Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Reintegrate aggregation support for OpenAPI
Reintegrating changes of #46734
Changes summary:
- Extracted all OpenAPI specs to new repo `kube-openapi`
- Make OpenAPI spec aggregator to copy and rename any non-requal model (even with documentation change only).
- Load specs when adding APIServices and retry on failure until successful spec retrieval or a 404.
- Assumes all Specs except aggregator's Spec are static
- A re-register of any APIService will result in updating the spec for that service (Suggestion for TPR: they should be registered to aggregator API Server, Open for discussion if any more changes needed for another PR.)
fixes#48548
Kubernetes-commit: 9067d359511890b893794c2e0a93bff88ed7d697
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Correctly handle empty watch event cache
Fixes https://github.com/kubernetes/kubernetes/issues/49956
Introduced by ada60236f7 which did not adjust the oldest available resourceVersion for an empty watch event cache.
Exposed by 74b9ba3b4d, which allowed controllers to get list results from etcd before the watch cache is ready (normally they list with resourceVersion=0 which serves the list request from the watch cache, blocking until it is ready)
When the watch cache had an empty cache of watch events, it currently allows establishing a watch as if it can deliver a watch event for its currently synced resourceVersion. This results in an off-by-one error which can result in a missed watch event.
Scenario:
bob:
1. creates object at resourceVersion=11
sally:
1. does a list API request, gets a list resourceVersion of 10 (just before bob creates the object)
2. starts watch handled by watch cache at resourceVersion=10
Watch cache:
1. initial list gets resourceVersion=11, including the item created by bob
2. when determining the initial watch events to send to sally's watch, there are no watch events in the cache, so no initial watch events are sent.
3. the cache listerwatcher watches etcd starting at resourceVersion=11, so future events are fed into the event cache and to sally's watch
The watch cache should have dropped sally's watch from resourceVersion=10 with a "gone" error, since it can't deliver the watch event for resourceVersion=11. This would force sally to relist (where she would get a list at resourceVersion=11) and rewatch (from resourceVersion=11)
This particularly affects tests that create CRD/TPRs and establish watches on the new types as the storage layer's watch cache is also populating for that type.
```release-note
Fix a bug in watch cache sometimes causing missing events after watch cache initialization.
```
Kubernetes-commit: 35c3a51e2cdc555cf5edf2b09f03e7ed17fd3377
This flag is documented as being case-insensitive, but the code was
doing a case-sensitive map lookup.
Kubernetes-commit: 0acdc0cdb369372e06c202aea162bce04410f643
e2e and integration tests have been switched over to the tokenfile
authenticator instead.
```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
Kubernetes-commit: e2f2ab67f29d3e859e0b3e6668d8d770d93132fc
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.
Kubernetes-commit: a8693b63b910d02397eb4a27873cd7da08242a14
- port direct calls to deepcopy funcs
- apimachinery: fix types in unstructured converter test
- federation: fix deepcopy registration
Kubernetes-commit: 2bbe72d4e09f7c95e1ad851187d4733a54644fbe
supereagle
Kubernetes Publisher
mbohlool
Jordan Liggitt
Clayton Coleman
Saksham Sharma
Wojciech Tyczynski
Shyam Jeedigunta
Timothy St. Clair
John Millikin
deads2k
Di Xu
jianglingxia
Nikhita Raghunath
Slava Semushin
Cao Shufeng
Dr. Stefan Schimanski
Michail Kargakis
Taylor Thomas
Eric Chiang
xiangpengzhao
huangjiuyuan