Automatic merge from submit-queue (batch tested with PRs 46913, 48910, 48858, 47160)
federation: Stop using and remove federation internalclientset
**What this PR does / why we need it**:
This probably a left over job. We should not be using the internal clientset and instead be using versioned ones as described in #29934
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
/assign @nikhiljindal
/cc @kubernetes/sig-federation-misc
Automatic merge from submit-queue (batch tested with PRs 43443, 46193, 49071, 47252)
[Federation][Kubefed] Support reference document autogeneration for kubefed
This PR is needed to address the documentation issue https://github.com/kubernetes/kubernetes.github.io/issues/2888
Apart from the code auto generation have updated some descriptions for consistency.
**Special notes for your reviewer**:
@kubernetes/sig-federation-misc
cc @madhusudancs @csbell
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 48976, 49474, 40050, 49426, 49430)
Remove duplicated import and wrong alias name of api package
**What this PR does / why we need it**:
**Which issue this PR fixes**: fixes#48975
**Special notes for your reviewer**:
/assign @caesarxuchao
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 48224, 45431, 45946, 48775, 49396)
add reflector metrics
This adds metrics (optionally prometheus) to reflectors so that you can see when one reflector is behaving poorly and just how poorly its doing.
@eparis
```release-note
Adds metrics for checking reflector health.
```
Automatic merge from submit-queue (batch tested with PRs 49498, 49192)
Unify genclient tags and add more fine control on verbs generated
This will change the syntax of the existing `genclient` tags be like this:
```
// +genclient
// +genclient:noStatus
// +genclient:noVerbs
// +genclient:nonNamespaced
// +genclient:readonly
```
The first one indicates the client will be generated from the struct below and the other tags are basically options to the genclient (which justify why they should be prefixed with `genclient:`)
This also changes the `// +genclientstatus=false` to `// +genclient:noStatus` to follow the pattern and also changes the `// +noMethods=true` to `// +genclient:noVerbs` as we call the REST operations verbs so it will make it consistent with terminology.
In addition to existing options this patch also add two more to allow more fine-grained control on which verbs are going to be generated. This is extra useful for third-party projects (like OpenShift) where some resources does not implement full CRUD, but for example just "create" verb or "create" and "delete"...
To support that, you can use this syntax:
```
// +genclient:onlyVerbs=create,delete
// +genclient:skipVerbs=patch
```
The first one will generate only create and delete functions and second one will generate full CRUD without "patch" actions. This somehow overlaps with the existing "readonly" tag, but I want to keep that tag in place as it reads better in some cases ;-)
Automatic merge from submit-queue
Add PriorityClass API object under new "scheduling" API group
**What this PR does / why we need it**: This PR is a part of a series of PRs to add pod priority to Kubernetes. This PR adds a new API group called "scheduling" with a new API object called "PriorityClass". PriorityClass maps the string value of priority to its integer value.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**: Given the size of this PR, I will add the admission controller for the PriorityClass in a separate PR.
**Release note**:
```release-note
Add PriorityClass API object under new "scheduling" API group
```
ref/ #47604
ref/ #48646
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)
expose RegisterAllAdmissionPlugins so that admission chains can be reused
Exposes the admission plugin registration functions so that sets of plugins can be re-used.
@sttts @p0lyn0mial
Automatic merge from submit-queue (batch tested with PRs 48043, 48200, 49139, 36238, 49130)
[Federation] Make arguments to scheduling type adapter methods generic
This is in the process of trying to rebase https://github.com/kubernetes/kubernetes/pull/45993 on latest.
cc @marun @perotinus
@kubernetes/sig-federation-misc
Hoping I get some attention to this and later PRs soon.
Associated issue https://github.com/kubernetes/kubernetes/issues/49181
**Release note**:
```NONE
```
Automatic merge from submit-queue (batch tested with PRs 48842, 48891)
[Federation] Handle federation up timeouts
Instead of relying on external timeout command.
First raised in #48756
/assign madhusudancs
Automatic merge from submit-queue (batch tested with PRs 47232, 48625, 48613, 48567, 39173)
Include leaderelection in client-go;
Fix#39117
Fix https://github.com/kubernetes/client-go/issues/28
This PR:
* includes the leaderelection to the staging client-go
* to avoid conflict with golang's testing package, renames package /testing to /testutil, and renames cache/testing to cache/testframework
```release-note
client-go now includes the leaderelection package
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
federation: Cleanup cluster scripts of older federation bring up method
**What this PR does / why we need it**:
Remove older method of bringing up federation via scripts. Currently `kubefed` is the only supported mechanism and is well established and stable.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 44412, 44810, 47130, 46017, 47829)
Return clusterErr rather than err
The updateClusterIngressUIDToMasters() should return clusterErr, not err.
If the 'err' of 'masterCluster, masterUID, err := ic.getMasterCluster()' is nil and the 'clusterErr' of 'clusterObj, clusterErr := api.Scheme.DeepCopy(cluster)' is not nil, updateClusterIngressUIDToMasters() will return ("", nil).
And do not log fallbackUID when fallbackUID is nil.
Automatic merge from submit-queue
Fix some err message
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47619, 47951, 46260, 48277)
[Federation] Convert the deployment controller to a sync controller.
This is based off of the work done for the ReplicaSet controller. It extracts out a schedulingAdapter that handles the shared logic between the two controllers.
Targets #40989
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45610, 47628)
Add Priority to Kubernetes API
**What this PR does / why we need it**: This is the first in a series of PRs to add priority to Kubernetes API. Subsequent PRs will add priority name resolution to admission controller.
**Release note**:
```release-note
Add PriorityClassName and Priority fields to PodSpec.
```
Automatic merge from submit-queue (batch tested with PRs 48012, 47443, 47702, 47178)
incluster config will be used when creating external shared informers.
**What this PR does / why we need it**:
Previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.
This PR changes the above by using incluster configuration to create shared informers.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
[Federation]Remove duplicate constants
Clean up them, the constants are defined in replicaset_test.go and replicasetcontroller_test.go, and replicaset_test.go did not use them.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add a spin-loop that waits for RBAC API's availability.
The very first thing that kubefed does when it comes up is run RBAC API discovery. We believe this sometimes fail on new clusters and as a result causes kubefed to assume that the RBAC API doesn't exist. Therefore, we are applying this workaround for now to ensure that the RBAC API is available before running kubefed.
Issue: #47737
**Release note**:
```release-note
NONE
```
/assign @csbell
/cc @dchen1107
/sig federation
The very first thing that kubefed does when it comes up is run RBAC API
discovery. We believe this sometimes fail on new clusters and as
a result causes kubefed to assume that the RBAC API doesn't exist.
Therefore, we are applying this workaround for now to ensure that the
RBAC API is available before running kubefed.
Automatic merge from submit-queue (batch tested with PRs 47851, 47824, 47858, 46099)
Revert "[Federation] Fix federated service reconcilation issue due to addition of External…"
Reverts kubernetes/kubernetes#45798
Reverting the temporary fix as the problem is fixed in #45869.
with that fix federation also can default ExternalTrafficLocalOnly if not set.
Issue: #45812
cc @MrHohn @madhusudancs @kubernetes/sig-federation-bugs
If there are 2 or more PR(s) in the queue, they will end up with
conflicts (and rechecks). So let us remove the timestamp entirely
when we generate the files.
Fixes#46814
Automatic merge from submit-queue
Fix api description
**What this PR does / why we need it**:
prefered -> preferred
the the -> the
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 47451, 47410, 47598, 47616, 47473)
Revert "Ignore `daemonset-controller-hash` label key in federation before comparing the federated object with its cluster equivalent."
This reverts commit 3530c9ce87.
~This needs to wait for #47258, otherwise federation test won't pass~ (merged)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Add NodeInternalIP as a fallback to federation api-server nodeport service
Previously NodeLegacyHostIP was used as a fallback (see #41243) but in 1.7 it was removed (#44830)
Now clusters where nodes have not set ExternalIP can not be used by kubefed to setup federation.
cc @shashidharatd
```release-note
kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services
```
Automatic merge from submit-queue
Made image as required in v1 Container struct.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#47244
**Special notes for your reviewer**:
**Release note**:
```release-note
none
```
Automatic merge from submit-queue (batch tested with PRs 43005, 46660, 46385, 46991, 47103)
Ignore `daemonset-controller-hash` label key in federation before comparing the federated object with its cluster equivalent.
Kubernetes daemonset controller writes a daemonset's hash to the object label as an optimization to avoid recomputing it every time. Adding a new label to the object that the federation is unaware of causes problems because federated controllers compare the objects in federation and their equivalents in clusters and try to reconcile them. This leads to a constant fight between the federated daemonset
controller and the cluster controllers, and they never reach a stable state.
Ideally, cluster components should not update an object's spec or metadata in a way federation cannot replicate. They can update an object's status though. Therefore, this daemonset hash should be a
field in daemonset's status, not a label in object meta. @janetkuo says that this label is only a short term solution. In the near future, they are going to replace it with revision numbers in daemonset status. We
can then rip this bandaid out.
Fixes#46925
**Release note**:
```release-note
NONE
```
/assign @csbell
/cc @shashidharatd @marun @nikhiljindal @perotinus
/sig federation
Kubernetes daemonset controller writes a daemonset's hash to the object
label as an optimization to avoid recomputing it every time. Adding a
new label to the object that the federation is unaware of causes
problems because federated controllers compare the objects in
federation and their equivalents in clusters and try to reconcile them.
This leads to a constant fight between the federated daemonset
controller and the cluster controllers, and they never reach a stable
state.
Ideally, cluster components should not update an object's spec or
metadata in a way federation cannot replicate. They can update an
object's status though. Therefore, this daemonset hash should be a
field in daemonset's status, not a label in object meta. @janetkuo says
that this label is only a short term solution. In the near future, they
are going to replace it with revision numbers in daemonset status. We
can then rip this bandaid out.
Automatic merge from submit-queue (batch tested with PRs 46235, 44786, 46833, 46756, 46669)
federation: Add admission controller for policy-based placement
@nikhiljindal
Here's the initial version of the scheduling policy admission controller. It's at the point where it would benefit from having another pair of eyes look at it. The main thing I'm unsure of is the serialization of Kube resources for the webhook/query call.
Release Note:
```
The federation-apiserver now supports a SchedulingPolicy admission controller that enables policy-based control over placement of federated resources.
```
Ref #39982
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.
Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
Automatic merge from submit-queue (batch tested with PRs 45871, 46498, 46729, 46144, 46804)
Fix some comments in dnsprovider
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This is part of the namespace deletion big hammer. `kubefed join` not
just creates federation-system namespace, but also cluster role and
cluster role bindings in the joining clusters. Sometimes unjoin fails
to delete them. So we use a big hammer here to delete them.
This smells like a real problem in kubefed and needs investigation.
This is a short term fix to unblock the submit queue.
This is a big hammer. `kubefed join` creates federation-system namespace
in the joining clusters if they don't already exist. This namespace
usually exists in the host cluster and hence cannot be deleted while
unjoining. So in order to be safe, we don't delete the federation-system
namespace from any federated cluster while unjoining them. This causes
a problem in our test environment if certain resources are left in the
namespace. Therefore we are deleting all federation-system namespace in
all the clusters.
PV is a non-namespaced resource. Running `kubectl delete pv --all`, even
with `--namespace` is going to delete all the PVs in the cluster. This
is a dangerous operation and should not be deleted this way.
Instead we now retrieve the PVs bound to the PVCs in the namespace we
are deleteing and delete only those PVs.
Fixes issue #46380.
Automatic merge from submit-queue
Implement Daemonset history
~Depends on #45867 (the 1st commit, ignore it when reviewing)~ (already merged)
Ref https://github.com/kubernetes/community/pull/527/ and https://github.com/kubernetes/community/pull/594
@kubernetes/sig-apps-api-reviews @kubernetes/sig-apps-pr-reviews @erictune @kow3ns @lukaszo @kargakis
---
TODOs:
- [x] API changes
- [x] (maybe) Remove rollback subresource if we decide to do client-side rollback
- [x] deployment controller
- [x] controller revision
- [x] owner ref (claim & adoption)
- [x] history reconstruct (put revision number, hash collision avoidance)
- [x] de-dup history and relabel pods
- [x] compare ds template with history
- [x] hash labels (put it in controller revision, pods, and maybe deployment)
- [x] clean up old history
- [x] Rename status.uniquifier when we reach consensus in #44774
- [x] e2e tests
- [x] unit tests
- [x] daemoncontroller_test.go
- [x] update_test.go
- [x] ~(maybe) storage_test.go // if we do server side rollback~
kubectl part is in #46144
---
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 36721, 46483, 45500, 46724, 46036)
Federation: Minor corrections in service controller and add a unit testcase
**What this PR does / why we need it**:
This PR fixes few outdated comments in federation service controller and few other minor fixes.
This also adds a unit test case to test federated service deletion.
/assign @quinton-hoole
/cc @marun @kubernetes/sig-federation-pr-reviews
```release-note
NONE
```
Automatic merge from submit-queue
Add initializer support to admission and uninitialized filtering to rest storage
Initializers are the opposite of finalizers - they allow API clients to react to object creation and populate fields prior to other clients seeing them.
High level description:
1. Add `metadata.initializers` field to all objects
2. By default, filter objects with > 0 initializers from LIST and WATCH to preserve legacy client behavior (known as partially-initialized objects)
3. Add an admission controller that populates .initializer values per type, and denies mutation of initializers except by certain privilege levels (you must have the `initialize` verb on a resource)
4. Allow partially-initialized objects to be viewed via LIST and WATCH for initializer types
5. When creating objects, the object is "held" by the server until the initializers list is empty
6. Allow some creators to bypass initialization (set initializers to `[]`), or to have the result returned immediately when the object is created.
The code here should be backwards compatible for all clients because they do not see partially initialized objects unless they GET the resource directly. The watch cache makes checking for partially initialized objects cheap. Some reflectors may need to change to ask for partially-initialized objects.
```release-note
Kubernetes resources, when the `Initializers` admission controller is enabled, can be initialized (defaulting or other additive functions) by other agents in the system prior to those resources being visible to other clients. An initialized resource is not visible to clients unless they request (for get, list, or watch) to see uninitialized resources with the `?includeUninitialized=true` query parameter. Once the initializers have completed the resource is then visible. Clients must have the the ability to perform the `initialize` action on a resource in order to modify it prior to initialization being completed.
```
Automatic merge from submit-queue (batch tested with PRs 46239, 46627, 46346, 46388, 46524)
move labels to components which own the APIs
During the apimachinery split in 1.6, we accidentally moved several label APIs into apimachinery. They don't belong there, since the individual APIs are not general machinery concerns, but instead are the concern of particular components: most commonly the kubelet. This pull moves the labels into their owning components and out of API machinery.
@kubernetes/sig-api-machinery-misc @kubernetes/api-reviewers @kubernetes/api-approvers
@derekwaynecarr since most of these are related to the kubelet
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.
Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.
Initialization is currently alpha.
Automatic merge from submit-queue (batch tested with PRs 46801, 45184, 45930, 46192, 45563)
[Federation] Add a SchedulingAdapter that can extend the FederatedTypeAdapter and that provides hooks for scheduling objects into clusters.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
apiserver: add a webhook implementation of the audit backend
This builds off of #45315 and is intended to implement an interfaced defined in #45766.
TODO:
- [x] Rebase on top of API types PR.
- [x] Rebase on top of API types updates (#46065)
- [x] Rebase on top of feature flag (#46009)
- [x] Rebase on top of audit instrumentation.
- [x] Hook up API server flag or register plugin (depending on #45766)
Features issue https://github.com/kubernetes/features/issues/22
Design proposal https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auditing.md
```release-notes
Webhook added to the API server which omits structured audit log events.
```
/cc @soltysh @timstclair @soltysh @deads2k
Automatic merge from submit-queue
Add Local Storage Capacity Isolation API
This PR adds the new APIs to support storage capacity isolation as
described in the proposal [https://github.com/kubernetes/community/pull/306](url)
1. Add SizeLimit for emptyDir volume
2. Add scratch and overlay storage type used by container level or
node level
**Release note**:
```release-note
Alpha feature: Local volume Storage Capacity Isolation allows users to set storage limit to isolate EmptyDir volumes, container storage overlay, and also supports allocatable storage for shared root file system.
```
Automatic merge from submit-queue (batch tested with PRs 46686, 45049, 46323, 45708, 46487)
[Federation][kubefed]: Use StorageClassName for etcd pvc
This PR updates kubefed to use the StorageClassName field [added in 1.6](http://blog.kubernetes.io/2017/03/dynamic-provisioning-and-storage-classes-kubernetes.html
) for etcd's pvc to allow the user to specify which storage class they want to use. If no value is provided to ``kubefed init``, the field will not be set, and initialization of the pvc may fail on a cluster without a default storage class configured.
The alpha annotation that was previously used (``volume.alpha.kubernetes.io/storage-class``) was deprecated as of 1.4 according to the following blog post:
http://blog.kubernetes.io/2016/10/dynamic-provisioning-and-storage-in-kubernetes.html
**Release note**:
```
'kubefed init' has been updated to support specification of the storage class (via --etcd-pv-storage-class) for the Persistent Volume Claim (PVC) used for etcd storage. If --etcd-pv-storage-class is not specified, the default storage class configured for the cluster will be used.
```
cc: @kubernetes/sig-federation-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 46394, 46650, 46436, 46673, 46212)
Write "kubectl options" help message to stdout, not stderr
Fix a very minor issue causing `kubectl` to write its help messages to `stderr` instead of `stdout`.
Try this:
`kubectl options | grep log`
It should print only the options related to logging, but right now it prints the entire help menu (since it's printing to stderr).
This patch brings us closer to unix convention and reduces user friction.
~~Another use case (if a user can't remember whether it's `-r` or `-R` for recursion):~~
~~`kubectl patch -h | grep recursive`~~
Update: this patch only affects `kubectl options`. The other commands are working as intended.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46076, 43879, 44897, 46556, 46654)
Use meta.v1 GroupVersionKind with json tags to generate OpenAPI spec
We are using two different GVK struct in generation of OpenAPI extensions. This PR unify that and also add json tags to meta.v1 GVK to comply with json naming system in other serializations. Also the value of Action extension is now lowercase.
ref: https://github.com/kubernetes/kubernetes/pull/46388
Automatic merge from submit-queue (batch tested with PRs 42240, 46100, 46154, 46431, 45755)
Fix api description in swagger
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46552, 46608, 46390, 46605, 46459)
Move admission lifecycle to genericapi
**What this PR does / why we need it**: ends the whole sequence of moving some admission plugins to generic api.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 45534, 37212, 46613, 46350)
check err
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Automatic merge from submit-queue (batch tested with PRs 46407, 46457)
Remove deletecollection support from namespace object
Namespace storage accidentally picked up deletecollection support from embedding the generic store. If invoked, it skips the custom namespace `Delete()` storage method that enforces finalization, and skips the namespace lifecycle admission plugin that protects immortal namespaces from deletion.
Given the data integrity implications of skipping namespace finalization, I'd backport this as far as we're releasing patch releases.
```release-note
The namespace API object no longer supports the deletecollection operation.
```
Previous behavior was to write to stderr (thanks to the fallback system
in the Cobra library), which made it difficult to grep for flags.
For example:
kubectl options | grep recursive
Automatic merge from submit-queue
Protobuf generation for k8s.io/metrics
This PR introduces protobuf generation for k8s.io/metrics. Doing so required:
- fixing a bug in `go-to-protobuf` causing the `cast{key,value,type}` values to not be quoted when coming from struct tags (and not auto-injection by `go-to-protobuf` itself).
- Making sure the proto IDL in k8s.io/client-go had a package name of `k8s.io.client_go.xyz` and not `k8s.io.kubernetes.xyz`.
Additionally, I updated `go-to-protobuf` to skip functions and non-public types when composing the import list, which cuts down on the more bizarre imports in the IDL (like importing the sample API package in every IDL file because it contained `addToScheme`, like every other API package).
We use `castvalue` to force gogo-proto to realize that it should consider the value of the map which underlies `ResourceList` when calculating which imports need to be named. Otherwise, it ignores the value's type, leading to compilation errors when it later can't find an import it assumed existed. We accidentally didn't hit this in `k8s.io/kubernetes/pkg/api/v1` since another field coincidentally happens to directly use `resource.Quantity` (the value type of `ResourceList`).
**Release note**:
```release-note
NONE
```
This commit regenerates the protobuf as per the recent generation
changes (removing erroneous imports, adding k8s.io/metrics), and
syncs the changes to client-go (which also ensures that client-go
protobuf IDL has the correct package names).
Automatic merge from submit-queue (batch tested with PRs 46252, 45524, 46236, 46277, 46522)
[Federation] Refactor the cluster selection logic in the sync controller
This is intended to make it easier to define the interaction between cluster selection and scheduling preferences in the sync controller when used for workload types.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 46450, 46272, 46453, 46019, 46367)
check err
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
**What this PR does / why we need it**:
When the err in not nil, the podStatus is nil, it is dangerous "podStatus[cluster.Name].RunningAndReady".
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 46450, 46272, 46453, 46019, 46367)
Add ClusterSelector to Ingress Controller
This pull request adds ClusterSelector to the Federated Ingress Controller ref: design #29887
This back ports the same functionality from the sync controller (merged pull #40234) in order to make this feature available across all Controllers for the 1.7 release.
cc: @kubernetes/sig-federation-pr-reviews @shashidharatd
**Release note**:
```
The annotation `federation.alpha.kubernetes.io/cluster-selector` can be used with Ingress objects to target federated clusters by label.
```
Automatic merge from submit-queue (batch tested with PRs 42256, 46479, 45436, 46440, 46417)
move CRD behind TPR
Second attempt at https://github.com/kubernetes/kubernetes/pull/46297
@liggitt since @sttts is out can you take a look and hopefully find me a different, more sane way to do this? It's a little crazy, but I left a large comment explaining why I think its the only way.
Automatic merge from submit-queue
[Federation] Move service dns controller to its own package
This PR does nothing but just moves service dns controller code to its own package.
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-federation-pr-reviews
/assign @marun
Automatic merge from submit-queue
Fix typo in test_helper
`CompareObjectMeta` is comparting Name attribute, but
logging Namespace. Looks like a copy/paste error.
Kubernetes Submit Queue