Automatic merge from submit-queue (batch tested with PRs 61354, 61366, 61386, 61394, 60755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vendor: Update github.com/evanphx/json-patch
Updates github.com/evanphx/json-patch dependency
to fix handling tests against empty objects/arrays.
Includes fix from evanphx/json-patch#50
Kubernetes-commit: 18a7ea703bdf09f1ff0b83e15b3febf49a447a24
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump cfssl to be compatible with Go 1.10
Kubernetes-commit: ef3539e69e4c897f48ecd6b2dd73417ce0416b08
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add unit test for function FeatureGateSetFromMap and FeatureGateString
**What this PR does / why we need it**:
add unit test for function FeatureGateSetFromMap and FeatureGateString
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: cba7843cb403e1d7864a59949e0ec6c8927ea403
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
**What this PR does / why we need it**:
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
xref: [remove YEAR fileds in gengo #91](https://github.com/kubernetes/gengo/pull/91)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#gengo/issues/24](https://github.com/kubernetes/gengo/issues/24)
**Special notes for your reviewer**:
/cc @thockin @lavalamp @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e40ffd71972b820aeed283946e880aa2479f8524
Automatic merge from submit-queue (batch tested with PRs 61087, 61075, 61213, 61149, 60826). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Grant sig leads feature approval powers
**What this PR does / why we need it**:
Sig leads already approve features for milestones and do a lot of code reviews. They should be able to approve changes to the associated feature gates, rather than needing to escalate every feature to root owners.
I omitted some sigs that shouldn't need to approve features in the base repo. LMK if I missed any, or these should be included in the approvers:
- AWS
- Azure
- Big Data
- Contributor Experience
- Docs
- GCP
- OpenStack
- Product Management
- Service Catalog
- Testing
- UI
For posterity, here's the script I used: https://gist.github.com/tallclair/1128aefa3186b0c3a8f4603929d2354e
**Special notes for your reviewer**:
@sig-leads: Please use responsibly :)
**Release note**:
```release-note
NONE
```
Kubernetes-commit: d84c938da5438e05eacb7437aa3602927c857b0b
Automatic merge from submit-queue (batch tested with PRs 60919, 60953, 61085, 61083, 60971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[advanced audit]fix comment about throttle burst
/assign @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: ad432fa6bde65adad109f484a31f229de593b570
Automatic merge from submit-queue (batch tested with PRs 60919, 60953, 61085, 61083, 60971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix bug in apiserver.k8s.io RootScopedKinds
RootScopedKinds in group ` apiserver.k8s.io` should be `AdmissionConfiguration`
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 32d6a9356d8659236806cd8bd5c2817a2b809819
Automatic merge from submit-queue (batch tested with PRs 61003, 61031, 60360, 58349, 60922). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
log enabled admission controller in order
This change log enabled mutating and validating admission controller
in order.
ref: https://github.com/kubernetes/kubernetes/pull/60838/files#r173295334
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 4c8657c0872eb2835e1c9dac1114366d915c4381
Automatic merge from submit-queue (batch tested with PRs 60759, 60531, 60923, 60851, 58717). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate EtcdOptions.EtcdServersOverrides in EtcdOptions.Validate
move `EtcdOptions.EtcdServersOverrides` validation from `BuildStorageFactory` to `EtcdOptions.Validate`, which fails fast in kube-apiserver startup.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 691a7d43588692501e27be2375bebad1c30b7ae5
Automatic merge from submit-queue (batch tested with PRs 60363, 59208, 59465, 60581, 60702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver clean code
**What this PR does / why we need it**:
1. clean up some redundant code in kube-apiserver startup
1. comment on `preparedGenericAPIServer`, which is just a wrapper of `GenericAPIServer`.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 18d9e1c450d6e080dad11af1f27d371325fba5ef
Automatic merge from submit-queue (batch tested with PRs 59740, 59728, 60080, 60086, 58714). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
more concise to merge the slice
**What this PR does / why we need it**:
more concise to merge the slice
**Special notes for your reviewer**:
Kubernetes-commit: c64f19dd1b5d0f81dd4d59cf6aa5c23cf1e46f5d
Updates github.com/evanphx/json-patch dependency
to fix tests against empty objects/arrays.
Includes fix from evanphx/json-patch#50
Kubernetes-commit: 758d3e7c576f0761b23fed69c3b5dabf6013e8d0
Automatic merge from submit-queue (batch tested with PRs 60906, 60943). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make admission webhooks honor scheme part of url
**What this PR does / why we need it**:
Bug fix, allow webhooks to use the scheme provided in clientConfig, instead of defaulting to http.
(more in issue)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60942
```release-note
Bug fix, allow webhooks to use the scheme provided in clientConfig, instead of defaulting to http.
```
/kind bug
/sig api-machinery
Kubernetes-commit: 71b40cbce509960cb020822c85e05b379c37d722
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc: add rithujohn191 as a reviewer
cc @rithujohn191
/sig auth
/kind documentation
```release-note
NONE
```
Kubernetes-commit: f196b7c7523dbf0d6ed703a93af73f54e9d2e42c
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Prevent webhooks from affecting admission requests for WebhookConfiguration objects
**What this PR does / why we need it**:
As it stands now webhooks can be added to the system which make it impossible for a user to remove that webhook, or two webhooks could be registered which make it impossible to remove each other.
The first commit of this will add a test to make sure webhook deletion is never blocked by a webhook. This test will fail until the second commit is added which will prevent webhooks from affecting admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group
- [x] Test that webhook deletion is never blocked by a webhook ([test fails before second commit](https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/59840/pull-kubernetes-e2e-gce/23731/))
- [x] Prevent webhooks from being called on admission requests for [Validating|Mutating]WebhookConfiguration objects
- [x] Document this new behavior maybe in another PR
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of fixing #59124 (Verifies that it can remove the broken webhook.)
**Release note**:
```release-note
ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group
```
Kubernetes-commit: 5066a67caaf8638c7473d4bd228037d0c270c546
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix initializing watch cache
When initializing watch cache, set auxiliary fields in `storeElement` object. Fixes#60507.
```release-note
NONE
```
Kubernetes-commit: e2dee6073933c99b63addecfd6397c058b512cd4
Automatic merge from submit-queue (batch tested with PRs 60470, 59149, 56075, 60280, 60504). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused function negotiate() and writeYAML()
**What this PR does / why we need it**:
remove unused function negotiate() and writeYAML() in k8s.io/apiserver/pkg
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: e2cbda006a802b74bc521284c7ccc6caaa3aae25
Automatic merge from submit-queue (batch tested with PRs 59365, 60446, 60448, 55019, 60431). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove dep-reviewers
**What this PR does / why we need it**:
The dep-reviewers group seems to get assigned PRs early the the review process. However, most code changes should be reviewed in the importing part of the code base first, and then assigned to an approver after.
By removing the reviewers group, the approvers plugin will still suggest assigning to an approver, but won't assign for review when the PR is initially opened.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 724a2f968c6981efc9f5a85e4ad60f56e1c0902f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: output golint compliant 'Generated by' comment
New PR instead of reopening #58115 because /reopen did not work.
This won't be ready to merge until the upstream https://github.com/kubernetes/gengo/pull/94 merges. Once that merges, the second commit will be changed to godep-save.sh and update-staging-godeps.sh, and the last commit will be changed to update-all.sh
The failing test is due to the upstream changes not being merged yet
```devel-release-note
Go code generated by the code generators will now have a comment which allows them to be easily identified by golint
```
Fixes#56489
Kubernetes-commit: 1eb1c00c44f8f597b9b23a05cd0a8da205c87f8a
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some syntax related errors
**What this PR does / why we need it**:
fix some syntax related errors
**Special notes for your reviewer**:
None
```release-note
NONE
```
Kubernetes-commit: effa021db773fb95c9e8fbe5646d01784bb2f7f6
Automatic merge from submit-queue (batch tested with PRs 60011, 59256, 59293, 60328, 60367). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Serve OpenAPI spec with single /openapi/v2 endpoint
**What this PR does / why we need it**:
We are deprecating format-separated endpoints (`/swagger.json`, `/swagger-2.0.0.json`, `/swagger-2.0.0.pb-v1`, `/swagger-2.0.0.pb-v1.gz`) for OpenAPI spec, and switching to a single `/openapi/v2` endpoint in Kubernetes 1.10. The design doc and deprecation process are tracked at: https://docs.google.com/document/d/19lEqE9lc4yHJ3WJAJxS_G7TcORIJXGHyq3wpwcH28nU
Requested format is specified by setting HTTP headers
header | possible values
-- | --
Accept | `application/json`, `application/com.github.proto-openapi.spec.v2@v1.0+protobuf`
Accept-Encoding | `gzip`
This PR changes dynamic_client (and kubectl as a result) to use the new endpoint. The old endpoints will remain in 1.10 and 1.11, and get removed in 1.12.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
action required: Deprecate format-separated endpoints for OpenAPI spec. Please use single `/openapi/v2` endpoint instead.
```
/sig api-machinery
Kubernetes-commit: d6153194d929ad6c036d5bbbf67a6f892e75feb5
Automatic merge from submit-queue (batch tested with PRs 57326, 60076, 60293, 59756, 60370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce buffered audit backend
This is a copy from https://github.com/kubernetes/kubernetes/issues/53006 with comments addressed, since @hzxuzhonghu cannot work on this right now and the code freeze is close. Thanks @hzxuzhonghu for the contribution!
This is the first PR to fix https://github.com/kubernetes/kubernetes/issues/53006 and then https://github.com/kubernetes/kubernetes/issues/53020
This PR introduces a new audit backend, that batches incoming audit events and sends these batches to the underlying audit backend. This new backend is designed to replace existing batching webhook backend and allow to use batching with log backend, to solve the performance issues.
@sttts @ericchiang @CaoShuFeng @tallclair would really appreciate your review
```release-note
Buffered audit backend is introduced, to be used with other audit backends.
```
Kubernetes-commit: 2a373ace6eda6a9cf050ce70a6cf99183c5e5b37
Automatic merge from submit-queue (batch tested with PRs 60106, 59510, 60263, 60063, 59088). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor service storage to remove registry wrapper
This exposes the correct table exporter to the API endpoint, which is a prereq for server side GET to beta. Removing the use of the registry simplifies a few complex changes but results in test abstractions changing.
Part of #58536
Kubernetes-commit: 3a399c05f50b134aeec01484f387063d3b770b01
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set default enabled admission plugins by official document
**What this PR does / why we need it**:
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
recommend running the following set of admission controllers
```
If you previously had not set the `--admission-control` flag, your cluster behavior may change (to be more standard). See [https://kubernetes.io/docs/admin/admission-controllers/] for explanation of admission control.
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Set default enabled admission plugins `NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota`
```
Kubernetes-commit: 270148d7d98f36a0e4ca3f60c55b1ed5876bcf36
Automatic merge from submit-queue (batch tested with PRs 58716, 59977, 59316, 59884, 60117). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove deprecated /proxy paths
These were deprecated in v1.2.
ref https://github.com/kubernetes/kubernetes/issues/59885
```release-note
kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying.
```
@kubernetes/sig-api-machinery-api-reviews
Kubernetes-commit: 687c651dfd0793d53299b27c5472d69ef4c4c44f
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
oidc authentication: switch to v2 of coreos/go-oidc
Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms.
Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files.
This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex.
Closes https://github.com/kubernetes/kubernetes/issues/57806
```release-note
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag.
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
```
cc @rithujohn191 @liggitt
cc @kubernetes/sig-auth-pr-reviews
Kubernetes-commit: cdbc4fbe20c94694bc25910d54a7de52a98b6650
Automatic merge from submit-queue (batch tested with PRs 59391, 58097, 60057, 60090). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add IPv6 to command options.
**What this PR does / why we need it**:
This PR adds IPv6 information to the descriptions for several command options.
[Related PR in kubernetes/website](https://github.com/kubernetes/website/pull/6498)
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b3099bcf532bc470ff7075e93025b8741da09be4
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add cblecker to vendor OWNERS
**What this PR does / why we need it**:
Adds myself to vendor OWNERS. I can help approve dep bumps of existing deps, and refer to Tim and new deps for license review.
**Release note**:
```release-note
NONE
```
/assign thockin
Kubernetes-commit: 852e7f7bfa43d1427706c59453e39f2de12a4f32
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies
**What this PR does / why we need it**: updates our bazelbuild/rules_go dependency in order to bump everything to go1.9.4. I'm separating this effort into two separate PRs, since updating rules_go requires a large cleanup, removing an attribute from most build rules.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 96ec3187180b9c1d722756b3ea0984ebe65424dc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix invalid match rules for advanced audit policy
When users or groups are set in a rule, this rule should not match
attribute with unauthorized request where user and group are nil.
**Release note**:
```release-note
Unauthorized requests will not match audit policy rules where users or groups are set.
```
Fixes: https://github.com/kubernetes/kubernetes/issues/59331
Kubernetes-commit: 89ac18de1a71d08d2bd7654c325cd8aa476190bd
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve the error message.
**What this PR does / why we need it**:
Makes the error message more descriptive and less scary. Previously it
is far from obvious whether connection kill is a symptom or cause of the
problem, see for example https://github.com/kubernetes/kubernetes/issues/55779#issuecomment-353582852
In paricular the crucial missing piece of information is that this is a
way of handling a timeout.
**Release note**:
```release-note
NONE
```
Kubernetes-commit: f9c3a0abc7b40ea17d68a4f919fd844279ddcb58
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add an admission decorator chain
Admission decorators are good wrappers for general function, but we logically need a chain of them. This builds a chain similar to admission.
/assign @sttts
@kubernetes/sig-api-machinery-pr-reviews
Kubernetes-commit: f223f905427fa3641ab163100c22fc7e8cc574f0
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Store labels and fields with object
We are already computing labels and fields before putting objects in watchcache.
And my tests show this is `PodToSelectableFields` is responsible for ~10% of memory allocations.
This PR is supposed to fix that - let's double check by running kubemark-big on it.
Kubernetes-commit: d336607679743a53ed93edbebf89f45dd957e46d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: fix some typos from refactor
introduced in #59582
```release-note
NONE
```
Kubernetes-commit: d3dc4584f9dcf3a28feee3048a391fbce6762563
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove experimental keystone authenticator
**What this PR does / why we need it**:
experimental-keystone-url and experimental-keystone-ca-file were always
experimental. So we don't need a deprecation period.
KeystoneAuthenticator was on the server side and needed userid/password
to be passed in and used that to authenticate with Keystone. We now
have authentication and authorization web hooks that can be used. There
is a external repo with a webook for keystone which works fine along
with the kubectl auth provider that was added in:
a0cebcb559c5c0ab8a2e50b1ee11cc62f9ebb3a8
So we don't need this older style / hard coded / experimental code
anymore.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens.
```
Kubernetes-commit: 2a8049890af44ed2a665362766b14b7fd448226e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
admissionregistration use shared informer instead of poll
**What this PR does / why we need it**:
poll with 1s interval influence apiserver's performance
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56357
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 46df8313511806c3c4263af336284fa4301cb634
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pass listener in integration test
**What this PR does / why we need it**:
pass listener to `SecureServingOptions` to prevent port in use flake.
partially fix#58936
**Special notes for your reviewer**:
/assign @liggitt @sttts @caesarxuchao
**Release note**:
```release-note
NONE
```
Kubernetes-commit: da0e30a278ed61ccd1d2e42c19c0f154c85eafaf
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix all the typos across the project
**What this PR does / why we need it**:
There are lots of typos across the project. We should avoid small PRs on fixing those annoying typos, which is time-consuming and low efficient.
This PR does fix all the typos across the project currently. And with #59463, typos could be avoided when a new PR gets merged.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/sig testing
/area test-infra
/sig release
/cc @ixdy
/assign @fejta
**Release note**:
```release-note
None
```
Kubernetes-commit: 317853c90c674920bfbbdac54fe66092ddc9f15f
Automatic merge from submit-queue (batch tested with PRs 57824, 58806, 59410, 59280). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add some package to code-generator
**What this PR does / why we need it**:
add some package to code-generator and regenerated files.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @sttts
**Release note**:
```release-note
NONE
```
Kubernetes-commit: b309c2f4f034dc5a73f9258199d2359d3f6ec81d
Automatic merge from submit-queue (batch tested with PRs 57824, 58806, 59410, 59280). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add Annotations to advanced audit api
**Release note**:
```release-note
Annotations is added to advanced audit api
```
Kubernetes-commit: db1ed10534231739f17f48895ae0dce861aa1c1c
experimental-keystone-url and experimental-keystone-ca-file were always
experimental. So we don't need a deprecation period.
KeystoneAuthenticator was on the server side and needed userid/password
to be passed in and used that to authenticate with Keystone. We now
have authentication and authorization web hooks that can be used. There
is a external repo with a webook for keystone which works fine along
with the kubectl auth provider that was added in:
a0cebcb559c5c0ab8a2e50b1ee11cc62f9ebb3a8
So we don't need this older style / hard coded / experimental code
anymore.
Kubernetes-commit: 18590378c4491eacdea5cd05f98c92fe84020263
Kubernetes Publisher