Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update rules_go, repo-infra, and rules_docker dependencies
**What this PR does / why we need it**: several of our bazel dependencies were getting pretty old, since they required bazel 0.5.4+ but there were various failures if we tried to use them with bazel 0.5.4.
Now that bazel 0.6.0 (and 0.6.1) have been out for a while, we can bump our dependencies and get a number of fixes and new functionality.
x-ref #52677 and others
**Special notes for your reviewer**:
* This will now explicitly require bazel 0.6.0+ to build kubernetes.
* Our staging directories are causing some issues for `gazelle`; it wants to set `importpath = "k8s.io/kubernetes/staging/src/k8s.io/blah"` instead of `importpath = "k8s.io/blah"`. I'm not sure what is the correct way to fix this; what we're doing here is pretty weird and nonstandard. I've used a `sed` substitution for now.
* The `-proto=default` option of `gazelle` has a number of bugs right now (https://github.com/bazelbuild/rules_go/issues/888, https://github.com/bazelbuild/rules_go/issues/900, https://github.com/bazelbuild/rules_go/issues/907), so I am forcing the legacy behavior.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @spxtr @BenTheElder
Kubernetes-commit: 77b83e446b4e655a71c315ad3f3890dc2a220ccf
Automatic merge from submit-queue (batch tested with PRs 53249, 53586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
rename encryptionconfig_test.go and remove unused filed in envelopeTransformer
**What this PR does / why we need it**:
useless field `cacheSize` and rename test file match original `config.go`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: fd57b1c0028d2a584057e4d8aa045ecdd3f1995b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
generic webhook: set a default timeout for webhook requests
Add a 30 second timeout for all HTTP requests that the webhook sends
so they timeout instead of hanging forever.
closes https://github.com/kubernetes/kubernetes/issues/53698
cc @kubernetes/sig-api-machinery-pr-reviews
```release-note
NONE
```
Kubernetes-commit: 45fd545366eeed5160c18fdcee71a2831d4a6b71
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add RequestReceivedTimestamp and StageTimestamp to audit event
fixes https://github.com/kubernetes/kubernetes/issues/52160
**Release note**:
```
Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events.
```
Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Mark etcd-quorum-read as deprecated.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
ref: #53662 ##53717
**Special notes for your reviewer**:
/cc @liggitt @dims @anguslees
**Release note**:
```release-note
Deprecation: The flag `etcd-quorum-read ` of kube-apiserver is deprecated and the ability to switch off quorum read will be removed in a future release.
```
Kubernetes-commit: 1289fac587af91c66dc779751dd379c995b384cb
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make feature gates loadable from a map[string]bool
Command line flag API remains the same. This allows ComponentConfig
structures (e.g. KubeletConfiguration) to express the map structure
behind feature gates in a natural way when written as JSON or YAML.
For example:
KubeletConfiguration Before:
```
apiVersion: kubeletconfig/v1alpha1
kind: KubeletConfiguration
featureGates: "DynamicKubeletConfig=true,Accelerators=true"
```
KubeletConfiguration After:
```
apiVersion: kubeletconfig/v1alpha1
kind: KubeletConfiguration
featureGates:
DynamicKubeletConfig: true
Accelerators: true
```
Fixes: #53024
```release-note
The Kubelet's feature gates are now specified as a map when provided via a JSON or YAML KubeletConfiguration, rather than as a string of key-value pairs.
```
/cc @mikedanese @jlowdermilk @smarterclayton
Kubernetes-commit: df072ca97ee0248968c043759f0016e19911389e
Automatic merge from submit-queue (batch tested with PRs 52354, 52949, 53551). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable API chunking and promote to beta for 1.9
All list watchers default to using chunking. The server by default fills pages to avoid low cardinality filters from making excessive numbers of requests. Fix an issue with continuation tokens where a `../` could be used if the feature was enabled.
```release-note
API chunking via the `limit` and `continue` request parameters is promoted to beta in this release. Client libraries using the Informer or ListWatch types will automatically opt in to chunking.
```
Kubernetes-commit: 23cc4dc50ab223751d5a7983faa3fa6b811f2255
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin.
**What this PR does / why we need it**: removes `k8s.io/kubernetes/pkg/api` dependency from `webhook` plugin. The runtime.scheme can be injected to the webhook from the plugin initializer.
**Release note**:
```
NONE
```
Kubernetes-commit: d6b18a96ddf26827a2b497ac1f857961ba604b42
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move initializer plugin to the generic apiserver
* Moves `k8s.io/kuberentes/plugin/pkg/admission/initialization` to `k8s.io/apiserver/pkg/admission/plugin/initialization`
* Moves `k8s.io/kubernetes/pkg/kubeapiserver/admission/configuration` to `k8s.io/apiserver/pkg/admission/configuration`
* The initializer plugin used to depend on `k8s.io/kubernetes` because it does a type assertion of `api.Pod`. It tries to skip mirror pod. I converted that code to use the generic accessor pattern.
Kubernetes-commit: 6154a9e16c09286f0d94120130ffb85cb42d481d
Automatic merge from submit-queue (batch tested with PRs 53525, 53652). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: remove ObjectCopier interface(s)
The big commit is a mechanical, transitive removal of the copier interfaces in all structs and function calls.
Kubernetes-commit: aaf14d4619ddae90ec753959053a74967832058c
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adjust defaults of audit webhook backends
This PR:
- increases the default buffer size to contain at lease on the order of magnitude audit events than it's possible to have simultaneous requests (500 AFAIR)
- increase the default batch size. From our load tests .95 size of the log entry is under 2.5KB, therefore 400 entry will sum up to ~1MB request, which sounds reasonable
- increase the initial backoff size. AFAIU, if the initial value is zero, all retries will be used in under 15 seconds (with 0.2 jitter and 1.5 factor), while the backend or a proxy can be unavailable for some reason for 30 seconds and more.
- add throttling to the batching audit webhook
A PR to make these parameters configurable will follow-up
@hzxuzhonghu implemented throttling part of this PR
```release-note
Adjust batching audit webhook default parameters: increase queue size, batch size, and initial backoff.
Add throttling to the batching audit webhook. Default rate limit is 10 QPS.
```
/cc @sttts @tallclair @CaoShuFeng @ericchiang @piosz
Kubernetes-commit: 5cc95fbf277583dbd6b4b40610a92eb856bd9a7b
Automatic merge from submit-queue (batch tested with PRs 53278, 53184). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add API version apps/v1, and bump DaemonSet to apps/v1
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: kubernetes/features#484
**Special notes for your reviewer**: This PR targets `master`, as a backup if #53223 (targeting features branch) falls through
@kubernetes/sig-apps-api-reviews
**Release note**:
```release-note
Add API version apps/v1, and bump DaemonSet to apps/v1
```
Kubernetes-commit: fc81ec01e51e6bcda6ed96f0f73799b43634d8d1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
removes Authorizer and ExternalClientSet from kubeapiserver's admissi…
**What this PR does / why we need it**:
removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer.
**Release note**:
```
NONE
```
Kubernetes-commit: 8e30314c95e8c42fbb4005ab38b70b488d3eddea
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop assigning satnam reviews
we should automate this.
Kubernetes-commit: c746bd3c8a927d102750bf33afa745b0b1260254
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some typos in api/types
**What this PR does / why we need it**:
Fix some typos in api/types
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53420
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Kubernetes-commit: 029ed12b332dc358782a453f9ed904fa16844d8c
Automatic merge from submit-queue (batch tested with PRs 51765, 53053, 52771, 52860, 53284). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make feature gate enablement checks lock-free
Since we almost never write to this object after initial creation (basically, just in tests or during API server startup), this is a good candidate for the ["read mostly"](https://golang.org/pkg/sync/atomic/#example_Value_readMostly) pattern which leaves the reads lock-free
Kubernetes-commit: 9dd4cf796462b43bb7d7d5eeca850ec72f6f9a1e
Automatic merge from submit-queue (batch tested with PRs 51765, 53053, 52771, 52860, 53284). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add an option for turning on/off compaction from apiserver in etcd3 mode
…erver
**What this PR does / why we need it**:
This commit adds an option for controlling request of compaction to
etcd3 from apiserver. There is a situation that apiserver cannot fully
own its etcd cluster (e.g. sharing it with canal). In such a case,
apiserver should have limited access in terms of etcd's auth
functionality so it don't have a privilege to issue compaction
requests. It means that the compaction requests should be issued by
other component and apiserver's compaction requests are needless.
For such use cases, this commit adds a new flag
storagebackend.Config.DoCompaction. If the flag is true (default),
apiserver issues the compaction requests like current behaviour. If it
is false, apiserver doesn't issue the requests.
**Related issue (etcd)**
https://github.com/coreos/etcd/issues/8458
/cc @xiang90 @struz
**Release note:**
```release-note
Add --etcd-compaction-interval to apiserver for controlling request of compaction to etcd3 from apiserver.
```
Kubernetes-commit: 5dfea9e6091a818f90e8df5afcc750b5f01fa9b7
Add a 30 second timeout for all HTTP requests that the webhook sends
so they timeout instead of hanging forever.
Kubernetes-commit: 2de3ee5c48503d3b3214aef55ae7fd0dacc40457
Pick a reasonable middle ground between allocating larger chunks of
memory (2048 * ~500b for pod slices) and having many small allocations
as the list is resized by preallocating capacity based on the expected
list size. At worst, we'll allocate a 1M slice for pods and only add
a single pod to it (if the selector is very specific).
Kubernetes-commit: ce0dc76901bd1ce36ca20c5cf96b89088d0e95a2
We need the go struct tags `patchMergeKey` and `patchStrategy`
for fields that support a strategic merge patch. For native
resources, we can easily figure out these tags since we know
the fields.
Because custom resources are decoded as Unstructured and
because we're missing the metadata about how to handle
each field in a strategic merge patch, we can't find the
go struct tags. Hence, we can't easily do a strategic merge
for custom resources.
So we should fail fast and return an error.
Kubernetes-commit: 79349c93bddcc1125a9d6ea4528c6d63b172f083
move k8s.io/kubernetes/plugin/pkg/admission/initialization to
k8s.io/apiserver/pkg/admission/plugin/initialization/initialization.go;
move k8s.io/kubernetes/pkg/kubeapiserver/admission/configuration to
k8s.io/apiserver/pkg/admission/configuration.
Kubernetes-commit: 89a0511fcb22caf23427587c026952b2a387f293
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
moved admission interfaces WantsClientCert, WantsAuthorizer and Wants…
**What this PR does / why we need it**:
moves some admission interfaces to apiserver, hopefully moving the webhook admission in the future will be much easier.
**Release note**:
```
NONE
```
Kubernetes-commit: dd99659dc1e174b7f2e13f77bbc48be9032b38a2
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ring buffer for shared informer notifications
**What this PR does / why we need it**:
Improves memory allocation for shared informer listeners. Instead of always appending to the slice use as a ring buffer, avoiding reslice operations as long as there is room in the slice. See https://github.com/kubernetes/kubernetes/pull/47045#issuecomment-317621259 for details. This is a follow up PR for #47045.
Results from BenchmarkListener:
```
Current code (from the #47045):
1000000 1540 ns/op 109 B/op 1 allocs/op
```
```
New code:
1000000 1162 ns/op 16 B/op 1 allocs/op
```
**Special notes for your reviewer**:
Only review the last commit, this branch is based on #47045 PR. I'll rebase onto master once it is merged.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
/cc @deads2k @ncdc
Kubernetes-commit: bb035a2854e690d726ece2f8c5e1b8f4b7aef930
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Endpoints can add a get or connect options type in their group
optionsExternalVersion is being used for shared types (meta.k8s.io). The
installer should first look in the current API group for GET and CONNECT
options objects before checking in `v1`.
OpenShift hit this while registering a new connect handler endpoint in an api group for an api that is aggregated. OpenShift should not be registering its API types into the core API group.
Kubernetes-commit: f16ed167f7d00ed0502cbeb88f9aa66b5e043d18
Automatic merge from submit-queue (batch tested with PRs 50280, 52529, 53093, 53108, 53168). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add 201/Status to the list of returned objects.
**What this PR does / why we need it**:
Adds 201/202 to the list of codes/objects returned by `POST` and 201 to the list of codes returned by `PUT` requests in Swagger/OpenAPI
**Special notes for your reviewer**:
This helps fix
https://github.com/kubernetes-client/csharp/issues/29
**Release note**:
```release-note
Adds 201/202 to the list of codes/objects returned by `POST` and 201 to the list of codes returned by `PUT` requests in Swagger/OpenAPI
```
Kubernetes-commit: ba4f5ced3cfd30649588b36dea99c8c55433f0b4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
exposes a method on AdmissionOptions
**What this PR does / why we need it**:
exposes a method on AdmissionOptions that will set default admission plugin names when none were provided from the command line.
**Release note**:
```
NONE
```
Kubernetes-commit: 208ae55f6d0ea750853c9c9362fcc111d157cd09
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a negotiate method media type for use in explicit contexts
There are more cases now where we want to negotiate from contexts where we have a media type but no request.
Kubernetes-commit: e33dd983ed75d15245534c87ddaf843aa617638a
David Eads
Dr. Stefan Schimanski
Kubernetes Publisher
Mik Vyatskov
Chao Xu
Mike Danese
Robert Rati
Jeff Grafton
xiangpengzhao
Cao Shufeng
Di Xu
Eric Chiang
Jordan Liggitt
Clayton Coleman
p0lyn0mial
dahefanteng
Nikhita Raghunath