Automatic merge from submit-queue
add GenericAPIServer posthooks for initialization
Adds the concept of a `PostStartHook` to the `GenericAPIServer` to allow post-server start hooks. This gives a standard location to perform post-start bootstrapping tasks. The common case usage we have downstream are security related bootstrapping tasks that are performed on the "empty etcd" initialization cases. The RBAC authorizer is a good example of this in kube. It needs a location to create default policies to start a server which is capable of being accessed.
Kube is also likely to hit this for things like PSP and breaking the monolithic controller user into separate, scoped service accounts.
@kubernetes/sig-api-machinery for the `GenericAPIServer` bits
@kubernetes/sig-auth for the particular clusterrole bootstrapping. I've only done one to start, but I suspect we'll start making more and probably introduce a binding so that the RBAC super-user doesn't remain a special case forever.
3802a9ba35