Currently openstack cloud provider just support keystone v2.0 and v3
The latest Identity Service is publishing an ID of v3.8, we should
update gophercloud to recognize v3.8 as a valid version id.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
bazel: build/test almost everything
**What this PR does / why we need it**: Miscellaneous cleanups and bug fixes. The main motivating idea here was to make `bazel build //...` and `bazel test //...` mostly work. (There's a few reasons these still don't work, but we're a lot closer.)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/assign @BenTheElder @mikedanese @spxtr
Automatic merge from submit-queue (batch tested with PRs 52485, 52443, 52597, 52450, 51971). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Enable go race detection for bazel tests.
Testing if setting `features = ["-race"]` fixes the breaks in #50792.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Preserve leading and trailing slashes on proxy subpaths
subresource parsing was not populating path parameters correctly (leading and trailing slashes were being stripped)
this caused bad locations to be sent to the proxy, causing https://github.com/kubernetes/kubernetes/issues/52022. the first attempt to fix that (#52065) unconditionally prefixed '/', which broke the redirect case (#52813#52729)
fixes#52813, fixes#52729
needs to be picked to 1.7 and 1.8
```release-note
Restores redirect behavior for proxy subresources
```
Automatic merge from submit-queue (batch tested with PRs 51438, 52182, 51607, 47912, 51595). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Ensure we log the flag apiserver starts with.
Trying to make sure we always log the flags an instance of apiserver
starts with.
This can be especially valuable for emailed logs or e2e/kubemark tests.
**What this PR does / why we need it**: Ensures we log the flags an apiserver was started with.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #none
**Special notes for your reviewer**:
**Release note**:```release-note NONE
```
Automatic merge from submit-queue (batch tested with PRs 50392, 52108, 52083, 52134, 51526). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Do deep copy instead of to and from JSON encoding
**What this PR does / why we need it**:
Unstructured converter encodes to JSON and then parses the result into a new object. For `Unstructured` this can be avoided by directly doing a deep copy. It is an optimization.
**Special notes for your reviewer**:
#47889 is somewhat related.
**Release note**:
```release-note
NONE
```
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 51929, 52015, 51906, 52069, 51542). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
move specialDefaultResourcePrefixes out of vendor/k8s.io/apiserver
just a clean-up, fixes TODO: move out of this package, it is not generic
@sttts PTAL
/assign @sttts
Automatic merge from submit-queue (batch tested with PRs 51031, 51705, 51888, 51727, 51684). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Avoid hard-coding location for auto-generated cert files
**What this PR does / why we need it**:
This fixes the confusing/incorrect help message for "--tls-cert-file" in apiserver package.
**Which issue this PR fixes**: fixes#51887
**Special notes for your reviewer**:
Please advise if a release note is needed.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52843, 52710, 52821, 52844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
update-staging-godeps: only mangle staging repos in staging Godeps.json
- this re-adds non-staging k8s.io/* repos to the staging Godeps.jsons
- x-outs instead of removing of staging dependencies in order to get a
precise trigger for a complete godep restore+save run in the publisher
bot.
The first breaks k8s.io/kube-aggregator's staging export.
The second potentially leads to inconsistent godeps in our exported staging repos.
Automatic merge from submit-queue (batch tested with PRs 48406, 52819). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Made image as deliberately optional in v1 Container struct.
**What this PR does / why we need it**:
Revert https://github.com/kubernetes/kubernetes/pull/47246/
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Mark image as deliberately optional in v1 Container struct. Many objects in the Kubernetes API inherit the container struct and only Pods require the field to be set.
```
Automatic merge from submit-queue (batch tested with PRs 52477, 52790, 52798). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
conversion-gen: make staging dirs independent of living in vendor/
The `+k8s:conversion-gen` tags included the package directory inside of kube's vendor dir. This
makes them invalid when we publish staging repos.
Without this PR our sample-apiserver example code-generation is broken once published.
Automatic merge from submit-queue (batch tested with PRs 51869, 52281). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
apiextensions: fix conversion of CRD schema
- [x] Fix conversion of CRD schema to go-openapi types.
- [x] Add roundtrip tests for this conversion: https://github.com/kubernetes/kubernetes/pull/52793. Split into another PR since it touches godeps.
**Release note**:
```release-note
NONE
```
/cc @sttts
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
k8s.io/code-generator: hide gen test output from go tools
The underscore in front of _test makes the go tools (including godep) to
ignore those packages by default. We do not want to create dependencies
to client-go and friends through the _test output.
The underscore in front of _test makes the go tools (including godep) to
ignore those packages by default. We do not want to create dependencies
to client-go and friend through the _test output.
Automatic merge from submit-queue (batch tested with PRs 52500, 52533). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Cronjob beta defaults
**What this PR does / why we need it**:
I forget to set the defaults in beta for (successful|failed)JobsHistoryLimit so doing this now. It's already too late for 1.8 so this goes into 1.9.
**Release note**:
```release-note
Set defaults for successfulJobsHistoryLimit (3) and failedJobsHistoryLimit (1) in batch/v1beta1.CronJobs
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
api: update progressdeadlineseconds comment for deployments
@kubernetes/sig-apps-api-reviews we may never end up doing autorollback - this drops the comment from the pds field for now
Automatic merge from submit-queue (batch tested with PRs 52176, 43152). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
etcd3 store: retry with live object on conflict if there was a suggestion
Retry with a live object instead of the cached version if the watch
cache receives a conflict trying to do the update.
Fixes#41892
In GuaranteedUpdate, if it was called with a suggestion (e.g. via the
watch cache), and the suggested object is stale, perform a live lookup
and then retry the update.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Automatic merge from submit-queue
Increase sliding window to 5hr for request_latencies metric
We're seeing high latency values for a couple of types of api calls in our density test (ref https://github.com/kubernetes/kubernetes/issues/51899). And we're recording values from only the last 1 hour in the metric (as @wojtek-t told me offline) - so our test result is pretty much counting only the calls during the delete phase.
cc @kubernetes/sig-scalability-misc @kubernetes/sig-api-machinery-misc @gmarek
Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237)
Improve apiserver metrics reporting
Normalize "WATCHLIST" to "WATCH", add "scope" to the other metrics (listing 50k pods is != listing pods in a namespace), and add a new scope "resource" to cover individual resource calls.
This roughly aligns metrics with our ACL model (technically resource scope is GET, but POST to a subresource and POST to a namespace are not the same thing).
```release-note
WATCHLIST calls are now reported as WATCH verbs in prometheus for the apiserver_request_* series. A new "scope" label is added to all apiserver_request_* values that is either 'cluster', 'resource', or 'namespace' depending on which level the query is performed at.
```
Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237)
Plumbing the proxy dialer to the webhook admission plugin
* Fixing https://github.com/kubernetes/kubernetes/issues/49987. Plumb the `Dial` function to the `transport.Config`
* Fixing https://github.com/kubernetes/kubernetes/issues/52366. Let the webhook admission plugin sets the `TLSConfg.ServerName`.
I tested it in my gke setup. I don't have time to implement an e2e test before 1.8 release. I think it's ok to add the test later, because *i)* the change only affects the alpha webhook admission feature, and *ii)* the webhook feature is unusable without the fix. That said, it's up to my reviewer to decide.
Filed https://github.com/kubernetes/kubernetes/issues/52368 for the missing e2e test.
( The second commit is https://github.com/kubernetes/kubernetes/pull/52372, which is just a cleanup of client configuration in e2e tests. It removed a function that marshalled the client config to json and then unmarshalled it. It is a prerequisite of this PR, because this PR added the `Dial` function to the config which is not json marshallable.)
```release-note
Fixed the webhook admission plugin so that it works even if the apiserver and the nodes are in two networks (e.g., in GKE).
Fixed the webhook admission plugin so that webhook author could use the DNS name of the service as the CommonName when generating the server cert for the webhook.
Action required:
Anyone who generated server cert for admission webhooks need to regenerate the cert. Previously, when generating server cert for the admission webhook, the CN value doesn't matter. Now you must set it to the DNS name of the webhook service, i.e., `<service.Name>.<service.Namespace>.svc`.
```
Automatic merge from submit-queue
use specified discovery information if possible
Fixes https://github.com/kubernetes/kubernetes/issues/49948
This uses the available discovery information if available, but it seems we never updated "normal" resources to show the singular name, so its often not available. I've left this code compatible.
@enisoc @ash2k
@kubernetes/sig-api-machinery-misc
```release-note
custom resources that use unconventional pluralization now work properly with kubectl and garbage collection
```
FengyunPan