Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump cfssl to be compatible with Go 1.10
Kubernetes-commit: ef3539e69e4c897f48ecd6b2dd73417ce0416b08
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unit test for function FeatureGateSetFromMap and FeatureGateString
**What this PR does / why we need it**:
add unit test for function FeatureGateSetFromMap and FeatureGateString
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: cba7843cb403e1d7864a59949e0ec6c8927ea403
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
**What this PR does / why we need it**:
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
xref: [remove YEAR fileds in gengo #91](https://github.com/kubernetes/gengo/pull/91)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#gengo/issues/24](https://github.com/kubernetes/gengo/issues/24)
**Special notes for your reviewer**:
/cc @thockin @lavalamp @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e40ffd71972b820aeed283946e880aa2479f8524
Automatic merge from submit-queue (batch tested with PRs 61087, 61075, 61213, 61149, 60826). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Grant sig leads feature approval powers
**What this PR does / why we need it**:
Sig leads already approve features for milestones and do a lot of code reviews. They should be able to approve changes to the associated feature gates, rather than needing to escalate every feature to root owners.
I omitted some sigs that shouldn't need to approve features in the base repo. LMK if I missed any, or these should be included in the approvers:
- AWS
- Azure
- Big Data
- Contributor Experience
- Docs
- GCP
- OpenStack
- Product Management
- Service Catalog
- Testing
- UI
For posterity, here's the script I used: https://gist.github.com/tallclair/1128aefa3186b0c3a8f4603929d2354e
**Special notes for your reviewer**:
@sig-leads: Please use responsibly :)
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d84c938da5438e05eacb7437aa3602927c857b0b
Automatic merge from submit-queue (batch tested with PRs 57871, 61094, 60459, 61089, 61105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove the outdated TODO
**What this PR does / why we need it**:
remove the outdated TODO in [a7d6340ad2/staging/src/k8s.io/apiserver/pkg/registry/rest/meta.go (L42))
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 025439988428d2b78342549419706639cd6e52a6
Automatic merge from submit-queue (batch tested with PRs 60919, 60953, 61085, 61083, 60971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[advanced audit]fix comment about throttle burst
/assign @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: ad432fa6bde65adad109f484a31f229de593b570
Automatic merge from submit-queue (batch tested with PRs 60919, 60953, 61085, 61083, 60971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix bug in apiserver.k8s.io RootScopedKinds
RootScopedKinds in group ` apiserver.k8s.io` should be `AdmissionConfiguration`
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 32d6a9356d8659236806cd8bd5c2817a2b809819
Automatic merge from submit-queue (batch tested with PRs 61003, 61031, 60360, 58349, 60922). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
log enabled admission controller in order
This change log enabled mutating and validating admission controller
in order.
ref: https://github.com/kubernetes/kubernetes/pull/60838/files#r173295334
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 4c8657c0872eb2835e1c9dac1114366d915c4381
Automatic merge from submit-queue (batch tested with PRs 60759, 60531, 60923, 60851, 58717). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate EtcdOptions.EtcdServersOverrides in EtcdOptions.Validate
move `EtcdOptions.EtcdServersOverrides` validation from `BuildStorageFactory` to `EtcdOptions.Validate`, which fails fast in kube-apiserver startup.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 691a7d43588692501e27be2375bebad1c30b7ae5
Automatic merge from submit-queue (batch tested with PRs 60363, 59208, 59465, 60581, 60702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver clean code
**What this PR does / why we need it**:
1. clean up some redundant code in kube-apiserver startup
1. comment on `preparedGenericAPIServer`, which is just a wrapper of `GenericAPIServer`.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 18d9e1c450d6e080dad11af1f27d371325fba5ef
Automatic merge from submit-queue (batch tested with PRs 59740, 59728, 60080, 60086, 58714). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
more concise to merge the slice
**What this PR does / why we need it**:
more concise to merge the slice
**Special notes for your reviewer**:
Kubernetes-commit: c64f19dd1b5d0f81dd4d59cf6aa5c23cf1e46f5d
Updates github.com/evanphx/json-patch dependency
to fix tests against empty objects/arrays.
Includes fix from evanphx/json-patch#50
Kubernetes-commit: 758d3e7c576f0761b23fed69c3b5dabf6013e8d0
Automatic merge from submit-queue (batch tested with PRs 60737, 60739, 61080, 60968, 60951). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix default auditing options.
- Log backend defaults to blocking mode (backwards compatability)
- Webhook backend defaults to throttled
- Fix webhook validation
- Add options test
**Which issue(s) this PR fixes**:
Fixes#60719
**Special notes for your reviewer**:
This PR is an alternative fix to https://github.com/kubernetes/kubernetes/pull/60727. If the rollback goes in first, I'll rebase this on a roll-forward.
**Release note**:
-->
```release-note
NONE
```
Kubernetes-commit: c13d9ffea959c895ee250f5f094a648c5dd0e924
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix option --audit-webhook-initial-backoff
Before this change, --audit-webhook-initial-backoff has no effect
@crassirostris @sttts
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 25c8871bd08f2fc1914e65b0d2de281a30c212b2
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Let webhook controller uses a local scheme that understand admissionReview
An alternative to #60965.
Fix#60963.
Fixkubernetes/sample-apiserver#21.
Created a scheme that only understands admission/v1beta1 and use it to
encode/decode admissionReviews.
cc @sttts
Kubernetes-commit: fd3cbc9bbfb63b78cfc3beaf1d6d042f71d8e73a
Created a scheme that only understands admission/v1beta1 and use it to
encode/decode admissionReviews.
Also made the NegotiationSerializer setup static
Kubernetes-commit: 3ab516035d17c2b2798797eb8ee85522ccbc051e
Automatic merge from submit-queue (batch tested with PRs 60906, 60943). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make admission webhooks honor scheme part of url
**What this PR does / why we need it**:
Bug fix, allow webhooks to use the scheme provided in clientConfig, instead of defaulting to http.
(more in issue)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60942
```release-note
Bug fix, allow webhooks to use the scheme provided in clientConfig, instead of defaulting to http.
```
/kind bug
/sig api-machinery
Kubernetes-commit: 71b40cbce509960cb020822c85e05b379c37d722
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
log enabled admission controller in order
After switching to --enable-admission-plugins/--disable-admission-plugins, some admission controller may start silently. And these admission controllers may modify or forbid objects. This pull request does a lot of help for admin to trouble shooting.
/assign @hzxuzhonghu @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: bad8e0d91cfd8a3e2a40ded61716629970a082c6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc: add rithujohn191 as a reviewer
cc @rithujohn191
/sig auth
/kind documentation
```release-note
NONE
```
Kubernetes-commit: f196b7c7523dbf0d6ed703a93af73f54e9d2e42c
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prevent webhooks from affecting admission requests for WebhookConfiguration objects
**What this PR does / why we need it**:
As it stands now webhooks can be added to the system which make it impossible for a user to remove that webhook, or two webhooks could be registered which make it impossible to remove each other.
The first commit of this will add a test to make sure webhook deletion is never blocked by a webhook. This test will fail until the second commit is added which will prevent webhooks from affecting admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group
- [x] Test that webhook deletion is never blocked by a webhook ([test fails before second commit](https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/59840/pull-kubernetes-e2e-gce/23731/))
- [x] Prevent webhooks from being called on admission requests for [Validating|Mutating]WebhookConfiguration objects
- [x] Document this new behavior maybe in another PR
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of fixing #59124 (Verifies that it can remove the broken webhook.)
**Release note**:
```release-note
ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group
```
Kubernetes-commit: 5066a67caaf8638c7473d4bd228037d0c270c546
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix initializing watch cache
When initializing watch cache, set auxiliary fields in `storeElement` object. Fixes#60507.
```release-note
NONE
```
Kubernetes-commit: e2dee6073933c99b63addecfd6397c058b512cd4
Kubernetes Publisher