Automatic merge from submit-queue (batch tested with PRs 48576, 49010)
adding validations on kube-apiserver audit log options
**What this PR does / why we need it**:
The kube-apiserver does not check the validity of the following audit log options `--audit-log-maxage`, `--audit-log-maxage`, `--audit-log-maxage`. If these options are set to negative numbers, the kube-apiserver will not detect these invalid settings. This PR adds validations on these audit log options.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
`NONE`
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
Update two dependencies
**What this PR does / why we need it**:
github.com/stretchr/testify - main desired update. Old version has bugs. Specifically I encountered https://github.com/stretchr/testify/issues/347 which was fixed a year ago.
github.com/davecgh/go-spew/spew is set to the newest version, a bit
newer than required by testify. Updated from version 6 Nov 2015 to
27 Jun 2017.
github.com/stretchr/objx is not updated - testify uses version
from 27 May 2014 which is older than 28 Sep 2015 used now (latest
actually). In practice there is only a tiny difference - one method was
removed in new version.
**Release note**:
```release-note
NONE
```
/sig testing
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)
Fix typo in ExecCommandParam
**What this PR does / why we need it**: Makes ExecCommandParam look like all of the other "Param"s
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48494, 48733)
Never prevent deletion of resources as part of namespace lifecycle
Namespace lifecycle should not prevent deletion of resources... its purpose is to prevent creation of resources in a terminating namespace, or create/update of resources in a non-existent namespace.
Fixes#49027
Automatic merge from submit-queue
Remove old, core/v1 specific constructs from RESTClient
Now that metav1 is abstracted from the APIs, RESTClient should also be agnostic to the core API.
* Remove `LabelSelectorParam` and `FieldSelectorParam` - use `VersionedParams` with `ListOptions`
* Remove `UintParam`
* Remove all legacy field selector logic from `VersionedParams` - ParameterCodec now handles that
* Remove special parameters (like `timeout`) which is no longer set by most clients
Automatic merge from submit-queue
Log error when failed to renew lease.
**What this PR does / why we need it**:
Log detailed error when leaderelection can not renew release.
It would add a little bit help to find direct reason of failing renew lease
```
E0626 15:23:06.269198 46443 leaderelection.go:263] Failed to update lock: etcdserver: request timed out
E0626 15:23:07.528206 46443 leaderelection.go:263] Failed to update lock: Operation cannot be fulfilled on endpoints "kube-scheduler": the object has been modified; please apply yo
ur changes to the latest version and try again
E0626 15:23:07.528260 46443 event.go:259] Could not construct reference to: '&v1.Endpoints{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"", GenerateN
ame:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*
v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]str
ing(nil), ClusterName:""}, Subsets:[]v1.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'LeaderElection' 'gd6-k8s-noah-prod0
01-master-s0004 stopped leading'
I0626 15:23:07.528391 46443 leaderelection.go:208] failed to renew lease kube-system/kube-scheduler
F0626 15:23:07.528422 46443 server.go:134] lost master
```
github.com/davecgh/go-spew/spew is set to the newest version, a bit
newer than required by testify. Updated from version 6 Nov 2015 to
27 Jun 2017.
github.com/stretchr/objx is not updated - testify uses version
from 27 May 2014 which is older than 28 Sep 2015 used now (latest
actually). In practice there is only a tiny difference - one method was
removed in new version.
Automatic merge from submit-queue
jsonpath filter: allow intermediate missing keys
**What this PR does / why we need it**:
In jsonpath, when filtering a list, if allowMissingKeys is true, skip
over any items that are missing an intermediate key in the filter,
instead of returning a confusing error.
For example, if the filter is
{.items[?(@.metadata.annotations.foo=="bar")].metadata.name}
we should return all items where metadata.annotations.foo == bar, but if
an item in the list does not have metadata, metadata.annotations, or
metadata.annotations.foo, skip it instead of erroring.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#45546
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed a bug where a jsonpath filter would return an error if one of the items being evaluated did not contain all of the nested elements in the filter query.
```
cc @timothysc @smarterclayton @stevekuznetsov @mengqiy @liggitt @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue
remove some people from OWNERS so they don't get reviews anymore
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- @bprashanth
- @rjnagal
- @vmarmol
Automatic merge from submit-queue (batch tested with PRs 48812, 48276)
client-go support IPv6 addresses for PortForwarder getListener()
Currently, client-go requires that an IPv6 address string for hostname has
square brackets surrounding, so that it can be used with address:port in
an API request.
This change, removes that requirement, and has getListener() add the
square brackets, if needed. If the hostname is a name, an IPv4 address
string, or an IPv6 address already with square brackets, no change is made.
Decided to change here, rather than everywhere client-go is used (thinking
that there may be places where we DON'T want the square brackets applied).
This issue was found in kubelet, which, at startup, creates a listener for
services and nodes. If an IPv6 address is used, the URI was malformed.
**What this PR does / why we need it**:
Ensures that client-go will handle IPv6 addresses as hostnames, without any special encoding by caller.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48225
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48864, 48651, 47703)
Do not persist SelfLink into etcd storage
This behavior regressed in an earlier release. Clearing the self link reduces the size of the stored object by a small amount and keeps etcd marginally cleaner. Add tests to verify that Create and Update result in no SelfLink stored in etcd.
Currently, client-go requires that an IPv6 address string for hostname has
square brackets surrounding, so that it can be used with address:port in
an API request.
This change, removes that requirement, and has getListener() add the
square brackets for IPv6 addresses for hosts. If IPv4 or hostname, the name
will not be modified.
Decided to change here, rather than everywhere client-go is used (thinking
that there may be places where we DON'T want the square brackets applied).
This issue was found in kubelet, which, at startup, creates a listener for
services and nodes. If an IPv6 address is used, the URI was malformed.
This behavior regressed in an earlier release. Clearing the self link
ensures that a new version is always written and reduces the size of the
stored object by a small amount. Add tests to verify that Create and
Update result in no SelfLink stored in etcd.
Automatic merge from submit-queue (batch tested with PRs 48594, 47042, 48801, 48641, 48243)
Prepare to introduce websockets for exec and portforward
Refactor the code in remotecommand to better represent the structure of
what is common between portforward and exec.
Ref #48633
Automatic merge from submit-queue (batch tested with PRs 48698, 48712, 48516, 48734, 48735)
Name change: s/timstclair/tallclair/
I changed my name, and I'm migrating my user name to be consistent.
Automatic merge from submit-queue
remove svg mime type extension
Signed-off-by: sakeven <jc5930@sina.cn>
**What this PR does / why we need it**:
I found that [kubernetes requires go version 1.6 or greater](https://github.com/kubernetes/kubernetes/blob/master/hack/lib/golang.sh#L335).
While the [commit](21e47d831b) which adds "image/svg+xml" type for extension ".svg", has been merged to go from version 1.5 to 1.9beta.
So it's safe to remove code ```mime.AddExtensionType(".svg", "image/svg+xml")```.
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)
add generated clients. modify codegen script
**What this PR does / why we need it**:
Adds in the generated clientsets for the sample apiserver. Modifies the update-codgen script to copy over the client from the generated location. We need it in order to be able to add integrations and unit tests that make use of the clientsets and their fakes.
**Special notes for your reviewer**:
@deads2k @p0lyn0mial hopefully done the correct thing here. Not 100% sure on needing the copy but it seemed what was needed to get the import paths correct?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47948, 48631, 48693, 48549, 47593)
add a regression test for Audit-ID http header
This change add a test for: https://github.com/kubernetes/kubernetes/pull/48492
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
