Automatic merge from submit-queue (batch tested with PRs 41357, 41178, 41280, 41184, 41278)
Switch RBAC subject apiVersion to apiGroup in v1beta1
Referencing a subject from an RBAC role binding, the API group and kind of the subject is needed to fully-qualify the reference.
The version is not, and adds complexity around re-writing the reference when returning the binding from different versions of the API, and when reconciling subjects.
This PR:
* v1beta1: change the subject `apiVersion` field to `apiGroup` (to match roleRef)
* v1alpha1: convert apiVersion to apiGroup for backwards compatibility
* all versions: add defaulting for the three allowed subject kinds
* all versions: add validation to the field so we can count on the data in etcd being good until we decide to relax the apiGroup restriction
```release-note
RBAC `v1beta1` RoleBinding/ClusterRoleBinding subjects changed `apiVersion` to `apiGroup` to fully-qualify a subject. ServiceAccount subjects default to an apiGroup of `""`, User and Group subjects default to an apiGroup of `"rbac.authorization.k8s.io"`.
```
@deads2k @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-pr-reviews
Automatic merge from submit-queue
Added kubectl create role command
Added `kubectl create role` command.
Fixed part of #39596
**Release note**:
```
Added one new command `kubectl create role` to help user create a single role from command line.
```
Automatic merge from submit-queue (batch tested with PRs 41112, 41201, 41058, 40650, 40926)
Promote TokenReview to v1
Peer to https://github.com/kubernetes/kubernetes/pull/40709
We have multiple features that depend on this API:
- [webhook authentication](https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication)
- [kubelet delegated authentication](https://kubernetes.io/docs/admin/kubelet-authentication-authorization/#kubelet-authentication)
- add-on API server delegated authentication
The API has been in use since 1.3 in beta status (v1beta1) with negligible changes:
- Added a status field for reporting errors evaluating the token
This PR promotes the existing v1beta1 API to v1 with no changes
Because the API does not persist data (it is a query/response-style API), there are no data migration concerns.
This positions us to promote the features that depend on this API to stable in 1.7
cc @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-misc
```release-note
The authentication.k8s.io API group was promoted to v1
```
Automatic merge from submit-queue (batch tested with PRs 38445, 40292)
Add the ability to edit fields within a config map.
Addresses part of https://github.com/kubernetes/kubernetes/issues/36222
Example command:
```console
$ kubectl edit configmap foo --config-map-data=bar
```
Will open the data element named `bar` in the `ConfigMap` named `foo` in `$EDITOR`, the edited contents are then updated back to the config map.
@kubernetes/sig-cli
```release-note
Add a special purpose tool for editing individual fields in a ConfigMap with kubectl
```
Automatic merge from submit-queue (batch tested with PRs 39446, 40023, 36853)
Create environment variables from secrets
Allow environment variables to be populated from entire secrets.
**Release note**:
```release-note
Populate environment variables from a secrets.
```
Automatic merge from submit-queue
promote certificates api to beta
Mostly posting to see what breaks but also this API is ready to be promoted.
```release-note
Promote certificates.k8s.io to beta and enable it by default. Users using the alpha certificates API should delete v1alpha1 CSRs from the API before upgrading and recreate them as v1beta1 CSR after upgrading.
```
@kubernetes/api-approvers @jcbsmpsn @pipejakob
Automatic merge from submit-queue (batch tested with PRs 37608, 37103, 37320, 37607, 37678)
Remove stray quote from API docs
There was a PR that removed backquote from the line recently, but there's also extra quote.
Automatic merge from submit-queue
Remove ExportOptions from api/internal and use unversioned
Should only have one internal object in use
Part of #37530
Automatic merge from submit-queue
create service add create ExternalName service implementation
@kubernetes/kubectl create service add ExternalName support, refer #34731 for more detail.
```release-note
kubectl create service externalname
```
Automatic merge from submit-queue
Added comments on running update-bazel.sh in "$GOPATH/src/k8s.io/kubernetes"
**What this PR does / why we need it**:
This path made `hack/update-bazel.sh` to accept `$GOPATH` with multiple path.
Automatic merge from submit-queue
Fix container to pod in resource-qos.md
`...then the container is classified as Guaranteed.`
Here `container` should be `pod`.
Automatic merge from submit-queue
update gazel usage in bazel.md
**What this PR does / why we need it**:
Now run the newest gazel have to specify the '-root' argument to update a single BUILD file.
So updated the gazel usage.
Automatic merge from submit-queue
update binding details to design/persistent-storage doc
Scroll down to "Matching and binding" (there is no TOC).
An issue I see is that this level of detail may get stale quickly and there is no built-in mechanism to update this doc when the binding code changes. However, several people on my team, from time to time, want to know greater details about binding rules, eg. for test writing, updating/creating other docs, etc.
PTAL @jsafrane @pmorie @copejon
If it's decided this type of content (high level overview of an algorithm/implementation) is useful, but docs/design/ is not the right location, perhaps a new dir can be created for this type of content?
Automatic merge from submit-queue
Add a CRI doc for developers
This doc includes basic instructions to use CRI and the current status. It does
not include the formal requirements for CRI, which should be documented
separately.
This doc includes basic instructions to use CRI and the current status. It does
not include the formal requirements for CRI, which should be documented
separately.
Automatic merge from submit-queue
CRI: proposal for managing container stdout/stderr streams
This scope of this proposal is limited to the stdout/stderr logs streams of the
containers.
This addresses #30709
Automatic merge from submit-queue
improve readme for contributor experience
**What this PR does / why we need it**:
This improves the top-level README. Removes broken links, removes links to make you bounce to another page, adds proper links to docs.
Shuffles things around a bit and improves reading.
@kubernetes/contributor-experience
Automatic merge from submit-queue
[kubelet]update some --cgroups-per-qos to --experimental-cgroups-per-qos
Follow https://github.com/kubernetes/kubernetes/pull/36767, there are some fields still need update in docs or hack/local-up-cluster.sh
Jordan Liggitt