Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update admission webhook to accept client config
Fixes https://github.com/kubernetes/kubernetes/issues/53827
This plumbs a complete client through the plugin initializer for admission webhooks. It achieves parity with our existing webhooks and provides flexibility if people want to do something special or different. Easy things are easy, hard things are possible. This does not change behavior for kube-apiserver.
@kubernetes/sig-auth-api-reviews @kubernetes/sig-api-machinery-bugs
Previously, we did not have custom code for fuzzing label selectors.
Anything that used a label selector (like Scale) had to manually bypass
fuzzing the selector, or write its own fuzzer. This introduces a fuzzer
for label selectors which generates random correct selectors with random
keys and values.
This introduces a polymorphic scale client capable of operating against
scale subresources which return different group-versions of Scale. The
scale subresources may be in group-versions different than the scale
itself, so that we no longer need a copy of every scalable resource in
the extensions API group.
To discovery which Scale group-versions go to which subresources,
discovery is used.
The scale client maintains its own internal versions and conversions to
several external versions, with a "hub" version that's a copy of the
autoscaling internal version.
It currently supports the following group-versions for Scale subresources:
- extensions/v1beta1.Scale
- autoscaling/v1.Scale
The fake discovery client currently returns `nil, nil` for several
methods. Among them is the `ServerGroups` method, which is used by the
discovery REST mapper implementations. This updates the fake discovery
client to actually return server groups so that the discovery REST
mapper can be used in tests.
Previously, the fake RESTClient in client-go required a Registry. It
used the Registry to fetch the GroupVersion for the fake client.
However, the way it did so was dubious in some cases (it hard-coded the
default API group in places), and not strictly necssary.
This updates the fake client to just recieve the GroupVersion and
internal group name directly, instead of requiring a Registry, so that
it can be consumed in unit tests where a Registry isn't necessarily
readily available (e.g. elsewhere in client-go).
Automatic merge from submit-queue (batch tested with PRs 54145, 53821). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added PreStopHooks to apiserver to allow clean shutdown.
BootStrapController now registers a PreStopHook to clean up the kubernetes service endpoints. The PreStopHooks allow the apiserver to shutdown cleanly under a controlled shutdown case. The BootStrapController's PreStopHook will clean up after itself by removing the apiserver from the list of IPs in the kubernetes service.
fixes#53438
Automatic merge from submit-queue (batch tested with PRs 54145, 53821). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add url path for admission webhooks
Fixes https://github.com/kubernetes/kubernetes/issues/53826
Adds an optional field to admission webhook registration that allows a user to specify a path to post to. This achieves parity with other webhooks.
Each segment is required to be a dns subdomain, which mirrors url rules for groups.
@kubernetes/api-reviewers
```release-note
admission webhook registration now allows URL paths
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
sample-controller: add example CRD controller
**What this PR does / why we need it**:
Adds a sample-controller example repository
fixes#52752
**Special notes for your reviewer**:
This is currently based on the sttts:sttts-codegen-scripts branch and should not be merged until that is (ref https://github.com/kubernetes/kubernetes/pull/52186)
**Release note**:
```
Add sample-controller repository
```
/cc @sttts @nikhita @colemickens
Automatic merge from submit-queue (batch tested with PRs 54167, 54182). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
split up large rest handling file
These are nothing but exact block moves because the giant rest.go made it really hard to find anything.
@kubernetes/sig-api-machinery-pr-reviews
/assign sttts
/assign caesarxuchao
Automatic merge from submit-queue (batch tested with PRs 49305, 54158). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions: fix LastTransitionTime for NamesAccepted condition
Fixes#54148.
Without this change, `LastTransitionTime` for the NamesAccepted condition for CRDs always showed up as `null`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix RC/RS conversion
This fixes some round-trip information loss when representing an RC as an RS. I want to use these conversions in #49429 to eliminate the maintenance burden of duplicated RC code.
@kubernetes/sig-apps-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow */subresource in rbac policy rules
xref #29698
xref #38756
xref #49504
xref #38810
Allow `*/subresource` format in RBAC policy rules to support polymorphic subresources like `*/scale` for HPA.
@DirectXMan12 fyi
```release-note
RBAC PolicyRules now allow resource=`*/<subresource>` to cover `any-resource/<subresource>`. For example, `*/scale` covers `replicationcontroller/scale`.
```
Without this change, `LastTransitionTime` for the NamesAccepted
condition always showed up as `null`.
It makes sense to set the timestamp in `SetCRDCondition` instead of
setting it explicitly elsewhere.
Automatic merge from submit-queue (batch tested with PRs 53696, 54059). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix lint warnings for useless err checks.
**What this PR does / why we need it**:
This check was recently added to golint.
**Which issue this PR fixes**
Related to #37254
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix typos: remove duplicated word in comments
**What this PR does / why we need it**: Remove the duplicated word `the` in comments
**Which issue this PR fixes** : fixes #
**Special notes for your reviewer**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove repeated type conversion
**What this PR does / why we need it**:
remove repeated type conversion(convert String to Feature)
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
we just need make this conversion once.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add sample-apiserver namespace manifest
**What this PR does / why we need it**:
Adds a manifest to also create the required namespace for the api server example.
It was previously proposed here kubernetes/sample-apiserver#11
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 53862, 53974). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
unused para useInfDec in quantity_test
**What this PR does / why we need it**:
the para useInfDec unused and some comment error,so fix it!
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Prevent a Kubelet from shutting down when the server isn't responding to
us but we cannot get a new certificate. This allows a cluster to coast
if the master is unresponsive or a node is partitioned and their client
cert expires.
Clients shouldn't have to know about watch.ErrWatchClosed, which is
typically a server side decision to close and always means "Timeout" in
this conetxt.
