Automatic merge from submit-queue (batch tested with PRs 65830, 65780, 65961). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: get rid of ReadWritePort in config
Executing removal TODO by making the read write port logic explicit, and not hidden deep in the secure serving code.
Preparation for https://github.com/kubernetes/kubernetes/pull/65832
Kubernetes-commit: f6bbf1f6f8ab856b95baea56ab624672b09662fd
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
track schemes by name for error reporting
Getting an error message about a type not being in the scheme is hard to fix if you don't know which scheme is failing. This adds a name to the scheme which can be set during creation or can be set based on the calling stack. If you use the old constructor a name is generated for you based on the stack. Something like "k8s.io/client-go/dynamic/scheme.go:28" for instance.
Also moves a typer to its point of use. This was debt from previous refactors which I noticed going through.
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
Kubernetes-commit: 8e2fdb32bc84103b15310a221a375470bf567bdc
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.
Kubernetes-commit: c1c564fd4d21dd68ea14d7ea678d8619f47fe445
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: create self-signed certs
If secure serving is enabled (not automatically wired yet, but 3rdparties could wire it), create self-signed certs if none are given. Reuses the code from k8s.io/apiserver.
Kubernetes-commit: 667ad2b1631252daa1d0f12fe1b0fd51b571f22b
Automatic merge from submit-queue (batch tested with PRs 64911, 65710). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration tests
In analogy to kube-apiserver, this implements a uniform apiextensions-apiserver for integration tests which can be started using customized flags.
Kubernetes-commit: c7d4931dad9b15cba6913d3344b0cdc57615333f
Automatic merge from submit-queue (batch tested with PRs 65822, 65834, 65859, 65631). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: don't create self-signed certs with disabled secure serving
Kubernetes-commit: abf59aa8c47c0c94491f8ce8863297b5e1a9b8d5
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
make use of request.UserAgent()
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 97a4da713b43beb9b5d6d27854ace6cf354593d6
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add healthz check to ensure logging is not blocked
When running the apiserver/controllers in pods, we encountered a docker bug that blocked stdout/stderr (https://github.com/moby/moby/issues/31373)
That in turn blocked flushing logs, which in turn eventually blocked any goroutine that logs anything (which is pretty much all the important goroutines)
This adds a healthz check that logging is not blocked so that healthz indicates something is wrong
```release-note
NONE
```
Kubernetes-commit: a5ebe7ddf30a535c6347d0e9d685866c06360f55
Automatic merge from submit-queue (batch tested with PRs 65677, 65711, 65150, 65726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add additional authorization check for create-on-update
**What this PR does / why we need it**:
Currently it is possible for a user who is only authorized to update objects to send a PUT request for an object that doesn't currently exist, and if that resource allows create on update, it will all them to create the object. This PR fixes that bug and adds a test case which fails on master, but succeeds when the additional authorization check is done.
/sig api-machinery
/kind bug
/cc @liggitt @lavalamp
**Release note**:
```release-note
LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed.
```
Kubernetes-commit: 0e6d3f2abe57b00cd17acd6c92c9c0e0a2515011
Automatic merge from submit-queue (batch tested with PRs 64599, 65729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix go import
**What this PR does / why we need it**:
Fix go import introduced by #63777.
cc @lavalamp
/assign @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 70e6fd29532db9b40fc300d6d596053f826cbda8
Automatic merge from submit-queue (batch tested with PRs 65040, 65731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[trivial] fix option help message.
s/andif/and if/
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b770083da5afe215c168cf2e6f753fb02ea39cf4
Automatic merge from submit-queue (batch tested with PRs 65299, 65524, 65154, 65329, 65536). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow override of AllowCreateOnUpdate with new argument to Update
**What this PR does / why we need it**:
Changes the Update function signature to include a new bool which tells storage to override what the UpdateStrategy returns for AllowCreateOnUpdate. This is not exposed to the user, the handler is the one that sets this override value. Eventually the patch handler will set this to true, in order to provide more consistent apply behavior, without changing the existing PUT behavior.
Redo of https://github.com/kubernetes/kubernetes/pull/65075 but on master to reduce number of conflicts when we merge feature-serverside-apply with master.
/sig api-machinery
/cc @apelisse @lavalamp
**Release note**:
```release-note
NONE
```
No release note because this is just an internal change
Kubernetes-commit: dcf296a97a53aad4d95eb328c5e7c283eeba2fb1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
Kubernetes-commit: 7786bd8c9a99974e2cda31940dd4a1ef0a31c2e5
Automatic merge from submit-queue (batch tested with PRs 64741, 65484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enable etcdv3 client prometheus metics
**What this PR does / why we need it**:
Provide a way to enable etcdv3 client prometheus metics
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64740
**Special notes for your reviewer**:
**Release note**:
```release-note
Enable etcdv3 client prometheus metics
```
Kubernetes-commit: 1570d3851cce541f3e7a9eb9ae6f242255bf33e6
Automatic merge from submit-queue (batch tested with PRs 65593, 65678). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
simplify httplog.LogOf
**What this PR does / why we need it**:
LogOf returns the logger hiding in w, otherwise returns a passthroughLogger, and it never panics.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 83a8e42d035a6371fb94c8cb13a9664cc0bcacf1
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
cleanup: remove deadcode
/kind cleanup
remove deadcode
remove unnecessary conversion
```release-note
NONE
```
Kubernetes-commit: 16dbb95c51532e8a937a3ccb90223e8568b130c3
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix apiserver metrics
Kubernetes-commit: 4f465fac5b395b2395b65c91035b3803e8631e59
Automatic merge from submit-queue (batch tested with PRs 65319, 64513, 65474, 65601, 65634). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use same rvParse in watchcache and move cacheStorage in separate dir
**What this PR does / why we need it**:
Use same rvParse in watchcache and move cacheStorage in separate dir.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 7b46e884ae439c53439ce55779b34530df6fa3db
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
Lubomir I. Ivanov <neolit123@gmail.com>
applied ammend for:
pkg/cloudprovider/provivers/vsphere/nodemanager.go
Kubernetes-commit: 2bd91dda64b857ed2f45542a7aae42f855e931d1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: do not print feature gates for glog v=0
**What this PR does / why we need it**:
Demand verbosity level > 0 for glog Infof() calls when
setting feature gates in pkg/util/feature_gate.go.
Without this, regular calls to things like `kubeadm token generate` would also print `feature_gate.go:230] feature gates: &{map[]}`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#953
**Special notes for your reviewer**:
i doubt there is a particular reason to not use verbosity level here?
is `v=1` sufficient here?
/area apiserver
/area kubeadm
/kind cleanup
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @kubernetes/sig-api-machinery-pr-reviews
**Release note**:
```release-note
NONE
```
Kubernetes-commit: f0dcdd76229127df8364aa84bbe9f93313644f38
Kubernetes Publisher