This explicitly registers Kubelet flags from libraries that were
registering flags globally, and stops parsing the global flag set.
In general, we should always be explicit about flags we register
and parse, so that we maintain control over our command-line API.
Credential provider is useful without the v1 API, move the only
dependency out so that we can more easily move credential provider to a
utility library in the future (other callers besides Kubelet may need to
load pull secrets like Docker).
Automatic merge from submit-queue
bump(golang.org/x/oauth2): a6bd8cefa1811bd24b86f8902872e4e8225f74c4
As I tackle https://github.com/kubernetes/kubernetes/issues/42654 kubectl's OpenID Connect plugin will start using golang.org/x/oauth2 for refreshing, instead of go-oidc's own hand rolled oauth2 implementation. In preparation, update golang.org/x/oauth2 to include 7374b3f1ec which fixes refreshing with Okta.
We also somehow removed the dependency on `google.golang.org/appengine`. Maybe 8cf58155e4?
cc @kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 37055, 40142)
azure: azure container registry: fix login server
**What this PR does / why we need it**:
Fixes the Azure Container Registry integration
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
n/a
**Special notes for your reviewer**:
Before this change, if I created an ACR with name `colemicktest`, then the login server would be `colemicktest-microsoft.azurecr.io`. This code was concating to form `colemicktest.azurecr.io` which does not work.
The fix is to reach into RegistryProperties and read out the login server domain name directly.
Also, this should eliminate that existed when ACR gets to sovereign clouds.
**Release note**:
```release-note
azure: fix Azure Container Registry integration
```
Means we can run in newly announced regions without a code change.
We don't register the ECR provider in new regions, so we will still need
a code change for now.
This also means we do trust config / instance metadata, and don't reject
incorrectly configured zones.
Fix#35014
Automatic merge from submit-queue
Curating Owners: pkg/credentialprovider
cc @liggitt @erictune
In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.
If You Care About the Process:
------------------------------
We did this by algorithmically figuring out who’s contributed code to
the project and in what directories. Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.
Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).
At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.
Also, see https://github.com/kubernetes/contrib/issues/1389.
TLDR:
-----
As an owner of a sig/directory and a leader of the project, here’s what
we need from you:
1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.
2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.
3. Notify me if you want some OWNERS file to be removed. Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.
4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
Automatic merge from submit-queue
make invocation ReadDockerConfigFile can handle .dockerconfigjson file
**What this PR does / why we need it**:
When **.docker/config.json** is used to authenticate docker registry, the data key **.dockerconfigjson** should be used if we want to save this kind of docker auth data into a secret. So this PR is mainly to make invocation `ReadDockerConfigFile `have ability to read **.dockerconfigjson** file.
@liggitt
only extract ReadSpecificDockerConfigJsonFile from function ReadDockerConfigJSONFile
put error checking and logging in the loop above
godoc gofmt and return dockecfg directly
Davanum Srinivas