Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: return 4xx for invalid patch
Fixes#54423
Currently, an invalid patch returns 500. The apiserver should return a 400 (`BadRequest`) or 422 (`Unprocessable Entity`).
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 6659f2a7d894a404d59265a708a2d2bd03806e98
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix import path error
**What this PR does / why we need it**:
fix import warning.
"k8s.io/apiserver/pkg/admission/plugin/webhook" import packages that expects import "k8s.io/kubernetes/plugin/pkg/admission/webhook"
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e5c732ee93853222dc2c2fedaa986054ae165b5b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Shutdown http handlers before shutting down audit backend
**What this PR does / why we need it**:
Currently, audit backend is shut down before http handlers stop processing requests, so some audit events can be dropped in case of batching webhook.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50781
**Special notes for your reviewer**:
**Release note**:
```release-note
Shutdown http handlers in kube-apiserver before shutting down audit backend.
```
Kubernetes-commit: 7a6a58f4444c60a9b3fefe335a303f0c230d8f10
Automatic merge from submit-queue (batch tested with PRs 54165, 53909). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding an e2e test for admission webhook
Part of https://github.com/kubernetes/features/issues/492
The purpose of this test is making sure the webhooks get called, and the apiserver can communicate with the webhook.
We will expand the test cover more webhook features in followups.
The webhook used in the test rejects pods with container names "webhook-disallow". Will upload the source code of the example in a follow up PR.
Kubernetes-commit: 444d0c11153647d45b899b25a5dbbd3a5ea4a123
Automatic merge from submit-queue (batch tested with PRs 54331, 54655, 54320, 54639, 54288). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove the nesting directory webhook/webhook
A mechanical change to remove the accidental nesting webhook/webhok directory.
@deads2k lgtm'ed the change and approved for self tagging over a slack chat.
Kubernetes-commit: 70b01d75d1289f27f3e952d1e784f39a2000a1de
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use the core client with explicit version globally
**What this PR does / why we need it**:
As mentioned in #49535 and #50605, we want to have a global replace to use core client with explicit version.
**Which issue this PR fixes**: fixes#49535
**Special notes for your reviewer**:
The actual type of clientSet.Core() is already the same with clientSet.CoreV1(), so it should be safe replacement.
The places that clientSet.Core() are still in use are identified by IDE "find usages", and changes are made with one time global replace. Hopefully there will be none left after this PR merged.
Let me know if this PR is too big to review, I can split it into some smaller ones.
/cc @kubernetes/sig-api-machinery-pr-reviews
/cc @k82cn @sttts
**Release note**:
```release-note
none
```
Kubernetes-commit: d8ec716f4d7cabc8fa1fc825b20feffe105e99a9
The DestroyFunc functions returned by generic.NewRawStorage is never
called when we do a StartTestServer() in the test suite. For a quick
hack for now, added TrackStorageCleanup/RegisterStorageCleanup and
CleanupStorage. Note that unless TrackStorageCleanup is called (which
is called only from the test suite) the other two methods are
no-ops essentially. So no change in behavior at runtime. This vastly
brings down the number of goroutines that are left behind when this
test is executed and should reduce if not eliminate the flakiness
of TestCRD
Kubernetes-commit: 00bcbd1311af711f70c771d790137b93ce48309a
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move webhook admission to generic apiserver
This builds on https://github.com/kubernetes/kubernetes/pull/54414.
It moves the admission webhook into the generic apiserver. It also allows the injection of a server managed way to override the rest.Config used for a particular service. This makes for an easier point to allow auto-configuration of the kube-apiserver to loopback to itself as a special case for kubernetes.default.svc.
@kubernetes/sig-api-machinery-pr-reviews
```release-note
the generic admission webhook is now available in the generic apiserver
```
Kubernetes-commit: 9ec88d0d45a7273bfbac70ad51279112eeeda00a
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[OpenStack]Remove the LbaasV1 of OpenStack cloud provider
The Neutron LbaasV1 has been declared obsolete, LbaasV2 is a
better choice.
So let's remove the codes of LbaasV1, only support LbaasV2.
xref: #52609
Reference OpenStack doc:
https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2.
```
Kubernetes-commit: b2b31ada149fb688aea0d62cd58e5416d5fd337b
Automatic merge from submit-queue (batch tested with PRs 53760, 48996, 51267, 54414). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update admission webhook to handle multiple auth domains
Fixes https://github.com/kubernetes/kubernetes/issues/54404
Adds some wiring to have the admission plugin accept a config file for per-apiserver configuration.
@kubernetes/sig-auth-api-reviews @deads2k @ericchiang @liggitt in particular
@kubernetes/sig-api-machinery-pr-reviews @lavalamp @caesarxuchao @sttts @cheftako
```release-note
generic webhook admission now takes a config file which describes how to authenticate to webhook servers
```
Kubernetes-commit: 17638ee0183ea69d02cd76e078e95c0ad033a0a6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add README and LICENSE to staging repos
Addresses https://github.com/kubernetes/kubernetes/issues/54398.
We should use the staging files instead of having some files
authoritative in the external repo. Otherwise, we complicate the
publishing process as it has to know which files come from the latter.
`README.md` and `LICENSE` are authoritative in external repos.
We should move them to staging.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7b588817caa6ae9b763fca798f88ed4a0c21d6aa
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
audit backend run before http server start and register presShutdown …
…hook
**What this PR does / why we need it**:
1. audit backend run before http server start , prevent coming request audit blocking
2. audit backend use preShutdownHook.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54286
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 192bb6262b5a73438d958408f91d198384c3f497
Automatic merge from submit-queue (batch tested with PRs 54199, 54181, 54196). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update openapi to use kube-openapi code
**What this PR does / why we need it**: OpenAPI code has moved to `github.com/kubernetes/kube-openapi`. Let's use that code as a dependency, since now it's duplicated.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#51823
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
No user visible changes. Just code moving around.
Kubernetes-commit: 507790c9c6f50b580b4409b5ac93b10a24570819
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update gRPC to pick up data race fix
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53124
**Special notes for your reviewer**:
**Release note**:
```release-note
update gRPC to v1.6.0 to pick up data race fixgrpc/grpc-go#1316
```
Kubernetes-commit: 70960a5ed785c64df837139a783f89901d7891f1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update admission webhook to accept client config
Fixes https://github.com/kubernetes/kubernetes/issues/53827
This plumbs a complete client through the plugin initializer for admission webhooks. It achieves parity with our existing webhooks and provides flexibility if people want to do something special or different. Easy things are easy, hard things are possible. This does not change behavior for kube-apiserver.
@kubernetes/sig-auth-api-reviews @kubernetes/sig-api-machinery-bugs
Kubernetes-commit: f07b359e5bd5af8947b32309865dada7043d59e3
Automatic merge from submit-queue (batch tested with PRs 54145, 53821). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added PreStopHooks to apiserver to allow clean shutdown.
BootStrapController now registers a PreStopHook to clean up the kubernetes service endpoints. The PreStopHooks allow the apiserver to shutdown cleanly under a controlled shutdown case. The BootStrapController's PreStopHook will clean up after itself by removing the apiserver from the list of IPs in the kubernetes service.
fixes#53438
Kubernetes-commit: 78ada62c3086f3d2e743b6e7cc696e390a619585
Add interpretPatchError to return appropriate http code
(400 or 422) according to the error type.
We add this function in apiserver because we don't want
to mention the http code in apimachinery. The apimachinery
code is also used in kubectl. The client should not return
a server error.
Add a test to validate the http error code and error message.
Kubernetes-commit: e0a2168ecbf8b4e43f932a32fa55cd55215123cc
We should use the staging files instead of having some files
authoritative in the external repo. Otherwise, we complicate the
publishing process as it has to know which files come from the latter.
README.md and LICENSE are authoritative in external repos.
We should move them to staging.
Kubernetes-commit: 0e466262743f9fd115573b91bc71e9690f0eccf7
Cao Shufeng
hzxuzhonghu
Antoine Pelisse
Daniel Smith
Kubernetes Publisher
Dr. Stefan Schimanski
Janet Kuo
Chao Xu
Davanum Srinivas
Jordan Liggitt
Maru Newby
Kevin
David Eads
Nikhita Raghunath
Shyam JVS