Automatic merge from submit-queue
Move push-federation-images.sh to federation and implement similar functionality in jenkins build directory for presubmits.
This is required for federation presubmit e2es.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41937, 41151, 42092, 40269, 42135)
[Federation] Make --dns-provider mandatory for kubefed
Targets #40757
I thought about adding a test for this but I decided it wasn't worth it. There's too much setup involved in being able to run ``Complete`` for such a simple change.
**Release note**:
```release-note
The --dns-provider argument of 'kubefed init' is now mandatory and does not default to `google-clouddns`. To initialize a Federation control plane with Google Cloud DNS, use the following invocation: 'kubefed init --dns-provider=google-clouddns'
```
cc: @kubernetes/sig-federation-pr-reviews @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 41234, 42186, 41615, 42028, 41788)
apimachinery: handle duplicated and conflicting type registration
Double registrations were leading to duplications in `KnownKinds()`. Conflicting registrations with same gvk, but different types were not detected.
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927)
Allow getting logs directly from deployment, job and statefulset
**Special notes for your reviewer**:
@smarterclayton you asked for it in OpenShift
```release-note
kubectl logs allows getting logs directly from deployment, job and statefulset
```
Automatic merge from submit-queue (batch tested with PRs 42058, 41160, 42065, 42076, 39338)
[Federation] Create configmap for the cluster kube-dns when cluster joins and remove when it unjoins
This PR implements the functionality as needed in https://github.com/kubernetes/kubernetes/issues/38400
cc @kubernetes/sig-cluster-federation @nikhiljindal @madhusudancs
**Release note**:
```
kubefed join can now automatically create a configmap or add information to already existing one, storing this federation name vs zone name information in the joining cluster.
Further kubefed unjoin can remove this configmap or only this information from the configmap, if the unjoin cluster is registered with multiple federations.
The name of the configmap is kube-dns and the information in it is consumed by the in-cluster dns server.
```
Automatic merge from submit-queue (batch tested with PRs 42044, 41694, 41927, 42050, 41987)
federation: use generated listers
**What this PR does / why we need it**: switch federation code to use generated listers
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
cc @smarterclayton @derekwaynecarr @marun @gmarek @wojtek-t @deads2k @liggitt @sttts @timothysc @nikhiljindal @jianhuiz @kubernetes/sig-federation-pr-reviews @kubernetes/sig-scalability-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 41954, 40528, 41875, 41165, 41877)
Updating apiserver to return 202 when resource is being deleted asynchronously via cascading deletion
As per https://github.com/kubernetes/kubernetes/issues/33196#issuecomment-278440622.
cc @kubernetes/sig-api-machinery-pr-reviews @smarterclayton @caesarxuchao @bgrant0607 @kubernetes/api-reviewers
```release-note
Updating apiserver to return http status code 202 for a delete request when the resource is not immediately deleted because of user requesting cascading deletion using DeleteOptions.OrphanDependents=false.
```
Automatic merge from submit-queue (batch tested with PRs 41954, 40528, 41875, 41165, 41877)
[Federation][kubefed] Support configuring dns-provider
**What this PR does / why we need it**:
Some environments might need to configure the dns-provider using custom configurations for deploying federation control plane. This PR will facilitate such scenarios. please refer to #40620
Now we can pass dns provider configuration using `dns-provider-config` flag to `kubefed init`
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40620
**Release note**:
```
[Federation] Introduced a new flag --dns-provider-config to kubefed to configure dns provider via a config file in local file system.
```
cc @kubernetes/sig-federation-misc @madhusudancs @irfanurrehman @marun
Automatic merge from submit-queue (batch tested with PRs 41701, 41818, 41897, 41119, 41562)
Updated configmap_controller_test.go
**What this PR does / why we need it**: A few style decisions to make this test a bit harder to break. Including a fix to help it fail and not panic when channel produces a nil.
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41667, 41820, 40910, 41645, 41361)
Switch admission to use shared informers
Originally part of #40097
cc @smarterclayton @derekwaynecarr @deads2k @liggitt @sttts @gmarek @wojtek-t @timothysc @lavalamp @kubernetes/sig-scalability-pr-reviews @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue
route53: configure verbose authentication errors
Otherwise we get an error message which is confusingly written on
authentication failures.
Probably blocked on #39854
Automatic merge from submit-queue (batch tested with PRs 38702, 41810, 41778, 41858, 41872)
Remove changes that accidentally sneaked in during a rebase.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41146, 41486, 41482, 41538, 41784)
client-gen: independent scheme for clientsets
This PR adds a clientset internal scheme instead of using `pkg/api.Scheme`. **The clientset API stays the same.**
In detail:
- introduce a scheme for each clientset, i.e. do not use `pkg/api.Scheme+Registry+Codec+ParameterCodecs`.
This makes it easier to compose client-go's clientset (which is rewritten in `staging/copy.sh` and therefore hardcoded to use `k8s.io/client-go/pkg/api.Scheme+Registry+Codecs+ParameterCodecs`) with third-party clientsets (kube-aggregator, openshift, federation) which are not rewritten using `copy.sh` as all of them are self-contained and therefore relocatable.
This fixes https://github.com/kubernetes/kubernetes/pull/41403/files#diff-76edfb07dee54ff7ddeda25c33c10d29R81 and prepares client-gen for use in OpenShift.
- register types into the clientset scheme via `AddToScheme` for versioned clientsets. This decouples the client-go clients from announce+registration (internal clients continue using announce+registry and apigroup installers).
This reduces complexity for client-go, possibly remove the necessity for the announce+register machinery for many use-cases, maybe even to delete it mid-term.
- port federation and testgroup `install/install.go` to `announced.GroupMetaFactory` in order to have a proper `Install.Install(...)` func for registration.
With the first change it's easy to add the types of one clientset to the scheme of the other using the `clientset/scheme.AddToScheme` method. This allows to use cross-clientset `runtime.RawExtensions`:
```golang
import (
"k8s.io/client-go/kubernetes"
clientsetscheme "k8s.io/client-go/kuberentes/scheme"
aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
)
kclientset, _ := kubernetes.NewForConfig(c)
aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
```
Kubernetes types with a `RawExtension` can en/decode aggregator types after this.
TODO:
- [x] fix fake clientsets
- [x] get the `*Options` types registered correctly for core, compare DO-NOT-MERGE commit.
- [x] get prefered version right in internal client. Do we need all versions registered in the internal client to support negotiation?
- [x] run `staging/copy.sh` and run tests: https://github.com/kubernetes/kubernetes/pull/41744
- ~~[ ] fixup usage through-out the code-base~~
- **Follow-up**: move `import_known_versions.go` files somewhere such that import of the `api.Scheme` package automatically installs the apigroups. It looks like we depended on the import fo the clientset for this purpose.
Automatic merge from submit-queue (batch tested with PRs 38957, 41819, 41851, 40667, 41373)
Change taints/tolerations to api fields
This PR changes current implementation of taints and tolerations from annotations to API fields. Taint and toleration are now part of `NodeSpec` and `PodSpec`, respectively. The annotation keys: `scheduler.alpha.kubernetes.io/tolerations` and `scheduler.alpha.kubernetes.io/taints` have been removed.
**Release note**:
Pod tolerations and node taints have moved from annotations to API fields in the PodSpec and NodeSpec, respectively. Pod tolerations and node taints that are defined in the annotations will be ignored. The annotation keys: `scheduler.alpha.kubernetes.io/tolerations` and `scheduler.alpha.kubernetes.io/taints` have been removed.
Automatic merge from submit-queue (batch tested with PRs 41349, 41532, 41256, 41587, 41657)
client-go: don't import client auth provider packages
Both of these auth providers are useful for kubectl but not so much for everyone importing client-go. Let users optionally import them (example [0]) and reduce the overall number of imports that client-go requires.
Quick grep seems to imply it wont import it after.
```
$ grep -r 'client-go/plugin/pkg/client/auth' staging/
staging/src/k8s.io/client-go/plugin/pkg/client/auth/plugins.go: _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
staging/src/k8s.io/client-go/plugin/pkg/client/auth/plugins.go: _ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
staging/src/k8s.io/client-go/examples/third-party-resources/main.go: _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/clientset.go: _ "k8s.io/client-go/plugin/pkg/client/auth"
staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/internalclientset/clientset.go: _ "k8s.io/client-go/plugin/pkg/client/auth"
```
closes https://github.com/kubernetes/client-go/issues/49
updates https://github.com/kubernetes/client-go/issues/79 (removes cloud.google.com/go import)
cc @kubernetes/sig-api-machinery-pr-reviews @kubernetes/sig-auth-pr-reviews
```release-notes
client-go no longer imports GCP OAuth2 and OpenID Connect packages by default.
```
[0] 8b466d64c5/examples/third-party-resources/main.go (L34-L35)
Automatic merge from submit-queue (batch tested with PRs 39991, 39964)
route53 dnsprovider: add more logging
In the aws cloudprovider, we have a custom logger. This adds the same
logger to the route53 dnsprovider.
We copy the (simple) code in anticipation that the providers are likely
to live in separate repos in future.
```release-note
federation aws: add logging of route53 calls
```
Automatic merge from submit-queue
dnsprovider route53: log changeset details at v(8)
Otherwise it can be hard to know exactly what is changing and whether
the changes could be optimized, or to troubleshoot if someone were
accidentally to have a bug in their calling code.
```release-note
NONE
```
Automatic merge from submit-queue
Refactor federation-up.sh script.
Move common variables to common.sh script in preparation for the upcoming changes to federation-down.sh that also depends on these common variables.
```release-note
NONE
```
cc @kubernetes/sig-federation-pr-reviews @shashidharatd
Otherwise it can be hard to know exactly what is changing and whether
the changes could be optimized, or to troubleshoot if someone were
accidentally to have a bug in their calling code.
In the aws cloudprovider, we have a custom logger. This adds the same
logger to the route53 dnsprovider.
We copy the (simple) code in anticipation that the providers are likely
to live in separate repos in future.
Automatic merge from submit-queue (batch tested with PRs 39373, 41585, 41617, 41707, 39958)
dnsprovider: Expose parent objects in interfaces
This will allow us to pass e.g. a ResourceRecordChangeset, rather than a
ResourceRecordChangeset, the parent ResourceRecordSets, and the
grandparent Zone.
Laying the groundwork for simplifying / optimizing the federation logic.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41043, 39058, 41021, 41603, 41414)
kubeadm: Make a separate util package for kubeconfig logic
**What this PR does / why we need it**:
There are a lot of packages that need to consume kubeconfig logic, so it should be in a central place.
Having it in `kubeadmutil` is suboptimal, because then it get mixed with everything else.
This splits that logic out to a generic place so it then also can be consumed in https://github.com/kubernetes/kubernetes/pull/41417, from where it's broken out.
- Move {admin,kubelet}.conf out as constants
- Make a separate util package for kubeconfig logic
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This will allow us to pass e.g. a ResourceRecordChangeset, rather than a
ResourceRecordChangeset, the parent ResourceRecordSets, and the
grandparent Zone.
Laying the groundwork for simplifying / optimizing the federation logic.
Automatic merge from submit-queue (batch tested with PRs 41134, 41410, 40177, 41049, 41313)
apiserver: further cleanup of apiserver storage plumbing
- move kubeapiserver`s `RESTOptionsFactory` back to EtcdOptions by adding a `AddWithStorageFactoryTo`
- factor out storage backend `Config` construction from EtcdOptions
- move all `StorageFactory` related code into server/storage subpackage.
In short: remove my stomach ache about `kubeapiserver.RESTOptionsFactory`.
approved based on #40363
Automatic merge from submit-queue (batch tested with PRs 41134, 41410, 40177, 41049, 41313)
[Federation][Kubefed] Bug fix relating kubeconfig path in kubefed init
**What this PR does / why we need it**:
Fixes https://github.com/kubernetes/kubernetes/issues/41305
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/41305
The kubeconfig explicit path is not updated correctly when supplied through the --kubeconfig flag in kubefed init. This leads to the details about the initialised federation control plane not getting updated in the correct kubeconfig file.
**Special notes for your reviewer**:
@madhusudancs
**Release note**:
```
Fixed a bug that caused the kubeconfig entry for the initialized federation control plane to be not written to the supplied kubeconfig file when the file was supplied through the --kubeconfig flag.
```
Automatic merge from submit-queue (batch tested with PRs 40297, 41285, 41211, 41243, 39735)
Add LegacyHostIP as a fallback to federation api-server nodeport service
**What this PR does / why we need it**:
while deploying federation using kubefed and using NodePort type service for api-server, if the cluster does not have NodeExternalIP for nodes, then it leads to incorrect endpoint being written to kubeconfig.
So falling back to use LegacyHostIP in such cases.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Partly fixes an issue in this [thread](https://github.com/kubernetes/kubernetes/issues/41127#issuecomment-278888658)
**Special notes for your reviewer**:
**Release note**:
`NONE`
```release-note
```
cc @kubernetes/sig-federation-bugs @madhusudancs
Automatic merge from submit-queue
[Federation][kubefed]: Bind flag values automatically
Update ``kubefed`` to take advantage of cobra's ability to declare variable bindings at the same time as declaring flags, so that flag values are bound automatically.
Targets #41209
cc: @kubernetes/sig-federation-pr-reviews @irfanurrehman @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 41357, 41178, 41280, 41184, 41278)
Switch RBAC subject apiVersion to apiGroup in v1beta1
Referencing a subject from an RBAC role binding, the API group and kind of the subject is needed to fully-qualify the reference.
The version is not, and adds complexity around re-writing the reference when returning the binding from different versions of the API, and when reconciling subjects.
This PR:
* v1beta1: change the subject `apiVersion` field to `apiGroup` (to match roleRef)
* v1alpha1: convert apiVersion to apiGroup for backwards compatibility
* all versions: add defaulting for the three allowed subject kinds
* all versions: add validation to the field so we can count on the data in etcd being good until we decide to relax the apiGroup restriction
```release-note
RBAC `v1beta1` RoleBinding/ClusterRoleBinding subjects changed `apiVersion` to `apiGroup` to fully-qualify a subject. ServiceAccount subjects default to an apiGroup of `""`, User and Group subjects default to an apiGroup of `"rbac.authorization.k8s.io"`.
```
@deads2k @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue
copy pkg/util/logs to apiserver
This is a copy, not a move. API servers need to be able to init the logs, but so do clients. It would be weird to have the client-side commands depending on the server side logs utilities.
I updated all the server side references, but left the client-side ones.
@sttts @kubernetes/sig-api-machinery-pr-reviews acceptable?
Automatic merge from submit-queue (batch tested with PRs 40796, 40878, 36033, 40838, 41210)
HPA v2 (API Changes)
**Release note**:
```release-note
Introduces an new alpha version of the Horizontal Pod Autoscaler including expanded support for specifying metrics.
```
Implements the API changes for kubernetes/features#117.
This implements #34754, which is the new design for the Horizontal Pod Autoscaler. It includes improved support for custom metrics (and/or arbitrary metrics) as well as expanded support for resource metrics. The new HPA object is introduces in the API group "autoscaling/v1alpha1".
Note that the improved custom metric support currently is limited to per pod metrics from Heapster -- attempting to use the new "object metrics" will simply result in an error. This will change once #34586 is merged and implemented.
Automatic merge from submit-queue (batch tested with PRs 40917, 41181, 41123, 36592, 41183)
[Federation] Add override flags options to kubefed init
**What this PR does / why we need it**:
Allows modification of startup flags (of apiserver and controller manager) through kubefed
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
https://github.com/kubernetes/kubernetes/issues/40398
**Special notes for your reviewer**:
I haven't removed the existing redundant flags now (for example --dns-zone-name) intentionally to avoid breaking any existing tests that might use them.
I guess that would be better done as a follow up PR.
@madhusudancs @marun @nikhiljindal
**Release note**:
```
It is now possible for the user to modify any startup flag of federation-apiserver and federation-controller-manager when deployed through kubefed.
There are two new options introduced in kubefed:
--apiserver-arg-overrides and --controllermanager-arg-overrides
Any number of actual federation-apiserver or federation-controller-manager flags can be specified using these options.
Example:
kubefed init "-other options-" ----apiserver-arg-overrides "--flag1=value1,--flag2=value2"
```
Automatic merge from submit-queue (batch tested with PRs 40175, 41107, 41111, 40893, 40919)
[Federation][e2e] Move Cluster Registration to federation-up.sh
**What this PR does / why we need it**:
Remove cluster register/unregister calls from test case BeforeEach/AfterEach blocks.
Register clusters once in federation-up.sh
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40768
**Special notes for your reviewer**:
**Release note**: `NONE`
cc: @madhusudancs @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 40175, 41107, 41111, 40893, 40919)
Default the version to the information in federation versions file if $KUBERNETES_RELEASE isn't set.
Also, slightly unrelated fix: copy the output from the build container
to the host filesystem while building hyperkube image. The recent change
in the build scripts has caused the binaries to be not copied to the
required locations. It must be explicitly copied by calling the build copy
function.
cc @kubernetes/sig-federation-pr-reviews @perotinus @csbell @nikhiljindal
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)
Add more options to the RecommendedOptions struct.
Builds on https://github.com/kubernetes/kubernetes/pull/41028
Adds `AuditOptions` to the `RecommendedOptions`
@sttts @kubernetes/sig-api-machinery-pr-reviews
Also, slightly unrelated fix: copy the output from the build container
to the host filesystem while building hyperkube image. The recent change
in the build scripts has caused the binaries to be not copied to the
required locations. It must be explicitly copied by calling the build copy
function.
Automatic merge from submit-queue
dnsprovider: Add upsert
Although Google Cloud DNS requires strict add & remove calls, most
dnsproviders actually support upsert, and an add & remove is much more
expensive (primarily because of the need to fetch the pre-image).
Add support for 'upsert' operations, which don't require the pre-image,
and simply overwrite the existing record. This is much cheaper on
Amazon Route53, for example.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41023, 41031, 40947)
apiserver command line options lead to config
Logically command line options lead to config, not the other way around. We're clean enough now we can actually do the inversion.
WIP because I have some test cycles to fix, but this is all the meat.
@kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue
[Federation][kubefed] Add option to expose federation apiserver on nodeport service
**What this PR does / why we need it**:
This PR adds an option to kubefed to expose federation api server over nodeport. This can be useful to deploy federation in non-cloud environments. This PR is target to address #39271
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```
[Federation] kubefed init learned a new flag, `--api-server-service-type`, that allows service type to be specified for the federation API server.
[Federation] kubefed init also learned a new flag, `--api-server-advertise-address`, that allows specifying advertise address for federation API server in case the service type is NodePort.
```
@kubernetes/sig-federation-misc @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 40906, 40924, 40938, 40902, 40911)
federation: Updating deletion helper to add both finalizers in a single update
Fixes https://github.com/kubernetes/kubernetes/issues/40837
cc @mwielgus @csbell
Automatic merge from submit-queue (batch tested with PRs 40862, 40909)
[Federation][kubefed] Add option to disable persistence storage for etcd
**What this PR does / why we need it**:
This is part of updates to enable deployment of federation on non-cloud environments. This pr enables disabling persistent storage for etcd via kubefed.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#40617
**Special notes for your reviewer**:
**Release note**:
```
[Federation] Add --etcd-persistent-storage flag to kubefed to enable/disable persistent storage for etcd
```
cc: @kubernetes/sig-federation-bugs @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 40864, 40666, 38382, 40874)
Promote init containers to GA
This is proposed for 1.6
PR moves beta proved concept for init containers to stable. Specification of init containers can be now stated under initContainers field in PodSpec/PodTemplateSpec. Specifying init-containers in annotation is still possible, but will be removed in future version.
```release-note
Init containers have graduated to GA and now appear as a field. The beta annotation value will still be respected and overrides the field value.
```
Automatic merge from submit-queue (batch tested with PRs 40884, 40809, 40845, 40866, 40875)
[Federation][e2e] Fix federation admission control e2e test case
Fixes federation admission control e2e test case.
@kubernetes/sig-federation-bugs @madhusudancs
Automatic merge from submit-queue (batch tested with PRs 40884, 40809, 40845, 40866, 40875)
Add env variable to build federation images locally. #39870
This allows building the federation images without the need for cloud development packages
Related: #39870
Automatic merge from submit-queue
Move post processing/backward compatibility of openapi out of generic package
Post processing step was put into generic package and was the same for both k8s api server and federation api server. They have different backward compatibility list of types. This PR move that step out of generic package and put it in each server's file.
Automatic merge from submit-queue (batch tested with PRs 37617, 40197)
dnsprovider: Add direct access to Route53 data
This methods allow us to develop advanced functionality for Route53,
before we add all the functionality to the cross-provider interface.
Use of these methods should be avoided, and adding methods to the
cross-provider interfaces should be preferred.
```release-note
NONE
```
Automatic merge from submit-queue
Use full package path for definition name in OpenAPI spec
We were using short package name (last part of package name) plus type name for OpenAPI spec definition name. That can result in duplicate names and make the spec invalid. To be sure we will always have unique names, we are going to use full package name as definition name. Also "x-kubernetes-tag" custom field is added to definitions to list Group/Version/Kind for the definitions that has it. This will help clients to discover definitions easier.
Lastly, we've added a reference from old definition names to the new ones to keep backward compatibilities. The list of old definitions will not be updated.
**Release note**:
- Rename OpenAPI definition names to type's full package names to prevent duplicates
- Create OpenAPI extension "x-kubernetes-group-version-kind" for definitions to store Group/Version/Kind
- Deprecate old definition names and create a reference to the new definitions. Old definitions will be removed in the next release.
Automatic merge from submit-queue
error strings should not end with punctuation
**What this PR does / why we need it**:
Delete the end punctuation of error strings
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
https://github.com/golang/go/wiki/CodeReviewComments#error-strings
**Release note**:
```release-note
```
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
Automatic merge from submit-queue
remove unneeded storage options
Cleanup of some storage serialization options that only kube and federation api server (and maybe not even that one) need.
You may have called it a snip, but this moves the options out of generic entirely.
Automatic merge from submit-queue (batch tested with PRs 40638, 40742, 40710, 40718, 40763)
move client/record
An attempt at moving client/record to client-go. It's proving very stubborn and needs a lot manual intervention and near as I can tell, no one actually gets any benefit from the sink and source complexity it adds.
@sttts @caesarchaoxu
Automatic merge from submit-queue (batch tested with PRs 40638, 40742, 40710, 40718, 40763)
move pkg/storage to apiserver
Mechanical move of `pkg/storage` (not sub packages) to `k8s.io/apiserver`.
@sttts
Automatic merge from submit-queue
Fix kubectl->kubefed typo
**What this PR does / why we need it**: The kubefed CLI too had a typo in it's example text.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
Automatic merge from submit-queue
add deads2k to some cmd packages
Selectively adding myself to cmd packages for commands that I've authored or significantly touched.
Automatic merge from submit-queue (batch tested with PRs 40392, 39242, 40579, 40628, 40713)
[Federation][kubefed] Create a dedicated service account for federation controller manager in the host cluster and give it appropriate permissions.
Ref: Issue #39555
cc @kubernetes/sig-federation-pr-reviews @kubernetes/sig-auth-misc @kubernetes/sig-auth-pr-reviews
```release-note
kubefed init creates a service account for federation controller manager in the federation-system namespace and binds that service account to the federation-system:federation-controller-manager role that has read and list access on secrets in the federation-system namespace.
```
Automatic merge from submit-queue (batch tested with PRs 40691, 40551, 40683, 40700, 40702)
Replace + with _ in the image tag version since + is not a valid image tag character.
We already push the image to the registry by replacing `+` with `_` in the
preceding build and push stages. This change is just propagating the same
to the deploy stage.
cc @kubernetes/sig-federation-pr-reviews @nikhiljindal @shashidharatd
Automatic merge from submit-queue (batch tested with PRs 40691, 40551, 40683, 40700, 40702)
Enable protobufs as storage format by default
**Release note**:
```release-note
Change default storage format to protobufs. With this PR apiserver will be writing objects serialized as protobufs to etcd. If the apiserver was upgraded in the existing clusters, until an object will be written, it will still be stored as JSON. Apiserver can deal with some data being in json and some in protobuf format as of 1.4 release.
```
@kubernetes/sig-api-machinery-misc @kubernetes/sig-api-machinery-pr-reviews
We already push the image to the registry by replacing + with _ in the
previous build and push stage. This change is just propagating the same
to the deploy stage.
Although Google Cloud DNS requires strict add & remove calls, most
dnsproviders actually support upsert, and an add & remove is much more
expensive (primarily because of the need to fetch the pre-image).
Add support for 'upsert' operations, which don't require the pre-image,
and simply overwrite the existing record. This is much cheaper on
Amazon Route53, for example.
Automatic merge from submit-queue
Use a wrapper script to locate kubefed and kubectl binaries instead of directly constructing their paths.
This fixes the e2e failures that is now switched to using kubefed.
cc @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 40543, 39999)
remove pkg/feature dependency from genericapiserver.
@sttts I think you just forgot this when you were snipping the rest of the link. If I understood the previous pull correctly, this ought to ensure proper registration of the bits we need, right?
Automatic merge from submit-queue (batch tested with PRs 40239, 40397, 40449, 40448, 40360)
move the discovery and dynamic clients
Moved the dynamic client, discovery client, testing/core, and testing/cache to `client-go`. Dependencies on api groups we don't have generated clients for have dropped out, so federation, kubeadm, and imagepolicy.
@caesarxuchao @sttts
approved based on https://github.com/kubernetes/kubernetes/issues/40363
Automatic merge from submit-queue
Added shortName to meta.v1.APIResource.
The shortNames would be used to allow kubectl to have short names representations of resources from aggregated API servers.
```release-note
Adds `shortNames` to the `APIResource` from discovery which is a list of recommended shortNames for clients like `kubectl`.
```
**What this PR does / why we need it**:
The shortNames would be used to allow kubectl to have short names representations of resources from aggregated API servers.
**Special notes for your reviewer**:
I have followed the steps described here [Changing the internal structures](https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md)
I have run the following scripts:
hack/update-codegen.sh
hack/update-generated-protobuf.sh
hack/update-codecgen.sh
hack/update-openapi-spec.sh
hack/update-swagger-spec.sh
hack/update-federation-openapi-spec.sh
hack/update-api-reference-docs.sh
See also:
#[38755](https://github.com/kubernetes/kubernetes/pull/38755)
#[38835](https://github.com/kubernetes/kubernetes/pull/38835#event-914403188)
**Release note**:
Extended meta.v1.APIResource by a list of short names. The short names would be used to allow kubectl to have short names representations of resources from aggregated API servers.
Automatic merge from submit-queue (batch tested with PRs 39538, 40188, 40357, 38214, 40195)
genericapiserver: cut off more dependencies – episode 2
Compare commit subjects.
approved based on #40363
Automatic merge from submit-queue
dnsprovider: Add IsEmpty method
When batching changes, it is often handy to know whether a changeset
IsEmpty, and thus does not need to be Apply-ed.
```release-note
NONE
```
Automatic merge from submit-queue
Add version to OpenAPI spec
OpenAPI is missing a version string. It should follow kubernetes version. It is a bugfix that need to be cherrypicked in 1.5 too.
Automatic merge from submit-queue
Optional configmaps and secrets
Allow configmaps and secrets for environment variables and volume sources to be optional
Implements approved proposal c9f881b7bb
Release note:
```release-note
Volumes and environment variables populated from ConfigMap and Secret objects can now tolerate the named source object or specific keys being missing, by adding `optional: true` to the volume or environment variable source specifications.
```
Automatic merge from submit-queue
Remove federated-image.tag from the .gitignore file.
This generated version metadata file was being written to a source
directory and caused a lot of pain. We are moving to a world where
this file is generated in the build/output artifacts directory and
also possibly looking at ways to entirely remove the federation
specific versions file. This is in-line with that goal of removing
the dependency on federated-image.tag file.
cc @kubernetes/sig-federation-misc
Automatic merge from submit-queue
Improve TerminationMessagePath to be more flexible
* Support `terminationMessagePolicy: fallbackToLogsOnError` which allows pod authors to get useful information from containers as per kubernetes/community#154
* Set an upper bound on the size of the termination message path or log output to prevent callers from DoSing the master
* Add tests for running as root, non-root, and for the new terminationMessagePolicy cases.
I set the limit to 4096 bytes, but this may be too high for large pod containers. Probably need to set an absolute bound, i.e. max message size allowed is 20k total, and we truncate if we're above that limit.
Fixes#31839, #23569
```release-note
A new field `terminationMessagePolicy` has been added to containers that allows a user to request `FallbackToLogsOnError`, which will read from the container's logs to populate the termination message if the user does not write to the termination message log file. The termination message file is now properly readable for end users and has a maximum size (4k bytes) to prevent abuse. Each pod may have up to 12k bytes of termination messages before the contents of each will be truncated.
```
These files have been created lately, so we don't have much information
about them anyway, so let's just:
- Remove assignees and make them approvers
- Copy approves as reviewers
Automatic merge from submit-queue (batch tested with PRs 40232, 40235, 40237, 40240)
move listers out of cache to reduce import tree
Moving the listers from `pkg/client/cache` snips links to all the different API groups from `pkg/storage`, but the dreaded `ListOptions` remains.
@sttts
Automatic merge from submit-queue (batch tested with PRs 40187, 40231, 40152)
Update client/server cert generation utilities
Limit generated cert usage to client or server use.
Automatic merge from submit-queue (batch tested with PRs 36693, 40154, 40170, 39033)
make client-go authoritative for pkg/client/restclient
Moves client/restclient to client-go and a util/certs, util/testing as transitives.
Automatic merge from submit-queue (batch tested with PRs 40168, 40165, 39158, 39966, 40190)
Read the VERSIONS file for the FEDERATION_IMAGE_TAG value.
This is particularly important in the local builds where there is no $KUBERNETES_RELEASE defined.
cc @kubernetes/sig-federation-misc @shashidharatd
This generated version metadata file was being written to a source
directory and caused a lot of pain. We are moving to a world where
this file is generated in the build/output artifacts directory and
also possibly looking at ways to entirely remove the federation
specific versions file. This is in-line with that goal of removing
the dependency on federated-image.tag file.
This methods allow us to develop advanced functionality for Route53,
before we add all the functionality to the cross-provider interface.
Use of these methods should be avoided, and adding methods to the
cross-provider interfaces should be preferred.
Automatic merge from submit-queue (batch tested with PRs 39446, 40023, 36853)
Create environment variables from secrets
Allow environment variables to be populated from entire secrets.
**Release note**:
```release-note
Populate environment variables from a secrets.
```
Automatic merge from submit-queue
move pkg/fields to apimachinery
Purely mechanical move of `pkg/fields` to apimachinery.
Discussed with @lavalamp on slack. Moving this an `labels` to apimachinery.
@liggitt any concerns? I think the idea of field selection should become generic and this ends up shared between client and server, so this is a more logical location.
Automatic merge from submit-queue
make client-go more authoritative
Builds on https://github.com/kubernetes/kubernetes/pull/40103
This moves a few more support package to client-go for origination.
1. restclient/watch - nodep
1. util/flowcontrol - used interface
1. util/integer, util/clock - used in controllers and in support of util/flowcontrol
Automatic merge from submit-queue
Build release tars using bazel
**What this PR does / why we need it**: builds equivalents of the various kubernetes release tarballs, solely using bazel.
For example, you can now do
```console
$ make bazel-release
$ hack/e2e.go -v -up -test -down
```
**Special notes for your reviewer**: this is currently dependent on 3b29803eb5, which I have yet to turn into a pull request, since I'm still trying to figure out if this is the best approach.
Basically, the issue comes up with the way we generate the various server docker image tarfiles and load them on nodes:
* we `md5sum` the binary being encapsulated (e.g. kube-proxy) and save that to `$binary.docker_tag` in the server tarball
* we then build the docker image and tag using that md5sum (e.g. `gcr.io/google_containers/kube-proxy:$MD5SUM`)
* we `docker save` this image, which embeds the full tag in the `$binary.tar` file.
* on cluster startup, we `docker load` these tarballs, which are loaded with the tag that we'd created at build time. the nodes then use the `$binary.docker_tag` file to find the right image.
With the current bazel `docker_build` rule, the tag isn't saved in the docker image tar, so the node is unable to find the image after `docker load`ing it.
My changes to the rule save the tag in the docker image tar, though I don't know if there are subtle issues with it. (Maybe we want to only tag when `--stamp` is given?)
Also, the docker images produced by bazel have the timestamp set to the unix epoch, which is not great for debugging. Might be another thing to change with a `--stamp`.
Long story short, we probably need to follow up with bazel folks on the best way to solve this problem.
**Release note**:
```release-note
NONE
```
Kubernetes Submit Queue