Automatic merge from submit-queue
Add direct serializer
Fix#25589. Implemented a direct codec that doesn't do conversion, but sets the group, version and kind before serialization as Clayton suggested [here](https://github.com/kubernetes/kubernetes/issues/25589#issuecomment-219168009).
First commit is cherry-picked from #24826.
@kubernetes/sig-api-machinery
Automatic merge from submit-queue
Setting TLS1.2 minimum because TLS1.0 and TLS1.1 are vulnerable
TLS1.0 is known as vulnerable since it can be downgraded to SSL
https://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/
TLS1.1 can be vulnerable if cipher RC4-SHA is used, and in Kubernetes it is, you can check it with
`
openssl s_client -cipher RC4-SHA -connect apiserver.k8s.example.com:443
`
https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/
Test suites like Qualys are reporting this Kubernetes issue as a level 3 vulnerability, they recommend to upgrade to TLS1.2 that is not affected, quoting Qualys:
`
RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in
SSL and
TLS. However, TLSv 1.2 or later address these issues.
`
Automatic merge from submit-queue
federation: replacing string credentials field by secretRef
Fixes https://github.com/kubernetes/kubernetes/issues/25761
Replaced the string Credentials field in ClusterSpec by secretRef as discussed in https://github.com/kubernetes/kubernetes/issues/25761.
Also updated the clusterController to use this new secretRef field while creating a client to talk to a k8s cluster.
cc @lavalamp @kubernetes/sig-cluster-federation
Automatic merge from submit-queue
remove deprecated generated typed clients
The typed clients had been moved to pkg/client/clientset_generated/xxx/typed. We kept these files for backward compatibility. But it seems release 1.3 is the appropriate time to get rid of them.
@kubernetes/sig-api-machinery @lavalamp
Automatic merge from submit-queue
Add release_1_3 clientset in update-codegen
Add release_1_3 clientset in update-codegen to keep it update-to-date; update the generated clientset.
Refactor storePodsNamespacer.List() and
storeReplicationContollersNamespacer.List(). They are the same
function, just with different signatures.
This fixes a bug where, when we fell back on a brute force approach, we
were still returning an error.
Also change to explicit return without named return values.
A recent change tries to separate resync and relist. The motivation
was to avoid triggering relist when a resync is required.
However, the change is not effective since it stops the watcher. As hongchao
mentioned in the original comment, today's storage interface will not deliever
any progress notification to the watch chan. So any watcher that does not receive
events for the last few seconds will not be able to catch up from the previous
index after a hard close since the index of the last received event is out of
the cache window inside etcd2.
This pull request tries to fix this issue by not stoping watcher when a resync is
required.
Automatic merge from submit-queue
Add NetworkPolicy API Resource
API implementation of https://github.com/kubernetes/kubernetes/pull/24154
Still to do:
- [x] Get it working (See comments)
- [x] Make sure user-facing comments are correct.
- [x] Update naming in response to #24154
- [x] kubectl / client support
- [x] Release note.
```release-note
Implement NetworkPolicy v1beta1 API object / client support.
```
Next Steps:
- UTs in separate PR.
- e2e test in separate PR.
- make `Ports` + `From` pointers to slices (TODOs in code - to be done when auto-gen is fixed)
CC @thockin
[]()
Automatic merge from submit-queue
Adding support objects for integrating dynamic client the kubectl builder
Kubectl will try to decode into `runtime.VersionedObjects`, so the `UnstructuredJSONScheme` needs to handle that intelligently.
Kubectl's builder also needs a `meta.RESTMapper` and `runtime.Typer`. The `meta.RESTMapper` requires a `runtime.ObjectConvertor` (spelling?) that works with `runtime.Unstructured`. The mapper and typer required discovery info, so I just put that in the kubectl util package since it didn't really seem to fit anywhere else.
Subsequent PRs will be using these in kubectl.
cc @kubernetes/sig-api-machinery @smarterclayton @liggitt @lavalamp
Automatic merge from submit-queue
Make name validators return string slices
Part of the larger validation PR, broken out for easier review and merge. Builds on previous PRs in the series.
Wojciech Tyczynski
