Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Instrument transformer.go with latency metrics.
**What this PR does / why we need it**:
Instrument transformer.go with latency metrics - allowing to measure performance impact of adding KMS Providers.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
"NONE"
```
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update default generation for example packages
the example API packages were missing default generation tags, which meant that calls to the generated defaults were not satisfied in cross-build, which regenerates all files
follow-up to https://github.com/kubernetes/kubernetes/pull/62472
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62448, 59317, 59947, 62418, 62352). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix assert.Equal argument order
Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add CaoShuFeng as a reviewer of kube-apiserver
My contributions:
https://github.com/pulls?q=is%3Apr+author%3ACaoShuFeng+is%3Aclosed
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @deads2k @sttts @liggitt
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Show help for deprecated Kubelet flags
We recently deprecated a bunch of Kubelet flags, which caused them to disappear from `--help` output. This PR unhides these flags, so that the deprecation notice is clearly visible in `--help`.
Fixes: #62009
```release-note
NONE
```
/cc @eparis
Automatic merge from submit-queue (batch tested with PRs 61306, 60270, 62496, 62181, 62234). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle partial group and resource responses consistently
GetAPIGroupResources tolerates partial discovery responses to provide as much information to the caller as possible.
Before skipping a particular error response, check whether the response was accompanied by partial group or resource data.
There's an existing TODO to propagate partial errors that I plan to address in a follow-up, but that had more ripples and I wanted to correct this first.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check etcd servers by a random order
**What this PR does / why we need it**:
Every time a health check is called on the APIServer via the /healthz endpoint, an etcd healthcheck is performed. Here makes servers check with a random order.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61180
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Private mount propagation
This PR changes the default mount propagation from "rslave" (newly added in 1.10) to "private" (default in 1.9 and before). "rslave" as default causes regressions, see below.
Value `"None"` has to be added to `MountPropagationMode` enum in API ("I don't want any propagation at all"), which translates to "private" on Linux. [We did not have use cases for it](https://github.com/kubernetes/community/pull/659#discussion_r131454319), but we have them now.
**Which issue(s) this PR fixes**
Fixes#62397, fixes#62396
**Special notes for your reviewer**:
CRI already has an option for private mount propagation in volumes, however it's called "PRIVATE", while Kubernetes API value is "None". I did not change PRIVATE to NONE to keep the interface stable. See `kubelet_pods.go`.
**Release note**:
```release-note
Default mount propagation has changed from "HostToContainer" ("rslave" in Linux terminology) to "None" ("private") to match the behavior in 1.9 and earlier releases. "HostToContainer" as a default caused regressions in some pods.
```
/sig storage
/sig node
Automatic merge from submit-queue (batch tested with PRs 62324, 61459, 62475, 62476, 61914). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
etcdv3 client: add dial timeout
dial timeout is necessary for a reliable system, this pr add it for establishing an etcd connection.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62273, 62461). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't log when error returned
**What this PR does / why we need it**:
Both logging and returning an error is an antipattern. If the caller wants it logged they will log it. And in this case it will be logged twice which is very confusing for debugging.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 62425, 62212, 60824, 62383, 62384). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix custom resource definition validation
/assign @sttts
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62425, 62212, 60824, 62383, 62384). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
optimize requestcontext: use RWMutex to improve r/w performance
RequestContextMapper is one of the mostly used interface by every request, and the underlying struct is a map with Mutex protect. So here we should use RWMutex.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updated Readme for Azure (OIDC) auth provider
**What this PR does / why we need it**:
When trying this documentation in the field, I ran into some issues based on details missing here. I got it working in the end with some help from @stuartleeks from Microsoft, this PR is to help others trying to set this up not have the same question marks I had.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None AFAIK
**Special notes for your reviewer**:
Includes:
* Added details and clarifications based on my experience
* Some minor copy editing
Not sure if this requires release notes, I consider it a very small change.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61241, 62136). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
OIDC required claims
**What this PR does / why we need it**:
Currently there is no mechanism for a user to specify claims in the OIDC authentication process that are required to be present in the ID Token with an expected value. This PR adds the required claims support for the OIDC authentication. It allows users to pass in a `--oidc-required-claims` flag, and key=value pairs in the API config, which will ensure that the specified `required claims` are checked against the ID Token claims.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61276
**Special notes for your reviewer**:
Ran the following commands to update godep files:
```
./hack/godep-restore.sh -v
./hack/godep-save.sh
./hack/update-staging-godeps.sh
./hack/update-bazel.sh
```
Since we don't officially support go 1.10, kept go version to 1.9
**Release note**:
```release-note
kube-apiserver: oidc authentication now supports requiring specific claims with `--oidc-required-claim=<claim>=<value>`
```
/sig auth
/kind feature
/assign @ericchiang
Includes:
* Added details and clarifications based on my experience
* Some minor copy editing
added note about resulting username
fixing last list item
clarficiation of resulting username
mainly just refering to OIDC docs
fixed comment about callback URL
Automatic merge from submit-queue (batch tested with PRs 59027, 62333, 57661, 62086, 61584). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
CustomResources: in OpenAPI spec allow additionalProperties without properties
This implements @ayushpateria's idea https://github.com/kubernetes/kubernetes/issues/59485#issuecomment-375726922.
With this PR it becomes possible to specify `map[string]Interface{}` non-object types, e.g. `map[string]string` for selectors. On the other hands, "normal" objects use `properties`, mutually exclusively to `additionalProperties`. This way we avoid a conflict with Kubernetes API conventions that unknown objects fields are dropped.
Fixes#59485
```release-note
Allow additionalProperties in CRD OpenAPI v3 specification for validation, mutually exclusive to properties.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix 1.10 change log typo
**What this PR does / why we need it**:
Thanks to @christianhuening, find typo about `enable-admission-plugins` and `disable-admission-plugins`
They are plural.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
export unstructured helper function nestedFieldNoCopy
Signed-off-by: Steve Kriss <steve@heptio.com>
**What this PR does / why we need it**: Export the unstructured helper function `nestedFieldNoCopy`. This enables checking for existence of nested fields without requiring a deep-copy via JSON.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60197, 61614, 62074, 62071, 62301). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Narrow interface consumed by scale client
The scale client only uses a single method of the rest mapper, and only for preferred resource version (no resource/kind lookup or translation)
Narrow the specified interface to make it clear what function is actually required.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60692, 61809). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove ObjectMeta and *Options from core api
remove ObjectMeta and *Options from core api
Fixes#61807
**Special notes for your reviewer**:
**Release note**:
```release-note
Remove `ObjectMeta ` `ListOptions` `DeleteOptions` from core api group. Please use that in meta/v1
```
Automatic merge from submit-queue (batch tested with PRs 59035, 61933). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add TestGeneration in customresource/etcd_test.go
**What this PR does / why we need it**:
add TestGeneration in customresource/etcd_test.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62231, 44495, 62199). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make priority rest mapper handle partial discovery results
If the delegate restmapper returns partial results, let the priority restmapper find a prioritized entry and propagate the original error
```release-note
NONE
```
Kubernetes Submit Queue