Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Rename generic webhook
Ref #https://github.com/kubernetes/features/issues/492
A pure gred & sed change. The `GenericAdmissionWebhook` is renamed as `ValidatingAdmissionWebhook`.
```release-note
The `GenericAdmissionWebhook` is renamed as `ValidatingAdmissionWebhook`. Please update you apiserver configuration file to use the new name to pass to the apiserver's `--admission-control` flag.
```
Kubernetes-commit: 47a80424ed9d5cc2b5d50e614cf1038a55702931
Automatic merge from submit-queue (batch tested with PRs 55642, 55897, 55835, 55496, 55313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Table printers and server generation should always copy ListMeta
Tables should be a mapping from lists, so if the incoming object has these add them to the table. Paging over server side tables was broken without this. Add tests on the generic creater and on the resttest compatibility.
@deads2k
Kubernetes-commit: 941c6aa1db828c9f687780bea21f1d94319a1abe
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move unstructured conversion into pkg/runtime
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
@liggitt @kubernetes/sig-cli-api-reviews I am going to make Scheme support unstructured in ConvertToVersion and Convert, which means resource.Builder and the CLI can get simpler for all existing use cases where versioned and unstructured need to coexist.
Kubernetes-commit: a67abac7654cc3e05618d41191d71730cf9565ac
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding mutating webhook admission plugin
Ref #https://github.com/kubernetes/features/issues/492
I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once https://github.com/kubernetes/kubernetes/pull/55829 is merged.
We should update the release notes to point to the user docs when we have any.
```release-note
Added mutation supports to admission webhooks.
```
TODO:
- [ ] update test image to v6 after #55829 is merged
- [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook
- [ ] reduce json marshal/unmarshal roundtrip: https://github.com/kubernetes/kubernetes/pull/54892#discussion_r151336838
- [ ] move the matching function to a common package that validating and mutating webhooks can both import.
- [ ] handle namespace GET failure gracefully for fail open webhook?
Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
Automatic merge from submit-queue (batch tested with PRs 55908, 55829, 55293, 55653, 55665). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Admission response alt
**What this PR does / why we need it**: This reflects the imperative nature of AdmissionReview. It adds AdmissionRequest and AdmissionResponse in place of status/spec. The AdmissionResponse the allows the mutating webhook to send back a json path with the mutated version of the requested object.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Ref #https://github.com/kubernetes/features/issues/492
**Special notes for your reviewer**:Port of caesarxuchao's fix with outcome of https://github.com/kubernetes/kubernetes/issues/55729
**Release note**:
```release-note
action-required: please update your admission webhook to use the latest [Admission API](https://github.com/kubernetes/api/tree/master/admission).
`admission/v1alpha1#AdmissionReview` now contains `AdmissionRequest` and `AdmissionResponse`. `AdmissionResponse` includes a `Patch` field to allow mutating webhooks to send json patch to the apiserver.
```
Kubernetes-commit: cae4208e261089fb278f254092c399c807210897
Automatic merge from submit-queue (batch tested with PRs 55254, 55525, 50108, 54674, 55263). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
ColonSeparatedMultimapStringString: allow multiple Set invocations with default override
The first call to Set will clear the map before adding entries;
subsequent calls will simply append to the map.
This makes it possible to override default values with a command-line
option rather than appending to defaults,
while still allowing the distribution of key-value pairs across
multiple flag invocations.
For example: `--flag "a:hello" --flag "b:again" --flag "b:beautiful"
--flag "c:world"` results in `{"a": ["hello"], "b": ["again",
"beautiful"], "c": ["world"]}`
Related: #53833, https://github.com/kubernetes/kubernetes/pull/54643#discussion_r148651257
```release-note
NONE
```
Kubernetes-commit: dc315b8e37a73e5c036701eaee868909aa9333f7
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Lift embedded structure out of eviction-related KubeletConfiguration fields
- Changes the following KubeletConfiguration fields from `string` to
`map[string]string`:
- `EvictionHard`
- `EvictionSoft`
- `EvictionSoftGracePeriod`
- `EvictionMinimumReclaim`
- Adds flag parsing shims to maintain Kubelet's public flags API, while
enabling structured input in the file API.
- Also removes `kubeletconfig.ConfigurationMap`, which was an ad-hoc flag
parsing shim living in the kubeletconfig API group, and replaces it
with the `MapStringString` shim introduced in this PR. Flag parsing
shims belong in a common place, not in the kubeletconfig API.
I manually audited these to ensure that this wouldn't cause errors
parsing the command line for syntax that would have previously been
error free (`kubeletconfig.ConfigurationMap` was unique in that it
allowed keys to be provided on the CLI without values. I believe this was
done in `flags.ConfigurationMap` to facilitate the `--node-labels` flag,
which rightfully accepts value-free keys, and that this shim was then
just copied to `kubeletconfig`). Fortunately, the affected fields
(`ExperimentalQOSReserved`, `SystemReserved`, and `KubeReserved`) expect
non-empty strings in the values of the map, and as a result passing the
empty string is already an error. Thus requiring keys shouldn't break
anyone's scripts.
- Updates code and tests accordingly.
Regarding eviction operators, directionality is already implicit in the
signal type (for a given signal, the decision to evict will be made when
crossing the threshold from either above or below, never both). There is
no need to expose an operator, such as `<`, in the API. By changing
`EvictionHard` and `EvictionSoft` to `map[string]string`, this PR
simplifies the experience of working with these fields via the
`KubeletConfiguration` type. Again, flags stay the same.
Other things:
- There is another flag parsing shim, `flags.ConfigurationMap`, from the
shared flag utility. The `NodeLabels` field still uses
`flags.ConfigurationMap`. This PR moves the allocation of the
`map[string]string` for the `NodeLabels` field from
`AddKubeletConfigFlags` to the defaulter for the external
`KubeletConfiguration` type. Flags are layered on top of an internal
object that has undergone conversion from a defaulted external object,
which means that previously the mere registration of flags would have
overwritten any previously-defined defaults for `NodeLabels` (fortunately
there were none).
Related: #53833 (lifting embedded structures out of string fields is part of getting this API to beta)
```release-note
The EvictionHard, EvictionSoft, EvictionSoftGracePeriod, EvictionMinimumReclaim, SystemReserved, and KubeReserved fields in the KubeletConfiguration object (kubeletconfig/v1alpha1) are now of type map[string]string, which facilitates writing JSON and YAML files.
```
Kubernetes-commit: 00fe2cfe6cfa2513f8165b696a2570cbbd2498cf
Automatic merge from submit-queue (batch tested with PRs 55392, 55491, 51914, 55831, 55836). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Guarantee that status errors have a kind set
Kubernetes-commit: d20b156995be157292571a59f874f77d335ecb9b
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add monitoring support for hardware accelerators
Currently only NVIDIA GPU monitoring is implemented.
Feature repo issue: https://github.com/kubernetes/features/issues/369
cAdvisor PR: https://github.com/google/cadvisor/pull/1762
/kind feature
/sig node
/sig instrumentation
/area hw-accelerators
**Release note**:
```release-note
Kubelet now exposes metrics for NVIDIA GPUs attached to the containers.
```
Kubernetes-commit: 779105673ab2f00af9e02dc9ac3c6413588aeae4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: move generic registry test framework into k8s.io/apiserver
The generic registry `Tester` does not depend on Kube. It is helpful also outside when implementing a non-trivial registry.
This is pre-requisite for CRD subreasources https://github.com/kubernetes/kubernetes/pull/55168.
Kubernetes-commit: c7e7b9284c71e782230cdc8a6bc04a2df080f898
Automatic merge from submit-queue (batch tested with PRs 55657, 54758, 47584, 55758, 55651). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Gophercloud dependency for reauth problem
**What this PR does / why we need it**:
Fixes picked up from gophercloud:
443743e883...0b6b13c4dd
Including the one for endless loop on reauth:
https://github.com/gophercloud/gophercloud/pull/604
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55656
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 08659652a2fa3c3f7ecbe91c591a5021f343c355
Automatic merge from submit-queue (batch tested with PRs 53780, 55663, 55321, 52421, 55659). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicated import
**Release note**:
```release-note
NONE
```
Kubernetes-commit: c339a54b53bd05eb642618bffda727196e38bc70
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce new `VolumeAttachment` API Object
**What this PR does / why we need it**:
Introduce a new `VolumeAttachment` API Object. This object will be used by the CSI volume plugin to enable external attachers (see design [here](https://github.com/kubernetes/community/pull/1258). In the future, existing volume plugins can be refactored to use this object as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Part of issue https://github.com/kubernetes/features/issues/178
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Kubernetes-commit: ebe8ea73fd1a961779242dfbb629befa153e96fc
Some errors are invoked outside of negotiation. These errors should
still have a kind and apiVersion (which is only set by structured
encoders, not always availabe). Ensure that all errors by default get a
status kind and version set.
Kubernetes-commit: a1e44fc69bf0faeb47e6d2ebfc2709bbc3f17221
Tables should be a mapping from lists, so if the incoming object has
these add them to the table. Allows paging over server side tables.
Add tests on the generic creater and on the resttest compatibility.
Kubernetes-commit: d2a62fd42234a96cbab2dbcf402c168c59b41784
Automatic merge from submit-queue (batch tested with PRs 54602, 54877, 55243, 55509, 55128). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop timer
**What this PR does / why we need it**:
stop the timer after using it
Kubernetes-commit: 8bdd6614f16d62b4ea31809749162c6a4c0d1162
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validation webhook plugin converts objects to the external version before sending to webhooks
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
https://github.com/kubernetes/features/issues/492
**Special notes for your reviewer**:
**Release note**:
```release-note
The apiserver sends external versioned object to the admission webhooks now. Please update the webhooks to expect admissionReview.spec.object.raw to be serialized external versions of objects.
```
Kubernetes-commit: cba5aa05906d51d07f0b4b613f6c82651e2313dc
Automatic merge from submit-queue (batch tested with PRs 55283, 55461, 55288, 53970, 55487). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[authorize] rename test file and remove unused code
**What this PR does / why we need it**:
rename go test filename and remove unused code in builtin.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
nit fix, no impact to function.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 14674f450855de54cf9632c00157d4f0fd9b6d70
Move the namespace selector code to package webhook/namespace
Move the conversion related code to package to webhook/versioned
Move errors related code to package webhook/errors
Move admission review related code to package webhook/request
Kubernetes-commit: 51774697b35314b078270e9da24fbe0ff843b981
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
Kubernetes-commit: 557f9ddfe6300ecdbdd70ea67dca63bf6b710ea7
FengyunPan
Di Xu
ymqytw
Chao Xu
Cao Shufeng
Kubernetes Publisher
Daniel Smith
Dr. Stefan Schimanski
Joe Betz
Michael Taufen
hzxuzhonghu
Clayton Coleman
Maciej Szulik
Davanum Srinivas