)
-	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
-	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
-	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterCIDR, error)
-	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterCIDRList, error)
-	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
-	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterCIDR, err error)
-	Apply(ctx context.Context, clusterCIDR *networkingv1alpha1.ClusterCIDRApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.ClusterCIDR, err error)
-	ClusterCIDRExpansion
-}
-
-// clusterCIDRs implements ClusterCIDRInterface
-type clusterCIDRs struct {
-	client rest.Interface
-}
-
-// newClusterCIDRs returns a ClusterCIDRs
-func newClusterCIDRs(c *NetworkingV1alpha1Client) *clusterCIDRs {
-	return &clusterCIDRs{
-		client: c.RESTClient(),
-	}
-}
-
-// Get takes name of the clusterCIDR, and returns the corresponding clusterCIDR object, and an error if there is any.
-func (c *clusterCIDRs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	result = &v1alpha1.ClusterCIDR{}
-	err = c.client.Get().
-		Resource("clustercidrs").
-		Name(name).
-		VersionedParams(&options, scheme.ParameterCodec).
-		Do(ctx).
-		Into(result)
-	return
-}
-
-// List takes label and field selectors, and returns the list of ClusterCIDRs that match those selectors.
-func (c *clusterCIDRs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterCIDRList, err error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	result = &v1alpha1.ClusterCIDRList{}
-	err = c.client.Get().
-		Resource("clustercidrs").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Do(ctx).
-		Into(result)
-	return
-}
-
-// Watch returns a watch.Interface that watches the requested clusterCIDRs.
-func (c *clusterCIDRs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	opts.Watch = true
-	return c.client.Get().
-		Resource("clustercidrs").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Watch(ctx)
-}
-
-// Create takes the representation of a clusterCIDR and creates it.  Returns the server's representation of the clusterCIDR, and an error, if there is any.
-func (c *clusterCIDRs) Create(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.CreateOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	result = &v1alpha1.ClusterCIDR{}
-	err = c.client.Post().
-		Resource("clustercidrs").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(clusterCIDR).
-		Do(ctx).
-		Into(result)
-	return
-}
-
-// Update takes the representation of a clusterCIDR and updates it. Returns the server's representation of the clusterCIDR, and an error, if there is any.
-func (c *clusterCIDRs) Update(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.UpdateOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	result = &v1alpha1.ClusterCIDR{}
-	err = c.client.Put().
-		Resource("clustercidrs").
-		Name(clusterCIDR.Name).
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(clusterCIDR).
-		Do(ctx).
-		Into(result)
-	return
-}
-
-// Delete takes name of the clusterCIDR and deletes it. Returns an error if one occurs.
-func (c *clusterCIDRs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
-	return c.client.Delete().
-		Resource("clustercidrs").
-		Name(name).
-		Body(&opts).
-		Do(ctx).
-		Error()
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *clusterCIDRs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	var timeout time.Duration
-	if listOpts.TimeoutSeconds != nil {
-		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
-	}
-	return c.client.Delete().
-		Resource("clustercidrs").
-		VersionedParams(&listOpts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Body(&opts).
-		Do(ctx).
-		Error()
-}
-
-// Patch applies the patch and returns the patched clusterCIDR.
-func (c *clusterCIDRs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterCIDR, err error) {
-	result = &v1alpha1.ClusterCIDR{}
-	err = c.client.Patch(pt).
-		Resource("clustercidrs").
-		Name(name).
-		SubResource(subresources...).
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
-
-// Apply takes the given apply declarative configuration, applies it and returns the applied clusterCIDR.
-func (c *clusterCIDRs) Apply(ctx context.Context, clusterCIDR *networkingv1alpha1.ClusterCIDRApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	if clusterCIDR == nil {
-		return nil, fmt.Errorf("clusterCIDR provided to Apply must not be nil")
-	}
-	patchOpts := opts.ToPatchOptions()
-	data, err := json.Marshal(clusterCIDR)
-	if err != nil {
-		return nil, err
-	}
-	name := clusterCIDR.Name
-	if name == nil {
-		return nil, fmt.Errorf("clusterCIDR.Name must be provided to Apply")
-	}
-	result = &v1alpha1.ClusterCIDR{}
-	err = c.client.Patch(types.ApplyPatchType).
-		Resource("clustercidrs").
-		Name(*name).
-		VersionedParams(&patchOpts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
--- a/kubernetes/typed/networking/v1alpha1/doc.go
+++ b/kubernetes/typed/networking/v1alpha1/doc.go
@@ -1,20 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package has the automatically generated typed clients.
-package v1alpha1
--- a/kubernetes/typed/networking/v1alpha1/fake/doc.go
+++ b/kubernetes/typed/networking/v1alpha1/fake/doc.go
@@ -1,20 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// Package fake has the automatically generated clients.
-package fake
--- a/kubernetes/typed/networking/v1alpha1/fake/fake_clustercidr.go
+++ b/kubernetes/typed/networking/v1alpha1/fake/fake_clustercidr.go
@@ -1,146 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	"context"
-	json "encoding/json"
-	"fmt"
-
-	v1alpha1 "k8s.io/api/networking/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	networkingv1alpha1 "k8s.io/client-go/applyconfigurations/networking/v1alpha1"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeClusterCIDRs implements ClusterCIDRInterface
-type FakeClusterCIDRs struct {
-	Fake *FakeNetworkingV1alpha1
-}
-
-var clustercidrsResource = schema.GroupVersionResource{Group: "networking.k8s.io", Version: "v1alpha1", Resource: "clustercidrs"}
-
-var clustercidrsKind = schema.GroupVersionKind{Group: "networking.k8s.io", Version: "v1alpha1", Kind: "ClusterCIDR"}
-
-// Get takes name of the clusterCIDR, and returns the corresponding clusterCIDR object, and an error if there is any.
-func (c *FakeClusterCIDRs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootGetAction(clustercidrsResource, name), &v1alpha1.ClusterCIDR{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.ClusterCIDR), err
-}
-
-// List takes label and field selectors, and returns the list of ClusterCIDRs that match those selectors.
-func (c *FakeClusterCIDRs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterCIDRList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootListAction(clustercidrsResource, clustercidrsKind, opts), &v1alpha1.ClusterCIDRList{})
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &v1alpha1.ClusterCIDRList{ListMeta: obj.(*v1alpha1.ClusterCIDRList).ListMeta}
-	for _, item := range obj.(*v1alpha1.ClusterCIDRList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested clusterCIDRs.
-func (c *FakeClusterCIDRs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewRootWatchAction(clustercidrsResource, opts))
-}
-
-// Create takes the representation of a clusterCIDR and creates it.  Returns the server's representation of the clusterCIDR, and an error, if there is any.
-func (c *FakeClusterCIDRs) Create(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.CreateOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(clustercidrsResource, clusterCIDR), &v1alpha1.ClusterCIDR{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.ClusterCIDR), err
-}
-
-// Update takes the representation of a clusterCIDR and updates it. Returns the server's representation of the clusterCIDR, and an error, if there is any.
-func (c *FakeClusterCIDRs) Update(ctx context.Context, clusterCIDR *v1alpha1.ClusterCIDR, opts v1.UpdateOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateAction(clustercidrsResource, clusterCIDR), &v1alpha1.ClusterCIDR{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.ClusterCIDR), err
-}
-
-// Delete takes name of the clusterCIDR and deletes it. Returns an error if one occurs.
-func (c *FakeClusterCIDRs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewRootDeleteActionWithOptions(clustercidrsResource, name, opts), &v1alpha1.ClusterCIDR{})
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeClusterCIDRs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewRootDeleteCollectionAction(clustercidrsResource, listOpts)
-
-	_, err := c.Fake.Invokes(action, &v1alpha1.ClusterCIDRList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched clusterCIDR.
-func (c *FakeClusterCIDRs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterCIDR, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootPatchSubresourceAction(clustercidrsResource, name, pt, data, subresources...), &v1alpha1.ClusterCIDR{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.ClusterCIDR), err
-}
-
-// Apply takes the given apply declarative configuration, applies it and returns the applied clusterCIDR.
-func (c *FakeClusterCIDRs) Apply(ctx context.Context, clusterCIDR *networkingv1alpha1.ClusterCIDRApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.ClusterCIDR, err error) {
-	if clusterCIDR == nil {
-		return nil, fmt.Errorf("clusterCIDR provided to Apply must not be nil")
-	}
-	data, err := json.Marshal(clusterCIDR)
-	if err != nil {
-		return nil, err
-	}
-	name := clusterCIDR.Name
-	if name == nil {
-		return nil, fmt.Errorf("clusterCIDR.Name must be provided to Apply")
-	}
-	obj, err := c.Fake.
-		Invokes(testing.NewRootPatchSubresourceAction(clustercidrsResource, *name, types.ApplyPatchType, data), &v1alpha1.ClusterCIDR{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.ClusterCIDR), err
-}
--- a/kubernetes/typed/networking/v1alpha1/fake/fake_networking_client.go
+++ b/kubernetes/typed/networking/v1alpha1/fake/fake_networking_client.go
@@ -1,40 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "k8s.io/client-go/kubernetes/typed/networking/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeNetworkingV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeNetworkingV1alpha1) ClusterCIDRs() v1alpha1.ClusterCIDRInterface {
-	return &FakeClusterCIDRs{c}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeNetworkingV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}
--- a/kubernetes/typed/networking/v1alpha1/generated_expansion.go
+++ b/kubernetes/typed/networking/v1alpha1/generated_expansion.go
@@ -1,21 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-type ClusterCIDRExpansion interface{}
--- a/kubernetes/typed/networking/v1alpha1/networking_client.go
+++ b/kubernetes/typed/networking/v1alpha1/networking_client.go
@@ -1,107 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"net/http"
-
-	v1alpha1 "k8s.io/api/networking/v1alpha1"
-	"k8s.io/client-go/kubernetes/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type NetworkingV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	ClusterCIDRsGetter
-}
-
-// NetworkingV1alpha1Client is used to interact with features provided by the networking.k8s.io group.
-type NetworkingV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *NetworkingV1alpha1Client) ClusterCIDRs() ClusterCIDRInterface {
-	return newClusterCIDRs(c)
-}
-
-// NewForConfig creates a new NetworkingV1alpha1Client for the given config.
-// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
-// where httpClient was generated with rest.HTTPClientFor(c).
-func NewForConfig(c *rest.Config) (*NetworkingV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	httpClient, err := rest.HTTPClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return NewForConfigAndClient(&config, httpClient)
-}
-
-// NewForConfigAndClient creates a new NetworkingV1alpha1Client for the given config and http client.
-// Note the http client provided takes precedence over the configured transport values.
-func NewForConfigAndClient(c *rest.Config, h *http.Client) (*NetworkingV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientForConfigAndClient(&config, h)
-	if err != nil {
-		return nil, err
-	}
-	return &NetworkingV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new NetworkingV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *NetworkingV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new NetworkingV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *NetworkingV1alpha1Client {
-	return &NetworkingV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *NetworkingV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}
--- a/listers/networking/v1alpha1/clustercidr.go
+++ b/listers/networking/v1alpha1/clustercidr.go
@@ -1,68 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "k8s.io/api/networking/v1alpha1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/tools/cache"
-)
-
-// ClusterCIDRLister helps list ClusterCIDRs.
-// All objects returned here must be treated as read-only.
-type ClusterCIDRLister interface {
-	// List lists all ClusterCIDRs in the indexer.
-	// Objects returned here must be treated as read-only.
-	List(selector labels.Selector) (ret []*v1alpha1.ClusterCIDR, err error)
-	// Get retrieves the ClusterCIDR from the index for a given name.
-	// Objects returned here must be treated as read-only.
-	Get(name string) (*v1alpha1.ClusterCIDR, error)
-	ClusterCIDRListerExpansion
-}
-
-// clusterCIDRLister implements the ClusterCIDRLister interface.
-type clusterCIDRLister struct {
-	indexer cache.Indexer
-}
-
-// NewClusterCIDRLister returns a new ClusterCIDRLister.
-func NewClusterCIDRLister(indexer cache.Indexer) ClusterCIDRLister {
-	return &clusterCIDRLister{indexer: indexer}
-}
-
-// List lists all ClusterCIDRs in the indexer.
-func (s *clusterCIDRLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterCIDR, err error) {
-	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.ClusterCIDR))
-	})
-	return ret, err
-}
-
-// Get retrieves the ClusterCIDR from the index for a given name.
-func (s *clusterCIDRLister) Get(name string) (*v1alpha1.ClusterCIDR, error) {
-	obj, exists, err := s.indexer.GetByKey(name)
-	if err != nil {
-		return nil, err
-	}
-	if !exists {
-		return nil, errors.NewNotFound(v1alpha1.Resource("clustercidr"), name)
-	}
-	return obj.(*v1alpha1.ClusterCIDR), nil
-}
--- a/listers/networking/v1alpha1/expansion_generated.go
+++ b/listers/networking/v1alpha1/expansion_generated.go
@@ -1,23 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-// ClusterCIDRListerExpansion allows custom methods to be added to
-// ClusterCIDRLister.
-type ClusterCIDRListerExpansion interface{}
--- a/plugin/pkg/client/auth/azure/README.md
+++ b/plugin/pkg/client/auth/azure/README.md
@@ -1,56 +0,0 @@
-# Azure Active Directory plugin for client authentication
-
-This plugin provides an integration with Azure Active Directory device flow. If no tokens are present in the kubectl configuration, it will prompt a device code which can be used to login in a browser. After login it will automatically fetch the tokens and store them in the kubectl configuration. In addition it will refresh and update the tokens in the configuration when expired.
-
-## Usage
-
-1. Create an Azure Active Directory *Web App / API* application for `apiserver` following these [instructions](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration). The callback URL does not matter (just cannot be empty).
-
-2. Create a second Azure Active Directory native application for `kubectl`. The callback URL does not matter (just cannot be empty).
-
-3. On `kubectl` application's configuration page in Azure portal grant permissions to `apiserver` application by clicking on *Required Permissions*, click the *Add* button and search for the apiserver application created in step 1. Select "Access apiserver" under the *DELEGATED PERMISSIONS*. Once added click the *Grant Permissions* button to apply the changes.
-
-4. Configure the `apiserver` to use the Azure Active Directory as an OIDC provider with following options
-
-   ```
-   --oidc-client-id="spn:APISERVER_APPLICATION_ID" \
-   --oidc-issuer-url="https://sts.windows.net/TENANT_ID/"
-   --oidc-username-claim="sub"
-   ```
-
-   * Replace the `APISERVER_APPLICATION_ID` with the application ID of `apiserver` application
-   * Replace `TENANT_ID` with your tenant ID.
-   * For a list of alternative username claims that are supported by the OIDC issuer check the JSON response at `https://sts.windows.net/TENANT_ID/.well-known/openid-configuration`.
-
-5. Configure `kubectl` to use the `azure` authentication provider
-
-   ```
-   kubectl config set-credentials "USER_NAME" --auth-provider=azure \
-     --auth-provider-arg=environment=AzurePublicCloud \
-     --auth-provider-arg=client-id=APPLICATION_ID \
-     --auth-provider-arg=tenant-id=TENANT_ID \
-     --auth-provider-arg=apiserver-id=APISERVER_APPLICATION_ID
-   ```
-
-   * Supported environments: `AzurePublicCloud`, `AzureUSGovernmentCloud`, `AzureChinaCloud`, `AzureGermanCloud`
-   * Replace `USER_NAME` and `TENANT_ID` with your user name and tenant ID
-   * Replace `APPLICATION_ID` with the application ID of your`kubectl` application ID
-   * Replace `APISERVER_APPLICATION_ID` with the application ID of your `apiserver` application ID
-   * Be sure to also (create and) select a context that uses above user
-
-6. (Optionally) the AAD token has `aud` claim with `spn:` prefix. To omit that, add following auth configuration:
-
-   ```
-     --auth-provider-arg=config-mode="1"
-   ```
-
- 7. The access token is acquired when first `kubectl` command is executed
-
-   ```
-   kubectl get pods
-
-   To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DEC7D48GA to authenticate.
-   ```
-
-   * After signing in a web browser, the token is stored in the configuration, and it will be reused when executing further commands.
-   * The resulting username in Kubernetes depends on your [configuration of the `--oidc-username-claim` and `--oidc-username-prefix` flags on the API server](https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server). If you are using any authorization method you need to give permissions to that user, e.g. by binding the user to a role in the case of RBAC.
--- a/plugin/pkg/client/auth/azure/azure.go
+++ b/plugin/pkg/client/auth/azure/azure.go
@@ -1,477 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package azure
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"os"
-	"strconv"
-	"sync"
-
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/adal"
-	"github.com/Azure/go-autorest/autorest/azure"
-	"k8s.io/klog/v2"
-
-	"k8s.io/apimachinery/pkg/util/net"
-	restclient "k8s.io/client-go/rest"
-)
-
-type configMode int
-
-const (
-	azureTokenKey = "azureTokenKey"
-	tokenType     = "Bearer"
-	authHeader    = "Authorization"
-
-	cfgClientID     = "client-id"
-	cfgTenantID     = "tenant-id"
-	cfgAccessToken  = "access-token"
-	cfgRefreshToken = "refresh-token"
-	cfgExpiresIn    = "expires-in"
-	cfgExpiresOn    = "expires-on"
-	cfgEnvironment  = "environment"
-	cfgApiserverID  = "apiserver-id"
-	cfgConfigMode   = "config-mode"
-
-	configModeDefault       configMode = 0
-	configModeOmitSPNPrefix configMode = 1
-)
-
-func init() {
-	if err := restclient.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil {
-		klog.Fatalf("Failed to register azure auth plugin: %v", err)
-	}
-}
-
-var cache = newAzureTokenCache()
-
-type azureTokenCache struct {
-	lock  sync.Mutex
-	cache map[string]*azureToken
-}
-
-func newAzureTokenCache() *azureTokenCache {
-	return &azureTokenCache{cache: make(map[string]*azureToken)}
-}
-
-func (c *azureTokenCache) getToken(tokenKey string) *azureToken {
-	c.lock.Lock()
-	defer c.lock.Unlock()
-	return c.cache[tokenKey]
-}
-
-func (c *azureTokenCache) setToken(tokenKey string, token *azureToken) {
-	c.lock.Lock()
-	defer c.lock.Unlock()
-	c.cache[tokenKey] = token
-}
-
-var warnOnce sync.Once
-
-func newAzureAuthProvider(_ string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
-	// deprecated in v1.22, remove in v1.25
-	warnOnce.Do(func() {
-		klog.Warningf(`WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.26+; use https://github.com/Azure/kubelogin instead.
-To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins`)
-	})
-
-	var (
-		ts          tokenSource
-		environment azure.Environment
-		err         error
-		mode        configMode
-	)
-
-	environment, err = azure.EnvironmentFromName(cfg[cfgEnvironment])
-	if err != nil {
-		environment = azure.PublicCloud
-	}
-
-	mode = configModeDefault
-	if cfg[cfgConfigMode] != "" {
-		configModeInt, err := strconv.Atoi(cfg[cfgConfigMode])
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse %s, error: %s", cfgConfigMode, err)
-		}
-		mode = configMode(configModeInt)
-		switch mode {
-		case configModeOmitSPNPrefix:
-		case configModeDefault:
-		default:
-			return nil, fmt.Errorf("%s:%s is not a valid mode", cfgConfigMode, cfg[cfgConfigMode])
-		}
-	}
-	ts, err = newAzureTokenSourceDeviceCode(environment, cfg[cfgClientID], cfg[cfgTenantID], cfg[cfgApiserverID], mode)
-	if err != nil {
-		return nil, fmt.Errorf("creating a new azure token source for device code authentication: %v", err)
-	}
-	cacheSource := newAzureTokenSource(ts, cache, cfg, mode, persister)
-
-	return &azureAuthProvider{
-		tokenSource: cacheSource,
-	}, nil
-}
-
-type azureAuthProvider struct {
-	tokenSource tokenSource
-}
-
-func (p *azureAuthProvider) Login() error {
-	return errors.New("not yet implemented")
-}
-
-func (p *azureAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
-	return &azureRoundTripper{
-		tokenSource:  p.tokenSource,
-		roundTripper: rt,
-	}
-}
-
-type azureRoundTripper struct {
-	tokenSource  tokenSource
-	roundTripper http.RoundTripper
-}
-
-var _ net.RoundTripperWrapper = &azureRoundTripper{}
-
-func (r *azureRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	if len(req.Header.Get(authHeader)) != 0 {
-		return r.roundTripper.RoundTrip(req)
-	}
-
-	token, err := r.tokenSource.Token()
-	if err != nil {
-		klog.Errorf("Failed to acquire a token: %v", err)
-		return nil, fmt.Errorf("acquiring a token for authorization header: %v", err)
-	}
-
-	// clone the request in order to avoid modifying the headers of the original request
-	req2 := new(http.Request)
-	*req2 = *req
-	req2.Header = make(http.Header, len(req.Header))
-	for k, s := range req.Header {
-		req2.Header[k] = append([]string(nil), s...)
-	}
-
-	req2.Header.Set(authHeader, fmt.Sprintf("%s %s", tokenType, token.token.AccessToken))
-
-	return r.roundTripper.RoundTrip(req2)
-}
-
-func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.roundTripper }
-
-type azureToken struct {
-	token       adal.Token
-	environment string
-	clientID    string
-	tenantID    string
-	apiserverID string
-}
-
-type tokenSource interface {
-	Token() (*azureToken, error)
-	Refresh(*azureToken) (*azureToken, error)
-}
-
-type azureTokenSource struct {
-	source     tokenSource
-	cache      *azureTokenCache
-	lock       sync.Mutex
-	configMode configMode
-	cfg        map[string]string
-	persister  restclient.AuthProviderConfigPersister
-}
-
-func newAzureTokenSource(source tokenSource, cache *azureTokenCache, cfg map[string]string, configMode configMode, persister restclient.AuthProviderConfigPersister) tokenSource {
-	return &azureTokenSource{
-		source:     source,
-		cache:      cache,
-		cfg:        cfg,
-		persister:  persister,
-		configMode: configMode,
-	}
-}
-
-// Token fetches a token from the cache of configuration if present otherwise
-// acquires a new token from the configured source. Automatically refreshes
-// the token if expired.
-func (ts *azureTokenSource) Token() (*azureToken, error) {
-	ts.lock.Lock()
-	defer ts.lock.Unlock()
-
-	var err error
-	token := ts.cache.getToken(azureTokenKey)
-
-	if token != nil && !token.token.IsExpired() {
-		return token, nil
-	}
-
-	// retrieve from config if no cache
-	if token == nil {
-		tokenFromCfg, err := ts.retrieveTokenFromCfg()
-
-		if err == nil {
-			token = tokenFromCfg
-		}
-	}
-
-	if token != nil {
-		// cache and return if the token is as good
-		// avoids frequent persistor calls
-		if !token.token.IsExpired() {
-			ts.cache.setToken(azureTokenKey, token)
-			return token, nil
-		}
-
-		klog.V(4).Info("Refreshing token.")
-		tokenFromRefresh, err := ts.Refresh(token)
-		switch {
-		case err == nil:
-			token = tokenFromRefresh
-		case autorest.IsTokenRefreshError(err):
-			klog.V(4).Infof("Failed to refresh expired token, proceed to auth: %v", err)
-			// reset token to nil so that the token source will be used to acquire new
-			token = nil
-		default:
-			return nil, fmt.Errorf("unexpected error when refreshing token: %v", err)
-		}
-	}
-
-	if token == nil {
-		tokenFromSource, err := ts.source.Token()
-		if err != nil {
-			return nil, fmt.Errorf("failed acquiring new token: %v", err)
-		}
-		token = tokenFromSource
-	}
-
-	// sanity check
-	if token == nil {
-		return nil, fmt.Errorf("unable to acquire token")
-	}
-
-	// corner condition, newly got token is valid but expired
-	if token.token.IsExpired() {
-		return nil, fmt.Errorf("newly acquired token is expired")
-	}
-
-	err = ts.storeTokenInCfg(token)
-	if err != nil {
-		return nil, fmt.Errorf("storing the refreshed token in configuration: %v", err)
-	}
-	ts.cache.setToken(azureTokenKey, token)
-
-	return token, nil
-}
-
-func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
-	accessToken := ts.cfg[cfgAccessToken]
-	if accessToken == "" {
-		return nil, fmt.Errorf("no access token in cfg: %s", cfgAccessToken)
-	}
-	refreshToken := ts.cfg[cfgRefreshToken]
-	if refreshToken == "" {
-		return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken)
-	}
-	environment := ts.cfg[cfgEnvironment]
-	if environment == "" {
-		return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment)
-	}
-	clientID := ts.cfg[cfgClientID]
-	if clientID == "" {
-		return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID)
-	}
-	tenantID := ts.cfg[cfgTenantID]
-	if tenantID == "" {
-		return nil, fmt.Errorf("no tenant ID in cfg: %s", cfgTenantID)
-	}
-	resourceID := ts.cfg[cfgApiserverID]
-	if resourceID == "" {
-		return nil, fmt.Errorf("no apiserver ID in cfg: %s", cfgApiserverID)
-	}
-	expiresIn := ts.cfg[cfgExpiresIn]
-	if expiresIn == "" {
-		return nil, fmt.Errorf("no expiresIn in cfg: %s", cfgExpiresIn)
-	}
-	expiresOn := ts.cfg[cfgExpiresOn]
-	if expiresOn == "" {
-		return nil, fmt.Errorf("no expiresOn in cfg: %s", cfgExpiresOn)
-	}
-	tokenAudience := resourceID
-	if ts.configMode == configModeDefault {
-		tokenAudience = fmt.Sprintf("spn:%s", resourceID)
-	}
-
-	return &azureToken{
-		token: adal.Token{
-			AccessToken:  accessToken,
-			RefreshToken: refreshToken,
-			ExpiresIn:    json.Number(expiresIn),
-			ExpiresOn:    json.Number(expiresOn),
-			NotBefore:    json.Number(expiresOn),
-			Resource:     tokenAudience,
-			Type:         tokenType,
-		},
-		environment: environment,
-		clientID:    clientID,
-		tenantID:    tenantID,
-		apiserverID: resourceID,
-	}, nil
-}
-
-func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
-	newCfg := make(map[string]string)
-	newCfg[cfgAccessToken] = token.token.AccessToken
-	newCfg[cfgRefreshToken] = token.token.RefreshToken
-	newCfg[cfgEnvironment] = token.environment
-	newCfg[cfgClientID] = token.clientID
-	newCfg[cfgTenantID] = token.tenantID
-	newCfg[cfgApiserverID] = token.apiserverID
-	newCfg[cfgExpiresIn] = string(token.token.ExpiresIn)
-	newCfg[cfgExpiresOn] = string(token.token.ExpiresOn)
-	newCfg[cfgConfigMode] = strconv.Itoa(int(ts.configMode))
-
-	err := ts.persister.Persist(newCfg)
-	if err != nil {
-		return fmt.Errorf("persisting the configuration: %v", err)
-	}
-	ts.cfg = newCfg
-	return nil
-}
-
-func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) {
-	return ts.source.Refresh(token)
-}
-
-// refresh outdated token with adal.
-func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) {
-	env, err := azure.EnvironmentFromName(token.environment)
-	if err != nil {
-		return nil, err
-	}
-
-	var oauthConfig *adal.OAuthConfig
-	if ts.configMode == configModeOmitSPNPrefix {
-		oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil)
-		if err != nil {
-			return nil, fmt.Errorf("building the OAuth configuration without api-version for token refresh: %v", err)
-		}
-	} else {
-		oauthConfig, err = adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
-		if err != nil {
-			return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
-		}
-	}
-
-	callback := func(t adal.Token) error {
-		return nil
-	}
-	spt, err := adal.NewServicePrincipalTokenFromManualToken(
-		*oauthConfig,
-		token.clientID,
-		token.apiserverID,
-		token.token,
-		callback)
-	if err != nil {
-		return nil, fmt.Errorf("creating new service principal for token refresh: %v", err)
-	}
-
-	if err := spt.Refresh(); err != nil {
-		// Caller expects IsTokenRefreshError(err) to trigger prompt.
-		return nil, fmt.Errorf("refreshing token: %w", err)
-	}
-
-	return &azureToken{
-		token:       spt.Token(),
-		environment: token.environment,
-		clientID:    token.clientID,
-		tenantID:    token.tenantID,
-		apiserverID: token.apiserverID,
-	}, nil
-}
-
-type azureTokenSourceDeviceCode struct {
-	environment azure.Environment
-	clientID    string
-	tenantID    string
-	apiserverID string
-	configMode  configMode
-}
-
-func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID string, tenantID string, apiserverID string, configMode configMode) (tokenSource, error) {
-	if clientID == "" {
-		return nil, errors.New("client-id is empty")
-	}
-	if tenantID == "" {
-		return nil, errors.New("tenant-id is empty")
-	}
-	if apiserverID == "" {
-		return nil, errors.New("apiserver-id is empty")
-	}
-	return &azureTokenSourceDeviceCode{
-		environment: environment,
-		clientID:    clientID,
-		tenantID:    tenantID,
-		apiserverID: apiserverID,
-		configMode:  configMode,
-	}, nil
-}
-
-func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
-	var (
-		oauthConfig *adal.OAuthConfig
-		err         error
-	)
-	if ts.configMode == configModeOmitSPNPrefix {
-		oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil)
-		if err != nil {
-			return nil, fmt.Errorf("building the OAuth configuration without api-version for device code authentication: %v", err)
-		}
-	} else {
-		oauthConfig, err = adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID)
-		if err != nil {
-			return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err)
-		}
-	}
-	client := &autorest.Client{}
-	deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, ts.clientID, ts.apiserverID)
-	if err != nil {
-		return nil, fmt.Errorf("initialing the device code authentication: %v", err)
-	}
-
-	_, err = fmt.Fprintln(os.Stderr, *deviceCode.Message)
-	if err != nil {
-		return nil, fmt.Errorf("prompting the device code message: %v", err)
-	}
-
-	token, err := adal.WaitForUserCompletion(client, deviceCode)
-	if err != nil {
-		return nil, fmt.Errorf("waiting for device code authentication to complete: %v", err)
-	}
-
-	return &azureToken{
-		token:       *token,
-		environment: ts.environment.Name,
-		clientID:    ts.clientID,
-		tenantID:    ts.tenantID,
-		apiserverID: ts.apiserverID,
-	}, nil
-}
--- a/plugin/pkg/client/auth/azure/azure_stub.go
+++ b/plugin/pkg/client/auth/azure/azure_stub.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+	"errors"
+
+	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	if err := rest.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil {
+		klog.Fatalf("Failed to register azure auth plugin: %v", err)
+	}
+}
+
+func newAzureAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
+	return nil, errors.New(`The azure auth plugin has been removed.
+Please use the https://github.com/Azure/kubelogin kubectl/client-go credential plugin instead.
+See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins for further details`)
+}
--- a/plugin/pkg/client/auth/azure/azure_test.go
+++ b/plugin/pkg/client/auth/azure/azure_test.go
@@ -1,534 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package azure
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/Azure/go-autorest/autorest/adal"
-	"github.com/Azure/go-autorest/autorest/azure"
-)
-
-func TestAzureAuthProvider(t *testing.T) {
-	t.Run("validate against invalid configurations", func(t *testing.T) {
-		vectors := []struct {
-			cfg           map[string]string
-			expectedError string
-		}{
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-					cfgConfigMode:  "-1",
-				},
-				expectedError: "config-mode:-1 is not a valid mode",
-			},
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-					cfgConfigMode:  "2",
-				},
-				expectedError: "config-mode:2 is not a valid mode",
-			},
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-					cfgConfigMode:  "foo",
-				},
-				expectedError: "failed to parse config-mode, error: strconv.Atoi: parsing \"foo\": invalid syntax",
-			},
-		}
-
-		for _, v := range vectors {
-			persister := &fakePersister{}
-			_, err := newAzureAuthProvider("", v.cfg, persister)
-			if !strings.Contains(err.Error(), v.expectedError) {
-				t.Errorf("cfg %v should fail with message containing '%s'. actual: '%s'", v.cfg, v.expectedError, err)
-			}
-		}
-	})
-
-	t.Run("it should return non-nil provider in happy cases", func(t *testing.T) {
-		vectors := []struct {
-			cfg                map[string]string
-			expectedConfigMode configMode
-		}{
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-				},
-				expectedConfigMode: configModeDefault,
-			},
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-					cfgConfigMode:  "0",
-				},
-				expectedConfigMode: configModeDefault,
-			},
-			{
-				cfg: map[string]string{
-					cfgClientID:    "foo",
-					cfgApiserverID: "foo",
-					cfgTenantID:    "foo",
-					cfgConfigMode:  "1",
-				},
-				expectedConfigMode: configModeOmitSPNPrefix,
-			},
-		}
-
-		for _, v := range vectors {
-			persister := &fakePersister{}
-			provider, err := newAzureAuthProvider("", v.cfg, persister)
-			if err != nil {
-				t.Errorf("newAzureAuthProvider should not fail with '%s'", err)
-			}
-			if provider == nil {
-				t.Fatalf("newAzureAuthProvider should return non-nil provider")
-			}
-			azureProvider := provider.(*azureAuthProvider)
-			if azureProvider == nil {
-				t.Fatalf("newAzureAuthProvider should return an instance of type azureAuthProvider")
-			}
-			ts := azureProvider.tokenSource.(*azureTokenSource)
-			if ts == nil {
-				t.Fatalf("azureAuthProvider should be an instance of azureTokenSource")
-			}
-			if ts.configMode != v.expectedConfigMode {
-				t.Errorf("expected configMode: %d, actual: %d", v.expectedConfigMode, ts.configMode)
-			}
-		}
-	})
-}
-
-func TestTokenSourceDeviceCode(t *testing.T) {
-	var (
-		clientID    = "clientID"
-		tenantID    = "tenantID"
-		apiserverID = "apiserverID"
-		configMode  = configModeDefault
-		azureEnv    = azure.Environment{}
-	)
-	t.Run("validate to create azureTokenSourceDeviceCode", func(t *testing.T) {
-		if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeDefault); err != nil {
-			t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err)
-		}
-
-		if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeOmitSPNPrefix); err != nil {
-			t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err)
-		}
-
-		_, err := newAzureTokenSourceDeviceCode(azureEnv, "", tenantID, apiserverID, configMode)
-		actual := "client-id is empty"
-		if err.Error() != actual {
-			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
-		}
-
-		_, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, "", apiserverID, configMode)
-		actual = "tenant-id is empty"
-		if err.Error() != actual {
-			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
-		}
-
-		_, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, "", configMode)
-		actual = "apiserver-id is empty"
-		if err.Error() != actual {
-			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
-		}
-	})
-}
-func TestAzureTokenSource(t *testing.T) {
-	configModes := []configMode{configModeOmitSPNPrefix, configModeDefault}
-	expectedConfigModes := []string{"1", "0"}
-
-	for i, configMode := range configModes {
-		t.Run(fmt.Sprintf("validate token from cfg with configMode %v", configMode), func(t *testing.T) {
-			const (
-				serverID     = "fakeServerID"
-				clientID     = "fakeClientID"
-				tenantID     = "fakeTenantID"
-				accessToken  = "fakeToken"
-				environment  = "fakeEnvironment"
-				refreshToken = "fakeToken"
-				expiresIn    = "foo"
-				expiresOn    = "foo"
-			)
-			cfg := map[string]string{
-				cfgConfigMode:   strconv.Itoa(int(configMode)),
-				cfgApiserverID:  serverID,
-				cfgClientID:     clientID,
-				cfgTenantID:     tenantID,
-				cfgEnvironment:  environment,
-				cfgAccessToken:  accessToken,
-				cfgRefreshToken: refreshToken,
-				cfgExpiresIn:    expiresIn,
-				cfgExpiresOn:    expiresOn,
-			}
-			fakeSource := fakeTokenSource{token: newFakeAzureToken("fakeToken", time.Now().Add(3600*time.Second))}
-			persiter := &fakePersister{cache: make(map[string]string)}
-			tokenCache := newAzureTokenCache()
-			tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter)
-			azTokenSource := tokenSource.(*azureTokenSource)
-			token, err := azTokenSource.retrieveTokenFromCfg()
-			if err != nil {
-				t.Errorf("failed to retrieve the token form cfg: %s", err)
-			}
-			if token.apiserverID != serverID {
-				t.Errorf("expecting token.apiserverID: %s, actual: %s", serverID, token.apiserverID)
-			}
-			if token.clientID != clientID {
-				t.Errorf("expecting token.clientID: %s, actual: %s", clientID, token.clientID)
-			}
-			if token.tenantID != tenantID {
-				t.Errorf("expecting token.tenantID: %s, actual: %s", tenantID, token.tenantID)
-			}
-			expectedAudience := serverID
-			if configMode == configModeDefault {
-				expectedAudience = fmt.Sprintf("spn:%s", serverID)
-			}
-			if token.token.Resource != expectedAudience {
-				t.Errorf("expecting adal token.Resource: %s, actual: %s", expectedAudience, token.token.Resource)
-			}
-		})
-
-		t.Run("validate token against cache", func(t *testing.T) {
-			fakeAccessToken := "fake token 1"
-			fakeSource := fakeTokenSource{token: newFakeAzureToken(fakeAccessToken, time.Now().Add(3600*time.Second))}
-			cfg := make(map[string]string)
-			persiter := &fakePersister{cache: make(map[string]string)}
-			tokenCache := newAzureTokenCache()
-			tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter)
-			token, err := tokenSource.Token()
-			if err != nil {
-				t.Errorf("failed to retrieve the token form cache: %v", err)
-			}
-
-			wantCacheLen := 1
-			if len(tokenCache.cache) != wantCacheLen {
-				t.Errorf("Token() cache length error: got %v, want %v", len(tokenCache.cache), wantCacheLen)
-			}
-
-			if token != tokenCache.cache[azureTokenKey] {
-				t.Error("Token() returned token != cached token")
-			}
-
-			wantCfg := token2Cfg(token)
-			wantCfg[cfgConfigMode] = expectedConfigModes[i]
-			persistedCfg := persiter.Cache()
-
-			wantCfgLen := len(wantCfg)
-			persistedCfgLen := len(persistedCfg)
-			if wantCfgLen != persistedCfgLen {
-				t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen)
-			}
-
-			for k, v := range persistedCfg {
-				if strings.Compare(v, wantCfg[k]) != 0 {
-					t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k])
-				}
-			}
-
-			fakeSource.token = newFakeAzureToken("fake token 2", time.Now().Add(3600*time.Second))
-			token, err = tokenSource.Token()
-			if err != nil {
-				t.Errorf("failed to retrieve the cached token: %v", err)
-			}
-
-			if token.token.AccessToken != fakeAccessToken {
-				t.Errorf("Token() didn't return the cached token")
-			}
-		})
-	}
-}
-
-func TestAzureTokenSourceScenarios(t *testing.T) {
-	expiredToken := newFakeAzureToken("expired token", time.Now().Add(-time.Second))
-	extendedToken := newFakeAzureToken("extend token", time.Now().Add(1000*time.Second))
-	fakeToken := newFakeAzureToken("fake token", time.Now().Add(1000*time.Second))
-	wrongToken := newFakeAzureToken("wrong token", time.Now().Add(1000*time.Second))
-	tests := []struct {
-		name         string
-		sourceToken  *azureToken
-		refreshToken *azureToken
-		cachedToken  *azureToken
-		configToken  *azureToken
-		expectToken  *azureToken
-		tokenErr     error
-		refreshErr   error
-		expectErr    string
-		tokenCalls   uint
-		refreshCalls uint
-		persistCalls uint
-	}{
-		{
-			name:         "new config",
-			sourceToken:  fakeToken,
-			expectToken:  fakeToken,
-			tokenCalls:   1,
-			persistCalls: 1,
-		},
-		{
-			name:        "load token from cache",
-			sourceToken: wrongToken,
-			cachedToken: fakeToken,
-			configToken: wrongToken,
-			expectToken: fakeToken,
-		},
-		{
-			name:        "load token from config",
-			sourceToken: wrongToken,
-			configToken: fakeToken,
-			expectToken: fakeToken,
-		},
-		{
-			name:         "cached token timeout, extend success, config token should never load",
-			cachedToken:  expiredToken,
-			refreshToken: extendedToken,
-			configToken:  wrongToken,
-			expectToken:  extendedToken,
-			refreshCalls: 1,
-			persistCalls: 1,
-		},
-		{
-			name:         "config token timeout, extend failure, acquire new token",
-			configToken:  expiredToken,
-			refreshErr:   fakeTokenRefreshError{message: "FakeError happened when refreshing"},
-			sourceToken:  fakeToken,
-			expectToken:  fakeToken,
-			refreshCalls: 1,
-			tokenCalls:   1,
-			persistCalls: 1,
-		},
-		{
-			name:         "extend failure with fmt.Errorf nested tokenRefreshError",
-			configToken:  expiredToken,
-			refreshErr:   fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}),
-			sourceToken:  fakeToken,
-			expectToken:  fakeToken,
-			refreshCalls: 1,
-			tokenCalls:   1,
-			persistCalls: 1,
-		},
-		{
-			name:         "unexpected error when extend",
-			configToken:  expiredToken,
-			refreshErr:   errors.New("unexpected refresh error"),
-			sourceToken:  fakeToken,
-			expectErr:    "unexpected refresh error",
-			refreshCalls: 1,
-		},
-		{
-			name:       "token error",
-			tokenErr:   errors.New("tokenerr"),
-			expectErr:  "tokenerr",
-			tokenCalls: 1,
-		},
-		{
-			name:        "Token() got expired token",
-			sourceToken: expiredToken,
-			expectErr:   "newly acquired token is expired",
-			tokenCalls:  1,
-		},
-		{
-			name:        "Token() got nil but no error",
-			sourceToken: nil,
-			expectErr:   "unable to acquire token",
-			tokenCalls:  1,
-		},
-	}
-	for _, tc := range tests {
-		configModes := []configMode{configModeOmitSPNPrefix, configModeDefault}
-
-		for _, configMode := range configModes {
-			t.Run(fmt.Sprintf("%s with configMode: %v", tc.name, configMode), func(t *testing.T) {
-				persister := newFakePersister()
-
-				cfg := map[string]string{
-					cfgConfigMode: strconv.Itoa(int(configMode)),
-				}
-				if tc.configToken != nil {
-					cfg = token2Cfg(tc.configToken)
-				}
-
-				tokenCache := newAzureTokenCache()
-				if tc.cachedToken != nil {
-					tokenCache.setToken(azureTokenKey, tc.cachedToken)
-				}
-
-				fakeSource := fakeTokenSource{
-					token:        tc.sourceToken,
-					tokenErr:     tc.tokenErr,
-					refreshToken: tc.refreshToken,
-					refreshErr:   tc.refreshErr,
-				}
-
-				tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, &persister)
-				token, err := tokenSource.Token()
-
-				if token != nil && fakeSource.token != nil && token.apiserverID != fakeSource.token.apiserverID {
-					t.Errorf("expecting apiservierID: %s, got: %s", fakeSource.token.apiserverID, token.apiserverID)
-				}
-				if fakeSource.tokenCalls != tc.tokenCalls {
-					t.Errorf("expecting tokenCalls: %v, got: %v", tc.tokenCalls, fakeSource.tokenCalls)
-				}
-
-				if fakeSource.refreshCalls != tc.refreshCalls {
-					t.Errorf("expecting refreshCalls: %v, got: %v", tc.refreshCalls, fakeSource.refreshCalls)
-				}
-
-				if persister.calls != tc.persistCalls {
-					t.Errorf("expecting persister calls: %v, got: %v", tc.persistCalls, persister.calls)
-				}
-
-				if tc.expectErr != "" {
-					if !strings.Contains(err.Error(), tc.expectErr) {
-						t.Errorf("expecting error %v, got %v", tc.expectErr, err)
-					}
-					if token != nil {
-						t.Errorf("token should be nil in err situation, got %v", token)
-					}
-				} else {
-					if err != nil {
-						t.Fatalf("error should be nil, got %v", err)
-					}
-					if token.token.AccessToken != tc.expectToken.token.AccessToken {
-						t.Errorf("token should have accessToken %v, got %v", token.token.AccessToken, tc.expectToken.token.AccessToken)
-					}
-				}
-			})
-		}
-	}
-}
-
-type fakePersister struct {
-	lock  sync.Mutex
-	cache map[string]string
-	calls uint
-}
-
-func newFakePersister() fakePersister {
-	return fakePersister{cache: make(map[string]string), calls: 0}
-}
-
-func (p *fakePersister) Persist(cache map[string]string) error {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	p.calls++
-	p.cache = map[string]string{}
-	for k, v := range cache {
-		p.cache[k] = v
-	}
-	return nil
-}
-
-func (p *fakePersister) Cache() map[string]string {
-	ret := map[string]string{}
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	for k, v := range p.cache {
-		ret[k] = v
-	}
-	return ret
-}
-
-// a simple token source simply always returns the token property
-type fakeTokenSource struct {
-	token        *azureToken
-	tokenCalls   uint
-	tokenErr     error
-	refreshToken *azureToken
-	refreshCalls uint
-	refreshErr   error
-}
-
-func (ts *fakeTokenSource) Token() (*azureToken, error) {
-	ts.tokenCalls++
-	return ts.token, ts.tokenErr
-}
-
-func (ts *fakeTokenSource) Refresh(*azureToken) (*azureToken, error) {
-	ts.refreshCalls++
-	return ts.refreshToken, ts.refreshErr
-}
-
-func token2Cfg(token *azureToken) map[string]string {
-	cfg := make(map[string]string)
-	cfg[cfgAccessToken] = token.token.AccessToken
-	cfg[cfgRefreshToken] = token.token.RefreshToken
-	cfg[cfgEnvironment] = token.environment
-	cfg[cfgClientID] = token.clientID
-	cfg[cfgTenantID] = token.tenantID
-	cfg[cfgApiserverID] = token.apiserverID
-	cfg[cfgExpiresIn] = string(token.token.ExpiresIn)
-	cfg[cfgExpiresOn] = string(token.token.ExpiresOn)
-	return cfg
-}
-
-func newFakeAzureToken(accessToken string, expiresOnTime time.Time) *azureToken {
-	return &azureToken{
-		token:       newFakeADALToken(accessToken, strconv.FormatInt(expiresOnTime.Unix(), 10)),
-		environment: "testenv",
-		clientID:    "fake",
-		tenantID:    "fake",
-		apiserverID: "fake",
-	}
-}
-
-func newFakeADALToken(accessToken string, expiresOn string) adal.Token {
-	return adal.Token{
-		AccessToken:  accessToken,
-		RefreshToken: "fake",
-		ExpiresIn:    "3600",
-		ExpiresOn:    json.Number(expiresOn),
-		NotBefore:    json.Number(expiresOn),
-		Resource:     "fake",
-		Type:         "fake",
-	}
-}
-
-// copied from go-autorest/adal
-type fakeTokenRefreshError struct {
-	message string
-	resp    *http.Response
-}
-
-// Error implements the error interface which is part of the TokenRefreshError interface.
-func (tre fakeTokenRefreshError) Error() string {
-	return tre.message
-}
-
-// Response implements the TokenRefreshError interface, it returns the raw HTTP response from the refresh operation.
-func (tre fakeTokenRefreshError) Response() *http.Response {
-	return tre.resp
-}
--- a/plugin/pkg/client/auth/exec/exec.go
+++ b/plugin/pkg/client/auth/exec/exec.go
@@ -199,18 +199,14 @@ func newAuthenticator(c *cache, isTerminalFunc func(int) bool, config *api.ExecC
 		now:             time.Now,
 		environ:         os.Environ,

-		connTracker: connTracker,
+		defaultDialer: defaultDialer,
+		connTracker:   connTracker,
 	}

 	for _, env := range config.Env {
 		a.env = append(a.env, env.Name+"="+env.Value)
 	}

-	// these functions are made comparable and stored in the cache so that repeated clientset
-	// construction with the same rest.Config results in a single TLS cache and Authenticator
-	a.getCert = &transport.GetCertHolder{GetCert: a.cert}
-	a.dial = &transport.DialHolder{Dial: defaultDialer.DialContext}
-
 	return c.put(key, a), nil
 }

@@ -265,6 +261,8 @@ type Authenticator struct {
 	now             func() time.Time
 	environ         func() []string

+	// defaultDialer is used for clients which don't specify a custom dialer
+	defaultDialer *connrotation.Dialer
 	// connTracker tracks all connections opened that we need to close when rotating a client certificate
 	connTracker *connrotation.ConnectionTracker

@@ -275,12 +273,6 @@ type Authenticator struct {
 	mu          sync.Mutex
 	cachedCreds *credentials
 	exp         time.Time
-
-	// getCert makes Authenticator.cert comparable to support TLS config caching
-	getCert *transport.GetCertHolder
-	// dial is used for clients which do not specify a custom dialer
-	// it is comparable to support TLS config caching
-	dial *transport.DialHolder
 }

 type credentials struct {
@@ -308,20 +300,18 @@ func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
 	if c.HasCertCallback() {
 		return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set")
 	}
-	c.TLS.GetCert = a.getCert.GetCert
-	c.TLS.GetCertHolder = a.getCert // comparable for TLS config caching
+	c.TLS.GetCert = a.cert

+	var d *connrotation.Dialer
 	if c.Dial != nil {
 		// if c has a custom dialer, we have to wrap it
-		// TLS config caching is not supported for this config
-		d := connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
-		c.Dial = d.DialContext
-		c.DialHolder = nil
+		d = connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
 	} else {
-		c.Dial = a.dial.Dial
-		c.DialHolder = a.dial // comparable for TLS config caching
+		d = a.defaultDialer
 	}

+	c.Dial = d.DialContext
+
 	return nil
 }

--- a/plugin/pkg/client/auth/exec/exec_cache_test.go
+++ b/plugin/pkg/client/auth/exec/exec_cache_test.go
@@ -1,106 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package exec_test // separate package to prevent circular import
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	utilnet "k8s.io/apimachinery/pkg/util/net"
-	clientset "k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-// TestExecTLSCache asserts the semantics of the TLS cache when exec auth is used.
-//
-// In particular, when:
-//   - multiple identical rest configs exist as distinct objects, and
-//   - these rest configs use exec auth, and
-//   - these rest configs are used to create distinct clientsets, then
-//
-// the underlying TLS config is shared between those clientsets.
-func TestExecTLSCache(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
-	t.Cleanup(cancel)
-
-	config1 := &rest.Config{
-		Host: "https://localhost",
-		ExecProvider: &clientcmdapi.ExecConfig{
-			Command:         "./testdata/test-plugin.sh",
-			APIVersion:      "client.authentication.k8s.io/v1",
-			InteractiveMode: clientcmdapi.IfAvailableExecInteractiveMode,
-		},
-	}
-	client1 := clientset.NewForConfigOrDie(config1)
-
-	config2 := &rest.Config{
-		Host: "https://localhost",
-		ExecProvider: &clientcmdapi.ExecConfig{
-			Command:         "./testdata/test-plugin.sh",
-			APIVersion:      "client.authentication.k8s.io/v1",
-			InteractiveMode: clientcmdapi.IfAvailableExecInteractiveMode,
-		},
-	}
-	client2 := clientset.NewForConfigOrDie(config2)
-
-	config3 := &rest.Config{
-		Host: "https://localhost",
-		ExecProvider: &clientcmdapi.ExecConfig{
-			Command:         "./testdata/test-plugin.sh",
-			Args:            []string{"make this exec auth different"},
-			APIVersion:      "client.authentication.k8s.io/v1",
-			InteractiveMode: clientcmdapi.IfAvailableExecInteractiveMode,
-		},
-	}
-	client3 := clientset.NewForConfigOrDie(config3)
-
-	_, _ = client1.CoreV1().Nodes().List(ctx, metav1.ListOptions{})
-	_, _ = client2.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
-	_, _ = client3.CoreV1().PersistentVolumes().List(ctx, metav1.ListOptions{})
-
-	rt1 := client1.RESTClient().(*rest.RESTClient).Client.Transport
-	rt2 := client2.RESTClient().(*rest.RESTClient).Client.Transport
-	rt3 := client3.RESTClient().(*rest.RESTClient).Client.Transport
-
-	tlsConfig1, err := utilnet.TLSClientConfig(rt1)
-	if err != nil {
-		t.Fatal(err)
-	}
-	tlsConfig2, err := utilnet.TLSClientConfig(rt2)
-	if err != nil {
-		t.Fatal(err)
-	}
-	tlsConfig3, err := utilnet.TLSClientConfig(rt3)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if tlsConfig1 == nil || tlsConfig2 == nil || tlsConfig3 == nil {
-		t.Fatal("expected non-nil TLS configs")
-	}
-
-	if tlsConfig1 != tlsConfig2 {
-		t.Fatal("expected the same TLS config for matching exec config via rest config")
-	}
-
-	if tlsConfig1 == tlsConfig3 {
-		t.Fatal("expected different TLS config for non-matching exec config via rest config")
-	}
-}
--- a/plugin/pkg/client/auth/gcp/OWNERS
+++ b/plugin/pkg/client/auth/gcp/OWNERS
@@ -1,8 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - cjcullen
-reviewers:
-  - cjcullen
-emeritus_approvers:
-  - jlowdermilk
--- a/plugin/pkg/client/auth/gcp/gcp.go
+++ b/plugin/pkg/client/auth/gcp/gcp.go
@@ -1,389 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package gcp
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"os/exec"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	"k8s.io/apimachinery/pkg/util/net"
-	"k8s.io/apimachinery/pkg/util/yaml"
-	restclient "k8s.io/client-go/rest"
-	"k8s.io/client-go/util/jsonpath"
-	"k8s.io/klog/v2"
-)
-
-func init() {
-	if err := restclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil {
-		klog.Fatalf("Failed to register gcp auth plugin: %v", err)
-	}
-}
-
-var (
-	// Stubbable for testing
-	execCommand = exec.Command
-
-	// defaultScopes:
-	// - cloud-platform is the base scope to authenticate to GCP.
-	// - userinfo.email is used to authenticate to GKE APIs with gserviceaccount
-	//   email instead of numeric uniqueID.
-	defaultScopes = []string{
-		"https://www.googleapis.com/auth/cloud-platform",
-		"https://www.googleapis.com/auth/userinfo.email"}
-)
-
-// gcpAuthProvider is an auth provider plugin that uses GCP credentials to provide
-// tokens for kubectl to authenticate itself to the apiserver. A sample json config
-// is provided below with all recognized options described.
-//
-//	{
-//	  'auth-provider': {
-//	    # Required
-//	    "name": "gcp",
-//
-//	    'config': {
-//	      # Authentication options
-//	      # These options are used while getting a token.
-//
-//	      # comma-separated list of GCP API scopes. default value of this field
-//	      # is "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email".
-//			 # to override the API scopes, specify this field explicitly.
-//	      "scopes": "https://www.googleapis.com/auth/cloud-platform"
-//
-//	      # Caching options
-//
-//	      # Raw string data representing cached access token.
-//	      "access-token": "ya29.CjWdA4GiBPTt",
-//	      # RFC3339Nano expiration timestamp for cached access token.
-//	      "expiry": "2016-10-31 22:31:9.123",
-//
-//	      # Command execution options
-//	      # These options direct the plugin to execute a specified command and parse
-//	      # token and expiry time from the output of the command.
-//
-//	      # Command to execute for access token. Command output will be parsed as JSON.
-//	      # If "cmd-args" is not present, this value will be split on whitespace, with
-//	      # the first element interpreted as the command, remaining elements as args.
-//	      "cmd-path": "/usr/bin/gcloud",
-//
-//	      # Arguments to pass to command to execute for access token.
-//	      "cmd-args": "config config-helper --output=json"
-//
-//	      # JSONPath to the string field that represents the access token in
-//	      # command output. If omitted, defaults to "{.access_token}".
-//	      "token-key": "{.credential.access_token}",
-//
-//	      # JSONPath to the string field that represents expiration timestamp
-//	      # of the access token in the command output. If omitted, defaults to
-//	      # "{.token_expiry}"
-//	      "expiry-key": ""{.credential.token_expiry}",
-//
-//	      # golang reference time in the format that the expiration timestamp uses.
-//	      # If omitted, defaults to time.RFC3339Nano
-//	      "time-fmt": "2006-01-02 15:04:05.999999999"
-//	    }
-//	  }
-//	}
-type gcpAuthProvider struct {
-	tokenSource oauth2.TokenSource
-	persister   restclient.AuthProviderConfigPersister
-}
-
-var warnOnce sync.Once
-
-func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
-	warnOnce.Do(func() {
-		klog.Warningf(`WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead.
-To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke`)
-	})
-
-	ts, err := tokenSource(isCmdTokenSource(gcpConfig), gcpConfig)
-	if err != nil {
-		return nil, err
-	}
-	cts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister, ts, gcpConfig)
-	if err != nil {
-		return nil, err
-	}
-	return &gcpAuthProvider{cts, persister}, nil
-}
-
-func isCmdTokenSource(gcpConfig map[string]string) bool {
-	_, ok := gcpConfig["cmd-path"]
-	return ok
-}
-
-func tokenSource(isCmd bool, gcpConfig map[string]string) (oauth2.TokenSource, error) {
-	// Command-based token source
-	if isCmd {
-		cmd := gcpConfig["cmd-path"]
-		if len(cmd) == 0 {
-			return nil, fmt.Errorf("missing access token cmd")
-		}
-		if gcpConfig["scopes"] != "" {
-			return nil, fmt.Errorf("scopes can only be used when kubectl is using a gcp service account key")
-		}
-		var args []string
-		if cmdArgs, ok := gcpConfig["cmd-args"]; ok {
-			args = strings.Fields(cmdArgs)
-		} else {
-			fields := strings.Fields(cmd)
-			cmd = fields[0]
-			args = fields[1:]
-		}
-		return newCmdTokenSource(cmd, args, gcpConfig["token-key"], gcpConfig["expiry-key"], gcpConfig["time-fmt"]), nil
-	}
-
-	// Google Application Credentials-based token source
-	scopes := parseScopes(gcpConfig)
-	ts, err := google.DefaultTokenSource(context.Background(), scopes...)
-	if err != nil {
-		return nil, fmt.Errorf("cannot construct google default token source: %v", err)
-	}
-	return ts, nil
-}
-
-// parseScopes constructs a list of scopes that should be included in token source
-// from the config map.
-func parseScopes(gcpConfig map[string]string) []string {
-	scopes, ok := gcpConfig["scopes"]
-	if !ok {
-		return defaultScopes
-	}
-	if scopes == "" {
-		return []string{}
-	}
-	return strings.Split(gcpConfig["scopes"], ",")
-}
-
-func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
-	var resetCache map[string]string
-	if cts, ok := g.tokenSource.(*cachedTokenSource); ok {
-		resetCache = cts.baseCache()
-	} else {
-		resetCache = make(map[string]string)
-	}
-	return &conditionalTransport{&oauth2.Transport{Source: g.tokenSource, Base: rt}, g.persister, resetCache}
-}
-
-func (g *gcpAuthProvider) Login() error { return nil }
-
-type cachedTokenSource struct {
-	lk          sync.Mutex
-	source      oauth2.TokenSource
-	accessToken string `datapolicy:"token"`
-	expiry      time.Time
-	persister   restclient.AuthProviderConfigPersister
-	cache       map[string]string
-}
-
-func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister, ts oauth2.TokenSource, cache map[string]string) (*cachedTokenSource, error) {
-	var expiryTime time.Time
-	if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil {
-		expiryTime = parsedTime
-	}
-	if cache == nil {
-		cache = make(map[string]string)
-	}
-	return &cachedTokenSource{
-		source:      ts,
-		accessToken: accessToken,
-		expiry:      expiryTime,
-		persister:   persister,
-		cache:       cache,
-	}, nil
-}
-
-func (t *cachedTokenSource) Token() (*oauth2.Token, error) {
-	tok := t.cachedToken()
-	if tok.Valid() && !tok.Expiry.IsZero() {
-		return tok, nil
-	}
-	tok, err := t.source.Token()
-	if err != nil {
-		return nil, err
-	}
-	cache := t.update(tok)
-	if t.persister != nil {
-		if err := t.persister.Persist(cache); err != nil {
-			klog.V(4).Infof("Failed to persist token: %v", err)
-		}
-	}
-	return tok, nil
-}
-
-func (t *cachedTokenSource) cachedToken() *oauth2.Token {
-	t.lk.Lock()
-	defer t.lk.Unlock()
-	return &oauth2.Token{
-		AccessToken: t.accessToken,
-		TokenType:   "Bearer",
-		Expiry:      t.expiry,
-	}
-}
-
-func (t *cachedTokenSource) update(tok *oauth2.Token) map[string]string {
-	t.lk.Lock()
-	defer t.lk.Unlock()
-	t.accessToken = tok.AccessToken
-	t.expiry = tok.Expiry
-	ret := map[string]string{}
-	for k, v := range t.cache {
-		ret[k] = v
-	}
-	ret["access-token"] = t.accessToken
-	ret["expiry"] = t.expiry.Format(time.RFC3339Nano)
-	return ret
-}
-
-// baseCache is the base configuration value for this TokenSource, without any cached ephemeral tokens.
-func (t *cachedTokenSource) baseCache() map[string]string {
-	t.lk.Lock()
-	defer t.lk.Unlock()
-	ret := map[string]string{}
-	for k, v := range t.cache {
-		ret[k] = v
-	}
-	delete(ret, "access-token")
-	delete(ret, "expiry")
-	return ret
-}
-
-type commandTokenSource struct {
-	cmd       string
-	args      []string
-	tokenKey  string `datapolicy:"token"`
-	expiryKey string `datapolicy:"secret-key"`
-	timeFmt   string
-}
-
-func newCmdTokenSource(cmd string, args []string, tokenKey, expiryKey, timeFmt string) *commandTokenSource {
-	if len(timeFmt) == 0 {
-		timeFmt = time.RFC3339Nano
-	}
-	if len(tokenKey) == 0 {
-		tokenKey = "{.access_token}"
-	}
-	if len(expiryKey) == 0 {
-		expiryKey = "{.token_expiry}"
-	}
-	return &commandTokenSource{
-		cmd:       cmd,
-		args:      args,
-		tokenKey:  tokenKey,
-		expiryKey: expiryKey,
-		timeFmt:   timeFmt,
-	}
-}
-
-func (c *commandTokenSource) Token() (*oauth2.Token, error) {
-	fullCmd := strings.Join(append([]string{c.cmd}, c.args...), " ")
-	cmd := execCommand(c.cmd, c.args...)
-	var stderr bytes.Buffer
-	cmd.Stderr = &stderr
-	output, err := cmd.Output()
-	if err != nil {
-		return nil, fmt.Errorf("error executing access token command %q: err=%v output=%s stderr=%s", fullCmd, err, output, string(stderr.Bytes()))
-	}
-	token, err := c.parseTokenCmdOutput(output)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing output for access token command %q: %v", fullCmd, err)
-	}
-	return token, nil
-}
-
-func (c *commandTokenSource) parseTokenCmdOutput(output []byte) (*oauth2.Token, error) {
-	output, err := yaml.ToJSON(output)
-	if err != nil {
-		return nil, err
-	}
-	var data interface{}
-	if err := json.Unmarshal(output, &data); err != nil {
-		return nil, err
-	}
-
-	accessToken, err := parseJSONPath(data, "token-key", c.tokenKey)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing token-key %q from %q: %v", c.tokenKey, string(output), err)
-	}
-	expiryStr, err := parseJSONPath(data, "expiry-key", c.expiryKey)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing expiry-key %q from %q: %v", c.expiryKey, string(output), err)
-	}
-	var expiry time.Time
-	if t, err := time.Parse(c.timeFmt, expiryStr); err != nil {
-		klog.V(4).Infof("Failed to parse token expiry from %s (fmt=%s): %v", expiryStr, c.timeFmt, err)
-	} else {
-		expiry = t
-	}
-
-	return &oauth2.Token{
-		AccessToken: accessToken,
-		TokenType:   "Bearer",
-		Expiry:      expiry,
-	}, nil
-}
-
-func parseJSONPath(input interface{}, name, template string) (string, error) {
-	j := jsonpath.New(name)
-	buf := new(bytes.Buffer)
-	if err := j.Parse(template); err != nil {
-		return "", err
-	}
-	if err := j.Execute(buf, input); err != nil {
-		return "", err
-	}
-	return buf.String(), nil
-}
-
-type conditionalTransport struct {
-	oauthTransport *oauth2.Transport
-	persister      restclient.AuthProviderConfigPersister
-	resetCache     map[string]string
-}
-
-var _ net.RoundTripperWrapper = &conditionalTransport{}
-
-func (t *conditionalTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	if len(req.Header.Get("Authorization")) != 0 {
-		return t.oauthTransport.Base.RoundTrip(req)
-	}
-
-	res, err := t.oauthTransport.RoundTrip(req)
-
-	if err != nil {
-		return nil, err
-	}
-
-	if res.StatusCode == 401 {
-		klog.V(4).Infof("The credentials that were supplied are invalid for the target cluster")
-		t.persister.Persist(t.resetCache)
-	}
-
-	return res, nil
-}
-
-func (t *conditionalTransport) WrappedRoundTripper() http.RoundTripper { return t.oauthTransport.Base }
--- a/plugin/pkg/client/auth/gcp/gcp_stub.go
+++ b/plugin/pkg/client/auth/gcp/gcp_stub.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gcp
+
+import (
+	"errors"
+
+	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	if err := rest.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil {
+		klog.Fatalf("Failed to register gcp auth plugin: %v", err)
+	}
+}
+
+func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
+	return nil, errors.New(`The gcp auth plugin has been removed.
+Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
+See https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for further details`)
+}
--- a/plugin/pkg/client/auth/gcp/gcp_test.go
+++ b/plugin/pkg/client/auth/gcp/gcp_test.go
@@ -1,527 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package gcp
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"reflect"
-	"strings"
-	"sync"
-	"testing"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type fakeOutput struct {
-	args   []string
-	output string
-}
-
-var (
-	wantCmd []string
-	// Output for fakeExec, keyed by command
-	execOutputs = map[string]fakeOutput{
-		"/default/no/args": {
-			args: []string{},
-			output: `{
-  "access_token": "faketoken",
-  "token_expiry": "2016-10-31T22:31:09.123000000Z"
-}`},
-		"/default/legacy/args": {
-			args: []string{"arg1", "arg2", "arg3"},
-			output: `{
-  "access_token": "faketoken",
-  "token_expiry": "2016-10-31T22:31:09.123000000Z"
-}`},
-		"/space in path/customkeys": {
-			args: []string{"can", "haz", "auth"},
-			output: `{
-  "token": "faketoken",
-  "token_expiry": {
-    "datetime": "2016-10-31 22:31:09.123"
-  }
-}`},
-		"missing/tokenkey/noargs": {
-			args: []string{},
-			output: `{
-  "broken": "faketoken",
-  "token_expiry": {
-    "datetime": "2016-10-31 22:31:09.123000000Z"
-  }
-}`},
-		"missing/expirykey/legacyargs": {
-			args: []string{"split", "on", "whitespace"},
-			output: `{
-  "access_token": "faketoken",
-  "expires": "2016-10-31T22:31:09.123000000Z"
-}`},
-		"invalid expiry/timestamp": {
-			args: []string{"foo", "--bar", "--baz=abc,def"},
-			output: `{
-  "access_token": "faketoken",
-  "token_expiry": "sometime soon, idk"
-}`},
-		"badjson": {
-			args: []string{},
-			output: `{
-  "access_token": "faketoken",
-  "token_expiry": "sometime soon, idk"
-  ------
-`},
-	}
-)
-
-func fakeExec(command string, args ...string) *exec.Cmd {
-	cs := []string{"-test.run=TestHelperProcess", "--", command}
-	cs = append(cs, args...)
-	cmd := exec.Command(os.Args[0], cs...)
-	cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"}
-	return cmd
-}
-
-func TestHelperProcess(t *testing.T) {
-	if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" {
-		return
-	}
-	// Strip out the leading args used to exec into this function.
-	gotCmd := os.Args[3]
-	gotArgs := os.Args[4:]
-	output, ok := execOutputs[gotCmd]
-	if !ok {
-		fmt.Fprintf(os.Stdout, "unexpected call cmd=%q args=%v\n", gotCmd, gotArgs)
-		os.Exit(1)
-	} else if !reflect.DeepEqual(output.args, gotArgs) {
-		fmt.Fprintf(os.Stdout, "call cmd=%q got args %v, want: %v\n", gotCmd, gotArgs, output.args)
-		os.Exit(1)
-	}
-	fmt.Fprintf(os.Stdout, output.output)
-	os.Exit(0)
-}
-
-func Test_isCmdTokenSource(t *testing.T) {
-	c1 := map[string]string{"cmd-path": "foo"}
-	if v := isCmdTokenSource(c1); !v {
-		t.Fatalf("cmd-path present in config (%+v), but got %v", c1, v)
-	}
-
-	c2 := map[string]string{"cmd-args": "foo bar"}
-	if v := isCmdTokenSource(c2); v {
-		t.Fatalf("cmd-path not present in config (%+v), but got %v", c2, v)
-	}
-}
-
-func Test_tokenSource_cmd(t *testing.T) {
-	if _, err := tokenSource(true, map[string]string{}); err == nil {
-		t.Fatalf("expected error, cmd-args not present in config")
-	}
-
-	c := map[string]string{
-		"cmd-path": "foo",
-		"cmd-args": "bar"}
-	ts, err := tokenSource(true, c)
-	if err != nil {
-		t.Fatalf("failed to return cmd token source: %+v", err)
-	}
-	if ts == nil {
-		t.Fatal("returned nil token source")
-	}
-	if _, ok := ts.(*commandTokenSource); !ok {
-		t.Fatalf("returned token source type:(%T) expected:(*commandTokenSource)", ts)
-	}
-}
-
-func Test_tokenSource_cmdCannotBeUsedWithScopes(t *testing.T) {
-	c := map[string]string{
-		"cmd-path": "foo",
-		"scopes":   "A,B"}
-	if _, err := tokenSource(true, c); err == nil {
-		t.Fatal("expected error when scopes is used with cmd-path")
-	}
-}
-
-func Test_tokenSource_applicationDefaultCredentials_fails(t *testing.T) {
-	// try to use empty ADC file
-	fakeTokenFile, err := ioutil.TempFile("", "adctoken")
-	if err != nil {
-		t.Fatalf("failed to create fake token file: +%v", err)
-	}
-	fakeTokenFile.Close()
-	defer os.Remove(fakeTokenFile.Name())
-
-	os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name())
-	defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
-	if _, err := tokenSource(false, map[string]string{}); err == nil {
-		t.Fatalf("expected error because specified ADC token file is not a JSON")
-	}
-}
-
-func Test_tokenSource_applicationDefaultCredentials(t *testing.T) {
-	fakeTokenFile, err := ioutil.TempFile("", "adctoken")
-	if err != nil {
-		t.Fatalf("failed to create fake token file: +%v", err)
-	}
-	fakeTokenFile.Close()
-	defer os.Remove(fakeTokenFile.Name())
-	if err := ioutil.WriteFile(fakeTokenFile.Name(), []byte(`{"type":"service_account"}`), 0600); err != nil {
-		t.Fatalf("failed to write to fake token file: %+v", err)
-	}
-
-	os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name())
-	defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
-	ts, err := tokenSource(false, map[string]string{})
-	if err != nil {
-		t.Fatalf("failed to get a token source: %+v", err)
-	}
-	if ts == nil {
-		t.Fatal("returned nil token source")
-	}
-}
-
-func Test_parseScopes(t *testing.T) {
-	cases := []struct {
-		in  map[string]string
-		out []string
-	}{
-		{
-			map[string]string{},
-			[]string{
-				"https://www.googleapis.com/auth/cloud-platform",
-				"https://www.googleapis.com/auth/userinfo.email"},
-		},
-		{
-			map[string]string{"scopes": ""},
-			[]string{},
-		},
-		{
-			map[string]string{"scopes": "A,B,C"},
-			[]string{"A", "B", "C"},
-		},
-	}
-
-	for _, c := range cases {
-		got := parseScopes(c.in)
-		if !reflect.DeepEqual(got, c.out) {
-			t.Errorf("expected=%v, got=%v", c.out, got)
-		}
-	}
-}
-
-func errEquiv(got, want error) bool {
-	if got == want {
-		return true
-	}
-	if got != nil && want != nil {
-		return strings.Contains(got.Error(), want.Error())
-	}
-	return false
-}
-
-func TestCmdTokenSource(t *testing.T) {
-	execCommand = fakeExec
-	fakeExpiry := time.Date(2016, 10, 31, 22, 31, 9, 123000000, time.UTC)
-	customFmt := "2006-01-02 15:04:05.999999999"
-
-	tests := []struct {
-		name             string
-		gcpConfig        map[string]string
-		tok              *oauth2.Token
-		newErr, tokenErr error
-	}{
-		{
-			"default",
-			map[string]string{
-				"cmd-path": "/default/no/args",
-			},
-			&oauth2.Token{
-				AccessToken: "faketoken",
-				TokenType:   "Bearer",
-				Expiry:      fakeExpiry,
-			},
-			nil,
-			nil,
-		},
-		{
-			"default legacy args",
-			map[string]string{
-				"cmd-path": "/default/legacy/args arg1 arg2 arg3",
-			},
-			&oauth2.Token{
-				AccessToken: "faketoken",
-				TokenType:   "Bearer",
-				Expiry:      fakeExpiry,
-			},
-			nil,
-			nil,
-		},
-
-		{
-			"custom keys",
-			map[string]string{
-				"cmd-path":   "/space in path/customkeys",
-				"cmd-args":   "can haz auth",
-				"token-key":  "{.token}",
-				"expiry-key": "{.token_expiry.datetime}",
-				"time-fmt":   customFmt,
-			},
-			&oauth2.Token{
-				AccessToken: "faketoken",
-				TokenType:   "Bearer",
-				Expiry:      fakeExpiry,
-			},
-			nil,
-			nil,
-		},
-		{
-			"missing cmd",
-			map[string]string{
-				"cmd-path": "",
-			},
-			nil,
-			fmt.Errorf("missing access token cmd"),
-			nil,
-		},
-		{
-			"missing token-key",
-			map[string]string{
-				"cmd-path":  "missing/tokenkey/noargs",
-				"token-key": "{.token}",
-			},
-			nil,
-			nil,
-			fmt.Errorf("error parsing token-key %q", "{.token}"),
-		},
-
-		{
-			"missing expiry-key",
-			map[string]string{
-				"cmd-path":   "missing/expirykey/legacyargs split on whitespace",
-				"expiry-key": "{.expiry}",
-			},
-			nil,
-			nil,
-			fmt.Errorf("error parsing expiry-key %q", "{.expiry}"),
-		},
-		{
-			"invalid expiry timestamp",
-			map[string]string{
-				"cmd-path": "invalid expiry/timestamp",
-				"cmd-args": "foo --bar --baz=abc,def",
-			},
-			&oauth2.Token{
-				AccessToken: "faketoken",
-				TokenType:   "Bearer",
-				Expiry:      time.Time{},
-			},
-			nil,
-			nil,
-		},
-		{
-			"bad JSON",
-			map[string]string{
-				"cmd-path": "badjson",
-			},
-			nil,
-			nil,
-			fmt.Errorf("invalid character '-' after object key:value pair"),
-		},
-	}
-
-	for _, tc := range tests {
-		provider, err := newGCPAuthProvider("", tc.gcpConfig, nil /* persister */)
-		if !errEquiv(err, tc.newErr) {
-			t.Errorf("%q newGCPAuthProvider error: got %v, want %v", tc.name, err, tc.newErr)
-			continue
-		}
-		if err != nil {
-			continue
-		}
-		ts := provider.(*gcpAuthProvider).tokenSource.(*cachedTokenSource).source.(*commandTokenSource)
-		wantCmd = append([]string{ts.cmd}, ts.args...)
-		tok, err := ts.Token()
-		if !errEquiv(err, tc.tokenErr) {
-			t.Errorf("%q Token() error: got %v, want %v", tc.name, err, tc.tokenErr)
-		}
-		if !reflect.DeepEqual(tok, tc.tok) {
-			t.Errorf("%q Token() got %v, want %v", tc.name, tok, tc.tok)
-		}
-	}
-}
-
-type fakePersister struct {
-	lk    sync.Mutex
-	cache map[string]string
-}
-
-func (f *fakePersister) Persist(cache map[string]string) error {
-	f.lk.Lock()
-	defer f.lk.Unlock()
-	f.cache = map[string]string{}
-	for k, v := range cache {
-		f.cache[k] = v
-	}
-	return nil
-}
-
-func (f *fakePersister) read() map[string]string {
-	ret := map[string]string{}
-	f.lk.Lock()
-	defer f.lk.Unlock()
-	for k, v := range f.cache {
-		ret[k] = v
-	}
-	return ret
-}
-
-type fakeTokenSource struct {
-	token *oauth2.Token
-	err   error
-}
-
-func (f *fakeTokenSource) Token() (*oauth2.Token, error) {
-	return f.token, f.err
-}
-
-func TestCachedTokenSource(t *testing.T) {
-	tok := &oauth2.Token{AccessToken: "fakeaccesstoken"}
-	persister := &fakePersister{}
-	source := &fakeTokenSource{
-		token: tok,
-		err:   nil,
-	}
-	cache := map[string]string{
-		"foo": "bar",
-		"baz": "bazinga",
-	}
-	ts, err := newCachedTokenSource("fakeaccesstoken", "", persister, source, cache)
-	if err != nil {
-		t.Fatal(err)
-	}
-	var wg sync.WaitGroup
-	wg.Add(10)
-	for i := 0; i < 10; i++ {
-		go func() {
-			_, err := ts.Token()
-			if err != nil {
-				t.Errorf("unexpected error: %s", err)
-			}
-			wg.Done()
-		}()
-	}
-	wg.Wait()
-	cache["access-token"] = "fakeaccesstoken"
-	cache["expiry"] = tok.Expiry.Format(time.RFC3339Nano)
-	if got := persister.read(); !reflect.DeepEqual(got, cache) {
-		t.Errorf("got cache %v, want %v", got, cache)
-	}
-}
-
-type MockTransport struct {
-	res *http.Response
-}
-
-func (t *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	return t.res, nil
-}
-
-func Test_cmdTokenSource_roundTrip(t *testing.T) {
-
-	accessToken := "fakeToken"
-	fakeExpiry := time.Now().Add(time.Hour)
-	fakeExpiryStr := fakeExpiry.Format(time.RFC3339Nano)
-	fs := &fakeTokenSource{
-		token: &oauth2.Token{
-			AccessToken: accessToken,
-			Expiry:      fakeExpiry,
-		},
-	}
-
-	cmdCache := map[string]string{
-		"cmd-path": "/path/to/tokensource/cmd",
-		"cmd-args": "--output=json",
-	}
-	cmdCacheUpdated := map[string]string{
-		"cmd-path":     "/path/to/tokensource/cmd",
-		"cmd-args":     "--output=json",
-		"access-token": accessToken,
-		"expiry":       fakeExpiryStr,
-	}
-	simpleCacheUpdated := map[string]string{
-		"access-token": accessToken,
-		"expiry":       fakeExpiryStr,
-	}
-
-	tests := []struct {
-		name                     string
-		res                      http.Response
-		baseCache, expectedCache map[string]string
-	}{
-		{
-			"Unauthorized",
-			http.Response{StatusCode: http.StatusUnauthorized},
-			make(map[string]string),
-			make(map[string]string),
-		},
-		{
-			"Unauthorized, nonempty defaultCache",
-			http.Response{StatusCode: http.StatusUnauthorized},
-			cmdCache,
-			cmdCache,
-		},
-		{
-			"Authorized",
-			http.Response{StatusCode: http.StatusOK},
-			make(map[string]string),
-			simpleCacheUpdated,
-		},
-		{
-			"Authorized, nonempty defaultCache",
-			http.Response{StatusCode: http.StatusOK},
-			cmdCache,
-			cmdCacheUpdated,
-		},
-	}
-
-	persister := &fakePersister{}
-	req := http.Request{Header: http.Header{}}
-
-	for _, tc := range tests {
-		cts, err := newCachedTokenSource(accessToken, fakeExpiry.String(), persister, fs, tc.baseCache)
-		if err != nil {
-			t.Fatalf("unexpected error from newCachedTokenSource: %v", err)
-		}
-		authProvider := gcpAuthProvider{cts, persister}
-
-		fakeTransport := MockTransport{&tc.res}
-		transport := (authProvider.WrapTransport(&fakeTransport))
-		// call Token to persist/update cache
-		if _, err := cts.Token(); err != nil {
-			t.Fatalf("unexpected error from cachedTokenSource.Token(): %v", err)
-		}
-
-		transport.RoundTrip(&req)
-
-		if got := persister.read(); !reflect.DeepEqual(got, tc.expectedCache) {
-			t.Errorf("got cache %v, want %v", got, tc.expectedCache)
-		}
-	}
-
-}
--- a/rest/request.go
+++ b/rest/request.go
@@ -34,7 +34,6 @@ import (
 	"time"

 	"golang.org/x/net/http2"
-
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -117,11 +116,8 @@ type Request struct {
 	subresource  string

 	// output
-	err error
-
-	// only one of body / bodyBytes may be set. requests using body are not retriable.
-	body      io.Reader
-	bodyBytes []byte
+	err  error
+	body io.Reader

 	retryFn requestRetryFunc
 }
@@ -447,15 +443,12 @@ func (r *Request) Body(obj interface{}) *Request {
 			return r
 		}
 		glogBody("Request Body", data)
-		r.body = nil
-		r.bodyBytes = data
+		r.body = bytes.NewReader(data)
 	case []byte:
 		glogBody("Request Body", t)
-		r.body = nil
-		r.bodyBytes = t
+		r.body = bytes.NewReader(t)
 	case io.Reader:
 		r.body = t
-		r.bodyBytes = nil
 	case runtime.Object:
 		// callers may pass typed interface pointers, therefore we must check nil with reflection
 		if reflect.ValueOf(t).IsNil() {
@@ -472,8 +465,7 @@ func (r *Request) Body(obj interface{}) *Request {
 			return r
 		}
 		glogBody("Request Body", data)
-		r.body = nil
-		r.bodyBytes = data
+		r.body = bytes.NewReader(data)
 		r.SetHeader("Content-Type", r.c.content.ContentType)
 	default:
 		r.err = fmt.Errorf("unknown type used for body: %+v", obj)
@@ -516,87 +508,6 @@ func (r *Request) URL() *url.URL {
 	return finalURL
 }

-// finalURLTemplate is similar to URL(), but will make all specific parameter values equal
-// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query
-// parameters will be reset. This creates a copy of the url so as not to change the
-// underlying object.
-func (r Request) finalURLTemplate() url.URL {
-	newParams := url.Values{}
-	v := []string{"{value}"}
-	for k := range r.params {
-		newParams[k] = v
-	}
-	r.params = newParams
-	u := r.URL()
-	if u == nil {
-		return url.URL{}
-	}
-
-	segments := strings.Split(u.Path, "/")
-	groupIndex := 0
-	index := 0
-	trimmedBasePath := ""
-	if r.c.base != nil && strings.Contains(u.Path, r.c.base.Path) {
-		p := strings.TrimPrefix(u.Path, r.c.base.Path)
-		if !strings.HasPrefix(p, "/") {
-			p = "/" + p
-		}
-		// store the base path that we have trimmed so we can append it
-		// before returning the URL
-		trimmedBasePath = r.c.base.Path
-		segments = strings.Split(p, "/")
-		groupIndex = 1
-	}
-	if len(segments) <= 2 {
-		return *u
-	}
-
-	const CoreGroupPrefix = "api"
-	const NamedGroupPrefix = "apis"
-	isCoreGroup := segments[groupIndex] == CoreGroupPrefix
-	isNamedGroup := segments[groupIndex] == NamedGroupPrefix
-	if isCoreGroup {
-		// checking the case of core group with /api/v1/... format
-		index = groupIndex + 2
-	} else if isNamedGroup {
-		// checking the case of named group with /apis/apps/v1/... format
-		index = groupIndex + 3
-	} else {
-		// this should not happen that the only two possibilities are /api... and /apis..., just want to put an
-		// outlet here in case more API groups are added in future if ever possible:
-		// https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups
-		// if a wrong API groups name is encountered, return the {prefix} for url.Path
-		u.Path = "/{prefix}"
-		u.RawQuery = ""
-		return *u
-	}
-	// switch segLength := len(segments) - index; segLength {
-	switch {
-	// case len(segments) - index == 1:
-	// resource (with no name) do nothing
-	case len(segments)-index == 2:
-		// /$RESOURCE/$NAME: replace $NAME with {name}
-		segments[index+1] = "{name}"
-	case len(segments)-index == 3:
-		if segments[index+2] == "finalize" || segments[index+2] == "status" {
-			// /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
-			segments[index+1] = "{name}"
-		} else {
-			// /namespace/$NAMESPACE/$RESOURCE: replace $NAMESPACE with {namespace}
-			segments[index+1] = "{namespace}"
-		}
-	case len(segments)-index >= 4:
-		segments[index+1] = "{namespace}"
-		// /namespace/$NAMESPACE/$RESOURCE/$NAME: replace $NAMESPACE with {namespace},  $NAME with {name}
-		if segments[index+3] != "finalize" && segments[index+3] != "status" {
-			// /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
-			segments[index+3] = "{name}"
-		}
-	}
-	u.Path = path.Join(trimmedBasePath, path.Join(segments...))
-	return *u
-}
-
 func (r *Request) tryThrottleWithInfo(ctx context.Context, retryInfo string) error {
 	if r.rateLimiter == nil {
 		return nil
@@ -626,7 +537,7 @@ func (r *Request) tryThrottleWithInfo(ctx context.Context, retryInfo string) err
 		// but we use a throttled logger to prevent spamming.
 		globalThrottledLogger.Infof("%s", message)
 	}
-	metrics.RateLimiterLatency.Observe(ctx, r.verb, r.finalURLTemplate(), latency)
+	metrics.RateLimiterLatency.Observe(ctx, r.verb, *r.URL(), latency)

 	return err
 }
@@ -833,7 +744,9 @@ func (r *Request) Stream(ctx context.Context) (io.ReadCloser, error) {
 		if err != nil {
 			return nil, err
 		}
-
+		if r.body != nil {
+			req.Body = ioutil.NopCloser(r.body)
+		}
 		resp, err := client.Do(req)
 		updateURLMetrics(ctx, r, resp, err)
 		retry.After(ctx, r, resp, err)
@@ -895,20 +808,8 @@ func (r *Request) requestPreflightCheck() error {
 }

 func (r *Request) newHTTPRequest(ctx context.Context) (*http.Request, error) {
-	var body io.Reader
-	switch {
-	case r.body != nil && r.bodyBytes != nil:
-		return nil, fmt.Errorf("cannot set both body and bodyBytes")
-	case r.body != nil:
-		body = r.body
-	case r.bodyBytes != nil:
-		// Create a new reader specifically for this request.
-		// Giving each request a dedicated reader allows retries to avoid races resetting the request body.
-		body = bytes.NewReader(r.bodyBytes)
-	}
-
 	url := r.URL().String()
-	req, err := http.NewRequest(r.verb, url, body)
+	req, err := http.NewRequest(r.verb, url, r.body)
 	if err != nil {
 		return nil, err
 	}
@@ -925,7 +826,7 @@ func (r *Request) request(ctx context.Context, fn func(*http.Request, *http.Resp
 	// Metrics for total request latency
 	start := time.Now()
 	defer func() {
-		metrics.RequestLatency.Observe(ctx, r.verb, r.finalURLTemplate(), time.Since(start))
+		metrics.RequestLatency.Observe(ctx, r.verb, *r.URL(), time.Since(start))
 	}()

 	if r.err != nil {
--- a/rest/request_test.go
+++ b/rest/request_test.go
@@ -338,206 +338,6 @@ func TestResultIntoWithNoBodyReturnsErr(t *testing.T) {
 	}
 }

-func TestURLTemplate(t *testing.T) {
-	uri, _ := url.Parse("http://localhost/some/base/url/path")
-	uriSingleSlash, _ := url.Parse("http://localhost/")
-	testCases := []struct {
-		Request          *Request
-		ExpectedFullURL  string
-		ExpectedFinalURL string
-	}{
-		{
-			// non dynamic client
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("POST").
-				Prefix("api", "v1").Resource("r1").Namespace("ns").Name("nm").Param("p0", "v0"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/api/v1/namespaces/ns/r1/nm?p0=v0",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/api/v1/namespaces/%7Bnamespace%7D/r1/%7Bname%7D?p0=%7Bvalue%7D",
-		},
-		{
-			// non dynamic client with wrong api group
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("POST").
-				Prefix("pre1", "v1").Resource("r1").Namespace("ns").Name("nm").Param("p0", "v0"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/pre1/v1/namespaces/ns/r1/nm?p0=v0",
-			ExpectedFinalURL: "http://localhost/%7Bprefix%7D",
-		},
-		{
-			// dynamic client with core group + namespace + resourceResource (with name)
-			// /api/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/api/v1/namespaces/ns/r1/name1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/api/v1/namespaces/ns/r1/name1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/api/v1/namespaces/%7Bnamespace%7D/r1/%7Bname%7D",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/g1/v1/namespaces/ns/r1/name1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/g1/v1/namespaces/ns/r1/name1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/g1/v1/namespaces/%7Bnamespace%7D/r1/%7Bname%7D",
-		},
-		{
-			// dynamic client with core group + namespace + resourceResource (with NO name)
-			// /api/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/api/v1/namespaces/ns/r1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/api/v1/namespaces/ns/r1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/api/v1/namespaces/%7Bnamespace%7D/r1",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with NO name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/g1/v1/namespaces/ns/r1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/g1/v1/namespaces/ns/r1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/g1/v1/namespaces/%7Bnamespace%7D/r1",
-		},
-		{
-			// dynamic client with core group + resourceResource (with name)
-			// /api/$RESOURCEVERSION/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/api/v1/r1/name1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/api/v1/r1/name1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/api/v1/r1/%7Bname%7D",
-		},
-		{
-			// dynamic client with named group + resourceResource (with name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/g1/v1/r1/name1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/g1/v1/r1/name1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/g1/v1/r1/%7Bname%7D",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME/$SUBRESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces/finalize"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces/finalize",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bnamespace%7D/namespaces/%7Bname%7D/finalize",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bnamespace%7D/namespaces/%7Bname%7D",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with NO name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%SUBRESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/namespaces/finalize"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/namespaces/finalize",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bnamespace%7D/namespaces/finalize",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with NO name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%SUBRESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/namespaces/status"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/namespaces/status",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bnamespace%7D/namespaces/status",
-		},
-		{
-			// dynamic client with named group + namespace + resourceResource (with no name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/namespaces"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/namespaces",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bnamespace%7D/namespaces",
-		},
-		{
-			// dynamic client with named group + resourceResource (with name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/finalize"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/finalize",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bname%7D/finalize",
-		},
-		{
-			// dynamic client with named group + resourceResource (with name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces/status"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces/status",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bname%7D/status",
-		},
-		{
-			// dynamic client with named group + resourceResource (with name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces/namespaces"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/namespaces",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces/%7Bname%7D",
-		},
-		{
-			// dynamic client with named group + resourceResource (with no name)
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/apis/namespaces/namespaces/namespaces"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/apis/namespaces/namespaces/namespaces",
-		},
-		{
-			// dynamic client with wrong api group + namespace + resourceResource (with name) + subresource
-			// /apis/$NAMEDGROUPNAME/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME/$SUBRESOURCE
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/pre1/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces/finalize"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/pre1/namespaces/namespaces/namespaces/namespaces/namespaces/namespaces/finalize",
-			ExpectedFinalURL: "http://localhost/%7Bprefix%7D",
-		},
-		{
-			// dynamic client with core group + namespace + resourceResource (with name) where baseURL is a single /
-			// /api/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uriSingleSlash, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/api/v1/namespaces/ns/r2/name1"),
-			ExpectedFullURL:  "http://localhost/api/v1/namespaces/ns/r2/name1",
-			ExpectedFinalURL: "http://localhost/api/v1/namespaces/%7Bnamespace%7D/r2/%7Bname%7D",
-		},
-		{
-			// dynamic client with core group + namespace + resourceResource (with name) where baseURL is 'some/base/url/path'
-			// /api/$RESOURCEVERSION/namespaces/$NAMESPACE/$RESOURCE/%NAME
-			Request: NewRequestWithClient(uri, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/api/v1/namespaces/ns/r3/name1"),
-			ExpectedFullURL:  "http://localhost/some/base/url/path/api/v1/namespaces/ns/r3/name1",
-			ExpectedFinalURL: "http://localhost/some/base/url/path/api/v1/namespaces/%7Bnamespace%7D/r3/%7Bname%7D",
-		},
-		{
-			// dynamic client where baseURL is a single /
-			// /
-			Request: NewRequestWithClient(uriSingleSlash, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/"),
-			ExpectedFullURL:  "http://localhost/",
-			ExpectedFinalURL: "http://localhost/",
-		},
-		{
-			// dynamic client where baseURL is a single /
-			// /version
-			Request: NewRequestWithClient(uriSingleSlash, "", ClientContentConfig{GroupVersion: schema.GroupVersion{Group: "test"}}, nil).Verb("DELETE").
-				Prefix("/version"),
-			ExpectedFullURL:  "http://localhost/version",
-			ExpectedFinalURL: "http://localhost/version",
-		},
-	}
-	for i, testCase := range testCases {
-		r := testCase.Request
-		full := r.URL()
-		if full.String() != testCase.ExpectedFullURL {
-			t.Errorf("%d: unexpected initial URL: %s %s", i, full, testCase.ExpectedFullURL)
-		}
-		actualURL := r.finalURLTemplate()
-		actual := actualURL.String()
-		if actual != testCase.ExpectedFinalURL {
-			t.Errorf("%d: unexpected URL template: %s %s", i, actual, testCase.ExpectedFinalURL)
-		}
-		if r.URL().String() != full.String() {
-			t.Errorf("%d, creating URL template changed request: %s -> %s", i, full.String(), r.URL().String())
-		}
-	}
-}
-
 func TestTransformResponse(t *testing.T) {
 	invalid := []byte("aaaaa")
 	uri, _ := url.Parse("http://localhost")
@@ -1123,6 +923,42 @@ func TestRequestWatch(t *testing.T) {
 			},
 			Empty: true,
 		},
+		{
+			name: "max retries 1, server returns a retry-after response, request body seek error",
+			Request: &Request{
+				body: &readSeeker{err: io.EOF},
+				c: &RESTClient{
+					base: &url.URL{},
+				},
+			},
+			maxRetries:       1,
+			attemptsExpected: 1,
+			serverReturns: []responseErr{
+				{response: retryAfterResponse(), err: nil},
+			},
+			Err: true,
+			ErrFn: func(err error) bool {
+				return !apierrors.IsInternalError(err) && strings.Contains(err.Error(), "failed to reset the request body while retrying a request: EOF")
+			},
+		},
+		{
+			name: "max retries 1, server returns a retryable error, request body seek error",
+			Request: &Request{
+				body: &readSeeker{err: io.EOF},
+				c: &RESTClient{
+					base: &url.URL{},
+				},
+			},
+			maxRetries:       1,
+			attemptsExpected: 1,
+			serverReturns: []responseErr{
+				{response: nil, err: io.EOF},
+			},
+			Err: true,
+			ErrFn: func(err error) bool {
+				return !apierrors.IsInternalError(err)
+			},
+		},
 		{
 			name: "max retries 2, server always returns a response with Retry-After header",
 			Request: &Request{
@@ -1284,7 +1120,7 @@ func TestRequestStream(t *testing.T) {
 			},
 		},
 		{
-			name: "max retries 1, server returns a retry-after response, non-bytes request, no retry",
+			name: "max retries 1, server returns a retry-after response, request body seek error",
 			Request: &Request{
 				body: &readSeeker{err: io.EOF},
 				c: &RESTClient{
@@ -1297,6 +1133,9 @@ func TestRequestStream(t *testing.T) {
 				{response: retryAfterResponse(), err: nil},
 			},
 			Err: true,
+			ErrFn: func(err error) bool {
+				return !apierrors.IsInternalError(err) && strings.Contains(err.Error(), "failed to reset the request body while retrying a request: EOF")
+			},
 		},
 		{
 			name: "max retries 2, server always returns a response with Retry-After header",
@@ -1978,24 +1817,20 @@ func TestBody(t *testing.T) {
 			}
 		}

-		req, err := r.newHTTPRequest(context.Background())
-		if err != nil {
-			t.Fatal(err)
-		}
-		if req.Body == nil {
+		if r.body == nil {
 			if len(tt.expected) != 0 {
-				t.Errorf("%d: req.Body = %q; want %q", i, req.Body, tt.expected)
+				t.Errorf("%d: r.body = %q; want %q", i, r.body, tt.expected)
 			}
 			continue
 		}
 		buf := make([]byte, len(tt.expected))
-		if _, err := req.Body.Read(buf); err != nil {
-			t.Errorf("%d: req.Body.Read error: %v", i, err)
+		if _, err := r.body.Read(buf); err != nil {
+			t.Errorf("%d: r.body.Read error: %v", i, err)
 			continue
 		}
 		body := string(buf)
 		if body != tt.expected {
-			t.Errorf("%d: req.Body = %q; want %q", i, body, tt.expected)
+			t.Errorf("%d: r.body = %q; want %q", i, body, tt.expected)
 		}
 	}
 }
@@ -2606,7 +2441,6 @@ func TestRequestWithRetry(t *testing.T) {
 	tests := []struct {
 		name                         string
 		body                         io.Reader
-		bodyBytes                    []byte
 		serverReturns                responseErr
 		errExpected                  error
 		errContains                  string
@@ -2614,53 +2448,53 @@ func TestRequestWithRetry(t *testing.T) {
 		roundTripInvokedExpected     int
 	}{
 		{
-			name:                         "server returns retry-after response, no request body, retry goes ahead",
-			bodyBytes:                    nil,
+			name:                         "server returns retry-after response, request body is not io.Seeker, retry goes ahead",
+			body:                         ioutil.NopCloser(bytes.NewReader([]byte{})),
 			serverReturns:                responseErr{response: retryAfterResponse(), err: nil},
 			errExpected:                  nil,
 			transformFuncInvokedExpected: 1,
 			roundTripInvokedExpected:     2,
 		},
 		{
-			name:                         "server returns retry-after response, bytes request body, retry goes ahead",
-			bodyBytes:                    []byte{},
+			name:                         "server returns retry-after response, request body Seek returns error, retry aborted",
+			body:                         &readSeeker{err: io.EOF},
+			serverReturns:                responseErr{response: retryAfterResponse(), err: nil},
+			errExpected:                  nil,
+			transformFuncInvokedExpected: 0,
+			roundTripInvokedExpected:     1,
+		},
+		{
+			name:                         "server returns retry-after response, request body Seek returns no error, retry goes ahead",
+			body:                         &readSeeker{err: nil},
 			serverReturns:                responseErr{response: retryAfterResponse(), err: nil},
 			errExpected:                  nil,
 			transformFuncInvokedExpected: 1,
 			roundTripInvokedExpected:     2,
 		},
 		{
-			name:                         "server returns retry-after response, opaque request body, retry aborted",
-			body:                         &readSeeker{},
-			serverReturns:                responseErr{response: retryAfterResponse(), err: nil},
-			errExpected:                  nil,
-			transformFuncInvokedExpected: 1,
+			name:                         "server returns retryable err, request body is not io.Seek, retry goes ahead",
+			body:                         ioutil.NopCloser(bytes.NewReader([]byte{})),
+			serverReturns:                responseErr{response: nil, err: io.ErrUnexpectedEOF},
+			errExpected:                  io.ErrUnexpectedEOF,
+			transformFuncInvokedExpected: 0,
+			roundTripInvokedExpected:     2,
+		},
+		{
+			name:                         "server returns retryable err, request body Seek returns error, retry aborted",
+			body:                         &readSeeker{err: io.EOF},
+			serverReturns:                responseErr{response: nil, err: io.ErrUnexpectedEOF},
+			errContains:                  "failed to reset the request body while retrying a request: EOF",
+			transformFuncInvokedExpected: 0,
 			roundTripInvokedExpected:     1,
 		},
 		{
-			name:                         "server returns retryable err, no request body, retry goes ahead",
-			bodyBytes:                    nil,
+			name:                         "server returns retryable err, request body Seek returns no err, retry goes ahead",
+			body:                         &readSeeker{err: nil},
 			serverReturns:                responseErr{response: nil, err: io.ErrUnexpectedEOF},
 			errExpected:                  io.ErrUnexpectedEOF,
 			transformFuncInvokedExpected: 0,
 			roundTripInvokedExpected:     2,
 		},
-		{
-			name:                         "server returns retryable err, bytes request body, retry goes ahead",
-			bodyBytes:                    []byte{},
-			serverReturns:                responseErr{response: nil, err: io.ErrUnexpectedEOF},
-			errExpected:                  io.ErrUnexpectedEOF,
-			transformFuncInvokedExpected: 0,
-			roundTripInvokedExpected:     2,
-		},
-		{
-			name:                         "server returns retryable err, opaque request body, retry aborted",
-			body:                         &readSeeker{},
-			serverReturns:                responseErr{response: nil, err: io.ErrUnexpectedEOF},
-			errExpected:                  io.ErrUnexpectedEOF,
-			transformFuncInvokedExpected: 0,
-			roundTripInvokedExpected:     1,
-		},
 	}

 	for _, test := range tests {
@@ -2831,8 +2665,7 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 	tests := []struct {
 		name          string
 		verb          string
-		body          io.Reader
-		bodyBytes     []byte
+		body          func() io.Reader
 		maxRetries    int
 		serverReturns []responseErr

@@ -2842,7 +2675,7 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 		{
 			name:       "server always returns retry-after response",
 			verb:       "GET",
-			bodyBytes:  []byte{},
+			body:       func() io.Reader { return bytes.NewReader([]byte{}) },
 			maxRetries: 2,
 			serverReturns: []responseErr{
 				{response: retryAfterResponse(), err: nil},
@@ -2870,7 +2703,7 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 		{
 			name:       "server always returns retryable error",
 			verb:       "GET",
-			bodyBytes:  []byte{},
+			body:       func() io.Reader { return bytes.NewReader([]byte{}) },
 			maxRetries: 2,
 			serverReturns: []responseErr{
 				{response: nil, err: io.EOF},
@@ -2899,7 +2732,7 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 		{
 			name:       "server returns success on the final retry",
 			verb:       "GET",
-			bodyBytes:  []byte{},
+			body:       func() io.Reader { return bytes.NewReader([]byte{}) },
 			maxRetries: 2,
 			serverReturns: []responseErr{
 				{response: retryAfterResponse(), err: nil},
@@ -2946,10 +2779,13 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 				return resp, test.serverReturns[attempts].err
 			})

+			reqCountGot := newCount()
+			reqRecorder := newReadTracker(reqCountGot)
+			reqRecorder.delegated = test.body()
+
 			req := &Request{
-				verb:      test.verb,
-				body:      test.body,
-				bodyBytes: test.bodyBytes,
+				verb: test.verb,
+				body: reqRecorder,
 				c: &RESTClient{
 					content: defaultContentConfig(),
 					Client:  client,
@@ -2969,6 +2805,9 @@ func testRequestWithRetry(t *testing.T, key string, doFunc func(ctx context.Cont
 				t.Errorf("Expected retries: %d, but got: %d", expected.attempts, attempts)
 			}

+			if !reflect.DeepEqual(expected.reqCount.seeks, reqCountGot.seeks) {
+				t.Errorf("Expected request body to have seek invocation: %v, but got: %v", expected.reqCount.seeks, reqCountGot.seeks)
+			}
 			if expected.respCount.closes != respCountGot.getCloseCount() {
 				t.Errorf("Expected response body Close to be invoked %d times, but got: %d", expected.respCount.closes, respCountGot.getCloseCount())
 			}
@@ -3225,8 +3064,8 @@ func testRetryWithRateLimiterBackoffAndMetrics(t *testing.T, key string, doFunc
 				t.Fatalf("Wrong test setup - did not find expected for: %s", key)
 			}
 			req := &Request{
-				verb:      "GET",
-				bodyBytes: []byte{},
+				verb: "GET",
+				body: bytes.NewReader([]byte{}),
 				c: &RESTClient{
 					base:        base,
 					content:     defaultContentConfig(),
@@ -3361,8 +3200,8 @@ func testWithRetryInvokeOrder(t *testing.T, key string, doFunc func(ctx context.
 				t.Fatalf("Wrong test setup - did not find expected for: %s", key)
 			}
 			req := &Request{
-				verb:      "GET",
-				bodyBytes: []byte{},
+				verb: "GET",
+				body: bytes.NewReader([]byte{}),
 				c: &RESTClient{
 					base:    base,
 					content: defaultContentConfig(),
@@ -3536,8 +3375,8 @@ func testWithWrapPreviousError(t *testing.T, doFunc func(ctx context.Context, r
 				t.Fatalf("Failed to create new HTTP request - %v", err)
 			}
 			req := &Request{
-				verb:      "GET",
-				bodyBytes: []byte{},
+				verb: "GET",
+				body: bytes.NewReader([]byte{}),
 				c: &RESTClient{
 					base:    base,
 					content: defaultContentConfig(),
@@ -3772,3 +3611,104 @@ func TestTransportConcurrency(t *testing.T) {
 		})
 	}
 }
+
+// TODO: see if we can consolidate the other trackers into one.
+type requestBodyTracker struct {
+	io.ReadSeeker
+	f func(string)
+}
+
+func (t *requestBodyTracker) Read(p []byte) (int, error) {
+	t.f("Request.Body.Read")
+	return t.ReadSeeker.Read(p)
+}
+
+func (t *requestBodyTracker) Seek(offset int64, whence int) (int64, error) {
+	t.f("Request.Body.Seek")
+	return t.ReadSeeker.Seek(offset, whence)
+}
+
+type responseBodyTracker struct {
+	io.ReadCloser
+	f func(string)
+}
+
+func (t *responseBodyTracker) Read(p []byte) (int, error) {
+	t.f("Response.Body.Read")
+	return t.ReadCloser.Read(p)
+}
+
+func (t *responseBodyTracker) Close() error {
+	t.f("Response.Body.Close")
+	return t.ReadCloser.Close()
+}
+
+type recorder struct {
+	order []string
+}
+
+func (r *recorder) record(call string) {
+	r.order = append(r.order, call)
+}
+
+func TestRequestBodyResetOrder(t *testing.T) {
+	recorder := &recorder{}
+	respBodyTracker := &responseBodyTracker{
+		ReadCloser: nil, // the server will fill it
+		f:          recorder.record,
+	}
+
+	var attempts int
+	client := clientForFunc(func(req *http.Request) (*http.Response, error) {
+		defer func() {
+			attempts++
+		}()
+
+		// read the request body.
+		ioutil.ReadAll(req.Body)
+
+		// first attempt, we send a retry-after
+		if attempts == 0 {
+			resp := retryAfterResponse()
+			respBodyTracker.ReadCloser = ioutil.NopCloser(bytes.NewReader([]byte{}))
+			resp.Body = respBodyTracker
+			return resp, nil
+		}
+
+		return &http.Response{StatusCode: http.StatusOK}, nil
+	})
+
+	reqBodyTracker := &requestBodyTracker{
+		ReadSeeker: bytes.NewReader([]byte{}), // empty body ensures one Read operation at most.
+		f:          recorder.record,
+	}
+	req := &Request{
+		verb: "POST",
+		body: reqBodyTracker,
+		c: &RESTClient{
+			content: defaultContentConfig(),
+			Client:  client,
+		},
+		backoff:    &noSleepBackOff{},
+		maxRetries: 1,
+		retryFn:    defaultRequestRetryFn,
+	}
+
+	req.Do(context.Background())
+
+	expected := []string{
+		// 1st attempt: the server handler reads the request body
+		"Request.Body.Read",
+		// the server sends a retry-after, client reads the
+		// response body, and closes it
+		"Response.Body.Read",
+		"Response.Body.Close",
+		// client retry logic seeks to the beginning of the request body
+		"Request.Body.Seek",
+		// 2nd attempt: the server reads the request body
+		"Request.Body.Read",
+	}
+	if !reflect.DeepEqual(expected, recorder.order) {
+		t.Errorf("Expected invocation request and response body operations for retry do not match: %s", cmp.Diff(expected, recorder.order))
+	}
+}
--- a/rest/with_retry.go
+++ b/rest/with_retry.go
@@ -154,11 +154,6 @@ func (r *withRetry) IsNextRetry(ctx context.Context, restReq *Request, httpReq *
 		return false
 	}

-	if restReq.body != nil {
-		// we have an opaque reader, we can't safely reset it
-		return false
-	}
-
 	r.attempts++
 	r.retryAfter = &RetryAfter{Attempt: r.attempts}
 	if r.attempts > r.maxRetries {
@@ -215,6 +210,18 @@ func (r *withRetry) Before(ctx context.Context, request *Request) error {
 		return nil
 	}

+	// At this point we've made atleast one attempt, post which the response
+	// body should have been fully read and closed in order for it to be safe
+	// to reset the request body before we reconnect, in order for us to reuse
+	// the same TCP connection.
+	if seeker, ok := request.body.(io.Seeker); ok && request.body != nil {
+		if _, err := seeker.Seek(0, io.SeekStart); err != nil {
+			err = fmt.Errorf("failed to reset the request body while retrying a request: %v", err)
+			r.trackPreviousError(err)
+			return err
+		}
+	}
+
 	// if we are here, we have made attempt(s) at least once before.
 	if request.backoff != nil {
 		delay := request.backoff.CalculateBackoff(url)
--- a/rest/with_retry_test.go
+++ b/rest/with_retry_test.go
@@ -17,6 +17,7 @@ limitations under the License.
 package rest

 import (
+	"bytes"
 	"context"
 	"errors"
 	"fmt"
@@ -211,7 +212,7 @@ func TestIsNextRetry(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			restReq := &Request{
-				bodyBytes: []byte{},
+				body: bytes.NewReader([]byte{}),
 				c: &RESTClient{
 					base: &url.URL{},
 				},
--- a/transport/cache.go
+++ b/transport/cache.go
@@ -17,7 +17,6 @@ limitations under the License.
 package transport

 import (
-	"context"
 	"fmt"
 	"net"
 	"net/http"
@@ -56,9 +55,6 @@ type tlsCacheKey struct {
 	serverName         string
 	nextProtos         string
 	disableCompression bool
-	// these functions are wrapped to allow them to be used as map keys
-	getCert *GetCertHolder
-	dial    *DialHolder
 }

 func (t tlsCacheKey) String() string {
@@ -66,8 +62,7 @@ func (t tlsCacheKey) String() string {
 	if len(t.keyData) > 0 {
 		keyText = "<redacted>"
 	}
-	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, disableCompression:%t, getCert:%p, dial:%p",
-		t.insecure, t.caData, t.certData, keyText, t.serverName, t.disableCompression, t.getCert, t.dial)
+	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, disableCompression:%t", t.insecure, t.caData, t.certData, keyText, t.serverName, t.disableCompression)
 }

 func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
@@ -97,10 +92,8 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 		return http.DefaultTransport, nil
 	}

-	var dial func(ctx context.Context, network, address string) (net.Conn, error)
-	if config.Dial != nil {
-		dial = config.Dial
-	} else {
+	dial := config.Dial
+	if dial == nil {
 		dial = (&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
@@ -109,7 +102,7 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {

 	// If we use are reloading files, we need to handle certificate rotation properly
 	// TODO(jackkleeman): We can also add rotation here when config.HasCertCallback() is true
-	if config.TLS.ReloadTLSFiles && tlsConfig != nil && tlsConfig.GetClientCertificate != nil {
+	if config.TLS.ReloadTLSFiles {
 		dynamicCertDialer := certRotatingDialer(tlsConfig.GetClientCertificate, dial)
 		tlsConfig.GetClientCertificate = dynamicCertDialer.GetClientCertificate
 		dial = dynamicCertDialer.connDialer.DialContext
@@ -145,18 +138,10 @@ func tlsConfigKey(c *Config) (tlsCacheKey, bool, error) {
 		return tlsCacheKey{}, false, err
 	}

-	if c.Proxy != nil {
+	if c.TLS.GetCert != nil || c.Dial != nil || c.Proxy != nil {
 		// cannot determine equality for functions
 		return tlsCacheKey{}, false, nil
 	}
-	if c.Dial != nil && c.DialHolder == nil {
-		// cannot determine equality for dial function that doesn't have non-nil DialHolder set as well
-		return tlsCacheKey{}, false, nil
-	}
-	if c.TLS.GetCert != nil && c.TLS.GetCertHolder == nil {
-		// cannot determine equality for getCert function that doesn't have non-nil GetCertHolder set as well
-		return tlsCacheKey{}, false, nil
-	}

 	k := tlsCacheKey{
 		insecure:           c.TLS.Insecure,
@@ -164,8 +149,6 @@ func tlsConfigKey(c *Config) (tlsCacheKey, bool, error) {
 		serverName:         c.TLS.ServerName,
 		nextProtos:         strings.Join(c.TLS.NextProtos, ","),
 		disableCompression: c.DisableCompression,
-		getCert:            c.TLS.GetCertHolder,
-		dial:               c.DialHolder,
 	}

 	if c.TLS.ReloadTLSFiles {
--- a/transport/cache_test.go
+++ b/transport/cache_test.go
@@ -21,7 +21,6 @@ import (
 	"crypto/tls"
 	"net"
 	"net/http"
-	"net/url"
 	"testing"
 )

@@ -59,24 +58,16 @@ func TestTLSConfigKey(t *testing.T) {
 				t.Errorf("Expected identical cache keys for %q and %q, got:\n\t%s\n\t%s", nameA, nameB, keyA, keyB)
 				continue
 			}
-			if keyA != (tlsCacheKey{}) {
-				t.Errorf("Expected empty cache keys for %q and %q, got:\n\t%s\n\t%s", nameA, nameB, keyA, keyB)
-				continue
-			}
 		}
 	}

 	// Make sure config fields that affect the tls config affect the cache key
 	dialer := net.Dialer{}
 	getCert := func() (*tls.Certificate, error) { return nil, nil }
-	getCertHolder := &GetCertHolder{GetCert: getCert}
 	uniqueConfigurations := map[string]*Config{
-		"proxy":    {Proxy: func(request *http.Request) (*url.URL, error) { return nil, nil }},
 		"no tls":   {},
 		"dialer":   {Dial: dialer.DialContext},
 		"dialer2":  {Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil }},
-		"dialer3":  {Dial: dialer.DialContext, DialHolder: &DialHolder{Dial: dialer.DialContext}},
-		"dialer4":  {Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil }, DialHolder: &DialHolder{Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil }}},
 		"insecure": {TLS: TLSConfig{Insecure: true}},
 		"cadata 1": {TLS: TLSConfig{CAData: []byte{1}}},
 		"cadata 2": {TLS: TLSConfig{CAData: []byte{2}}},
@@ -137,13 +128,6 @@ func TestTLSConfigKey(t *testing.T) {
 				GetCert: func() (*tls.Certificate, error) { return nil, nil },
 			},
 		},
-		"getCert3": {
-			TLS: TLSConfig{
-				KeyData:       []byte{1},
-				GetCert:       getCert,
-				GetCertHolder: getCertHolder,
-			},
-		},
 		"getCert1, key 2": {
 			TLS: TLSConfig{
 				KeyData: []byte{2},
--- a/transport/config.go
+++ b/transport/config.go
@@ -68,11 +68,7 @@ type Config struct {
 	WrapTransport WrapperFunc

 	// Dial specifies the dial function for creating unencrypted TCP connections.
-	// If specified, this transport will be non-cacheable unless DialHolder is also set.
 	Dial func(ctx context.Context, network, address string) (net.Conn, error)
-	// DialHolder can be populated to make transport configs cacheable.
-	// If specified, DialHolder.Dial must be equal to Dial.
-	DialHolder *DialHolder

 	// Proxy is the proxy func to be used for all requests made by this
 	// transport. If Proxy is nil, http.ProxyFromEnvironment is used. If Proxy
@@ -82,11 +78,6 @@ type Config struct {
 	Proxy func(*http.Request) (*url.URL, error)
 }

-// DialHolder is used to make the wrapped function comparable so that it can be used as a map key.
-type DialHolder struct {
-	Dial func(ctx context.Context, network, address string) (net.Conn, error)
-}
-
 // ImpersonationConfig has all the available impersonation options
 type ImpersonationConfig struct {
 	// UserName matches user.Info.GetName()
@@ -152,15 +143,5 @@ type TLSConfig struct {
 	// To use only http/1.1, set to ["http/1.1"].
 	NextProtos []string

-	// Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
-	// If specified, this transport is non-cacheable unless CertHolder is populated.
-	GetCert func() (*tls.Certificate, error)
-	// CertHolder can be populated to make transport configs that set GetCert cacheable.
-	// If set, CertHolder.GetCert must be equal to GetCert.
-	GetCertHolder *GetCertHolder
-}
-
-// GetCertHolder is used to make the wrapped function comparable so that it can be used as a map key.
-type GetCertHolder struct {
-	GetCert func() (*tls.Certificate, error)
+	GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
 }
--- a/transport/transport.go
+++ b/transport/transport.go
@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
-	"reflect"
 	"sync"
 	"time"

@@ -40,10 +39,6 @@ func New(config *Config) (http.RoundTripper, error) {
 		return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
 	}

-	if !isValidHolders(config) {
-		return nil, fmt.Errorf("misconfigured holder for dialer or cert callback")
-	}
-
 	var (
 		rt  http.RoundTripper
 		err error
@@ -61,26 +56,6 @@ func New(config *Config) (http.RoundTripper, error) {
 	return HTTPWrappersForConfig(config, rt)
 }

-func isValidHolders(config *Config) bool {
-	if config.TLS.GetCertHolder != nil {
-		if config.TLS.GetCertHolder.GetCert == nil ||
-			config.TLS.GetCert == nil ||
-			reflect.ValueOf(config.TLS.GetCertHolder.GetCert).Pointer() != reflect.ValueOf(config.TLS.GetCert).Pointer() {
-			return false
-		}
-	}
-
-	if config.DialHolder != nil {
-		if config.DialHolder.Dial == nil ||
-			config.Dial == nil ||
-			reflect.ValueOf(config.DialHolder.Dial).Pointer() != reflect.ValueOf(config.Dial).Pointer() {
-			return false
-		}
-	}
-
-	return true
-}
-
 // TLSConfigFor returns a tls.Config that will provide the transport level security defined
 // by the provided Config. Will return nil if no transport level security is requested.
 func TLSConfigFor(c *Config) (*tls.Config, error) {
--- a/transport/transport_test.go
+++ b/transport/transport_test.go
@@ -21,7 +21,6 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	"net"
 	"net/http"
 	"testing"
 )
@@ -95,13 +94,6 @@ stR0Yiw0buV6DL/moUO0HIM9Bjh96HJp+LxiIS6UCdIhMPp5HoQa
 )

 func TestNew(t *testing.T) {
-	globalGetCert := &GetCertHolder{
-		GetCert: func() (*tls.Certificate, error) { return nil, nil },
-	}
-	globalDial := &DialHolder{
-		Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil },
-	}
-
 	testCases := map[string]struct {
 		Config       *Config
 		Err          bool
@@ -263,144 +255,6 @@ func TestNew(t *testing.T) {
 				},
 			},
 		},
-		"nil holders and nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: nil,
-				},
-				Dial:       nil,
-				DialHolder: nil,
-			},
-			Err:          false,
-			TLS:          false,
-			TLSCert:      false,
-			TLSErr:       false,
-			Default:      true,
-			Insecure:     false,
-			DefaultRoots: false,
-		},
-		"nil holders and non-nil regular get cert": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       func() (*tls.Certificate, error) { return nil, nil },
-					GetCertHolder: nil,
-				},
-				Dial:       nil,
-				DialHolder: nil,
-			},
-			Err:          false,
-			TLS:          true,
-			TLSCert:      true,
-			TLSErr:       false,
-			Default:      false,
-			Insecure:     false,
-			DefaultRoots: true,
-		},
-		"nil holders and non-nil regular dial": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: nil,
-				},
-				Dial:       func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil },
-				DialHolder: nil,
-			},
-			Err:          false,
-			TLS:          true,
-			TLSCert:      false,
-			TLSErr:       false,
-			Default:      false,
-			Insecure:     false,
-			DefaultRoots: true,
-		},
-		"non-nil dial holder and nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: nil,
-				},
-				Dial:       nil,
-				DialHolder: &DialHolder{},
-			},
-			Err: true,
-		},
-		"non-nil cert holder and nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: &GetCertHolder{},
-				},
-				Dial:       nil,
-				DialHolder: nil,
-			},
-			Err: true,
-		},
-		"non-nil dial holder and non-nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: nil,
-				},
-				Dial:       func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil },
-				DialHolder: &DialHolder{},
-			},
-			Err: true,
-		},
-		"non-nil cert holder and non-nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       func() (*tls.Certificate, error) { return nil, nil },
-					GetCertHolder: &GetCertHolder{},
-				},
-				Dial:       nil,
-				DialHolder: nil,
-			},
-			Err: true,
-		},
-		"non-nil dial holder+internal and non-nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       nil,
-					GetCertHolder: nil,
-				},
-				Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil },
-				DialHolder: &DialHolder{
-					Dial: func(ctx context.Context, network, address string) (net.Conn, error) { return nil, nil },
-				},
-			},
-			Err: true,
-		},
-		"non-nil cert holder+internal and non-nil regular": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert: func() (*tls.Certificate, error) { return nil, nil },
-					GetCertHolder: &GetCertHolder{
-						GetCert: func() (*tls.Certificate, error) { return nil, nil },
-					},
-				},
-				Dial:       nil,
-				DialHolder: nil,
-			},
-			Err: true,
-		},
-		"non-nil holders+internal and non-nil regular with correct address": {
-			Config: &Config{
-				TLS: TLSConfig{
-					GetCert:       globalGetCert.GetCert,
-					GetCertHolder: globalGetCert,
-				},
-				Dial:       globalDial.Dial,
-				DialHolder: globalDial,
-			},
-			Err:          false,
-			TLS:          true,
-			TLSCert:      true,
-			TLSErr:       false,
-			Default:      false,
-			Insecure:     false,
-			DefaultRoots: true,
-		},
 	}
 	for k, testCase := range testCases {
 		t.Run(k, func(t *testing.T) {