Automatic merge from submit-queue (batch tested with PRs 51148, 50816, 49741, 50858, 51223)
Enable finalizers independent of GC enablement
Decouple finalizer processing from garbage collection configuration.
Finalizers should be effective even when garbage collection is disabled
for a given store.
Fixes https://github.com/kubernetes/kubernetes/issues/50528.
```release-note
NONE
```
/cc @kubernetes/sig-api-machinery-bugs
/cc @caesarxuchao @liggitt @sttts @pmorie
Kubernetes-commit: 7edab23997d012e142ff3e7a24fa24e69243575f
Automatic merge from submit-queue (batch tested with PRs 47115, 51196, 51204, 51208, 51206)
Add an OrDie version for AddPostStartHook
Simplifies usage and consolidate the error message so it is always
the same everywhere.
```release-note
NONE
```
Kubernetes-commit: 2c214baefc06cefd68cc282b532bfe526613e36c
Automatic merge from submit-queue (batch tested with PRs 51193, 51154, 42689, 51189, 51200)
Bumped gRPC version to 1.3.0
**What this PR does / why we need it**:
This PR bumps down the version of the vendored version of gRPC from v1.5.1 to v1.3.0
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Which issue this PR fixes**: fixes#51099
Which was caused by my previous PR updating to 1.5.1
**Special notes for your reviewer**:
@vishh @jiayingz @shyamjvs
**Release note**:
```
Bumped gRPC to v1.3.0
```
Kubernetes-commit: 5fb38a325efb343c2a0467a12732829bd5ed3c3c
Simplifies usage and consolidate the error message so it is always
the same everywhere.
Signed-off-by: Simo Sorce <simo@redhat.com>
Kubernetes-commit: 15c54ffa7750c3037f464933c2b678a9a94cea82
Decouple finalizer processing from garbage collection configuration.
Finalizers should be effective even when garbage collection is disabled
for a given store.
Fixes https://github.com/kubernetes/kubernetes/issues/50528.
Kubernetes-commit: ed5b5bb94e7c75f22a7fc302e47dade6c0d1662d
Automatic merge from submit-queue (batch tested with PRs 50893, 50913, 50963, 50629, 50640)
[advanced audit api] fuzz Event with random value
This is an error import by me:
https://github.com/kubernetes/kubernetes/pull/49115
We need to fuzz other parts of Event with random value, otherwise
this round trip test will not make too much sense.
@sttts
@ericchiang is also researching this.
**Release note**:
```
NONE
```
Kubernetes-commit: c13e9d14cde09e97cebd5883d04443d22cc91ca1
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
Updated gRPC vendoring to support Keep Alive
**What this PR does / why we need it**:
This PR bumps the version of the vendored version of gRPC from v1.0.4 to v1.5.1
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Special notes for your reviewer**:
@vishh @jiayingz
**Release note**:
```
Bumped gRPC from v1.0.4 to v1.5.1
```
Kubernetes-commit: 967c19df4916160d4d4fbd9a65bad41a53992de8
This is an error import by me:
https://github.com/kubernetes/kubernetes/pull/49115
We need to fuzz other parts of Event with random value, otherwise
this round trip test will not make too much sense.
@sttts @ericchiang
Kubernetes-commit: f2ec610455f3756afebfcbd99c108abc86a5015d
Automatic merge from submit-queue (batch tested with PRs 46512, 50146)
Make metav1.(Micro)?Time functions take pointers
Is there any reason for those functions not to be on pointers?
Kubernetes-commit: b59ad9cbfff866093a6c0ee26c3562e9ec9133e4
The first one being RecommendedPluginOrder the second one being DefaultOffPlugins.
In case a cluster-admin did not provide plugin names they will be derived from these fields.
Kubernetes-commit: 7a92947588070a8eedd0bf50edcfbf0fcc1d4096
Automatic merge from submit-queue
Add enj as reviewer to OWNERS
Adding myself as a reviewer for the following areas:
- API
- auth
- registry
- storage (etcd)
Signed-off-by: Monis Khan <mkhan@redhat.com>
**Release note**:
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
@kubernetes/sig-auth-pr-reviews
Kubernetes-commit: afabd09889d53ade30f1ce5b39b33ebe40f0a52f
Adding myself as a reviewer for the following areas:
- API
- auth
- registry
- storage (etcd)
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: dd06794bc20ef1e0889af576c7a4f7a2f607e49d
Automatic merge from submit-queue (batch tested with PRs 50255, 50885)
remove dead code for cloner
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0
**Release note**:
```
NONE
```
Kubernetes-commit: 2ba796fe47b3d17c5a385183d91a396aee580b87
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0
Kubernetes-commit: 7b5c7bb711e7f15a1bf216a7a51fd40148110fba
Automatic merge from submit-queue
fix typo
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 38053c3e4486e6a7fafd00b2784a1e67e0357f45
Automatic merge from submit-queue (batch tested with PRs 50281, 50747, 50347, 50834, 50852)
fix incorrect logic in admission register
**What this PR does / why we need it**:
There is no issue for this PR, just fix incorrect logic in invocation `func (ps *Plugins) Register(name string, plugin Factory) ` after browsing the code accidentally. And apparently, the logic exits potential panic.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
no issue
**Special notes for your reviewer**:
none
**Release note**:
none
Kubernetes-commit: 1eb04f6a2a16b3b8642184db62719451c3e84d2a
Automatic merge from submit-queue
Add metric for remaining lifetime of certificates authenticating requests
fixes#50778
When incoming requests to the API server are authenticated by a certificate, the expiration of the certificate can affect the validity of the authentication. With auto rotation of certificates, which is starting with kubelet certificates, the goal is to use shorter lifetimes and let the kubelet renew the certificate as desired. Monitoring certificates which are approaching expiration and not renewing would be an early warning sign that nodes are about to stop participating in the cluster.
**Release note**:
```release-note
Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server.
```
Kubernetes-commit: 6bc0b295b59d85ffbd1ee2044d6eb2e2277d5d21
Automatic merge from submit-queue (batch tested with PRs 49115, 47480)
Upgrade advanced audit to version v1beta1
This change does nothing but only upgrades advanced audit to version v1beta1.
There will be following up changes which does real effect to advanced audit feature.
After this change audit policy file should contain apiVersion and kind and has such format:
```
apiVersion: audit.k8s.io/v1alpha1
kind: Policy
rules:
- level: None
```
or use the v1beta1 policy:
```
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: None
```
Updates #48561
**Release note**:
```
Upgrade advanced audit to version v1beta1.
```
Kubernetes-commit: 49bee177b22f331c11860b227b5cc7f9ff9ec07c
When incoming requests to the API server are authenticated by a
certificate, the expiration of the certificate can affect the validity
of the authentication. With auto rotation of certificates, which is
starting with kubelet certificates, the goal is to use shorter lifetimes
and let the kubelet renew the certificate as desired. Monitoring
certificates which are approaching expiration and not renewing would be
an early warning sign that nodes are about to stop participating in the
cluster.
Kubernetes-commit: 49a19c6011e05363a8baf8e99c917d11a9496568
Automatic merge from submit-queue
advanced audit: shutdown batching audit webhook gracefully
Follow-up of https://github.com/kubernetes/kubernetes/pull/50439
When the `stopCh` passed to the batching audit webhook is closed, it stops accepting new events and when `Shutdown` method is called afterwards, it blocks until the last request to the webhook has finished.
/cc @tallclair @soltysh
Kubernetes-commit: 3211d4dde6c46856d896f09013717313a880cc0c
Automatic merge from submit-queue
FeatureGate: update comments
The godoc - https://godoc.org/k8s.io/apiserver/pkg/util/feature - does not contain descriptions of the functions. This PR adds them.
**Release note**:
```release-note
NONE
```
/cc @sttts
Kubernetes-commit: 1268c1a1e0220b52bf345f97007ed61dc7969caf
Automatic merge from submit-queue
apiservers: add synchronous shutdown mechanism on SIGTERM+INT
This is used to shutdown the auditing backend in order not to drop any pending events on the floor.
Kubernetes-commit: 4d6db7466c6fe79f502ba7efd55e605542849060
Automatic merge from submit-queue (batch tested with PRs 49129, 50436, 50417, 50553, 47587)
add validation for fed-apiserver and apiserver run options
**What this PR does / why we need it**:
Add validation for fed-apiserver and apiserver run options
**Which issue this PR fixes**
fixes#50552
**Special notes for your reviewer**:
This is a follow-up of #50135
**Release note**:
```release-note
NONE
```
Kubernetes-commit: f9c861aa101b16a09dd10def70756dbb0b054868
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Fix conflict about getPortByIp
**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#43909
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a7ce691311f5462cf71d79a1f9431605198803af
Clayton Coleman
Kubernetes Publisher
Dan Mace
Simo Sorce
Renaud Gaubert
Shyam JVS
Cao Shufeng
Renaud Gaubert
gmarek
p0lyn0mial
Monis Khan
duan-yue
guangxuli
Jacob Simpson
Dr. Stefan Schimanski
Mik Vyatskov
Nikhita Raghunath
m1093782566