Automatic merge from submit-queue (batch tested with PRs 65507, 65508, 65486). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
show type differences in reflect diff
helps debugging type coercion round-tripping issues
/assign @smarterclayton
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65404, 65323, 65468). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Collapse the list and watch resource version parse
**What this PR does / why we need it**:
Collapse the list and watch resource version parse, as discuss in [#64513](https://github.com/kubernetes/kubernetes/pull/64513#issuecomment-399380988)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add user-agent to audit-logging
**What this PR does / why we need it**:
Add User-Agent to audit event.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64791
**Special notes for your reviewer**:
**Release note**:
```release-note
Add user-agent to audit-logging.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: enable CoreAPI options needed for admission
Admission webhooks need the client and the shared informers for kube resources. The comment is invalid and we have to enable the CoreAPI options.
This PR is important to run apiextensions-apiserver in a standalone integration test setup.
The fakeclient package does not have any non-test go files. This
causes `go build` to give a warning: `no non-test Go files in ...`.
This also causes the publishing bot to fail.
This PR adds a dummy doc.go file in the package to avoid this warning.
Automatic merge from submit-queue (batch tested with PRs 64122, 64936, 65288, 65383). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Consume watch event for all versions of CRD
The new test code to fix flaky test were considered CRD version but failed to consume watch cache event in all versions.
Fixes#64571
@sttts @liggitt
Automatic merge from submit-queue (batch tested with PRs 61330, 64793, 64675, 65059, 65368). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
legacy api endpoints only support v1 ever
The legacy API endpoint should only ever have a v1. This removes flexibility we don't need or want.
@kubernetes/sig-api-machinery-pr-reviews
@sttts
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65301, 65291, 65307, 63845, 65313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add client-go example using fake client in test.
**What this PR does / why we need it**:
This adds an example showing the steps needed to get a working
SharedInformerFactory with a fake client for testing.
**Special notes for your reviewer**:
I had a really hard time figuring out how to use this utility correctly. I don't think this example is sufficient documentation, but it's a good start.
**Release note**:
```release-note
NONE
```
/sig api-machinery
/kind documentation
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused code in runtime/scheme_test.go
**What this PR does / why we need it**:
remove unused code in runtime/scheme_test.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65064, 65218, 65260, 65241, 64372). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix scale io volume source spec
**What this PR does / why we need it**:
> FSType
Implicitly inferred to be "ext4" if unspecified.
Actually the default value to "xfs".
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65187, 65206, 65223, 64752, 65238). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
sample-apiserver: Add RBAC roles and ClusterRoleBindings for Admission Webhooks
**What this PR does / why we need it**:
When you run the `sample-apiserver` using the [manifests provided in the artifacts directory](https://github.com/kubernetes/sample-apiserver/tree/master/artifacts/example), you will get the following errors, related to insufficient permissions to list Namespaces and Admission Webhooks:
```
E0619 07:43:06.422862 1 reflector.go:205] k8s.io/sample-apiserver/vendor/k8s.io/client-go/informers/factory.go:130: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:wardle:apiserver" cannot list namespaces at the cluster scope
E0619 07:43:06.423981 1 reflector.go:205] k8s.io/sample-apiserver/vendor/k8s.io/client-go/informers/factory.go:130: Failed to list *v1beta1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:wardle:apiserver" cannot list mutatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
E0619 07:43:07.424130 1 reflector.go:205] k8s.io/sample-apiserver/vendor/k8s.io/client-go/informers/factory.go:130: Failed to list *v1beta1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:wardle:apiserver" cannot list validatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
```
This PR adds two manifests, `rbac.yaml` containing the RBAC rules, and `rbac-bind.yaml` used to bind roles to the `wardle` service account.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: None
**Release note**:
```release-note
NONE
```
/assign @sttts @deads2k
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 65152, 65199, 65179, 64598, 65216). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix MaxAge default audit log option
Fix typo in flag default.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
etcd: reuse leases for keys in a time window
Reuse leases for keys in a time window, to reduce the overhead to etcd
caused by using massive number of leases
Fixes#47532
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65116, 61718, 65140, 65128, 65099). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: add context to authn/authz kubeconfig errors
Before this the user only saw messages about in-cluster config, but didn't know which.
Automatic merge from submit-queue (batch tested with PRs 65116, 61718, 65140, 65128, 65099). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: add update to testSimpleCRUD (again?)
Did we ever have that before cleanups/refactorings?
Automatic merge from submit-queue (batch tested with PRs 65265, 64822, 65026, 65019, 65077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Correct several mistakes in the comments/doc for PollImmediate.
**What this PR does / why we need it**:
The wait.PollImmediate(...) docs refer to the Poll(...) function by mistake which is confusing. This PR fixes that issue.
**Release note**:
```release-note
Corrected a mistake in the documentation for wait.PollImmediate(...)
```
Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use actual etcd client for /healthz/etcd checks
* avoids redialing etcd on every health check (which makes slow DNS a false-positive healthz failure)
* ensures etcd TLS setup is correct (errors verifying the etcd API or sending client credentials manifest as healthz failures)
* ensures the etcd cluster is actually responsive
fixes#64909
```release-note
Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API
```
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enhance leaderelection code
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Quiet verbose apiserver logs
In our production environments, these three lines accounted for ~10 logged lines per second at --v=2
Something that verbose per-request should be at a higher verbosity log level
/cc @eparis
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 64285, 63660, 63661, 63662, 64883). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix up legacy printer table adapter
As server-side printing is more widespread, downstream consumers will start leaning on this adapter to transform client-side printers to server-side printers.
This PR:
* Set the name format correctly on column 0
* Tolerates case-differences in the column 0 name (many old printers used NAME)
* Set ListMeta continue/resourceVersion/selfLink correctly when adapting a legacy printer
/cc @smarterclayton
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Report parsing error in json serializer
**What this PR does / why we need it**:
Fixes missing error reporting in json parsing using the json-iterator library. Also introduces a private copy of the library config to partially shield from external mutations. https://github.com/json-iterator/go/issues/265.
**Special notes for your reviewer**:
Found while working on refactoring in https://github.com/kubernetes/kubernetes/pull/63284.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
/cc wojtek-t liggitt
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cancellable leader election
**What this PR does / why we need it**:
Adds ability to cancel leader election. Useful in integration tests where the whole app is started and stopped in each test.
**Special notes for your reviewer**:
I used the `context` package - it is impossible/hard to achieve the same behaviour with just channels without spawning additional goroutines but it is trivial with `context`. See `acquire()` and `renew()` methods.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix CRD OpenAPI schema
fixes#65243
depends on https://github.com/kubernetes/kube-openapi/pull/84
without this PR, kubectl complains about creating this CRD with a validation schema (which worked in 1.10):
```yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: resources.mygroup.example.com
spec:
group: mygroup.example.com
version: v1alpha1
scope: Namespaced
names:
plural: resources
singular: resource
kind: Kind
listKind: KindList
validation:
openAPIV3Schema:
properties:
spec:
type: array
items:
type: number
```
> error: error validating "/Users/jliggitt/projects/snippets/crd/crd.yaml": error validating data: [ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): unknown field "type" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "Schema" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray, ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.items): missing required field "JSONSchemas" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray]; if you choose to ignore these errors, turn validation off with --validate=false
that is because the types used to serialize JSONSchema require custom marshaling/unmarshaling, and the OpenAPI generator was not informed of that, so it produced this:
```json
{
"io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaPropsOrArray": {
"description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.",
"required": [
"Schema",
"JSONSchemas"
],
"properties": {
"JSONSchemas": {
"type": "array",
"items": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
},
"Schema": {
"$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps"
}
}
}
}
```
OpenAPI isn't able to represent oneOf/anyOf types correctly currently. Until it can, we definitely shouldn't publish a schema containing required fields which aren't even part of the JSON serialization. This PR implements custom openapi type functions, which omit the properties/required/schema attributes for four specific JSONSchema types. This allows kubectl to continue creating these objects without complaining.
/sig api-machinery
/assign @sttts
```release-note
fixed incorrect OpenAPI schema for CustomResourceDefinition objects
```
Automatic merge from submit-queue (batch tested with PRs 58690, 64773, 64880, 64915, 64831). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: unify accessors to not deepcopy
The Get/SetOwnerReferences accessor funcs do deepcopies, in contrast to all other accessor funcs of metav1.ObjectMeta. For unstructured.Unstructured we naturally do deepcopies.
In other words: the interface does guarantee neither the first nor the second.
This PR documents this and remove the unneccessary deepcopy for owner references (which leads to huge heap allocation e.g. in the DaemonSet controller).
This is for post-1.11. **do not assign a milestone**.
```dev-release-note
The metav1.ObjectMeta accessor does not deepcopy owner references anymore. In general, the accessor interface does not enforce deepcopy nor does it forbid it (e.g. for unstructured.Unstructured).
```
Automatic merge from submit-queue (batch tested with PRs 64882, 64692, 64389, 60626, 64840). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[minor] apimachinery: remove note for quota serialization
Fixes#53503
We are way ahead of 1.5 now.
**Release note**:
```release-note
NONE
```
/cc sttts
Automatic merge from submit-queue (batch tested with PRs 64416, 63625, 60967, 64767, 64588). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Collapse memcached discovery client onto parallelized discovery method
```release-note
NONE
```
