Automatic merge from submit-queue
try to deflake CR watches in tests
Fixes https://github.com/kubernetes/kubernetes/issues/46446
I've added a comment trying to explain the reasoning in the code. Without being able to expose the RV of the cache, I can't think of a reliable way to do it. Even if you tried experimenting with a watch, it essentially does this since you'd be waiting to not get an error.
Automatic merge from submit-queue
apiserver: add a webhook implementation of the audit backend
This builds off of #45315 and is intended to implement an interfaced defined in #45766.
TODO:
- [x] Rebase on top of API types PR.
- [x] Rebase on top of API types updates (#46065)
- [x] Rebase on top of feature flag (#46009)
- [x] Rebase on top of audit instrumentation.
- [x] Hook up API server flag or register plugin (depending on #45766)
Features issue https://github.com/kubernetes/features/issues/22
Design proposal https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auditing.md
```release-notes
Webhook added to the API server which omits structured audit log events.
```
/cc @soltysh @timstclair @soltysh @deads2k
Automatic merge from submit-queue
Add Local Storage Capacity Isolation API
This PR adds the new APIs to support storage capacity isolation as
described in the proposal [https://github.com/kubernetes/community/pull/306](url)
1. Add SizeLimit for emptyDir volume
2. Add scratch and overlay storage type used by container level or
node level
**Release note**:
```release-note
Alpha feature: Local volume Storage Capacity Isolation allows users to set storage limit to isolate EmptyDir volumes, container storage overlay, and also supports allocatable storage for shared root file system.
```
Automatic merge from submit-queue (batch tested with PRs 43505, 45168, 46439, 46677, 46623)
aggregator: unify resolver implementation and tests
This is https://github.com/kubernetes/kubernetes/pull/45082, but without the port support.
Automatic merge from submit-queue (batch tested with PRs 46076, 43879, 44897, 46556, 46654)
Use meta.v1 GroupVersionKind with json tags to generate OpenAPI spec
We are using two different GVK struct in generation of OpenAPI extensions. This PR unify that and also add json tags to meta.v1 GVK to comply with json naming system in other serializations. Also the value of Action extension is now lowercase.
ref: https://github.com/kubernetes/kubernetes/pull/46388
Automatic merge from submit-queue (batch tested with PRs 46076, 43879, 44897, 46556, 46654)
Local storage plugin
**What this PR does / why we need it**:
Volume plugin implementation for local persistent volumes. Scheduler predicate will direct already-bound PVCs to the node that the local PV is at. PVC binding still happens independently.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:
Part of #43640
**Release note**:
```
Alpha feature: Local volume plugin allows local directories to be created and consumed as a Persistent Volume. These volumes have node affinity and pods will only be scheduled to the node that the volume is at.
```
Automatic merge from submit-queue (batch tested with PRs 42240, 46100, 46154, 46431, 45755)
Fix api description in swagger
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46489, 46281, 46463, 46114, 43946)
Allow PSP's to specify a whitelist of allowed paths for host volume
**What this PR does / why we need it**:
This PR adds the ability to whitelist paths for the host volume to ensure pods cannot access directories they aren't supposed to. E.g. `/var/lib/kubelet`, `/etc/kubernetes/*`, etc.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#29326
**Special notes for your reviewer**:
**Release note**:
```release-note
Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes
```
Adding instructions for out-of-cluster example and making it work without
specifying the -kubeconfig argument if the home directory can be inferred.
This is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
This sample adds sample code for create/list/replace/delete operations for
Deployment resource for client-go library. This patch also contains
documentation explaining what the example application does and how it can be
executed.
This patch is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Automatic merge from submit-queue (batch tested with PRs 46552, 46608, 46390, 46605, 46459)
Move admission lifecycle to genericapi
**What this PR does / why we need it**: ends the whole sequence of moving some admission plugins to generic api.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46552, 46608, 46390, 46605, 46459)
Require DeleteStrategy for all registry.Store
**What this PR does / why we need it**:
All `registry.Store` objects already set a non-nil `DeleteStrategy`. This change ensures that all future objects do so as well.
Signed-off-by: Monis Khan <mkhan@redhat.com>
xref: #24153 openshift/origin/issues/14198
cc @deads2k @liggitt @caesarxuchao @lavalamp @smarterclayton @derekmahar
In regards to this, why is the `RESTDeleteStrategy` a useless interface (as far as deletion goes)? We cast it to `GarbageCollectionDeleteStrategy` or `RESTGracefulDeleteStrategy` in an attempt to do operations related to deletion, but we have "default" behavior for both of those cases. It should be possible to make `DeleteStrategy` optional by using the other strategies as the `runtime.ObjectTyper` and then defaulting a `nil` `DeleteStrategy` with the expected behavior.
```go
// RESTDeleteStrategy defines deletion behavior on an object that follows Kubernetes
// API conventions.
type RESTDeleteStrategy interface {
runtime.ObjectTyper
}
type GarbageCollectionPolicy string
const (
DeleteDependents GarbageCollectionPolicy = "DeleteDependents"
OrphanDependents GarbageCollectionPolicy = "OrphanDependents"
)
// GarbageCollectionDeleteStrategy must be implemented by the registry that wants to
// orphan dependents by default.
type GarbageCollectionDeleteStrategy interface {
// DefaultGarbageCollectionPolicy returns the default garbage collection behavior.
DefaultGarbageCollectionPolicy() GarbageCollectionPolicy
}
// RESTGracefulDeleteStrategy must be implemented by the registry that supports
// graceful deletion.
type RESTGracefulDeleteStrategy interface {
// CheckGracefulDelete should return true if the object can be gracefully deleted and set
// any default values on the DeleteOptions.
CheckGracefulDelete(ctx genericapirequest.Context, obj runtime.Object, options *metav1.DeleteOptions) bool
}
```
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 43275, 45014, 46449, 46488, 46525)
move CustomResourceDefinitions from alpha to beta
CRDs are built upon the known ThirdPartyResource API with the lessons learned guiding the new shape. Short comings of the old TPR API even have specific tests to ensure that CRDs do not face the same issues. Given that, this API qualifies for beta.
These are straight mechanical changes.
@kubernetes/sig-api-machinery-misc
@ericchiang You asked about this in the original pull.
Automatic merge from submit-queue (batch tested with PRs 43275, 45014, 46449, 46488, 46525)
Export ErrWatchClosed from watch.Until
This is needed so that users of watch.Until may check for this
particular error instead of attempting to match the error string.
Automatic merge from submit-queue
Fix golint error in apimachinery/pkg/{fields,lables}
Also add these two packages to linted packages lists
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Automatic merge from submit-queue (batch tested with PRs 45699, 46200, 46335, 46599)
apiextensions: add integration test for name conflicts
**What this PR does / why we need it**: Add integration test for name conflicts.
Create 2 CRDs with name conflict. The controller sets the NameConflict condition on the second one. Delete the first one. The second CRD should now get accepted.
Update:
- [x] Add integration test for name conflicts
- [x] Fix naming controller so that when a resource is deleted, other resources in the same group are added to the queue
- [x] Add integration test for self link (cluster scoped resources)
- [x] Add bigger poll interval
- [x] Fix DeleteCustomResourceDefinition poll condition
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: for #45511
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
@sttts
* add integration test for name conflicts of CRDs
* fix naming controller so that when a resource is deleted,
other resources in the same group are added to the queue
* add integration test for self link (clusterscoped resources)
* fix minor nits
address comments
add comments and fix nits
Bigger poll interval
customResource -> crd
Fix DeleteCustomResourceDefinition condition
Automatic merge from submit-queue
Protobuf generation for k8s.io/metrics
This PR introduces protobuf generation for k8s.io/metrics. Doing so required:
- fixing a bug in `go-to-protobuf` causing the `cast{key,value,type}` values to not be quoted when coming from struct tags (and not auto-injection by `go-to-protobuf` itself).
- Making sure the proto IDL in k8s.io/client-go had a package name of `k8s.io.client_go.xyz` and not `k8s.io.kubernetes.xyz`.
Additionally, I updated `go-to-protobuf` to skip functions and non-public types when composing the import list, which cuts down on the more bizarre imports in the IDL (like importing the sample API package in every IDL file because it contained `addToScheme`, like every other API package).
We use `castvalue` to force gogo-proto to realize that it should consider the value of the map which underlies `ResourceList` when calculating which imports need to be named. Otherwise, it ignores the value's type, leading to compilation errors when it later can't find an import it assumed existed. We accidentally didn't hit this in `k8s.io/kubernetes/pkg/api/v1` since another field coincidentally happens to directly use `resource.Quantity` (the value type of `ResourceList`).
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue