"Real" clients use objectWithMeta to enforce support for meta.Object;
strictly speaking, fakes don't need this, but it's best to align them
with the real clients to ensure that fakes don't end up allowing types
that can't be used with the real clients.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 736e5560ba6b21247c21f8ed12007e1d6d5fec1a
This adds a generic implementation of a fake clientset, and uses it to
replace the template code in generated fake clientsets for the default
methods. The templates are preserved as-is (or as close as they can
be) for use in extensions, whether for resources or subresources.
Fake clientsets with no extensions are reduced to their main getter,
their specific struct, and their constructor. All method
implementations are provided by the generic implementation. The
dedicated struct is preserved to allow extensions and expansions to be
defined where necessary.
Instead of handling the variants (with/without list, apply) with a
complex sequence of if statements, build up an index into an array
containing the various declarations.
Similarly, instead of calling different action constructors for
namespaced and non-namespaced clientsets, assume the current behaviour
of non-namespaced action creation (equivalent to creating a namespaced
action with an empty namespace) and document that assumption in the
action implementation.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: b0ce65df9b74d4dc72050840d5ad067596d7b822
KEP-4603: Maintain current 10 minute recovery threshold for container backoff regardless of changes to the maximum duration
Kubernetes-commit: ab30adcbae57fc498cb876979e232b422468af9a
With the ClientsAllowCBOR client-go feature gate enabled, a 415 response to a CBOR-encoded REST
causes all subsequent requests from the client to fall back to a JSON request encoding. This
mechanism had only worked as intended when CBOR was explicitly configured in the
ClientContentConfig. When both ClientsAllowCBOR and ClientsPreferCBOR are enabled, an
unconfigured (empty) content type defaults to CBOR instead of JSON. Both ways of configuring a
client to use the CBOR request encoding are now subject to the same fallback mechanism.
Kubernetes-commit: a77f4c7ba2e761461daaf115a38903fc91916dd6
Integration testing has to this point relied on patching serving codecs for built-in APIs. The
test-only patching is removed and replaced by feature gated checks at runtime.
Kubernetes-commit: 439d2f7b4028638b3d8d9261bb046c3ba8d9bfcb
The media type application/cbor describes exactly one encoded item. As a new (to Kubernetes) format
with no existing clients, streaming/watch responses will use the application/cbor-seq media
type. CBOR watch responses conform to the specification of CBOR Sequences and are encoded as the
concatenation of zero or more items with no additional framing.
Kubernetes-commit: 504f14998e920ca8837b3310094b3da11c62a070
This commit introduces:
1. Cleanups in port-forwarding error handling code, which ensures that
we only compare lowercased text always.
2. E2E verifying that when a pod is removed a port-forward is stopped.
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
Kubernetes-commit: 0b1617ccefbc6ea61c0e7c2b0b4052703f11c51c
This enables a future extension where capacity of a single device gets consumed
by different claims. The semantic without any additional fields is the same as
before: a capacity cannot be split up and is only an attribute of a device.
Because its semantically the same as before, two-way conversion to v1alpha3 is
possible.
Kubernetes-commit: 81fd64256c9cfca47385997e06a694bf98bfb799
For alpha, there is one apiserver feature gate and two client-go feature gates controlling
CBOR. They were initially wired to separate test-only feature gate instances in order to prevent
them from being configurable at runtime via command-line flags or environment variables (for
client-go feature gates outside of Kubernetes components). All of the integration tests required by
the KEP as alpha criteria have been implemented. This adds the feature gates to the usual feature
gate instances and removes the temporary code to support separate test-only feature gate instances.
Kubernetes-commit: 072dfcb416fd4e1ddab0a89ac4faf519e268bc96
chore(leader-election): modify leader-election comment to OnStoppedLeading callback is always called when the LeaderElector exits, even if it did not start leading.
Kubernetes-commit: 1a7326902fa07b85e07de458dd2d4d4d99057d87
Using the "normal" logic for a feature gated field simplifies the
implementation of the feature gate.
There is one (entirely theoretic!) problem with updating from 1.31: if a claim
was allocated in 1.31 with admin access, the status field was not set because
it didn't exist yet. If a driver now follows the current definition of "unset =
off", then it will not grant admin access even though it should. This is
theoretic because drivers are starting to support admin access with 1.32, so
there shouldn't be any claim where this problem could occur.
Kubernetes-commit: 4419568259590c35f1dab69aabec3d740944a51d
If a client is configured to encode request bodies to CBOR, but the server does not support CBOR,
the server will respond with HTTP 415 (Unsupported Media Type). By feeding this response back to the
RESTClient, subsequent requests can fall back to JSON, which is assumed to be acceptable.
Kubernetes-commit: 1745dfdd154b1a838765e70b81c861c644bfcffe
Drivers need to know that because admin access may also grant additional
permissions. The allocator needs to ignore such results when determining which
devices are considered as allocated.
In both cases it is conceptually cleaner to not rely on the content of the
ClaimSpec.
Kubernetes-commit: f3fef01e79a75ebc4c327afb7d05d6fd350e08fa
As with the apiserver feature gate for CBOR as a serving and storage encoding, the client feature
gates for CBOR are being initially added through a test-only feature gate instance that is not wired
to environment variables or to command-line flags and is intended only to be enabled
programmatically from integration tests. The test-only instance will be removed as part of alpha
graduation and replaced by conventional client feature gating.
Kubernetes-commit: ea13190d8bd3a4bb3e82055b529aa7599ae5c6e1
This removes the DRAControlPlaneController feature gate, the fields controlled
by it (claim.spec.controller, claim.status.deallocationRequested,
claim.status.allocation.controller, class.spec.suitableNodes), the
PodSchedulingContext type, and all code related to the feature.
The feature gets removed because there is no path towards beta and GA and DRA
with "structured parameters" should be able to replace it.
Kubernetes-commit: f84eb5ecf894fa0fc4e0d05da52ef51d4cd723d9
With this change, we can typically avoid an extra heap allocation when
calling AddAfter with a positive duration (which causes the creation of
a waitFor object). This is because workqueues are typically used with
string keys, and casting a string (or more generally, non-pointer types)
to an `interface{}` will cause an heap escape / allocation.
Ater this change, there is no longer any usage of `type t interface{}`,
which was creating some confusion after the switch to generics in the
workqueue package.
Co-authored-by: Quan Tian <quan.tian@broadcom.com>
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
Kubernetes-commit: 53ddffb55709857fec6bddbd5ca4ca1b03f7da97
I frequently find myself in the situation of not remembering which of
QPS/Burst I have to set. This change adds a small go doc to clarify
that.
Kubernetes-commit: cd1645ff2c195fbb353cfabcbc36e3c3b883c3c5
The workqueue implementation was recently updated to be strongly typed,
using Go generics. However the metrics implementation was not updated,
and continued using interface{}. This translated to unnecessary memory
allocations when invoking the queueMetrics interface methods to track
queue operation. We can avoid these extra heap allocations by using
generics for the metrics implementation as well.
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
Kubernetes-commit: 1aec7568e111f5855121e3afacacf431e5f95948
The azure and gcp plugins no longer do anything other than point to
the corresponding external credential plugins. Client code should no
longer try to load them, so they should be removed from the examples.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 4531c6de760ec42941d9f509103f1b29c88bfae0
It was added for compatibility reason but ended up getting a `config`
argument by accident, resulting in not actually being compatible, this
change fixes that.
Kubernetes-commit: 6933c1bc229c196e9c71061e19a0cdc76adb1dbc
The goal is to increase confidence that a change to the dynamic client does not unintentionally
introduce subtle changes to objects returned by dynamic clients in existing programs.
Kubernetes-commit: c8b1037a58ab6ddc3a8b237938eca2f6336abb73
Logging in rest.Request.Body cannot be made context-aware without an API
change. Such a change is complicated if done in a backwards-compatible
fashion (must change lots of callers in Kubernetes) and prohibitive if not (all
callers of Body would have to pass a context).
Instead, logging of the request body gets moved into the functions which send
the request. This is a change of behavior, but it is limited to log levels >= 8
and thus should have no impact in production.
A request which gets sent multiple times will also log the body multiple
times. This might even be a good thing because it serves as reminder what is
being sent when it is being sent.
While at it, stack backtracing gets enhanced so that the caller of the REST API
is logged and tests for the new behavior get added.
Kubernetes-commit: 57f9b7c7a2412865e7817dbf7638881b00ac9721
I am moving myself to emeritus as I am now firmly on the end-user side
of things.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Kubernetes-commit: 3ab816dcabf37acda33c665ab5aa85f1f6163bc1
These are long gone, removed in 2016:
* AuthPath removal: https://github.com/kubernetes/kubernetes/pull/29216
* Flag removal: https://github.com/kubernetes/kubernetes/pull/40048
This removes the remnants from clientcmd, mostly in the comments
describing how the configuration is loaded.
Since getServerIdentificationPartialConfig can no longer fail (it
copies fields from one struct to another), this drops the error
return, along with the error handling in the caller.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 8a8238ba7f850241de9c5cc4b22fa1a6b6a19480
This change renames NewTypedDelayingQueue to NewTypedDelayingQueue to
stay consistent with the naming scheme in the package. A
NewTypedDelayingQueue constructor is kept for backwards compatibility
but marked as deprecated.
Kubernetes-commit: 45da5dc30ecf0ba4c4b44befd96b8617278c496b
This commit refactors the `renew` function in the leader election package to replace
the deprecated `wait.PollImmediateUntil` with `wait.PollUntilContextTimeout`.
This change simplifies the context handling by removing the need for an additional
timeout context and its cancellation.
The previous implementation created a timeout context for each retry period,
which added unnecessary complexity. The new implementation directly passes the parent
context to the retry function, ensuring that the timeout is handled within `PollUntilContextTimeout`.
This change also ensures that the context passed to `tryAcquireOrRenew` and
`tryCoordinatedRenew` is consistent, improving the readability and maintainability of the code.
Kubernetes-commit: 3d2f498aa31cb2e90bcfc372b7930aed0604fbef
I was workinng on updating a dependency, and noticed that running
hack/update-vendor.sh resulted in a diff. Comitting the result
as a PR.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Kubernetes-commit: aeb607443dd9b8ee378ee10209e9b446256f3ee2
The Error method of the error returned from Request.Watch was "unknown"
even the server returned clear message in the Status struct. It was
because Request.Watch used the Result's err member directly, which is an
unstructured error from the response which the Result object may use if
the caller did not return a structured error.
The patch fixes it by calling the Result's Error method instead, which
returns the structured error when it's present.
It also removes the wrong expectation about events.
Kubernetes-commit: 596c5696c64023808af164284263647d795b0ac2
This makes the Stop method idempotent so that if Stop is called multiple
times, it does not cause a panic due to closing a closed channel.
Signed-off-by: mprahl <mprahl@users.noreply.github.com>
Kubernetes-commit: a54ba917be42c941edf1a0359dced04e1a5e1d6f
When the client does not have permission to watch a resource, the
RetryWatcher continuously retried. In this case, it's better to send an
error and stop retrying to let the caller handle this case since this is
not a transient error that can be recovered without user intervention.
This is particularly helpful in applications that leverage a user
provided service account and the application needs to notify the user to
set the correct permissions for the service account.
This also accounts for invalid credentials from the watch client.
Signed-off-by: mprahl <mprahl@users.noreply.github.com>
Kubernetes-commit: db2218d16e3fb2a30b21ffa0f307beb515d8394b
This is a complete revamp of the original API. Some of the key
differences:
- refocused on structured parameters and allocating devices
- support for constraints across devices
- support for allocating "all" or a fixed amount
of similar devices in a single request
- no class for ResourceClaims, instead individual
device requests are associated with a mandatory
DeviceClass
For the sake of simplicity, optional basic types (ints, strings) where the null
value is the default are represented as values in the API types. This makes Go
code simpler because it doesn't have to check for nil (consumers) and values
can be set directly (producers). The effect is that in protobuf, these fields
always get encoded because `opt` only has an effect for pointers.
The roundtrip test data for v1.29.0 and v1.30.0 changes because of the new
"request" field. This is considered acceptable because the entire `claims`
field in the pod spec is still alpha.
The implementation is complete enough to bring up the apiserver.
Adapting other components follows.
Kubernetes-commit: 91d7882e867da25ae8014f679db32b20e35e89b4
Now all claims are shareable up to the limit imposed by the size of the
"reserverFor" array.
This is one of the agreed simplifications for 1.31.
Kubernetes-commit: 8a629b9f150c1042e2918043e6012a4f22742b19
As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate
allocation is one of those features which can be removed because it makes no
sense for structured parameters and the justification for classic DRA is weak.
Kubernetes-commit: de5742ae83c8d77268a7caf5f3b1f418c4a13a84
This is in preparation for revamping the resource.k8s.io completely. Because
there will be no support for transitioning from v1alpha2 to v1alpha3, the
roundtrip test data for that API in 1.29 and 1.30 gets removed.
Repeating the version in the import name of the API packages is not really
required. It was done for a while to support simpler grepping for usage of
alpha APIs, but there are better ways for that now. So during this transition,
"resourceapi" gets used instead of "resourcev1alpha3" and the version gets
dropped from informer and lister imports. The advantage is that the next bump
to v1beta1 will affect fewer source code lines.
Only source code where the version really matters (like API registration)
retains the versioned import.
Kubernetes-commit: b51d68bb87ba4fa47eb760f8a5e0baf9cf7f5b53
This allows different actors to force ownership of it without having to
explicitly unset the other field.
Kubernetes-commit: 7313990f61881c676c1f5d68365144a1d77cced3
Adding the required Kubernetes API so that the kubelet can start using
it. This patch also adds the corresponding alpha feature gate as
outlined in KEP 4639.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: f7ca3131e0922563a561134b4ed9eed8d2bdd2c4
KEP-3619: don't capitalize comment in K8S API
KEP-3619: fix typos and grammatical ones in K8s API
KEP-3619: rephrase NodeFeatures, NodeHandlerFeatures in K8s API
Kubernetes-commit: 5d75660dc11ff443ebab2551aed8e56a54cc218d
This update dropped the otelgrpc → cloud.google.com/go/compute dependency,
among others. This dropped out because genproto cleaned up it's dependencies
on google cloud libraries, and otel updated - details in #113366.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Co-Authored-By: David Ashpole <dashpole@google.com>
Kubernetes-commit: ff7942be83ed0c0aaa8c258e8e2b9965d383935c
This makes the API nicer:
resourceClaims:
- name: with-template
resourceClaimTemplateName: test-inline-claim-template
- name: with-claim
resourceClaimName: test-shared-claim
Previously, this was:
resourceClaims:
- name: with-template
source:
resourceClaimTemplateName: test-inline-claim-template
- name: with-claim
source:
resourceClaimName: test-shared-claim
A more long-term benefit is that other, future alternatives
might not make sense under the "source" umbrella.
This is a breaking change. It's justified because DRA is still
alpha and will have several other API breaks in 1.31.
Kubernetes-commit: bde9b64cdfbbbb185593c20fea84cdced631ffd6
This adds a generic implementation of a clientset, and uses it to
replace the template code in generated clientsets for the default
methods. The templates are preserved as-is (or as close as they can
be) for use in extensions, whether for resources or subresources.
Clientsets with no extensions are reduced to their main getter, their
interface, their specific struct, and their constructor. All method
implementations are provided by the generic implementation. The
dedicated interface is preserved so that each clientset can have its
own set of methods, and the dedicated struct is preserved to allow
extensions and expansions to be defined where necessary.
Instead of handling the variants (with/without namespace, list, apply)
with a complex sequence of if statements, build up an index into an
array containing the various declarations.
The namespaced/non-namespaced distinction matters in the code
templates, but not in the methods themselves, so drop all the
non-namespaced variants and pass in "" explicitly.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 3734f5bf9b6ce1e9cf2385f4e4453b32d8f35ab1
- Extract watchWithResync to simplify ListAndWatch
- Wrap watchHandler with two variants, one for WatchList and one for
just Watch.
- Replace a bool pointer arg with a bool arg and bool return, to
improve readability.
- Use errors.Is to satisfy the linter
- Use %w to wrap the store.Replace error, to allow unwrapping.
Kubernetes-commit: 65fc1bb463c85a4c85e619bf7acac9503e23a253
The watch.Interface design is hard to change, because it would break
most client-go users that perform watches. So instead of changing the
interface to be more user friendly, this change updates the method
comments to explain the different responsibilities of the consumer
(client user) and the producer (interface implementer).
Kubernetes-commit: 1f35231a1d4f7b8586a7ec589c799729eeb4f7c4
This library release makes a number of behaviors configurable in ways that are required for CBOR
support in Kubernetes.
Kubernetes-commit: c4279660cad039bc15495311cf7863640b6308f9
client-go/consistencydetector: refactor TestCheckListFromCacheDataConsistencyIfRequestedInternalHappyPath to work with unstructured data
Kubernetes-commit: 51f89c3b2d114fea99d3a0e8401c639f39e27877
client-go/consistencydetector: refactor TestDataConsistencyChecker to work with unstructured data
Kubernetes-commit: 96815d6dc8de717579484ffef88f74063dfd40ca
- Switch to using the ProxyWatcher to validate the dance between
closing the stop channel and closing the result channel.
- Use the new clientfeaturestesting.SetFeatureDuringTest to test with
the WatchListClient enabled and disabled. These should result in
almost the exact same output events from the informer
(list ordering not garenteed), but with different input events
recieved from the apiserver.
Kubernetes-commit: 28e3a728e5e6fe651d7a17839d33ce42204c0b4e
- Add tests to confirm that Stop is always called.
- Add TODOs to show were Stop is not currently being called
(to fix in a future PR)
Kubernetes-commit: ab5aa4762fd5206d0dbd8412d7c6f3b76533a122
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api
* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate
* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields
* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet
* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.
* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus
It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.
* Rewording suggestion applied
* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34
* Added validations for SupplementalGroupsPolicy and ContainerUser
* No need featuregate check in validation when adding new field with no default value
* fix typo: identitiy -> identity
Kubernetes-commit: 552fd7e85084b4cbd3ae8e81ff13433e28dc8327
The previous attempt to fix this in
6aa779f4ed (diff-efa2cd1347df22ace5a516ea794152d00ef2a079db135c81787ed920ecb73658)
didn't address the root cause (or perhaps created it, not sure): the goroutine
must not be started if watch creation failed.
Instead, the error gets logged (as before) and an empty watch gets returned to
the caller (new). This is necessary because the function doesn't have an error
return value and changing that now would be disruptive. The empty watch is
valid and usable, so callers won't crash when they calls Stop.
This showed up recently in failed unit tests, probably because test
cancellation makes this error more likely:
"Unable start event watcher (will not retry!)" err="broadcaster already
stopped" logger="TestGarbageCollectorConstruction leaked goroutine"
The logger value and a preceding warning show that this occurs after test
completion.
Kubernetes-commit: 080432c46a7a49c3abf86d7fc5f2a5d7abc92239
client-go/util/consistencydetector: improve validation of list parameters (RV, ListOptions)
Kubernetes-commit: bc8ec4f9aaaeee7de285c0207bd8eb793ecf3307
client-go/consistency-detector: change the signature of checkWatchListConsistencyIfRequested
Kubernetes-commit: f5d62f738a686ddc6221a85374113af80790129e
Ginkgo v2.18.0 allows tweaking the output so that
it's easier to follow while a job runs in
Prow (https://github.com/onsi/ginkgo/issues/1347). Using this in
hack/ginkgo-e2e.sh will follow in a separate commit.
Gomega gets bumped to the latest release to keep it up-to-date.
Ginkgo v1.19.0 adds support for --label-filter with labels that represent
sets (like our Feature:<Foo>).
Kubernetes-commit: 37e2dd6857084a172ef5210caee1fefa8dd8159a
Implementing custom marshaling on several API types for CBOR makes the upstream CBOR library an
indirect dependency of several staging modules.
Kubernetes-commit: d7cccf3e792ad08d9ab2e7aac394f8e6ddcf3466
Constructing a Broadcaster already starts a watch which runs in the
background. Shutdown must be called to avoid leaking the goroutine. Providing
a context was supposed to remove the need to call Shutdown, but that did not
actually work because the logic for "must check for cancellation" was
accidentally inverted.
While at it, structured log output also gets tested together with checking for
goroutine leaks.
Kubernetes-commit: ff779f1cb56cf896405e52f7923188b99b88bb00
the signature of the method was tightly connected to the reflector,
making it difficult to use for anything other than a reflector.
this simple refactor makes the method more generic.
Kubernetes-commit: 83c7542abc8c542c01ecb67376f134b2071c5304
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.
Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32
Hang when canceling leader election information.
Occasionally, two leaders may run simultaneously.
Kubernetes-commit: b6b46a0e00682517d2ca7b7e9c2706b8e407e52e
In particular, document that ListAllByNamespace delegates to ListAll
if no namespace is specified.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 54e899317ef46e3b70827cacee244717022db0ad
This change adds a generic version of the various workqueue types while
retaining compatibility for the existing exported symbols and constructors.
The generic variants are prefixed with `Typed` and the existing ones are
marked as deprecated to nudge people to transition without breaking
them.
Kubernetes-commit: 0c7370bb851c15825d30a516722139ccccca0cfc
When renaming NodeResourceSlice to ResourceSlice, the embedded
[Node]ResourceModel also should have been renamed.
Kubernetes-commit: a0add8d2c7578cd9f94fc302d6212f9f7d16175b
The runtime classes are apiserver's concept, while the handlers are kubelet's concept.
For NodeStatus, it makes more sense to return the latter ones here.
This commit modifies the following files:
- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go
- pkg/kubelet/nodestatus/setters.go
- pkg/kubelet/kubelet_node_status.go
- pkg/registry/core/node/strategy.go
- test/e2e_node/mount_rro_linux_test.go
Other changes were auto-generated by running `make update`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Kubernetes-commit: 1dc05009fe7f4e1d139b0c8394683edb54f8d082
This commit modifies the following files:
- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go
Other changes were auto-generated by running `make update`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Kubernetes-commit: d940886d0a4ee9aa8a7ca075fee175b002baf883
The default queue implementation is mostly FIFO and it is not
exchangeable unless we implement the whole `workqueue.Interface` which
is less desirable as we have to duplicate a lot of code. There was one
attempt done in [kubernetes/kubernetes#109349][1] which tried to
implement a priority queue. That is really useful and [knative/pkg][2]
implemented something called two-lane-queue. While two lane queue is
great, but isn't perfect since a full slow queue can still slow down
items in fast queue.
This change proposes a swappable queue implementation while not adding
extra maintenance effort in kubernetes community. We are happy to
maintain our own queue implementation (similar to two-lane-queue) in
downstream.
[1]: https://github.com/kubernetes/kubernetes/pull/109349
[2]: https://github.com/knative/pkg/blob/main/controller/two_lane_queue.go
Kubernetes-commit: 87b4279e07349b3c68f16f69a349a02bddd12f25
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).
Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 5300466a5c8988b479a151ceb77f49dd00065c83
This adds a generic implementation of a lister, and uses it to replace
the template code in generated listers. The corresponding templates
are no longer used and are removed.
Listers are reduced to their interfaces (non-namespaced and namespaced
if appropriate), their specific structs, and their constructors. All
method implementations are provided by the generic implementation. The
dedicated interface is preserved so that each lister can have its own
set of methods (e.g. the method returning the namespaced lister if
appropriate), and the dedicated struct is preserved to allow
expansions to be defined where necessary.
The external interface is unchanged and doesn't expose generics.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 2e9adcd14aae27394238291fa08fb603bf2f3e77
While currently those objects only get published by the kubelet for node-local
resources, this could change once we also support network-attached
resources. Dropping the "Node" prefix enables such a future extension.
The NodeName in ResourceSlice and StructuredResourceHandle then becomes
optional. The kubelet still needs to provide one and it must match its own node
name, otherwise it doesn't have permission to access ResourceSlice objects.
Kubernetes-commit: 0b6a0d686a060b5d5ff92cea931aacd4eba85adb
This adds support for semantic version comparison to the CEL support in the
"named resources" structured parameter model. For example, it can be used to
check that an instance supports a certain API level.
To minimize the risk, the new "semver" type is only defined in the CEL
environment for DRA expressions, not in the base library. See
https://github.com/kubernetes/kubernetes/pull/123664 for a PR which
adds it to the base library.
Validation of semver strings is done with the regular expression from
semver.org. The actual evaluation at runtime then uses semver/v4.
Kubernetes-commit: 42ee56f093133402ed860d4c5f54b049041386c9
Like the current device plugin interface, a DRA driver using this model
announces a list of resource instances. In contrast to device plugins, this
list is made available to the scheduler together with attributes that can be
used to select suitable instances when they are not all alike.
Because this is the first structured parameter model, some checks that
previously were not possible, in particular "is one structured parameter field
set", now gets enabled. Adding another structured parameter model will be
similar.
The applyconfigs code generator assumes that all types in an API are defined in
a single package. If it wasn't for that, it would be possible to place the
"named resources" types in separate packages, which makes their names in the Go
code more natural and provides an indication of their stability level because
the package name could include a version.
Kubernetes-commit: d4d5ade7f5be047472f8d9572c7f01f142951a2d
* support for the managed-by label in Job
* Use managedBy field instead of managed-by label
* Additional review remarks
* Review remarks 2
* review remarks 3
* Skip cleanup of finalizers for job with custom managedBy
* Drop the performance optimization
* imrpove logs
Kubernetes-commit: e568a77a931a1cf4239a4a5fa43e2b05bad3abdf
NodeResourceSlice will be used by kubelet to publish resource information on
behalf of DRA drivers on the node. NodeName and DriverName in
NodeResourceSlice must be immutable. This simplifies tracking the different
objects because what they are for cannot change after creation.
The new field in ResourceClass tells scheduler and autoscaler that they are
expected to handle allocation.
ResourceClaimParameters and ResourceClassParameters are new types for telling
in-tree components how to handle claims.
Kubernetes-commit: 39bbcedbcae84bf716923b3f9464968ca70b42e7
Because of how the previous 100+ commits were done, so changes snuck
thru that properly belong in earlier commits but it's not really
possible to do that without a lot of effort.
We agreed it was OK to "spackle" these cracks with a final commit.
Kubernetes-commit: 21715e6bbd19c932576ff268843d8ead3edb05e4
If, for whatever reason, the context was context.Background(), the additional
goroutine was started and then got stuck forever because
context.Background().Done() is a nil channel. Found when indirectly
instantiating a broadcaster with such a context:
found unexpected goroutines:
[Goroutine 9106 in state chan receive (nil chan), with k8s.io/kubernetes/vendor/k8s.io/client-go/tools/record.NewBroadcaster.func1 on top of the stack:
goroutine 9106 [chan receive (nil chan)]:
k8s.io/kubernetes/vendor/k8s.io/client-go/tools/record.NewBroadcaster.func1()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/record/event.go:206 +0x2c
created by k8s.io/kubernetes/vendor/k8s.io/client-go/tools/record.NewBroadcaster in goroutine 8957
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/record/event.go:205 +0x1a5
This can be fixed by checking for a nil channel.
Another problem also gets addressed: if Shutdown was called without canceling
the context, the goroutine also didn't stop. Now it waits for the cancelation
context and thus terminates in both cases.
Kubernetes-commit: eed6e29a5b8cfaa20fbc426541d9c74105d430ee
until #115478(use streaming against the etcd storage)
is resolved the cacher need a way to disable the streaming.
Kubernetes-commit: 41e706600aea7468f486150d951d3b8948ce89d5
The main reason for updating is support for reporting the cause of context
cancellation: Ginkgo provides that information when canceling a context and
Gomega polling code includes that when generating a failure message.
Kubernetes-commit: 18f0af1f000f95749ca1ea075d62ca89e86bb7da
ReplaceFeatureGates logs a warning when the default env var
implementation has been already used.
Such a situation indicates a potential ordering issue and usually is unwanted.
Kubernetes-commit: 04bbd3481f70825eea54b4b154a04d2496dcf652
This PR add a feature gates mechanisim to client-go
as described in https://docs.google.com/document/d/1g9BGCRw-7ucUxO6OtCWbb3lfzUGA_uU9178wLdXAIfs
In particular:
- Adds a default feature gate implementation based on environment variables.
- Adds a set of methods for reading, overwriting the default implementation, and adding features to an external registry.
Co-authored-by: deads2k <deads@redhat.com>
Co-authored-by: Ben Luddy <bluddy@redhat.com>
Kubernetes-commit: d74c57d4f592d20a992afb54b1ee64f56215210e
Bumping tools to include the fix for a nil pointer
deref error in go/types. See golang/go#64812
for more details.
This fix is needed for when we bump to go1.22.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: a8da4202c0ac785d57b545e6e310fd754888b50e
27a68aee3a4834 introduced context support. In order to use that
also with NewEventBroadcasterAdapter, a variant of the call is needed to allow
the caller to specify the context.
The `logcheck:context` comment ensures that code which is meant to be
contextual uses the new call.
Kubernetes-commit: f8e25eff926c640c86daa46222bfaf8d625e75d7
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.
* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
name and path.
* Add TODO covering admission control to forbid mirror pods from using
the projection.
Part of KEP-3257.
Kubernetes-commit: ecfdc8fda55923c18708488ec1561a4fcf9f3e33
Dropping a newline at the end of the message when using klog calls is an
intentional improvement (https://github.com/kubernetes/klog/pull/378)
Kubernetes-commit: 878d037d3ba8fc4f11bf45a6cf5a66301ba89d82
KEP-2593 proposed to expand the existing node-ipam controller
to be configurable via a ClusterCIDR objects, however, there
were reasonable doubts on the SIG about the feature and after
several months of dicussions we decided to not move forward
with the KEP intree, hence, we are going to remove the existing
code, that is still in alpha.
https://groups.google.com/g/kubernetes-sig-network/c/nts1xEZ--gQ/m/2aTOUNFFAAAJ
Change-Id: Ieaf2007b0b23c296cde333247bfb672441fe6dfc
Kubernetes-commit: c2d473f0d438cedab2f1831d23457d24961e0f4e
* Add warning handler callback function in shortcut expander
Currently, errors in client-go are propagated back to the callers via
function returns. However, there is no elegant way for just warning users.
For example, when user wants to get a resource with it's short name format
and if there are multiple resources belonging to this short name, we need to
warn user about this ambugity which one is picked and which ones are discarded.
Not only to overcome this particular case mentioned above, but also propose a
way for the possible warnings in the future, this commit adds a warningHandler
callback function in shortcutExpander.
* Add warningPrinter functionality in ConfigFlags
ConfigFlags has neither warning user in a standardized
format functionality nor passing warning callback functions to other upper level
libraries such as client-go.
This commit adds an ability that user can set warningPrinters
according to their IOStreams and this warningPrinters will be used
to raise possible warnings happening not only in cli-runtime but
also in client-go.
* Pass warning callback function in ConfigFlags to shortcutExpander
This commit passes warning callback function to print possible
warnings happened in shortcut expander to warn user in a
standardized format.
* Add integration test for CRDs having ambiguous short names
This commit adds integration test to assure that warning message
related to this ambiguity is printed when resources are being retrieved via their short name
representations in cases where multiple resources have same
short names.
This integration test also ensures that the logic behind which resource
will be selected hasn't been changed which may cause disperancies in
clusters.
* Remove defaultConfigFlag global variable
* Move default config flags initialization into function
* Skip warning for versions of same group/resource
* Run update-vendor
* Warn only once when there are multiple versions registered for ambiguous resource
* Apply gocritic review
* Add multi-resource multi-version ambiguity unit test
Kubernetes-commit: a504aed54d028dbc8ea2508142c94d309f5f1ec6
checkWatchListConsistencyIfRequested performs a data consistency check only when
the KUBE_WATCHLIST_INCONSISTENCY_DETECTOR environment variable was set during a binary startup.
The consistency check is meant to be enforced only in the CI, not in production.
The check ensures that data retrieved by the watch-list api call
is exactly the same as data received by the standard list api call.
Note that this function will panic when data inconsistency is detected.
This is intentional because we want to catch it in the CI.
Kubernetes-commit: b31e7793d0d873a71c90caf8455556aa905cf88d
Bumping golang.org/x/net in light of CVE-2023-39325 and CVE-2023-44487.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: fc7c951d5a5b8b75dfa105e3bea7bbddaf4c792e
Besides simply staying up-to-date, ginkgo v2.13.0 adds a `PreviewSpecs` which
will be used for introspection of the E2E test suites.
Kubernetes-commit: 79355caa565cc34e8726c427562c9f109ebe0e34
originally we honored only apierrors.IsInvalid
but decided to fallback on every error
because it is better to make progress than deadlocking
Kubernetes-commit: 4b3915017950a114124a88c5d308bd8bfb9ec48e
Because the EventBroadcaster code now has a a context, changing the EventSink
interface so that the methods accepts a context instead of using context.TODO
becomes possible.
Kubernetes-commit: 5dc540ff57eed5d0e6bc8476f95fe03b7a983cf5
Using StartRecordingToSinkWithContext instead of StartRecordingToSink and
StartLogging instead of StartStructuredLogging has several advantages:
- Spawned goroutines no longer get stuck for extended periods of
time during shutdown when passing in a context that gets canceled.
- Log output can be directed towards a specific logger instead of the global
default, for example one which writes to a testing.T instance.
- The new methods return an error when something went wrong instead of
merely recording the error.
That last point is the reason for deprecating the old methods instead of merely
adding new alternatives.
Setting a context when constructing an EventBroadcaster makes calling Shutdown
optional. It can also be used to specify the logger.
Both EventRecorder interfaces in tools/events and tools/record now have a
WithLogger helper. Using that method is optional, but recommended to support
contextual logging properly. Without it, errors that occur while emitting an
event are not associated with the caller.
Kubernetes-commit: 27a68aee3a48340f7c14235f7fc24aa69aaeb8f6
After 12 months as reviewer, constantly reviewing and contributing
to client-go, I think is fair to move to the next ladder.
Change-Id: I49e579dcefcd39c6f0b29400c90467df00719cca
Kubernetes-commit: cc77b97c5e9cc9f778016b9d260c66bf7b277448
This uses the generic ptr.To in k8s.io/utils to replace functions and
code constructs which only serve to return pointers to intstr
values. Other uses of the deprecated pointer package are updated in
modified files.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: aa89e6dc978bf88653d893284248039b776aed54
The "set" list type was chosen because it seemed appropriate (no duplicates!)
but that made tracking of managed fields more expensive (each entry in the list
is tracked, not the entire field) and for no good reason (one client is
responsible for the entire list).
Therefore the type gets changed to "atomic". Server-side-apply has not been
used in the past and PodSchedulingContext objects are short-lived and still in
alpha, so the any potential compatibility issues should be minor.
The scheduling throughput in scheduler_perf increases:
name old SchedulingThroughput/Average new SchedulingThroughput/Average
PerfScheduling/SchedulingWithResourceClaimTemplate/2000pods_100nodes-36 18.8 ± 8% 24.0 ±37%
PerfScheduling/SchedulingWithMultipleResourceClaims/2000pods_100nodes-36 13.7 ±81% 18.5 ±40%
Kubernetes-commit: 5567f288e745db05d88fc60e15915f8b0d1f6c4b
The Service Account Token link in the readme is broken and refers to a page that no longer exists.
In this PR I updated the correct link in the readme
Kubernetes-commit: 279a663f948337da156f544b74e41928ad66f9ef
This reverts commit 890a6c8f70d2e0f45b3692d34a6df1ecb6d8335b, reversing
changes made to 4f60a8d493ab9571eb328b9d98da477a50bc7446.
Kubernetes-commit: 0d90d1ffa5e87dfc4d3098da7f281351c7ff1972
Client-side extract calls depend on `managedFields`, which might not be
available. Therefore they should not be used in production code.
They are okay in test files (because the API has to be tested), in the
generated code (because the various type specific APIs still need to be
provided) and in unstructured.go (same reason).
Kubernetes-commit: 4bc9434f99d9a87dd5b63e738b6b1b16693f10e4
It turned out that there were lots of unnecessary accessor functions being called locking and unlocking the cond which are not needed because Wait() automatically unlocks and locks the cond for us and best practice says we should run it in a for checking for the condition (so this is what I have done).
Kubernetes-commit: 2b12df56b0be93bc2cac7c5a66342c0ffaa72311
Proactively bump to v0.12.0 to avoid v0.10.0 and v0.11.0, which contain
a regression added by commit
82780d606d.
This commit was later reverted in v0.12.0.
Generated with:
hack/pin-dependency.sh golang.org/x/net v0.12.0 && hack/update-vendor.sh
Kubernetes-commit: d9bd413f991958492602c4bf51c43d6edca0e5cd
Also add support for metadata informer factory to use SharedInformerOption
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 9c4651bd0479b84f5e5913649207476717f3f13e
* client-go: add DNS resolver latency metrics
* client-go: add locking to DNS latency metrics
* client-go: add locking for whole DNSStart and DNSDone
Signed-off-by: Vu Dinh <vudinh@outlook.com>
* Fix a mismatched ctx on the request
Signed-off-by: Vu Dinh <vudinh@outlook.com>
* Clean up request code and fix comments
Signed-off-by: Vu Dinh <vudinh@outlook.com>
---------
Signed-off-by: Vu Dinh <vudinh@outlook.com>
Co-authored-by: Vu Dinh <vudinh@outlook.com>
Kubernetes-commit: 1c7e87cff27aa009488a9d55342220e223d5c146
When running kubeadm / installing k8s early during boot,
the CA certificate can be generated before time is synchronised
and time is jumped backward.
Make notBefore 1 hour in the past to accept small clock jump.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
Kubernetes-commit: e1735b9863777ff11ac35434e047c38dcce4b4f3
T.Setenv ensures that the environment is returned to its prior state
when the test ends. It also panics when called from a parallel test to
prevent racy test interdependencies.
Kubernetes-commit: ac5ce5cbce7ddb6ffeff755d1cf670afadb8e1fb
* Add warning log callback in client-go loading rules
This provides a way to consumers use their own custom warning
mechanisms instead default klog warning.
* Use typed error instead plain string
* Fix interface change in unit test
Kubernetes-commit: 2ea6896f90c8b757d8a247d393b9a13fff2dab58
Before, we've used two separate backoff managers for List and Watch
calls, now they share single backoff manager.
Kubernetes-commit: 337728b02559dec8a613fdef174f732da9cae310
Ensure that the lock identity is not empty. This can cause unexpected issues during leader election.
Kubernetes-commit: 5519b89a28eeea5a5b134092242aff770fcc07eb
`SetWatchErrorHandler` claims it will fail if Run() has already started.
But if they are called concurrently, it will actually trigger a data
race.
With this PR:
```
62702 runs so far, 0 failures (100.00% pass rate). 59.152682ms avg, 189.068387ms max, 26.623785ms min
```
Without this PR:
```
5012 runs so far, 38 failures (99.25% pass rate). 58.675502ms avg, 186.018084ms max, 29.468104ms min
```
Kubernetes-commit: 35d2431b3a89c5bd693846952e9d27ce4e3a0754
Allows creating a typeconverter from a client (i.e. by taking the data
of the client and formatting it so that one can create a type
converter).
Kubernetes-commit: 45853e20ae5c33d144939495650bb5cc49e1134c
Add two new metrics to monitor the client-go logic that
generate http.Transports for the clients.
- rest_client_transport_cache_entries is a gauge metrics
with the number of existin entries in the internal cache
- rest_client_transport_create_calls_total is a counter
that increments each time a new transport is created, storing
the result of the operation needed to generate it: hit, miss
or uncacheable
Change-Id: I2d8bde25281153d8f8e8faa249385edde3c1cb39
Kubernetes-commit: 3f3e1d507d081528ce8081f0daf4446d8a3b9bc0
* update serial number to a valid non-zero number in ca certificate
* fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit
Kubernetes-commit: e865b30abd0a862697ff1d2526ea8897ee98a523
This was making my eyes bleed as I read over code.
I used the following in vim. I made them up on the fly, but they seemed
to pass manual inspection.
:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w
Kubernetes-commit: d55b67b349021b6c46fc6ce78f2a36bd4217145f
T.Setenv ensures that the environment is returned to its prior state
when the test ends. It also panics when called from a parallel test to
prevent racy test interdependencies.
Kubernetes-commit: 89467ad3e9b051515fa9632a7373d6ef01723256
Steps:
1) Manualy update go.mod with new version string
2) ./hack/update-vendor.sh
3) Fixup go.sum with new package hash
4) ./hack/update-vendor.sh
Kubernetes-commit: 9f46cbc6fa475c420af3ccd654d4e59606375836
Currently, openapiv3 discovery uses requestURI to discover resources.
However, that does not work when the rest endpoint contains prefixes
(e.g. `http://localhost/test-endpoint/`).
Because requestURI overwrites prefixes also in rest endpoint
(e.g. `http://localhost/openapiv3/apis/apps/v1`).
Since `absPath` keeps the prefixes in the rest endpoint,
this PR changes to absPath instead requestURI.
Kubernetes-commit: d94c733ee2bfaedd9a1c45d58fbd56c99403c94d
A few notes about the change:
1. I need to initialize the fileclient once, in an init function, so I
don't have access to `testing.T` yet.
2. I want to be able to configure the openapi files that I use
3. We already have a "cache" client that wraps another client, we don't
need to re-implement caching here, one can just do:
`cache.NewClient(openapitest.NewFileClient("some/path"))` to do a cached
client. Or initialize it in an init/global var.
Since there is still some value to use the embedded file, make an
alternative constructor while using fs.FS interface to be able to
manipulate both virtual and disk-based filesystems.
Kubernetes-commit: 29503fd8d45bc2c9438e92936bf4111162529b40
This touches cases where FromInt() is used on numeric constants, or
values which are already int32s, or int variables which are defined
close by and can be changed to int32s with little impact.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 94410ee8078971b8894e5c400ce3fc79f02bc510
Create events are forbidden in terminating namespaces, use info
instead of error to log the failed event.
Signed-off-by: Sunil Shivanand <sunil.shivanand@statnett.no>
Kubernetes-commit: 7a6d58001b7d824f92601fd246b3aad9fbb9c583
* Add custom match conditions for CEL admission
This PR is based off of, and dependent on the following PR:
https://github.com/kubernetes/kubernetes/pull/116261
Signed-off-by: Max Smythe <smythe@google.com>
* run `make update`
Signed-off-by: Max Smythe <smythe@google.com>
* Fix unit tests
Signed-off-by: Max Smythe <smythe@google.com>
* Fix unit tests
Signed-off-by: Max Smythe <smythe@google.com>
* Update compatibility test data
Signed-off-by: Max Smythe <smythe@google.com>
* Revert "Update compatibility test data"
This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.
* Allow params during validation; make match conditions optional
Signed-off-by: Max Smythe <smythe@google.com>
* Add conditional ignoring of matcher CEL expression validation on update
Signed-off-by: Max Smythe <smythe@google.com>
* Run codegen
Signed-off-by: Max Smythe <smythe@google.com>
* Add more validation tests
Signed-off-by: Max Smythe <smythe@google.com>
* Short-circuit CEL matcher when no matchers specified
Signed-off-by: Max Smythe <smythe@google.com>
* Run codegen
Signed-off-by: Max Smythe <smythe@google.com>
* Address review comments
Signed-off-by: Max Smythe <smythe@google.com>
---------
Signed-off-by: Max Smythe <smythe@google.com>
Kubernetes-commit: e5fd204c33e90a7e8f5a0ee70242f1296a5ec7af
* api changes adding match conditions
* feature gate and registry strategy to drop fields
* matchConditions logic for admission webhooks
* feedback
* update test
* import order
* bears.com
* update fail policy ignore behavior
* update docs and matcher to hold fail policy as non-pointer
* update matcher error aggregation, fix early fail failpolicy ignore, update docs
* final cleanup
* openapi gen
Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
They contain some nice-to-have improvements (for example, better printing of
errors with gomega/format.Object) but nothing that is critical right now.
"go mod tidy" was run manually in
staging/src/k8s.io/kms/internal/plugins/mock (https://github.com/kubernetes/kubernetes/pull/116613
not merged yet).
Kubernetes-commit: fe59e091eb3331db54cff2351f16eabfe0cb681d
The structure of the error is changing, and we don't guarantee
reflect.DeepEqual(...) will remain true for ErrWaitTimeout currently.
Kubernetes-commit: 8d4004bbc77d012642db97e09238f4f65a926bca
Without this change, sometimes leaked goroutines were reported for
test/integration/scheduler_perf. The one that caused the cleanup to get delayed
was this one:
goleak.go:50: found unexpected goroutines:
[Goroutine 2704 in state chan receive, 2 minutes, with k8s.io/client-go/tools/cache.(*Reflector).watch on top of the stack:
goroutine 2704 [chan receive, 2 minutes]:
k8s.io/client-go/tools/cache.(*Reflector).watch(0xc00453f590, {0x0, 0x0}, 0x1f?, 0xc00a128080?)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:388 +0x5b3
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch(0xc00453f590, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:324 +0x3bd
k8s.io/client-go/tools/cache.(*Reflector).Run.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:279 +0x45
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0xc007aafee0)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:157 +0x49
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0xc003e18150?, {0x75e37c0, 0xc00389c280}, 0x1, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:158 +0xcf
k8s.io/client-go/tools/cache.(*Reflector).Run(0xc00453f590, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:278 +0x257
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:58 +0x3f
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:75 +0x74
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:73 +0xe5
watch() was stuck in an exponential backoff timeout. Logging confirmed that:
I0309 21:14:21.756149 1572727 reflector.go:387] k8s.io/client-go/informers/factory.go:150: watch of *v1.PersistentVolumeClaim returned Get "https://127.0.0.1:38269/api/v1/persistentvolumeclaims?allowWatchBookmarks=true&resourceVersion=1&timeout=7m47s&timeoutSeconds=467&watch=true": dial tcp 127.0.0.1:38269: connect: connection refused - backing off
Kubernetes-commit: b4751a52d53d4acc6a5ce3e796938c9a12f81fcb
The comment on ConfigMapsLeasesResourceLock begins with the wrong name: EndpointsLeasesResourceLock.
Kubernetes-commit: a50c9db09ba4d22328088887d2fd00b61b36e6c4
Since the behavior is now changed, and the old behavior leaked objects,
this adds a new comment about how Replace works.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 27f4bcae5c52a3bb88141f940ec23d907a15cde5
This is useful to both reduce the code complexity, and to ensure clients
get the "newest" version of an object known when its deleted. This is
all best-effort, but for clients it makes more sense giving them the
newest object they observed rather than an old one.
This is especially useful when an object is recreated. eg.
Object A with key K is in the KnownObjects store;
- DELETE delta for A is queued with key K
- CREATE delta for B is queued with key K
- Replace without any object with key K in it.
In this situation its better to create a DELETE delta with
DeletedFinalStateUnknown with B (with this patch), than it is to give
the client an DeletedFinalStateUnknown with A (without this patch).
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 7bcc3e00fc28b2548886d04639a2e352ab37fb55
This fixes an issue where a relist could result in a DELETED delta
with an object wrapped in a DeletedFinalStateUnknown object; and then on
the next relist, it would wrap that object inside another
DeletedFinalStateUnknown, leaving the user with a "double" layer
of DeletedFinalStateUnknown's.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 0bf0546d9f75d92c801e81c9f7adf040bba64102
Requests can accumulate errors with no obvious indication, e.g. if
their primary purpose is to construct a URL: URL() itself doesn't
return an error if r.err is non-nil.
Instead of changing URL() to return an error, which has quite a large
impact, add an Error() function and indicate on URL() that it should
be checked.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: f69c1c47463ff70ad61adf6f38c4d5b7373e9d0a
This fixes a race condition when a "short lived" object
is created and the create event is still present on the queue
when a relist replaces the state. Previously that would lead in the
object being leaked.
The way this could happen is roughly;
1. new Object is added O, agent gets CREATED event for it
2. watch is terminated, and the agent runs a new list, L
3. CREATE event for O is still on the queue to be processed.
4. informer replaces the old data in store with L, and O is not in L
- Since O is not in the store, and not in the list L, no DELETED event
is queued
5. CREATE event for O is still on the queue to be processed.
6. CREATE event for O is processed
7. O is <leaked>; its present in the cache but not in k8s.
With this patch, on step 4. above it would create a DELETED event
ensuring that the object will be removed.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 25d77218acdac2f793071add9ea878b08c7d328b
When Shutdown was called, delivery of each pending event would still be retried
12 times with a delay of ~10s between each retry. In apiserver integration
tests that caused the goroutine to linger long after the corresponding
apiserver of the test was shut down.
Kubernetes-commit: 15b01af9c18a0840d71e2bb7dff4d8c29b158aad
This improves performance of the text formatting and ktesting.
Because ktesting no longer buffers messages by default, one unit
test needs to ask for that explicitly.
Kubernetes-commit: 961819a4d09488e20931103e0c36d2bed588fdcb
The kube-apiserver validation expects the Count of an EventSeries to be
at least 2, otherwise it rejects the Event. There was is discrepancy
between the client and the server since the client was iniatizing an
EventSeries to a count of 1.
According to the original KEP, the first event emitted should have an
EventSeries set to nil and the second isomorphic event should have an
EventSeries with a count of 2. Thus, we should matcht the behavior
define by the KEP and update the client.
Also, as an effort to make the old clients compatible with the servers,
we should allow Events with an EventSeries count of 1 to prevent any
unexpected rejections.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: d00364902bda05eed4f7f02051ab81f7be55f8a9
The path module has a few different functions:
Clean, Split, Join, Ext, Dir, Base, IsAbs. These functions do not
take into account the OS-specific path separator, meaning that they
won't behave as intended on Windows.
For example, Dir is supposed to return all but the last element of the
path. For the path "C:\some\dir\somewhere", it is supposed to return
"C:\some\dir\", however, it returns ".".
Instead of these functions, the ones in filepath should be used instead.
Kubernetes-commit: 856bb5c8f266f5276f1a576f47be622d7cb384e7
This creates go.work and enables Go Workspaces. This is a file that
includes info on k/k and all the staging modules.
This depends on go 1.22 and setting FORCE_HOST_GO=true (for kube
scripts, which try to be hermetic).
Make this part of the normal update/verify sequence.
The top-level go.work file contains no replace statements. Instead, the
replace statements in the individual go.mod files are used. For this to
work, replace statements in the individual go.mod files have to be
consistent.
hack/tools has different dependencies and can't be in the main
workspace, so this adds a go.work just for that. Without this, go tries
to consider all deps in all modules and pick one that works for all.
This is problematic because there are so many of them that it is
difficult to manage.
Likewise for k8s.io/code-generator/examples and
k8s.io/kms/internal/plugins/_mock - add trivial go.work files.
For example k/k depends on an older version of a lib that gloangci-lint
needs (transitively) and it breaks.
This also updates vendor (needed to make go happy), and removes
vendor'ed symlinks. This breaks a LOT of our build tools, which will be
fixed subsequently.
Result: `go` commands work across modules:
Before:
```
$ go list ./pkg/proxy/iptables/ ./staging/src/k8s.io/api/core/v1/
main module (k8s.io/kubernetes) does not contain package k8s.io/kubernetes/staging/src/k8s.io/api/core/v1
$ go build ./pkg/proxy/iptables/ ./staging/src/k8s.io/api
main module (k8s.io/kubernetes) does not contain package k8s.io/kubernetes/staging/src/k8s.io/api
$ go test ./pkg/proxy/iptables/ ./staging/src/k8s.io/api
main module (k8s.io/kubernetes) does not contain package k8s.io/kubernetes/staging/src/k8s.io/api
```
After:
```
$ go list ./pkg/proxy/iptables/ ./staging/src/k8s.io/api/core/v1/
k8s.io/kubernetes/pkg/proxy/iptables
k8s.io/api/core/v1
$ go build ./pkg/proxy/iptables/ ./staging/src/k8s.io/api
$ go test ./pkg/proxy/iptables/ ./staging/src/k8s.io/api
ok k8s.io/kubernetes/pkg/proxy/iptables 0.360s
ok k8s.io/api 2.302s
```
Result: `make` fails:
```
$ make
go version go1.22rc1 linux/amd64
+++ [0106 12:11:03] Building go targets for linux/amd64
k8s.io/kubernetes/cmd/kube-proxy (static)
k8s.io/kubernetes/cmd/kube-apiserver (static)
k8s.io/kubernetes/cmd/kube-controller-manager (static)
k8s.io/kubernetes/cmd/kubelet (non-static)
k8s.io/kubernetes/cmd/kubeadm (static)
k8s.io/kubernetes/cmd/kube-scheduler (static)
k8s.io/component-base/logs/kube-log-runner (static)
k8s.io/kube-aggregator (static)
k8s.io/apiextensions-apiserver (static)
k8s.io/kubernetes/cluster/gce/gci/mounter (static)
k8s.io/kubernetes/cmd/kubectl (static)
k8s.io/kubernetes/cmd/kubectl-convert (static)
github.com/onsi/ginkgo/v2/ginkgo (non-static)
k8s.io/kubernetes/test/e2e/e2e.test (test)
k8s.io/kubernetes/test/conformance/image/go-runner (non-static)
k8s.io/kubernetes/cmd/kubemark (static)
github.com/onsi/ginkgo/v2/ginkgo (non-static)
k8s.io/kubernetes/test/e2e_node/e2e_node.test (test)
test/e2e/e2e.go:35:2: cannot find package "k8s.io/api/apps/v1" in any of:
/home/thockin/src/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/api/apps/v1 (vendor tree)
/home/thockin/src/kubernetes/_output/local/.gimme/versions/go1.22rc1.linux.amd64/src/k8s.io/api/apps/v1 (from $GOROOT)
/home/thockin/src/kubernetes/_output/local/go/src/k8s.io/api/apps/v1 (from $GOPATH)
... more ...
... more ...
... more ...
!!! [0106 12:13:41] Call tree:
!!! [0106 12:13:41] 1: /home/thockin/src/kubernetes/hack/lib/golang.sh:948 kube::golang::build_binaries_for_platform(...)
!!! [0106 12:13:41] 2: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
!!! [0106 12:13:41] Call tree:
!!! [0106 12:13:41] 1: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
!!! [0106 12:13:41] Call tree:
!!! [0106 12:13:41] 1: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
make: *** [Makefile:96: all] Error 1
```
Again, this requires go 1.22 (e.g. gotip), as go 1.21.x does not have
`go work vendor` support.
TO REPEAT:
( \
./hack/update-go-workspace.sh; \
./hack/update-vendor.sh; \
./hack/update-go-workspace.sh; \
)
Kubernetes-commit: 65b841c077e0d3282d28b9199aec72d23d045104
This fixes the following warning (error?) in the apiserver:
E0126 18:10:38.665239 16370 fieldmanager.go:210] "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (test/claim-84; resource.k8s.io/v1alpha1, Kind=ResourceClaim) to smd typed: .status.reservedFor: element 0: associative list without keys has an element that's a map type" VersionKind="/, Kind=" namespace="test" name="claim-84"
The root cause is the same as in e50e8a0c919c0e02dc9a0ffaebb685d5348027b4:
nothing in Kubernetes outright complains about a list of items where the item
type is comparable in Go, but not a simple type. This nonetheless isn't
supposed to be done in the API and can causes problems elsewhere.
For the ReservedFor field, everything seems to work okay except for the
warning. However, it's better to follow conventions and use a map. This is
possible in this case because UID is guaranteed to be a unique key.
Validation is now stricter than before, which is a good thing: previously,
two entries with the same UID were allowed as long as some other field was
different, which wasn't a situation that should have been allowed.
Kubernetes-commit: 508cd60760567b3832da748140e3cf782c1b8695
If gomega.Eventually/Consistently run into a situation where it observes some
state of e.g. a pod which does not satisfy the condition and then further
polling fails with API server errors, gomega will report both the most recent
pod state and API error instead of just the API error.
Kubernetes-commit: aa1279b5eb79177f5351368d8d9159982b1bfb5e
These are not regenerated by any input. The OWNERS files were the last
things left for these 2 directories
Kubernetes-commit: dc88f34ce30eb98285f7f30e391b135e842cdbc2
It seems valuable to be able to provide hand-written docs for these
first-level directories, and if don't want them, the generated doc.go
files are not actually very helpful.
This commit also adds new doc.go files for client-go listers/ and
informers/.
Kubernetes-commit: 95bf7b0afe9dd6a0f00125b1d290514a23e778e2
While refactoring the backoff manager to simplify and unify the code
in wait a race condition was encountered in
TestSharedInformerWatchDisruption. The new implementation failed
because the fake clock was not propagated to the backoff managers
when the reflector was used in a controller. After ensuring the
mangaers, reflector, controller, and informer shared the same
clock the test needed was updated to avoid the race condition by
advancing the fake clock and adding real sleeps to wait for
asynchronous propagation of the various goroutines in the controller.
Due to the deep structure of informers it is difficult to inject
hooks to avoid having to perform sleeps. At a minimum the FakeClock
interface should allow a caller to determine the number of waiting
timers (to avoid the first sleep).
Kubernetes-commit: 91b3a81fbd916713afe215f7d701950e13a02869
Add a "lazy" type to track when an update is needed. It uses a nested
locking technique to avoid extra evaluation calls.
Kubernetes-commit: 5a1091d88d95bd1dd5c27f2c72cee4ecb4219dda
Bumping version to include changes that
better handle TLS errors. Bump nescessary
to prepare for when the version of Go is
bumped to 1.20
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: 8b064fa4be71b5f1b498fabb5caade3c57f5d434
Update isomorphic event definition in the events/v1 client to match aggregation logic from core/v1
Kubernetes-commit: f56c79398e3c58b4f5a9c7e6a1f4d64248ef1b83
The new ginkgo release adds sorting of specs. This was triggered by
the observation that parallel test execution of Kubernetes E2E tests
sometimes ran the same spec twice and (presumably) other specs not at all
because spec order was random due to iteration over a map.
Sorting should avoid that problem.
Kubernetes-commit: baf832d80d798d53ceb7d4de3a39330c6eda5c6a
Currently, watch package embeds context deadlineexceeded error
in it's own error using `%v`, as can be seen in here;
`fmt.Errorf("UntilWithSync: unable to sync caches: %v", ctx.Err())`
However, consumers of this function can not use
`errors.Is(err, context.DeadlineExceeded)` due this `%v`.
To let consumers can distinguish context deadlineexceeded errors,
this PR changes error embedding format to `%w`.
Kubernetes-commit: 6b7c365f8f6d50280c2dab171efdd4b93d964f32
Fake discovery should return an error if an error-returning reactor was prepended.
This is relevant e.g. for unit tests which test a function which relies
on discovery to check if an API Server is available.
Matches existing behavior of other fake types, for example fake_namespace.
Adds unit test coverage as well.
Kubernetes-commit: b47748103a53c0fe5ba1ddc950662ffc9bd9ed0f
Currently, when the remote connection is unexpected closed, forward() prints an error message saying "lost connection to pod" via runtime.HandleError, but then it returns nil for the error.
This prevents the caller from being able to handle this error differently.
This commit changes forward() to return the "lost connection to pod" error so that it can be handled by the caller.
Making this change enables kubectl port-forward to exit with code 1, instead of 0, which is the expected behavior for a command that has failed.
Kubernetes-commit: a9f04103854893056237a09250ad3335867b0391
When attempting to record a new Event and a new Serie on the apiserver
at the same time, the patch of the Serie might happen before the Event
is actually created. In that case, we handle the error and try to create
the Event. But the Event might be created during that period of time and
it is treated as an error today. So in order to handle that scenario, we
need to retry when a Create call for a Serie results in an AlreadyExist
error.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: 2f83117bcfe30ad3ada7f1ca66f4b885a1d5df25
There was a data race in the recordToSink function that caused changes
to the events cache to be overriden if events were emitted
simultaneously via Eventf calls.
The race lies in the fact that when recording an Event, there might be
multiple calls updating the cache simultaneously. The lock period is
optimized so that after updating the cache with the new Event, the lock
is unlocked until the Event is recorded on the apiserver side and then
the cache is locked again to be updated with the new value returned by
the apiserver.
The are a few problem with the approach:
1. If two identical Events are emitted successively the changes of the
second Event will override the first one. In code the following
happen:
1. Eventf(ev1)
2. Eventf(ev2)
3. Lock cache
4. Set cache[getKey(ev1)] = &ev1
5. Unlock cache
6. Lock cache
7. Update cache[getKey(ev2)] = &ev1 + Series{Count: 1}
8. Unlock cache
9. Start attempting to record the first event &ev1 on the apiserver side.
This can be mitigated by recording a copy of the Event stored in
cache instead of reusing the pointer from the cache.
2. When the Event has been recorded on the apiserver the cache is
updated again with the value of the Event returned by the server.
This update will override any changes made to the cache entry when
attempting to record the new Event since the cache was unlocked at
that time. This might lead to some inconsistencies when dealing with
EventSeries since the count may be overriden or the client might even
try to record the first isomorphic Event multiple time.
This could be mitigated with a lock that has a larger scope, but we
shouldn't want to reflect Event returned by the apiserver in the
cache in the first place since mutation could mess with the
aggregation by either allowing users to manipulate values to update
a different cache entry or even having two cache entries for the same
Events.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: 55ec09d377274b4a6107fe0b7a061ad408fe05a7
* Add tracker types and tests
* Modify ResourceEventHandler interface's OnAdd member
* Add additional ResourceEventHandlerDetailedFuncs struct
* Fix SharedInformer to let users track HasSynced for their handlers
* Fix in-tree controllers which weren't computing HasSynced correctly
* Deprecate the cache.Pop function
Kubernetes-commit: 8100efc7b3122ad119ee8fa4bbbedef3b90f2e0d
There should only be one source of truth for the API group's name and
version.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: e13198ec6f52c4a6405388e90053954dc7656a31
Ginkgo v2.5.0 adds support for a "timeline": a full description of what happened
while a specific test ran, including failures, timeouts, and log output.
Ginkgo v2.6.0 adds ReportBeforeSuite which we need for
https://github.com/kubernetes/kubernetes/issues/114313.
Kubernetes-commit: f3ef4004317c1a12d84021be29dd5f92badc8eff
Update the definition of an isomorphic event in the events/v1 client to
match the aggregation logic that was already present in the core/v1
implementation.
The note field was omitted even though the message was used in the core
API aggregation because we didn't reach consensus.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: 21f2f746abc1a5a1b3193274401f5728e19cc26f
remove allowOmittingUsageKeyEncipherment as it is always true
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
Kubernetes-commit: 160f015ef4affe903f98e74cf42b40fceef15cb9
The error result of `d.downloadAPIs()` is set in `aerr`,
not `err`.
This prevents a nil-ptr dereference of apiGroups in the next step.
Signed-off-by: Abhijit Hoskeri <abhijithoskeri@gmail.com>
Kubernetes-commit: 450ba4f50638ad9ee4d287a762a8530c64e89ebd
* Add RedactSecrets function
* Move RedactSecrets method to existing RawBytesData case
* Update TestRedactSecrets to use new pattern of os.CreateTemp()
Kubernetes-commit: e721272d10dd6c4d85ff613182ba0eaddcec9272
rather than modify the object directly, this function provides a JSONPATCH that should be sent to the server to upgrade its managed fields.
Kubernetes-commit: 4e4d748c06e2c2dfec7608f96237c4b0a42540c9
adds unneccessary complexity. also discussed in SIG CLI meeting to keep annotation around for a while longer
Kubernetes-commit: 0c055eae3c9eaea26574743f0623d6b0e9e3d6b4
Gomega adds support for formatting extensions and StopTrying in matchers.
Ginkgo enhances DeferCleanup.
This also triggered an update of other dependencies.
Kubernetes-commit: e6ad2f2f23449c9d24606b864c4737dc66a7427e
No particular benefit and no relevant changes, it's just to stay up-to-date and
to avoid having to pull that in when merging
https://github.com/kubernetes/kubernetes/pull/111023 which indirectly depends
on the newer release.
Kubernetes-commit: 9b93cc663a102b6e36f07eecc7b6e32225f39295
All other clients:
- expose a New() method that takes a rest.Interface
- expose their RESTClient()
- return pointers to the type, not instances of an interface that the
type implements
For code that is generic over all Kubernetes clients, and for general
developer experience, it's best to make sure that this client adheres to
these common practices.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 74af6f1e7d9057bfcb64f4d875063c14041937e5
It's clear that client-sets contain many versions of one group, so this
comment just seems to be out-dated.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 588f016c3bc04ea2da85d7077643677028a8cb1b
5 years after third party resources were removed, we're probably just confusing readers with this reference.
Kubernetes-commit: d21fc6e762276747e3306cfaf27b0ce1201071c2
Mark remotecommand.Executor as deprecated and related modifications.
Handle crash when streamer.stream panics
Add a test to verify if stream is closed after connection being closed
Remove blank line and update waiting time to 1s to avoid test flakes in CI.
Refine the tests of StreamExecutor according to comments.
Remove the comment of context controlling the negotiation progress and misc.
Signed-off-by: arkbriar <arkbriar@gmail.com>
Kubernetes-commit: 42808c8343671e6783ba4c901dcd619bed648c3d
Add an annotation that can be added to the exampleType passed to
NewReflector to indicate the expected type for the Reflector. This is
useful for types such as unstuctured.Unstructured, which, when used with
a dynamic informer, do not have their TypeMeta filled in.
Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
Kubernetes-commit: 474fc8c5234000bce666a6b02f7ffbb295ef135f
SharedInformerFactory starts goroutines in Start and those can be stopped by
closing the stop channel. However, there was no API that waits for the
goroutines.
This is a problem for unit testing. A test has to return while the informers
are still running, which may get flagged by tools like
https://github.com/uber-go/goleak or by klog/ktesting when those informers
lead to log output.
While at it, more documentation gets added to address
https://github.com/kubernetes/kubernetes/issues/65036.
Kubernetes-commit: e89d1d47e8365cad31600b17dab662d3c8a359dd
Ginkgo v2.1.6 adds ginkgo.SuppressProgressReporting which is needed
to suppress too verbose output each time the ReportAfterEach of the custom
progress reporter is invoked.
Kubernetes-commit: 311144fb3e61dabdbcd48d164dc80716b5ba5a73
The lock acquired by tryAcquireOrRenew is released when the leader ends
leadership. However, due to the cancellation of the context, the lock may
be set as an empty lock, so the Update cannot be run normally, resulting
in a failure to release the lock.
Signed-off-by: jackzhang <x_jackzhang@qq.com>
Kubernetes-commit: 8690ff6264cceb38bd81dec99bb8affcc40286a9
This change updates the transport.Config .Dial and .TLS.GetCert fields
to use a struct wrapper. This indirection via a pointer allows the
functions to be compared and thus makes them valid to use as map keys.
This change is then leveraged by the existing global exec auth and TLS
config caches to return the same authenticator and TLS config even when
distinct but identical rest configs were used to create distinct
clientsets.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 831d95b6a021c2767effe85e461309cb6a0fdcec
for correctness. technically shouldnt be an issue since restarting a stopped processor is not supported
Kubernetes-commit: 3a81341cfa6f7e2ca1b9bfc195c567dcdfaa4dea
The functionality provided by the finalURLTemplate is still used by
certain external projects to track the request latency for requests
performed to kube-apiserver.
Using a template of the URL, instead of the URL itself, prevents the
explosion of label cardinality in exposed metrics since it aggregates
the URLs in a way that common URLs requests are reported as being the
same.
This reverts commit bebf5a608f68523fc430a44f6db26b16022dc862.
Signed-off-by: André Martins <aanm90@gmail.com>
Kubernetes-commit: f8f190cdd2fa76296f8b1b019ac77128b5d40b79
To be able to write more precise unit tests in the future
Change-Id: I8f45947dfacca501acd856849bd978fad0f735cd
Kubernetes-commit: dad8454ebb87ba7af897537db6d34033127bbfef
This is a little more computationally expensive but reduces the
likelihood of a potentially malicious cache collision.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: c5957c284e1d23bdadc98fbbe2bb481fc1f345d4
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
This helps avoid (potentially malicious) collisions when reading and
writing cache data.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 288a17fd337c65cb5aea44e44ecb74e9cb8088f5
It is used to request that a pod runs in a unique user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
Kubernetes-commit: 9e9b23fd3ca6c0c58ee401b18a65422c0564bec0
Part of the API discovery cache uses an HTTP RoundTripper that
transparently caches responses to disk. The upstream implementation of
the disk cache is hard coded to call Sync() on every file it writes.
This has noticably poor performance on modern Macs, which ask their disk
controllers to flush all the way to persistant storage because Go uses
the `F_FULLFSYNC` fnctl. Apple recommends minimizing this behaviour in
order to avoid degrading performance and increasing disk wear.
The content of the discovery cache is not critical; it is indeed just a
cache and can be recreated by hitting the API servers' discovery
endpoints. This commit replaces upstream httpcache's diskcache
implementation with a similar implementation that can use CRC-32
checksums to detect corrupted cache entries at read-time. When such an
entry is detected (e.g. because it was only partially flushed to
permanent storage before the host lost power) the cache will report a
miss. This causes httpcache to fall back to its underlying HTTP
transport (i.e. the real API server) and re-cache the resulting value.
Apart from adding CRC-32 checksums and avoiding calling fsync this
implementation differs from upstream httpcache's diskcache package in
that it uses FNV-32a hashes rather than MD5 hashes of cache keys in
order to generate filenames.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 7a2c6a432f9e8db8b84abe5607843429f8bff417
This benchmark is intended to demonstrate a performance improvement
gained by removing fsyncs. Refer to the below issue for more detail.
https://github.com/kubernetes/kubernetes/issues/110753
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: eace46906512b99c23ad9635edc2ea055363a602
This makes ktesting more resilient against logging from leaked goroutines,
which is a problem that came up in kubelet node shutdown
tests (https://github.com/kubernetes/kubernetes/issues/110854).
Kubernetes-commit: 3581e308835c69b11b2c9437db44073129e0e2bf
This will help us to get rid of `Ginkgo` v1 dep.
Signed-off-by: Dave Chen <dave.chen@arm.com>
Kubernetes-commit: 597071af17377f5ab4de03804b0d8b41f73fe7ce
The main practical advantage is that klog.Fatal no longer dumps the backtrace
of all goroutines.
Kubernetes-commit: f05e327ca611c23469ef41310d1d59b384cedc27
This type should never have been shared between Service and Ingress.
The `ports` field is unfortunate, but it is needed to stay compatible.
Kubernetes-commit: 0153bfad16102e42d0b0dbb56742d0a6626e4180
To be able to implement controllers that are dynamically deciding
on which resources to watch, it is required to get rid of
dedicated watches and event handlers again. This requires the
possibility to remove event handlers from SharedIndexInformers again.
Stopping an informer is not sufficient, because there might
be multiple controllers in a controller manager that independently
decide which resources to watch.
Unfortunately the ResourceEventHandler interface encourages to use
value objects for handlers (like the ResourceEventHandlerFuncs
struct, that uses value receivers to implement the interface).
Go does not support comparison of function pointers and therefore
the comparison of such structs is not possible, also. To be able
to remove all kinds of handlers and to solve the problem of
multi-registrations of handlers a registration handle is introduced.
It is returned when adding a handler and can later be used to remove
the registration again. This handle directly stores the created
listener to simplify the deletion.
Kubernetes-commit: 7436af3302088c979b431856c432b95dd230f847
This fix allows Reflector/Informer callers to detect API errors using the standard Go errors.As unwrapping methods used by the apimachinery helper methods. Combined with a custom WatchErrorHandler, this can be used to stop an informer that encounters specific errors, like resource not found or forbidden.
Kubernetes-commit: 9ace604b63045ebbb066cab5e8508b51d0900a05
The updated zapr is more resilient against MarshalLog crashing. Not a known
problem in Kubernetes, though.
Kubernetes-commit: 3e6974e0ba67a8f598e7bc4ccedfdab928935551
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type
Introduce networking/v1alpha1 api group.
Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Change ClusterCIDRConfig.NodeSelector type in api
* Fix review comments for API
* Update ClusterCIDRConfig API Spec
Introduce PerNodeHostBits field, remove PerNodeMaskSize
Kubernetes-commit: b9792a9daef4d978c5c30b6d10cbcdfa77a9b6ac
This commit refactors the retry logic to include resetting the
request body. The reset logic will be called iff it is not the
first attempt. This refactor is nescessary mainly because now
as per the retry logic, we always ensure that the request body
is reset *after* the response body is *fully* read and closed
in order to reuse the same TCP connection.
Previously, the reset of the request body and the call to read
and close the response body were not in the right order, which
leads to race conditions.
This commit also adds a test that verifies the order in which
the function calls are made to ensure that we seek only after
the response body is closed.
Co-authored-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: 68c8c458ee8f6629eef806c48c1a776dedad3ec4
* Add FeatureGate PodHostIPs
* Add HostIPs field and update PodIPs field
* Types conversion
* Add dropDisabledStatusFields
* Add HostIPs for kubelet
* Add fuzzer for PodStatus
* Add status.hostIPs in ConvertDownwardAPIFieldLabel
* Add status.hostIPs in validEnvDownwardAPIFieldPathExpressions
* Downward API support for status.hostIPs
* Add DownwardAPI validation for status.hostIPs
* Add e2e to check that hostIPs works
* Add e2e to check that Downward API works
* Regenerate
Kubernetes-commit: 61b3c028ba618a939559c39befb546ae5e5fd0b9
* Implement status subresource in NetworkPolicy
* add NetworkPolicyStatus generated files
* Fix comments in netpol status review
Kubernetes-commit: 42a12010829962c6e87cee8e4bc217d39d7a8043
reflect latest struct changes
use correct discovery openapi test data layout
make the OpenAPIv3 interface less blue
field grouping
add copyrights
implement cached discovery client
add cached discovery tests
address review feedback
Kubernetes-commit: 075866b3e3ea029c243d82d8d6eb99e96d9c49d3
Currenlty an event recorder can send an event to a
broadcaster that is already stopped, resulting
in a panic. This ensures the broadcaster holds
a lock while it is shutting down and then forces
any senders to drop queued events following
broadcaster shutdown.
It also updates the Action, ActionOrDrop, Watch,
and WatchWithPrefix functions to return an error
in the case where data is sent on the closed bradcaster
channel rather than panicing.
Lastly it updates unit tests to ensure the fix works correctly
fixes: https://github.com/kubernetes/kubernetes/issues/108518
Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
Kubernetes-commit: 6aa779f4ed3d3acdad2f2bf17fb27e11e23aabe4
client-go: refactor retry logic for backoff, rate limiter and metric to be reused by Watch, Stream, and Do
Kubernetes-commit: 52cd4d53ac8ac33cacd3d2c618cf22f1e3fd6a7e
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:
- Logging a message only above a certain verbosity threshold without
recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
this matters when using a logging backend which records the verbosity
level.
- Passing a format string with parameters to a logging function that
doesn't do string formatting.
All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.
In some cases it reports false positives, but those can be suppressed with
source code comments.
Kubernetes-commit: edffc700a43e610f641907290a5152ca593bad79
ServerResources function was deprecated and instead ServerGroupsAndResources
function is suggested.
This PR removes ServerResources function and move every place to use ServerGroupsAndResources.
Kubernetes-commit: ef39a8914291ba200bd5486c88a7575ffd4b7d1d
Get metrics for the request and response size, so we can correlate latency
and size on a request, otherwise we could get confused because we don't know if the
network is slow or just the request size huge.
Kubernetes-commit: 64d9d0585f6dbc9266f31b6d0f795d6c0421495e
The restclient metrics were updated to track only the host field of the
url, the finalURLTemplate is not longer needed, its only goal was to
replace name and namespace in the path to avoid cardinality.
Kubernetes-commit: bebf5a608f68523fc430a44f6db26b16022dc862
Also runs:
hack/pin-dependency.sh golang.org/x/mod \
v0.6.0-dev.0.20220106191415-9b9b3d81d5e3
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Kubernetes-commit: 4b1bd548bbe4d71609c65b050b69f63af1ca81d1
Goal of this commit is to add some missing features when the
Kubernetes API is accessed through a SOCKS5 proxy. That's for
example the case when port-forwarding is used (`kubectl port-forward`)
or when exec'ing inside a container (`kubectl exec`), with this
commit it'll now be possible to use both.
Signed-off-by: Romain Aviolat <romain.aviolat@kudelskisecurity.com>
Signed-off-by: Romain Jufer <romain.jufer@kudelskisecurity.com>
Kubernetes-commit: 0a98875e9572d998fbdf3bcdaef4961715b8bc06
* client-go: Remove unreachable return
Due to the way the switch statement is done,
the return at the end of the function will neverbe reached.
Signed-off-by: Ismayil Mirzali <ismayilmirzeli@gmail.com>
* client-go: Refactor for clarity
Fixed one instance where the error message should be lowercase.
Made the fields in the struct literal more explicit
Signed-off-by: Ismayil Mirzali <ismayilmirzeli@gmail.com>
Kubernetes-commit: 75c0987de3cb9a0380873745f68dea2f0835a7a2
* Enable setting proxyurl in kubeconfig via kubectl config
This PR enables setting `proxy-url` in kubeconfig via kubectl config.
* Add godoc for proxy-url unit tests
Kubernetes-commit: afdde383210294c3da573decc44b5ce55cffcb94
The new release adds support for multi-line string output (required for
contextual logging) and Verbose.InfoSDepth (required to properly attach
verbosity to some log messages in helper code).
Kubernetes-commit: cb17b76d4d0a1c8021b427cd15b5d504bb468ee6
Two simple choices for workqueues do not document that they do not emit
metrics. Using their named variants fixes this, but was undocumented.
Change-Id: I100ad08a4859513987941ed35d12abb4cbb39873
Kubernetes-commit: f468bee672b0ccf9b97a85f17ec1f5645aced926
- Also update test-cmd.sh to pass a signing ca to the kube controller
manager, so CSRs work properly in integration tests.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Kubernetes-commit: f015fd66ce95d02cd66efc263eb9e5441b42a17d
the test TestHTTP1DoNotReuseRequestAfterTimeout has to wait for
request to time out to assert that subsequent requests does not
reuse the TCP connection.
It seems that current value of 100ms causes issues on some CI
environments and bumping the timeout seems to solve this flakiness,
We can bump the timeout value because is really low compared to real
scenarios and the bump still keeps it in the millisecond order.
Kubernetes-commit: 85797eba7075d83b116b5c91ff3b17c2d5118d01
This mirrors most (maybe all?) other fake clients. Example of a real
world use case this would have been useful:
https://github.com/istio/istio/pull/35434
Kubernetes-commit: 86c9fef160b37ce834b680e49cf237917d2e5c6c
Close connection and stop listening when port forwarding errors occur so that kubectl can exit
Kubernetes-commit: cd6ffff85d257ff9067d59339f2ffdbcc66dc164
This avoids the assumption that the kinds are populated in the schema,
and is arguably a little more efficient also.
Kubernetes-commit: 3bf06ff3a15a2f1fefeb7a70373a92cb4b94818f
Add wired off code for Validation rules for Custom Resource Definitions using the CEL expression language
Kubernetes-commit: 6b41d75794381487ef7204b016faa75e350a32b7
It iterates over the wrapped transports until it finds one
that implements the CloseIdleConnections method and executes it.
add test for closeidle http1 connections
add test for http1.1 reconnect with inflight request
add test to reuse connection request
add test for request connect after timeout
add test for client-go request concurrency
Kubernetes-commit: b9d865a8185b62d83e9ff81b0e3499a26ac6960d
* De-share the Handler struct in core API
An upcoming PR adds a handler that only applies on one of these paths.
Having fields that don't work seems bad.
This never should have been shared. Lifecycle hooks are like a "write"
while probes are more like a "read". HTTPGet and TCPSocket don't really
make sense as lifecycle hooks (but I can't take that back). When we add
gRPC, it is EXPLICITLY a health check (defined by gRPC) not an arbitrary
RPC - so a probe makes sense but a hook does not.
In the future I can also see adding lifecycle hooks that don't make
sense as probes. E.g. 'sleep' is a common lifecycle request. The only
option is `exec`, which requires having a sleep binary in your image.
* Run update scripts
Kubernetes-commit: 11a25bfeb6fd6e8e5c42e316b17cea15a702041c
The new releases fix logging of KObj in JSON output: klog implements the new
logr.Marshaler interface and zapr uses it instead of Stringer when logging the
ObjectRef created by KObj.
Kubernetes-commit: 169e8b65a00b45ef8bbc7a14cd985df1c835953b
Add two new constructors for versioned and unversioned RESTClients.
These new constructors allow to pass an http.Client to the RESTClient,
taking precence over the transport Config parameters.
Add a new helper function to generate an http.Client from the RESTClient
Config object.
Co-authored-by: Jordan Liggitt <liggitt@google.com>
Kubernetes-commit: 80fbc817263de1c46e1493819aca35b1ef8e3d09
enhance client-go DebugURLTiming roundtripper using golang httptrace
to provide timing statistics for:
- dns lookup
- tcp dialing
- tls handshake
- time to get a connection from the pool
- time to process a request
Kubernetes-commit: 72c35be086fed5f70fd11dc96ca34298573bff05
This allows to check for specific errors using `errors.Is`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Kubernetes-commit: a5647fa417de6d17ba200f1b4bcd2bb28cceb22c
See https://github.com/grpc/grpc-go/issues/4758 for a real world example
of this leaking 2gb+ of data.
Basically, when we do `q.queue[1:]` we are just repositioning the slice.
The underlying array is still active, which contains the object formerly
known as `q.queue[0]`. Because its referencing this object, it will not
be GCed. The only thing that will trigger it to free is eventually when
we add enough to the queue that we allocate a whole new array.
Instead, we should explicitly clear out the old space when we remove it
from the queue. This ensures the object can be GCed, assuming the users'
application doesn't reference it anymore.
Kubernetes-commit: 2a34801168dc1c70ba25b1d4200b534bf515cbc2
to keep a count of the pods that have the ready condition.
Also:
- Add feature gate JobReadyPods.
- Add Ready to describe.
Change-Id: Ib934730a430a8e2a2f485671e345fe2330006939
Kubernetes-commit: 1bff5eb44d9897e12aff3ea10f5a856580158278
This behaviour was broken by commit
39cfe232325d66bcdbc935af7aaf7022562e7010 and PR kubernetes#98057
Kubernetes-commit: b79859cb12b19222fffc17481e1fe006819de63c
- Introduce PassiveRateLimiter which implements all methods of previous RateLimiter except Accept() and Wait()
- Change RateLimiter interface to extend PassiveRateLimiter by additionally implementing Accept() and Wait()
- Make client-go/tools/record use PassiveRateLimiter
Refactor EventSourceObjectSpamFilter, EventAggregator, EventCorrelator
- EventSourceObjectSpamFilter, EventAggregator, EventCorrelator use clock.PassiveClock now.
- This won't be a breaking change because even if a clock.Clock is passed, it still implements the clock.PassiveClock interface.
- Extend clock.PassiveClock through Clock.
- Replace pacakge local implementation of realClock with clock.RealClock
- In flowcontrol/throttle.go split tokenBucketRateLimiters to use Clock and clock.PassiveClock.
- Migrate client-go/tools/record tests from using IntervalClock to using SimpleIntervalClock (honest implementation of clock.PassiveClock)
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: ac5c55f0bd853fcf883d9b8e1f5ef728a2fb5309
metaclient explicitly specifies the Content-Type when executing Delete and DeleteCollection, and add test for that
Kubernetes-commit: 8976f6f6d9af22ad40df891565c19e4dfd67f591
This updates the k8s.io/util to pull in the fix for
https://github.com/kubernetes/kubernetes/issues/104452.
Commands run:
./hack/pin-dependency.sh k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
./hack/update-vendor.sh
Kubernetes-commit: c2532351525c2822daab61303eb4f94942a017e6
This partially reverts commit 39cfe232325d66bcdbc935af7aaf7022562e7010and PR #98057
the original problem was caused by not using {end} at the end of the range
Kubernetes-commit: 5c3de9f1de913d1251ce2183991a845edc01d123
This replaces the experimental logr v0.4 with the stable v1.1.0
release. This is a breaking API change for some users because:
- Comparing logr.Logger against nil is not possible anymore:
it's now a struct instead of an interface. Code which
allows a nil logger should switch to *logr.Logger as type.
- Logger implementations must be updated in lockstep.
Instead of updating the forked zapr code in json.go, directly using
the original go-logr/zapr is simpler and avoids duplication of effort.
The updated zapr supports logging of numeric verbosity. Error messages
don't have a verbosity (= always get logged), so "v" is not getting
added to them anymore.
Source code logging for panic messages got fixed so that it references
the code with the invalid log call, not the json.go implementation.
Finally, zapr includes additional information in its panic
messages ("zap field", "ignored key", "invalid key").
Kubernetes-commit: cb6a65377775110631bc865acc06c3f957592813
* Updates ImpersonationConfig in rest/config.go to include UID
attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
rest.ImpersonationConfig field rather than manually setting the
Impersonate-Uid header
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Kubernetes-commit: d9ddfb26e10ee353fc4617b66d2c9274bf6d1c08
* Add failing test case
* Update golang.org/x/time/rate
* Call update-internal-modules from update-vendor
Kubernetes-commit: 09dc055984e9532f29f37acae7aea7a979ded764
If the informers handlers are slow processing the objects, the deltaFIFO
blocks the queue and the streamWatchers can not add new elements to the
queue, creating contention and causing different problems, like high
memory usage.
The problem is not easy to identify from a user perspective, typically
you can use pprof to identify a high memory usage on the StreamWatchers
or some handler consuming most of the cpu time, but users should not
have to profile the golang binary in order to know that.
Metrics were disabled on the reflector because of memory leaks, also
monitoring the queue depth can't give a good signal, since it never goes high
However, we can trace slow handlers and inform users about the problem.
Kubernetes-commit: d38c2df2c4b945bcf1f81714fc6bfd01bbd0f538
These were missed because our tests did not pass in the correct test
data input (the command to execute).
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: a6ac42082b4d7c0057b52900736bd7fbc2c44241
This change updates the CSR API to add a new, optional field called
expirationSeconds. This field is a request to the signer for the
maximum duration the client wishes the cert to have. The signer is
free to ignore this request based on its own internal policy. The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration. The minimum allowed
value for this field is 600 seconds (ten minutes).
This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.
Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: cd91e59f7c351fce47c064a5162c2cb79075159c
As `%v` doesn't allow error unwrapping, checks like `errors.Is` are not
working properly.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Kubernetes-commit: 6c0463bd2b616d0f22f47905bb26d66fa3b04e37
With the introduction of GVK to the fake dynamic client it made using
the fake much more cumbersome.
Specifically:
- requires manual registration of list types
- mismatch between scheme types and passed in fixtures would result in errors
The PR changes the constructor method NewSimpleDynamicClient to do the following:
- rewire the schemes to unstructured types
- typed fixtures are converted to unstructured types
- automatically register fixture gvks with the scheme
This should make the dynamic client 'flexible' with it's inputs like it was
before
Kubernetes-commit: 418fa71b6b1d1fba930daaba1f8ecf55070b4bdf
This reverts commit 5a59a43957c6743995dac67fdda42bf8e0a9ca77, reversing
changes made to 81b9789eaa7bc067f417b5e74d5695dd6dd88a46.
Kubernetes-commit: 892d4fabb845e2461e3655aa414beb6ac322fc99
The value here is that the exec plugin author can use the kubeconfig to assert
how standard input is treated with respect to the exec plugin, e.g.,
- an exec plugin author can ensure that kubectl fails if it cannot provide
standard input to an exec plugin that needs it (Always)
- an exec plugin author can ensure that an client-go process will still call an
exec plugin that prefers standard input even if standard input is not
available (IfAvailable)
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: cd83d89ac94c5b61fdd38840098e7223e5af0d34
https://github.com/kubernetes/kubernetes/pull/87795 most likely
unintentionally increased the log level of "Starting reflector" and
"Stopping reflector", with the result that since Kubernetes 1.21
clients have printed that message by default. This is undesirable, we
should use the original level 3 again.
Kubernetes-commit: fd972934e4916879b04508686302659ce82cfa75
Modify the behavior of the AnyVolumeDataSource alpha feature gate to enable
a new field, DataSourceRef, rather than modifying the behavior of the
existing DataSource field. This allows addition Volume Populators in a way
that doesn't risk breaking backwards compatibility, although it will
result in eventually deprecating the DataSource field.
Kubernetes-commit: 00dba76918e8ce5b5cff6719bbd64c2cd38ad4e2
With the client-go credential plugin functionality going GA in 1.22,
it is now time to deprecate these legacy integrations.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 6bfaeaf91658835aeea267500299de1c4a35a248
If a user specifies basic auth, then apply the same short circuit logic
that we do for bearer tokens (see comment).
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 9dee2b95c27a9d61c2bade8fe67f120b5853c4d6
runc rc95 contains a fix for CVE-2021-30465.
runc rc94 provides fixes and improvements.
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kubernetes-commit: f3cdfc488e88714f2fe695e35ad0d3f8e45ddc25
This reverts commit b1b06fe0a4d80ac0fd67fae56f29a3710934a256, reversing
changes made to 382a33986b043f78a42d3d865d0ca383687bf171.
Kubernetes-commit: 4b45d0d921051627c43d5fc014e383a6cb872ade
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kubernetes-commit: b49744f177087173d43d7771588d83b9df5a3c0b
* NewSelfSignedCACert makes Go 1.15+ compatible cert
As of Go 1.15, X.509 certificates without a SAN no longer
fall back to the CommonName of the certificate.
https://golang.org/doc/go1.15#commonname
Updating NewSelfSignedCACert to produce certificates that
work with this change.
* add missing license
Kubernetes-commit: a41a3ed4ae77a7902577bdb50b35fc5f42ed7c60
The message argument is mistakenly used as the format specifier, if it
contains the special '%' characters. This causes many '[%d|%s](MISSING)'
errors in the API server logs.
Signed-off-by: Ivan Sim <isim@redhat.com>
Kubernetes-commit: b1d0d401875b2076e73183f8468ecb95c3fe61aa
Kubelet cert rotation involves two certificate manager instances
(one for client and one for server certs) and the log lines are
identical and confusing. Since certificate manager is a utility
library it is also inappropriate to simply assume klog output is
sufficient.
certificate.Manager now accepts a Name and Logf function on its
config struct to identify the purpose of the manager and to
provide a way to redirect where output should go. If Name is
absent, the name is defaulted from the SignerName, and if that
is not found then the name is set to "client auth" if that is
a provided key usage, or "certificate" otherwise. If Logf is
not provided it defaults to klog.V(2). as today. The name is printed
in "foo: bar" form on every line, but can be converted to structured
logging in the future. The log level is not customizable and it
is up to the caller to decide whether that is an issue.
Some log messages are slightly cleaned up to more clearly indicate
their intent. One log message is removed in a utility function that
was already at v(4) and less likely to be needed.
The default behavior of the certificate manager is as before and
the kubelet now identifies the server and client signerName as
separate entities:
I0414 19:07:33.590419 1539 certificate_manager.go:263] kubernetes.io/kube-apiserver-client-kubelet: Rotating certificates
E0414 19:07:33.594154 1539 certificate_manager.go:464] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post "https://...
Kubernetes-commit: 64c669bd0ac8fda39ba97f48ef887ac1f77fb014
This changes the `/ephemeralcontainers` subresource of `/pods` to use
the `Pod` kind rather than `EphemeralContainers`.
When designing this API initially it seemed preferable to create a new
kind containing only the pod's ephemeral containers, similar to how
binding and scaling work.
It later became clear that this made admission control more difficult
because the controller wouldn't be presented with the entire Pod, so we
updated this to operate on the entire Pod, similar to how `/status`
works.
Kubernetes-commit: d22dc5cb72a627341f4004b5d58d275f3d8773b3
* Fix staticcheck failures for vendor/k8s.io/client-go/transport
* avoid the possibility of a hang
Kubernetes-commit: 02d20442a5a5f5e1d3f1ef8e6fb14945462bc36c
Whether `providerless` is present or not, the OIDC plugin
should be available.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: b1e9fc4935e60092b4823bd67e82c4d2bfb1a7fc
This implements a stream cleanup when using portforwardings. Before
applying this patch, the streams []httpstream.Stream within
`spdy/connection.go` would fill-up for each streaming request. This
could result in heavy memory usage. Now we use the stream identifier to
keep track of them and finally remove them again once they're no longer
needed.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: 6459ed6717d1851f9ca28e3f245672a6a62aa0bf
This is the result of "make update" minus the testdata update which
will be committed separately.
Kubernetes-commit: 52b758c9b634fa56ab923c31dbf9e312b1a0c171
For tracking Job Pods that have finished but are not yet counted as failed or succeeded
And feature gate JobTrackingWithFinalizers
Change-Id: I3e080f3ec090922640384b692e88eaf9a544d3b5
Kubernetes-commit: bb56a0bd04891ae0a4aebeaeb4d145b32d9ad2d9
Fix range loop when using jsonpath
Without patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
is Running
With patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
Kubernetes-commit: 39cfe232325d66bcdbc935af7aaf7022562e7010
Ensure that all label selectors are treated as atomic values,
to exclude situations when selectors are being corrupted by
different actors attempting to apply their overlapping definition
for this field with server-side-apply.
Kubernetes-commit: d8a7764b6396b90313ae7bd50a845f4da4705d67
1. Add API definitions;
2. Add feature gate and drops the field when feature gate is not on;
3. Set default values for the field;
4. Add API Validation
5. add kube-proxy iptables and ipvs implementations
6. add tests
Kubernetes-commit: 7ed2f1d94d694c6c4fdb4629638c38b1cbda7288
* Removes discovery v1alpha1 API
* Replaces per Endpoint Topology with a read only DeprecatedTopology
in GA API
* Adds per Endpoint Zone field in GA API
Kubernetes-commit: a9891b4b9b909b76533a50812c21575cd96c43b1
We are not sure why this was stdout, since stdin is what the user uses to pass
information to the exec plugin.
There is a question of backwards compatibility here. Our take is that this is a
bug, and so we are ameliorating behavior instead of breaking behavior. There are
2 main cases to consider with respect to backwards compatibility:
1. an existing exec plugin depended on stdin being hooked up to them if stdout
was a terminal (e.g., echo foo | client-go-command-line-tool); we believe
this is an anti-pattern, since the client-go-command-line-tool could be using
stdin elsewhere (e.g., echo foo | kubectl apply -f -)
2. an existing exec plugin depended on stdin not being hooked up to them if
stdout was not a terminal (e.g., client-go-command-line-tool >/dev/null);
hopefully there are very few plugins that have tried to base logic off of
whether stdin returned EOF immediately, since this could also happen when
something else is wrong with stdin
We hope to apply a stronger fix to this exec plugin user interaction stuff in a
future release.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: aea995c45ff057406b586144e28bd9575162b8df
Errors from staticcheck:
cmd/preferredimports/preferredimports.go:38:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go:36:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/tools/clientcmd/auth_loaders.go:26:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
Please review the above warnings. You can test via:
hack/verify-staticcheck.sh <failing package>
If the above warnings do not make sense, you can exempt the line or
file. See:
https://staticcheck.io/docs/#ignoring-problems
generated:
- hack/update-internal-modules.sh
- hack/lint-dependencies.sh
- hack/update-vendor.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Kubernetes-commit: d9435800b65d6787beaf061546599d757b8e87c9
docker/spdystream has been moved to moby/spdystream.
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
Kubernetes-commit: c5c938a056abdf9961962554013632d6cfd3bbd4
The new releases of klog (via klogr) and logr expose support for call
traces via a new WithCallDepth API in logr.
The new klogr can be configured to pass structured log entries into
klog instead of turning them into a single text message.
Kubernetes-commit: 562a39a2e1e26854c06ac2b317f6f8a4ebb23ac1
`debuggingRoundTripper` is a useful throbleshooting tool to debug of Kubernetes API requests and their timing.
Unfortunately, as of today, it can only be used via the `DebugWrappers` function, which automatically adjust the amount of debug information exposed by the roundTripper based on the configured `klog` verbosity.
While `DebugWrappers` definitely fits the purpose for clients using `klog`, this is currently hard to be used for controllers using `controller-runtime`, which uses `github.com/go-logr/logr` for logging.
In this PR we change the visibility of `newDebuggingRoundTripper` and `debugLevel` in order to be directly accessible from users of the `k8s.io/client-go/transport` package.
In particular, the changes proposed in this PR allow users of `controller-runtime` to use the `debuggingRoundTripper` to intercept Kubernetes API requests as follows
```go
import (
ctrl "sigs.k8s.io/controller-runtime"
)
func init() {
ctrl.SetLogger(zap.New())
}
func main() {
// wrap the http transport used by the Kubernetes client
restConfig, err := ctrl.GetConfig()
checkError(setupLog, err, "unable to get kubernetes client config")
restConfig.Wrap(func(rt http.RoundTripper) http.RoundTripper {
return transport.NewDebuggingRoundTripper(rt, transport.DebugJustURL)
})
...
}
```
Kubernetes-commit: 8de53ce96cb58d56fd00e91d8bcf7761ab498b83
Fixed a bug where initialPopulationCount should be based on the key length not list size in DeltaFIFO#Replace()
Kubernetes-commit: 7d8587c4cc3529dc9065c1536071ea382e6c725c
Note that the fake client isn't designed to work with informer. It
doesn't support resource version. It's encouraged to use a real client
in an integration/E2E test if you need to test complex behavior with
informer/controllers.
Kubernetes-commit: 942bc9b32e39bb9c6ca045c02b48cc84dfa86633
This changes the event recorder to use the equivalent of a select
statement instead of a goroutine to record events.
Previously, we used a goroutine to make event recording non-blocking.
Unfortunately, this writes to a channel, and during shutdown we then
race to write to a closed channel, panicing (caught by the error
handler, but still) and making the race detector unhappy.
Instead, we now use the select statement to make event emitting
non-blocking, and if we'd block, we just drop the event. We already
drop events if a particular sink is overloaded, so this just moves the
incoming event queue to match that behavior (and makes the incoming
event queue much longer).
This means that, if the user uses `Eventf` and friends correctly (i.e.
ensure they've returned by the time we call `Shutdown`), it's
now safe to call Shutdown. This matches the conventional go guidance on
channels: the writer should call close.
Kubernetes-commit: e90e67bd002e70a525d3ee9045b213a5d826074d
github.com/hashicorp/golang-lru is MPL 2 licensed, which means that
anyone who distributes code or binaries that incorporates it needs to
include its source code, even if they haven't made any modifications.
Since lrucacheexpire is picked up as a dependency of using the shared
informers in client-go, that's potentially a lot of distributors.
Most other deps of client-go are Apache 2.0, MIT, or BSD-like
licensed, which only requires including the license.
Rather than reverting to groupcache/lru, I just reimplemented the
functionality we need, which isn't much.
Kubernetes-commit: ecc53182475a00a4a1dc8ca1e056b0deb6bd430c
Adds unit tests covering the problematic scenarios identified
around conflicting data in child owner references
Before After
package level 51% 68%
garbagecollector.go 60% 75%
graph_builder.go 50% 81%
graph.go 50% 68%
Added/improved coverage of key functions that had lacking unit test coverage:
* attemptToDeleteWorker
* attemptToDeleteItem
* processGraphChanges (added coverage of all added code)
Kubernetes-commit: e491c3bc7056530d82590d95f0af0e8c4d8dded5
This dependency bump will allow for cleanup of duplicate code in
the dualstack e2e tests.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 5303b3fbbd52f5092bdcbd3765347eb218485ca5
Hopefully we've fixed all of these references now...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 409f22832a9f949e7fa534379574ce4fb9802394
Exec plugin implementations should be able to call
LoadExecCredentialFromEnv() in order to get everything they need to
operate (i.e., cluster information (as long as it is passed in) and
optionally per-cluster configuration).
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 875a46bd7c1b79f1fae9cd189eec5fc9c3fbf1bc
- The main idea here is that we want to 1) prevent potentially large CA
bundles from being set in an exec plugin's environment and 2) ensure
that the exec plugin is getting everything it needs in order to talk to
a cluster.
- Avoid breaking existing manual declarations of rest.Config instances by
moving exec Cluster to kubeconfig internal type.
- Use client.authentication.k8s.io/exec to qualify exec cluster extension.
- Deep copy the exec Cluster.Config when we copy a rest.Config.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: c4299d15d5289768808034676858e76a177eeae5
Address scenario where releasing a resource lock fails if a prior update fails or gets cancelled
Kubernetes-commit: 8bc8b11bcf5d970d678e28679c1699e2383610b8
Today the dynamic fake client is not aware of *List kinds, so List calls return UnstructuredList
objects without TypeMeta. This patch updates client-go's fake object tracker to store a map of
GVR to list GVKs. In this way, the list GVK can be set for UnstructuredList objects.
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Kubernetes-commit: 0845b863e89912e0d6c4380f8bc362646326386a
Prior having a mock recorder would cause panics since the lock
would be set to nil on update failures. Now the recorder will
use the cached lock
Kubernetes-commit: 5e7ed7b86d26b651f1ef78a794cdc03fa945a3ce
This allows the lock to be release normally - even with a
potentially stale lock. This flow should only occur when we're
the lease holders.
Kubernetes-commit: 8160ecfd90284c333101a16bdccd79aacc86360d
TransformingInfomer is like a regular Informer, but allows for applying
custom transform functions on the objects received via list/watch API calls.
Kubernetes-commit: efd3490076c391823095b4c8bd6e847ae18eb012
Problem:
When calling newQueue metrics can be of type noMetrics when just calling
New. When doing this a new goroutine is created to update the metrics
but in this case there are no metrics so it's just creating goroutines
that don't do anything but consume resources.
Solution:
If the incoming metrics is of type noMetrics, don't start the goroutine
Kubernetes-commit: de021396f81ff438899297a6f464c70113b58475
ThirdPartyResource has been superseded by CustomResourceDefinition
Signed-off-by: Zhou Peng <p@ctriple.cn>
Kubernetes-commit: b608a203c62f693bb1ee1c91de5969a75129db30
Currently there is no way to specify WatchListPageSize used by Controller. This PR adds a field that can be used to specify this.
Change-Id: I241454a45dd94d3ea65a91b297f530e217f843aa
Kubernetes-commit: 43f5afe1a1dd058a2564cd3b2f330fc2a401f607
Currently when ListAndWatch() receives a connection refused error, it is
assumed to be due to the apiserver being transiently unresponsive. In
situations where a controller is running outside the k8s cluster it's
controlling, it is more common for the controller to lose connection
permanently to the apiserver and needs to exponentially backoff its
retry rather than continously spamming logs with Watch attempts that
will never succeed.
Kubernetes-commit: 1ff789f2bb9bf7fbb3df35977bc249c0dd019d31
Chore: Correct words and format codes
Revert three changes
Revert 1 change
Revert again
Revert 2 changes
Kubernetes-commit: af7cf4abc6bfeb0d2cfaca76097cf7a0603c4495
The extra space was introduced in 5b854e7b17 (say which lease is being
acquired, 2018-01-16, #58341).
Kubernetes-commit: e5347d48f9e67776984fbe284f03aefc425a951d
This reverts commit 32438cf26938091bea56e7ca7c3fcf4215652f9c, reversing
changes made to bb6a6aa3915cc9f7efaaf2291f6adac8333fd33c.
Kubernetes-commit: c00dae060731f6286ee3743db24782f09c33945a
Fixes the argument order used when calling testing.NewUpdateSubresourceAction
within the fake scale client. This was causing the generated action to swap the values
of the Namespace and Subresource in the Action.
Kubernetes-commit: 34a446d812c423da7a306963f250f4002dac9be8
When dedupDeltas does the impossible and the key is already queued,
return an error rather than maintain the data structure invariants.
Kubernetes-commit: a39481a4f6cf33f9bf4555adcffa28077863e7a9
Currently, the proxy subresource is not supported for pods in client-go.
Today, invoking this requires using the REST client directly.
To make using the proxy resource easier, this commit adds a ProxyGet
method for pods in pod_expansion.go similar to the ProxyGet method
for services in service_expansion.go.
Ref: d8febccacf/staging/src/k8s.io/client-go/kubernetes/typed/core/v1/service_expansion.go
Kubernetes-commit: 72ab11193a419f0e0e66e86c4e6be9991c3682f2
Hello gophers,
Version v0.3.3 of golang.org/x/text fixes a vulnerability in the golang.org/x/text/encoding/unicode package which could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.
An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
transform.String has also been hardened not to enter an infinite loop if a Transformer keeps returning ErrShortSrc even if atEOF is true.
This issue was first filed as Issue 39491 by GitHub user abacabadabacaba and reported to the security team by Anton Gyllenberg. It is tracked as CVE-2020-14040.
Cheers,
Katie for the Go team
Kubernetes-commit: 3cef97e8b5f67b4a350ee7a51e68604732e46f58
If configuration object is used concurrently
it is not safe to mutate self.
There is no need for mutation so avoid it
just in case.
Kubernetes-commit: 9e360eb05efafd0fcabd5a065b62cb8226da94c2
Some comments and code incorrectly contemplated violating the
invariant that a keys is in `f.items` if and only if it is in
`f.queue`.
Also fixed up some comment wording.
Kubernetes-commit: 5efd727d112206ef9a8ede93c5878b0d40707ae9
If a bearer token is present in a request, the exec credential plugin should accept that as the chosen method of authentication. Judging by an [earlier comment in exec.go](c18bc7e9f7/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go (L217)), this was already intended. This would however not work since UpdateTransportConfig would set the GetCert callback which would then get called by the transport, triggering the exec plugin action even with a token present in the request. See linked issue for further details.
See #87369 for further details.
Signed-off-by: Anders Eknert <anders.eknert@bisnode.com>
Kubernetes-commit: b423216a3b781009fb4ec4d5974eeb3f882f9d2d
This commit adds the ability for users to specify an install hint for
their exec credential provider binary.
In the exec credential provider workflow, if the exec credential binary
does not exist, then the user will see some sort of ugly
exec: exec: "does-not-exist": executable file not found in $PATH
error message. If some user downloads a kubeconfig from somewhere, they
may not know that kubectl is trying to use a binary to obtain
credentials to auth to the API, and scratch their head when they see
this error message. Furthermore, even if a user does know that their
kubeconfig is trying to run a binary, they might not know how to obtain
the binary. This install hint seeks to ease the above 2 user pains.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: 94e2065df2eef3b198942efb156ef6e27abcc6f9
ingress: use new serviceBackend split
ingress: remove all v1beta1 restrictions on creation
This change removes creation and update restrictions enforced by
k8s 1.18 for not allowing resource backends.
Paths are no longer
required to be valid regex and a PathType is now user-specified
and no longer defaulted.
Also remove all TODOs in staging/net/v1 types
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 2b091f60ca09d3d03923a26b7cd02fb3dc6c47e2
In some environments, where url base is "/", it can cause all paths to
be presented in metrics with "{prefix}" as `groupIndex` is with the wrong
index. To fix the behavior in such environments, it was added a
conditional branch to check if the URL base is "/" and, thus, print the
metrics with the correct path, for example "api/v1/nodes/{name}" instead
of "{prefix}".
Fixes: 99248b8fe1fe ("Rewrite finalURLTemplate used only for metrics because of dynamic client change")
Signed-off-by: André Martins <aanm90@gmail.com>
Kubernetes-commit: c039b02fa7281fc061455e23b6530ed8b4d19645
pin dependency github.com/beorn7/perks from v1.0.0 to v1.0.1
pin dependency github.com/golang/protobuf from v1.3.3 to v1.4.2
pin denpendency github.com/json-iterator/go from v1.1.8 to v1.1.9
pin dependency github.com/prometheus/common from v0.4.1 to v0.9.1
pin dependency github.com/prometheus/procfs from v0.0.5 to v0.0.11
pin dependency github.com/alecthomas/template from v0.0.0-20160405071501-a0175ee3bccc to v0.0.0-20190718012654-fb15b899a751
pin dependency github.com/alecthomas/units from v0.0.0-20151022065526-2efee857e7cf to v0.0.0-20190717042225-c3de453c63f4
pin dependency github.com/go-kit/kit from v0.8.0 to v0.9.0
pin dependency github.com/go-logfmt/logfmt from v0.3.0 to v0.4.0
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 283d9f7483d9a5b30746921a68e7a5e586c2c80e
The bazel test failures are caused by (oauth2: turn Transport.CancelRequest into a no-op)[858c2ad4c8]:
0f29369cfe...858c2ad4c8
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: eea0fea657e5955dedcb6e39bad4dca57d70553c
Fixes: kubernetes#90581 (the first part)
When `Close()` is invoked on an empty queue, the control loop inside `Pop()` has a small chance of missing the signal and blocks indefinitely due to a race condition. This PR eliminates the race and allows the control loop inside any blocking `Pop()` to successfully exit after Close() is called.
Kubernetes-commit: d8b90955519d10b99415515f8314dd6d35caae8d
kubectl: add --output jsonpath-as-json to print a json array of results
kubeadm: fix test case using jsonpath result of non-primitive type
Kubernetes-commit: ba386aba4fe02906089ca3e96ee07925bced5d4d
The fake clientset used a slice to store each kind of objects, it's
quite slow to init the clientset with massive objects because it checked
existence of an object by traversing all objects before adding it, which
leads to O(n^2) time complexity. Also, the Create, Update, Get, Delete
methods needs to traverse all objects, which affects the time statistic
of code that calls them.
This patch changed to use a map to store each kind of objects, reduced
the time complexity of initializing clientset to O(n) and the Create,
Update, Get, Delete to O(1).
For example:
Before this patch, it took ~29s to init a clientset with 30000 Pods,
and 2~4ms to create and get an Pod.
After this patch, it took ~50ms to init a clientset with 30000 Pods,
and tens of µs to create and get an Pod.
Kubernetes-commit: 7e15e31e11e48a6db855e30ca9b07dbce3047577
This fixes bug with xfs mount failing because of xfs_repair
being called. Fixes https://github.com/kubernetes/utils/issues/141
Kubernetes-commit: a1ae67d691d514d859fce68299d7bd3830686b38
Fix a bug in k8s.io/utils/net.GetIndexedIP() that wasn't working
with IPv6 addresses with leading zeros.
Kubernetes-commit: dc025534afb0c3106b3aab166f88b971102135d1
The openstack auth plugin was deprecated in v1.11 in favor of the
"client-keystone-auth" credential plugin. This change removes the
plugin in v1.19 (eight releases seems more than sufficient notice).
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 0beb8ea0fef3556474b3a713a2203d4edbbb4fc2
Introduce a verbosity level for the start and stop notifications,
so that regular calls to commands such as:
"kubectl auth ..."
would only contain the "yes" / "no" output.
Kubernetes-commit: b2677b1e572ae1cd8b823683e88005b7857d8938
Removed the incorrect promise of coherency in the answer to a query to
an informer's local cache. Removed the definition of "collection
state", because it was only used in the now-removed promise. Added a
remark about ordering of states that appear in an informer's local
cache.
Brushed up the commentary on resync period. Changed the relevant
parameter of NewSharedInformer to have the same name as the
corresponding parameter to NewSharedIndexInformer.
Kubernetes-commit: b8e2ad5926c3a6872422ad25cf9867e10e052a7d
When creating an informer, this adds a way to add custom error handling, so that
Kubernetes tooling can properly surface the errors to the end user.
Fixes https://github.com/kubernetes/client-go/issues/155
Kubernetes-commit: 435b40aa1e5c0ae44e0aeb9aa6dbde79838b3390
per https://github.com/googleapis/gnostic/releases/tag/v0.1.0, the
v0.1.0 was made specifically for use by k8s, but we still seem to be
using a random SHA. Let's try to switch to a tagged version.
Kubernetes-commit: 420d5d10c4baad0aced31de382801fd999f2c94b
The `recorder.PastEventf` method wasn't actually working as advertised.
It was supposed to accept a timestamp, which would be used when
generating the event. However, as the
[source code](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/tools/record/event.go#L316)
shows, this `timestamp` was never actually used.
In other words, `PastEventf` is identical to `Eventf`.
We have two options: one would be to fix `PastEventf` so that it works
as advertised. The other would be to delete `PastEventf` and only
support `Eventf`.
Ultimately, I could only find one use of `PastEventf` in the code base,
so I propose we just delete `PastEventf` and convert all uses to
`Eventf`.
Kubernetes-commit: 92940fa80d67593c7a2333267da4424c8b45ac88
In other parts of the system (notably in RBAC rules), the "resource/subresource" notation is common to specify an explicit subresource. This makes this notation available to tests that use the `Matches` function on client actions as well.
Backwards compatibility is kept by ignoring the `Subresource` field if no specific subresource is defined in the resource string itself.
Kubernetes-commit: 47277f281eb0e7d484555e4d210b0ddb42974793
* Move all usage of r.ctx to the beginning of Do, DoRaw, Stream, Watch
* Move tryThrottle from Do and DoRaw into request()
* Make request() and tryThrottle take a context
* In request(), remove the timeout context setting out of the loop
These changes should be entirely behavior preserving.
Kubernetes-commit: d95ed2c8470158256466fb24728e63ac3afe0899
* Move all usage of r.ctx to the beginning of Do, DoRaw, Stream, Watch
* Move tryThrottle from Do and DoRaw into request()
* Make request() and tryThrottle take a context
* In request(), remove the timeout context setting out of the loop
These changes should be entirely behavior preserving.
Kubernetes-commit: ed48ed0122c7289f458a6bc3ac616319d5c17e91
This reverts commit d1480ab49d603d0a95e509b627252ee7af8559ae.
Revert this commit due to incomplete migration path
Kubernetes-commit: 71b2a4cdcc18694387961d119c6ab71772579918
Also updated the comment inside processorListener::run, to restore
accuracy about how long the delay is.
Kubernetes-commit: d2ad469abbb1122cbbd772e15767817cd771f9f6
Background:
Before this change, DeltaFIFO emits the Sync DeltaType on Resync() and
Replace(). Seperately, the SharedInformer will only pass that event
on to handlers that have a ResyncInterval and are due for Resync. This
can cause updates to be lost if an object changes as part of the Replace(),
as it may be incorrectly discarded if the handler does not want a Resync.
What this change does:
Creates a new DeltaType, Replaced, which is emitted by DeltaFIFO on
Replace(). For backwards compatability concerns, the old behavior of
always emitting Sync is preserved unless explicity overridden.
As a result, if an object changes (or is added) on Replace(), now all
SharedInformer handlers will get a correct Add() or Update()
notification.
One additional side-effect is that handlers which do not ever want
Resyncs will now see them for all objects that have not changed during
the Replace.
Kubernetes-commit: ca1eeb99b530a6d76b464dad545abc18d4508c49
This adds ResetWatch() to the FakeControllerSource, which lets the
controller simulate a re-list-and-watch.
Kubernetes-commit: 5aacacbdf000cee2d0ec548ee4afe564f35c60bf
This change includes the cluster address in the cache key so that
using the same issuer and client ID with different tokens across
multiple clusters does not result in the wrong token being used for
authentication.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 96fe76a9ed4fde16f449995cc698dca3719ed546
* Clarify client-go issue location
While pull requests should be in kubernetes/kubernetes, it seems issues are
tracked in client-go repo.
* All Issues along with PRs (except README.md) should be opened in kubernetes/kubernetes
Kubernetes-commit: bc53b97ceb25338570a853845c4cdd295468ed61
This patch removes pkg/util/mount completely, and replaces it with the
mount package now located at k8s.io/utils/mount. The code found at
k8s.io/utils/mount was moved there from pkg/util/mount, so the code is
identical, just no longer in-tree to k/k.
Kubernetes-commit: 0c5c3d8bb97d18a2a25977e92b3f7a49074c2ecb
- Delete backing string set from a threadSafeMap index when the string set length reaches 0.
Kubernetes-commit: 41be6d65d88728f443966da83b62d545684576ab
This commit performs two refactors and fixes a bug.
Refactor 1 changes the signature of Request to take a RESTClient, which
removes the extra copy of everything on RESTClient from Request. A pair
of optional constructors are added for testing. The major functional
change is that Request no longer has the shim HTTPClient interface and
so some test cases change slightly because we are now going through
http.Client code paths instead of direct to our test stubs.
Refactor 2 changes the signature of RESTClient to take a
ClientContentConfig instead of ContentConfig - the primary difference
being that ClientContentConfig uses ClientNegotiator instead of
NegotiatedSerializer and the old Serializers type. We also collapse
some redundancies (like the rate limiter can be created outside the
constructor).
The bug fix is to negotiate the streaming content type on a Watch()
like we do for requests. We stop caching the decoder and simply
resolve it on the request. We also clean up the dynamic client
and remove the extra WatchSpecificVersions() method by providing
a properly wrapped dynamic client.
Kubernetes-commit: 3b780c64b89606f4e6b21f48fb9c305d5998b9e5
- Added thread_safe_store_test exercising new index backing string set delete at 0 functionality.
- TestThreadSafeStoreDeleteRemovesEmptySetsFromIndex logic nesting inverted.
- Added test case for usage of an index where post element delete there is non-zero count of elements and expect the set to still exist.
- Fixed date.
- Fixed awprice nits.
- Fix bazel.
Kubernetes-commit: 29a051388a719e0359969b8431de8e38e955e2a6
By correctly handling content type negotiation, we can avoid the
need for a special version of watch and use the same code path as
typed clients.
Kubernetes-commit: 3f94f80b0a79293e54d7080aaf7a64d7df8b1d4a
Make it clear that periodic resyncs fire update notifications, not
create notifications as the old comments incorrectly stated.
Kubernetes-commit: 3ae8c864de24a2ad42321c9cbd71099a2b6dcef3
Updated the --image-pull-policy=Never option with default
'IfNotPresent'. 'Never' causes the pod to be in
state: ErrImageNeverPull
Kubernetes-commit: 7400cf937b9fcc31dc29caa8d90800940602b934
Close outbound connections when using a cert callback and certificates rotate. This means that we won't get into a situation where we have open TLS connections using expires certs, which would get unauthorized errors at the apiserver
Attempt to retrieve a new certificate if open connections near expiry, to prevent the case where the cert expires but we haven't yet opened a new TLS connection and so GetClientCertificate hasn't been called.
Move certificate rotation logic to a separate function
Rely on generic transport approach to handle closing TLS client connections in exec plugin; no need to use a custom dialer as this is now the default behaviour of the transport when faced with a cert callback. As a result of handling this case, it is now safe to apply the transport approach even in cases where there is a custom Dialer (this will not affect kubelet connrotation behaviour, because that uses a custom transport, not just a dialer).
Check expiry of the full TLS certificate chain that will be presented, not only the leaf. Only do this check when the certificate actually rotates. Start the certificate as a zero value, not nil, so that we don't see a rotation when there is in fact no client certificate
Drain the timer when we first initialize it, to prevent immediate rotation. Additionally, calling Stop() on the timer isn't necessary.
Don't close connections on the first 'rotation'
Remove RotateCertFromDisk and RotateClientCertFromDisk flags.
Instead simply default to rotating certificates from disk whenever files are exclusively provided.
Add integration test for client certificate rotation
Simplify logic; rotate every 5 mins
Instead of trying to be clever and checking for rotation just before an
expiry, let's match the logic of the new apiserver cert rotation logic
as much as possible. We write a controller that checks for rotation
every 5 mins. We also check on every new connection.
Respond to review
Fix kubelet certificate rotation logic
The kubelet rotation logic seems to be broken because it expects its
cert files to end up as cert data whereas in fact they end up as a
callback. We should just call the tlsConfig GetCertificate callback
as this obtains a current cert even in cases where a static cert is
provided, and check that for validity.
Later on we can refactor all of the kubelet logic so that all it does is
write files to disk, and the cert rotation work does the rest.
Only read certificates once a second at most
Respond to review
1) Don't blat the cert file names
2) Make it more obvious where we have a neverstop
3) Naming
4) Verbosity
Avoid cache busting
Use filenames as cache keys when rotation is enabled, and add the
rotation later in the creation of the transport.
Caller should start the rotating dialer
Add continuous request rotation test
Rebase: use context in List/Watch
Swap goroutine around
Retry GETs on net.IsProbableEOF
Refactor certRotatingDialer
For simplicity, don't affect cert callbacks
To reduce change surface, lets not try to handle the case of a changing
GetCert callback in this PR. Reverting this commit should be sufficient
to handle that case in a later PR.
This PR will focus only on rotating certificate and key files.
Therefore, we don't need to modify the exec auth plugin.
Fix copyright year
Kubernetes-commit: 929b1559a0b855d996257ab3ad5364605edc253d
With support of http, https, and socks5 proxy support. We already
support configuring this via environmnet variables, but this approach
becomes inconvenient dealing with multiple clusters on different
networks, that require different proxies to connect to. Most solutions
require wrapping clients (like kubectl) in bash scripts.
Part of: https://github.com/kubernetes/client-go/issues/351
Kubernetes-commit: f3f666d5f1f6f74a8c948a5c64af993696178244
Fix DeltaFIFO bug that caused the sync delta created by a relist
for object ID X to be dropped if the DeltaFIFO already stored a
Delete delta for X. This caused SharedIndexInformer to miss create
notifications. Also, add unit test to expose the bug.
Kubernetes-commit: 9e4be54895e8c0655408b4766cd78de17b6d5b7c
It was previously possible to instantiate `Reflector` with
`*unstructured.Unstructured` as the expected type but this did not
support checking that event objects were of the correct API
type (e.g. if event object was `v1.Pod` in `Unstructured` form but
`v1.Service` was expected). This commit adds support for providing a
GVK via an `Unstructured` expected type to compare with the GVK of
event objects. The GVK will also be used in reflector log output.
Kubernetes-commit: 237dbfd8ad322dfcad4bd4d5345368480c22d82f
It is inconsistent and confusing to report pod count from all
namespaces but report message for only default namespace.
Added the namespace (default) reporting to clarify this.
Updated comments for usage clarity.
Kubernetes-commit: 31e427b54c500f2e532ebeb1990eb7580bf86729
`Get` method within the fake clientset returns an object that would not be normally returned when using the real clientset. Reproducer:
```go
package main
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
)
func main () {
cm := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "cm"},
}
client := fake.NewSimpleClientset(cm)
obj, err := client.CoreV1().ConfigMaps("").Get("", metav1.GetOptions{})
if err != nil {
panic(err)
}
fmt.Printf("obj: %#v\n", obj)
}
```
stored under `test.go` of `github.com/kubernetes/kubernetes` (master HEAD) root directory and ran:
```sh
$ go run test.go
obj: &v1.ConfigMap{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"cm", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Data:map[string]string(nil), BinaryData:map[string][]uint8(nil)}
```
As you can see fake clientset with a "test" configmap is created. When getting the object through the clientset back, I intentionally set the object name to an empty string. I would expect to get an error saying config map "" was not found. However, I get "test" configmap instead.
Reason for that is inside implementation of `filterByNamespaceAndName` private function:
```go
func filterByNamespaceAndName(objs []runtime.Object, ns, name string) ([]runtime.Object, error) {
var res []runtime.Object
for _, obj := range objs {
acc, err := meta.Accessor(obj)
if err != nil {
return nil, err
}
if ns != "" && acc.GetNamespace() != ns {
continue
}
if name != "" && acc.GetName() != name {
continue
}
res = append(res, obj)
}
return res, nil
}
```
When `name` is empty, `name != "" && acc.GetName() != name` condition is false and thus `obj` is consider as a fit.
[1] https://github.com/kubernetes/client-go/blob/master/testing/fixture.go#L481-L493
Kubernetes-commit: d32c76fc03381784516c47cb1bf62ef932189afa
Migrated code that checks for common programmer errors to a separated
function and added test coverage for it. Wrong comment stating that a
typed error is returned was also removed.
Kubernetes-commit: ad5fafd6ade2838098890a4e7727c8e347686867
If a cache was already synced, cache.WaitForCacheSync would
always take 100ms to complete because the PollUntil method will
sleep first before checking the condition. Switching to
PollImmediateUntil will ensure already synced caches will return
immediately. For code that has, for example, 20 informers, the time
to check the cache was in sync would take at least 2 seconds, but with
this change it can be as fast as you can actually load the data.
Signed-off-by: Darren Shepherd <darren@rancher.com>
Kubernetes-commit: 8a58f332dd62b68ae22c67585002defe6aeb4b04
Ginkgo 1.10.0 includes the relevant fix for dumping the full stack
(https://github.com/onsi/ginkgo/pull/590), so when using that release
we can simplify the logging unit test.
By changing the skipping, we can avoid the rather volatile util.go
entries. However, that gomega is part of the stack trace still needs
to be fixed in Gingko.
Kubernetes-commit: 02ce619078b1a75e9fa258e101f81af899719e8e
47ffc4e Add test case for detecting data race
959d342 Prevent data race in SetOutput* methods
34123a4 Test with golang 1.12.x
bf4884f Fix the log duplication issue for --log-file
dc5546c Backfill integration tests for selecting log destinations
baef93d fix broken links
07b218b Add go modules files
b33ae69 Add flag to include file's dir in logs
7c58910 correct documentation
a4033db Code Hygene - glog to klog
941d47b Revert "Fix the log duplication issue for --log-file."
314f6c4 Update godoc for the default value of logtostderr
7eb35e2 Fix the log duplication issue for --log-file.
Kubernetes-commit: 9a2de95601641aa1077734c76fc24ebe7b6026db
Golang automatically enables transport level gzip, but local network
clients may wish to disable it for better CPU usage and lower latency
(scheduler, controller-manager). Allow DisableCompression on rest.Config
to modify the underlying transport. This impacts the transport cache,
but it is expected that most clients connecting to the same servers
within a process will have the same compression config.
Kubernetes-commit: dee6de70d0e4ad381bd5de01b6d1fbd4fde004bc
If user specifies a nil callback, then error out
rather than crashing at runtime due to a nil reference.
Kubernetes-commit: 9dbbc652efee21bd421db1b1f52235ed20ffb7eb
Added definition of "collection states" and noted that informer cache
queries are answered against these.
Also added an explicit note that the concept of object identity used
in the contract here does _not_ include ObjectMeta.UID.
Also updated the description of the notifications received by a
client, to account for the fact that a client can be added after the
informer starts running.
Added references to `MetaNamespaceKeyFunc` and
`SplitMetaNamespaceKey`.
Noted that a client must process each notification promptly and added
a referral to workqueue.
Made a couple other minor clarifications and corrections.
Kubernetes-commit: 848301e11a8558f6a90e2fada870a91baace812a
2. Remove staging/src/k8s.io/client-go/tools/cache from .golint_failures;
3. Fix some typo from comments.
Kubernetes-commit: 0e0e1f7daba0a6ae6dd59df0a1bb643c323ad8cb
* Kubectl user exec should accept zero-length environment values #652
* Changing TestValidateAuthInfoExecInvalidEnv to allow for empty strings as Exec values
Kubernetes-commit: f30af9dd6da46f0f01e38b477d455907da9f1b6c
The garbage collector and quota counter should use the metadata client and protobuf to access resources
Kubernetes-commit: 91b26341f47088896ad373f4df8c7bdf5b249bcc
* Added custom error message when wrong file is provided with KUBECONFIG
* Modified test case
* Updated the code to warn the missing files
* Renamed the variable
Kubernetes-commit: a5eedcde611658c220c56d2819bf0420aded4ed6
* Fixed and clarified comments and parameter names in index.go
Fixed the comment on IndexFunc to say that it returns multiple indexed values.
Clarified the comments and parameter names in the Indexer interface to
consistently use a dichotomy between "storage keys" and "indexed
values".
* Updated comments in index.go based on review by Liggitt
Kubernetes-commit: 4160909495626262ae514bab30fe81a3ff869d39
Reflector watchHandler: make 'The resourceVersion for ... watch is too old' log Info not Warning
Kubernetes-commit: 1a15ce14473fb60bb817d1f29147ae7b70a0987e
Normal files should have permissions 644 by default,
and does not require the last bit to be
executable
Signed-off-by: Odin Ugedal <odin@ugedal.com>
Kubernetes-commit: 35cb87f9cf71776e99a970dfff751cd29ba7ebfb
This warning comes from Reflector watchHandler, from the apiserver error that
indicates a watch was restarted. This happens when etcd drops the connection
and resources are relisted. This informs the user that the watchers are
operating properly, so should be logged as Info rather than Warning.
Kubernetes-commit: a953d1542c06456c6fe97121abd99acd352545df
The cache mutation detector must use a diff function that is
designed to show differences that cause reflect.DeepEqual to return
false.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: dd4f53cd45499687e768de46a15038d61935ab96
These will be used by the garbage collector controller and others that
use higher level primitives.
Kubernetes-commit: bc89c37f32aa6cfd0f9ca975d9221d0a89320623
Only Unstructured objects worked (because unstructured implicitly
clears the .Object map when Unmarshal is called). We must reset
obj before we attempt to unmarshal into it.
Kubernetes-commit: 3b599b383d32d80188fdc73adae1613cc167cbdd
There was some weird queuing going on. The queue was implement by
spawning goroutines that would block on the "ticketer" until it was
their turn to write to the output channel. If N events where in the
watch when the consumer of the watch stopped reading events, N
goroutines would leak. In unit tests of the certificate manager, this
was causing ~10k goroutines to leak.
Fix it with a buffering event processor that uses only one routine and
cancels correctly.
Kubernetes-commit: cafc640bfa0f7362b178b1b896085962d018afe3
All queue ShutDown() calls should be able to be invoked multiple times.
```
Observed a panic: "close of closed channel" (close of closed channel)
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:76
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:65
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:51
/usr/local/go/src/runtime/asm_amd64.s:573
/usr/local/go/src/runtime/panic.go:502
/usr/local/go/src/runtime/chan.go:333
/go/src/github.com/openshift/cluster-version-operator/vendor/k8s.io/client-go/util/workqueue/delaying_queue.go:137
```
Use sync.Once to guarantee a single close.
Kubernetes-commit: d2f7eb5235a93556261c8947e7a87342aeeaee2b
This comment formerly contained only a contrast with "standard
informer", but there is no longer such a thing so the comment lacked
much important information.
Kubernetes-commit: 121e4741463043eac188bb4eed51f07122262d69
The old wording suggested that `Run` only gets the controller started.
Changed the wording to make it clear that `Run` only returns after the
controller is stopped.
Kubernetes-commit: fad9dec758be4dcc49735aea98ada2de46cff9fe
Pick up the bug fix for golang/oauth2#237
Bump up cloud.google.com/go as a result of updating the OAuth2 code.
This commit was generated by:
./hack/pin-dependency.sh golang.org/x/oauth2 9f3314589c9a
./hack/pin-dependency.sh cloud.google.com/go v0.34.0
./hack/update-vendor.sh
git add vendor
git add -u
Kubernetes-commit: ef492e2d70385c43c5f1dad203ce635b40699341
Refactor loops over `SupportedMediaTypes()` where mediaType is used to match a single SerializerInfo{}
Kubernetes-commit: 84b561033eea9a4dac5b04df4f387efa7a7e9940
We have an existing helper function for this: runtime.SerializerInfoForMediaType()
This is common prep-work for encoding runtime.Objects into JSON/YAML for transmission over the wire or writing to ComponentConfigs.
Kubernetes-commit: 47e52d2981dc2a5c5950042f50688cf24dd92eda
Paginate watch cache->etcd List calls & reflector init/resync List calls not served by watch cache
Kubernetes-commit: c79fbabf234bea36f7b870da8e763c542c804be0
Clarifies that requesting no conversion is part of the codec factory, and
future refactors will make the codec factory less opionated about conversion.
Kubernetes-commit: 7f9dfe58f4cbe1e1b9e80f52addff70bac87bed4
When a client requests a PartialObjectMetadata returned from the
ObjectReaction type, if the object has a GVK set use that instead
of what the schema returns, since the majority of clients getting
partial object metadata will be doing so using the metadata client
or server side conversion.
Kubernetes-commit: baf091e9dbad00db39e246815f9d7a21d148044f
This client exposes operations on generic metadata (get, list, watch, delete)
and allows patch operations. The client always uses protobuf and requests
the server transform the response into the appropriate object. Using this
client simplifies the work of generic controllers by allowing them to treat
all objects the same, and also improves performance both in the amount of
data sent as well as allowing protobuf on CRD resources.
Kubernetes-commit: 21f5e643d9dbe6b65d21713dc16ab8888de5423e
- remove dep (c0a827dad6acc5fdea09967411aeeb9a8731d58f)
- move godep to bottom (3308b07da50c9547bcbfa50297b9bb91a02e88a2)
- bump example versions (9704cd1347ee287d388aa8f2b0091d4fe09640bb)
- add go modules section (e37037f5ae7c862a4255465ef328b8a3b6db038a)
- update go get docs (cda29fd9329a29856e5e3b218250b57ce8cbcd8f)
Kubernetes-commit: c8a8fb4177dbf3449684133f92bd065df8cb0419
An example of incorrect log message:
{
"component":"virtctl",
"level":"info",
"msg":"Config loaded from fileocp/auth/kubeconfig",
"pos":"loader.go:359",
"timestamp":"2019-03-07T18:50:20.923470Z"
}
Note how the resulting message has no characters between the text and
file name.
Kubernetes-commit: 65fb63a15473589f615bdfeb2f35e56414050f94
Added CorrelatorOptions that contains options to change the
defaults in EventSourceObjectSpamFilter and EventAggregator
in EventCorrelator. Added a eventCorrelator property to the
eventBroadcasterImpl to help with this.
Kubernetes-commit: 9d8e6fb1b9cf2d3fac8139a97334287e33ff911f
There was no reason to have two types and this avoids ~10% of allocations
on the GET code path.
```
BenchmarkGet-12 100000 109045 ns/op 17608 B/op 146 allocs/op
BenchmarkGet-12 100000 108850 ns/op 15942 B/op 132 allocs/op
```
Kubernetes-commit: 0489d0b1cf139253b82f73b072578073bc5616d6
The Create, Delete, Get, Patch, Update and UpdateStatus
methods in the dynamic client all expect the name
parameter to be non-empty, but did not validate this
requirement, which could lead to a panic. Add explicit
checks to these methods.
Kubernetes-commit: a9cba032dedbed9d04828c917a79a8371305d058
Clients are required to handle watch events of type ERROR, so instead
of eating the decoding error we should pass it on to the client. Use
NewGenericServerError with isUnexpectedResponse to indicate that we
didn't get the bytes from the server we were expecting. For watch, the
415 error code is roughly correct and we will return an error to the
client that makes debugging a failure in either server watch or client
machinery much easier.
We do not alter the behavior when it appears the response is an EOF
or other disconnection.
Kubernetes-commit: 89620d5667adec6c132b2713b79efb1dd2391723
Although it is spelling mistakes, it might make an affects while reading.
Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
Kubernetes-commit: 34961dc16c91f530b84957c50be5ebdbb914380b
Make a small formatting change to make it clear that you must take the
RBAC actions regardless of whether you're using Minikube or not.
Kubernetes-commit: fb4148e5f81057cd6a2b1e2840e3562516834446
When setting up a port forwarding with the client-go library (using the
`k8s.io/client-go/tools/portforward.PortForwarder`) with a non-defined local
port (i.e. passing `:80` as `ports` parameter to `portforward.New(...)`), a
local port will be assigned dynamically.
Currently, the local port will be _always_ 0 if it was not specified initially.
This is because the assigned local port is only set on a _copy_ of the actual
`ForwardedPort` type that is obtained in a `range` loop. This PR changes this
behaviour to set the local port at the correct instance by passing a pointer
instead of a copy to the relevant functions.
Kubernetes-commit: bbddd27f0dfffe6623763afe2c02c876ba925a7c
Added missing quote cause uncommenting the line to to load all auth plugins resulted in a syntax error.
Kubernetes-commit: a968f52611a36925c3736652a6e9d786903ce090
* When user try execute command like `kubectl get pod test -o custom-columns=CONTAINER:.spec.containers[-1].name`
It will throw a panic about slice index out of bounds. This patch fix it.
* add test case
Kubernetes-commit: 1e245fad87584a28809f8f5d380b766edfa984ec
The ContextCanceller transport wrapper blocks all API requests
after the provided context is closed. Used with the leader election
step down, a controller can ensure that new requests are not made
after the client has stepped down.
Kubernetes-commit: fe74efb1f90826b1903d2908ff9e528329bebea0
Properly wrapping a transport can be tricky. Make the normal case
(adding a non-nil transport wrapper to a config) easier with a helper.
Also enforce a rough ordering, which in the future we can use to
simplify the WrapTransport mechanism down into an array of functions
we execute in order and avoid wrapping altogether.
Kubernetes-commit: 1f590e697ef64812620c787720b4b5942027e4a1
Move to github.com/munnerz/goautoneg as bitbucket is flaky!
Change-Id: Iaa6e964ef0d6f308eea59bcc6f365ecd7dbf0784
Kubernetes-commit: 16fd72d6c91ba466a0e955a1d59a6c8d9e8791bc
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.
Future PRs will actually refactor the libraries.
Updates #71004
Kubernetes-commit: 18458392ca24c85c688e655aace1afd04f864cbd
Fixes#71730
0 indicates standby, 1 indicates master, label indicates which lease.
Tweaked name and documentation
Factored in Mike Danese feedback.
Removed dependency on prometheus from client-go using adapter.
Centralized adapter import.
Fixed godeps
Fixed boilerplate.
Put in fixes for caesarxuchao
Kubernetes-commit: f1926573804ed2c172c91d1022203d0699210138
Clean up the code paths that lead to objects being transformed and output with negotiation.
Remove some duplicate code that was not consistent. Now, watch will respond correctly to
Table and PartialObjectMetadata requests. Add unit and integration tests.
When transforming responses to Tables, only the first watch event for a given type will
include the columns. Columns will not change unless the watch is restarted.
Add a volume attachment printer and tighten up table validation error cases.
Disable protobuf from table conversion because Tables don't have protobuf because they
use `interface{}`
Kubernetes-commit: 3230a0b4fd14a6166f8362d4732e199e8779c426
The current code simply exits without continuing to renew the lease, which means
participants using a slower lease duration might have to wait multiple minutes
before a new leader is elected. Allow an optional flag to be set on
LeaderElectionConfig that will release the lease when the calling context is
cancelled. Callers *must* ensure their lease guarded code has completed before
the context is cancelled, or other processes may acquire the lease before this
lease has released.
Add an example command that demonstrates how cancellation could be done.
As a convenience to users, make event recorder optional - not all users of the
lock code will need a recorder.
Kubernetes-commit: 09890b6c48da8e85237a5674d6256900f482b0a5
This commit fixes a bug in the client-go/testing fixture whereby a
watcher would fire twice for objects with no namespace.
Kubernetes-commit: bd268c9971efd4db46074a80e52ce765583e0787
This reverts commit 0af19875add7deb562b2cf7bf6b1d273c44bab1b.
Revert "Ensure the bootstrap rotation code is tested by forcing rotation"
This reverts commit de293b2d7ddb687850258370f2a7f30f224f0ec1.
Kubernetes-commit: 34642222676640b3c1dd255cc453000f2743ccde
Expose both a Stop() method (for cleanup) and a method to force
cert rotation, but only expose Stop() on the interface.
Verify that we choose the correct client.
Kubernetes-commit: de293b2d7ddb687850258370f2a7f30f224f0ec1
Not every object kind can be registered via tracker .Add() called as
part of SimpleClientset initialization. This is because .Add() relies
on UnsafeGuessKindToResource to convert object kinds into resource
type names, which is broken for some resources. An example of an
affected kind is NetworkAttachmentDefinitions CRD that uses
network-attachment-definitions as its resource type name. When
UnsafeGuessKindToResource is called for this kind, it returns
networkattachmentdefinitions (without dashes).
As per the comment inside .Add, kinds affected by
UnsafeGuessKindToResource deficiencies should instead register objects
using tracker .Create() method. Problem is, current SimpleClientset
struct definition doesn't expose the object tracker in any way, which
makes it impossible to properly register these kinds at all.
To address the issue, this change modifies the definition of
SimpleClientset struct to expose the object tracker used via Tracker()
method.
Kubernetes-commit: d68cd8a0c7e6137ca4219078a3d651ecff03c21f
Remove non-needed else condition
Remove non-needed swallow copy
Simplify return for IsClosed()
Keep amount decrement next to element extraction from the queue
Signed-off-by: Adrián Orive <adrian.orive.oneca@gmail.com>
Kubernetes-commit: 0b16c43f59b736060bc18e2e1de0e7fcc268f39b
Feedback from lavalamp and deads2k.
Changed Check() logic to be central to LeaderElector.
Further changes, especially cleaning up the test code.
Kubernetes-commit: 9c43ee6d6ec6a159b960381af906c130027bc716
This func is only used internally and was copied from
k8s.io/kubernetes/pkg/apis/certificates.
Kubernetes-commit: 41334cfdd3eefc352536943518ffd9eaf570e27c
This func is only used by the kubelet and there's no need to pollute
client-go API with it.
Kubernetes-commit: 5c073abfe16fc0b9f62310b8276fc3b0c7043e60
The rules for address parsing are:
* Explicitly specified addresses must bind successfully
* `localhost` is pinned to `127.0.0.1` and `::1` and at least one of those must bind successfully
This change also makes output of the command consistent
between runs with the same arguments.
Previously the command was using the range via map of addresses
which sometimes was producing different output because the order
of values is not guaranteed in Go.
Kubernetes-commit: 4ee2010111af602988bf9bedf66d1a0c36419b09
Currently the fake client will return a default empty Object when a
Patch action is submitted on a missing Object. The correct behavior is to
instead propagate the NotFound error.
Kubernetes-commit: 96d0588440a96c5eba8b3ba0810563ad1e1a08b6
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
The backoff value is baseDelay*2^<num-failures> in ItemExponentialFailureRateLimiter.When . But the comment is baseDelay*10^<num-failures>.
Kubernetes-commit: c1fa760b75970fbd0c142971f1142754cb4ea3fc
It's very easy to add glog.Info(config) calls for debugging (or actual
logging). In some scenarios those configs will carry sensitive tokens
and those tokens will end up in logs or response bodies.
Leaking of those stringified configs compromises the cluster.
Also implement fmt.GoStringer.
Kubernetes-commit: c9ad1d7339b164dfba0846ec49fa4a52474d3e23
This patch changes the renewed lease log level from 4 to 5 of leaderelection.go
Fix: #69743
Kubernetes-commit: 920db78bea84d4bb015970547cda5a1df4f79a04
Initial allocation of several maps as the sizes are known
Signed-off-by: Adrián Orive <adrian.orive.oneca@gmail.com>
Kubernetes-commit: 2299f45f52464beff889fce7be1f66642a92b791
Ensure that bootstrap+clientcert-rotation in the Kubelet can:
1. happen in the background so that static pods aren't blocked by bootstrap
2. collapse down to a single call path for requesting a CSR
3. reorganize the code to allow future flexibility in retrieving bootstrap creds
Fetching the first certificate and later certificates when the kubelet
is using client rotation and bootstrapping should share the same code
path. We also want to start the Kubelet static pod loop before
bootstrapping completes. Finally, we want to take an incremental step
towards improving how the bootstrap credentials are loaded from disk
(potentially allowing for a CLI call to get credentials, or a remote
plugin that better integrates with cloud providers or KSMs).
Reorganize how the kubelet client config is determined. If rotation is
off, simplify the code path. If rotation is on, load the config
from disk, and then pass that into the cert manager. The cert manager
creates a client each time it tries to request a new cert.
Preserve existing behavior where:
1. bootstrap kubeconfig is used if the current kubeconfig is invalid/expired
2. we create the kubeconfig file based on the bootstrap kubeconfig, pointing to
the location that new client certs will be placed
3. the newest client cert is used once it has been loaded
Kubernetes-commit: 0af19875add7deb562b2cf7bf6b1d273c44bab1b
update bazel and fix goftm
use defaultStorageAccountKind
fix test failure
update godep license file
fix staging godeps issue
update staging godeps
fix comments, use one API call for file creation
Kubernetes-commit: bc2c79a43af1ad47218643c0a3b58b3388606336
certificate.FileStore only handles (cert, key) combined PEM files. This
PR allows (key, cert), which is what "openssl req -out foo.pem -keyout
foo.pem" generates.
Kubernetes-commit: 4b6a6a1cd5c8df83b3c51a03ecab975b82057489
With the current behavior, when kubelet starts, a `templateChanged`
event is always fired off because it only checks if `getLastRequest`
matches `getTemplate`. The last request only exists in memory and thus
is initially `nil` and can't ever match the current template during
startup.
This causes kubelet to request the signing of a new CSR every time it's
restarted. This commit changes the behavior so that `templateChanged` is
only fired off if the currently template doesn't match both the current
certificate and the last template.
Fixes#69471
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@us.ibm.com>
Kubernetes-commit: b9ab65d689cc48353ca5dae9f210ff408726a0d2
Use `k8s.io/client-go/kubernetes/fake.Clientset` as the fake k8s client.
Signed-off-by: He Xiaoxi <xxhe@alauda.io>
Kubernetes-commit: a96a390d924d33ba7dda13761ff0eb1eb37a02b6
adds an address flag to kubectl port-forward to allow to bind to a different ip then localhost
Kubernetes-commit: 4643c6e95e0a0cf6561554fb3b9a1bc59bcead0c
If the permissions are not setup correctly the example fails.
Change-Id: I167ef68be66f8b56740236ae475c3b7fdcc0dfb5
Kubernetes-commit: d222c310aaa4ce8777094f4a37a920982aff794d
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
Kubernetes-commit: 61117761cd4a1b2e6ad9ff2d7eb915f3d2739dc6
Automatic merge from submit-queue (batch tested with PRs 67555, 68196). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Not split nodes when searching for nodes but doing it all at once
**What this PR does / why we need it**:
Not split nodes when searching for nodes but doing it all at once.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@bsalamat
This is a follow up PR of #66733.
https://github.com/kubernetes/kubernetes/pull/66733#discussion_r205932531
**Release note**:
```release-note
Not split nodes when searching for nodes but doing it all at once.
```
Kubernetes-commit: a0b457d0e5ed54646fd01eac877efcea5be3216d
Picking up https://github.com/modern-go/reflect2/pull/2 which lazy
initializes a map of all types which we don't use in k8s, saving
memory & initialization time.
Kubernetes-commit: 970e4da4c6636b835175dc79a7492d22dc11ba33
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
client: periodically reload InClusterConfig token
/sig auth
/sig api-machinery
```release-note
NONE
```
Kubernetes-commit: 7b6647a418c660f2c87f183f706b297f1cb573ca
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Kubeadm Cert Renewal
**What this PR does / why we need it**:
adds explicit support for renewal of certificates via command
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#206
**Special notes for your reviewer**:
The targeted documentation is at kubernetes/website#9712
**Release note**:
```release-note
Adds the commands `kubeadm alpha phases renew <cert-name>`
```
Kubernetes-commit: 17dde46baebe0b67421132af7b99b42d89ea4cd0
Automatic merge from submit-queue (batch tested with PRs 66960, 67545). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delegated authn/z: optionally opt-out of mandatory authn/authz kubeconfig
This adds `RemoteKubeConfigFileOptional` field to the delegated authn/z option structs. If set to true, the authn/z kubeconfig file flags are optional. If no kubeconfig is given, all token requests are considered to be anonymous and no client CA is looked up in the cluster.
Prerequisite for https://github.com/kubernetes/kubernetes/pull/64149 and https://github.com/kubernetes/kubernetes/pull/67069.
Kubernetes-commit: 1b3a2dd0830ca0e02d5b95d2ecc0161d0c93a0c7
Automatic merge from submit-queue (batch tested with PRs 67323, 66717, 67038). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused function timeoutFromListOptions()
**What this PR does / why we need it**:
It removes a function which is not exported and not called or referenced.
Re-opening #60215 after rebase.
**Which issue(s) this PR fixes**
No issue.
**Special notes for your reviewer**:
I guess it would be useful to know what this was supposed to be doing. I just happened upon it when trying to understand how watch timeouts were configured.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 1bfbf861e92410dbed2cb8debdc2f841d0fd7719
Automatic merge from submit-queue (batch tested with PRs 67894, 64097). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
HPA metrics specificity improvements
**What this PR does / why we need it**:
Improves available specificity for HPA metrics by adding metric selector fields for metrics of Pods and Objects.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Implements this KEP: https://github.com/kubernetes/community/pull/2055
**Special notes for your reviewer**:
Need to add/update tests?
**Release note**:
```release-note
Introduces autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics.
```
/assign @DirectXMan12
Kubernetes-commit: fdb5707194d56cbbd0da11c5be3a2a5653e714c9
Automatic merge from submit-queue (batch tested with PRs 67362, 67256, 67809). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
del unused func DefaultEventFilterFunc
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: da62c170f724277bae45f6efed6085eb34566bc5
Automatic merge from submit-queue (batch tested with PRs 60790, 66023, 67549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
change TRUNCATED to DATA+OMITTED in kubectl config view
**What this PR does / why we need it**:
Based on the discussion in #61573, this PR switches the replacement text for CA certificate data and client certificates and secrets printed using `kubectl config view`. Currently, `REDACTED` is used, which might give a false impression that the data is a secret (which is not true for the public certificates).
This PR changes `REDACTED` to `DATA+OMITTED`. The printed string is the base64 encoded string on the byte stream. Some trickery is involved to print a readable string (refer to [this comment](https://github.com/kubernetes/kubernetes/pull/66023/files#diff-aec000ca3f293c94dcd99b4a9d1c5c3cL86) for more info).
**Which issue(s) this PR fixes**:
Fixes#61573
**Special notes for your reviewer**:
**Release note**:
```release-note
Switched certificate data replacement from "REDACTED" to "DATA+OMITTED"
```
Kubernetes-commit: ae9beb4663329c8ca824638805b70eba0d295977
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update github.com/imdario/mergo to v0.3.5
**What this PR does / why we need it**:
Updates github.com/imdario/mergo library to v0.3.5. We were pinned because of a functionality change in the dependency, however, a new function was introduced with similar functionality to the old.
There is apparently some Debian packaging issues (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878254) because of this. I'm still not clear what those are, unless they are forcing the library to update, as opposed to using our `vendor/`.
That said, this will allow for some of those vendor conflicts to resolve for anyone else who is using client-go, so that's at least worthwhile.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
fixes#27543, fixes https://github.com/kubernetes/client-go/issues/431
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 6b4135267911b6c10ed536308d29d2a7c453eef6
Automatic merge from submit-queue (batch tested with PRs 66920, 67316, 67363, 67528, 66963). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/rest: Fix "segments segment" comment typo
The typo landed with `SubResource` in adb75e1f (kubernetes/kubernetes#29147).
```release-note
NONE
```
Kubernetes-commit: 49b295415d398a3a36b5abb7ba071d3b224087eb
Without this change, the only method to discover what local port was
bound (if port 0 was requested) is to parse it out of the "out" stream,
which isn't the most reliable method.
Kubernetes-commit: a9084923f2bd499c287b675007cb7c6c093d60ad
Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use temp file for kubeconfig in test
Followup to https://github.com/kubernetes/kubernetes/pull/67093
Updates client_config_test to use a temporary file for kubeconfig.
**Release note**:
```release-note
NONE
```
cc @deads2k @soltysh
Kubernetes-commit: 46bfa1ab17afaffc584f560ee5c752ecbbad4f61
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
#50102 Task 1: Move apimachinery/pkg/watch.Until into client-go/tools/watch.UntilWithoutRetry
**What this PR does / why we need it**:
This is a split off from https://github.com/kubernetes/kubernetes/pull/50102 to go in smaller pieces.
Moves `apimachinery/pkg/watch.Until` into `client-go/tools/watch.UntilWithoutRetry` and adds context so it is cancelable.
**Release note**:
```release-note
NONE
```
**Dev release note**:
```dev-release-note
`apimachinery/pkg/watch.Until` has been moved to `client-go/tools/watch.UntilWithoutRetry`.
While switching please consider using the new `client-go/tools/watch.UntilWithSync` or `client-go/tools/watch.Until`.
```
/cc @smarterclayton @kubernetes/sig-api-machinery-pr-reviews
/milestone v1.12
/priority important-soon
/kind bug
(bug after the main PR which is this split from)
Kubernetes-commit: b6f0aed056ab94fef0b6f54e1ca1d66a5fc228b3
Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Vendor cfssl/cfssljson utilities
**What this PR does / why we need it**:
Vendors the `cfssl` and `cfssljson` tools. Updates `kube::util::ensure-cfssl` to use them.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
fixes#66995, fixes#60070
**Special notes for your reviewer**:
1. Add cfssl/cfssljson ot the required bins for saving
2. Manually cloned/checked out the new dependencies to my gopath. `godep restore` doesn't pull them down because they aren't required or already in the `Godeps.json`. Used @BenTheElder's list here: https://github.com/kubernetes/kubernetes/issues/66995#issuecomment-410594532
3. `hack/godep-save.sh` to add the packages and dependencies to godep
4. Fixed two bugs when building:
a. `golang.org/x/crypto` needed to be updated
b. `github.com/cloudflare/cfssl` needed to be updated to 56268a613a so we can vendor their fork of `crypto/tls`, as we discard their modified vendored stdlib.
5. Update staging godeps
6. Update the `kube::util::ensure-cfssl` to install from vendor
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 818e632c1fde5fb01bc8ccf9b9ee6201f33a28b4
Automatic merge from submit-queue (batch tested with PRs 67161, 67093, 67077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
improve kubeconfig file modification time
In cases where there are few destination filenames for a given
amount of contexts, but a large amount of contexts, this patch
prevents reading and writing to the same file (or small number
of files) over and over again needlessly.
**Release note**:
```release-note
Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts
```
cc @deads2k
Kubernetes-commit: 3587aa4206ddf502540d388466985bb51fc4a0e6
Trades runtime complexity for spacial complexity when modifying
large amounts of contexts on a kubeconfig.
In cases where there are few destination filenames for a given
amount of contexts, but a large amount of contexts, this patch
prevents reading and writing to the same file (or small number
of files) over and over again needlessly.
Kubernetes-commit: d5651948cf1a14ed284b4708e2057e4cbc72bcbe
Automatic merge from submit-queue (batch tested with PRs 66958, 67024). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add CancelRequest to discovery round-tripper
**Release note**:
```release-note
NONE
```
Make discovery roundtripper implement the RequestCanceler interface
cc @deads2k
Kubernetes-commit: a945b5d9281ac5cba5e4a2976a0747592c0cff87
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop adding internal types to external schemes
at some point someone starting internal types to external schemes in kubectl tests. This fixes that mistake.
@kubernetes/sig-cli-maintainers
/assign @soltysh
```release-note
NONE
```
Kubernetes-commit: dab04dc6e0103c1778f047594e5405d433cff96c
Automatic merge from submit-queue (batch tested with PRs 66870, 66929, 66837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix panic fake SAR client expansion
if the object is nil, the type assertion fails.
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Kubernetes-commit: a2223e9a9281ca83fd85814c8e7c32b3c8fde53f
Automatic merge from submit-queue (batch tested with PRs 66870, 66929, 66837). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add logging to find offending transports
When a transport can't be cancelled, we're notified, but we don't which transport is missing the ability. This adds logging to give us a target type.
@kubernetes/sig-api-machinery-bugs
/assign @juanvallejo
since you hit it.
```release-note
NONE
```
Kubernetes-commit: 99f96511fdb8438f85ebeb4c22c929c97fabcbb6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dry-run: Update DynamicClient to pass Create/Update options
Change dynamic client to accept Create and Update options on Create/Update/Patch methods.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b90485560185085ae7a8ad3fab60cb417f7654bf
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add methods to apimachinery to easy unit testing
When unit testing, you often want a selective scheme and codec factory. Rather than writing the vars and the init function and the error handling, you can simply do
`scheme, codecs := testing.SchemeForInstallOrDie(install.Install)`
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Kubernetes-commit: 4a54f3f0d6fe73bcced14442b60981819a1744e2
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Percent-encode illegal characters in user.Info.Extra keys
This percent-encodes characters in `X-Remote-Extra-` and `Impersonate-Extra-` keys which aren't valid for header names per [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) (plus "%" to avoid breaking keys which contain them). The API server then blindly unescapes these keys.
Reviewer note:
Old clients sending keys which were `%`-escaped by the user will have their values unescaped by new API servers. New clients sending keys containing illegal characters (or "%") to old API servers will not have their values unescaped. This version skew incompatibility is a compromise discussed in #63682.
Fixes#63682
PTAL @mikedanese
**Release note**:
```release-note
action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers.
```
Kubernetes-commit: 6715f139292bfde5e4030e2e3f8077da04cc6d72
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Azure Go SDK to v19.0.0 and get availability zone for VirtualMachineScaleSetVM
**What this PR does / why we need it**:
Continue of #66242. This PR updates Azure Go SDK to v19.0.0 (with compute API 2018-04-01) and gets availability zones for VirtualMachineScaleSetVM.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones.
```
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Kubernetes-commit: c2cbe86f7d647f8608c9963105fe297c9c5f4508
The typo landed with SubResource in adb75e1f (generated staging area,
2016-08-06, kubernetes/kubernetes#29147).
Kubernetes-commit: e42aab6430cbc9d14891e9aaada9ec8becf62273
Instead of Transport. This fixes ExecPlugin, which fails if
restclient.Config.Transport is set.
Kubernetes-commit: 3357b5ecf42db9bcf6e54c9d2b6712cfbae077bf
Automatic merge from submit-queue (batch tested with PRs 66252, 66518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add missing OrDie variant for dynamic client construction
Generated clients have it and it is very handy for test cases.
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: 6764a795869d2631eb75f222f776ec5a80b61e37
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Kubernetes-commit: d2cc34fb07138deeacb220126e76a0cb279f340b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace info log with warn log
**What this PR does / why we need it**:
Replace info log with warn log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59356
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7f912af75ce4794b0cf089103a0e83f1f6a61d2f
The default cache for a cachedTokenSource is not always empty. In the
case of commandTokenSource, it contains calling details for the
external command that is used to generate refresh tokens. Persisting
a completely empty cache will thus break ability for the plugin to
obtain refresh tokens. This changes the roundtripper to persist
the default cache instead of assuming an empty map.
Kubernetes-commit: 73e5e43711043c6a80d41b1be080b3b2d3dfbacb
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix fake dynamic client listing bug
The fake dynamic client used for unit testing had a bug that prevented list from working. Added a test and fixed the fake client.
@kubernetes/sig-api-machinery-bugs
/assign @tnozicka
```release-note
NONE
```
Kubernetes-commit: da1bb028304504cbe33e5dab42290e1e8ea12d14
Automatic merge from submit-queue (batch tested with PRs 66212, 66256, 66263, 66193). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: fix error message spelling in rest config
**What this PR does / why we need it**:
Fixing spelling because it offends the eye.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: bfba154715012b63a3fcc8320cc48986304f819c
Automatic merge from submit-queue (batch tested with PRs 66172, 66254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: update documentation for remotecommand.StreamOptions
**What this PR does / why we need it**:
The ability to explicitly define the supported protocols was removed in commit 12c7874c0d88e9099ab2a29915d26751f0d23c2a
Adjust documentation accordingly.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e09be82ad04107f81032b82a1e2452759001819f
The ability to explicitly define the supported protocols was removed in commit 12c7874c0d88e9099ab2a29915d26751f0d23c2a
Adjust documentation accordingly.
Kubernetes-commit: f77060aa8da8256fa48412e7a0d9523245017dcb
Automatic merge from submit-queue (batch tested with PRs 64181, 65737). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
API linter framework and namesMatch API rule
**What this PR does / why we need it**:
Bump kube-openapi dependency to use the [API linter framework](https://github.com/kubernetes/kube-openapi/pull/83) in k/k OpenAPI spec generation procedure.
Currently one API rule is enforced:
"Go field names must be CamelCase. JSON field names must be camelCase. Other than capitalization of the initial letter, the two should almost always match. No underscores nor dashes in either."
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65244
**Special notes for your reviewer**:
Most code change in this PR was generated (~1700 lines). Please see commits for detail.
**Release note**:
```release-note
NONE
```
/sig api-machinery
/cc @pwittrock @mbohlool
Kubernetes-commit: 614e3adda05c5d7189c8485ba7abe1ba7ee501a7
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: use self-signed cert fixtures in integration test servers
Kubernetes-commit: 932766231342f1f7d2b8d3063b139c46a8bf9f2b
Automatic merge from submit-queue (batch tested with PRs 65052, 65594). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Derive kubelet serving certificate CSR template from node status addresses
xref https://github.com/kubernetes/features/issues/267fixes#55633
Builds on https://github.com/kubernetes/kubernetes/pull/65587
* Makes the cloud provider authoritative when recording node status addresses
* Makes the node status addresses authoritative for the kube-apiserver determining how to speak to a kubelet (stops paying attention to the hostname label when determining how to reach a kubelet, which was only done to support kubelets < 1.5)
* Updates kubelet certificate rotation to be driven from node status
* Avoids needing to compute node addresses a second time, and differently, in order to request serving certificates.
* Allows the kubelet to react to changes in its status addresses by updating its serving certificate
* Allows the kubelet to be driven by external cloud providers recording node addresses on the node status
test procedure:
```sh
# setup
export FEATURE_GATES=RotateKubeletServerCertificate=true
export KUBELET_FLAGS="--rotate-server-certificates=true --cloud-provider=external"
# cleanup from previous runs
sudo rm -fr /var/lib/kubelet/pki/
# startup
hack/local-up-cluster.sh
# wait for a node to register, verify it didn't set addresses
kubectl get nodes
kubectl get node/127.0.0.1 -o jsonpath={.status.addresses}
# verify the kubelet server isn't available, and that it didn't populate a serving certificate
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
ls -la /var/lib/kubelet/pki
# set an address on the node
curl -X PATCH http://localhost:8080/api/v1/nodes/127.0.0.1/status \
-H "Content-Type: application/merge-patch+json" \
--data '{"status":{"addresses":[{"type":"Hostname","address":"localhost"}]}}'
# verify a csr was submitted with the right SAN, and approve it
kubectl describe csr
kubectl certificate approve csr-...
# verify the kubelet connection uses a cert that is properly signed and valid for the specified hostname, but NOT the IP
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
curl --cacert _output/certs/server-ca.crt -v https://127.0.0.1:10250/pods
ls -la /var/lib/kubelet/pki
# set an hostname and IP address on the node
curl -X PATCH http://localhost:8080/api/v1/nodes/127.0.0.1/status \
-H "Content-Type: application/merge-patch+json" \
--data '{"status":{"addresses":[{"type":"Hostname","address":"localhost"},{"type":"InternalIP","address":"127.0.0.1"}]}}'
# verify a csr was submitted with the right SAN, and approve it
kubectl describe csr
kubectl certificate approve csr-...
# verify the kubelet connection uses a cert that is properly signed and valid for the specified hostname AND IP
curl --cacert _output/certs/server-ca.crt -v https://localhost:10250/pods
curl --cacert _output/certs/server-ca.crt -v https://127.0.0.1:10250/pods
ls -la /var/lib/kubelet/pki
```
```release-note
* kubelets that specify `--cloud-provider` now only report addresses in Node status as determined by the cloud provider
* kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider
```
Kubernetes-commit: 337dfe0a9cde3894eb6a26f9184df659d54007c6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors in generated client scheme
**What this PR does / why we need it**:
Adds missing error handling for schema construction code in generated clientsets.
**Which issue(s) this PR fixes**
Together with #64654fixes#51457.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: 0e7376d9cb1ec74bcb3c10a664a330bc9d60df64
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
track schemes by name for error reporting
Getting an error message about a type not being in the scheme is hard to fix if you don't know which scheme is failing. This adds a name to the scheme which can be set during creation or can be set based on the calling stack. If you use the old constructor a name is generated for you based on the stack. Something like "k8s.io/client-go/dynamic/scheme.go:28" for instance.
Also moves a typer to its point of use. This was debt from previous refactors which I noticed going through.
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Kubernetes-commit: 8e2fdb32bc84103b15310a221a375470bf567bdc
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix print format string
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7597e952d17882dca2b464d56cf744f126a037fa
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos for TestBackoffHighWaterMark
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes-commit: 692f9bb7b1fa6ca72ddd5a305607d79f9684e907
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
leader election: fix dead loop bug
**What this PR does / why we need it**:
bug fix: leader election calling apiserver without time interval. It is a dead loop.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65666
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: fc081b5941b90aa6dedbc796f97a19da373c5df9
Automatic merge from submit-queue (batch tested with PRs 65094, 65533, 63522, 65694, 65702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set leader election client and renew timeout
**What this PR does / why we need it**:
set leader-election client timeout
set timeout for tryAcquireOrRenew
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65090#65257
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 47020f331877ca77f0541c7622c33894282e9a20
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: 7786bd8c9a99974e2cda31940dd4a1ef0a31c2e5
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cleanup: remove deadcode
/kind cleanup
remove deadcode
remove unnecessary conversion
```release-note
NONE
```
Kubernetes-commit: 16dbb95c51532e8a937a3ccb90223e8568b130c3
Automatic merge from submit-queue (batch tested with PRs 63773, 65411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/examples/fake-client: add doc.go to fix go build warnings
The publishing bot is currently broken (https://github.com/kubernetes/kubernetes/issues/56876#issuecomment-399763681). This is due to the following error:
```
[24 Jun 18 15:08 UTC]: Running smoke tests for branch master
[24 Jun 18 15:08 UTC]: /bin/bash -xec "godep restore\ngo build ./...\ngo test $(go list ./... | grep -v /vendor/)\n"
+ godep restore
+ go build ./...
go build k8s.io/client-go/examples/fake-client: no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client
[24 Jun 18 15:09 UTC]: exit status 1
+ godep restore
+ go build ./...
go build k8s.io/client-go/examples/fake-client: no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client
[24 Jun 18 15:09 UTC]: exit status 1```
```
The fakeclient package does not have any non-test go files. The test file was added in https://github.com/kubernetes/kubernetes/pull/65291 2 days ago.
This causes `go build` to give a warning: `no non-test Go files in /go-workspace/src/k8s.io/client-go/examples/fake-client`, which breaks the publishing bot. This PR adds a dummy doc.go file in the package to avoid this warning and fix the publishing bot.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7a9a30a4f7eae900bffd4b477a431a999de350dd
Automatic merge from submit-queue (batch tested with PRs 64122, 64936, 65288, 65383). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to rules_go 0.12.1 and gazelle 0.12.0 and perform related cleanups
**What this PR does / why we need it**: my initial intent was to simply update to rules_go 0.12.1 and gazelle 0.12.0.
A few internal changes / deprecations meant that I finally needed to clean up some technical debt. This also fixes#64122.
I've attempted to keep the steps as separate commits to make it easier to review:
1. Disable gazelle proto rule generation; legacy proto rules are deprecated, and we don't (currently) build protos at build time anyway, instead generating them with `hack/update-generated-protobuf.sh` and then checking them in. We can revisit this in the future if we'd like.
2. Remove the legacy `go_default_library_protos` filegroups using [buildozer](https://github.com/bazelbuild/buildtools/tree/master/buildozer). We don't use these, anyway.
3. Update the rules_go bazel workspace dependency to 0.12.1.
4. Vendor gazelle 0.12.0 and update BUILD files with `hack/update-bazel.sh`. This causes a lot of diffs, because `select()`s are no longer used in `srcs` attributes, external tests are folded into non-external tests, and vendored targets get an `importmap` attribute.
5. Set `gazelle:prefix` on `staging/src/BUILD` to make gazelle treat these correctly(ish). This allows us to remove the sed rewrite hack in `hack/update-bazel.sh`.
6. Explicitly set `# gazelle:importmap_prefix k8s.io/kubernetes/vendor` on `vendor/`, so that all vendored dependencies get the right importmap. gazelle 0.12.0 uses the bazel workspace name + `vendor/` as a prefix, which doesn't work with native go. Newer gazelle will use the go prefix (https://github.com/bazelbuild/bazel-gazelle/pull/207), but it's not released yet. Setting this correctly now also fixes later `BUILD` churn.
7. Re-run `hack/update-bazel.sh`. This causes a bunch of diffs, since anything under `staging/src` now uses the `staging/src/` path instead of `vendor/`. (Both would work for bazel, but gazelle uses the former, since `vendor/` uses symlinks.) Also `importmap`s under `vendor/` are fixed.
8. Reformat a few files (using [buildifier](https://github.com/bazelbuild/buildtools/tree/master/buildifier)) to make later diffs easier to read.
9. Rework the `go_genrule` rules to use the new `go_genrule` from https://github.com/kubernetes/repo-infra/pull/72, which is more bazely, since it uses the rules_go `go_path` rule instead of lots of shell.
10. Remove the deprecated `go_prefix` rule from the root BUILD.bazel file.
11. Set `# gazelle:importmap_prefix k8s.io/kubernetes/vendor` on `staging/src` as well, which ensures that these repos are treated as vendored dependencies. (It's basically the bazel-y way of doing the `vendor/k8s.io` symlinks.)
12. Run `hack/update-bazel.sh` one last time to fix all of the `importmap`s under `staging/src`.
Note re: point 6 above - we're pretty much ignoring the `vendor/k8s.io` symlinks entirely now under bazel. Using the `gazelle:prefix` directive ensures these get mapped into the right go importpath, and the `go_path` rule installs these correctly now too.
**Special notes for your reviewer**: this should not be submitted before https://github.com/kubernetes/repo-infra/pull/72, obviously.
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @fejta @thockin
cc @cblecker @jayconrod
Kubernetes-commit: 1ad1c8c7f80d99b9625924b2102a04a555162bfb
Automatic merge from submit-queue (batch tested with PRs 65301, 65291, 65307, 63845, 65313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add client-go example using fake client in test.
**What this PR does / why we need it**:
This adds an example showing the steps needed to get a working
SharedInformerFactory with a fake client for testing.
**Special notes for your reviewer**:
I had a really hard time figuring out how to use this utility correctly. I don't think this example is sufficient documentation, but it's a good start.
**Release note**:
```release-note
NONE
```
/sig api-machinery
/kind documentation
Kubernetes-commit: 8008c7dad945f7ac0748774a99148c864932288e
The fakeclient package does not have any non-test go files. This
causes `go build` to give a warning: `no non-test Go files in ...`.
This also causes the publishing bot to fail.
This PR adds a dummy doc.go file in the package to avoid this warning.
Kubernetes-commit: 764ae69671428987d77898b2d3c48c6c003e2fd4
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enhance leaderelection code
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 8850871891f345628f01dbef4ede727d74dd2113
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cancellable leader election
**What this PR does / why we need it**:
Adds ability to cancel leader election. Useful in integration tests where the whole app is started and stopped in each test.
**Special notes for your reviewer**:
I used the `context` package - it is impossible/hard to achieve the same behaviour with just channels without spawning additional goroutines but it is trivial with `context`. See `acquire()` and `renew()` methods.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Kubernetes-commit: 571b9beac5bdaa65fb581bead7464926fa81cdbf
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix CRD OpenAPI schema
fixes#65243
depends on https://github.com/kubernetes/kube-openapi/pull/84
without this PR, kubectl complains about creating this CRD with a validation schema (which worked in 1.10):
```yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: resources.mygroup.example.com
spec:
group: mygroup.example.com
version: v1alpha1
scope: Namespaced
names:
plural: resources
singular: resource
kind: Kind
listKind: KindList
validation:
openAPIV3Schema:
properties:
spec:
type: array
items:
type: number
```
> error: error validating "/Users/jliggitt/projects/snippets/crd/crd.yaml": error validating data: [ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): unknown field "type" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "Schema" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "JSONSchemas" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray]; if you choose to ignore these errors, turn validation off with --validate=false
that is because the types used to serialize JSONSchema require custom marshaling/unmarshaling, and the OpenAPI generator was not informed of that, so it produced this:
```json
{
"io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray": {
"description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.",
"required": [
"Schema",
"JSONSchemas"
],
"properties": {
"JSONSchemas": {
"type": "array",
"items": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
},
"Schema": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
}
}
}
```
OpenAPI isn't able to represent oneOf/anyOf types correctly currently. Until it can, we definitely shouldn't publish a schema containing required fields which aren't even part of the JSON serialization. This PR implements custom openapi type functions, which omit the properties/required/schema attributes for four specific JSONSchema types. This allows kubectl to continue creating these objects without complaining.
/sig api-machinery
/assign @sttts
```release-note
fixed incorrect OpenAPI schema for CustomResourceDefinition objects
```
Kubernetes-commit: ed6c8b7326bd1a1b845719f4bfb302073a18f03f
This adds an example showing the steps needed to get a working
SharedInformerFactory with a fake client for testing.
Kubernetes-commit: aed487b42d1b49df9ac01f7234896f6d1b4da166
Automatic merge from submit-queue (batch tested with PRs 64416, 63625, 60967, 64767, 64588). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Collapse memcached discovery client onto parallelized discovery method
```release-note
NONE
```
Kubernetes-commit: f637a259ea2852a15a4321fd059972c55aaefc9b
Automatic merge from submit-queue (batch tested with PRs 64688, 64451, 64504, 64506, 56358). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**What this PR does / why we need it**:
/kind cleanup
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b309d18a48d8054904fe88fdc49cae33a276f722
Automatic merge from submit-queue (batch tested with PRs 64142, 64426, 62910, 63942, 64548). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove inaccurate comment about watch timeout
when watch timeout, the tcp connection does not close, it is reused for another new watch.
But this makes users misunderstanding.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d0a2bfd22e8c129e0a156a4304a62e3563dc6a59
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
Kubernetes-commit: a2de1398f829ef38d645579160bdd6bfec8384d3
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-use private key after failed CSR
**What this PR does / why we need it**:
This fixes a regression introduced in 1.11.
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c855accaecb5775b515dad54799c37db6df51694
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
Kubernetes-commit: 2c0f043957d25da162fe4e1026c50e2587529ff9
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Vertical Pod Autoscaler to autoscaling/v2beta1
**What this PR does / why we need it**:
Adds Vertical Pod Autoscaler (https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/vertical-pod-autoscaler.md) to the autoscaling API (which currently has the Horizontal Pod Autoscaler).
This is needed for the Vertical Pod Autoscaler beta.
**Special notes for your reviewer**:
/cc @thockin @mwielgus @DirectXMan12
FYI. changes that add pkg/registry/autoscaling/verticalpodautoscaler/... will follow.
**Release note**:
```Add Vertical Pod Autoscaler to autoscaling/v2beta1.```
Kubernetes-commit: 63c90bb47ec99247cbf29542edfc443ffda7298b
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade container-storage-interface/spec dependency to v0.3.0
Also updated golang/protobuf to v1.1.0 to satisfy hard requirement of new CSI Spec version
/sig storage
/kind enhancement
/assign @saad-ali
```release-note
Updated Container Storage Interface specification version to v0.3.0
```
Kubernetes-commit: d12d8bd64bd25ce3a6bbda0dd43533cde359290b
Automatic merge from submit-queue (batch tested with PRs 63453, 64592, 64482, 64618, 64661). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: promote exec plugin support to beta
/sig auth
/kind feature
Adds a "v1beta1" API group for client authentication. Because of a lack of usage with the input parameters, these have been dropped for the beta. Would like to re-introduce them as users feel they require them.
updates https://github.com/kubernetes/kubernetes/issues/61796
```release-note
client-go: credential exec plugins have been promoted to beta
```
Kubernetes-commit: 819d51567f82c27ba3b7cde5b4cb3bb59c0550b6
Automatic merge from submit-queue (batch tested with PRs 64613, 64596, 64573, 64154, 64639). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openapi some cleanup
Clean-up some OpenAPI code, mostly test related (there are two implementations of "Fake").
This is going for master, but I'll probably also cherry-pick/create a similar PR for feature-serverside-apply branch since we'll need that to move some code around.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c3bb41ad4b147f6159dd7542ffd2772d7042e2d8
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Refactor the Bootstrap Tokens usage in the API types
**What this PR does / why we need it**:
This PR:
- Moves some common, generic Bootstrap Token helpers and constants from `k8s.io/kubernetes/cmd/kubeadm/app/util/token` to `k8s.io/client-go/tools/bootstrap/token/`
- Breaks out the top-level Bootstrap Token fields to a dedicated `BootstrapToken` struct with helper functions.
- Instead of representing the Bootstrap Token as a plain `string`, there is now a wrapper struct `BootstrapTokenString` that can marshal/unmarshal correctly and supports validation on create, and splitting up the full token in the ID/Secret parts automatically.
- Makes kubeadm support multiple Bootstrap Tokens automatically by supporting a slice of `BootstrapToken` in the `MasterConfiguration` API object
- Consolidates the place for kubeadm to create token-related flags in an `options` package
- Supports automatic conversion from the `v1alpha1` to `v1alpha2` API
- Adds support to set token expiration directly instead of setting a TTL (Expiration and TTL are mutually exclusive)
- Removes the old `TokenDiscovery` struct we're not using anymore inside of kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related to https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This is work in progress. Please only review the first two commits for now.
I will work on splitting up this PR in smaller chunks.
I will also write unit tests tomorrow.
**Release note**:
```release-note
[action required] kubeadm: The Token-related fields in the `MasterConfiguration` object have now been refactored. Instead of the top-level `.Token`, `.TokenTTL`, `.TokenUsages`, `.TokenGroups` fields, there is now a `BootstrapTokens` slice of `BootstrapToken` objects that support the same features under the `.Token`, `.TTL`, `.Usages`, `.Groups` fields.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer @liztio
Kubernetes-commit: c7b71ebca95d9afb5c4adbadf6cde09a0988d5a7
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate the in-tree keystone plugin
**What this PR does / why we need it**:
We now have the `client-keystone-auth` in cloud-provider-openstack
repository:
https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-client-keystone-auth.md
So let's drop the in-tree one, so we can remove it in 1.12
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
in-tree support for openstack credentials is now deprecated. please use the "client-keystone-auth" from the cloud-provider-openstack repository. details on how to use this new capability is documented here - https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-client-keystone-auth.md
```
Kubernetes-commit: 10d0c5c19e8e0a0a8e3e4a1a9bfe6baf9cde1bc4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add PST to main SECURITY_CONTACTS as formality
Add the Product Security Team as the security contacts for the main
repository and they can use the OWNERS files in each subsystem/dir to find
the correct owners.
cc @liggitt @cjcullen @tallclair @philips
```release-note
NONE
```
closes#64265
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
Kubernetes-commit: 5da925ad4fd070e687dc5255c177d5e7d542edd7
Automatic merge from submit-queue (batch tested with PRs 61803, 64305, 64170, 64361, 64339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add TLS support to exec authenticator plugin
**What this PR does / why we need it**:
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/kubectl-exec-plugins.md#tls-client-certificate-support
Allows exec plugin to return raw TLS key/cert data. This data populates
transport.Config.TLS field.
This requires a change to AuthProvider interface to expose TLS configs,
not only RoundTripper.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61421
**Special notes for your reviewer**:
**Release note**:
```release-note
Exec authenticator plugin supports TLS client certificates.
```
Kubernetes-commit: f701b7529937493a64f2f2553aa9a5cd7020d9b7
Automatic merge from submit-queue (batch tested with PRs 58920, 58327, 60577, 49388, 62306). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix persist typo
I wonder this pr should pull to kubernetes/kubernetes or kubernetes/client-go ?
```
NONE
```
Kubernetes-commit: 5cf652d899d464a63a99aceaab9cf9276294b602
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add metadata to kubelet eviction event annotations
**What this PR does / why we need it**:
Add annotations to kubelet eviction events. Annotations include
"offending_containers" : comma-seperated list of containers.
"offending_containers_usage": comma-seperated list of usage.
"starved_resource": v1.ResourceName of the starved resource
**Special notes for your reviewer**:
Adding annotations to events required changing the `EventRecorder` interface to add a `AnnotatedEventf` function, which can add annotations to an event.
**Release note**:
```release-note
NONE
```
/assign @dchen1107
cc @mwielgus @schylek @kgrygiel
Kubernetes-commit: 15cd3552819367aef63114dcf7fa87b216d5dc62
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: start fresh with owner file
After client-go's OWNER file has grown to 50ish many reviewers, It's time to start fresh and re-add those who really want to review. Please don't be shy to come forward if you want to stay on that list. I will re-add you.
Kubernetes-commit: 10b9fd3a01f37b9a6f1ce636edcbd9c7332414cd
Automatic merge from submit-queue (batch tested with PRs 64175, 63893). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Expose openapi schema to handlers
**What this PR does / why we need it**:
Build an openapi spec for each api resource handler. This spec will be able to be consumed by server-side apply and server-side openapi validation.
The reason for putting it into master is so we can work on implementing server side validation against the openapi spec as well as server side apply, and it will make merging the server side apply feature branch a smaller, less risky PR
/sig api-machinery
/kind feature
cc @liggitt @lavalamp @seans3 @mbohlool @apelisse
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 28f171bd66937dec8b24a05c4b7a1414432f9fe8
Automatic merge from submit-queue (batch tested with PRs 64060, 63904, 64218, 64208, 64247). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
prevent zero for leader election timeouts
Add conditional checks for a stupid error that took me 20 minutes to find.
I don't see a reason to allow zero for any of the leader election tuning params
```release-note
NONE
```
Kubernetes-commit: 151fe855461b2e85f360435d6fc424e6f6542a97
Add the Product Security Team as the security contacts for the main
repository and they can use the OWNERS files in each subsystem/dir to find
the correct owners.
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
Kubernetes-commit: ac015892e4e2ab641a7761ab79f8cf986e1fa266
Automatic merge from submit-queue (batch tested with PRs 63598, 63913, 63459, 63963, 60464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Client-go raises error on duplicated name in kubeconfig
(for NamedCluster, NamedContext, NamedUser, NamedExtension)
**What this PR does / why we need it**:
Client should detect duplicated name when loading `name-value` based lists in kubeconfig: `users`, `clusters`, `contexts`. Currently if there are multiple value with same name, `client-python` will pick the first one, while `client-go` will pick the last.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: kubernetes-client/python#445, kubernetes-client/python-base#47
**Special notes for your reviewer**:
**Release note**:
```release-note
kubectl and client-go now detects duplicated name for user, cluster and context when loading kubeconfig and reports error
```
/sig api-machinery
cc @brendandburns @mbohlool
Kubernetes-commit: 7909712ca574c536901bc7858dfbf72a3a6ee7dd
Automatic merge from submit-queue (batch tested with PRs 63598, 63913, 63459, 63963, 60464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix event ref determination for apigroups
The event ref determination was never updated to handle apigroups so it has been returning only a group (not a version).
@kubernetes/sig-apps-bugs
```release-note
event object references with apiversion will now report an apiversion.
```
Kubernetes-commit: 4810b9ba679f4fb9cc39f3a83bbcd23b3e4accce
Automatic merge from submit-queue (batch tested with PRs 60012, 63692, 63977, 63960, 64008). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use Dial with context
**What this PR does / why we need it**:
`net/http/Transport.Dial` field is deprecated:
```go
// DialContext specifies the dial function for creating unencrypted TCP connections.
// If DialContext is nil (and the deprecated Dial below is also nil),
// then the transport dials using package net.
DialContext func(ctx context.Context, network, addr string) (net.Conn, error)
// Dial specifies the dial function for creating unencrypted TCP connections.
//
// Deprecated: Use DialContext instead, which allows the transport
// to cancel dials as soon as they are no longer needed.
// If both are set, DialContext takes priority.
Dial func(network, addr string) (net.Conn, error)
```
This PR switches all `Dial` usages to `DialContext`. Fixes#63455.
**Special notes for your reviewer**:
Also related: https://github.com/kubernetes/kubernetes/pull/59287https://github.com/kubernetes/kubernetes/pull/58532https://github.com/kubernetes/kubernetes/issues/815https://github.com/kubernetes/community/pull/1166https://github.com/kubernetes/kubernetes/pull/58677https://github.com/kubernetes/kubernetes/pull/57932
**Release note**:
```release-note
HTTP transport now uses `context.Context` to cancel dial operations. k8s.io/client-go/transport/Config struct has been updated to accept a function with a `context.Context` parameter. This is a breaking change if you use this field in your code.
```
/sig api-machinery
/kind enhancement
/cc @sttts
Kubernetes-commit: ddf551c24b7d88454f8332ce6855e53281440958
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Extract connection rotating dialer into a package
**What this PR does / why we need it**: This will be re-used for exec auth plugin to rotate connections on
credential change.
**Special notes for your reviewer**: this was split from https://github.com/kubernetes/kubernetes/pull/61803 to simplify review
**Release note**:
```release-note
NONE
```
Kubernetes-commit: da8e25c63dbc48f35065f5790f2f522bbe0c3641
Automatic merge from submit-queue (batch tested with PRs 63875, 63817). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make TestGetServerGroupsWithTimeout more reliable
Stops overriding a global variable in a test and tolerates a different kind of timeout message you can see.
/assign @soltysh
Kubernetes-commit: baad3d4159db43927e250d4b3f23d6e083b01294
Automatic merge from submit-queue (batch tested with PRs 63589, 63644, 63861, 63872, 63847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove service.deletecollection since the server doesn't support it
Updates the generated service client to match the API available.
@kubernetes/sig-api-machinery-pr-reviews
@kubernetes/api-reviewers
```release-note
NONE
```
Kubernetes-commit: 49e9322d4f62cda83e3eac815e202967dc1a0333
Automatic merge from submit-queue (batch tested with PRs 63658, 63509, 63800, 63586, 63840). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix List in fake clients to propagate ListMeta
Kubernetes-commit: 765c49db41dbe067cfca5d83cf438fb02b3468b8
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move cached_discovery to client-go/discovery
**Release note**:
```release-note
NONE
```
Moves the cmd/util CachedDiscoveryClient to client-go
cc @soltysh @deads2k
Kubernetes-commit: f2ea83bef88f9d2783abe0c00de563db13ec04f4
Automatic merge from submit-queue (batch tested with PRs 55511, 63372, 63400, 63100, 63769). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create pkg/scheduling/apis/v1beta1 and move priorityClass to beta
**What this PR does / why we need it**:
This is for creating pkg/apis/scheduling/v1beta1 so that priorityClasses could be moved to beta.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of #57471
**Special notes for your reviewer**:
/cc @bsalamat @aveshagarwal
**Release note**:
```release-note
The `PriorityClass` API is promoted to `scheduling.k8s.io/v1beta1`
```
Kubernetes-commit: a1b54f3c99f2ae4d7d10c269939e5c0bb6d03e6f
Automatic merge from submit-queue (batch tested with PRs 63367, 63718, 63446, 63723, 63720). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
finish new dynamic client and deprecate old dynamic client
Builds on a couple other pulls. This completes the transition to the new dynamic client.
@kubernetes/sig-api-machinery-pr-reviews
@caesarxuchao @sttts
```release-note
The old dynamic client has been replaced by a new one. The previous dynamic client will exist for one release in `client-go/deprecated-dynamic`. Switch as soon as possible.
```
Kubernetes-commit: 92ba95c39c6f7192502c3d907006c8828dd7b32c
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
should use time.Since instead of time.Now().Sub
**What this PR does / why we need it**:
should use time.Since instead of time.Now().Sub
**Special notes for your reviewer**:
Kubernetes-commit: 7eb88f11d23d2be7dc3a91f727a1a77a0abac5e8
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
construct resource.Builder from kubeconfig flags
updates the resource.Builder to be constructed from the kubeconfig flags struct/interface that we now have.
@kubernetes/sig-cli-maintainers
@juanvallejo @soltysh
```release-note
NONE
```
Kubernetes-commit: 7e75a09db6dc13218b4f5e06493115ae96f83774
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
read openstack auth config from client config
**What this PR does / why we need it**:
> // TODO: read/persist client configuration(OS_XXX env vars) in config
/sig openstack
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @dims
**Release note**:
```release-note
read openstack auth config from client config
```
Kubernetes-commit: 9dcbdc3d459ec6b2bb149a9f4f3c0d1348113e4a
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop() for Ticker to enable leak-free code
**What this PR does / why we need it**:
I wanted to use the clock package but the `Ticker` without a `Stop()` method is a deal breaker for me.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Kubernetes-commit: d42df4561a6c754120e9b46b37c032a57ca92a9a
Automatic merge from submit-queue (batch tested with PRs 59284, 63602). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
category expansion can only come from the server
A couple release ago we moved category expansion to the server instead of hardcoding it in the client. Similar to restmappings, there is no valid client-side expansion anymore, so this removes the code that hardcoded the list and moves the category expansion to the same package as our discovery based restmappers.
@kubernetes/sig-cli-maintainers
```release-note
NONE
```
Kubernetes-commit: ca92b73a659bf92c3051765a6ea5bc8c12069975
Automatic merge from submit-queue (batch tested with PRs 62354, 62934, 63502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Run resource discovery in parallel
best viewed ignoring whitespace (https://github.com/kubernetes/kubernetes/pull/63502/files?w=1)
on high-latency connections, serializing resource discovery requests across group versions can take significant amounts of time. this parallelizes the network request portion of the discovery call
xref #63368
```release-note
NONE
```
Kubernetes-commit: 234939dced42952045fc2a42b74a805affcff965
Automatic merge from submit-queue (batch tested with PRs 63364, 63464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
simplify api registration
The current registration and groupmeta is only use to determine a preferred ordering to versions. The scheme already knows about all versions, so this simply makes that knowledge official. After doing that, the announce, registered, and apimachinery/pkg/apimachinery all drop out.
With this change we'll be able to create `install` packages for each external apigroup that accept a scheme and have suggested orderings. This will make it possible to close the consistency gap with kubectl, client, and apiserver.
@kubernetes/sig-api-machinery-pr-reviews
@lavalamp @smarterclayton @liggitt @sttts
```release-note
NONE
```
Kubernetes-commit: f929502282b370ceb3adae4816074142d6702c8b
Automatic merge from submit-queue (batch tested with PRs 63291, 63490, 60445, 63507, 63524). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move client based restmappers to client-go
Moves the client-based restmappers to client-go where everyone who needs them can have access.
```release-note
the shortcuts which were moved server-side in at least 1.9 have been removed from being hardcoded in kubectl
```
@kubernetes/sig-cli-maintainers @kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: c27335fe3e75ef3d680dc5f470b16764564dc3b5
Automatic merge from submit-queue (batch tested with PRs 63291, 63490, 60445, 63507, 63524). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes fake client generation for non-namespaced subresources
**What this PR does / why we need it**:
Fixes code generation for non-namespaced subresources fake clients.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60444
**Special notes for your reviewer**:
**Release note**:
```dev-release-note
Fixes fake client generation for non-namespaced subresources
```
/cc @mfojtik @liggitt
I'm not sure the best way to add tests for this. Any pointers?
Kubernetes-commit: 8203d35ea830b02a542c3099e302d58344a86305
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
catch err when Watch testResource failed in func TestWatchCallNonNamespace
**What this PR does / why we need it**:
catch err when Watch testResource failed in func TestWatchCallNonNamespace
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
[#61155](https://github.com/kubernetes/kubernetes/issues/61155)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 89542d9ec97febf16d14319002d1b164a823bb8b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cache preferred resources, use in kubectl resource name autocomplete
Fixes#63145
Fixes https://github.com/kubernetes/kubectl/issues/357
Alternative to #61928
* starts to unify preferred resource logic on top of ServerGroups()/ServerResourcesForGroupVersion() methods
* allows indicating a cached list of resources is acceptable when calling `kubectl api-resources` (default is still to rediscover)
* uses `kubectl api-resources` in bash completion
```sh
$ kubectl get [TAB][TAB]
apiservices.apiregistration.k8s.io networkpolicies.extensions
certificatesigningrequests.certificates.k8s.io networkpolicies.networking.k8s.io
clusterrolebindings.rbac.authorization.k8s.io nodes
clusterroles.rbac.authorization.k8s.io persistentvolumeclaims
componentstatuses persistentvolumes
configmaps poddisruptionbudgets.policy
controllerrevisions.apps pods
cronjobs.batch podsecuritypolicies.extensions
customresourcedefinitions.apiextensions.k8s.io podsecuritypolicies.policy
daemonsets.apps podtemplates
daemonsets.extensions replicasets.apps
deployments.apps replicasets.extensions
deployments.extensions replicationcontrollers
endpoints resourcequotas
events rolebindings.rbac.authorization.k8s.io
events.events.k8s.io roles.rbac.authorization.k8s.io
horizontalpodautoscalers.autoscaling secrets
ingresses.extensions serviceaccounts
initializerconfigurations.admissionregistration.k8s.io services
jobs.batch statefulsets.apps
limitranges storageclasses.storage.k8s.io
mutatingwebhookconfigurations.admissionregistration.k8s.io validatingwebhookconfigurations.admissionregistration.k8s.io
namespaces volumeattachments.storage.k8s.io
```
```release-note
NONE
```
Kubernetes-commit: 068b7befa926d376634c79cbba3d210c1dc596fe
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to latest Gophercloud
**What this PR does / why we need it**:
periodic update to latest gophercloud. The changes are as follows:
6da026c32e...781450b3c4
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: bc56947e8dd89d70735384239c4e5d0c2c9fe8eb
Automatic merge from submit-queue (batch tested with PRs 61455, 63346, 63130, 63404). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump kube-openapi dependency
**What this PR does / why we need it**:
Pick up https://github.com/kubernetes/kube-openapi/pull/64
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63218
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig api-machinery
/cc @mbohlool @liggitt
Kubernetes-commit: 89e6895e1c550658b7c145436868b70fb3cabbcd
Automatic merge from submit-queue (batch tested with PRs 63152, 63253). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make dynamic client slightly easier to use and add fakes
Tweaks the dynamic client to make it more "normal" for resources to namespaces. Adds a fake dynamic client.
@kubernetes/sig-api-machinery-pr-reviews
/assign @hzxuzhonghu
/assign @sttts
```release-note
NONE
```
Kubernetes-commit: 8e99d621e95c38d6e773a631c7179915ed952a2f
Automatic merge from submit-queue (batch tested with PRs 63153, 63238). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix curl header
partially reverts kubernetes/kubernetes#60925
such command cause a 406 status code from api-server
```
curl -H "Accept: 'application/json;as=Table;v=v1beta1;g=meta.k8s.io, application/json'"
```
this works fine:
```
curl -H "Accept: application/json;as=Table;v=v1beta1;g=meta.k8s.io, application/json"
```
**Release note**:
```
NONE
```
Kubernetes-commit: a8a963c98396ef8b5cd08911d0d4d7edbfff78fd
Automatic merge from submit-queue (batch tested with PRs 63251, 59166, 63250, 63180, 63169). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Break a generic package dependency to core/api/v1
It is not necessary for this package to depend on core/v1.
Kubernetes-commit: 625bce3ff6be2753cd9d27ef5fc2051cf2a45f85
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove versioning interface
Builds on prior restmapping/converter separation to completely remove the versioning interface which isn't needed.
intersection of @kubernetes/sig-api-machinery-pr-reviews and @kubernetes/sig-cli-maintainers again
```release-note
NONE
```
Kubernetes-commit: 6b9cf21d9f23fa596db19f0f7981fbb7261fc2b6
Automatic merge from submit-queue (batch tested with PRs 61804, 63189). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make use of simple dynamic client instead of deprecated client pool
**What this PR does / why we need it**:
Use simple dynamic client through all integration test.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63182
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b75d6464c8f04d5526ab633e75675f1c728f8606
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade Azure Go SDK to stable version
**What this PR does / why we need it**:
Kubernetes is using a beta version of Azure Go SDK now. If there are bugs in them, it's hard to upgrade because Azure Go SDK won't release new patches for pre-released SDK versions. We should upgrade Go SDK to stable version (e.g. v14.6.0)
Refer #62249
Refer Azure/azure-sdk-for-go#1586
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63056
**Special notes for your reviewer**:
This PR includes changes in #61972, but with a newer go-autorest version.
**Release note**:
```release-note
Upgrade Azure Go SDK to stable version (v14.6.0)
```
Kubernetes-commit: cc845246e4afe82271d4f8160badbe11f4c7a929
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add awly as reviewer in several subtrees
```release-note
NONE
```
Kubernetes-commit: 9e52d14eb9db297523ec5541a1131856a498f518
Automatic merge from submit-queue (batch tested with PRs 59965, 59115, 63076, 63059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade dep json-iterator/go to fix base64 decode bug
**What this PR does / why we need it**:
upgrade dep `json-iterator/go` to fix base64 decode bug #62742
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62742
**Special notes for your reviewer**:
Just upgrade `json-iterator/go` to latest which includes base64 decode fix https://github.com/json-iterator/go/pull/266
No other code changes
**Release note**:
```release-note
None
```
Kubernetes-commit: 3dbcd1ddcee786f443f89a82514bbd9c6ad06c99
Automatic merge from submit-queue (batch tested with PRs 62982, 63075, 63067, 62877, 63141). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
eliminate indirection from type registration
Some years back there was a partial attempt to revamp api type registration, but the effort was never completed and this was before we started splitting schemes. With separate schemes, the idea of partial registration no longer makes sense. This pull starts removing cruft from the registration process and pulls out a layer of indirection that isn't needed.
@kubernetes/sig-api-machinery-pr-reviews
@lavalamp @cheftako @sttts @smarterclayton
Rebase cost is fairly high, so I'd like to avoid this lingering.
/assign @sttts
/assign @cheftako
```release-note
NONE
```
Kubernetes-commit: 97287177ee2b603f13f1028ef7f053f4795351f7
These constants will never change, and tools/ should not be depending on
core/api/v1 (there is nothing v1 specific about them).
Kubernetes-commit: aa9fd2bf11ae6be922b5b0fe45f5254c40366b2e
Automatic merge from submit-queue (batch tested with PRs 63137, 62913). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make a simple dynamic client that is easy to use
The dynamic client has annoyed me for the last time! The existing one takes arguments at odd levels, requires lots of information to instantiate, does some weird pool thing, and uses unusual types. This creates an interface like this:
```go
type DynamicInterface interface {
ClusterResource(resource schema.GroupVersionResource) DynamicResourceInterface
NamespacedResource(resource schema.GroupVersionResource, namespace string) DynamicResourceInterface
}
type DynamicResourceInterface interface {
Create(obj *unstructured.Unstructured) (*unstructured.Unstructured, error)
Update(obj *unstructured.Unstructured) (*unstructured.Unstructured, error)
UpdateStatus(obj *unstructured.Unstructured) (*unstructured.Unstructured, error)
Delete(name string, options *metav1.DeleteOptions) error
DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
Get(name string, options metav1.GetOptions) (*unstructured.Unstructured, error)
List(opts metav1.ListOptions) (*unstructured.UnstructuredList, error)
Watch(opts metav1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (*unstructured.Unstructured, error)
}
```
You create it from just a `rest.Config`, no mapper, no path resolving func, no trying to set up codecs ahead of time, no unnecessary pool. It just works.
I updated the namespace controller to use it and I updated the existing dynamic client to leverage it so that I get all their tests for "free".
@kubernetes/sig-api-machinery-pr-reviews
@liggitt @smarterclayton @bparees @sttts @ironcladlou I know each of us has struggled with the dynamic client in our time.
@lavalamp @caesarxuchao This is vastly simplifying. I'm eager to drop the old `ClientPool`. client-go will technically have another incompatible semver this release. I'm up for changing it in tree.
```release-note
client-go developers: the new dynamic client is easier to use and the old is deprecated, you must switch.
```
Kubernetes-commit: 5d7569d6649777ef999fc37c480276cdb830dbd4
Automatic merge from submit-queue (batch tested with PRs 63129, 63066, 60009, 63136, 63086). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix discovery default timeout test
/assign @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a53df4d90565d9adc8352758c99d7aa0d0624394
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove confusing flexibility for metadata interpretation
Metadata accessors are coded in. This means that we don't need to inject flexibility, the flexibility is already present based on what your code relies up. This removes the per-individual resource injection which simplifies all calling code.
intersection of @kubernetes/sig-api-machinery-pr-reviews @kubernetes/sig-cli-maintainers
```release-note
NONE
```
Kubernetes-commit: 6fbca94faec5d21630d076853e5f883b4a630412
Automatic merge from submit-queue (batch tested with PRs 63001, 62152, 61950). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
When bootstrapping a client cert, store it with other client certs
The kubelet uses two different locations to store certificates on
initial bootstrap and then on subsequent rotation:
* bootstrap: certDir/kubelet-client.(crt|key)
* rotation: certDir/kubelet-client-(DATE|current).pem
Bootstrap also creates an initial node.kubeconfig that points to the
certs. Unfortunately, with short rotation the node.kubeconfig then
becomes out of date because it points to the initial cert/key, not the
rotated cert key.
Alter the bootstrap code to store client certs exactly as if they would
be rotated (using the same cert Store code), and reference the PEM file
containing cert/key from node.kubeconfig, which is supported by kubectl
and other Go tooling. This ensures that the node.kubeconfig continues to
be valid past the first expiration.
Example:
```
bootstrap:
writes to certDir/kubelet-client-DATE.pem and symlinks to certDir/kubelet-client-current.pem
writes node.kubeconfig pointing to certDir/kubelet-client-current.pem
rotation:
writes to certDir/kubelet-client-DATE.pem and symlinks to certDir/kubelet-client-current.pem
```
This will also allow us to remove the wierd "init store with bootstrap cert" stuff, although I'd prefer to do that in a follow up.
@mikedanese @liggitt as per discussion on Slack today
```release-note
The `--bootstrap-kubeconfig` argument to Kubelet previously created the first bootstrap client credentials in the certificates directory as `kubelet-client.key` and `kubelet-client.crt`. Subsequent certificates created by cert rotation were created in a combined PEM file that was atomically rotated as `kubelet-client-DATE.pem` in that directory, which meant clients relying on the `node.kubeconfig` generated by bootstrapping would never use a rotated cert. The initial bootstrap certificate is now generated into the cert directory as a PEM file and symlinked to `kubelet-client-current.pem` so that the generated kubeconfig remains valid after rotation.
```
Kubernetes-commit: 939c0783e191a940d009399f7d6d00251feb025a
Automatic merge from submit-queue (batch tested with PRs 50899, 62649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure webhook service routing resolves kubernetes.default.svc correctly
Going through the normal endpoint resolve path isn't correct in multi-master scenarios
The auth wrapper is pulling from LoopbackClientConfig, the service resolver should do the same
```release-note
Fixes the kubernetes.default.svc loopback service resolution to use a loopback configuration.
```
Kubernetes-commit: 9c25da64f0f302f69fb14af486bc181cce22293b
Automatic merge from submit-queue (batch tested with PRs 62876, 62733, 62827). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set a default request timeout for discovery client
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1546117
Adds a default request timeout to requests made by the discovery client.
This prevents a command from hanging indefinitely due to one or multiple calls
to the apiserver taking longer than usual when when a --request-timeout flag value
has not been set.
/assign @deads2k @juanvallejo
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 6da4355ad543411fcfef8320f4fbbc3d47bb0302
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
deep copy fake client actions to avoid accidental mutation
I just got bit by this downstream. Without a deep copy it is possible accidentally mutate the thing you created, thus invalidating your testing. It's particularly nasty inside of a controller doing a loop on objects, making refs to them, and creating. This works running in an actual process since we serialize and write, but fails unit tests since there is no serialization step.
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Kubernetes-commit: bfae47ad87807a6361e655f3620cbf2d9f2d6226
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
generated code should pass go vet for go1.10
**What this PR does / why we need it**:
Update code generator and the code it generates to pass `go vet`.
go1.10 runs `go vet` whenever `go test` is run. Because of this, generated code for CRDs needs to pass `go vet`.
**Release note**:
```release-note
Code generated for CRDs now passes `go vet`.
```
Kubernetes-commit: 5dde701b876d1d0915314c3ed146e986c4327f7e
Automatic merge from submit-queue (batch tested with PRs 62726, 60085, 62583). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update github.com/stretchr/testify to v1.2.1
cd $GOPATH/src/k8s.io/kubernetes
hack/godep-restore.sh
rm -rf Godeps
rm -rf vendor
hack/godep-save.sh
**What this PR does / why we need it**:
v1.2.1 of Testify includes new functions (e.g., ElementsMatch) that make it easier to compare data structures such as slices.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes-commit: 4761788b2afa42a4573a6794902eb93fe666d5c5
Automatic merge from submit-queue (batch tested with PRs 62448, 59317, 59947, 62418, 62352). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix assert.Equal argument order
Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 60141cdfd919f608da9e7d1083f9831694ba540f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Show help for deprecated Kubelet flags
We recently deprecated a bunch of Kubelet flags, which caused them to disappear from `--help` output. This PR unhides these flags, so that the deprecation notice is clearly visible in `--help`.
Fixes: #62009
```release-note
NONE
```
/cc @eparis
Kubernetes-commit: ee4d90aaa61150139cdcd67a73e22da8cb226dc6
Automatic merge from submit-queue (batch tested with PRs 61306, 60270, 62496, 62181, 62234). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle partial group and resource responses consistently
GetAPIGroupResources tolerates partial discovery responses to provide as much information to the caller as possible.
Before skipping a particular error response, check whether the response was accompanied by partial group or resource data.
There's an existing TODO to propagate partial errors that I plan to address in a follow-up, but that had more ripples and I wanted to correct this first.
```release-note
NONE
```
Kubernetes-commit: 7ba97b9200a9cab45f59a81ab8b44fca8ee863eb
Automatic merge from submit-queue (batch tested with PRs 62273, 62461). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't log when error returned
**What this PR does / why we need it**:
Both logging and returning an error is an antipattern. If the caller wants it logged they will log it. And in this case it will be logged twice which is very confusing for debugging.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
Kubernetes-commit: 0b5fa0b94a2e147ddae2278623c89648c211d229
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updated Readme for Azure (OIDC) auth provider
**What this PR does / why we need it**:
When trying this documentation in the field, I ran into some issues based on details missing here. I got it working in the end with some help from @stuartleeks from Microsoft, this PR is to help others trying to set this up not have the same question marks I had.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None AFAIK
**Special notes for your reviewer**:
Includes:
* Added details and clarifications based on my experience
* Some minor copy editing
Not sure if this requires release notes, I consider it a very small change.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 99e77a76be66ce300ead09d1fe1e6300dc274d6d
Automatic merge from submit-queue (batch tested with PRs 60197, 61614, 62074, 62071, 62301). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Narrow interface consumed by scale client
The scale client only uses a single method of the rest mapper, and only for preferred resource version (no resource/kind lookup or translation)
Narrow the specified interface to make it clear what function is actually required.
```release-note
NONE
```
Kubernetes-commit: f0de9af79b27b39c39bac6c3ad82d74db4c36c85
Automatic merge from submit-queue (batch tested with PRs 60692, 61809). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove ObjectMeta and *Options from core api
remove ObjectMeta and *Options from core api
Fixes#61807
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove `ObjectMeta ` `ListOptions` `DeleteOptions` from core api group. Please use that in meta/v1
```
Kubernetes-commit: 7931930ff71ed27bdcd582c69c5b61fae18a6c15
Automatic merge from submit-queue (batch tested with PRs 61400, 61048). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: allow specifying custom resync periods for certain informer types
**What this PR does / why we need it**:
This PR extends the informer code-generator to allow the consumer to specify a custom resync period for certain informer types and uses the default resync period if none is defined.
**Special notes for your reviewer**:
Example:
```go
cs := clientset.NewForConfigOrDie(config)
resyncConfig := externalversions.ResyncConfiguration{
&samplev1alpha1.Sample{}: 30 * time.Second,
}
informer := externalversions.NewSharedInformerFactory(cs, 2*time.Minute, externalversions.WithCustomResyncConfig(resyncConfig))
```
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7daaa826d291c1501a52177c3e14b00c503c8527
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updated the "create-update-delete-deployment" example to use apps/v1 and removed rollback example
**What this PR does / why we need it**:
*Waiting for migration to apps/v1*
> The current example at [create-update-delete-deployment/main.go](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/examples/create-update-delete-deployment/main.go) was using `RollbackTo` of `v1beta1.DeploymentSpec` which is deprecated.
The current implementation upgrades `create-update-delete-deployment` main.go to use **apps/v1** instead of **extensions/v1beta1** and removed rollback example for now.
**Which issue(s) this PR fixes**
Helps kubernetes/client-go#346
**Special notes for your reviewer**:
Since it's my first PR dealing with codebase and not a typo fix :xD please let me know my mistakes.
I would love to resolve them.
@nikhita @sttts @jekohk Please review. The other PR #59663 got closed accidentally while changing branch.
Kubernetes-commit: 6dfcaabe849938a475bcacf5c29f43d4e350e751
Automatic merge from submit-queue (batch tested with PRs 61959, 62037). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump godep version to v80
**What this PR does / why we need it**:
Update the minimum godep, to v80 (supposed to be the final version).
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 22440e15764e2d821166eff5b965786fa928357e
Automatic merge from submit-queue (batch tested with PRs 61818, 61800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace gopass.GetPasswdMasked() by terminal.ReadPassword()
**What this PR does / why we need it**:
Replace `gopass.GetPasswdMasked()` used for reading passwords from the terminal with [`terminal.ReadPassword()`](https://godoc.org/golang.org/x/crypto/ssh/terminal#ReadPassword). This removes the `gopass` import.
**Special notes for your reviewer**:
Ran the following commands to update `godep` files:
```
./hack/godep-restore.sh -v
./hack/godep-save.sh
./hack/update-staging-godeps.sh
./hack/update-bazel.sh
```
/sig auth
/kind enhancement
/assign @ericchiang
```release-note
NONE
```
Kubernetes-commit: a5133305a9f347c79c20c5785d41cc9400be895e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken link
**What this PR does / why we need it**:
Fix broken link for `versioning.md`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Kubernetes-commit: d371be33f7840737dc2978ab16e5ea07e9a37e7e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tolerate 406 mime-type errors attempting to load new openapi schema
Fixes#61805Fixes#61943
```release-note
kubectl: improves compatibility with older servers when creating/updating API objects
```
Kubernetes-commit: 66100690bc157fa6bdc67f93daf8d72aedb84e0b
Automatic merge from submit-queue (batch tested with PRs 61894, 61369). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use range in loops; misc fixes
**What this PR does / why we need it**:
It is cleaner to use `range` in for loops to iterate over channel until it is closed.
**Release note**:
```release-note
NONE
```
/kind cleanup
Kubernetes-commit: 7ce753aa73a42d8a8696659e345e173d15cce622
The kubelet uses two different locations to store certificates on
initial bootstrap and then on subsequent rotation:
* bootstrap: certDir/kubelet-client.(crt|key)
* rotation: certDir/kubelet-client-(DATE|current).pem
Bootstrap also creates an initial node.kubeconfig that points to the
certs. Unfortunately, with short rotation the node.kubeconfig then
becomes out of date because it points to the initial cert/key, not the
rotated cert key.
Alter the bootstrap code to store client certs exactly as if they would
be rotated (using the same cert Store code), and reference the PEM file
containing cert/key from node.kubeconfig, which is supported by kubectl
and other Go tooling. This ensures that the node.kubeconfig continues to
be valid past the first expiration.
Kubernetes-commit: 368959346af6e06085c63a4cc7c37839f262f636
Automatic merge from submit-queue (batch tested with PRs 61790, 61808, 60339, 61615, 61757). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make reapers tolerate 404s on scaling down
fixes https://github.com/kubernetes/kubernetes/issues/61748
This fixes the scale client to return the actual API error, not a wrapped one. It also updates scalers to do the same. Then it fixes the reapers to tolerate 404s, since that means they achieved their objective.
/assign @janetkuo
/assign @p0lyn0mial
```release-note
NONE
```
Kubernetes-commit: dea3c0a610ebe55ba94e1b7841644b8a0930e770
Automatic merge from submit-queue (batch tested with PRs 61195, 61479). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use RaceFreeFakeWatcher in ObjectTracker to fix racy watch panics
**What this PR does / why we need it**:
The `FakeWatcher` added to `ObjectTracker` in #57504 allows sends on the result channel after it's closed; for example calling `Stop()` then `Add(obj)` will cause a panic. In my experience this has led to flaky tests when informers and controllers are running.
Replacing `FakeWatcher` with `RaceFreeFakeWatcher` fixes the problem, since `RaceFreeFakeWatcher` ignores additional events that occur after the watcher is stopped. It also panics instead of blocking when the result channel is full, which seems like a more useful behavior in tests than blocking.
I removed the `FakeWatchBufferSize` constant since `RaceFreeFakeWatcher` doesn't take a buffer size argument anymore. This seems fine since the `DefaultChanSize` constant is close to the `FakeWatchBufferSize` value (100 vs 128).
**Special notes for your reviewer**:
I can provide a minimal repro of a flaky test caused by the earlier behavior if necessary.
**Release note**:
```release-note
Fix racy panics when using fake watches with ObjectTracker
```
Kubernetes-commit: f8981147e2fe01c3af6bbefa12be4e4c8d63acbc
Automatic merge from submit-queue (batch tested with PRs 61644, 61624, 61743, 61019, 61287). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
provide easy methods for direct kubeconfig loading from bytes
Adds a `RESTConfigFromKubeConfig([]byte)` method for taking a kubeconfig and getting back the rest.Config. There are ways to do this now, but it takes a fair amount of wiring that is a pain.
As kube starts dropping `--master` flags from its commands, it will be able to use this. For current consumers, this will be a big simplification.
```release-note
NONE
```
Kubernetes-commit: 90c09c75d67831ad46cc0c9abb954b6936ca86b3
Automatic merge from submit-queue (batch tested with PRs 60455, 61365, 61375, 61597, 61491). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
removes custom scalers from kubectl
**What this PR does / why we need it**: this PR removes custom scalers from kubectl and uses the genericScaler instead.
**Release note**:
```
NONE
```
Kubernetes-commit: eda9fab0032b9cfbd8b55ab07a16fe35e921f775
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace package "golang.org/x/net/context" with "context"
**What this PR does / why we need it**:
Replace package "golang.org/x/net/context" with "context"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60560
**Special notes for your reviewer**:
As of Go 1.7 this package(golang.org/x/net/context) is available in the standard library under the name context. see (https://godoc.org/golang.org/x/net/context)
It is almost machinery replace.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 915798d229b7be076d8e53d6aa1573adabd470d2
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump cfssl to be compatible with Go 1.10
Kubernetes-commit: ef3539e69e4c897f48ecd6b2dd73417ce0416b08
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
**What this PR does / why we need it**:
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
xref: [remove YEAR fileds in gengo #91](https://github.com/kubernetes/gengo/pull/91)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#gengo/issues/24](https://github.com/kubernetes/gengo/issues/24)
**Special notes for your reviewer**:
/cc @thockin @lavalamp @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e40ffd71972b820aeed283946e880aa2479f8524
Automatic merge from submit-queue (batch tested with PRs 60696, 60876, 60901, 60925, 60428). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve debug curl command
When logging debug curl command, add single quotes around URL and headers. This prevents quietly removing any parameters after '&' when running resulting command and improves formatting.
```release-note
NONE
```
Kubernetes-commit: de1a0e3249b67cd72c1a412a2688f693a0201b70
Automatic merge from submit-queue (batch tested with PRs 60696, 60876, 60901, 60925, 60428). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/util/cert go_library shouldn't depend on testdata
**What this PR does / why we need it**: 981dd8dc66 (diff-eb996d3ca3a215d7d93faaaffb77dbd7) accidentally added a testdata dependency on the go_library rule, rather than the go_test. This breaks vendoring of this rule into other bazel projects that prune out tests and testdata.
Only the unit test depends on testdata, so the BUILD file should reflect that, too.
x-ref https://github.com/kubernetes/test-infra/pull/6835#discussion_r173010769
**Release note**:
```release-note
NONE
```
cc @BenTheElder @krzyzacy
Kubernetes-commit: 7543ddde4c06af80a992c4d64dd3fcef633e5be7
Automatic merge from submit-queue (batch tested with PRs 60710, 60855, 60873, 60895, 60862). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix local cluster leaking memory.
**What this PR does / why we need it**:
Local cluster is leaking memory due to mutation detector being enabled.
In addition there is no warning in the logs that this could be the
issue.
Added a log warning when this feature is enabled to make debugging this
issue easier for other cases of this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60854
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Kubernetes-commit: e6ba628b072f37cbc0e35c70c2063dbc24cbb1a7
Automatic merge from submit-queue (batch tested with PRs 51423, 53880). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
prevent the same path load multiple times
**What this PR does / why we need it**:
prevent the same path load multiple times,if there are several same path, we only load one time
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53723
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: eefd72557ef7ce008e2138ca7d91f6a8d8634f73
The FakeWatcher allows sends on the result channel after it's closed,
for example calling Stop() then Add() will panic. RaceFreeFakeWatcher
checks whether the watcher is stopped before attempting to send. It also
panics instead of blocking when the result channel is full.
Kubernetes-commit: b84ad8828b6ffe0dd289f69e395968eabb9fbeaa
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc: add rithujohn191 as a reviewer
cc @rithujohn191
/sig auth
/kind documentation
```release-note
NONE
```
Kubernetes-commit: f196b7c7523dbf0d6ed703a93af73f54e9d2e42c
Local cluster is leaking memory due to mutation detector being enabled.
In addition there is no warning in the logs that this could be the
issue.
Added a log warning when this feature is enabled to make debugging this
issue easier for other cases of this.
Fixed import ordering as per @liggitt
Kubernetes-commit: 07ba609b50d6f00c52acbfd6eaa43e6b527c5c2d
Automatic merge from submit-queue (batch tested with PRs 60376, 55584, 60358, 54631, 60291). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cloud-controller-manager get /healthz to wait for apiserver to be healthy
**What this PR does / why we need it**:
currently cloud-controller-manager use `restclient.ServerAPIVersions()` to wait for apiserver to be healthy.
Remove ServerAPIVersions and make use of /healthz as all other components do.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60288
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b8c5bcf48a8852ba7f859a06ce35eac3d8fffafa
Automatic merge from submit-queue (batch tested with PRs 59365, 60446, 60448, 55019, 60431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove dep-reviewers
**What this PR does / why we need it**:
The dep-reviewers group seems to get assigned PRs early the the review process. However, most code changes should be reviewed in the importing part of the code base first, and then assigned to an approver after.
By removing the reviewers group, the approvers plugin will still suggest assigning to an approver, but won't assign for review when the PR is initially opened.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 724a2f968c6981efc9f5a85e4ad60f56e1c0902f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: output golint compliant 'Generated by' comment
New PR instead of reopening #58115 because /reopen did not work.
This won't be ready to merge until the upstream https://github.com/kubernetes/gengo/pull/94 merges. Once that merges, the second commit will be changed to godep-save.sh and update-staging-godeps.sh, and the last commit will be changed to update-all.sh
The failing test is due to the upstream changes not being merged yet
```devel-release-note
Go code generated by the code generators will now have a comment which allows them to be easily identified by golint
```
Fixes#56489
Kubernetes-commit: 1eb1c00c44f8f597b9b23a05cd0a8da205c87f8a
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some syntax related errors
**What this PR does / why we need it**:
fix some syntax related errors
**Special notes for your reviewer**:
None
```release-note
NONE
```
Kubernetes-commit: effa021db773fb95c9e8fbe5646d01784bb2f7f6
Automatic merge from submit-queue (batch tested with PRs 60011, 59256, 59293, 60328, 60367). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Serve OpenAPI spec with single /openapi/v2 endpoint
**What this PR does / why we need it**:
We are deprecating format-separated endpoints (`/swagger.json`, `/swagger-2.0.0.json`, `/swagger-2.0.0.pb-v1`, `/swagger-2.0.0.pb-v1.gz`) for OpenAPI spec, and switching to a single `/openapi/v2` endpoint in Kubernetes 1.10. The design doc and deprecation process are tracked at: https://docs.google.com/document/d/19lEqE9lc4yHJ3WJAJxS_G7TcORIJXGHyq3wpwcH28nU
Requested format is specified by setting HTTP headers
header | possible values
-- | --
Accept | `application/json`, `application/com.github.proto-openapi.spec.v2@v1.0+protobuf`
Accept-Encoding | `gzip`
This PR changes dynamic_client (and kubectl as a result) to use the new endpoint. The old endpoints will remain in 1.10 and 1.11, and get removed in 1.12.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
action required: Deprecate format-separated endpoints for OpenAPI spec. Please use single `/openapi/v2` endpoint instead.
```
/sig api-machinery
Kubernetes-commit: d6153194d929ad6c036d5bbbf67a6f892e75feb5
Automatic merge from submit-queue (batch tested with PRs 50724, 59025, 59710, 59404, 59958). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Require boilerplate on Bazel Skylark source files
**What this PR does / why we need it**: `.bzl` files are also source code, so they should probably have the boilerplate text too.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5e10b13f7e745f767a1e2f4b261d84a67e318048
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add comments about potential race in delta fifo
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig api-machinery
Kubernetes-commit: 0394ffba6de860ece173a9a485d3518d3a8d37f2
Automatic merge from submit-queue (batch tested with PRs 59463, 59719, 60181, 58283, 59966). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Split self-signed cert and CA
The key usage limitation of TLS Server Auth makes the cert invalid as a CA.
This switches to generate a single-use CA, uses it to sign the serving cert, then appends the CA to the cert bytes.
* allows a client to continue to reference the cert file as a trust bundle, which now contains a valid CA cert
* continues to keep the generated certificate valid only for serving purposes
Fixes https://github.com/kubernetes/client-go/issues/311
```release-note
NONE
```
Kubernetes-commit: 5d144152e4d07f3752c05ec24e31d840adcd90a2
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: add subresources for custom resources
Fixes#38113Fixes#58778
**Related**:
- Proposal: https://github.com/kubernetes/community/pull/913
- For custom resources to work with `kubectl scale`: https://github.com/kubernetes/kubernetes/pull/58283
**Add types**:
- Add `CustomResourceSubResources` type to CRD.
- Fix proto generation for `CustomResourceSubResourceStatus`: https://github.com/kubernetes/kubernetes/pull/55970.
- Add feature gate for `CustomResourceSubResources`.
- Update CRD strategy: if feature gate is disabled, this feature is dropped (i.e. set to `nil`).
- Add validation for `CustomResourceSubResources`:
- `SpecReplicasPath` should not be empty and should be a valid json path under `.spec`. If there is no value under the given path in the CustomResource, the `/scale` subresource will return an error on GET.
- `StatusReplicasPath` should not be empty and should be a valid json path under `.status`. If there is no value under the given path in the CustomResource, the status replica value in the /scale subresource will default to 0.
- If present, `LabelSelectorPath` should be a valid json path. If there is no value under `LabelSelectorPath` in the CustomResource, the status label selector value in the `/scale` subresource will default to the empty string.
- `ScaleGroupVersion` should be `autoscaling/v1`.
- If `CustomResourceSubResources` is enabled, only `properties` is allowed under the root schema for CRD validation.
**Add status and scale subresources**:
- Use helper functions from `apimachinery/pkg/apis/meta/v1/unstructured/helpers.go`.
- Improve error handling: https://github.com/kubernetes/kubernetes/pull/56563, https://github.com/kubernetes/kubernetes/pull/58215.
- Introduce Registry interface for storage.
- Update storage:
- Introduce `CustomResourceStorage` which acts as storage for the custom resource and its status and scale subresources. Note: storage for status and scale is only enabled when the feature gate is enabled _and_ the respective fields are enabled in the CRD.
- Introduce `StatusREST` and its `New()`, `Get()` and `Update()` methods.
- Introduce `ScaleREST` and its `New()`, `Get()` and `Update()` methods.
- Get and Update use the json paths from the CRD and use it to return an `autoscaling/v1.Scale` object.
- Update strategy:
- In `PrepareForCreate`,
- Clear `.status`.
- Set `.metadata.generation` = 1
- In `PrepareForUpdate`,
- Do not update `.status`.
- If both the old and new objects have `.status` and it is changed, set it back to its old value.
- If the old object has a `.status` but the new object doesn't, set it to the old value.
- If old object did not have a `.status` but the new object does, delete it.
- Increment generation if spec changes i.e. in the following cases:
- If both the old and new objects had `.spec` and it changed.
- If the old object did not have `.spec` but the new object does.
- If the old object had a `.spec` but the new object doesn't.
- In `Validate` and `ValidateUpdate`,
- ensure that values at `specReplicasPath` and `statusReplicasPath` are >=0 and < maxInt32.
- make sure there are no errors in getting the value at all the paths.
- Introduce `statusStrategy` with its methods.
- In `PrepareForUpdate`:
- Do not update `.spec`.
- If both the old and new objects have `.spec` and it is changed, set it back to its old value.
- If the old object has a `.spec` but the new object doesn't, set it to the old value.
- If old object did not have a `.spec` but the new object does, delete it.
- Do not update `.metadata`.
- In `ValidateStatusUpdate`:
- For CRD validation, validate only under `.status`.
- Validate value at `statusReplicasPath` as above. If `labelSelectorPath` is a path under `.status`, then validate it as well.
- Plug into the custom resource handler:
- Store all three storage - customResource, status and scale in `crdInfo`.
- Use the storage as per the subresource in the request.
- Use the validator as per the subresource (for status, only use the schema for `status`, if present).
- Serve the endpoint as per the subresource - see `serveResource`, `serveStatus` and `serveScale`.
- Update discovery by adding the `/status` and `/scale` resources, if enabled.
**Add tests**:
- Add unit tests in `etcd_test.go`.
- Add integration tests.
- In `subresources_test.go`, use the [polymporphic scale client](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/client-go/scale) to get and update `Scale`.
- Add a test to check everything works fine with yaml in `yaml_test.go`.
**Release note**:
```release-note
`/status` and `/scale` subresources are added for custom resources.
```
Kubernetes-commit: 6e856480c05424b5cd2cfcbec692a801b856ccb2
Automatic merge from submit-queue (batch tested with PRs 60158, 60156, 58111, 57583, 60055). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typos in configmaplock
**What this PR does / why we need it**:
Fixes some typos in `configmaplock.go`. Seems to be a combination of copy/paste errors from `endpointslock.go` and find/replace gone wrong.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 6be660a81eaa98ccae39ca4c968ea616b2adbecd
Automatic merge from submit-queue (batch tested with PRs 60158, 60156, 58111, 57583, 60055). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add support for /token subresource in serviceaccount registry
I'm planning on implementing the registry bits (this) in one PR and followup with an authenticator that supports new id tokens.
https://github.com/kubernetes/kubernetes/issues/58790
@kubernetes/sig-auth-pr-reviews
```release-note
NONE
```
Kubernetes-commit: 8b94ae8ca8d06bfc3c9b2f73daaca69840f86d2f
Automatic merge from submit-queue (batch tested with PRs 58716, 59977, 59316, 59884, 60117). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cap how long the kubelet waits when it has no client cert
If we go a certain amount of time without being able to create a client
cert and we have no current client cert from the store, exit. This
prevents a corrupted local copy of the cert from leaving the Kubelet in a
zombie state forever. Exiting allows a config loop outside the Kubelet
to clean up the file or the bootstrap client cert to get another client
cert.
Five minutes is a totally arbitary timeout, judged to give enough time for really slow static pods to boot.
@mikedanese
```release-note
Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials.
```
Kubernetes-commit: 2bbaf430d8a22287ae6a85c6c0b5736a80269e81
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc authentication: switch to v2 of coreos/go-oidc
Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms.
Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files.
This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex.
Closes https://github.com/kubernetes/kubernetes/issues/57806
```release-note
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag.
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
```
cc @rithujohn191 @liggitt
cc @kubernetes/sig-auth-pr-reviews
Kubernetes-commit: cdbc4fbe20c94694bc25910d54a7de52a98b6650
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce PodSecurityPolicy in the policy/v1beta1 API group
Types/constants are completely the same as in `extensions/v1beta1` except that they are located outside of the `extensions` API group.
**What this PR does / why we need it**:
This is the first step for migrating PSP-related stuff away of `extensions` group. See #43214 for more information.
Also it related to https://github.com/kubernetes/features/issues/5
**Example**:
```console
$ cat restricted2.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted2
...
$ kubectl create -f restricted.yaml
podsecuritypolicy "restricted2" created
$ kubectl get psp restricted2 -o yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
...
```
**Release note**:
```release-note
The `PodSecurityPolicy` API has been moved to the `policy/v1beta1` API group. The `PodSecurityPolicy` API in the `extensions/v1beta1` API group is deprecated and will be removed in a future release.
```
Kubernetes-commit: f8298702ffe644a4f021e23a616ad6a8790a5537
Automatic merge from submit-queue (batch tested with PRs 59634, 59821, 57850, 59916, 60032). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to latest gophercloud/gophercloud for 1.10
**What this PR does / why we need it**:
Looks like we end up with just the following change:
https://github.com/gophercloud/gophercloud/pull/730
(Prevent Recursive BuildRequestBody)
The full set of changes between the old and new SHA are here:
8e59687aa4...6da026c32e
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 77254255223774543cdf9941cd7c32f99da11261
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add cblecker to vendor OWNERS
**What this PR does / why we need it**:
Adds myself to vendor OWNERS. I can help approve dep bumps of existing deps, and refer to Tim and new deps for license review.
**Release note**:
```release-note
NONE
```
/assign thockin
Kubernetes-commit: 852e7f7bfa43d1427706c59453e39f2de12a4f32
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies
**What this PR does / why we need it**: updates our bazelbuild/rules_go dependency in order to bump everything to go1.9.4. I'm separating this effort into two separate PRs, since updating rules_go requires a large cleanup, removing an attribute from most build rules.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 96ec3187180b9c1d722756b3ea0984ebe65424dc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Dynamic client supports subresources
**What this PR does / why we need it**:
Allows `resource.name` to be a subresource which contains `"/"` in db2977fb11/staging/src/k8s.io/client-go/dynamic/client.go (L143)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#49588
**Special notes for your reviewer**:
The change is backward compatible.
**Release note**:
```release-note
NONE
```
/sig api-machinery
Kubernetes-commit: f33e0b33f49676bb0be6a410ab98eecd3602bd0a
Automatic merge from submit-queue (batch tested with PRs 59832, 59825). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove unused DeltaFIFO compressor argument to NewDeltaFIFO
Nobody uses it; the one or two older users from 1.4/1.5 timeframe
were removed for 1.6. It's also poorly understood and the sole
example is in the testcases, and it's pretty incomplete.
If anyone really wants compression, they can revert this PR.
Earlier pull was https://github.com/kubernetes/kubernetes/pull/43475 which was blocked on some downstream users, which have now removed their usage of the compressor.
@ncdc @deads2k
```release-note
NONE
```
Kubernetes-commit: 5f7b530d87a426348ac7c8fa27f8079fd9445d70
Automatic merge from submit-queue (batch tested with PRs 59489, 59716). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add AzureDisk support for vmss nodes
**What this PR does / why we need it**:
This PR adds AzureDisk support for vmss nodes. Changes include
- Upgrade vmss API to 2017-12-01
- Upgrade vmss clients with new version API
- Abstract AzureDisk operations for vmss and vmas
- Added AzureDisk support for vmss
- Unit tests and fake clients fix
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#43287
**Special notes for your reviewer**:
~~Depending on #59652 (the first two commits are from #59652).~~
**Release note**:
```release-note
Add AzureDisk support for vmss nodes
```
Kubernetes-commit: d89e64110aa47d557a4b133c40b38de1b41ef7f7
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a race condition in SharedInformer
**What this PR does / why we need it**:
This fixes a race condition that can occur in the `sharedIndexInformer`
**Which issue(s) this PR fixes**:
Fixes#59822
**Release note**:
```release-note
Fixed a race condition in k8s.io/client-go/tools/cache.SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown.
```
Kubernetes-commit: 6590ea6d5d50700d34255b1e037b2702ad26b7fc
This prevents a race condition where the sharedIndexInformer was
causeing the processorListener's run and pop method to be started
twice. That violated the SharedInformer's interface guarantee of
sequential delivery and also caused panics on shutdown.
Kubernetes-commit: 3c36d9e373d8e272ad303f359d040621edeb999e
Looks like we end up with the following changes:
1a43566306cb8cebad8cae85c67b15b3c254f316 - Prevent Recursive BuildRequestBody
debc1adf8e41fb5c5b7e2021a1be0b4d0c78318a - Networking v2: Create Floating IP with Subnet
1db95d798aa72ec12a6e60e40749cea56073d2fb - Compute v2: Add unit tests for Ephemeral field
0b8b348f5ad19aa4513ad9f8ad24f766a6623ad9 - compute: flavors: add Ephemeral attribute
8a6dfa8264e8b64523272c7a205e5f08bb6c118f - Compute v2: Flavor Access Remove (#688)
35ab3f13f69349f99ba8b9c9c36a7031ae2963dd - Flavor Extra Spec Update
800a4c0d57fbe8403b0bb6f13a8340c8fc990ad5 - Flavor Extra Spec Delete
be3fd7845c1928cbc5bbe289f2e39f5dec2e7278 - Flavor Extra Specs Create
c2cafb46bb409768f420742757949fd05fb1d704 - Flavor Extra Specs: List / Get (#686)
7b1b87753c31d4900587840774a019bbfa770698 - Compute v2: Flavor Access Add (#687)
1a43566306cb8cebad8cae85c67b15b3c254f316 - Prevent Recursive BuildRequestBody
debc1adf8e41fb5c5b7e2021a1be0b4d0c78318a - Networking v2: Create Floating IP with Subnet
The full set of changes between the old and new SHA are here:
8e59687aa4...6da026c32e
Kubernetes-commit: 375360312aa70595c3174f81f3320eb511aaf8f1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix all the typos across the project
**What this PR does / why we need it**:
There are lots of typos across the project. We should avoid small PRs on fixing those annoying typos, which is time-consuming and low efficient.
This PR does fix all the typos across the project currently. And with #59463, typos could be avoided when a new PR gets merged.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/sig testing
/area test-infra
/sig release
/cc @ixdy
/assign @fejta
**Release note**:
```release-note
None
```
Kubernetes-commit: 317853c90c674920bfbbdac54fe66092ddc9f15f
Automatic merge from submit-queue (batch tested with PRs 59276, 51042, 58973, 59377, 59472). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow passing request-timeout from NewRequest all the way down
**What this PR does / why we need it**:
Currently if you pass `--request-timeout` it's not passed all the way down to the actual request object. There's a separate field on the `Request` object that allows setting that timeout, but it's not taken from that flag.
@smarterclayton @deads2k ptal, this is coming from https://github.com/openshift/origin/pull/13701
Kubernetes-commit: 1f6251444b7dad7f5d924acbfb366541f2a6fb99
Automatic merge from submit-queue (batch tested with PRs 59158, 38320, 59059, 55516, 59357). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote v1alpha1 meta to v1beta1
No code changes, just renames. We can discuss if there are any field / naming changes here or in a follow-up
Parent #58536Fixes#53224
Prereq to #55637
@kubernetes/sig-api-machinery-pr-reviews @deads2k
```release-note
The `meta.k8s.io/v1alpha1` objects for retrieving tabular responses from the server (`Table`) or fetching just the `ObjectMeta` for an object (as `PartialObjectMetadata`) are now beta as part of `meta.k8s.io/v1beta1`. Clients may request alternate representations of normal Kubernetes objects by passing an `Accept` header like `application/json;as=Table;g=meta.k8s.io;v=v1beta1` or `application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1`. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their `Accept` header like `application/json` - the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response.
```
Kubernetes-commit: 9ee71b720ed2300d6298bb936d0a7873b5ecf2ac
Currently, core/v1 is in the end of the discovery order.
Since core/v1 is special, it should be in the beginning.
Kubernetes-commit: 45950fdb750d7ac12cec3b9ef3487baa99a40401
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix some typos
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Kubernetes-commit: c6e581ff42bff91337565836834b76a1601be936
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
doc: fix typo in client-go
**What this PR does / why we need it**:
Fix typo in package client-go.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c047b8dbc1d3ad93ceadb865cd4ecc3a07231a7d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix(doc): irregular descriptive docs
**What this PR does / why we need it**:
Fixes documentations.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes-commit: c52192f33bf83638aee5ef055d7efca887af1a5c
Otherwise, the certificate store will return nil the first time a store
cert is accessed. When background rotation is being used, prevents the
client from being nil.
Kubernetes-commit: b81f4745546340f08abd3f877c585aac9581d0f0
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add V1beta1 VolumeAttachment API
**What this PR does / why we need it**:
Add V1beta1 VolumeAttachment API, co-existing with Alpha API object
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58461
**Special notes for your reviewer**:
**Release note**:
```release-note
Add V1beta1 VolumeAttachment API, co-existing with Alpha API object
```
Kubernetes-commit: 8363129ee6da255ca9fe5c7d62596a3a19378abb
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only rotate certificates in the background
Change the Kubelet to not block until the first certs have rotated (we didn't act on it anyway) and fall back to the bootstrap cert if the most recent rotated cert is expired on startup.
The certificate manager originally had a "block on startup" rotation behavior to ensure at least one rotation happened on startup. However, since rotation may not succeed within the first time window the code was changed to simply print the error rather than return it. This meant that the blocking rotation has no purpose - it cannot cause the kubelet to fail, and it *does* block the kubelet from starting static pods before the api server becomes available.
The current block behavior causes a bootstrapped kubelet that is also set to run static pods to wait several minutes before actually launching the static pods, which means self-hosted masters using static pods have a pointless delay on startup.
Since blocking rotation has no benefit and can't actually fail startup, this commit removes the blocking behavior and simplifies the code at the same time. The goroutine for rotation now completely owns the deadline, the shouldRotate() method is removed, and the method that sets rotationDeadline now returns it. We also explicitly guard against a negative sleep interval and omit the message.
Should have no impact on bootstrapping except the removal of a long delay on startup before static pods start.
The other change is that an expired certificate from the cert manager is *not* considered a valid cert, which triggers an immediate rotation. This causes the cert manager to fall back to the original bootstrap certificate until a new certificate is issued. This allows the bootstrap certificate on masters to be "higher powered" and allow the node to function prior to initial approval, which means someone configuring the masters with a pre-generated client cert can be guaranteed that the kubelet will be able to communicate to report self-hosted static pod status, even if the first client rotation hasn't happened. This makes master self-hosting more predictable for static configuration environments.
```release-note
When using client or server certificate rotation, the Kubelet will no longer wait until the initial rotation succeeds or fails before starting static pods. This makes running self-hosted masters with rotation more predictable.
```
Kubernetes-commit: 06472a054a69c0aa0c7cb29697c334704feeb5eb
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: Fix broken TCP6 listen for port forwarding
**What this PR does / why we need it**:
The IPV6 loopback address `::1` is enclosed in square brackets twice,
which cause a failure to listen on the TCP6 port.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix an issue where port forwarding doesn't forward local TCP6 ports to the pod
```
/area ipv6
/sig cli
Kubernetes-commit: a241087f9966deef6175a370da060f9623e92d94
Automatic merge from submit-queue (batch tested with PRs 58955, 58968, 58971, 58963, 58298). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove dead prefix field
The `Prefix` field was never used.
Kubernetes-commit: 946b1f023ffc8dc1c0f713f4cc75206252c1e197
The certificate manager originally had a "block on startup" rotation
behavior to ensure at least one rotation happened on startup. However,
since rotation may not succeed within the first time window the code was
changed to simply print the error rather than return it. This meant that
the blocking rotation has no purpose - it cannot cause the kubelet to
fail, and it *does* block the kubelet from starting static pods before
the api server becomes available.
The current block behavior causes a bootstrapped kubelet that is also
set to run static pods to wait several minutes before actually launching
the static pods, which means self-hosted masters using static pods have
a pointless delay on startup.
Since blocking rotation has no benefit and can't actually fail startup,
this commit removes the blocking behavior and simplifies the code at the
same time. The goroutine for rotation now completely owns the deadline,
the shouldRotate() method is removed, and the method that sets
rotationDeadline now returns it. We also explicitly guard against a
negative sleep interval and omit the message.
Should have no impact on bootstrapping except the removal of a long
delay on startup before static pods start.
Also add a guard condition where if the current cert in the store is
expired, we fall back to the bootstrap cert initially (we use the
bootstrap cert to communicate with the server). This is consistent with
when we don't have a cert yet.
Kubernetes-commit: 44493de195d89ec43cc7246af921e626e0002c16
Automatic merge from submit-queue (batch tested with PRs 58903, 58141, 58900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
auth/gcp: configurable scopes for gcp default credentials
**What this PR does / why we need it**:
- add `config.scopes` field comma-separated scope URLs, to be used with Google
Application Default Credentials (i.e. GOOGLE_APPLICATION_CREDENTIALS env)
- users now should be able to set a gserviceaccount key in GOOGLE_APPLICATION_CREDENTIALS
env, craft a kubeconfig file with GKE master IP+CA cert and should be able to authenticate
to GKE in headless mode _without requiring gcloud_ CLI, and they can now use the
email address of the gserviceaccount in RBAC role bindings and _not use Google Cloud IAM at all._
- gcp default scopes now include userinfo.email scope, so authenticating to GKE
using gserviceaccount keys can now be done without gcloud as well.
- since userinfo.email scope is now a default, users who have existing RBAC bindings
that use numeric uniqueID of the gserviceaccount will be broken (this behavior was
never documented/guaranteed). from now on email address of the service account
should be used as the subject in RBAC Role Bindings.
**Release note**:
```release-note
Google Cloud Service Account email addresses can now be used in RBAC
Role bindings since the default scopes now include the "userinfo.email"
scope. This is a breaking change if the numeric uniqueIDs of the Google
service accounts were being used in RBAC role bindings. The behavior
can be overridden by explicitly specifying the scope values as
comma-separated string in the "users[*].config.scopes" field in the
KUBECONFIG file.
```
/assign @cjcullen
/sig gcp
Kubernetes-commit: 6ef0514bd94e184f51960f0545095f0fae4964b4
Includes:
* Added details and clarifications based on my experience
* Some minor copy editing
added note about resulting username
fixing last list item
clarficiation of resulting username
mainly just refering to OIDC docs
fixed comment about callback URL
Kubernetes-commit: 2709a7ee0d7d25463c9da00890a7b7db3e4419d1
Automatic merge from submit-queue (batch tested with PRs 58412, 56132, 58506, 58542, 58394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
don't stop informer delivery on error
If an informer delivery fails today, we stop delivering to it entirely. The pull updates the code to skip that particular notification, delay, and continue delivery with the next time.
/assign derekwaynecarr
/assign ncdc
/assign ash2k
@derekwaynecarr This would change the "the controller isn't doing anything?!" to "the controller missed my (individual) resource!"
```release-note
NONE
```
Kubernetes-commit: 71426ba59fd4a37e5da7deac6298ab33101bb5b6
Automatic merge from submit-queue (batch tested with PRs 56948, 58365, 58501). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixed spelling of Promethus to Prometheus
Release note:
```release-note
NONE
```
Kubernetes-commit: 5a572d3e27852ac5915359beec1da33004073525
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update vendor spf13/cobra to enforce required flags
**What this PR does / why we need it**:
spf13/cobra#502 has enforced checking flags that marked as required, an error will be raised if unset.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:fixes #54855
xref #48400fixeskubernetes/kubectl#121
**Special notes for your reviewer**:
/assign @liggitt @eparis
**Release note**:
```release-note
kubectl now enforces required flags at a more fundamental level
```
Kubernetes-commit: 048757b8a51333f59d3112d2b228d2f0102a4afc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
say which lease is being acquired
Adds which lease is being acquired to the message
Kubernetes-commit: fa7dde385b9af88843117af2060233728db2209d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
feat(fakeclient): push event on watched channel on add/update/delete
**What this PR does / why we need it**:
This PR enables watch function for kubernetes [fakeclient](1bcf0b0a22/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go (L88)).
This fake client add watchReactorFunction by wrapping [watch.NewFake](1bcf0b0a22/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go (L98)) which is a `chan Event` but actually nothing pushes objects into this channel. So all watch function called by fake client will never return or never receive any object.
This PR intercepts ReactionFunc of `Create / Update / DeleteActionImpl` and will push the requested object to channel.
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes#54075
**Special notes for your reviewer**:
**Release note**:
```dev-release-note
enable watch function for fake client
```
Kubernetes-commit: 268555a30a0f028762854f5b0d3ebb587e2ee4ee
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
wires the generic scaler to kubectl
**What this PR does / why we need it**:
the changes introduced in this commit plumbs in the generic scaler to kubectl.
note that we don't change the behaviour of kubectl.
For example it won't scale new resources. That's the end goal.
The first step is to retrofit existing code to use the generic scaler.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 52a2256b1ad492d8b1e6ec1676594ca9ef38487f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: remove open-api import from types
This builds off of https://github.com/kubernetes/kube-openapi/pull/21 and removes the following imports from `k8s.io/client-go/kubernetes`:
```
github.com/PuerkitoBio/purell
github.com/PuerkitoBio/urlesc
github.com/emicklei/go-restful
github.com/emicklei/go-restful/log
github.com/go-openapi/jsonpointer
github.com/go-openapi/jsonreference
github.com/go-openapi/spec
github.com/go-openapi/swag
github.com/mailru/easyjson/buffer
github.com/mailru/easyjson/jlexer
github.com/mailru/easyjson/jwriter
golang.org/x/text/cases
golang.org/x/text/internal
golang.org/x/text/internal/tag
golang.org/x/text/language
golang.org/x/text/runes
golang.org/x/text/secure/precis
golang.org/x/text/width
k8s.io/kube-openapi/pkg/common
```
/assign @sttts
/assign @mbohlool
cc @kubernetes/sig-api-machinery-pr-reviews
```release-note
NONE
```
Kubernetes-commit: f6d0632bbbf8428bfec0ca72db5103916e6248b4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: remove import of github.com/gregjones/httpcache
Moves NewCacheRoundTripper from `k8s.io/client-go/transport` to its own package. This prevents Kubernetes clients from requiring its dependencies.
This change removes the following transitive imports from `k8s.io/client-go/kubernetes`
```
github.com/google/btree
github.com/gregjones/httpcache
github.com/gregjones/httpcache/diskcache
github.com/peterbourgon/diskv
```
```release-note
NONE
```
Kubernetes-commit: 4a77bd53e88a719c612086df69a52899bbdd85af
Automatic merge from submit-queue (batch tested with PRs 57823, 58091, 58093, 58096, 57020). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
manually handle encoding and decoding in the scale client
@p0lyn0mial I think this resolves the problems you're seeing in https://github.com/kubernetes/kubernetes/pull/57843 by manually controlling the encode and decode in the client itself.
/assign @DirectXMan12
Kubernetes-commit: eba10f1ea1541237d9aa577418423c70b79ecb04
Automatic merge from submit-queue (batch tested with PRs 58025, 57112, 57879, 57571, 58062). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Treat staging repos as authoritative source for all files
Add CONTRIBUTING.md files to remind people not to PR directly into the published repos.
/hold
I believe this requires removing these files from the published repos if any copies exist there
ref: kubernetes/kubernetes#57559
Kubernetes-commit: 4bc286f0255d6c007cb8d5435018ab3e31ec7d01
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable list option modification when create list watch
**What this PR does / why we need it**:
metav1.ListOptions support both field selector and label selector, but the current NewListWatchFromClient in client-go only support field selector.
It would be helpful to use label selector in client-go.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Kubernetes-commit: 8504591def5ce45c9d92b57efd5f06d402a003dc
Automatic merge from submit-queue (batch tested with PRs 57521, 56769). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
forbid unnamed context
**What this PR does / why we need it**:
forbid unnamed contexts with validation
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56747
**Special notes for your reviewer**:
/assign @sttts @fabianofranz
**Release note**:
```release-note
forbid unnamed context
```
Kubernetes-commit: a2bce0d74e283654cd6e561faacf5fba7ea29310
note that we don't change the behaviour of kubectl.
For example it won't scale new resources. That's the end goal.
The first step is to retrofit existing code to use the generic scaler.
Kubernetes-commit: dd9de90b0ad1aa78c2a8dd7d5238d8f769ffe771
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update gengo version to include goimports formatter
Update gengo which now uses goimports to format code and organize imports.
Fixes#55542
**Special notes for your reviewer**:
Updates version of k8s.io/gengo
Takes new dependency on golang.org/x/tools/imports and golang.org/x/tools/go/ast/astutil
**Release Notes**:
```release-note
NONE
```
Kubernetes-commit: 46eabb7d918d962a9c8e0474d41f9371081d47fa
Automatic merge from submit-queue (batch tested with PRs 57584, 57679). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to latest gophercloud
**What this PR does / why we need it**:
Catch up with all the latest stuff from gophercloud
be3fd784 - Flavor Extra Specs Create
c2cafb46 - Flavor Extra Specs: List / Get
7b1b8775 - Compute v2: Flavor Access Add
cf81d92c - Add DELETE support in V3 volume types
a879b375 - Fix incorrect variable name
2997913a - Add pagination support in snapshots
a5c71868 - Support pagination in volume resources
1db0312e - TrivialFix incorrect variable name
69194d93 - Add basic CRUD acceptance testcases in snapshot V3
22c7abce - Add CREATE support in V3 volume types
aed60e9f - Add basic CRUD acceptance in volume V3
7cbf4661 - BlockStorage v3: volumetype get/list acc test
bcab0f79 - Update README with Thank Yous
f85e7c0f - Docs: Updating Contributing and Style Guides
be1b616c - Fix a small syntax error of TestShareTypeExtraSpecs test
3f38a1ee - Add List/Get support for volume type in volume V3
48a40399 - Support for setting availability_zone_hints to a router
747776a7 - Fix the undefined function error of TestPortsbindingCRUD test
a7ec61ea - Fix the undefined function error of TestNetworksProviderCRUD test
25e18920 - Compute v2: Add the extended status information API
b63d2fd3 - availability_zone_hints for network(s)
157d7511 - Add support for ipv6_address_mode and ipv6_ra_mode in subnets
ed468967 - DBv1: configurations acceptance test
578e2aab - Configuration group time parsing error
669959f8 - Compute v2: attachinterfaces acceptance test
8113f0cb - Add Nova interface-detach support
d6484abc - Add Nova interface-attach support
7883fd95 - fix reauth deadlock by not calling Token() during reauth
4d0f8253 - Add support to get interface of a server
7dc13e0d - AccTests: BlockStorage v2 ForceDelete
1e86e54d - Refactor blockstorage actionURL
e30da231 - Feature/support force delete
e193578c - add UseTokenLock method in ProviderClient to allow safe concurrent access
e6a5f874 - ObjectStorage v1: Rename ExtractLastMarker to extractLastMarker
c47bb004 - BlockStorage v2/v3: Reorder snapshot/volume ListOpts and update godoc
2c05d0e4 - Add 'tenant' support in volume&snapshot API
639d71fd - Networking v2: Port Security Extension
755794a7 - ObjectStorage v1: Subdir and Marker detection
a043441f - fixed bug with endless loop when using delimiter on folded directory
a4799293 - OpenStack: support OS_PROJECT_* variables
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: df259cc54d62fdf8ca89ab05d6e7931c022bfaea
Automatic merge from submit-queue (batch tested with PRs 57735, 57503). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update generated copyrights for 2018
**What this PR does / why we need it**:
- Update boilerplate regex to support 2018
- Add generated runtime and generated device plugin scripts to `hack/update-all.sh` target list
- Run `make update` to regenerate all generated code
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57728
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b098cafae06797ba8bf7fd35379e237fd355b047
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump rules_go and build "static" binaries in pure Go mode
**What this PR does / why we need it**: uses latest set of enhancements in bazelbuild/rules_go to properly build the "static" Go binaries using pure Go (i.e. `CGO_ENABLED=0`), and to support cross compilation of these binaries. Cross compilation of cgo-enabled binaries is still not supported.
Also depends on https://github.com/kubernetes/repo-infra/pull/52, and requires bazel 0.8+ (which is not yet enabled in CI for kubernetes/kubernetes).
Note that for proper cross compilation we'll also need to remove the hardcoded "linux-amd64" that's strewn about several `BUILD` files.
**Release note**:
```release-note
NONE
```
/hold
/assign @BenTheElder @mikedanese @spxtr
Kubernetes-commit: f5f6f3e715cb8dfbd9657a4229c77ec6a5eab135
Catch up with all the latest stuff from gophercloud
4b7db606 - only try to reauth once
d13755e6 - BlockStorage v3: Rename VolumeType PublicAccess to IsPublic
614da04d - Add UPDATE support in V3 volume types (#656)
be3fd784 - Flavor Extra Specs Create
c2cafb46 - Flavor Extra Specs: List / Get
7b1b8775 - Compute v2: Flavor Access Add
cf81d92c - Add DELETE support in V3 volume types
a879b375 - Fix incorrect variable name
2997913a - Add pagination support in snapshots
a5c71868 - Support pagination in volume resources
1db0312e - TrivialFix incorrect variable name
69194d93 - Add basic CRUD acceptance testcases in snapshot V3
22c7abce - Add CREATE support in V3 volume types
aed60e9f - Add basic CRUD acceptance in volume V3
7cbf4661 - BlockStorage v3: volumetype get/list acc test
bcab0f79 - Update README with Thank Yous
f85e7c0f - Docs: Updating Contributing and Style Guides
be1b616c - Fix a small syntax error of TestShareTypeExtraSpecs test
3f38a1ee - Add List/Get support for volume type in volume V3
48a40399 - Support for setting availability_zone_hints to a router
747776a7 - Fix the undefined function error of TestPortsbindingCRUD test
a7ec61ea - Fix the undefined function error of TestNetworksProviderCRUD test
25e18920 - Compute v2: Add the extended status information API
b63d2fd3 - availability_zone_hints for network(s)
157d7511 - Add support for ipv6_address_mode and ipv6_ra_mode in subnets
ed468967 - DBv1: configurations acceptance test
578e2aab - Configuration group time parsing error
669959f8 - Compute v2: attachinterfaces acceptance test
8113f0cb - Add Nova interface-detach support
d6484abc - Add Nova interface-attach support
7883fd95 - fix reauth deadlock by not calling Token() during reauth
4d0f8253 - Add support to get interface of a server
7dc13e0d - AccTests: BlockStorage v2 ForceDelete
1e86e54d - Refactor blockstorage actionURL
e30da231 - Feature/support force delete
e193578c - add UseTokenLock method in ProviderClient to allow safe concurrent access
e6a5f874 - ObjectStorage v1: Rename ExtractLastMarker to extractLastMarker
c47bb004 - BlockStorage v2/v3: Reorder snapshot/volume ListOpts and update godoc
2c05d0e4 - Add 'tenant' support in volume&snapshot API
639d71fd - Networking v2: Port Security Extension
755794a7 - ObjectStorage v1: Subdir and Marker detection
a043441f - fixed bug with endless loop when using delimiter on folded directory
a4799293 - OpenStack: support OS_PROJECT_* variables
Kubernetes-commit: 406ef92623ea3c81e1101f11c5ffae59ab32f688
Move files from kubernetes/foo root back to
kubernetes/kubernetes/staging/src/k8s.io/foo root
Then:
- add CONTRIBUTING.md for all staging repos
- add .PULL_REQUEST_TEMPLATE to all staging repos
- ignore .github while diffing generated protobuf
Kubernetes-commit: d9b5773101e930431f24fe178d988271c1becc35
Automatic merge from submit-queue (batch tested with PRs 57292, 56274, 57435, 57438, 57429). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a typo
Just a typo, `timemoutseconds` should be `timeoutSeconds`.
Kubernetes-commit: 4caedcf3beac57e2e11d7345c4eebe91aa5a655d
fix races with watch call
add test for non-namespace resource watch
add matching for all-namespace-watch
fix delete namespace watch & restrict test
fix multiple invocation on same resource & namespace
add descriptive doc for tracker.watchers
Kubernetes-commit: f57cc0b22d282bc8fe68faf91529e7175bc3918a
The IPV6 loopback address `::1` is enclosed in square brackets twice,
which cause a failure to listen on the TCP6 port.
Kubernetes-commit: 942ff28e4d9da16ac4b69ac33129b9db80f67145
- add config.scopes field comma-separated scope URLs, to be used with Google
Application Default Credentials (i.e. GOOGLE_APPLICATION_CREDENTIALS env)
- default scopes now include userinfo.email scope so the headless app with
gserviceaccount keys can have RoleBindings with email instead of account ID.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: e19dc6a86830107bcb7a4a50c997bc8a396277b1
Automatic merge from submit-queue (batch tested with PRs 56108, 56811, 57335, 57331, 54530). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use struct key for TLS cache
```release-note
NONE
```
Kubernetes-commit: c77830749726a7f7e1190361609cc04512bcf525
Automatic merge from submit-queue (batch tested with PRs 56997, 57008, 56984, 56975, 56955). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
examples: Make messages more informative
by including pod name and namespace
**What this PR does / why we need it**:
Makes messages sent to stdout more informative.
This helps new users running the examples.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 049ef3fdd37024299888f2cf7a1cfe9c12d8662b
Automatic merge from submit-queue (batch tested with PRs 56997, 57008, 56984, 56975, 56955). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code cleanup in discovery client
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 78c7c6f8597ac5990c2891d4f73ae0b9a1c013ce
Automatic merge from submit-queue (batch tested with PRs 52013, 56719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support autoprobing floating-network-id for openstack cloud provider
Currently if user doesn't specify floatingnetwork-id and loadbalancer.openstack.org/floating-network-id annotation, openstack cloud provider can't create a external LoadBalancer service.
Actually we can get floatingnetwork-id automatically.
If we get multiple floatingnetwork-ids, then ask user to specify one, or we use the floatingnetwork-id to create floatingip for external LoadBalancer service.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
**Release note**:
```release-note
Support autoprobing floating-network-id for openstack cloud provider
```
Kubernetes-commit: 36ea6de4a0fd79b97768b9b58c634140f64fc73d
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include ServerName in tls transport cache key
Fixes#56385
```release-note
Fixes server name verification of aggregated API servers and webhook admission endpoints
```
Kubernetes-commit: a46153e2f988382535aaf27a5a90b13b6c10712b
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support VolumeV3 for OpenStack cloud Provider
Currently OpenStack supports Cinder v3 API, let Kubernetes support
it too.
Fix#52877
**Release note**:
```release-note
OpenStack cloud provider supports Cinder v3 API.
```
Kubernetes-commit: ba4b07a431a71f93d43cd7d58bcf9938a76fcb62
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use full gopath for externalTypes
**What this PR does / why we need it**:
Seems like @soltysh has no thread to fix the testing failure and rebase to solve the conflict in #55703. This PR cherry-pick it's commit and supersedes it to avoid the change to be rebase-blocker.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55703
**Special notes for your reviewer**:
/cc @soltysh @sttts @smarterclayton @liggitt
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d65a8ac95cdd635afeb401d04a4fbc496ec58098
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds custom expansions to the listers for apps/v1
**What this PR does / why we need it**:
We need to add the listers expansions for the apps group version API objects.
```release-note
NONE
```
Kubernetes-commit: 03a6d0bf5439c0ac10e929d8aac1cba9517be744
Automatic merge from submit-queue (batch tested with PRs 55952, 49112, 55450, 56178, 56151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
New API group for Events.
Fixkubernetes/features#383
cc @shyamjvs
```release-note
Add events.k8s.io api group with v1beta1 API containing redesigned Event type.
```
Kubernetes-commit: 60c20901911c710491a57eb8b9c48850cdbab054
Automatic merge from submit-queue (batch tested with PRs 55545, 55548, 55815, 56136, 56185). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix storageclass unit tests
Before this change, a unit test fails:
```
make test WHAT=k8s.io/kubernetes/pkg/registry/storage/storageclass/storage
```
**Release note**:
```release-note
NONE
```
/assign @saad-ali
/assign @thockin
Kubernetes-commit: 5fcaff419f712c50e16e20f8e274dd41026558c2
Automatic merge from submit-queue (batch tested with PRs 51321, 55969, 55039, 56183, 55976). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubectl apply and strategic merge patch using openapi
- [x] support openapi in strategic merge patch
- [x] test openapi in strategic merge patch
- [x] kubectl apply use openapi to calculate diff be default. It will fall back to use baked-in types when openapi is not available.
- [x] test openapi in kubectl apply
Fixes: kubernetes/kubectl#55
```release-note
kubectl apply use openapi to calculate diff be default. It will fall back to use baked-in types when openapi is not available.
```
/assign @apelisse
Kubernetes-commit: e412ad5393b8c949474b904616fc411c3aa478a9
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement volume resize for cinder
**What this PR does / why we need it**:
resize for cinder
xref: [resize proposal](https://github.com/kubernetes/community/pull/657)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: xref https://github.com/kubernetes/community/pull/657
Follow up: #49727
**Special notes for your reviewer**:
**Release note**:
```release-note
Implement volume resize for cinder
```
wip, assign to myself first
/assign @NickrenREN
Kubernetes-commit: b18d86d5ccdb77c97425ba7fa451be7f250536d1
Automatic merge from submit-queue (batch tested with PRs 56128, 56004, 56083, 55833, 56042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Graduate the admission and admissionregistration (webhook part) API to v1beta1
ref: kubernetes/features#492
Most changes are mechanical. Please take a look at the commit message to see if the commit is worth reviewing.
```release-note
Action required:
The `admission/v1alpha1` API has graduated to `v1beta1`. Please delete your existing webhooks before upgrading the cluster, and update your admission webhooks to use the latest API, because the API has backwards incompatible changes.
The webhook registration related part of the `admissionregistration` API has graduated to `v1beta1`. Please delete your existing configurations before upgrading the cluster, and update your configuration file to use the latest API.
```
Kubernetes-commit: 4cafc5459bf987d2476efd0a4c17158a158887a3
Automatic merge from submit-queue (batch tested with PRs 56021, 55843, 55088, 56117, 55859). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
auth/gcp: capture stderr from gcloud config-helper
Fixes https://github.com/kubernetes/client-go/issues/327
Currently we're not capturing stderr when shelling out to "gcloud config
config-helper --format=json" fails. This patch is capturing the stderr in the
error message returned.
This gcloud command sometimes returns an upgrade reminder (in stderr) so using
`cmd.CombinedOutput()` is not an option here. Maybe we should also add an unit
test in gcp_test.go capturing this situation, too, in case someone decides to
replace this with CombinedOutput someday.
/assign @cjcullen
Kubernetes-commit: ff012614ca67891f8a934354c824269b3dfd655e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop using VersionedObject in resource.Builder, use unstructured
Remove the need for kubectl callers to distinguish between unstructured and versioned / type aware builders. The factory should create a single builder than can be set to return unstructured objects. Callers can then use one of the new helpers on `resource.Info` to convert the objects into the desired form - `Internal()` for printers, `Typed()` for external versions, and `Unstructured()` to ensure the object is in the right state. Leverages the new scheme support for unstructured conversion so that higher level callers can perform best effort conversion (get typed versions if you have them, otherwise use default behavior).
`get.go` demonstrates this by removing the previous logic that depended on the underlying scheme. Other commands are updated to be consistent.
Includes #55650 and #55647.
Kubernetes-commit: 40e7101844fd4cce86e3c6df3f7d093d74337418
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow constructing spdy executor from existing transports
If you already have an existing transport, it is not always possible to reconstruct a client config from it.
Allow constructing a spdy executor, given a connection/upgrade transport
```release-note
NONE
```
Kubernetes-commit: 294f28f25d3a420b6a5efffac7fe8b76a70c6529
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move unstructured conversion into pkg/runtime
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
@liggitt @kubernetes/sig-cli-api-reviews I am going to make Scheme support unstructured in ConvertToVersion and Convert, which means resource.Builder and the CLI can get simpler for all existing use cases where versioned and unstructured need to coexist.
Kubernetes-commit: a67abac7654cc3e05618d41191d71730cf9565ac
Automatic merge from submit-queue (batch tested with PRs 55392, 55491, 51914, 55831, 55836). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move regexp.MustCompile to global variable
Move regexp.MustCompile to global variable.
regexp.MustCompile heavy function and can be run on init app
```release-note
NONE
```
Kubernetes-commit: 79c22745660733c822cff6970db8ceb0b58a0989
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add monitoring support for hardware accelerators
Currently only NVIDIA GPU monitoring is implemented.
Feature repo issue: https://github.com/kubernetes/features/issues/369
cAdvisor PR: https://github.com/google/cadvisor/pull/1762
/kind feature
/sig node
/sig instrumentation
/area hw-accelerators
**Release note**:
```release-note
Kubelet now exposes metrics for NVIDIA GPUs attached to the containers.
```
Kubernetes-commit: 779105673ab2f00af9e02dc9ac3c6413588aeae4
Automatic merge from submit-queue (batch tested with PRs 55657, 54758, 47584, 55758, 55651). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Gophercloud dependency for reauth problem
**What this PR does / why we need it**:
Fixes picked up from gophercloud:
443743e883...0b6b13c4dd
Including the one for endless loop on reauth:
https://github.com/gophercloud/gophercloud/pull/604
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55656
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 08659652a2fa3c3f7ecbe91c591a5021f343c355
Automatic merge from submit-queue (batch tested with PRs 53780, 55663, 55321, 52421, 55659). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicated import
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c339a54b53bd05eb642618bffda727196e38bc70
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce new `VolumeAttachment` API Object
**What this PR does / why we need it**:
Introduce a new `VolumeAttachment` API Object. This object will be used by the CSI volume plugin to enable external attachers (see design [here](https://github.com/kubernetes/community/pull/1258). In the future, existing volume plugins can be refactored to use this object as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Part of issue https://github.com/kubernetes/features/issues/178
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Kubernetes-commit: ebe8ea73fd1a961779242dfbb629befa153e96fc
Automatic merge from submit-queue (batch tested with PRs 55265, 54092, 55353, 53733, 55385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Capture git export-subst strings in version.sh for 'git archive' use.
Eliminate the need to update pkg/version/base.go on release branch tagging.
This excellent solution brought to you by @ixdy.
- [ ] Cherrypick to release-1.8
- [ ] Cherrypick to release-1.7
- [ ] Cherrypick to release-1.6?
- [ ] Update kubernetes/release/anago to skip updating base.go files
ref https://github.com/kubernetes/release/pull/459
ref #16815 (somewhat related)
cc @javier-b-perez
Kubernetes-commit: 4e68d2511ef07428a69a2b6c66efc2b05f4b97dc
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add MutatingWebhookConfiguration type
As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed.
Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic.
ref: https://github.com/kubernetes/features/issues/492
Kubernetes-commit: 61f210859d9c4bd64af254ba696f6f693596ced9
Before this change, a unit test fails:
```
make test WHAT=k8s.io/kubernetes/pkg/registry/storage/storageclass/storage
```
Kubernetes-commit: f5995e77f4d3f08c3277accc1231e6140add702a
Fixes https://github.com/kubernetes/client-go/issues/327
Currently we're not capturing stderr when shelling out to "gcloud config
config-helper --format=json" fails. This patch is capturing the stderr in the
error message returned.
This gcloud command sometimes returns an upgrade reminder (in stderr) so using
`cmd.CombinedOutput()` is not an option here. Maybe we should also add an unit
test in gcp_test.go capturing this situation, too, in case someone decides to
replace this with CombinedOutput someday.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: 1334523c73fea3b3d9d0e90f287b3e385c79e6cd
This will allow us to recognize unstructured objects in the absence of
server side discovery info.
Kubernetes-commit: d77b95723c4fb67c87a0ec8c09d4054ae2c77ee1
Delays the error until the first call and then preserves it for others.
More closely matches the intent of the Object() calls. Loaders are now
lazy and don't need to return errors directly.
Sets the stage for collapsing unstructured and structured builders
together.
Kubernetes-commit: e298aa39c3de8ad1059861b7f78d62005ca87f88
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
Kubernetes-commit: 557f9ddfe6300ecdbdd70ea67dca63bf6b710ea7
Automatic merge from submit-queue (batch tested with PRs 55403, 54660, 55165). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-generator: add NewFilteredSharedInformerFactory function
**What this PR does / why we need it**:
Adds a `namespace` option to the SharedInformerFactory constructor. This is useful when building controllers that may need to scope themselves to a namespace due to RBAC constraints.
Workarounds for this involve losing type safety if a user wants to use it for core APIs as well as a SharedInformerFactory type interface, as we have to deal with plain SharedIndexInformers (example here: https://github.com/jetstack-experimental/cert-manager/blob/master/pkg/util/kube/factory.go)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes https://github.com/kubernetes/code-generator/issues/9
**Special notes for your reviewer**:
This will require updating all uses of SharedInformerFactory throughout the codebase. I'm going to follow up with later commits in this PR with these changes, but wanted to get this here to get some feedback on the way it's implemented.
**Release note**:
```release-note
NONE
```
/cc @sttts @nikhita @deads2k
Kubernetes-commit: bab312dbcf2ea68c19bffa9f26362c86ef1987ec
Automatic merge from submit-queue (batch tested with PRs 54773, 52523, 47497, 55356, 49429). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
certificate manager: reduce max backoff from 128s to 32s
For TLS bootstrapping in bootkube we run a kubelet with a control plane run through static pods. That static control plane has an API server and controller manager that approve the kubelet's CSR.
Since the kubelet has to wait for the static control plane to come up to be approved, we hit this backoff every time and it actually adds a notable overhead to startup times.
https://github.com/kubernetes-incubator/bootkube/pull/663
If this choice is somewhat arbitrary, I'd like to see it lowered for 1.9.
/assign @jcbsmpsn @mikedanese
```release-note
NONE
```
Kubernetes-commit: 0ff21718d127b9fc14bdfc068624e82fb84e99c2
Automatic merge from submit-queue (batch tested with PRs 55331, 55272, 55228, 49763, 55242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/tools/cache: fix possible deadlock when stopping a reflector
While getting Connection-Refused error, a reflector was retrying without stopping when the stopCh is closed.
The flaking TestCRD #54095 sometimes shows a deadlock in reflectors that should be shutdown, called from the storage cacher. So possibly this is related.
Kubernetes-commit: f34d3af809169007e7f474a26751ee675c0664ac
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
When cert dir is relative, cert rotation builds incorrect symlinks
Symlinks relative to a working directory were being constructed to the
wrong location, leading to failure to refresh client certs.
@liggitt
Kubernetes-commit: 08781adf13491e08ac25e7545a9099d8be73a9dd
Automatic merge from submit-queue (batch tested with PRs 55093, 54966, 55047, 54971, 54786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vendor update: github.com/golang/protobuf
When I'm working on PR: https://github.com/kubernetes/kubernetes/pull/54782, I met a problem here: https://github.com/golang/protobuf/issues/372, which I think we need to update our vendor of protobuf
and I ask Dr. Stefan for suggestion, here is our coversation
shiywang [5:09 PM]
hi, Dr. Stefan i'm sorry to bother, I have a simple question, I was working on a pr which need to use protobuf custom field, and I run into this problem here: https://github.com/golang/protobuf/issues/372 which I think is due to our codebase's protobuf vendor is too old `vendor/github.com/golang/protobuf`, do you think I can update that vendor to lastest one ? also I noticed there's also an extend package called `vendor/github.com/gogo/protobuf/proto` what's the releationship between those two ? which one should I update ?
sttts
[5:11 PM]
hi
[5:11]
don't know much about the proto internals either, @claytonc is probably the only one
[5:12]
create a vendor/github.com/golang/protobuf bump PR and assign it to him
shiywang [5:12 PM]
sounds good, thank you sir
so
/assign @smarterclayton
for suggestion, thanks
```release-note
NONE
```
Kubernetes-commit: 5b7ce60fcebea445b7852d8dc2bce141a2bd7a3a
Automatic merge from submit-queue (batch tested with PRs 55093, 54966, 55047, 54971, 54786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Upgrade Azure SDK to v11.1.1
**What this PR does / why we need it**: This fixes various Azure SDK bugs per the Azure SDK for Go changelogs:
* Fixed bug in which blob types were unmarshaled incorrectly
* Fixed various package names
* Miscellaneous unspecified storage bug fixes
This is also a prerequisite for a bug fix for running out of firewall rules when exposing large numbers of services from an Azure cluster.
**Which issue(s) this PR fixes**: None
**Special notes for your reviewer**:
1. I inadvertently committed a compatibility fix along with the dependency upgrade (which the guidelines say should have been two separate commits). The offending file is `pkg/cloudprovider/providers/azure.go`.
2. We require an urgent bug fix for the firewall rules limit so it would be great if we could get this agreed quickly. I have struggled with the dependency upgrade process a bit so if it looks wrong, please let me know as soon as you can! Thanks!
**Release note**:
```release-note
Upgraded Azure SDK to v11.1.1.
```
Kubernetes-commit: b4588383503743f70a01cc26e303de481dc02de0
Automatic merge from submit-queue (batch tested with PRs 53645, 54734, 54586, 55015, 54688). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix Incorrect Scale Subresources and HPA e2e ScaleTargetRefs
The HPA e2es failed to actually set `apiVersion` on the created HPAs, which previous was ignored. Since the polymorphic scale client was merged, this behavior is no longer tolerated (it was never correct to begin with, but it accidentally worked).
Additionally, the `apps` resources have their own version of scale. Until `apps/v1beta1` and `apps/v1beta2` go away, we need to support those versions in the scale client.
Together, these broke some of the HPA e2es.
Fixes#54574
```release-note
NONE
```
Kubernetes-commit: 67c9e7419c6753f74b568a84f9182b69ad59171b
Automatic merge from submit-queue (batch tested with PRs 54535, 54950, 55081). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: add +groupGoName to allow unique Go identifiers in clientsets and informers
We use the first segement of the GroupName as Go name. Hence, a GroupName
"policy.k8s.io" and "policy.authorization.k8s.io" could not live in the
same clientset or shared informer factory. This PR add another tag:
```
// +groupGoName=AuthorizationPolicy
```
Kubernetes-commit: 099935df1407bc78a43f7a16cca3477a5efd1f7b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Workloads V1
**What this PR does / why we need it**: This PR promotes the Deployment, ReplicaSet, and DaemonSet StatefulSet, ControllerRevision kinds to the apps/v1 group version.
https://github.com/kubernetes/features/issues/353
**Special notes for your reviewer**:
There will be at least two followups to this PR. The first to add a scale sub-resource when the correct location is resolved, and the second to deal with Conditions in the workloads API.
While it would have been preferable to move the kinds individually providing a lesser burden on reviewers, this proved impracticable due to the intricacies of version resolution in kubectl for objects of the different kinds in the same group.
```release-note
DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version.
```
Kubernetes-commit: 2ecb36802666b9088495d34da7ab486cd3347e65
Automatic merge from submit-queue (batch tested with PRs 51401, 54056, 54977, 55017, 55052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
extensions: remove TPR remnants
The extensions group still had the TPR types + generated client. Having this in the codebase doesn't create any problems but would be good to clean up, especially since TPR access has been removed in 1.8.
**Release note**:
```release-note
NONE
```
/assign @sttts @deads2k
Kubernetes-commit: 6f98cc9f6a971fec475d6144350d6ccebf94d978
Automatic merge from submit-queue (batch tested with PRs 55004, 54957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update kube-openapi to use validation
**What this PR does / why we need it**: Moves openapi validation code to kube-openapi, so that we can move the rest of the code to apimachinery repository, so that later we can use it from both the client and the server.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #Nothing
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 55e216f56eac0082acc6be655d9ae09cf9ba38a8
Automatic merge from submit-queue (batch tested with PRs 54800, 53898, 54812, 54921, 53558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
rename metric reflector_xx_last_resource_version
**What this PR does / why we need it**:
mv reflector name from metric name to metric label
before:
```
reflector_k8s_io_kubernetes_pkg_client_informers_informers_generated_internalversion_factory_go:73_8664_last_resource_version{instance="104.154.20.21:443",job="kubernetes-apiservers"}
```
after
```
reflector_last_resource_version{instance="10.0.2.15:6443",job="kubernetes-apiservers",name="k8s_io_kubernetes_pkg_client_informers_informers_generated_internalversion_factory_go_73_8664"}
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#52121
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b7968e090730141f915577fa116e44e2bc6c0099
Automatic merge from submit-queue (batch tested with PRs 53190, 54790, 54445, 52607, 54801). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update `truncateBody` to not truncate with high level
And add a unit-tests to verify that it works properly.
**What this PR does / why we need it**:
Update `truncateBody` so that one can use `V(10)` to read the entire content of a HTTP response.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7fdacaa6bf2bc406998f059416339c3402fdccd4
Symlinks relative to a working directory were being constructed to the
wrong location, leading to failure to refresh client certs.
Kubernetes-commit: 3ec453d0d000a9bd3244d9d455f715bfe64d2e6b
apps/v1betaX inadventertently contains its own variant of Scale. In
order to support scaling Deployments, ReplicaSets, etc, we need to support
these versions of Scale as well.
Kubernetes-commit: 2c9fc432947bedb2fffc12faf7fc0ee1d0ceffd9
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[OpenStack]Remove the LbaasV1 of OpenStack cloud provider
The Neutron LbaasV1 has been declared obsolete, LbaasV2 is a
better choice.
So let's remove the codes of LbaasV1, only support LbaasV2.
xref: #52609
Reference OpenStack doc:
https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2.
```
Kubernetes-commit: b2b31ada149fb688aea0d62cd58e5416d5fd337b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go/examples: Update CRUD Deployment sample
**What this PR does / why we need it**:
PR motivated by [#128](https://github.com/kubernetes/client-go/issues/128), namely updating the CRUD example with the following:
- Add new step which demonstrates rolling back deployments
- Cleanup retry loop for `Update()` steps
- Make `-kubeconfig` flag optional when running example (same as out-of-cluster example)
- Update `README.md` to reflect changes
**Special notes for your reviewer**:
My first Kubernetes contribution- feedback very welcome!
**Release note**:
```release-note
NONE
```
/cc @ahmetb @caesarxuchao
Kubernetes-commit: 1ba331ef59220c3f50246a4bfe23350de2c2f5ed
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Polymorphic Scale Client
This PR introduces a polymorphic scale client based on discovery information that's able to scale scalable resources in arbitrary group-versions, as long as they present the scale subresource in their discovery information.
Currently, it supports `extensions/v1beta1.Scale` and `autoscaling/v1.Scale`, but supporting other versions of scale if/when we produce them should be fairly trivial.
It also updates the HPA to use this client, meaning the HPA will now work on any scalable resource, not just things in the `extensions/v1beta1` API group.
**Release note**:
```release-note
Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group.
```
Unblocks #29698
Unblocks #38756
Unblocks #49504Fixes#38810
Kubernetes-commit: ca8d97d673426409116a710503d4bc05ca8207a7
Automatic merge from submit-queue (batch tested with PRs 54199, 54181, 54196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update openapi to use kube-openapi code
**What this PR does / why we need it**: OpenAPI code has moved to `github.com/kubernetes/kube-openapi`. Let's use that code as a dependency, since now it's duplicated.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51823
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
No user visible changes. Just code moving around.
Kubernetes-commit: 507790c9c6f50b580b4409b5ac93b10a24570819
Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use GetByKey() in typeLister_NonNamespacedGet
The Get() function of non-namespace lister passes a temporary object to
indexer.Get() in order to fetch the actual object from the indexer. This
may cause Go to allocate the temporary object on the heap instead of the
stack, as it is passed into interfaces. For non-namespaced objects,
Get(&Type{ObjectMeta: v1.ObjectMeta{Name: name}}) should be equivalent
to GetByKey(name).
This could be the root cause of excessive allocations, e.g. in tests
clusterRoleLister.Get() has trigger 4 billion allocations. See
openshift/origin#16954
Kubernetes-commit: 4282ab39fc15d8267ceac36398947465867027db
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update admission webhook to accept client config
Fixes https://github.com/kubernetes/kubernetes/issues/53827
This plumbs a complete client through the plugin initializer for admission webhooks. It achieves parity with our existing webhooks and provides flexibility if people want to do something special or different. Easy things are easy, hard things are possible. This does not change behavior for kube-apiserver.
@kubernetes/sig-auth-api-reviews @kubernetes/sig-api-machinery-bugs
Kubernetes-commit: f07b359e5bd5af8947b32309865dada7043d59e3
Automatic merge from submit-queue (batch tested with PRs 53696, 54059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint warnings for useless err checks.
**What this PR does / why we need it**:
This check was recently added to golint.
**Which issue this PR fixes**
Related to #37254
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a1e786f1389d7a15a7548afa8015331027717b32
Automatic merge from submit-queue (batch tested with PRs 53978, 54008, 53037). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Verify the bootstrap client cert before using it
Kubernetes-commit: d91e97f2432d0c96993b56d3bf30e94c69be68de
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Kubernetes-commit: 1d8f1e268f18e278b93b3ba06ca3c73604bfdb77
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update rules_go, repo-infra, and rules_docker dependencies
**What this PR does / why we need it**: several of our bazel dependencies were getting pretty old, since they required bazel 0.5.4+ but there were various failures if we tried to use them with bazel 0.5.4.
Now that bazel 0.6.0 (and 0.6.1) have been out for a while, we can bump our dependencies and get a number of fixes and new functionality.
x-ref #52677 and others
**Special notes for your reviewer**:
* This will now explicitly require bazel 0.6.0+ to build kubernetes.
* Our staging directories are causing some issues for `gazelle`; it wants to set `importpath = "k8s.io/kubernetes/staging/src/k8s.io/blah"` instead of `importpath = "k8s.io/blah"`. I'm not sure what is the correct way to fix this; what we're doing here is pretty weird and nonstandard. I've used a `sed` substitution for now.
* The `-proto=default` option of `gazelle` has a number of bugs right now (https://github.com/bazelbuild/rules_go/issues/888, https://github.com/bazelbuild/rules_go/issues/900, https://github.com/bazelbuild/rules_go/issues/907), so I am forcing the legacy behavior.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @spxtr @BenTheElder
Kubernetes-commit: 77b83e446b4e655a71c315ad3f3890dc2a220ccf
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: Remove swagger 1.2 entirely.
**What this PR does / why we need it**:
Remove dead code since nothing is using swagger 1.2 anymore. This doesn't change any feature, it's just removing unused code.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Follow up on #44589
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 24cf4a8b5c1488f615ae64b9e3a30ee1d3d83333
Automatic merge from submit-queue (batch tested with PRs 52354, 52949, 53551). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable API chunking and promote to beta for 1.9
All list watchers default to using chunking. The server by default fills pages to avoid low cardinality filters from making excessive numbers of requests. Fix an issue with continuation tokens where a `../` could be used if the feature was enabled.
```release-note
API chunking via the `limit` and `continue` request parameters is promoted to beta in this release. Client libraries using the Informer or ListWatch types will automatically opt in to chunking.
```
Kubernetes-commit: 23cc4dc50ab223751d5a7983faa3fa6b811f2255
Automatic merge from submit-queue (batch tested with PRs 53525, 53652). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: remove ObjectCopier interface(s)
The big commit is a mechanical, transitive removal of the copier interfaces in all structs and function calls.
Kubernetes-commit: aaf14d4619ddae90ec753959053a74967832058c
This adds a new fake scale client (for use in testing) to match the
new polymorphic scale client.
Kubernetes-commit: f22bfcd65acafc75235665feac3b147f16e30998
This introduces a polymorphic scale client capable of operating against
scale subresources which return different group-versions of Scale. The
scale subresources may be in group-versions different than the scale
itself, so that we no longer need a copy of every scalable resource in
the extensions API group.
To discovery which Scale group-versions go to which subresources,
discovery is used.
The scale client maintains its own internal versions and conversions to
several external versions, with a "hub" version that's a copy of the
autoscaling internal version.
It currently supports the following group-versions for Scale subresources:
- extensions/v1beta1.Scale
- autoscaling/v1.Scale
Kubernetes-commit: d61a2d90372c301dd11088df8941acf2bb01c38c
The fake discovery client currently returns `nil, nil` for several
methods. Among them is the `ServerGroups` method, which is used by the
discovery REST mapper implementations. This updates the fake discovery
client to actually return server groups so that the discovery REST
mapper can be used in tests.
Kubernetes-commit: f83a19676c0b53b2c2240d11d58e9d35c31d9ff5
Everything else it depends on was already there, and now we have a
somewhat consistent code chain.
Kubernetes-commit: 5649f9a578f4f130f61579d77d5609fbdaf82a1f
This fixes some scope isses that were introduced by shadowing vars inside anonymous functions as well as using a naked return.
Fixed by using unique err names and explicitly returning errors.
Additional improvement is using the HomeDir() util function provided by client-go instead of including a helper function at the bottom of this example.
Signed-off-by: John Kelly <jekohk@gmail.com>
Kubernetes-commit: e71c9f1b4beb06bcd3694163e6bf1764fb49edd6
Automatic merge from submit-queue (batch tested with PRs 53434, 53202). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-generator: unify generator main funcs and prepare for launching from one binary
- remove "generated by client-gen with custom arguments" message as this does not
make sense in the times of k8s.io/code-generator
- unify generator main funcs and explicitly call pflag.AddFlags and pflag.Parse. This
will allow to instantiate the generators also from other places.
Requires https://github.com/kubernetes/gengo/pull/80.
Closes https://github.com/kubernetes/kubernetes/issues/53522.
Kubernetes-commit: 6ac018af01bd27054452cf04adaa05cf61f1e82a
Automatic merge from submit-queue (batch tested with PRs 53278, 53184). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add API version apps/v1, and bump DaemonSet to apps/v1
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: kubernetes/features#484
**Special notes for your reviewer**: This PR targets `master`, as a backup if #53223 (targeting features branch) falls through
@kubernetes/sig-apps-api-reviews
**Release note**:
```release-note
Add API version apps/v1, and bump DaemonSet to apps/v1
```
Kubernetes-commit: fc81ec01e51e6bcda6ed96f0f73799b43634d8d1
Automatic merge from submit-queue (batch tested with PRs 53135, 52512, 48339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: Truncate printed body based on Verbosity level
**What this PR does / why we need it**: If log verbosity is above 8, it will print the full request and response body. These might be very big (especially when downloading the openapi), and it takes multiple seconds just to print it ... Truncates the printing of that body if the level is less than 10.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Vaguely related to #52089
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 413cf643f946e72be9a869833ebbeda996a440cf
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
threadSafeMap: panic if index function call fails
**Which issue this PR fixes**
Fixes#43605
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: e7518d8aa3abf295c7af920f7d8a97fbd6c1537d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ring buffer for shared informer notifications
**What this PR does / why we need it**:
Improves memory allocation for shared informer listeners. Instead of always appending to the slice use as a ring buffer, avoiding reslice operations as long as there is room in the slice. See https://github.com/kubernetes/kubernetes/pull/47045#issuecomment-317621259 for details. This is a follow up PR for #47045.
Results from BenchmarkListener:
```
Current code (from the #47045):
1000000 1540 ns/op 109 B/op 1 allocs/op
```
```
New code:
1000000 1162 ns/op 16 B/op 1 allocs/op
```
**Special notes for your reviewer**:
Only review the last commit, this branch is based on #47045 PR. I'll rebase onto master once it is merged.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
/cc @deads2k @ncdc
Kubernetes-commit: bb035a2854e690d726ece2f8c5e1b8f4b7aef930
This updates the create-update-delete-deployment example with the following:
Make use of client-go retry util in Update() steps instead of simple for loops.
Using RetryOnConflict is generally better practice as it won't become stuck in a retry loop and uses exponential backoff to prevent exhausting the apiserver.
Instead of changing annotations to demonstrate Updates/Rollbacks, change the container image as it is less confusing for readers and a better real-world example.
Improve comments and README to reflect above changes.
Signed-off-by: John Kelly <jekohk@gmail.com>
Kubernetes-commit: 94f5bcf6f77d5b35074dfab47b5de37096d8ee00
Prevent a Kubelet from shutting down when the server isn't responding to
us but we cannot get a new certificate. This allows a cluster to coast
if the master is unresponsive or a node is partitioned and their client
cert expires.
Kubernetes-commit: b3a11aa635022761637090f4fc8d5cb57f3f0010
Clients shouldn't have to know about watch.ErrWatchClosed, which is
typically a server side decision to close and always means "Timeout" in
this conetxt.
Kubernetes-commit: cbecf177274e6f6924d6ca756eccf0a55e2933c0
Previously, the fake RESTClient in client-go required a Registry. It
used the Registry to fetch the GroupVersion for the fake client.
However, the way it did so was dubious in some cases (it hard-coded the
default API group in places), and not strictly necssary.
This updates the fake client to just recieve the GroupVersion and
internal group name directly, instead of requiring a Registry, so that
it can be consumed in unit tests where a Registry isn't necessarily
readily available (e.g. elsewhere in client-go).
Kubernetes-commit: eac2049fc9a151a7cbd6652e039506376574e0a9
This updates the create-update-delete-deployment example with the following:
Add rollback step to demonstrate rolling back deployments with client-go.
Modify the for-loops used in both Update steps to Get() the latest version
of the Deployment from the server before attempting Update().
This is necessary because the object returned by Create() does
not have the new resourceVersion, causing the initial Update() to always fail
due to conflicting resource versions. Putting the Get() at the top of the
loop seems to fix this bug.
Make -kubeconfig flag optional if config is in default location, using the
same method found in the out-of-cluster example.
Patch is motivated by effort to improve client-go examples.
Signed-off-by: John Kelly <jekohk@gmail.com>
Kubernetes-commit: ce73088a718c30d8a3577f5d0521584b9c201e69
Automatic merge from submit-queue (batch tested with PRs 49249, 53203, 53209, 53208, 53177). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vendor/k8s.io/client-go/tools/record: Fix two swallowed errors in tests
**What this PR does / why we need it**: Fixes two dropped errors in client-go.
```release-note NONE
```
Kubernetes-commit: f369c1af596ecd8b5b54916a0cbbface8f422121
Automatic merge from submit-queue (batch tested with PRs 51759, 53001, 52806). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
add verify case in index_test.go
**What this PR does / why we need it**:
There only verify the length of the result in the index_test and we should also verify the content of the result.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c3b443b41c56de0ea012726a581b917e1665416d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Update gophercloud to Handle New Identity Endpoints
Currently openstack cloud provider just support keystone v2.0 and v3
The latest Identity Service is publishing an ID of v3.8, we should
update gophercloud to recognize v3.8 as a valid version id.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52830
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 4f2d7b93da2464a3147e0a7e71d896dd2bade9ad
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
bazel: build/test almost everything
**What this PR does / why we need it**: Miscellaneous cleanups and bug fixes. The main motivating idea here was to make `bazel build //...` and `bazel test //...` mostly work. (There's a few reasons these still don't work, but we're a lot closer.)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @mikedanese @spxtr
Kubernetes-commit: 7c9e614cbb507b094d82301c5ea4d26f075eed82
Automatic merge from submit-queue (batch tested with PRs 52485, 52443, 52597, 52450, 51971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Enable go race detection for bazel tests.
Testing if setting `features = ["-race"]` fixes the breaks in #50792.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e371f8ab1dd5f0e8d7703ff76e7e2499c5f4aef8
Automatic merge from submit-queue (batch tested with PRs 51929, 52015, 51906, 52069, 51542). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
client-go: simplify deepcopy calls
Kubernetes-commit: a3cc5dc3841b9f3f55f04e017fba8269ae6b7141
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
update comment code mistake
**What this PR does / why we need it**:
update comment code mistake
Kubernetes-commit: 798e5805d7ede74492097dec62d94d2b1fa67363
Automatic merge from submit-queue (batch tested with PRs 52843, 52710, 52821, 52844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
update-staging-godeps: only mangle staging repos in staging Godeps.json
- this re-adds non-staging k8s.io/* repos to the staging Godeps.jsons
- x-outs instead of removing of staging dependencies in order to get a
precise trigger for a complete godep restore+save run in the publisher
bot.
The first breaks k8s.io/kube-aggregator's staging export.
The second potentially leads to inconsistent godeps in our exported staging repos.
Kubernetes-commit: 3ba46ee9fab32ccaeeee4af4a80375e6e1d71ace
Currently openstack cloud provider just support keystone v2.0 and v3
The latest Identity Service is publishing an ID of v3.8, we should
update gophercloud to recognize v3.8 as a valid version id.
Kubernetes-commit: f98326b7f9364f6a5c3e336af1279833713e73c9
Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237)
Plumbing the proxy dialer to the webhook admission plugin
* Fixing https://github.com/kubernetes/kubernetes/issues/49987. Plumb the `Dial` function to the `transport.Config`
* Fixing https://github.com/kubernetes/kubernetes/issues/52366. Let the webhook admission plugin sets the `TLSConfg.ServerName`.
I tested it in my gke setup. I don't have time to implement an e2e test before 1.8 release. I think it's ok to add the test later, because *i)* the change only affects the alpha webhook admission feature, and *ii)* the webhook feature is unusable without the fix. That said, it's up to my reviewer to decide.
Filed https://github.com/kubernetes/kubernetes/issues/52368 for the missing e2e test.
( The second commit is https://github.com/kubernetes/kubernetes/pull/52372, which is just a cleanup of client configuration in e2e tests. It removed a function that marshalled the client config to json and then unmarshalled it. It is a prerequisite of this PR, because this PR added the `Dial` function to the config which is not json marshallable.)
```release-note
Fixed the webhook admission plugin so that it works even if the apiserver and the nodes are in two networks (e.g., in GKE).
Fixed the webhook admission plugin so that webhook author could use the DNS name of the service as the CommonName when generating the server cert for the webhook.
Action required:
Anyone who generated server cert for admission webhooks need to regenerate the cert. Previously, when generating server cert for the admission webhook, the CN value doesn't matter. Now you must set it to the DNS name of the webhook service, i.e., `<service.Name>.<service.Namespace>.svc`.
```
Kubernetes-commit: 7181dd49460787871b602a47ab2ad05babacb820
Automatic merge from submit-queue
use specified discovery information if possible
Fixes https://github.com/kubernetes/kubernetes/issues/49948
This uses the available discovery information if available, but it seems we never updated "normal" resources to show the singular name, so its often not available. I've left this code compatible.
@enisoc @ash2k
@kubernetes/sig-api-machinery-misc
```release-note
custom resources that use unconventional pluralization now work properly with kubectl and garbage collection
```
Kubernetes-commit: e190f391129260527c119fe319216212c916ae5d
Automatic merge from submit-queue (batch tested with PRs 52227, 52120)
Fix discovery restmapper finding resources in non-preferred versions
Fixes: #52219
Also reverts behavioral changes to tests that version-qualified cronjobs to work around this issue.
The discovery rest mapper was only populating the priority rest mapper's search list with preferred groupversions.
That meant that if a resource existed in multiple non-preferred versions, AND did not exist in the preferred version (like cronjob, which only exists in v1beta2.batch and v2alpha1.batch, but not v1.batch), the priority restmapper would not find it in its group/version priority list, and would return an error.
```release-note
Fixed an issue looking up cronjobs when they existed in more than one API version
```
Kubernetes-commit: 77e660ed15e927e4e901f42bb3f6790775f8107d
There are a couple tests that need to run without race detection
enabled. See issue 39649 for details.
Kubernetes-commit: d4676b67539419aced720772b13f556de8065fc1
Automatic merge from submit-queue (batch tested with PRs 48552, 51876)
Disable default paging in list watches
For 1.8 this will be off by default. In 1.9 it will be on by default.
Add tests and rename some fields to use the `chunking` terminology.
Note that the pager may be used for other things besides chunking.
Follow on to #48921, we left the field on to get some exercise in the normal code paths, but needs to be disabled for 1.8.
@liggitt let's merge on wednesday.
Kubernetes-commit: eda3db550bd72499d735938a1911f9f7e88870f8
For 1.8 this will be off by default. In 1.9 it will be on by default.
Add tests and rename some fields to use the `chunking` terminology.
Note that the pager may be used for other things besides chunking.
Kubernetes-commit: 8b571bb63bd8a9a6a37db6046a6ab35d3b047bf4
Automatic merge from submit-queue (batch tested with PRs 51956, 50708)
Move autoscaling/v2 from alpha1 to beta1
This graduates autoscaling/v2alpha1 to autoscaling/v2beta1. The move is more-or-less just a straightforward rename.
Part of kubernetes/features#117
```release-note
v2 of the autoscaling API group, including improvements to the HorizontalPodAutoscaler, has moved from alpha1 to beta1.
```
Kubernetes-commit: 3168bd4b123629d7d33ee976437175d8cde5f0cc
This commit renames autoscaling/v2alpha1 to autoscaling/v2beta1.
Only the API-related code is moved in this commit.
Kubernetes-commit: b0af4024753bd0eac43a57282b3f6414488db299
Automatic merge from submit-queue (batch tested with PRs 51984, 51351, 51873, 51795, 51634)
Bug Fix - Adding an allowed address pair wipes port security groups
**What this PR does / why we need it**:
Fix for cloud routes enabled instances will have their security groups
removed when the allowed address pair is added to the instance's port.
Upstream bug report is in:
https://github.com/gophercloud/gophercloud/issues/509
Upstream bug fix is in:
https://github.com/gophercloud/gophercloud/pull/510
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#51755
**Special notes for your reviewer**:
Just an fix in vendored code. minimal changes needed in OpenStack cloud provider
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 9a8cb435b77085fa7d518c4428a02eae316b1003
Automatic merge from submit-queue (batch tested with PRs 51186, 50350, 51751, 51645, 51837)
Update Cadvisor Dependency
Fixes: https://github.com/kubernetes/kubernetes/issues/51832
This is the worst dependency update ever...
The root of the problem is the [name change of Sirupsen -> sirupsen](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276). This means that in order to update cadvisor, which venders the lowercase, we need to update all dependencies to use the lower-cased version. With that being said, this PR updates the following packages:
`github.com/docker/docker`
- `github.com/docker/distribution`
- `github.com/opencontainers/go-digest`
- `github.com/opencontainers/image-spec`
- `github.com/opencontainers/runtime-spec`
- `github.com/opencontainers/selinux`
- `github.com/opencontainers/runc`
- `github.com/mrunalp/fileutils`
- `golang.org/x/crypto`
- `golang.org/x/sys`
- `github.com/docker/go-connections`
- `github.com/docker/go-units`
- `github.com/docker/libnetwork`
- `github.com/docker/libtrust`
- `github.com/sirupsen/logrus`
- `github.com/vishvananda/netlink`
`github.com/google/cadvisor`
- `github.com/euank/go-kmsg-parser`
`github.com/json-iterator/go`
Fixed https://github.com/kubernetes/kubernetes/issues/51832
```release-note
Fix journalctl leak on kubelet restart
Fix container memory rss
Add hugepages monitoring support
Fix incorrect CPU usage metrics with 4.7 kernel
Add tmpfs monitoring support
```
Kubernetes-commit: 99aa992ce845fe947a406ac4d3f99d2208f0416b
Automatic merge from submit-queue
Add client side event spam filtering
**What this PR does / why we need it**:
Add client side event spam filtering to stop excessive traffic to api-server from internal cluster components.
this pr defines a per source+object event budget of 25 burst with refill of 1 every 5 minutes.
i tested this pr on the following scenarios:
**Scenario 1: Node with 50 crash-looping pods**
```
$ create 50 crash-looping pods on a single node
$ kubectl run bad --image=busybox --replicas=50 --command -- derekisbad
```
Before:
* POST events with peak of 1.7 per second, long-tail: 0.2 per second
* PATCH events with peak of 5 per second, long-tail: 5 per second
After:
* POST events with peak of 1.7 per second, long-tail: 0.2 per second
* PATCH events with peak of 3.6 per second, long-tail: 0.2 per second
Observation:
* https://github.com/kubernetes/kubernetes/pull/47462 capped the number of total events in the long-tail as expected, but did nothing to improve total spam of master.
**Scenario 2: replication controller limited by quota**
```
$ kubectl create quota my-quota --hard=pods=1
$ kubectl run nginx --image=nginx --replicas=50
```
Before:
* POST events not relevant as aggregation worked well here.
* PATCH events with peak and long-tail of 13.6 per second
After:
* POST events not relevant as aggregation worked well here.
* PATCH events with peak: .35 per second, and long-tail of 0
**Which issue this PR fixes**
fixes https://github.com/kubernetes/kubernetes/issues/47366
**Special notes for your reviewer**:
this was a significant problem in a kube 1.5 cluster we are running where events were co-located in a single etcd. this cluster was normal to have larger numbers of unhealty pods as well as denial by quota.
**Release note**:
```release-note
add support for client-side spam filtering of events
```
Kubernetes-commit: 870406bec5b6e071c3854298bd357629b2939f7c
Automatic merge from submit-queue (batch tested with PRs 51805, 51725, 50925, 51474, 51638)
Allow custom client verbs to be generated using client-gen
This change will allow to define custom verbs for resources using the following new tag:
```
// +genclient:method=Foo,verb=create,subresource=foo,input=Bar,output=k8s.io/pkg/api.Blah
```
This will generate client method `Foo(bar *Bar) (*api.Blah, error)` (format depends on the particular verb type)
With this change we can add `UpdateScale()` and `GetScale()` into all scalable resources. Note that intention of this PR is not to fix the Scale(), but that is used as an example of this new capability.
Additionally this will also allow us to get rid of `// +genclient:noStatus` and fix guessing of the "updateStatus" subresource presence based on the existence of '.Status' field.
Basically you will have to add following into all types you want to generate `UpdateStatus()` for:
```
// +genclient:method=UpdateStatus,verb=update,subresource=status
```
This allows further extension of the client without writing an expansion (which proved to be pain to maintain and copy...). Also allows to customize native CRUD methods if needed (input/output types).
```release-note
NONE
```
Kubernetes-commit: bee221cca98f1ebf0d46e18d58ecd309bf4f6199
Test-only directories seem to confuse go-build and make it fail. We do this as
a smoke test in the github publishing bot.
Kubernetes-commit: 48cba8a44f94d70cf2ff0ed4fb765c84da8519a6
Automatic merge from submit-queue
Fixes kubernetes/kubernetes#29271: accept prefixed namespaces
**What this PR does / why we need it**: `kubectl get namespaces -o name` outputs the names of all namespaces, prefixed with `namespaces/`. This changeset allows these namespace names to be passed directly back in to `kubectl` via the `-n` flag without reprocessing them to remove `namespaces/`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29271
**Special notes for your reviewer**:
**Release note**:
```NONE
```
Kubernetes-commit: ab27bc9e6e020fc475b4872a6c049ac7fe91edbb
Automatic merge from submit-queue (batch tested with PRs 51301, 50497, 50112, 48184, 50993)
Introduce new flag "--include-uninitialized" to kubectl
**What this PR does / why we need it**:
Introduce `--include-uninitialized` as a global flag to kubectl
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#49035
**Special notes for your reviewer**:
/assign @caesarxuchao @smarterclayton @ahmetb @deads2k
**Release note**:
```release-note
Add flag "--include-uninitialized" to kubectl annotate, apply, edit-last-applied, delete, describe, edit, get, label, set. "--include-uninitialized=true" makes kubectl commands apply to uninitialized objects, which by default are ignored if the names of the objects are not provided. "--all" also makes kubectl commands apply to uninitialized objects. Please see the [initializer](https://kubernetes.io/docs/admin/extensible-admission-controllers/) doc for more details.
```
Kubernetes-commit: 5c0b265a9bd7213749460ec44da30571adafdb27
Automatic merge from submit-queue (batch tested with PRs 51335, 51364, 51130, 48075, 50920)
Add the possibility to set return values for the FakeDiscovery implementation
**What this PR does / why we need it**:
As an user of the fake clientset (with the fake discovery), I want to be able to set the fake server's version on demand like this for example:
```go
func TestFakingServerVersion(t *testing.T) {
client := fakeclientset.NewSimpleClientset()
fakeDiscovery, ok := client.Discovery().(*fakediscovery.FakeDiscovery)
if !ok {
t.Fatalf("couldn't convert Discovery() to *FakeDiscovery")
}
testGitCommit := "v1.0.0"
fakeDiscovery.FakedServerVersion = &version.Info{
GitCommit: testGitCommit,
}
sv, err := client.Discovery().ServerVersion()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if sv.GitCommit != testGitCommit {
t.Fatalf("unexpected faked discovery return value: %q", sv.GitCommit)
}
}
```
This PR makes that possible, in wait for a more sophisticated FakeDiscovery implementation generally.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: 94d9457e4e4786b735c5be1224f831c6010691b5
Add a feature gate in the apiserver to control whether paging can be
used. Add controls to the storage factory that allow it to be disabled
per resource. Use a JSON encoded continuation token that can be
versioned. Create a 410 error if the continuation token is expired.
Adds GetContinue() to ListMeta.
Kubernetes-commit: 8952a0cb722b77459cf2701632a30f5b264f5aba
Automatic merge from submit-queue (batch tested with PRs 45724, 48051, 46444, 51056, 51605)
Add selfsubjectrulesreview in authorization
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#47834#31292
**Special notes for your reviewer**:
**Release note**:
```release-note
Add selfsubjectrulesreview API for allowing users to query which permissions they have in a given namespace.
```
/cc @deads2k @liggitt
Kubernetes-commit: c84b3132a2f1c784447ed6f405be9fe9a601d423
Automatic merge from submit-queue
Use json-iterator instead of ugorji for JSON.
@smarterclayton @wojtek-t
Fixes#36120
xref #18762
```release-note
Switch JSON marshal/unmarshal to json-iterator library. Performance should be close to previous with no generated code.
```
Kubernetes-commit: 6a845c67f097cd76f9d90ab3c9c5b5603c70afe4
Automatic merge from submit-queue (batch tested with PRs 50719, 51216, 50212, 51408, 51381)
Surface reasonable error when connection closed
Try to detect connection closure when API server closed the connection due to timeout.
Surface reasonable error when connection closed.
Further improvement may be retrying when detect connection closure
related to #51353
```release-note
Surface reasonable error when client detects connection closed.
```
/assign @mml @caesarxuchao
Kubernetes-commit: 1a3a0713b218566be951fabd5d87184c2e240329
Automatic merge from submit-queue (batch tested with PRs 51480, 49616, 50123, 50846, 50404)
Kubectl to use http caching to cache openapi responses from the server
**What this PR does / why we need it**:
This PR is trying to address the problems raised in #50254
> * uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
> * writes get/list responses to disk that should not be cached (like kubectl get secrets)
> * is vulnerable to partially written cache responses being used as responses to future requests
> * breaks uses of the client transport that make use of websockets
> * defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl
All of these points are addressed by this pull-request:
1. It now uses atomic fs operations
2. Doesn't cache by default, only if requested by the client (and it's only done by openapi client)
3. Fixed because of atomic fs operations
4. Found the reason for the bug: Cache wrapper couldn't be unwrapped. I implemented the `WrappedRoundTripper` interface.
5. Since 2. is fixed, I think that should be fine
@smarterclayton @liggitt
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50254
**Special notes for your reviewer**:
**Release note**:
```release-note
Allows kubectl to use http caching mechanism for the OpenAPI schema. The cache directory can be configured through `--cache-dir` command line flag to kubectl. If set to empty string, caching will be disabled.
```
Kubernetes-commit: 0f2c2bd847ca7a66035b2289e83359ef4c923617
Automatic merge from submit-queue
client-go: Make conditionalTransport a WrapperRoundTripper
**What this PR does / why we need it**:
Fixes broken GKE test: https://k8s-gubernator.appspot.com/builds/kubernetes-jenkins/logs/ci-kubernetes-e2e-gke/
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a9cceacdaea72d505d8827521f70123c8c2bbd73
Automatic merge from submit-queue (batch tested with PRs 51134, 51122, 50562, 50971, 51327)
Call the right cleanup function
**What this PR does / why we need it**:
`defer cleanup()` will always call the function that was returned by the first call to `r.resyncChan()` but it should call the one returned by the last call.
**Special notes for your reviewer**:
This will print `c1`, not `c2`. See https://play.golang.org/p/FDjDbUxOvI
```go
func main() {
var c func()
c = c1
defer c()
c = c2
}
func c1 () {
fmt.Println("c1")
}
func c2 () {
fmt.Println("c2")
}
```
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: ccae631ff9d82e302631fc7f1965a09c4e1e9f56
Automatic merge from submit-queue (batch tested with PRs 51193, 51154, 42689, 51189, 51200)
Bumped gRPC version to 1.3.0
**What this PR does / why we need it**:
This PR bumps down the version of the vendored version of gRPC from v1.5.1 to v1.3.0
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Which issue this PR fixes**: fixes#51099
Which was caused by my previous PR updating to 1.5.1
**Special notes for your reviewer**:
@vishh @jiayingz @shyamjvs
**Release note**:
```
Bumped gRPC to v1.3.0
```
Kubernetes-commit: 5fb38a325efb343c2a0467a12732829bd5ed3c3c
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
Updated gRPC vendoring to support Keep Alive
**What this PR does / why we need it**:
This PR bumps the version of the vendored version of gRPC from v1.0.4 to v1.5.1
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Special notes for your reviewer**:
@vishh @jiayingz
**Release note**:
```
Bumped gRPC from v1.0.4 to v1.5.1
```
Kubernetes-commit: 967c19df4916160d4d4fbd9a65bad41a53992de8
Automatic merge from submit-queue (batch tested with PRs 50693, 50831, 47506, 49119, 50871)
Added lister expansions for DaemonSet, Deployment, ReplicaSet, and StatefulSet for apps/v1beta2
**What this PR does / why we need it**:
This PR copies list expansions for `DaemonSet`, `Deployment`, `ReplicaSet`, and `StatefulSet` to `apps/v1beta2` from `extensions/v1beta1` and `apps/v1beta1`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50870.
**Special notes for your reviewer**:
@kow3ns @janetkuo
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5c03d3759d7a9065b0b67b1cfb4bc8ee095cd639
Automatic merge from submit-queue (batch tested with PRs 47896, 50678, 50620, 50631, 51005)
kubeadm: Adds dry-run support for kubeadm using the `--dry-run` option
**What this PR does / why we need it**:
Adds dry-run support to kubeadm by creating a fake clientset that can get totally fake values (like in the init case), or delegate GETs/LISTs to a real API server but discard all edits like POST/PUT/PATCH/DELETE
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes: https://github.com/kubernetes/kubeadm/issues/389
**Special notes for your reviewer**:
This PR depends on https://github.com/kubernetes/kubernetes/pull/50626, first three commits are from there
This PR is a dependency for https://github.com/kubernetes/kubernetes/pull/48899 (kubeadm upgrades)
I have some small things to fixup and I'll yet write unit tests, but PTAL if you think this is going in the right direction
**Release note**:
```release-note
kubeadm: Adds dry-run support for kubeadm using the `--dry-run` option
```
cc @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: d852b8aad9397f530967b2b310a87966eb8b7e87
Automatic merge from submit-queue (batch tested with PRs 46512, 50146)
Make metav1.(Micro)?Time functions take pointers
Is there any reason for those functions not to be on pointers?
Kubernetes-commit: b59ad9cbfff866093a6c0ee26c3562e9ec9133e4
Automatic merge from submit-queue (batch tested with PRs 50563, 50698, 50796)
Add ControllerRevision to apps/v1beta2
**What this PR does / why we need it**:
This PR added `ControllerRevision` currently in `apps/v1beta1` to `apps/v1beta2`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50696.
**Special notes for your reviewer**:
@kow3ns @janetkuo
**Release note**:
```release-note
Add ControllerRevision to apps/v1beta2
```
Kubernetes-commit: 9d302ecffae53962d012659ef048c11b37de0ee6
Automatic merge from submit-queue
Promote CronJobs to batch/v1beta1 - just the API
This PR promotes CronJobs to beta.
@erictune @kubernetes/sig-apps-api-reviews @kubernetes/api-approvers ptal
This builds on top of #41890 and needs #40932 as well
```release-note
Promote CronJobs to batch/v1beta1.
```
Kubernetes-commit: 4032896ef17dd8346b597c38ba66e0d9eb1547a3
Automatic merge from submit-queue (batch tested with PRs 50711, 50742, 50204)
Move List (the type) into metav1 but preserve the exposed type
Make a list something that other components can use without depending on the core API. This does not change the public API exposure of `List` (it is still in `v1`) but makes the interface common across both.
Kubernetes-commit: 49ed2a3115d33a78291c92b3ffda5acbe59e6d4a
Automatic merge from submit-queue (batch tested with PRs 50023, 50639)
Extend SetHeader Requests method ito accept multiple values
This allows to set headers that are multivalued directly.
The headers variable is not directly accessible and currently
SetHeaders allows to set only one value.
```release-note
NONE
```
Kubernetes-commit: 039f898c07a643d6ef244fcb65daff5a53de41c8
Automatic merge from submit-queue
move retry to client-go
Move `k8s.io/kubernetes/pkg/client/retry` to `k8s.io/client-go/util/retry`.
Part of a series of PRs to address kubernetes/community#598
```release-note
NONE
```
Kubernetes-commit: 37ab30f24ccac3105c4570e865e11ddc3ddcb1c9
This allows to set headers that are multivalued directly.
The headers variable is not directly accessible and currently
SetHeaders allows to set only one value.
Signed-off-by: Simo Sorce <simo@redhat.com>
Kubernetes-commit: 1f44ccd01c9cea7870a4018b29fa8eabe58a90f6
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Fix conflict about getPortByIp
**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#43909
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a7ce691311f5462cf71d79a1f9431605198803af
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)
Manage BUILD files using gazelle + kazel
**What this PR does / why we need it**: uses the upstream `gazelle` tool to manage go rules in BUILD files.
This is needed to support Bazel builds on Mac OS and Bazel cross compilation in general.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47558
**Special notes for your reviewer**:
It's probably easiest to review this commit-by-commit:
* bump to latest `rules_go` (for recent `cgo_library` and `gazelle` improvements)
* update `kazel` with recent compatibility fixes (https://github.com/kubernetes/repo-infra/pull/28, https://github.com/kubernetes/repo-infra/pull/27), update `hack` scripts to download/build `gazelle`, and then run both `gazelle` and `kazel`. (Additionally make `gazelle` skip things it shouldn't touch.)
* run `hack/update-bazel.sh` to autogenerate everything
* remove the old `cgo_genrule` rules - these are now part of `go_library`
* remove the `automanaged` tags from all go rules - `gazelle` doesn't use them, and it prevents an old version of `kazel/gazel` from messing with the rules
* remove the `licenses()` rules from everywhere but `third_party/` - we don't need them, and `gazelle` won't add them on new `BUILD` files it generates.
**Release note**:
```release-note
NONE
```
for review:
/assign @mikedanese @spxtr
for approval:
/assign @thockin
Kubernetes-commit: 941ad0164d44cfcf96dd6efbb491e2222a3a23d3
Automatic merge from submit-queue
Add a heap to client-go. Heap orders items with heap invariant ordering.
**What this PR does / why we need it**:
Heap is useful in implementing priority queues. Some components may need such ordering to process their highest priority objects first. Scheduler is going to be the first user of the heap. It will store pending pods ordered by their priority, so that the highest priority pods are popped first to be scheduled.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
ref/ #47604
ref/ #48646
@kubernetes/api-reviewers @kubernetes/sig-scheduling-pr-reviews @davidopp
/assign @caesarxuchao
Kubernetes-commit: 868fef189c8de9fcb61039f064fe0a02a3b06198
Automatic merge from submit-queue (batch tested with PRs 50386, 50374, 50444, 50382)
jsonpath: fix comments
Minor fix to the comments. And avoid a named return value.
**Release note**:
```release-note
NONE
```
/cc @sttts
Kubernetes-commit: 52b82eda20eef088dcdc9a5069d17d21e59e48ce
Automatic merge from submit-queue (batch tested with PRs 49642, 50335, 50390, 49283, 46582)
Add rbac.authorization.k8s.io/v1
xref https://github.com/kubernetes/features/issues/2
Promotes the rbac.authorization.k8s.io/v1beta1 API to v1 with no changes
```release-note
The `rbac.authorization.k8s.io/v1beta1` API has been promoted to `rbac.authorization.k8s.io/v1` with no changes.
The `rbac.authorization.k8s.io/v1alpha1` version is deprecated and will be removed in a future release.
```
Kubernetes-commit: 85e2e5dd9a21688af0196e715e7494f18cf71b21
Automatic merge from submit-queue
complete and correct code comment
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Kubernetes-commit: b80ce17b402db2a413e1d8eac9f6e652b394bec5
Automatic merge from submit-queue (batch tested with PRs 50254, 50174, 50179)
Revert "Merge pull request #47353 from apelisse/http-cache"
Some issues were discovered with the caching merged in #47353:
* uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
* writes get/list responses to disk that should not be cached (like `kubectl get secrets`)
* is vulnerable to partially written cache responses being used as responses to future requests
* breaks uses of the client transport that make use of websockets
* defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl
This reverts commit fc89743dca6b563063b74728c3b28100cf674d9d, reversing changes made to 29ab38e898988c36e2de34f77fa33be556eb21bd.
Kubernetes-commit: 187e6ab0bc35f696d8f5f574fab9aa457f253d34
This reverts commit fc89743dca6b563063b74728c3b28100cf674d9d, reversing
changes made to 29ab38e898988c36e2de34f77fa33be556eb21bd.
Kubernetes-commit: 4ee72eb300423772020dd1cf208159058ba7dab5
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
plugin/pkg/client/auth: add openstack auth provider
This is an implementation of auth provider for OpenStack world, just like python-openstackclient, we read the environment variables of a list `OS_*`, and client will cache a token to interact with each components, we can do the same here, the client side can cache a token locally at the first time, and rotate automatically when it expires.
This requires an implementation of token authenticator at server side, refer:
1. [made by me] https://github.com/kubernetes/kubernetes/pull/25536, I can carry this on when it is fine to go.
2. [made by @kfox1111] https://github.com/kubernetes/kubernetes/pull/25391
The reason why I want to add this is due to the `client-side` nature, it will be confusing to implement it downstream, we would like to add this support here, and customers can get `kubectl` like they usually do(`brew install kubernetes-cli`), and it will just work.
When this is done, we can deprecate the password keystone authenticator as the following reasons:
1. as mentioned at some other places, the `domain` is another parameters which should be provided.
2. in case the user supplies `apikey` and `secrets`, we might want to fill the `UserInfo` with the real name which is not implemented for now.
cc @erictune @liggitt
```
add openstack auth provider
```
Kubernetes-commit: 59b8fa32f129be29f146bfd4888a5d1ab7e71ca5
Automatic merge from submit-queue (batch tested with PRs 49370, 49481)
client-gen: stop embedding of GroupVersion client intfs
It is undefined (or at least uncontrollable) which methods of the clientset apigroup
interfaces are actually inherited. Moreover, there might be nameconflicts between the
accessors and inherited methods. This PR removes the embedding to make it unambiguous.
```release-note
Enforce explicit references to API group client interfaces in clientsets to avoid ambiguity.
```
Kubernetes-commit: 979c86f3ddff4402937eef595b8bb02672e67687
Automatic merge from submit-queue
Timeout and Max-in-flight don't report non-resource URLs correctly.
Unify error reporting for 429 and 504 to be correct for timeout and max in flight and eviction. Add better messages to eviction (removing a todo). Return the correct body content for timeouts (reason and code should be correct).
This potentially increases cardinality of 429, but because non-api urls may be under the max-inflight budget we need to report them somewhere (if something breaks and starts fetching API versions endlessly).
```release-note
The 504 timeout error was returning a JSON error body that indicated it was a 500. The body contents now correctly report a 500 error.
```
Kubernetes-commit: 8d6bbaa85f96f14ac9c9722ed1677e1052c974ba
Automatic merge from submit-queue
go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching
**What this PR does / why we need it**: Use HTTP ETag for caching Swagger spec download
This also adds a new command-line flag "cachedir" to specify where the cache should keep its file. It defaults to `$HOME/.kube/http-cache`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
Because this adds a bunch of dependencies, and removes a couple of files, I do recommend reading each commit individually.
**Release note**:
```release-note
```
Kubernetes-commit: fc89743dca6b563063b74728c3b28100cf674d9d
All of these errors are now part of the standard HTTP method. Formalize
those into our error types and remove duplication and unclear
separation.
Kubernetes-commit: d3be1ac92eb644e284915a55fe67942c33f88d4c
Add a new command-line cachedir flag to specify where to store the http
cache responses. This cache will only be used for OpenAPI Swagger spec
for now (as this is the only end-point that returns an ETag).
Kubernetes-commit: d7bba25d4a42f346f1963c86fc0dab43aa4f242e
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547)
Move remaining cert helper functions from pkg/serviceaccount to client-go/util/cert
**What this PR does / why we need it**:
Unifies all remaining certificate helper functions from pkh/serviceaccount to client-go/util/cert. Private key functions were moved in #40907
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40807
**Special notes for your reviewer**:
**Release note**:
Kubernetes-commit: 34e9c6fa5d8e9145c2201dc87f98e89dcbb4cf93
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Run kazel on the entire tree
**What this PR does / why we need it**: part of #47558: auto-generate `BUILD` files on the entire tree, since this is what `gazelle` does, and it'll make subsequent reviews easier if less is changing.
**Release note**:
```release-note
NONE
```
/assign
/release-note-none
Kubernetes-commit: d15baf69e10f3eddd59da2f6972a723a08e7dac7
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
Kubernetes-commit: aac4d5382d8ea632360a08369f5adfdebce7c2c3
Automatic merge from submit-queue
Switch from package syscall to golang.org/x/sys/unix
**What this PR does / why we need it**:
The syscall package is locked down and the comment in https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 advises to switch code to use the corresponding package from golang.org/x/sys. This PR does so and replaces usage of package syscall with package golang.org/x/sys/unix where applicable. This will also allow to get updates and fixes
without having to use a new go version.
In order to get the latest functionality, golang.org/x/sys/ is re-vendored. This also allows to use Eventfd() from this package instead of calling the eventfd() C function.
**Special notes for your reviewer**:
This follows previous works in other Go projects, see e.g. moby/moby#33399, cilium/cilium#588
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5d24a2c19923d6da46110b827619f4b21cf689ac
Automatic merge from submit-queue
Fix comment of request.go
**What this PR does / why we need it**:
Fix comment of request.go
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: bfdccbae83e89b7efcace8e8987143668a953bba
Automatic merge from submit-queue
client-gen: don't ignore nil clientsets
Closes https://github.com/kubernetes/client-go/issues/240
When a clientset is nil, fail fast instead of returning a nil value as an interface.
/cc @kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: 98ba03f544a271cbd5d2f567c5c90b93098be719
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045)
Improve shared informer notification dispatching
**What this PR does / why we need it**:
Locks and channels don't play well together. This is an attempt to remove locks and only use channels in shared informer. It looks much cleaner to me.
**Release note**:
```release-note
NONE
```
@deads2k @ncdc
Kubernetes-commit: 9e85c3cc74d6159b9d0a5a847742447478db83a9
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
Update generated deepcopy code
**What this PR does / why we need it**:
In generated deepcopy code, the method names in comments do not match the real method names.
**Which issue this PR fixes**: fixes#49755
**Special notes for your reviewer**:
/assign @sttts @caesarxuchao
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 84e0326eb1f108f0d7aa2e9e48fb0c4a8edb4bd5
This introduces fake implementations of dynamic.Client and
dynamic.ClientPool. They function similarly to the fake generated
clientsets, since they're also based in testing.Fake.
Kubernetes-commit: 3e6bf24e08645512a7b40d91bd61f0f2ea175026
This adds an interface form of dynamic.Client and
dynamic.ResourceClient, making those two follow the general client
conventions: `Interface` is an interface, and `Client` is the concrete
implementation. `ClientPool` retains it's interface status.
This allows us to create a fake implemenation of dyanmic.Interface,
dynamic.ResourceInterface, and dynamic.ClientPool for testing.
Kubernetes-commit: f78d61e7c263392f31560b90c08c57765ceae482
github.com/davecgh/go-spew/spew is set to the newest version, a bit
newer than required by testify. Updated from version 6 Nov 2015 to
27 Jun 2017.
github.com/stretchr/objx is not updated - testify uses version
from 27 May 2014 which is older than 28 Sep 2015 used now (latest
actually). In practice there is only a tiny difference - one method was
removed in new version.
Kubernetes-commit: de29d11bfe98fdd0dccd644b55bbe9759e89038d
All callers must use VersionedParameters, which no longer has special
behavior for Kube resources.
Kubernetes-commit: 112e0fa9da069d147fffe5bd0638ebce4a9bba42
Currently, client-go requires that an IPv6 address string for hostname has
square brackets surrounding, so that it can be used with address:port in
an API request.
This change, removes that requirement, and has getListener() add the
square brackets for IPv6 addresses for hosts. If IPv4 or hostname, the name
will not be modified.
Decided to change here, rather than everywhere client-go is used (thinking
that there may be places where we DON'T want the square brackets applied).
This issue was found in kubelet, which, at startup, creates a listener for
services and nodes. If an IPv6 address is used, the URI was malformed.
Kubernetes-commit: e17a501bcb7a3d2c5f4ff5c41f122fe155395dcd
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- bprashanth
- rjnagal
- vmarmol
Kubernetes-commit: c201553f2776ac401549d561485f9a5cb4841ae8
In jsonpath, when filtering a list, if allowMissingKeys is true, skip
over any items that are missing an intermediate key in the filter,
instead of returning a confusing error.
For example, if the filter is
{.items[?(@.metadata.annotations.foo=="bar")].metadata.name}
we should return all items where metadata.annotations.foo == bar, but if
an item in the list does not have metadata, metadata.annotations, or
metadata.annotations.foo, skip it instead of erroring.
Kubernetes-commit: e6f97d514d83fc2614d1ad4e18de0b318cc81653
Refactor the code in remotecommand to better represent the structure of
what is common between portforward and exec.
Kubernetes-commit: 12c7874c0d88e9099ab2a29915d26751f0d23c2a
Remove custom-resources directory from client-go
Add TPR example back
Mention CRD is successor to TPR
Kubernetes-commit: bfa9ce4308ca897711eb1b822bd5f0e31bbef31d
This reverts commit b5eadb5d6b9ce34a673caeafe4fa0971c4b91139, reversing
changes made to 1889d654f5c76fcc6ce14c6d3702c06a6498695d.
Kubernetes-commit: b6e08ec39dde2a6f3c24648aa8867c6aee9853cb
Specific use case is when utilizing multiple
gcp accounts, the user may provide credentials
for the wrong account.
This change ensures the incorrect credentials
are not cached in auth config, and logs an
appropriate message.
Kubernetes-commit: b92016769e30c541479e81d40dd3584e2f5aa822
Also add authenticate- prefix to auth samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: 62d1251874cb259d38d727300ac4b2646c4122c8
This plugin acquires a fresh access token for apiserver from Azure Active
Directory using the device code flow. The access token is saved in the
configuration in order to be reused for upcomming accesses to appiserver.
In additon the access token is automatically refreshed when expired.
Kubernetes-commit: 682d5ec01f37c65117b2496865cc9bf0cd9e0902
This PR adds two features:
1. add support for isolating the emptyDir volume use. If user
sets a size limit for emptyDir volume, kubelet's eviction manager
monitors its usage
and evict the pod if the usage exceeds the limit.
2. add support for isolating the local storage for container overlay. If
the container's overly usage exceeds the limit defined in container
spec, eviction manager will evict the pod.
Kubernetes-commit: 0b13aee0c0f9bd06eb323ea249db29547b66bc46
An annotation in the pod spec of the form:
podpreset.admission.kubernetes.io/exclude: "true"
Will cause the admission controller to skip manipulating the pod spec,
no matter the labelling.
The annotation for a podpreset acting on a pod has also been slightly
modified to contain a podpreset prefix:
podpreset.admission.kubernetes.io/podpreset-{name} = resource version
Fixes#44161
Kubernetes-commit: 08a59530e196ab9b30d306fb0fac5979b07298a1
This commit updates the generated autoscaling files to be up-to-date
with the HPA status condition changes.
Kubernetes-commit: c8fdeb022fbd11c3ac5333a772192a0d4f8213bb
Adding instructions for out-of-cluster example and making it work without
specifying the -kubeconfig argument if the home directory can be inferred.
This is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: e59f05fe0ee6980c4bdaae76f5a77ef884bd2da1
This sample adds sample code for create/list/replace/delete operations for
Deployment resource for client-go library. This patch also contains
documentation explaining what the example application does and how it can be
executed.
This patch is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: d75710f9f4d2e74979f6da07de31b02fae0392b0
This commit regenerates the protobuf as per the recent generation
changes (removing erroneous imports, adding k8s.io/metrics), and
syncs the changes to client-go (which also ensures that client-go
protobuf IDL has the correct package names).
Kubernetes-commit: 8d03536d00b354aa299bf7359e482009146bf0da
This changes the event aggregation behavior so that, when multiple events are
deduplicated, the aggregated event includes the message of the latest related
event.
This fixes an issue where the original event expires due to TTL, and the
aggregate event doesn't contain any useful message.
Kubernetes-commit: 6ada269d8f199b02dd5852f1545746a14f58f4eb
Before this change, if the config was empty, ConfirmUsable() would
return an "invalid configuration" error instead of examining and
honoring the value of the --namespace flag. This change looks at the
overrides first, and returns the overridden value if it exists before
attempting to check if the config is usable. This is most applicable to
in-cluster clients, where they don't have a kubeconfig but they do have
a token and can use KUBERNETES_SERVICE_HOST/_PORT.
Kubernetes-commit: 23e32b100fb9745b70203c30716697bd03926313
Created OWNERS_ALIASES called sig-apps-reviewers from the union of reviewers in:
pkg/controller/{cronjob,deployment,daemon,job,replicaset,statefulset}/OWNERS
except removed inactive user bprashanth
Created OWNERS_ALIASES called sig-apps-api-reviewers as the intersection
of sig-apps-reviewers and the approvers from pkg/api/OWNERS.
Used those OWNERS_ALIASES as the reviewers/approvers for the disruption controller,
and API.
Kubernetes-commit: b17e3c14ebbdb66eacbf0bc4ae8d737df8e06869
This PR attempts to simplify the OpenID Connect client plugin to
reduce round trips. The steps taken by the client are now:
* If ID Token isn't expired:
* Do nothing.
* If ID Token is expired:
* Query /.well-known discovery URL to find token_endpoint.
* Use an OAuth2 client and refresh token to request new ID token.
This avoids the previous pattern of always initializing a client,
which would hit the /.well-known endpoint several times.
The client no longer does token validation since the server already
does this. As a result, this code no longer imports
github.com/coreos/go-oidc, instead just using golang.org/x/oauth2
for refreshing.
Kubernetes-commit: 6915f857574505a2cd2072c32d9d6da66ce6f55a
Since NewSchemeBuilder registers the supplied Scheme transformation
functions synchronously, there's no need for a subsequent call
to (*SchemeBuilder).Register against the same instance.
Kubernetes-commit: 3a8e44bda80f74d674bf2df0b87cb4562a3587a0
Remove kubectl's dependence on pkg/api/helper, as part of
broader effort to isolate kubectl from the rest of k8s.
In this case, the code becomes private to kubectl; nobody else uses it.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5a9b06b717805ad47da1edda6018fea107ac4ce9
The alpha field podManagementPolicy defines how pods are created,
deleted, and replaced. The new `Parallel` policy will replace pods
as fast as possible, not waiting for the pod to be `Ready` or providing
an order. This allows for advanced clustered software to take advantage
of rapid changes in scale.
Kubernetes-commit: 2861ae5eb986a059c69e812513c272566c346710
This patch adds instructions for how to run the in-cluster client-go example.
To make this example executable, providing a Dockerfile and build steps so
that it can directly be run on minikube.
This is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: 8604ed6d9906ebfb33206b55467db41c87e9f148
Allows an informer consumer to easily filter a set of changes out,
possibly to maintain a smaller cache or to only operate on a known set
of objects.
Kubernetes-commit: 5439cfd24571a1727aacf741d3ab8bd33f974cab
client-go/pkt/util was removed in favor of client-go util, which consists
only from CodeExitError and ExitError interface
Kubernetes-commit: 8574bc564f4c54aa964d6c0c7ccec3202d9e2f1b
Module remotecommand originally part of kubernetes/pkg/client/unversioned was moved
to client-go/tools, and will be used as authoritative in kubectl, e2e and other places.
Module remotecommand relies on util/exec module which will be copied to client-go/pkg/util
Kubernetes-commit: 2612e0c78ad18ac87bbd200d547100cf99f36089
The usecase of this change:
When a super user grant some RBAC permissions to a group, he can use
--as-group to test whether the group get the permissions.
Note that now we support as-groups, as-user-extra in kubeconfig file
after this change.
Kubernetes-commit: e541defd49d01024d17dddf8e966eba2c46a6db0
The dynamic client uses NotRegisteredErr to fall back to core v1 if ListOptions is not known
in the given GV. This commit fixes the case that ListOptions is known in some group, but not
in the given one.
Kubernetes-commit: 2ece9e4dec483c9712d09dc7c1fd5be1fe68ea62
Added directxman12 (current SIG lead of SIG-autoscaling) as a reviewer
for pkg/apis/autoscaling.
Kubernetes-commit: b6256e1f3f6f6dbf6f600bc3b958508f09d9e383
TypeMeta is embedded in all these types and TypeMeta has GetObjectKind()
method to implement the runtime.Object interface.
Kubernetes-commit: 47b410f58b4f00c010a2238d4faff44d16582315
Add support for following redirects to the SpdyRoundTripper. This is
necessary for clients using it directly (e.g. the apiserver talking
directly to the kubelet) because the CRI streaming server issues a
redirect for streaming requests.
Also extract common logic for following redirects.
Kubernetes-commit: 715d5d9c91c669cf33c0bf9a9c9d352c6c4228a6
Demonstrates how to compose a controller out of cache.Controller,
cache.Indexer and a workqueue.
Kubernetes-commit: b39b3ba01675828c13bc0dea67d5114b4c225644
The Job Listers still use selectors, because this is the
behavior expected by callers. This clarifies the meaning of the
returned list. Some callers may need to switch to using
GetControllerOf() instead, but that is a separate, case-by-case issue.
Kubernetes-commit: ad026026e0252469bab05f9adba4bb1b20a8f6a9
Create an alias group for sig-node
WaitForCacheSync method comment "contoller" is error word
Kubernetes-commit: 77cbdddb5907a81cb6bbd9b9234e2acfd4394004
**What this PR does / why we need it**:
The User-Agent reported by clients (e.g. kubectl) in request
headers should include the name of the client executable
but not the full path to that executable.
This PR changes how this name is determined by using the
operating-system specific package "path/filepath" (meant for
working with file system paths) instead of the "path" package
(meant for URL paths).
This fixes a problem on the Windows OS in the case where, if the
user has not set their PATH to point to the location of their
client executable, the User-Agent unnecessarily includes the
full path.
Fixes: #44419
Kubernetes-commit: 04f993250bc7a1aef0f2874d440ddb4bec1012c5
The exported or public functions requires a doc comment to pass golint.
This commit has changes of conversion generated code. The actual doc
changes are added into a separate commit for a clean review.
Kubernetes-commit: 08639023d027e0b69e3b3e5535b04148e084b1bd
Change validateClusterInfo to use clientcmdapi.NewCluster() instead of
clientcmdapi.Cluster{} when comparing against the passed in clusterInfo.
clusterInfo most likely will be a combination of
clientcmdapi.NewCluster() merged with potential overrides. This is
necessary because otherwise, the DeepEqual between what is supposed to
be an empty Cluster and clusterInfo will fail, resulting in an error
that doesn't allow fall-through to checking for in-cluster
configuration.
Kubernetes-commit: 266ba9ffdeeeeba8022ce94ae4e725d996c29363
Fixes#42203
ran documentation update scripts in hack folder
Signed-off-by: Chris Hupman <chupman@us.ibm.com>
Kubernetes-commit: dc4b8e3496791ca6e9f847007666baeb113da036
Nobody uses it; the one or two older users from 1.4/1.5 timeframe
were removed for 1.6. It's also poorly understood and the sole
example is in the testcases, and it's pretty incomplete.
If anyone really wants compression, they can revert this PR.
Kubernetes-commit: a56c8f50cb9b9bfdb92bc5f005a48f8df5afadb9
The DaemonSet Listers still use selectors, because this is the
behavior expected by callers. This clarifies the meaning of the
returned list. Some callers may need to switch to using
GetControllerOf() instead, but that is a separate, case-by-case issue.
Kubernetes-commit: c288f52d2f3a05c305c9e5fb54ca01374b84ffa3
The Deployment Listers still use selectors, because this is the
behavior expected by callers. This clarifies the meaning of the
returned list. Some callers may need to switch to using
GetControllerOf() instead, but that is a separate, case-by-case issue.
Kubernetes-commit: 57fb5e2bba0b55053973398fd8abb3371379c64f
Specific use case is GKE users running gcloud/kubectl on Windows
with a cloud sdk installation path containing spaces. Also improving
test coverage using trick borrowed from exec_test.go
Kubernetes-commit: 995ecfe84ea92d77cac2921babbbe03f7c2e4967
The StatefulSet Listers still use selectors, because this is the
behavior expected by callers. This clarifies the meaning of the
returned list. Some callers may need to switch to using
GetControllerOf() instead, but that is a separate, case-by-case issue.
Kubernetes-commit: 25d90cdaec71e38165742a0ebe37411bdd2e66e2
This commits implements the Kubernetes volume plugin allowing pods to seamlessly access and use data stored on ScaleIO volumes.
Kubernetes-commit: 915a54180deca06e6befd3bd6a3712b22fb88791
The RC/RS Listers still use selectors, because this is the behavior
expected by callers. This clarifies the meaning of the returned list.
Some callers may need to switch to using GetControllerOf() instead,
but that is a separate, case-by-case issue.
Kubernetes-commit: f54a5c9728a91336433ad190e4323b44b4de86a0
`glide get` has weird dependencies on the glide cache.
`glide install` just updates `glide.lock` but doesn't update /vendor.
`glide init` will detect dependencies from your current project,
making it dependent on the external files.
Just recommend users create a `glide.yaml` manually, then use
`glide update` to populate their /vendor directory. Technically you
could do a dance of `glide init` -> `glide get` -> `glide update`[0]
but this seems less error prone.
Additionally, provide instructions for users who want to use
different versions of packages than `client-go`, and add a note
about glide-vc.
[0] https://github.com/coreos/etcd/blob/v3.1.1/scripts/updatedep.sh
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated clientset.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated fake clientset.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
// Create takes the representation of a horizontalPodAutoscaler and creates it. Returns the server's representation of the horizontalPodAutoscaler, and an error, if there is any.
// Update takes the representation of a horizontalPodAutoscaler and updates it. Returns the server's representation of the horizontalPodAutoscaler, and an error, if there is any.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
// Create takes the representation of a certificateSigningRequest and creates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
// Update takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
// Create takes the representation of a componentStatus and creates it. Returns the server's representation of the componentStatus, and an error, if there is any.
// Update takes the representation of a componentStatus and updates it. Returns the server's representation of the componentStatus, and an error, if there is any.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// This package has the automatically generated typed clients.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This package is generated by client-gen with arguments: --clientset-name=release_1_4 --input=[api/v1,apps/v1alpha1,authentication/v1beta1,authorization/v1beta1,autoscaling/v1,batch/v1,certificates/v1alpha1,extensions/v1beta1,policy/v1alpha1,rbac/v1alpha1,storage/v1beta1]
// Package fake has the automatically generated clients.
// Create takes the representation of a limitRange and creates it. Returns the server's representation of the limitRange, and an error, if there is any.
// Update takes the representation of a limitRange and updates it. Returns the server's representation of the limitRange, and an error, if there is any.
// Create takes the representation of a persistentVolume and creates it. Returns the server's representation of the persistentVolume, and an error, if there is any.
// Update takes the representation of a persistentVolume and updates it. Returns the server's representation of the persistentVolume, and an error, if there is any.
// Create takes the representation of a persistentVolumeClaim and creates it. Returns the server's representation of the persistentVolumeClaim, and an error, if there is any.
// Update takes the representation of a persistentVolumeClaim and updates it. Returns the server's representation of the persistentVolumeClaim, and an error, if there is any.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
