Automatic merge from submit-queue (batch tested with PRs 61818, 61800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace gopass.GetPasswdMasked() by terminal.ReadPassword()
**What this PR does / why we need it**:
Replace `gopass.GetPasswdMasked()` used for reading passwords from the terminal with [`terminal.ReadPassword()`](https://godoc.org/golang.org/x/crypto/ssh/terminal#ReadPassword). This removes the `gopass` import.
**Special notes for your reviewer**:
Ran the following commands to update `godep` files:
```
./hack/godep-restore.sh -v
./hack/godep-save.sh
./hack/update-staging-godeps.sh
./hack/update-bazel.sh
```
/sig auth
/kind enhancement
/assign @ericchiang
```release-note
NONE
```
Kubernetes-commit: a5133305a9f347c79c20c5785d41cc9400be895e
Automatic merge from submit-queue (batch tested with PRs 61354, 61366, 61386, 61394, 60755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vendor: Update github.com/evanphx/json-patch
Updates github.com/evanphx/json-patch dependency
to fix handling tests against empty objects/arrays.
Includes fix from evanphx/json-patch#50
Kubernetes-commit: 18a7ea703bdf09f1ff0b83e15b3febf49a447a24
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump cfssl to be compatible with Go 1.10
Kubernetes-commit: ef3539e69e4c897f48ecd6b2dd73417ce0416b08
Automatic merge from submit-queue (batch tested with PRs 58716, 59977, 59316, 59884, 60117). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove deprecated /proxy paths
These were deprecated in v1.2.
ref https://github.com/kubernetes/kubernetes/issues/59885
```release-note
kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying.
```
@kubernetes/sig-api-machinery-api-reviews
Kubernetes-commit: 687c651dfd0793d53299b27c5472d69ef4c4c44f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc authentication: switch to v2 of coreos/go-oidc
Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms.
Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files.
This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex.
Closes https://github.com/kubernetes/kubernetes/issues/57806
```release-note
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag.
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
```
cc @rithujohn191 @liggitt
cc @kubernetes/sig-auth-pr-reviews
Kubernetes-commit: cdbc4fbe20c94694bc25910d54a7de52a98b6650
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove experimental keystone authenticator
**What this PR does / why we need it**:
experimental-keystone-url and experimental-keystone-ca-file were always
experimental. So we don't need a deprecation period.
KeystoneAuthenticator was on the server side and needed userid/password
to be passed in and used that to authenticate with Keystone. We now
have authentication and authorization web hooks that can be used. There
is a external repo with a webook for keystone which works fine along
with the kubectl auth provider that was added in:
a0cebcb559c5c0ab8a2e50b1ee11cc62f9ebb3a8
So we don't need this older style / hard coded / experimental code
anymore.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens.
```
Kubernetes-commit: 2a8049890af44ed2a665362766b14b7fd448226e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update vendor spf13/cobra to enforce required flags
**What this PR does / why we need it**:
spf13/cobra#502 has enforced checking flags that marked as required, an error will be raised if unset.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:fixes #54855
xref #48400fixeskubernetes/kubectl#121
**Special notes for your reviewer**:
/assign @liggitt @eparis
**Release note**:
```release-note
kubectl now enforces required flags at a more fundamental level
```
Kubernetes-commit: 048757b8a51333f59d3112d2b228d2f0102a4afc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: remove import of github.com/gregjones/httpcache
Moves NewCacheRoundTripper from `k8s.io/client-go/transport` to its own package. This prevents Kubernetes clients from requiring its dependencies.
This change removes the following transitive imports from `k8s.io/client-go/kubernetes`
```
github.com/google/btree
github.com/gregjones/httpcache
github.com/gregjones/httpcache/diskcache
github.com/peterbourgon/diskv
```
```release-note
NONE
```
Kubernetes-commit: 4a77bd53e88a719c612086df69a52899bbdd85af
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Version bump to etcd v3.2.13, grpc v1.7.5
Reapply https://github.com/kubernetes/kubernetes/pull/57160 but with etcd 3.2.13, which includes https://github.com/coreos/etcd/pull/9047 to fix https://github.com/kubernetes/kubernetes/issues/51099.
We need to scalability test this PR before merging it since the previous attempt to version bump to grpc v1.7+ resulted in a scalability test failure after the PR was merged to master, and we don't want to repeat that. No, no we don't.
Thanks @gyuho for fixing the etcd grpc issue and releasing etcd-3.2.13 on short notice.
**Release note**:
```release-note
Upgrade to etcd client 3.2.13 and grpc 1.7.5 to improve HA etcd cluster stability.
```
Kubernetes-commit: 531b97ba93e46cde4b1fcd3f170224dbecbe2c1d
Automatic merge from submit-queue (batch tested with PRs 57584, 57679). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update to latest gophercloud
**What this PR does / why we need it**:
Catch up with all the latest stuff from gophercloud
be3fd784 - Flavor Extra Specs Create
c2cafb46 - Flavor Extra Specs: List / Get
7b1b8775 - Compute v2: Flavor Access Add
cf81d92c - Add DELETE support in V3 volume types
a879b375 - Fix incorrect variable name
2997913a - Add pagination support in snapshots
a5c71868 - Support pagination in volume resources
1db0312e - TrivialFix incorrect variable name
69194d93 - Add basic CRUD acceptance testcases in snapshot V3
22c7abce - Add CREATE support in V3 volume types
aed60e9f - Add basic CRUD acceptance in volume V3
7cbf4661 - BlockStorage v3: volumetype get/list acc test
bcab0f79 - Update README with Thank Yous
f85e7c0f - Docs: Updating Contributing and Style Guides
be1b616c - Fix a small syntax error of TestShareTypeExtraSpecs test
3f38a1ee - Add List/Get support for volume type in volume V3
48a40399 - Support for setting availability_zone_hints to a router
747776a7 - Fix the undefined function error of TestPortsbindingCRUD test
a7ec61ea - Fix the undefined function error of TestNetworksProviderCRUD test
25e18920 - Compute v2: Add the extended status information API
b63d2fd3 - availability_zone_hints for network(s)
157d7511 - Add support for ipv6_address_mode and ipv6_ra_mode in subnets
ed468967 - DBv1: configurations acceptance test
578e2aab - Configuration group time parsing error
669959f8 - Compute v2: attachinterfaces acceptance test
8113f0cb - Add Nova interface-detach support
d6484abc - Add Nova interface-attach support
7883fd95 - fix reauth deadlock by not calling Token() during reauth
4d0f8253 - Add support to get interface of a server
7dc13e0d - AccTests: BlockStorage v2 ForceDelete
1e86e54d - Refactor blockstorage actionURL
e30da231 - Feature/support force delete
e193578c - add UseTokenLock method in ProviderClient to allow safe concurrent access
e6a5f874 - ObjectStorage v1: Rename ExtractLastMarker to extractLastMarker
c47bb004 - BlockStorage v2/v3: Reorder snapshot/volume ListOpts and update godoc
2c05d0e4 - Add 'tenant' support in volume&snapshot API
639d71fd - Networking v2: Port Security Extension
755794a7 - ObjectStorage v1: Subdir and Marker detection
a043441f - fixed bug with endless loop when using delimiter on folded directory
a4799293 - OpenStack: support OS_PROJECT_* variables
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: df259cc54d62fdf8ca89ab05d6e7931c022bfaea
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Version bump to etcd v3.2.11, grpc v1.7.5
Fix https://github.com/kubernetes/kubernetes/issues/56114: Update to etcd client 3.2.11
Version bumps:
- etcd from 3.1.10 to 3.2.11
- grpc from 1.3.0 to 1.7.5
- grpc-gateway from v1.1.0-25-g84398b9 to v1.3.0
TODO:
- [x] Apply etcd [3.2 client upgrade guide](https://github.com/coreos/etcd/blob/master/Documentation/upgrades/upgrade_3_2.md)
- [x] Apply grpc API changes in 1.6.0 and 1.7.0 [release notes](https://github.com/grpc/grpc-go/releases)
- [x] bbolt was pulled in transitively, why? We have tests that embed etcd, so we must vendor the etcd server and all it's dependencies.
- [x] Upgrade to containerd v1.0.0? Currently kubernetes depends on containerd v1.0.0-beta.2-159-g27d450a0 which depends on grpc v1.3.0, but containerd v1.0.0 depends on grpc 1.7.2. Not needed. The containerd grpc upgrade required [no code changes](ce3e32680d).
- [x] Fix all failing tests
- [x] Ensure we can safely upgrade grpc to 1.7.5 given that docker and cAdvisor still depend on grpc 1.3.0 (both in the versions we vend and on master for both projects). Should we hold off on this change until we have a docker release that uses gprc 1.7.x?
- [x] Wait for grpc 1.7.5 to be released (it will include https://github.com/grpc/grpc-go/pull/1747). Once released, bump grpc version in this PR and remove workarounds in `hack/godep-save.sh`.
Transitive dependencies on grpc:
- docker depends on grpc, but according to the package dependency graph (`go list -f '{{ .Deps }}'`) there are no dependencies from kubernetes to grpc via docker packages.
- containerd v1.0.0 depends on grpc 1.7.2, we should upgrade to containerd v1.0.0 soon, this can be done in a separate PR
- cadvisor depends on grpc 1.3.0 on master, it should upgrade it to grpc 1.7.5, this can be done in a separate PR
**Release note**:
```release-note
Upgrade to etcd client 3.2.11 and grpc 1.7.5 to improve HA etcd cluster stability.
```
Kubernetes-commit: a7b404ec7f7cbf153573b7b7e4b84267f36135d0
Automatic merge from submit-queue (batch tested with PRs 52013, 56719). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support autoprobing floating-network-id for openstack cloud provider
Currently if user doesn't specify floatingnetwork-id and loadbalancer.openstack.org/floating-network-id annotation, openstack cloud provider can't create a external LoadBalancer service.
Actually we can get floatingnetwork-id automatically.
If we get multiple floatingnetwork-ids, then ask user to specify one, or we use the floatingnetwork-id to create floatingip for external LoadBalancer service.
This is a part of #50726
**Special notes for your reviewer**:
/assign @dims
**Release note**:
```release-note
Support autoprobing floating-network-id for openstack cloud provider
```
Kubernetes-commit: 36ea6de4a0fd79b97768b9b58c634140f64fc73d
Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support VolumeV3 for OpenStack cloud Provider
Currently OpenStack supports Cinder v3 API, let Kubernetes support
it too.
Fix#52877
**Release note**:
```release-note
OpenStack cloud provider supports Cinder v3 API.
```
Kubernetes-commit: ba4b07a431a71f93d43cd7d58bcf9938a76fcb62
Automatic merge from submit-queue (batch tested with PRs 56021, 55843, 55088, 56117, 55859). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: pass a listener into genericapiserver bootstrapping
**What this PR does / why we need it**:
>At the moment we pass a port via the options into the config. A zero port does not work because the loopback clients created during apiserver initialization need to know the port before. Passing a listener into the server instead would allow us to use a zero port beforehand and bootstrapping order should be fine.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55784
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5337ff8009d02fad613440912e540bb41e3a88b1
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add monitoring support for hardware accelerators
Currently only NVIDIA GPU monitoring is implemented.
Feature repo issue: https://github.com/kubernetes/features/issues/369
cAdvisor PR: https://github.com/google/cadvisor/pull/1762
/kind feature
/sig node
/sig instrumentation
/area hw-accelerators
**Release note**:
```release-note
Kubelet now exposes metrics for NVIDIA GPUs attached to the containers.
```
Kubernetes-commit: 779105673ab2f00af9e02dc9ac3c6413588aeae4
Automatic merge from submit-queue (batch tested with PRs 55657, 54758, 47584, 55758, 55651). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Gophercloud dependency for reauth problem
**What this PR does / why we need it**:
Fixes picked up from gophercloud:
443743e883...0b6b13c4dd
Including the one for endless loop on reauth:
https://github.com/gophercloud/gophercloud/pull/604
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55656
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 08659652a2fa3c3f7ecbe91c591a5021f343c355
Automatic merge from submit-queue (batch tested with PRs 55093, 54966, 55047, 54971, 54786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vendor update: github.com/golang/protobuf
When I'm working on PR: https://github.com/kubernetes/kubernetes/pull/54782, I met a problem here: https://github.com/golang/protobuf/issues/372, which I think we need to update our vendor of protobuf
and I ask Dr. Stefan for suggestion, here is our coversation
shiywang [5:09 PM]
hi, Dr. Stefan i'm sorry to bother, I have a simple question, I was working on a pr which need to use protobuf custom field, and I run into this problem here: https://github.com/golang/protobuf/issues/372 which I think is due to our codebase's protobuf vendor is too old `vendor/github.com/golang/protobuf`, do you think I can update that vendor to lastest one ? also I noticed there's also an extend package called `vendor/github.com/gogo/protobuf/proto` what's the releationship between those two ? which one should I update ?
sttts
[5:11 PM]
hi
[5:11]
don't know much about the proto internals either, @claytonc is probably the only one
[5:12]
create a vendor/github.com/golang/protobuf bump PR and assign it to him
shiywang [5:12 PM]
sounds good, thank you sir
so
/assign @smarterclayton
for suggestion, thanks
```release-note
NONE
```
Kubernetes-commit: 5b7ce60fcebea445b7852d8dc2bce141a2bd7a3a
Automatic merge from submit-queue (batch tested with PRs 52717, 54568, 54452, 53997, 54237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[OpenStack]Remove the LbaasV1 of OpenStack cloud provider
The Neutron LbaasV1 has been declared obsolete, LbaasV2 is a
better choice.
So let's remove the codes of LbaasV1, only support LbaasV2.
xref: #52609
Reference OpenStack doc:
https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html
**Special notes for your reviewer**:
/assign @dims
/assign @anguslees
**Release note**:
```release-note
Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2.
```
Kubernetes-commit: b2b31ada149fb688aea0d62cd58e5416d5fd337b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update gRPC to pick up data race fix
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53124
**Special notes for your reviewer**:
**Release note**:
```release-note
update gRPC to v1.6.0 to pick up data race fixgrpc/grpc-go#1316
```
Kubernetes-commit: 70960a5ed785c64df837139a783f89901d7891f1
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Update gophercloud to Handle New Identity Endpoints
Currently openstack cloud provider just support keystone v2.0 and v3
The latest Identity Service is publishing an ID of v3.8, we should
update gophercloud to recognize v3.8 as a valid version id.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52830
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 4f2d7b93da2464a3147e0a7e71d896dd2bade9ad
Automatic merge from submit-queue (batch tested with PRs 52843, 52710, 52821, 52844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
update-staging-godeps: only mangle staging repos in staging Godeps.json
- this re-adds non-staging k8s.io/* repos to the staging Godeps.jsons
- x-outs instead of removing of staging dependencies in order to get a
precise trigger for a complete godep restore+save run in the publisher
bot.
The first breaks k8s.io/kube-aggregator's staging export.
The second potentially leads to inconsistent godeps in our exported staging repos.
Kubernetes-commit: 3ba46ee9fab32ccaeeee4af4a80375e6e1d71ace
Automatic merge from submit-queue (batch tested with PRs 51984, 51351, 51873, 51795, 51634)
Bug Fix - Adding an allowed address pair wipes port security groups
**What this PR does / why we need it**:
Fix for cloud routes enabled instances will have their security groups
removed when the allowed address pair is added to the instance's port.
Upstream bug report is in:
https://github.com/gophercloud/gophercloud/issues/509
Upstream bug fix is in:
https://github.com/gophercloud/gophercloud/pull/510
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#51755
**Special notes for your reviewer**:
Just an fix in vendored code. minimal changes needed in OpenStack cloud provider
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 9a8cb435b77085fa7d518c4428a02eae316b1003
Automatic merge from submit-queue (batch tested with PRs 51186, 50350, 51751, 51645, 51837)
Update Cadvisor Dependency
Fixes: https://github.com/kubernetes/kubernetes/issues/51832
This is the worst dependency update ever...
The root of the problem is the [name change of Sirupsen -> sirupsen](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276). This means that in order to update cadvisor, which venders the lowercase, we need to update all dependencies to use the lower-cased version. With that being said, this PR updates the following packages:
`github.com/docker/docker`
- `github.com/docker/distribution`
- `github.com/opencontainers/go-digest`
- `github.com/opencontainers/image-spec`
- `github.com/opencontainers/runtime-spec`
- `github.com/opencontainers/selinux`
- `github.com/opencontainers/runc`
- `github.com/mrunalp/fileutils`
- `golang.org/x/crypto`
- `golang.org/x/sys`
- `github.com/docker/go-connections`
- `github.com/docker/go-units`
- `github.com/docker/libnetwork`
- `github.com/docker/libtrust`
- `github.com/sirupsen/logrus`
- `github.com/vishvananda/netlink`
`github.com/google/cadvisor`
- `github.com/euank/go-kmsg-parser`
`github.com/json-iterator/go`
Fixed https://github.com/kubernetes/kubernetes/issues/51832
```release-note
Fix journalctl leak on kubelet restart
Fix container memory rss
Add hugepages monitoring support
Fix incorrect CPU usage metrics with 4.7 kernel
Add tmpfs monitoring support
```
Kubernetes-commit: 99aa992ce845fe947a406ac4d3f99d2208f0416b
Automatic merge from submit-queue
Use json-iterator instead of ugorji for JSON.
@smarterclayton @wojtek-t
Fixes#36120
xref #18762
```release-note
Switch JSON marshal/unmarshal to json-iterator library. Performance should be close to previous with no generated code.
```
Kubernetes-commit: 6a845c67f097cd76f9d90ab3c9c5b5603c70afe4
Automatic merge from submit-queue (batch tested with PRs 51480, 49616, 50123, 50846, 50404)
Kubectl to use http caching to cache openapi responses from the server
**What this PR does / why we need it**:
This PR is trying to address the problems raised in #50254
> * uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
> * writes get/list responses to disk that should not be cached (like kubectl get secrets)
> * is vulnerable to partially written cache responses being used as responses to future requests
> * breaks uses of the client transport that make use of websockets
> * defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl
All of these points are addressed by this pull-request:
1. It now uses atomic fs operations
2. Doesn't cache by default, only if requested by the client (and it's only done by openapi client)
3. Fixed because of atomic fs operations
4. Found the reason for the bug: Cache wrapper couldn't be unwrapped. I implemented the `WrappedRoundTripper` interface.
5. Since 2. is fixed, I think that should be fine
@smarterclayton @liggitt
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#50254
**Special notes for your reviewer**:
**Release note**:
```release-note
Allows kubectl to use http caching mechanism for the OpenAPI schema. The cache directory can be configured through `--cache-dir` command line flag to kubectl. If set to empty string, caching will be disabled.
```
Kubernetes-commit: 0f2c2bd847ca7a66035b2289e83359ef4c923617
Automatic merge from submit-queue (batch tested with PRs 51193, 51154, 42689, 51189, 51200)
Bumped gRPC version to 1.3.0
**What this PR does / why we need it**:
This PR bumps down the version of the vendored version of gRPC from v1.5.1 to v1.3.0
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Which issue this PR fixes**: fixes#51099
Which was caused by my previous PR updating to 1.5.1
**Special notes for your reviewer**:
@vishh @jiayingz @shyamjvs
**Release note**:
```
Bumped gRPC to v1.3.0
```
Kubernetes-commit: 5fb38a325efb343c2a0467a12732829bd5ed3c3c
Automatic merge from submit-queue (batch tested with PRs 50531, 50853, 49976, 50939, 50607)
Updated gRPC vendoring to support Keep Alive
**What this PR does / why we need it**:
This PR bumps the version of the vendored version of gRPC from v1.0.4 to v1.5.1
This is needed as part of the Device Plugin API where we expect client and server to use the Keep alive feature in order to detect an error.
Unfortunately I had to also bump the version of `golang.org/x/text` and `golang.org/x/net`.
- Design document: kubernetes/community#695
- PR tracking: [kubernetes/features#368](https://github.com/kubernetes/features/issues/368#issuecomment-321625420)
**Special notes for your reviewer**:
@vishh @jiayingz
**Release note**:
```
Bumped gRPC from v1.0.4 to v1.5.1
```
Kubernetes-commit: 967c19df4916160d4d4fbd9a65bad41a53992de8
Automatic merge from submit-queue (batch tested with PRs 47724, 49984, 49785, 49803, 49618)
Fix conflict about getPortByIp
**What this PR does / why we need it**:
Currently getPortByIp() get port of instance only based on IP.
If there are two instances in diffent network and the CIDR of
their subnet are same, getPortByIp() will be conflict.
My PR gets port based on IP and Name of instance.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fix#43909
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: a7ce691311f5462cf71d79a1f9431605198803af
Automatic merge from submit-queue (batch tested with PRs 50254, 50174, 50179)
Revert "Merge pull request #47353 from apelisse/http-cache"
Some issues were discovered with the caching merged in #47353:
* uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
* writes get/list responses to disk that should not be cached (like `kubectl get secrets`)
* is vulnerable to partially written cache responses being used as responses to future requests
* breaks uses of the client transport that make use of websockets
* defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl
This reverts commit fc89743dca6b563063b74728c3b28100cf674d9d, reversing changes made to 29ab38e898988c36e2de34f77fa33be556eb21bd.
Kubernetes-commit: 187e6ab0bc35f696d8f5f574fab9aa457f253d34
Automatic merge from submit-queue
go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching
**What this PR does / why we need it**: Use HTTP ETag for caching Swagger spec download
This also adds a new command-line flag "cachedir" to specify where the cache should keep its file. It defaults to `$HOME/.kube/http-cache`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: partly #38637
**Special notes for your reviewer**:
Because this adds a bunch of dependencies, and removes a couple of files, I do recommend reading each commit individually.
**Release note**:
```release-note
```
Kubernetes-commit: fc89743dca6b563063b74728c3b28100cf674d9d
Automatic merge from submit-queue
Switch from package syscall to golang.org/x/sys/unix
**What this PR does / why we need it**:
The syscall package is locked down and the comment in https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 advises to switch code to use the corresponding package from golang.org/x/sys. This PR does so and replaces usage of package syscall with package golang.org/x/sys/unix where applicable. This will also allow to get updates and fixes
without having to use a new go version.
In order to get the latest functionality, golang.org/x/sys/ is re-vendored. This also allows to use Eventfd() from this package instead of calling the eventfd() C function.
**Special notes for your reviewer**:
This follows previous works in other Go projects, see e.g. moby/moby#33399, cilium/cilium#588
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5d24a2c19923d6da46110b827619f4b21cf689ac
Kubernetes Publisher