Automatic merge from submit-queue
copy pkg/util/logs to apiserver
This is a copy, not a move. API servers need to be able to init the logs, but so do clients. It would be weird to have the client-side commands depending on the server side logs utilities.
I updated all the server side references, but left the client-side ones.
@sttts @kubernetes/sig-api-machinery-pr-reviews acceptable?
Automatic merge from submit-queue
updated docs in roundtrip.go to correct names
**What this PR does / why we need it**: updated docs in roundtrip.go to correct names.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
BootstrapSigner and TokenCleaner controllers
This is part of https://github.com/kubernetes/features/issues/130 and is an implementation of https://github.com/kubernetes/community/pull/189.
Work that needs to be done yet in this PR:
* [ ] ~~e2e tests~~ Will come in new PR.
* [x] flag to disable this by default
```release-note
Native support for token based bootstrap flow. This includes signing a well known ConfigMap in the `kube-public` namespace and cleaning out expired tokens.
```
@kubernetes/sig-cluster-lifecycle @dgoodwin @roberthbailey @mikedanese
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
Register deepcopy and defaulter funcs for metav1
Houston, we've had a problem here. ObjectMeta had used the reflection fallback path for deepcopy for probably some time.
Remark: my original plan for https://github.com/kubernetes/kubernetes/pull/36412 was/is to rebase that during the master branch freeze for 1.6 and get it merged just before master opens again. Otherwise, I fear it will be rebase hell. With https://github.com/kubernetes/kubernetes/pull/36412 these kind of errors are not possible anymore.
Automatic merge from submit-queue (batch tested with PRs 38252, 41122, 36101, 41017, 41264)
fix bug of runServer function in server.go
What this PR does / why we need it:
use parameter network instead of hardcode 'tcp' / the parameter network here is not equal to 'tcp'
**Special notes for your reviewer**:
NONE
**Release note**:
NONE
Automatic merge from submit-queue (batch tested with PRs 41112, 41201, 41058, 40650, 40926)
make round trip testing generic
RoundTrip testing is something associated with a scheme and everyone who writes an API will want to do it. In the end, we should wire each API group separately in a test scheme and have them all call this general function. Once `kubeadm` is out of the main scheme, we'll be able to remove the one really ugly hack.
@luxas @sttts @kubernetes/sig-apimachinery-pr-reviews @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 41121, 40048, 40502, 41136, 40759)
Shared informer custom resync periods
**What this PR does / why we need it**: add the ability for event handlers to specify their own distinct resync periods to a shared informer
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#26406
**Special notes for your reviewer**:
This is part of my series of PRs to convert as much of the code base to using generated shared informers as possible. Assuming this merges, we'll also need #40385, and I'll probably close#40097 and replace it with a series of individual PRs (1 per controller change).
Assuming we get close to agreement on the implementation, I can look at adding more unit tests.
**Release note**:
```release-note
```
@smarterclayton @deads2k @liggitt @sttts @derekwaynecarr @pmorie @lavalamp @wojtek-t @gmarek @timothysc @jayunit100 @kubernetes/sig-api-machinery-pr-reviews @kubernetes/sig-scalability-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 41121, 40048, 40502, 41136, 40759)
add k8s.io/sample-apiserver to demonstrate how to build an aggregated API server
builds on https://github.com/kubernetes/kubernetes/pull/41093
This creates a sample API server is a separate staging repo to guarantee no cheating with `k8s.io/kubernetes` dependencies. The sample is run during integration tests (simple tests on it so far) to ensure that it continues to run.
@sttts @kubernetes/sig-api-machinery-misc ptal
@pwittrock @pmorie @kris-nova an aggregated API server example that will stay up to date.
Add the ability for each event handler of a shared informer to specify
its own resync period. If not specified, a handler will resync at the
informer's default interval.
Automatic merge from submit-queue (batch tested with PRs 40873, 40948, 39580, 41065, 40815)
Make DeltaFIFO Resync atomic
Make DeltaFIFO's Resync operation atomic, so it enqueues the entire
queue before allowing adds/updates/deletes.
I'm hoping to use this to help with custom resync periods for multiple event handlers against a single shared informer (see https://github.com/kubernetes/kubernetes/pull/40759#pullrequestreview-19598213 for the motivation).
@lavalamp @smarterclayton @deads2k @liggitt @sttts @timothysc @wojtek-t @gmarek @kubernetes/sig-api-machinery-pr-reviews @kubernetes/sig-scalability-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)
Add more options to the RecommendedOptions struct.
Builds on https://github.com/kubernetes/kubernetes/pull/41028
Adds `AuditOptions` to the `RecommendedOptions`
@sttts @kubernetes/sig-api-machinery-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)
Add unit tests for interactive edit command
Before updating edit to use unstructured objects and use generic JSON patching, we need better test coverage of the existing paths. This adds unit tests for the interactive edit scenarios.
This PR adds:
* Simple framework for recording tests for interactive edit:
* record.go is a tiny test server that records editor and API inputs as test expectations, and editor and API outputs as playback stubs
* record_editor.sh is a shell script that sends the before/after of an interactive `vi` edit to the test server
* record_testcase.sh (see README) starts up the test server, sets up a kubeconfig to proxy to the test server, sets EDITOR to invoke record_editor.sh, then opens a shell that lets you use `kubectl edit` normally
* Adds test cases for the following scenarios:
- [x] no-op edit (open and close without making changes)
- [x] try to edit a missing object
- [x] edit single item successfully
- [x] edit list of items successfully
- [x] edit a single item, submit with an error, re-edit, submit fixed successfully
- [x] edit list of items, submit some with errors and some good, re-edit errors, submit fixed
- [x] edit trying to change immutable things like name/version/kind, ensure preconditions prevent submission
- [x] edit in "create mode" successfully (`kubectl create -f ... --edit`)
- [x] edit in "create mode" introducing errors (`kubectl create -f ... --edit`)
* Fixes a bug with edit printing errors to stdout (caught when testing stdout/stderr against expected output)
Follow-ups:
- [ ] clean up edit code path
- [ ] switch edit to use unstructured objects
- [ ] make edit fall back to jsonmerge for objects without registered go structs (TPR, unknown versions of pods, etc)
- [ ] add tests:
- [ ] edit TPR
- [ ] edit mix of TPR and known objects
- [ ] edit known object with extra field from server
- [ ] edit known object with new version from server
Automatic merge from submit-queue (batch tested with PRs 41061, 40888, 40664, 41020, 41085)
move --runtime-config to kubeapiserver
`--runtime-config` is only useful if you have a lot of API groups in one server. If you have a single API group in your server (the vast majority of aggregated API servers), then the flag is unneeded and relatively complex. This moves it to closer to point of use.
@sttts
Automatic merge from submit-queue (batch tested with PRs 41061, 40888, 40664, 41020, 41085)
Allow values to be wrapped prior to serialization in etcd
This adds a new value transformer to the etcd2 store that can transform
the value from etcd on read and write. This will allow the store to
implement encryption at rest or otherwise transform the value prior to
persistence.
* [x] etcd3 store
* [x] example of transformation
* [x] partial error handling
This is in support of #12742
Automatic merge from submit-queue (batch tested with PRs 41023, 41031, 40947)
apiserver command line options lead to config
Logically command line options lead to config, not the other way around. We're clean enough now we can actually do the inversion.
WIP because I have some test cycles to fix, but this is all the meat.
@kubernetes/sig-api-machinery-misc
Automatic merge from submit-queue (batch tested with PRs 40980, 40985)
added short names for resources which are exposed during discovery
**What this PR does / why we need it**:
The changes add short names for resources. The short names will be delivered to kubectl during discovery.
Automatic merge from submit-queue
federation: Refactoring namespaced resources deletion code from kube ns controller and sharing it with fed ns controller
Ref https://github.com/kubernetes/kubernetes/issues/33612
Refactoring code in kube namespace controller to delete all resources in a namespace when the namespace is deleted. Refactored this code into a separate NamespacedResourcesDeleter class and calling it from federation namespace controller.
This is required for enabling cascading deletion of namespaced resources in federation apiserver.
Before this PR, we were directly deleting the namespaced resources and assuming that they go away immediately. With cascading deletion, we will have to wait for the corresponding controllers to first delete the resources from underlying clusters and then delete the resource from federation control plane. NamespacedResourcesDeleter has this waiting logic.
cc @kubernetes/sig-federation-misc @caesarxuchao @derekwaynecarr @mwielgus
Automatic merge from submit-queue (batch tested with PRs 40930, 40951)
update negotiation to reflect current kubectl state
Very few things actually require negotiation, but the client-cache attempts it all the time. If you've explicitly requested one, you still fail. If you haven't requested one and the server doesn't have one, you still get the client behavior. After this, if you haven't requested one and the client and server don't have one, you simply get an empty you can interpret how you choose.
@lavalamp without this, you're unable to use `kubectl` against arbitrary servers.
Automatic merge from submit-queue (batch tested with PRs 40943, 40967)
switch admission serialized config to an apiserver type
Switches the kube admission config from componentconfig to the new `apiserver.k8s.io` group so that all API servers can use the shared configuration. This switch external serialization, but it does not move the code that reads the config. I'd like to do that as a follow-on.
@kubernetes/sig-api-machinery-misc @kubernetes/api-reviewers @smarterclayton
@derekwaynecarr ptal
@sttts
