Automatic merge from submit-queue (batch tested with PRs 53645, 54734, 54586, 55015, 54688). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve webhook error message
**What this PR does / why we need it**:
Currently, apiserver only prints message of review status returned by a rejecting webhook controller. If the message is empty, users will see this in event message:
`create Pod <pod-name> failed error:<empty-string>`. Hook name should be included in the error message as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
**Special notes for your reviewer**: @kubernetes/sig-api-machinery-bugs
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move KubeProxyConfiguration out of componentconfig API group
**What this PR does / why we need it**:
move KubeProxyConfiguration out of componentconfig API group
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53577
**Special notes for your reviewer**:
/cc @thockin @ncdc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove Google Cloud KMS's in-tree integration
Removes the following introduced by #48574 and others:
* `kms.go` which contained the cloudkms-specific code for Google Cloud KMS service.
* Registering the Google Cloud KMS in the KMS plugin registry.
* Google's `cloudkms` API package from `vendor` folder.
The following changes are upcoming:
* Removal of KMSPluginRegistry. This would not be needed anymore, since KMS providers will be out-of-tree from now on (so no need of registering them, an address of the process would be enough).
* A service which allows encrypt/decrypt functionality (satisfies `envelope.Service` interface) if initialized with an IP/Port of an out-of-tree process serving KMS requests. Will tentatively use gRPC requests to talk to this external service.
Reference: https://github.com/kubernetes/kubernetes/pull/54439#issuecomment-340062801 and https://github.com/kubernetes/kubernetes/issues/51965#issuecomment-339333937.
```release-note
Google KMS integration was removed from in-tree in favor of a out-of-process extension point that will be used for all KMS providers.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Describe NetworkPolicyEgressRule and IPBlock
**What this PR does / why we need it**:
- Describe IPBlock for NetworkPolicyIngressRule.
- Describe NetworkPolicyEgressRule
- Add test case for NetworkPolicyEgressRule
- Describe PolicyTypes
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @thockin @caseydavenport @cmluciano
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55034, 55068). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clarify what each "version" means.
Some folks were getting confused by this output.
Fixes#54821
```release-note
NONE
```
/area conformance
/sig architecture
/assign @timothysc @WilliamDenniss
Automatic merge from submit-queue (batch tested with PRs 55034, 55068). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Close the file before renaming in FileStore
Also change the unit test to use a real file system to detect errors
like this.
Automatic merge from submit-queue (batch tested with PRs 54535, 54950, 55081). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: add +groupGoName to allow unique Go identifiers in clientsets and informers
We use the first segement of the GroupName as Go name. Hence, a GroupName
"policy.k8s.io" and "policy.authorization.k8s.io" could not live in the
same clientset or shared informer factory. This PR add another tag:
```
// +groupGoName=AuthorizationPolicy
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove kubectl dependency internal version
**What this PR does / why we need it**:
ref kubernetes/kubectl#83
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
use `k8s.io/api/core/v1` replace `k8s.io/kubernetes/pkg/api`
use `k8s.io/client-go/kubernetes/typed/core/v1` replace `k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion`
**Release note**:
```release-note
NONE
```
If certificates for etcd are located in the same directory or
subdirectories of kubernetes pki directory, don't create separate
volumes and mounts in manifests.
Fixeskubernetes/kubeadm#522
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix scheduler predicates test that may violate DNS label rules
**What this PR does / why we need it**:
This commit fixes an issue where in clusters which have FQDN as the node names,
one of the scheduling predicates tests will fail because it will try and run a
pod with a name that violates DNS-1123 rules. As an example, one such pod name
could look like "filler-pod-kube-node-0.kubelet.mesos".
**Which issue(s) this PR fixes**:
Fixes#55117
**Special notes for your reviewer**:
As soon as this is approved, I will create the cherry-pick PRs for 1.7.x. It doesn't apply on 1.8.x.
cc @aveshagarwal @kubernetes/sig-scheduling-pr-reviews
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop using the PersistentVolumeLabel admission controller in v1.9
**What this PR does / why we need it**:
Stop using the PersistentVolumeLabel admission controller in v1.9, as in v1.9, we're targeting out-of-tree cloud providers to be ready to use more generally as part of moving to beta.
**Which issue this PR fixes**:
fixeskubernetes/kubeadm#444
