rebase: bump k8s.io/kubernetes from 1.26.2 to 1.27.2

Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) from 1.26.2 to 1.27.2. - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.26.2...v1.27.2) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 10:33:35 +00:00 · 2023-05-29 21:03:29 +00:00
parent 0e79135419
commit 07b05616a0
1072 changed files with 208716 additions and 198880 deletions
--- a/vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder.go
+++ b/vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder.go
@ -0,0 +1,102 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package clientbuilder
+
+import (
+	"k8s.io/client-go/discovery"
+	clientset "k8s.io/client-go/kubernetes"
+	restclient "k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
+)
+
+// ControllerClientBuilder allows you to get clients and configs for controllers
+// Please note a copy also exists in staging/src/k8s.io/cloud-provider/cloud.go
+// TODO: Extract this into a separate controller utilities repo (issues/68947)
+type ControllerClientBuilder interface {
+	Config(name string) (*restclient.Config, error)
+	ConfigOrDie(name string) *restclient.Config
+	Client(name string) (clientset.Interface, error)
+	ClientOrDie(name string) clientset.Interface
+	DiscoveryClient(name string) (discovery.DiscoveryInterface, error)
+	DiscoveryClientOrDie(name string) discovery.DiscoveryInterface
+}
+
+// SimpleControllerClientBuilder returns a fixed client with different user agents
+type SimpleControllerClientBuilder struct {
+	// ClientConfig is a skeleton config to clone and use as the basis for each controller client
+	ClientConfig *restclient.Config
+}
+
+// Config returns a client config for a fixed client
+func (b SimpleControllerClientBuilder) Config(name string) (*restclient.Config, error) {
+	clientConfig := *b.ClientConfig
+	return restclient.AddUserAgent(&clientConfig, name), nil
+}
+
+// ConfigOrDie returns a client config if no error from previous config func.
+// If it gets an error getting the client, it will log the error and kill the process it's running in.
+func (b SimpleControllerClientBuilder) ConfigOrDie(name string) *restclient.Config {
+	clientConfig, err := b.Config(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return clientConfig
+}
+
+// Client returns a clientset.Interface built from the ClientBuilder
+func (b SimpleControllerClientBuilder) Client(name string) (clientset.Interface, error) {
+	clientConfig, err := b.Config(name)
+	if err != nil {
+		return nil, err
+	}
+	return clientset.NewForConfig(clientConfig)
+}
+
+// ClientOrDie returns a clientset.interface built from the ClientBuilder with no error.
+// If it gets an error getting the client, it will log the error and kill the process it's running in.
+func (b SimpleControllerClientBuilder) ClientOrDie(name string) clientset.Interface {
+	client, err := b.Client(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return client
+}
+
+// DiscoveryClient returns a discovery.DiscoveryInterface built from the ClientBuilder
+// Discovery is special because it will artificially pump the burst quite high to handle the many discovery requests.
+func (b SimpleControllerClientBuilder) DiscoveryClient(name string) (discovery.DiscoveryInterface, error) {
+	clientConfig, err := b.Config(name)
+	if err != nil {
+		return nil, err
+	}
+	// Discovery makes a lot of requests infrequently.  This allows the burst to succeed and refill to happen
+	// in just a few seconds.
+	clientConfig.Burst = 200
+	clientConfig.QPS = 20
+	return clientset.NewForConfig(clientConfig)
+}
+
+// DiscoveryClientOrDie returns a discovery.DiscoveryInterface built from the ClientBuilder with no error.
+// Discovery is special because it will artificially pump the burst quite high to handle the many discovery requests.
+// If it gets an error getting the client, it will log the error and kill the process it's running in.
+func (b SimpleControllerClientBuilder) DiscoveryClientOrDie(name string) discovery.DiscoveryInterface {
+	client, err := b.DiscoveryClient(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return client
+}
--- a/vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder_dynamic.go
+++ b/vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder_dynamic.go
@ -0,0 +1,271 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package clientbuilder
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+
+	"golang.org/x/oauth2"
+	v1authenticationapi "k8s.io/api/authentication/v1"
+	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+	apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
+	"k8s.io/client-go/discovery"
+	clientset "k8s.io/client-go/kubernetes"
+	v1core "k8s.io/client-go/kubernetes/typed/core/v1"
+	restclient "k8s.io/client-go/rest"
+	"k8s.io/client-go/transport"
+	"k8s.io/klog/v2"
+	"k8s.io/utils/clock"
+	utilpointer "k8s.io/utils/pointer"
+)
+
+var (
+	// defaultExpirationSeconds defines the duration of a TokenRequest in seconds.
+	defaultExpirationSeconds = int64(3600)
+	// defaultLeewayPercent defines the percentage of expiration left before the client trigger a token rotation.
+	// range[0, 100]
+	defaultLeewayPercent = 20
+)
+
+type DynamicControllerClientBuilder struct {
+	// ClientConfig is a skeleton config to clone and use as the basis for each controller client
+	ClientConfig *restclient.Config
+
+	// CoreClient is used to provision service accounts if needed and watch for their associated tokens
+	// to construct a controller client
+	CoreClient v1core.CoreV1Interface
+
+	// Namespace is the namespace used to host the service accounts that will back the
+	// controllers.  It must be highly privileged namespace which normal users cannot inspect.
+	Namespace string
+
+	// roundTripperFuncMap is a cache stores the corresponding roundtripper func for each
+	// service account
+	roundTripperFuncMap map[string]func(http.RoundTripper) http.RoundTripper
+
+	// expirationSeconds defines the token expiration seconds
+	expirationSeconds int64
+
+	// leewayPercent defines the percentage of expiration left before the client trigger a token rotation.
+	leewayPercent int
+
+	mutex sync.Mutex
+
+	clock clock.Clock
+}
+
+// NewDynamicClientBuilder returns client builder which uses TokenRequest feature and refresh service account token periodically
+func NewDynamicClientBuilder(clientConfig *restclient.Config, coreClient v1core.CoreV1Interface, ns string) ControllerClientBuilder {
+	builder := &DynamicControllerClientBuilder{
+		ClientConfig:        clientConfig,
+		CoreClient:          coreClient,
+		Namespace:           ns,
+		roundTripperFuncMap: map[string]func(http.RoundTripper) http.RoundTripper{},
+		expirationSeconds:   defaultExpirationSeconds,
+		leewayPercent:       defaultLeewayPercent,
+		clock:               clock.RealClock{},
+	}
+	return builder
+}
+
+// this function only for test purpose, don't call it
+func NewTestDynamicClientBuilder(clientConfig *restclient.Config, coreClient v1core.CoreV1Interface, ns string, expirationSeconds int64, leewayPercent int) ControllerClientBuilder {
+	builder := &DynamicControllerClientBuilder{
+		ClientConfig:        clientConfig,
+		CoreClient:          coreClient,
+		Namespace:           ns,
+		roundTripperFuncMap: map[string]func(http.RoundTripper) http.RoundTripper{},
+		expirationSeconds:   expirationSeconds,
+		leewayPercent:       leewayPercent,
+		clock:               clock.RealClock{},
+	}
+	return builder
+}
+
+func (t *DynamicControllerClientBuilder) Config(saName string) (*restclient.Config, error) {
+	_, err := getOrCreateServiceAccount(t.CoreClient, t.Namespace, saName)
+	if err != nil {
+		return nil, err
+	}
+
+	configCopy := constructClient(t.Namespace, saName, t.ClientConfig)
+
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	rt, ok := t.roundTripperFuncMap[saName]
+	if ok {
+		configCopy.Wrap(rt)
+	} else {
+		cachedTokenSource := transport.NewCachedTokenSource(&tokenSourceImpl{
+			namespace:          t.Namespace,
+			serviceAccountName: saName,
+			coreClient:         t.CoreClient,
+			expirationSeconds:  t.expirationSeconds,
+			leewayPercent:      t.leewayPercent,
+		})
+		configCopy.Wrap(transport.ResettableTokenSourceWrapTransport(cachedTokenSource))
+		t.roundTripperFuncMap[saName] = configCopy.WrapTransport
+	}
+
+	return &configCopy, nil
+}
+
+func (t *DynamicControllerClientBuilder) ConfigOrDie(name string) *restclient.Config {
+	clientConfig, err := t.Config(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return clientConfig
+}
+
+func (t *DynamicControllerClientBuilder) Client(name string) (clientset.Interface, error) {
+	clientConfig, err := t.Config(name)
+	if err != nil {
+		return nil, err
+	}
+	return clientset.NewForConfig(clientConfig)
+}
+
+func (t *DynamicControllerClientBuilder) ClientOrDie(name string) clientset.Interface {
+	client, err := t.Client(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return client
+}
+
+func (t *DynamicControllerClientBuilder) DiscoveryClient(name string) (discovery.DiscoveryInterface, error) {
+	clientConfig, err := t.Config(name)
+	if err != nil {
+		return nil, err
+	}
+	// Discovery makes a lot of requests infrequently.  This allows the burst to succeed and refill to happen
+	// in just a few seconds.
+	clientConfig.Burst = 200
+	clientConfig.QPS = 20
+	return clientset.NewForConfig(clientConfig)
+}
+
+func (t *DynamicControllerClientBuilder) DiscoveryClientOrDie(name string) discovery.DiscoveryInterface {
+	client, err := t.DiscoveryClient(name)
+	if err != nil {
+		klog.Fatal(err)
+	}
+	return client
+}
+
+type tokenSourceImpl struct {
+	namespace          string
+	serviceAccountName string
+	coreClient         v1core.CoreV1Interface
+	expirationSeconds  int64
+	leewayPercent      int
+}
+
+func (ts *tokenSourceImpl) Token() (*oauth2.Token, error) {
+	var retTokenRequest *v1authenticationapi.TokenRequest
+
+	backoff := wait.Backoff{
+		Duration: 500 * time.Millisecond,
+		Factor:   2, // double the timeout for every failure
+		Steps:    4,
+	}
+	if err := wait.ExponentialBackoff(backoff, func() (bool, error) {
+		if _, inErr := getOrCreateServiceAccount(ts.coreClient, ts.namespace, ts.serviceAccountName); inErr != nil {
+			klog.Warningf("get or create service account failed: %v", inErr)
+			return false, nil
+		}
+
+		tr, inErr := ts.coreClient.ServiceAccounts(ts.namespace).CreateToken(context.TODO(), ts.serviceAccountName, &v1authenticationapi.TokenRequest{
+			Spec: v1authenticationapi.TokenRequestSpec{
+				ExpirationSeconds: utilpointer.Int64Ptr(ts.expirationSeconds),
+			},
+		}, metav1.CreateOptions{})
+		if inErr != nil {
+			klog.Warningf("get token failed: %v", inErr)
+			return false, nil
+		}
+		retTokenRequest = tr
+		return true, nil
+	}); err != nil {
+		return nil, fmt.Errorf("failed to get token for %s/%s: %v", ts.namespace, ts.serviceAccountName, err)
+	}
+
+	if retTokenRequest.Spec.ExpirationSeconds == nil {
+		return nil, fmt.Errorf("nil pointer of expiration in token request")
+	}
+
+	lifetime := retTokenRequest.Status.ExpirationTimestamp.Time.Sub(time.Now())
+	if lifetime < time.Minute*10 {
+		// possible clock skew issue, pin to minimum token lifetime
+		lifetime = time.Minute * 10
+	}
+
+	leeway := time.Duration(int64(lifetime) * int64(ts.leewayPercent) / 100)
+	expiry := time.Now().Add(lifetime).Add(-1 * leeway)
+
+	return &oauth2.Token{
+		AccessToken: retTokenRequest.Status.Token,
+		TokenType:   "Bearer",
+		Expiry:      expiry,
+	}, nil
+}
+
+func constructClient(saNamespace, saName string, config *restclient.Config) restclient.Config {
+	username := apiserverserviceaccount.MakeUsername(saNamespace, saName)
+	// make a shallow copy
+	// the caller already castrated the config during creation
+	// this allows for potential extensions in the future
+	// for example it preserve HTTP wrappers for custom behavior per request
+	ret := *config
+	restclient.AddUserAgent(&ret, username)
+	return ret
+}
+
+func getOrCreateServiceAccount(coreClient v1core.CoreV1Interface, namespace, name string) (*v1.ServiceAccount, error) {
+	sa, err := coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
+	if err == nil {
+		return sa, nil
+	}
+	if !apierrors.IsNotFound(err) {
+		return nil, err
+	}
+
+	// Create the namespace if we can't verify it exists.
+	// Tolerate errors, since we don't know whether this component has namespace creation permissions.
+	if _, err := coreClient.Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}); apierrors.IsNotFound(err) {
+		if _, err = coreClient.Namespaces().Create(context.TODO(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) {
+			klog.Warningf("create non-exist namespace %s failed:%v", namespace, err)
+		}
+	}
+
+	// Create the service account
+	sa, err = coreClient.ServiceAccounts(namespace).Create(context.TODO(), &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name}}, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		// If we're racing to init and someone else already created it, re-fetch
+		return coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
+	}
+	return sa, err
+}
--- a/vendor/k8s.io/controller-manager/pkg/features/OWNERS
+++ b/vendor/k8s.io/controller-manager/pkg/features/OWNERS
@ -0,0 +1,4 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - feature-approvers
--- a/vendor/k8s.io/controller-manager/pkg/features/kube_features.go
+++ b/vendor/k8s.io/controller-manager/pkg/features/kube_features.go
@ -0,0 +1,62 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package features
+
+import (
+	"k8s.io/component-base/featuregate"
+)
+
+const (
+	// Every feature gate should add method here following this template:
+	//
+	// // owner: @username
+	// // alpha: v1.4
+	// MyFeature featuregate.Feature = "MyFeature"
+	//
+	// Feature gates should be listed in alphabetical, case-sensitive
+	// (upper before any lower case character) order. This reduces the risk
+	// of code conflicts because changes are more likely to be scattered
+	// across the file.
+
+	// owner: @jiahuif
+	// alpha: v1.21
+	// beta:  v1.22
+	// GA:    v1.24
+	//
+	// Enables Leader Migration for kube-controller-manager and cloud-controller-manager
+	// copied and sync'ed from k8s.io/kubernetes/pkg/features/kube_features.go
+	ControllerManagerLeaderMigration featuregate.Feature = "ControllerManagerLeaderMigration"
+
+	// owner: @khenidak
+	// alpha: v1.15
+	//
+	// Enables ipv6 dual stack
+	// Original copy from k8s.io/kubernetes/pkg/features/kube_features.go
+	IPv6DualStack featuregate.Feature = "IPv6DualStack"
+)
+
+func SetupCurrentKubernetesSpecificFeatureGates(featuregates featuregate.MutableFeatureGate) error {
+	return featuregates.Add(cloudPublicFeatureGates)
+}
+
+// cloudPublicFeatureGates consists of cloud-specific feature keys.
+// To add a new feature, define a key for it at k8s.io/api/pkg/features and add it here.
+var cloudPublicFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
+	ControllerManagerLeaderMigration: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.26
+
+	IPv6DualStack: {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
+}
--- a/vendor/k8s.io/controller-manager/pkg/features/register/register.go
+++ b/vendor/k8s.io/controller-manager/pkg/features/register/register.go
@ -0,0 +1,27 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package register
+
+import (
+	"k8s.io/apimachinery/pkg/util/runtime"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	"k8s.io/controller-manager/pkg/features"
+)
+
+func init() {
+	runtime.Must(features.SetupCurrentKubernetesSpecificFeatureGates(utilfeature.DefaultMutableFeatureGate))
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/config/config.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/config/config.go
@ -0,0 +1,109 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+	"os"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	util "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	internal "k8s.io/controller-manager/config"
+	"k8s.io/controller-manager/config/v1"
+	"k8s.io/controller-manager/config/v1alpha1"
+	"k8s.io/controller-manager/config/v1beta1"
+)
+
+// ResourceLockLeases is the resourceLock value for 'leases' API
+const ResourceLockLeases = "leases"
+
+// ResourceLockEndpoints is the resourceLock value for 'endpoints' API
+const ResourceLockEndpoints = "endpoints"
+
+var cfgScheme = runtime.NewScheme()
+
+func init() {
+	// internal
+	util.Must(internal.AddToScheme(cfgScheme))
+
+	// v1alpha1
+	util.Must(v1alpha1.AddToScheme(cfgScheme))
+	util.Must(cfgScheme.SetVersionPriority(v1alpha1.SchemeGroupVersion))
+
+	// v1beta1
+	util.Must(v1beta1.AddToScheme(cfgScheme))
+	util.Must(cfgScheme.SetVersionPriority(v1beta1.SchemeGroupVersion))
+
+	// v1
+	util.Must(v1.AddToScheme(cfgScheme))
+	util.Must(cfgScheme.SetVersionPriority(v1.SchemeGroupVersion))
+}
+
+// ReadLeaderMigrationConfiguration reads LeaderMigrationConfiguration from a YAML file at the given path.
+// The parsed LeaderMigrationConfiguration may be invalid.
+// It returns an error if the file did not exist.
+func ReadLeaderMigrationConfiguration(configFilePath string) (*internal.LeaderMigrationConfiguration, error) {
+	data, err := os.ReadFile(configFilePath)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read leader migration configuration from %q: %w", configFilePath, err)
+	}
+	config, gvk, err := serializer.NewCodecFactory(cfgScheme).UniversalDecoder().Decode(data, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	internalConfig, ok := config.(*internal.LeaderMigrationConfiguration)
+	if !ok {
+		return nil, fmt.Errorf("unexpected config type: %v", gvk)
+	}
+	return internalConfig, nil
+}
+
+// ValidateLeaderMigrationConfiguration validates the LeaderMigrationConfiguration against common errors.
+// It checks required names and whether resourceLock is either 'leases' or 'endpoints'.
+// It will return nil if it does not find anything wrong.
+func ValidateLeaderMigrationConfiguration(config *internal.LeaderMigrationConfiguration) (allErrs field.ErrorList) {
+	if config.LeaderName == "" {
+		allErrs = append(allErrs, field.Required(field.NewPath("leaderName"),
+			"leaderName must be set for LeaderMigrationConfiguration"))
+	}
+	if config.ResourceLock != ResourceLockLeases && config.ResourceLock != ResourceLockEndpoints {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("resourceLock"), config.ResourceLock,
+			"resource Lock must be one of 'leases' or 'endpoints'"))
+	}
+	// validate controllerLeaders
+	fldPath := field.NewPath("controllerLeaders")
+	for i, controllerLeader := range config.ControllerLeaders {
+		path := fldPath.Index(i)
+		allErrs = append(allErrs, validateControllerLeaderConfiguration(path, &controllerLeader)...)
+	}
+	return
+}
+
+func validateControllerLeaderConfiguration(path *field.Path, config *internal.ControllerLeaderConfiguration) (allErrs field.ErrorList) {
+	if config == nil {
+		return
+	}
+	if config.Component == "" {
+		allErrs = append(allErrs, field.Required(path.Child("component"), "component must be set"))
+	}
+	if config.Name == "" {
+		allErrs = append(allErrs, field.Required(path.Child("name"), "name must be set"))
+	}
+	return
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/config/default.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/config/default.go
@ -0,0 +1,41 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import internal "k8s.io/controller-manager/config"
+
+// DefaultLeaderMigrationConfiguration returns the default LeaderMigrationConfiguration
+//
+//	that is valid for this release of Kubernetes.
+func DefaultLeaderMigrationConfiguration() *internal.LeaderMigrationConfiguration {
+	return &internal.LeaderMigrationConfiguration{
+		LeaderName:   "cloud-provider-extraction-migration",
+		ResourceLock: ResourceLockLeases,
+		ControllerLeaders: []internal.ControllerLeaderConfiguration{
+			{
+				Name:      "route",
+				Component: "*",
+			}, {
+				Name:      "service",
+				Component: "*",
+			}, {
+				Name:      "cloud-node-lifecycle",
+				Component: "*",
+			},
+		},
+	}
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/feature.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/feature.go
@ -0,0 +1,28 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package leadermigration
+
+import (
+	"k8s.io/apiserver/pkg/util/feature"
+	"k8s.io/controller-manager/pkg/features"
+	_ "k8s.io/controller-manager/pkg/features/register"
+)
+
+// FeatureEnabled tells if leader migration is enabled through the feature gate.
+func FeatureEnabled() bool {
+	return feature.DefaultMutableFeatureGate.Enabled(features.ControllerManagerLeaderMigration)
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/filter.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/filter.go
@ -0,0 +1,35 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package leadermigration
+
+// FilterResult indicates whether and how the controller manager should start the controller.
+type FilterResult int32
+
+const (
+	// ControllerUnowned indicates that the controller is owned by another controller manager
+	//  and thus should NOT be started by this controller manager.
+	ControllerUnowned = iota
+	// ControllerMigrated indicates that the controller manager should start this controller
+	//  with the migration lock.
+	ControllerMigrated
+	// ControllerNonMigrated indicates that the controller manager should start this controller
+	//  with the main lock.
+	ControllerNonMigrated
+)
+
+// FilterFunc takes a name of controller, returning a FilterResult indicating how to start controller.
+type FilterFunc func(controllerName string) FilterResult
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/migrator.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/migrator.go
@ -0,0 +1,62 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package leadermigration
+
+import (
+	internal "k8s.io/controller-manager/config"
+)
+
+// LeaderMigrator holds information required by the leader migration process.
+type LeaderMigrator struct {
+	// MigrationReady is closed after the controller manager finishes preparing for the migration lock.
+	// After this point, the leader migration process will proceed to acquire the migration lock.
+	MigrationReady chan struct{}
+
+	// FilterFunc returns a FilterResult telling the controller manager what to do with the controller.
+	FilterFunc FilterFunc
+}
+
+// NewLeaderMigrator creates a LeaderMigrator with given config for the given component. component
+//
+//	indicates which controller manager is requesting this leader migration, and it should be consistent
+//	with the component field of ControllerLeaderConfiguration.
+func NewLeaderMigrator(config *internal.LeaderMigrationConfiguration, component string) *LeaderMigrator {
+	migratedControllers := make(map[string]bool)
+	for _, leader := range config.ControllerLeaders {
+		migratedControllers[leader.Name] = leader.Component == component || leader.Component == "*"
+	}
+	return &LeaderMigrator{
+		MigrationReady: make(chan struct{}),
+		FilterFunc: func(controllerName string) FilterResult {
+			shouldRun, ok := migratedControllers[controllerName]
+			if ok {
+				// The controller is included in the migration
+				if shouldRun {
+					// If the controller manager should run the controller,
+					//  start it in the migration lock.
+					return ControllerMigrated
+				}
+				// Otherwise, the controller should be started by
+				//  some other controller manager.
+				return ControllerUnowned
+			}
+			// The controller is not included in the migration,
+			//  and should be started in the main lock.
+			return ControllerNonMigrated
+		},
+	}
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/options/options.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/options/options.go
@ -0,0 +1,89 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"fmt"
+
+	"github.com/spf13/pflag"
+	"k8s.io/controller-manager/config"
+	"k8s.io/controller-manager/pkg/leadermigration"
+	migrationconfig "k8s.io/controller-manager/pkg/leadermigration/config"
+)
+
+// LeaderMigrationOptions is the set of options for Leader Migration,
+// which is given to the controller manager through flags
+type LeaderMigrationOptions struct {
+	// Enabled indicates whether leader migration is enabled through the --enabled-leader-migration flag.
+	Enabled bool
+
+	// ControllerMigrationConfig is the path to the file of LeaderMigrationConfiguration type.
+	// It can be set with --leader-migration-config flag
+	// If the path is "" (default vaule), the default vaule will be used.
+	ControllerMigrationConfig string
+}
+
+// DefaultLeaderMigrationOptions returns a LeaderMigrationOptions with default values.
+func DefaultLeaderMigrationOptions() *LeaderMigrationOptions {
+	return &LeaderMigrationOptions{
+		Enabled:                   false,
+		ControllerMigrationConfig: "",
+	}
+}
+
+// AddFlags adds all flags related to leader migration to given flag set.
+func (o *LeaderMigrationOptions) AddFlags(fs *pflag.FlagSet) {
+	if o == nil {
+		return
+	}
+	fs.BoolVar(&o.Enabled, "enable-leader-migration", false, "Whether to enable controller leader migration.")
+	fs.StringVar(&o.ControllerMigrationConfig, "leader-migration-config", "",
+		"Path to the config file for controller leader migration, "+
+			"or empty to use the value that reflects default configuration of the controller manager. "+
+			"The config file should be of type LeaderMigrationConfiguration, group controllermanager.config.k8s.io, version v1alpha1.")
+}
+
+// ApplyTo applies the options of leader migration to generic configuration.
+func (o *LeaderMigrationOptions) ApplyTo(cfg *config.GenericControllerManagerConfiguration) error {
+	if o == nil {
+		// an nil LeaderMigrationOptions indicates that default options should be used
+		// in which case leader migration will be disabled
+		cfg.LeaderMigrationEnabled = false
+		return nil
+	}
+	if o.Enabled && !leadermigration.FeatureEnabled() {
+		return fmt.Errorf("Leader Migration is not enabled through feature gate")
+	}
+	cfg.LeaderMigrationEnabled = o.Enabled
+	if !cfg.LeaderMigrationEnabled {
+		return nil
+	}
+	if o.ControllerMigrationConfig == "" {
+		cfg.LeaderMigration = *migrationconfig.DefaultLeaderMigrationConfiguration()
+		return nil
+	}
+	leaderMigrationConfig, err := migrationconfig.ReadLeaderMigrationConfiguration(o.ControllerMigrationConfig)
+	if err != nil {
+		return err
+	}
+	errs := migrationconfig.ValidateLeaderMigrationConfiguration(leaderMigrationConfig)
+	if len(errs) != 0 {
+		return fmt.Errorf("failed to parse leader migration configuration: %v", errs)
+	}
+	cfg.LeaderMigration = *leaderMigrationConfig
+	return nil
+}
--- a/vendor/k8s.io/controller-manager/pkg/leadermigration/util.go
+++ b/vendor/k8s.io/controller-manager/pkg/leadermigration/util.go
@ -0,0 +1,25 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package leadermigration
+
+import config "k8s.io/controller-manager/config"
+
+// Enabled checks whether Leader Migration should be enabled, given the GenericControllerManagerConfiguration.
+// It considers the feature gate first, and will always return false if the feature gate is not enabled.
+func Enabled(genericConfig *config.GenericControllerManagerConfiguration) bool {
+	return FeatureEnabled() && genericConfig.LeaderElection.LeaderElect && genericConfig.LeaderMigrationEnabled
+}