Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Percent-encode illegal characters in user.Info.Extra keys
This percent-encodes characters in `X-Remote-Extra-` and `Impersonate-Extra-` keys which aren't valid for header names per [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) (plus "%" to avoid breaking keys which contain them). The API server then blindly unescapes these keys.
Reviewer note:
Old clients sending keys which were `%`-escaped by the user will have their values unescaped by new API servers. New clients sending keys containing illegal characters (or "%") to old API servers will not have their values unescaped. This version skew incompatibility is a compromise discussed in #63682.
Fixes#63682
PTAL @mikedanese
**Release note**:
```release-note
action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers.
```
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Azure Go SDK to v19.0.0 and get availability zone for VirtualMachineScaleSetVM
**What this PR does / why we need it**:
Continue of #66242. This PR updates Azure Go SDK to v19.0.0 (with compute API 2018-04-01) and gets availability zones for VirtualMachineScaleSetVM.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones.
```
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Automatic merge from submit-queue (batch tested with PRs 64681, 65907). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a TODO in ValidatingAdmissionWebhook
Tests still passes without this filter.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @sttts
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Autoset OpenAPI version w/o SecurityDefinitions
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present. This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.
**Release note**:
```release-note
Properly autopopulate OpenAPI version field without needing other OpenAPI fields present in generic API server code.
```
Automatic merge from submit-queue (batch tested with PRs 66252, 66518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add missing OrDie variant for dynamic client construction
Generated clients have it and it is very handy for test cases.
```release-note
NONE
```
@kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 66410, 66398, 66061, 66397, 65558). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
dry-run: Create feature-gate flag
Creates a feature gate flag for dry-run. Currently, dry-run query parameter is completely blocking all requests, once the feature is implemented, the flag will allow the parameter to pass if enabled.
cc @jennybuckley @deads2k @liggitt @lavalamp
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
extend timeout to workaround slow arm64 math
**What this PR does / why we need it**:
The math/big functions are slow on arm64. There is improvement coming
with go1.11 but until such time as that version can be used to build releases,
if a server uses rsa certificates on arm64, the math load for the multitude
of watches over-taxes the ability of the processor and the TLS connections
time out. Retries will also not succeed and serve to exacerbate the problem.
By extending the timeout, the TLS connections will eventually be
successful and the load will drop.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64649
**Special notes for your reviewer**:
This was tested on a Raspberry Pi 3
**Release note**:
```release-note
Extend TLS timeouts to work around slow arm64 math/big
```
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
indicate which scheme has conflicting data
An oversight when adding scheme origination to error messages. There are a couple state dependent panics which are useful to gain info on.
@sttts
@kubernetes/sig-api-machinery-misc
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors
**What this PR does / why we need it**:
This is a followup PR for https://github.com/kubernetes/kubernetes/pull/64664 to handle errors returned from `.AddToScheme()` in places where they are not handled.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
/cc @sttts
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present. This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.
The math/big functions are slow on arm64. There is improvement coming
with go1.11 but in the mean time if a server uses rsa certificates on
arm64, the math load for the multitude of watches over taxes the ability
of the processor and the TLS connections time out. Retries will also not
succeed and serve to exacerbate the problem.
By extending the timeout, the TLS connections will eventually be
successful and the load will drop.
Fixes#64649
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixes operation for "create on update"
**What this PR does / why we need it**:
Set operation to `admission.Create` for create-on-update requests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65553
**Special notes for your reviewer**:
**Release note**:
```release-note
Checks CREATE admission for create-on-update requests instead of UPDATE admission
```
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix kube-aggregator dailer
Fixes: https://github.com/kubernetes/kubernetes/issues/65848
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace info log with warn log
**What this PR does / why we need it**:
Replace info log with warn log
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59356
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix TestWantsExternalKubeClientSet describe clientset typo
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery/pkg/runtime/doc: Split list into paragraphs
[Godoc uses go/doc][1] to convert comments to HTML, and go/doc [has no markup for lists][2]. With the previous comment, the lack of paragraph-splitting lines between the list entries was leading to entries 0, 1, etc. being formatted as a single paragraph. And the hanging indents for entry 3, etc. were leading to formatting within `<pre>` blocks:
```console
$ curl -s https://godoc.org/k8s.io/apimachinery/pkg/runtime | grep -B1 -A7 'Your API objects'
<p>
0. Your API objects have a common metadata struct member, TypeMeta.
1. Your code refers to an internal set of API objects.
2. In a separate package, you have an external set of API objects.
3. The external set is considered to be versioned, and no breaking
</p>
<pre>changes are ever made to it (fields may be added but not changed
or removed).
</pre>
```
```release-note
NONE
```
[1]: https://godoc.org/golang.org/x/tools/cmd/godoc
[2]: https://golang.org/pkg/go/doc/#ToHTML
reflect.Call is very expensive. We currently use a switch block as part
of AddGenericConversionFunc to avoid the bulk of top level a->b
conversion for our primary types. Instead of having these be
handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach). The
conversion machinery would then do a simple map lookup and invoke the
function. This bypasses reflect.Call and in the future allows Golang
mid-stack inlining to optimize this code.
As a future step we can drop support for the reflection path and simply
return a nice error "you must write a generator for your type".
Godoc uses go/doc to convert comments to HTML [1], and go/doc has no
markup for lists [2]. With the previous comment, the lack of
paragraph-splitting lines between the list entries was leading to
entries 0, 1, etc. being formatted as a single paragraph. And the
hanging indents for entry 3, etc. were leading to formatting within
<pre> blocks:
$ curl -s https://godoc.org/k8s.io/apimachinery/pkg/runtime | grep -B1 -A7 'Your API objects'
<p>
0. Your API objects have a common metadata struct member, TypeMeta.
1. Your code refers to an internal set of API objects.
2. In a separate package, you have an external set of API objects.
3. The external set is considered to be versioned, and no breaking
</p>
<pre>changes are ever made to it (fields may be added but not changed
or removed).
</pre>
[1]: https://godoc.org/golang.org/x/tools/cmd/godoc
[2]: https://golang.org/pkg/go/doc/#ToHTML
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix fake dynamic client listing bug
The fake dynamic client used for unit testing had a bug that prevented list from working. Added a test and fixed the fake client.
@kubernetes/sig-api-machinery-bugs
/assign @tnozicka
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update openapi and doc to reflect 202 path in API server delete handler
**What this PR does / why we need it**:
Our API server returns 202 Accepted if a delete operation is asynchronous, but it is not reflected in our openapi spec and documentation. This PR adds 202 path in endpoint installer and updates our openapi spec and docs. The change in openapi spec may affect some clients that depend on the error paths. [Python client](e057f27306/kubernetes/client/api_client.py (L97-L102)) only depends on response type, which is not changed in this PR. Sending this PR to see if it breaks client-go.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref https://github.com/kubernetes/kubernetes/issues/33196
**Special notes for your reviewer**:
**Release note**:
```release-note
OpenAPI spec and documentation reflect 202 Accepted response path for delete request
```
Automatic merge from submit-queue (batch tested with PRs 66212, 66256, 66263, 66193). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove useless codec param from strategicPatchObject
**What this PR does / why we need it**:
`codec` param is not used, and was introduced in 2016.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66212, 66256, 66263, 66193). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
client-go: fix error message spelling in rest config
**What this PR does / why we need it**:
Fixing spelling because it offends the eye.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
