Automatic merge from submit-queue (batch tested with PRs 46512, 50146)
Make metav1.(Micro)?Time functions take pointers
Is there any reason for those functions not to be on pointers?
Kubernetes-commit: b59ad9cbfff866093a6c0ee26c3562e9ec9133e4
Automatic merge from submit-queue (batch tested with PRs 50255, 50885)
remove dead code for cloner
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0
**Release note**:
```
NONE
```
Kubernetes-commit: 2ba796fe47b3d17c5a385183d91a396aee580b87
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
fix incorrect logic in admission register
**What this PR does / why we need it**:
There is no issue for this PR, just fix incorrect logic in invocation `func (ps *Plugins) Register(name string, plugin Factory) ` after browsing the code accidentally. And apparently, the logic exits potential panic.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
no issue
**Special notes for your reviewer**:
none
**Release note**:
none
Kubernetes-commit: 1eb04f6a2a16b3b8642184db62719451c3e84d2a
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Kubernetes-commit: 49bee177b22f331c11860b227b5cc7f9ff9ec07c
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
add validation for fed-apiserver and apiserver run options
**What this PR does / why we need it**:
Add validation for fed-apiserver and apiserver run options
**Which issue this PR fixes**
fixes#50552
**Special notes for your reviewer**:
This is a follow-up of #50135
**Release note**:
```release-note
NONE
```
Kubernetes-commit: f9c861aa101b16a09dd10def70756dbb0b054868
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Fix conflict about getPortByIp
**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#43909
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a7ce691311f5462cf71d79a1f9431605198803af
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)
Manage BUILD files using gazelle + kazel
**What this PR does / why we need it**: uses the upstream `gazelle` tool to manage go rules in BUILD files.
This is needed to support Bazel builds on Mac OS and Bazel cross compilation in general.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47558
**Special notes for your reviewer**:
It's probably easiest to review this commit-by-commit:
* bump to latest `rules_go` (for recent `cgo_library` and `gazelle` improvements)
* update `kazel` with recent compatibility fixes (https://github.com/kubernetes/repo-infra/pull/28, https://github.com/kubernetes/repo-infra/pull/27), update `hack` scripts to download/build `gazelle`, and then run both `gazelle` and `kazel`. (Additionally make `gazelle` skip things it shouldn't touch.)
* run `hack/update-bazel.sh` to autogenerate everything
* remove the old `cgo_genrule` rules - these are now part of `go_library`
* remove the `automanaged` tags from all go rules - `gazelle` doesn't use them, and it prevents an old version of `kazel/gazel` from messing with the rules
* remove the `licenses()` rules from everywhere but `third_party/` - we don't need them, and `gazelle` won't add them on new `BUILD` files it generates.
**Release note**:
```release-note
NONE
```
for review:
/assign @mikedanese @spxtr
for approval:
/assign @thockin
Kubernetes-commit: 941ad0164d44cfcf96dd6efbb491e2222a3a23d3
Automatic merge from submit-queue
validate kube-apiserver options
**What this PR does / why we need it**:
Create Validate() or add more checks in existing Validate() for the following files:
* vendor/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go:80
* vendor/k8s.io/kube-aggregator/pkg/cmd/server/start.go:104
* vendor/k8s.io/sample-apiserver/pkg/cmd/server/start.go:82
* cmd/kube-apiserver/app/options/validation.go:49
**Which issue this PR fixes**:
fixes#50301
**Special notes for your reviewer**:
This PR follows #50135
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 984f1af5c55b55f1cbbefbe7afd8f3731f06dcd2
Automatic merge from submit-queue
add some checks for fedration-apiserver options
**What this PR does / why we need it**:
I find there is a TODO, see https://github.com/kubernetes/kubernetes/blob/master/federation/cmd/federation-apiserver/app/options/validation.go#L30
This PR add some checks for fedration-apiserver options
@sttts
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d40bfff29744de2b42d47627fe664a17cac04298
Automatic merge from submit-queue (batch tested with PRs 50254, 50174, 50179)
Revert "Merge pull request #47353 from apelisse/http-cache"
Some issues were discovered with the caching merged in #47353:
* uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
* writes get/list responses to disk that should not be cached (like `kubectl get secrets`)
* is vulnerable to partially written cache responses being used as responses to future requests
* breaks uses of the client transport that make use of websockets
* defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl
This reverts commit fc89743dca6b563063b74728c3b28100cf674d9d, reversing changes made to 29ab38e898988c36e2de34f77fa33be556eb21bd.
Kubernetes-commit: 187e6ab0bc35f696d8f5f574fab9aa457f253d34
This reverts commit fc89743dca6b563063b74728c3b28100cf674d9d, reversing
changes made to 29ab38e898988c36e2de34f77fa33be556eb21bd.
Kubernetes-commit: 4ee72eb300423772020dd1cf208159058ba7dab5
Automatic merge from submit-queue
Timeout and Max-in-flight don't report non-resource URLs correctly.
Unify error reporting for 429 and 504 to be correct for timeout and max in flight and eviction. Add better messages to eviction (removing a todo). Return the correct body content for timeouts (reason and code should be correct).
This potentially increases cardinality of 429, but because non-api urls may be under the max-inflight budget we need to report them somewhere (if something breaks and starts fetching API versions endlessly).
```release-note
The 504 timeout error was returning a JSON error body that indicated it was a 500. The body contents now correctly report a 500 error.
```
Kubernetes-commit: 8d6bbaa85f96f14ac9c9722ed1677e1052c974ba
Automatic merge from submit-queue
go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching
**What this PR does / why we need it**: Use HTTP ETag for caching Swagger spec download
This also adds a new command-line flag "cachedir" to specify where the cache should keep its file. It defaults to `$HOME/.kube/http-cache`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
Because this adds a bunch of dependencies, and removes a couple of files, I do recommend reading each commit individually.
**Release note**:
```release-note
```
Kubernetes-commit: fc89743dca6b563063b74728c3b28100cf674d9d
Automatic merge from submit-queue (batch tested with PRs 50103, 49677, 49449, 43586, 48969)
Run kazel on the entire tree
**What this PR does / why we need it**: part of #47558: auto-generate `BUILD` files on the entire tree, since this is what `gazelle` does, and it'll make subsequent reviews easier if less is changing.
**Release note**:
```release-note
NONE
```
/assign
/release-note-none
Kubernetes-commit: d15baf69e10f3eddd59da2f6972a723a08e7dac7
Automatic merge from submit-queue
fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go
**What this PR does / why we need it**: Fix a typo `It's members are sorted roughly in order of importance for composers.` in `staging/src/k8s.io/apiserver/pkg/server/config.go`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
`NONE`
Kubernetes-commit: 2bd0b3dd2616e5c4a6ef79d08dfb8bc8f5959ced
Automatic merge from submit-queue
Switch from package syscall to golang.org/x/sys/unix
**What this PR does / why we need it**:
The syscall package is locked down and the comment in https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 advises to switch code to use the corresponding package from golang.org/x/sys. This PR does so and replaces usage of package syscall with package golang.org/x/sys/unix where applicable. This will also allow to get updates and fixes
without having to use a new go version.
In order to get the latest functionality, golang.org/x/sys/ is re-vendored. This also allows to use Eventfd() from this package instead of calling the eventfd() C function.
**Special notes for your reviewer**:
This follows previous works in other Go projects, see e.g. moby/moby#33399, cilium/cilium#588
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5d24a2c19923d6da46110b827619f4b21cf689ac
Automatic merge from submit-queue
Add missing ugorji codecs for auth/v1, settings/v1alphav1 and storage/v1
Kubernetes-commit: f8affc7dcc9e227b5d883d2322105be779d22125
Automatic merge from submit-queue (batch tested with PRs 50029, 48517, 49739, 49866, 49782)
Update generated deepcopy code
**What this PR does / why we need it**:
In generated deepcopy code, the method names in comments do not match the real method names.
**Which issue this PR fixes**: fixes#49755
**Special notes for your reviewer**:
/assign @sttts @caesarxuchao
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 84e0326eb1f108f0d7aa2e9e48fb0c4a8edb4bd5
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Reintegrate aggregation support for OpenAPI
Reintegrating changes of #46734
Changes summary:
- Extracted all OpenAPI specs to new repo `kube-openapi`
- Make OpenAPI spec aggregator to copy and rename any non-requal model (even with documentation change only).
- Load specs when adding APIServices and retry on failure until successful spec retrieval or a 404.
- Assumes all Specs except aggregator's Spec are static
- A re-register of any APIService will result in updating the spec for that service (Suggestion for TPR: they should be registered to aggregator API Server, Open for discussion if any more changes needed for another PR.)
fixes#48548
Kubernetes-commit: 9067d359511890b893794c2e0a93bff88ed7d697
github.com/davecgh/go-spew/spew is set to the newest version, a bit
newer than required by testify. Updated from version 6 Nov 2015 to
27 Jun 2017.
github.com/stretchr/objx is not updated - testify uses version
from 27 May 2014 which is older than 28 Sep 2015 used now (latest
actually). In practice there is only a tiny difference - one method was
removed in new version.
Kubernetes-commit: de29d11bfe98fdd0dccd644b55bbe9759e89038d
We have a old boltdb/bolt, etcd has moved to newer boltdb, so we should
do the same. Specifically this change needs to be in our tree:
92410e0673
as this fixes intermittent issues we see in our CI runs. So in this
PR, we vendor the v1.3.0 version of boltdb/bolt.
Fixes#43973
Kubernetes-commit: 29e4031f6113e039e52b72c1db4b005db060abb3
Updates github.com/evanphx/json-patch dependency to a version that
doesn't crash when handling an invalid json patch.
Includes fix from https://github.com/evanphx/json-patch/pull/35Fix#40218
Kubernetes-commit: c02484d380f805484cda4dab0480a2af84c1b3de
Kubernetes Publisher
Renaud Gaubert
FengyunPan
Jordan Liggitt
Antoine Pelisse
Tobias Klauser
Clayton Coleman
Timothy St. Clair
Di Xu
Taylor Thomas
Mikhail Mazurskiy
Chao Xu
Huamin Chen
stuart.warren
David Ashpole
Tim Hockin
xilabao
mbohlool
deads2k
Phillip Wittrock
Jesse Haka
Davanum Srinivas
Andy Goldstein
Christoph Blecker
Mikkel Oscar Lyderik Larsen
Curtis Allen
Maciej Szulik
Wojciech Tyczynski
Janet Kuo
Seth Jennings