Automatic merge from submit-queue (batch tested with PRs 61183, 58807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add RBAC information to audit logs
Depends on: https://github.com/kubernetes/kubernetes/pull/58806
**Release note**:
```release-note
RBAC information is included in audit logs via audit.Event annotations:
authorization.k8s.io/decision = {allow, forbid}
authorization.k8s.io/reason = human-readable reason for the decision
```
Automatic merge from submit-queue (batch tested with PRs 61400, 61048). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: cancel context on timeout in WithTimeoutForNonLongRunningRequests
Requests that block time out after 60sec, but keep the handler body running. This can lead to exhaustion of clients or other leaks. This PR adds a cancel func to the context of the request and calls it on timeout.
Note: we still do our own timeout handling as we don't trust the context to really cancel every blocking call we do.
This might explain why we see so many handler backtraces like https://gist.github.com/sttts/0ce972dc8a7911e4ca9eea7bf1ded5fa when an etcd node goes down with a hard poweroff. But it does not explain why we see oc to block for 15 minutes.
Automatic merge from submit-queue (batch tested with PRs 61400, 61048). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-gen: allow specifying custom resync periods for certain informer types
**What this PR does / why we need it**:
This PR extends the informer code-generator to allow the consumer to specify a custom resync period for certain informer types and uses the default resync period if none is defined.
**Special notes for your reviewer**:
Example:
```go
cs := clientset.NewForConfigOrDie(config)
resyncConfig := externalversions.ResyncConfiguration{
&samplev1alpha1.Sample{}: 30 * time.Second,
}
informer := externalversions.NewSharedInformerFactory(cs, 2*time.Minute, externalversions.WithCustomResyncConfig(resyncConfig))
```
**Release note**:
```release-note
NONE
```
- unify test cases
- remove broken VersionedAttributes override abstraction
This overriding had no effect. The versioned.Attributes were never
used as admission.Attributes.Better make the versioned objects
explicit than hiding them under a wrong abstraction.
- remove wrapping of scheme.Convert
- internalize conversion package
Automatic merge from submit-queue (batch tested with PRs 60102, 59970, 60021, 62011, 62080). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
sample-controller: add status subresource support
Builds on top of https://github.com/kubernetes/kubernetes/pull/55168.
**DO NOT MERGE** until https://github.com/kubernetes/kubernetes/pull/55168 is merged. Adding a hold.
/hold
Update: It is now merged! 🎉
This PR:
- Adds an example to show how to use the `/status` subresource with custom resources.
- Generates `UpdateStatus` for the `Foo` resource.
- Updates the comment in the controller to mention that `UpdateStatus` can now be used. Note: this is not enabled by default because subresources require the feature gate to be enabled and are not on by default.
- Updates the README to add feature gate information and examples for `CustomResourceSubresources`.
- Updates the README to remove feature gate information for CRD validation since the current example uses `apps/v1` deployments (and thus requires v1.9 anyway).
**Release note**:
```release-note
NONE
```
/assign sttts munnerz
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updated the "create-update-delete-deployment" example to use apps/v1 and removed rollback example
**What this PR does / why we need it**:
*Waiting for migration to apps/v1*
> The current example at [create-update-delete-deployment/main.go](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/examples/create-update-delete-deployment/main.go) was using `RollbackTo` of `v1beta1.DeploymentSpec` which is deprecated.
The current implementation upgrades `create-update-delete-deployment` main.go to use **apps/v1** instead of **extensions/v1beta1** and removed rollback example for now.
**Which issue(s) this PR fixes**
Helps kubernetes/client-go#346
**Special notes for your reviewer**:
Since it's my first PR dealing with codebase and not a typo fix :xD please let me know my mistakes.
I would love to resolve them.
@nikhita @sttts @jekohk Please review. The other PR #59663 got closed accidentally while changing branch.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make UnstructuredContent return contents without mutating the source
**What this PR does / why we need it**:
This PR solves the issues described in #56316
Before this change:
- A call to `UnstructuredContent()` potentially modified `Object`
- The values returned by `UnstructuredContent()` could be manipulated to modify the value in `Object`. Going through the history it looks like this behavior was added before the addition of `SetUnstructuredContent()`. IMO it makes more sense now to use `SetUnstructuredContent()` or make changes to the exposed `Object` property
- `UnstructuredList` did not implement the behavior described in the godoc. The godoc stated that the value returned should be mutable, but if u.Object == nil the map returned had no effect on Object
With this PR I'm proposing `UnstructuredContent()` returns the data without providing the contract of a mutable map. It also ensures all implementations of the `Unstructured` interface abide by the doc
**Which issue(s) this PR fixes**:
Fixes#56316
**Special notes for your reviewer**:
This PR continues work started in #57713.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
/cc sttts deads2k
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add a func to merge multiple Strategic Merge Patches into one patch
This PR is adding a function similar to 9fa11df836/merge.go (L95-L100)
It merges multiple SMPs and yield another SMP.
This PR has no risk to existing SMP code.
```release-note
NONE
```
/cc @apelisse
/assign @pwittrock
Automatic merge from submit-queue (batch tested with PRs 61705, 61609, 62103, 62113, 62115). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused function getEncodedPod in etcd_helper_test.go
**What this PR does / why we need it**:
remove unused function getEncodedPod in etcd_helper_test.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: add warning about not trusting authz of aggregator
The aggregator does authorization for proxied resources. But aggregated apiservers should not depend on it, but do delegated authorization in addition.
```release-note
Add warnings that authors of aggregated API servers must not rely on authorization being done by the kube-apiserver.
```
Automatic merge from submit-queue (batch tested with PRs 61959, 62037). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump godep version to v80
**What this PR does / why we need it**:
Update the minimum godep, to v80 (supposed to be the final version).
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62049, 62085). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes incorrect atomic usage
Fixes incorrect assignment for atomic increment.
NOTE: This will be a vet error in go version 1.10.
ERROR: "direct assignment to atomic value".
No other erroneous atomic assignments found.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61818, 61800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace gopass.GetPasswdMasked() by terminal.ReadPassword()
**What this PR does / why we need it**:
Replace `gopass.GetPasswdMasked()` used for reading passwords from the terminal with [`terminal.ReadPassword()`](https://godoc.org/golang.org/x/crypto/ssh/terminal#ReadPassword). This removes the `gopass` import.
**Special notes for your reviewer**:
Ran the following commands to update `godep` files:
```
./hack/godep-restore.sh -v
./hack/godep-save.sh
./hack/update-staging-godeps.sh
./hack/update-bazel.sh
```
/sig auth
/kind enhancement
/assign @ericchiang
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61498, 62030). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Delete in-tree support for NVIDIA GPUs.
This removes the alpha Accelerators feature gate which was deprecated in 1.10 (#57384).
The alternative feature DevicePlugins went beta in 1.10 (#60170).
Fixes#54012
```release-note
Support for "alpha.kubernetes.io/nvidia-gpu" resource which was deprecated in 1.10 is removed. Please use the resource exposed by DevicePlugins instead ("nvidia.com/gpu").
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken link
**What this PR does / why we need it**:
Fix broken link for `versioning.md`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tolerate 406 mime-type errors attempting to load new openapi schema
Fixes#61805Fixes#61943
```release-note
kubectl: improves compatibility with older servers when creating/updating API objects
```
Automatic merge from submit-queue (batch tested with PRs 61894, 61369). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use range in loops; misc fixes
**What this PR does / why we need it**:
It is cleaner to use `range` in for loops to iterate over channel until it is closed.
**Release note**:
```release-note
NONE
```
/kind cleanup
Automatic merge from submit-queue (batch tested with PRs 54997, 61869, 61816, 61909, 60525). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove alpha annotation for volume node affinity
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubernetes/issues/61785
**Special notes for your reviewer**:
/assign @msau42
**Release note**:
```release-note
ACTION REQUIRED: Alpha annotation for PersistentVolume node affinity has been removed. Update your PersistentVolumes to use the beta PersistentVolume.nodeAffinity field before upgrading to this release
```
