This adds a new stand-alone certificates controller for use on GKE. It
allows calling GKE to sign certificates instead of requiring the CA
private key locally.
It does not aim for 100% feature parity with kube-controller-manager
yet, so for instance, leader election support is omitted.
Automatic merge from submit-queue
Update owners file to reflect Juju/Charm knowledgable reviewers
**What this PR does / why we need it**:
Several reviewers have expressed confusion on why they're being added to pull requests related to cluster/juju. This is likely because the cluster OWNER wasn't updated from the original when created. This removes those who have expressed confusion to avoid noise in future updates to this directory.
Removed:
- @pmorie [ref](https://github.com/kubernetes/kubernetes/pull/40814#issuecomment-282107925)
- @jsafrane [ref](https://github.com/kubernetes/kubernetes/pull/42007#issuecomment-282246574)
Added:
- @marcoceppi
- @chuckbutler
- @mbruzek
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Fix zsh completion: unknown file attribute error
**What this PR does / why we need it**:
Fixes zsh completion.
Sourcing the file with `zsh` > 4 resulted in an `unknown file attribute`.
More details at http://stackoverflow.com/questions/37220495/zsh-unknown-file-attribute
Automatic merge from submit-queue
NodeController sets NodeTaints instead of deleting Pods
```release-note
Add an alpha feature that makes NodeController set Taints instead of deleting Pods from not Ready Nodes.
```
cc @timothysc @wojtek-t @davidopp
@aveshagarwal - this PR just uses library functions from previous one.
@kevin-wangzefeng - the only thing that's left is to write an admission controller. I don't remember what was the agreements. Are you going to write it, or should I?
Automatic merge from submit-queue
hack/verify-staging-client-go.sh: fail verbosely if working dir is dirty
Fail early and show verbose error message if repository is dirty.
Automatic merge from submit-queue
redact detailed errors from healthz and expose in default policy
Makes `/healthz` less sensitive and exposes it by default.
@kubernetes/sig-auth-pr-reviews @kubernetes/sig-api-machinery-misc @liggitt
