Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use actual etcd client for /healthz/etcd checks
* avoids redialing etcd on every health check (which makes slow DNS a false-positive healthz failure)
* ensures etcd TLS setup is correct (errors verifying the etcd API or sending client credentials manifest as healthz failures)
* ensures the etcd cluster is actually responsive
fixes#64909
```release-note
Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API
```
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enhance leaderelection code
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Quiet verbose apiserver logs
In our production environments, these three lines accounted for ~10 logged lines per second at --v=2
Something that verbose per-request should be at a higher verbosity log level
/cc @eparis
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 64285, 63660, 63661, 63662, 64883). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix up legacy printer table adapter
As server-side printing is more widespread, downstream consumers will start leaning on this adapter to transform client-side printers to server-side printers.
This PR:
* Set the name format correctly on column 0
* Tolerates case-differences in the column 0 name (many old printers used NAME)
* Set ListMeta continue/resourceVersion/selfLink correctly when adapting a legacy printer
/cc @smarterclayton
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Report parsing error in json serializer
**What this PR does / why we need it**:
Fixes missing error reporting in json parsing using the json-iterator library. Also introduces a private copy of the library config to partially shield from external mutations. https://github.com/json-iterator/go/issues/265.
**Special notes for your reviewer**:
Found while working on refactoring in https://github.com/kubernetes/kubernetes/pull/63284.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
/cc wojtek-t liggitt
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cancellable leader election
**What this PR does / why we need it**:
Adds ability to cancel leader election. Useful in integration tests where the whole app is started and stopped in each test.
**Special notes for your reviewer**:
I used the `context` package - it is impossible/hard to achieve the same behaviour with just channels without spawning additional goroutines but it is trivial with `context`. See `acquire()` and `renew()` methods.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix CRD OpenAPI schema
fixes#65243
depends on https://github.com/kubernetes/kube-openapi/pull/84
without this PR, kubectl complains about creating this CRD with a validation schema (which worked in 1.10):
```yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: resources.mygroup.example.com
spec:
group: mygroup.example.com
version: v1alpha1
scope: Namespaced
names:
plural: resources
singular: resource
kind: Kind
listKind: KindList
validation:
openAPIV3Schema:
properties:
spec:
type: array
items:
type: number
```
> error: error validating "/Users/jliggitt/projects/snippets/crd/crd.yaml": error validating data: [ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): unknown field "type" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "Schema" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "JSONSchemas" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray]; if you choose to ignore these errors, turn validation off with --validate=false
that is because the types used to serialize JSONSchema require custom marshaling/unmarshaling, and the OpenAPI generator was not informed of that, so it produced this:
```json
{
"io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray": {
"description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.",
"required": [
"Schema",
"JSONSchemas"
],
"properties": {
"JSONSchemas": {
"type": "array",
"items": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
},
"Schema": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
}
}
}
```
OpenAPI isn't able to represent oneOf/anyOf types correctly currently. Until it can, we definitely shouldn't publish a schema containing required fields which aren't even part of the JSON serialization. This PR implements custom openapi type functions, which omit the properties/required/schema attributes for four specific JSONSchema types. This allows kubectl to continue creating these objects without complaining.
/sig api-machinery
/assign @sttts
```release-note
fixed incorrect OpenAPI schema for CustomResourceDefinition objects
```
Automatic merge from submit-queue (batch tested with PRs 58690, 64773, 64880, 64915, 64831). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: unify accessors to not deepcopy
The Get/SetOwnerReferences accessor funcs do deepcopies, in contrast to all other accessor funcs of metav1.ObjectMeta. For unstructured.Unstructured we naturally do deepcopies.
In other words: the interface does guarantee neither the first nor the second.
This PR documents this and remove the unneccessary deepcopy for owner references (which leads to huge heap allocation e.g. in the DaemonSet controller).
This is for post-1.11. **do not assign a milestone**.
```dev-release-note
The metav1.ObjectMeta accessor does not deepcopy owner references anymore. In general, the accessor interface does not enforce deepcopy nor does it forbid it (e.g. for unstructured.Unstructured).
```
Automatic merge from submit-queue (batch tested with PRs 64882, 64692, 64389, 60626, 64840). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[minor] apimachinery: remove note for quota serialization
Fixes#53503
We are way ahead of 1.5 now.
**Release note**:
```release-note
NONE
```
/cc sttts
Automatic merge from submit-queue (batch tested with PRs 64416, 63625, 60967, 64767, 64588). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Collapse memcached discovery client onto parallelized discovery method
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64688, 64451, 64504, 64506, 56358). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**What this PR does / why we need it**:
/kind cleanup
replace fmt.Sprintf(%s, i.Type()) with i.Type().String()
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63580, 63744, 64541, 64502, 64100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve unit tests for InstallPathHandler()
When adding InstallPathHandler it was suggested to follow-up with an improvement to the unit tests. deads2k suggested that the testing for InstallPathHandler() follow closer to what is already implemented for InstallHandler().
**What this PR does / why we need it**:
Increases the testing around new functionality InstallPathHandler
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64142, 64426, 62910, 63942, 64548). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove inaccurate comment about watch timeout
when watch timeout, the tcp connection does not close, it is reused for another new watch.
But this makes users misunderstanding.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64252, 64307, 64163, 64378, 64179). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Modify LoopbackHostPort() so it returns an IPv6 Loopback address when given [::]
Currently when LoopbackHostPort() is called with 0.0.0.0 and [::] it returns the first loopback
address returned from net.InterfaceAddrs() which is typically 127.0.0.1 (golang does not
specify an order that interfaces are returned). It would be more appropriate if when calling
LoopbackHostPort() with [::] that an IPv6 loopback address is returned, this prevents some cert.
generation failures.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CRD Test: Fix resource creation/deletion for multi-version CRDs
During CRD testing setup, a setup instance CRD is created and watched to make sure the watch cache is prime. The deletion watch event for this instance can result in test failure for any watch test as they expect exact watch events. Previous code did not take multiple versioned CRDs into account. This change will make sure we wait for deletion for all versions before continue with any test.
@sttts @liggitt
Fixes#64571
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: fix concurrent map access copying items' ObjectMeta in UnstructuredList
The list endpoint sets the self-link. If we do not create a (shallow) copy of ObjectMeta this will mutate the cached objects.
Background: native objects like PodList have a `Items []Pod` field which implicitly shallow-copies ObjectMeta. UnstructuredList only shallow-copies Unstructured, but shares all the JSON data including ObjectMeta, i.e. the Object pointer points to the value in the cache.
Fixes https://github.com/kubernetes/kubernetes/issues/59478
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.
If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.
A mutating admission controller webhook doesn't remove object fields
when instructed to.
E.g. when the JSON patch
[
{"op": "remove", "path": "/spec/containers/0/resources/limits/fpga-arria10"},
{"op": "add", "path": "/spec/containers/0/resources/limits/fpga-interface-id-524abcf", "value": 1}
]
is applied to this pod
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
in order to replace the resource name "fpga-arria10" with something understandable
by the device plugin the resulting pod spec still contains the old field plus
a new one. The resulting pod looks like
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
fpga-interface-id-524abcf: 1
The patch unmarshals patched JSON into a new empty object instead of
existing one. Otherwise JSON unmarshaling reuses existing maps, keeping
existing entries as specified in the "encoding/json" standard package.
