Move over only the conversions that are needed, create a new scheme that
is private to meta and only accessible via ParameterCodec. Move half of
pkg/util/labels/.readonly to pkg/apis/meta/v1/labels.go
The previous option was not serializable, and was used in questionable
scenarios to represent what we also use Everything() for. The individual
context needs to make the decision about everything vs nothing (and
nothing has no real concept in our API today) so this seems safe.
Automatic merge from submit-queue
Remove federated-image.tag from the .gitignore file.
This generated version metadata file was being written to a source
directory and caused a lot of pain. We are moving to a world where
this file is generated in the build/output artifacts directory and
also possibly looking at ways to entirely remove the federation
specific versions file. This is in-line with that goal of removing
the dependency on federated-image.tag file.
cc @kubernetes/sig-federation-misc
Automatic merge from submit-queue (batch tested with PRs 39341, 40010)
genericapiserver/api/filters: cut off pkg/api dependency and fix timeout status
The timeout status did not have a proper group version and verb. With the `RequestInfo` available we can easily create a proper status object.
As a side-product we cut off the dependency to `pkg/api` from `genericapiserver/api/filters`.
Follow-up with version negotiation is here: https://github.com/kubernetes/kubernetes/pull/40211
Automatic merge from submit-queue
Improve TerminationMessagePath to be more flexible
* Support `terminationMessagePolicy: fallbackToLogsOnError` which allows pod authors to get useful information from containers as per kubernetes/community#154
* Set an upper bound on the size of the termination message path or log output to prevent callers from DoSing the master
* Add tests for running as root, non-root, and for the new terminationMessagePolicy cases.
I set the limit to 4096 bytes, but this may be too high for large pod containers. Probably need to set an absolute bound, i.e. max message size allowed is 20k total, and we truncate if we're above that limit.
Fixes#31839, #23569
```release-note
A new field `terminationMessagePolicy` has been added to containers that allows a user to request `FallbackToLogsOnError`, which will read from the container's logs to populate the termination message if the user does not write to the termination message log file. The termination message file is now properly readable for end users and has a maximum size (4k bytes) to prevent abuse. Each pod may have up to 12k bytes of termination messages before the contents of each will be truncated.
```
Automatic merge from submit-queue
OWNERS: Update latest OWNERS files
These files have been created lately, so we don't have much information
about them anyway, so let's just:
- Remove assignees and make them approvers
- Copy approves as reviewers
Automatic merge from submit-queue (batch tested with PRs 40251, 40171)
Mark --docker-exec-handler deprecated
We plan to drop support for the nsenter exec handler in the future. Marking this flag as deprecated to warn the users.
Automatic merge from submit-queue (batch tested with PRs 40251, 40171)
Only run gcloud as root if we plan to change something.
Only run gcloud as root if we plan to change something.
Fixes bug introduced in #36292 @jlowdermilk @ixdy
These files have been created lately, so we don't have much information
about them anyway, so let's just:
- Remove assignees and make them approvers
- Copy approves as reviewers
Enforce the following limits:
12kb for total message length in container status
4kb for the termination message path file
2kb or 80 lines (whichever is shorter) from the log on error
Fallback to log output if the user requests it.
Automatic merge from submit-queue
Make generic registry easier to understand
**What this PR does / why we need it**:
This PR makes the generic registry and some areas of the api REST abstractions easier to understand by adding and clarifying comments. These comments are based on digging that was done to implement a new API server and REST storage for resources in a wholly-new API group.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
make client-go tools/auth and tools/clientcmd authoritative
These moved easily. Pure mechanical. I'll have a couple snip pulls for some of the more complicated packages. `pkg/util/homedir` was a transitive that moved with. It was only used in `kubectl` and you'd need it to be consistent with `clientcmd` loading order.
@sttts
Automatic merge from submit-queue (batch tested with PRs 38445, 40292)
kubeadm: Secure apiserver -> kubelet communication and set storage backend to etcd3
**What this PR does / why we need it**:
Switch storage backend to etcd3
Writes ca.crt down to disk so we can set `--client-ca-file=/etc/kubernetes/ca.crt` for the kubelet.
Adds --kubelet-client-{certificate,key} to the apiserver args and make it allowed to access the kubelets
In some cases the `path` dependency is switched to `filepath`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
fixes https://github.com/kubernetes/kubeadm/issues/118
fixes https://github.com/kubernetes/kubeadm/issues/129
**Special notes for your reviewer**:
This PR is should make it possible to secure the apiserver -> kubelet communication.
**Release note**:
```release-note
NONE
```
@pires @mikedanese @andrewrynhard @liggitt @deads2k
Automatic merge from submit-queue (batch tested with PRs 38445, 40292)
Add the ability to edit fields within a config map.
Addresses part of https://github.com/kubernetes/kubernetes/issues/36222
Example command:
```console
$ kubectl edit configmap foo --config-map-data=bar
```
Will open the data element named `bar` in the `ConfigMap` named `foo` in `$EDITOR`, the edited contents are then updated back to the config map.
@kubernetes/sig-cli
```release-note
Add a special purpose tool for editing individual fields in a ConfigMap with kubectl
```
Automatic merge from submit-queue
separate announce factories
We caught this part way through Daniel's refactor from 1.5. Have to separate announce factories to be able to double register types for client-go.
@kubernetes/sig-apimachinery-misc
Automatic merge from submit-queue (batch tested with PRs 40196, 40143, 40277)
avoid incorrect short-circuit of client-ca setup
PasswordFile options should only affect computation of the SupportsBasicAuth field, not short-circuit setting up the client ca certpool
Automatic merge from submit-queue (batch tested with PRs 40196, 40143, 40277)
Emit warning event when CronJob cannot determine starting time
**What this PR does / why we need it**:
In #39608, we've modified the error message for when a CronJob has too many unmet starting times to enumerate to figure out the next starting time. This makes it more "actionable", and the user can now set a deadline to avoid running into this. However, the error message is still only controller level AFAIK and thus not exposed to the user. From his perspective, there is no way to tell why the CronJob is not scheduling the next instance.
The PR adds a warning event in addition to the error in the controller manager's log.
**Which issue this PR fixes**: This is an addition to PR #39608 regarding #36311.
**Special notes for your reviewer**: cc @soltysh
**Release note**:
```release-note
```
Automatic merge from submit-queue
Remove TODOs to refactor kubelet labels
To address #39650 completely.
Remove label refactoring TODOs, we don't need them since CRI rollout is on the way.
Automatic merge from submit-queue
[Federation] Expose autoscaling apis through federation api server
This PR implements first part of federated pod autoscaler.
The issue to handle the whole feature is https://github.com/kubernetes/kubernetes/issues/38974
cc @kubernetes/sig-cluster-federation
@shashidharatd @kshafiee @deepak-vij
**Release note**:
```
federation users can now use federated autoscaling resources and create federated horizontalpodautoscalers
```
Automatic merge from submit-queue (batch tested with PRs 40066, 36250, 40255, 40225, 40204)
Fix validation errors in cli are cryptic
fix issue https://github.com/kubernetes/kubernetes/issues/39811
now the error message is like:
`error validating "/home/shiywang/template/test.yaml": error validating data: field ports for v1.ServiceSpec: is required; if you choose to ignore these errors, turn validation off with --validate=false`
still need add some unit test, plz don't test now
