Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Workloads V1
**What this PR does / why we need it**: This PR promotes the Deployment, ReplicaSet, and DaemonSet StatefulSet, ControllerRevision kinds to the apps/v1 group version.
https://github.com/kubernetes/features/issues/353
**Special notes for your reviewer**:
There will be at least two followups to this PR. The first to add a scale sub-resource when the correct location is resolved, and the second to deal with Conditions in the workloads API.
While it would have been preferable to move the kinds individually providing a lesser burden on reviewers, this proved impracticable due to the intricacies of version resolution in kubectl for objects of the different kinds in the same group.
```release-note
DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate ipvs scheduler
**What this PR does / why we need it**:
validate ipvs scheduler options
**Which issue this PR fixes**:
closes#53975
**Special notes for your reviewer**:
It depends on work of #53780.
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update many misspelled word initializer
**What this PR does / why we need it**:
fix misspelled word initalizer
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
``` NONE
```
Automatic merge from submit-queue (batch tested with PRs 52556, 52897, 54342). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix broken links in api after moving proposals to subdirs
**What this PR does / why we need it**:
fix incorrect links in api after kubernetes/community#1010
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes/community#918
**Special notes for your reviewer**:
CC @bgrant0607
**Release note**:
```
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53743, 53564). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Polymorphic Scale Client
This PR introduces a polymorphic scale client based on discovery information that's able to scale scalable resources in arbitrary group-versions, as long as they present the scale subresource in their discovery information.
Currently, it supports `extensions/v1beta1.Scale` and `autoscaling/v1.Scale`, but supporting other versions of scale if/when we produce them should be fairly trivial.
It also updates the HPA to use this client, meaning the HPA will now work on any scalable resource, not just things in the `extensions/v1beta1` API group.
**Release note**:
```release-note
Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group.
```
Unblocks #29698
Unblocks #38756
Unblocks #49504Fixes#38810
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
clean up pkg/apis/meta/v1/time.go
This file has been moved to staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/time.go
**Release note**:
```
NONE
```
/assign @sttts
This updates the HPA controller to use the polymorphic scale client from
client-go. This should enable HPAs to work with arbitrary scalable
resources, instead of just those in the extensions API group (meaning we
can deprecate the copy of ReplicationController in extensions/v1beta1).
It also means that the HPA controller now pays attention to the
APIVersion field in `scaleTargetRef` (more specifically, the group part
of it).
Note that currently, discovery information on which resources are
available where is only fetched once (the first time that it's
requested). In the future, we may want a refreshing discovery REST
mapper.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow fail close webhook admission
Webhook admission needs to allow failing closed. Even in an alpha state, I don't want to be one DDOS away from having an exposed cluster.
/assign caesarxuchao
/assign sttts
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow */subresource in rbac policy rules
xref #29698
xref #38756
xref #49504
xref #38810
Allow `*/subresource` format in RBAC policy rules to support polymorphic subresources like `*/scale` for HPA.
@DirectXMan12 fyi
```release-note
RBAC PolicyRules now allow resource=`*/<subresource>` to cover `any-resource/<subresource>`. For example, `*/scale` covers `replicationcontroller/scale`.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme
This serves as
- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
left depenncies.
The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
Automatic merge from submit-queue (batch tested with PRs 51416, 53535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
PodSecurityPolicy: teach fuzzer about fsGroup/supplementalGroups strategies
**What this PR does / why we need it**:
At present, fuzzer for PSP doesn't take into account `fsGroup`/`supplementalGroups` strategies. This PR teach fuzzer about these strategies in order to have ability to catch more possible errors.
**Special notes for your reviewer**:
Let me know if you think that we need to cover more (all?) fields in the PSP.
**Release note**:
```release-note
NONE
```
PTAL @pweil- @sttts
CC @simo5
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make HPA tolerance a flag
**What this PR does / why we need it**:
Make HPA tolerance configurable as a flag. This change allows us to use
different tolerance values in production/testing.
**Which issue this PR fixes**:
Fixes#18155
**Release note:**
```release-note
Control HPA tolerance through the `horizontal-pod-autoscaler-tolerance` flag.
```
Signed-off-by: mattjmcnaughton <mattjmcnaughton@gmail.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update rules_go, repo-infra, and rules_docker dependencies
**What this PR does / why we need it**: several of our bazel dependencies were getting pretty old, since they required bazel 0.5.4+ but there were various failures if we tried to use them with bazel 0.5.4.
Now that bazel 0.6.0 (and 0.6.1) have been out for a while, we can bump our dependencies and get a number of fixes and new functionality.
x-ref #52677 and others
**Special notes for your reviewer**:
* This will now explicitly require bazel 0.6.0+ to build kubernetes.
* Our staging directories are causing some issues for `gazelle`; it wants to set `importpath = "k8s.io/kubernetes/staging/src/k8s.io/blah"` instead of `importpath = "k8s.io/blah"`. I'm not sure what is the correct way to fix this; what we're doing here is pretty weird and nonstandard. I've used a `sed` substitution for now.
* The `-proto=default` option of `gazelle` has a number of bugs right now (https://github.com/bazelbuild/rules_go/issues/888, https://github.com/bazelbuild/rules_go/issues/900, https://github.com/bazelbuild/rules_go/issues/907), so I am forcing the legacy behavior.
**Release note**:
```release-note
NONE
```
/assign @mikedanese @spxtr @BenTheElder
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove redundant error test case in autoscaling validation
Signed-off-by: allencloud <allen.sun@daocloud.io>
**What this PR does / why we need it**:
I think the error test case I removed is the same as https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/autoscaling/validation/validation_test.go#L393-L412 .
So maybe removal of this part is proper, since it would reduce the codes and save a little bit time in testing.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53525, 53652). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apimachinery: remove ObjectCopier interface(s)
The big commit is a mechanical, transitive removal of the copier interfaces in all structs and function calls.
Automatic merge from submit-queue (batch tested with PRs 53454, 53446, 52935, 53443, 52917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use pointer for PSP allow escalation
Fixes#53437
The `AllowPrivilegeEscalation` field was added to PodSpec and PodSecurityPolicySpec in 1.8.0.
In order to remain compatible with pre-1.8.0 behavior, PodSecurityPolicy objects created against a previous release must not restrict this field, which means the field must default to true in PodSecurityPolicySpec. However, the field was added as a `bool`, not a `*bool`, which means that no defaulting is possible.
We have two options:
1. Require all pre-existing PodSecurityPolicy objects that intend to allow privileged permissions to update to set this new field to true
2. Change the field to a `*bool` and default it to true.
This PR does the latter. With this change, we have the following behavior:
A 1.8.1+ client/server now has three ways to serialize:
* `nil` values are dropped from serialization (because `omitempty`), which is interpreted correctly by other 1.8.1+ clients/servers, and is interpreted as false by 1.8.0
* `false` values are serialized and interpreted correctly by all clients/servers
* `true` values are serialized and interpreted correctly by all clients/servers
A 1.8.0 client/server has two ways to serialize:
* `false` values are dropped from serialization (because `omitempty`), which is interpreted as `false` by other 1.8.0 clients/servers, but as `nil` (and therefore defaulting to true) by 1.8.1+ clients/servers
* `true` values are serialized and interpreted correctly by all clients/servers
The primary concern is the 1.8.0 server dropping the `false` value from serialization, but I consider the compatibility break with pre-1.8 behavior to be more severe, especially if we can resolve the regression in an immediate point release.
```release-note
PodSecurityPolicy: Fixes a compatibility issue that caused policies that previously allowed privileged pods to start forbidding them, due to an incorrect default value for `allowPrivilegeEscalation`. PodSecurityPolicy objects defined using a 1.8.0 client or server that intended to set `allowPrivilegeEscalation` to `false` must be reapplied after upgrading to 1.8.1.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
moves admission.v1alpha1.NewAdmissionReview method to webhook plugin
**What this PR does / why we need it**:
this is necessary, because the webhook plugin will be moved down to apiserver.
**Release note**:
```
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some typos in api/types
**What this PR does / why we need it**:
Fix some typos in api/types
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53420
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
