rebase: update kubernetes dep to 1.24.0

As kubernetes 1.24.0 is released, updating
kubernetes dependencies to 1.24.0

updates: #3086

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go

@@ -22,6 +22,7 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -32,6 +33,7 @@ import (
 	"strings"
 	"time"
 
+	"golang.org/x/net/proxy"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -65,12 +67,6 @@ type SpdyRoundTripper struct {
 	// Used primarily for mocking the proxy discovery in tests.
 	proxier func(req *http.Request) (*url.URL, error)
 
-	// followRedirects indicates if the round tripper should examine responses for redirects and
-	// follow them.
-	followRedirects bool
-	// requireSameHostRedirects restricts redirect following to only follow redirects to the same host
-	// as the original request.
-	requireSameHostRedirects bool
 	// pingPeriod is a period for sending Ping frames over established
 	// connections.
 	pingPeriod time.Duration
@@ -82,37 +78,31 @@ var _ utilnet.Dialer = &SpdyRoundTripper{}
 
 // NewRoundTripper creates a new SpdyRoundTripper that will use the specified
 // tlsConfig.
-func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper {
+func NewRoundTripper(tlsConfig *tls.Config) *SpdyRoundTripper {
 	return NewRoundTripperWithConfig(RoundTripperConfig{
-		TLS:                      tlsConfig,
-		FollowRedirects:          followRedirects,
-		RequireSameHostRedirects: requireSameHostRedirects,
+		TLS: tlsConfig,
 	})
 }
 
 // NewRoundTripperWithProxy creates a new SpdyRoundTripper that will use the
 // specified tlsConfig and proxy func.
-func NewRoundTripperWithProxy(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool, proxier func(*http.Request) (*url.URL, error)) *SpdyRoundTripper {
+func NewRoundTripperWithProxy(tlsConfig *tls.Config, proxier func(*http.Request) (*url.URL, error)) *SpdyRoundTripper {
 	return NewRoundTripperWithConfig(RoundTripperConfig{
-		TLS:                      tlsConfig,
-		FollowRedirects:          followRedirects,
-		RequireSameHostRedirects: requireSameHostRedirects,
-		Proxier:                  proxier,
+		TLS:     tlsConfig,
+		Proxier: proxier,
 	})
 }
 
-// NewRoundTripperWithProxy creates a new SpdyRoundTripper with the specified
+// NewRoundTripperWithConfig creates a new SpdyRoundTripper with the specified
 // configuration.
 func NewRoundTripperWithConfig(cfg RoundTripperConfig) *SpdyRoundTripper {
 	if cfg.Proxier == nil {
 		cfg.Proxier = utilnet.NewProxierWithNoProxyCIDR(http.ProxyFromEnvironment)
 	}
 	return &SpdyRoundTripper{
-		tlsConfig:                cfg.TLS,
-		followRedirects:          cfg.FollowRedirects,
-		requireSameHostRedirects: cfg.RequireSameHostRedirects,
-		proxier:                  cfg.Proxier,
-		pingPeriod:               cfg.PingPeriod,
+		tlsConfig:  cfg.TLS,
+		proxier:    cfg.Proxier,
+		pingPeriod: cfg.PingPeriod,
 	}
 }
 
@@ -125,9 +115,6 @@ type RoundTripperConfig struct {
 	// PingPeriod is a period for sending SPDY Pings on the connection.
 	// Optional.
 	PingPeriod time.Duration
-
-	FollowRedirects          bool
-	RequireSameHostRedirects bool
 }
 
 // TLSClientConfig implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during
@@ -163,6 +150,18 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) {
 		return s.dialWithoutProxy(req.Context(), req.URL)
 	}
 
+	switch proxyURL.Scheme {
+	case "socks5":
+		return s.dialWithSocks5Proxy(req, proxyURL)
+	case "https", "http", "":
+		return s.dialWithHttpProxy(req, proxyURL)
+	}
+
+	return nil, fmt.Errorf("proxy URL scheme not supported: %s", proxyURL.Scheme)
+}
+
+// dialWithHttpProxy dials the host specified by url through an http or an https proxy.
+func (s *SpdyRoundTripper) dialWithHttpProxy(req *http.Request, proxyURL *url.URL) (net.Conn, error) {
 	// ensure we use a canonical host with proxyReq
 	targetHost := netutil.CanonicalAddr(req.URL)
 
@@ -173,12 +172,14 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) {
 		Host:   targetHost,
 	}
 
+	proxyReq = *proxyReq.WithContext(req.Context())
+
 	if pa := s.proxyAuth(proxyURL); pa != "" {
 		proxyReq.Header = http.Header{}
 		proxyReq.Header.Set("Proxy-Authorization", pa)
 	}
 
-	proxyDialConn, err := s.dialWithoutProxy(req.Context(), proxyURL)
+	proxyDialConn, err := s.dialWithoutProxy(proxyReq.Context(), proxyURL)
 	if err != nil {
 		return nil, err
 	}
@@ -194,9 +195,58 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) {
 
 	rwc, _ := proxyClientConn.Hijack()
 
-	if req.URL.Scheme != "https" {
-		return rwc, nil
+	if req.URL.Scheme == "https" {
+		return s.tlsConn(proxyReq.Context(), rwc, targetHost)
 	}
+	return rwc, nil
+}
+
+// dialWithSocks5Proxy dials the host specified by url through a socks5 proxy.
+func (s *SpdyRoundTripper) dialWithSocks5Proxy(req *http.Request, proxyURL *url.URL) (net.Conn, error) {
+	// ensure we use a canonical host with proxyReq
+	targetHost := netutil.CanonicalAddr(req.URL)
+	proxyDialAddr := netutil.CanonicalAddr(proxyURL)
+
+	var auth *proxy.Auth
+	if proxyURL.User != nil {
+		pass, _ := proxyURL.User.Password()
+		auth = &proxy.Auth{
+			User:     proxyURL.User.Username(),
+			Password: pass,
+		}
+	}
+
+	dialer := s.Dialer
+	if dialer == nil {
+		dialer = &net.Dialer{
+			Timeout: 30 * time.Second,
+		}
+	}
+
+	proxyDialer, err := proxy.SOCKS5("tcp", proxyDialAddr, auth, dialer)
+	if err != nil {
+		return nil, err
+	}
+
+	// According to the implementation of proxy.SOCKS5, the type assertion will always succeed
+	contextDialer, ok := proxyDialer.(proxy.ContextDialer)
+	if !ok {
+		return nil, errors.New("SOCKS5 Dialer must implement ContextDialer")
+	}
+
+	proxyDialConn, err := contextDialer.DialContext(req.Context(), "tcp", targetHost)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.URL.Scheme == "https" {
+		return s.tlsConn(req.Context(), proxyDialConn, targetHost)
+	}
+	return proxyDialConn, nil
+}
+
+// tlsConn returns a TLS client side connection using rwc as the underlying transport.
+func (s *SpdyRoundTripper) tlsConn(ctx context.Context, rwc net.Conn, targetHost string) (net.Conn, error) {
 
 	host, _, err := net.SplitHostPort(targetHost)
 	if err != nil {
@@ -215,7 +265,7 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) {
 	tlsConn := tls.Client(rwc, tlsConfig)
 
 	// need to manually call Handshake() so we can call VerifyHostname() below
-	if err := tlsConn.Handshake(); err != nil {
+	if err := tlsConn.HandshakeContext(ctx); err != nil {
 		return nil, err
 	}
 
@@ -300,13 +350,9 @@ func (s *SpdyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)
 		err         error
 	)
 
-	if s.followRedirects {
-		conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s, s.requireSameHostRedirects)
-	} else {
-		clone := utilnet.CloneRequest(req)
-		clone.Header = header
-		conn, err = s.Dial(clone)
-	}
+	clone := utilnet.CloneRequest(req)
+	clone.Header = header
+	conn, err = s.Dial(clone)
 	if err != nil {
 		return nil, err
 	}

vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.go

@@ -78,25 +78,25 @@ func init() {
 
 var fileDescriptor_94e046ae3ce6121c = []byte{
 	// 292 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x4c, 0x8f, 0x31, 0x4b, 0x33, 0x31,
-	0x1c, 0xc6, 0x93, 0xb7, 0x7d, 0x8b, 0x9e, 0xe0, 0x50, 0x1c, 0x8a, 0x43, 0x7a, 0x28, 0xc8, 0x0d,
-	0x9a, 0xac, 0xe2, 0xd8, 0xad, 0x20, 0x08, 0x57, 0x71, 0x70, 0xbb, 0x6b, 0x63, 0x1a, 0xae, 0x4d,
-	0x42, 0xee, 0x7f, 0xc2, 0x6d, 0xfd, 0x08, 0xba, 0x39, 0xfa, 0x71, 0x6e, 0xec, 0xd8, 0x41, 0x8a,
-	0x17, 0xbf, 0x85, 0x93, 0x5c, 0xee, 0x40, 0xa7, 0xe4, 0x79, 0x9e, 0xdf, 0x2f, 0x90, 0xe0, 0x36,
-	0xbb, 0xce, 0xa9, 0xd4, 0x2c, 0x2b, 0x52, 0x6e, 0x15, 0x07, 0x9e, 0xb3, 0x67, 0xae, 0x16, 0xda,
-	0xb2, 0x6e, 0x48, 0x8c, 0x5c, 0x27, 0xf3, 0xa5, 0x54, 0xdc, 0x96, 0xcc, 0x64, 0x82, 0x15, 0x20,
-	0x57, 0x4c, 0x2a, 0xc8, 0xc1, 0x32, 0xc1, 0x15, 0xb7, 0x09, 0xf0, 0x05, 0x35, 0x56, 0x83, 0x1e,
-	0x9e, 0xb7, 0x12, 0xfd, 0x2b, 0x51, 0x93, 0x09, 0xda, 0x48, 0xb4, 0x95, 0x4e, 0xaf, 0x84, 0x84,
-	0x65, 0x91, 0xd2, 0xb9, 0x5e, 0x33, 0xa1, 0x85, 0x66, 0xde, 0x4d, 0x8b, 0x27, 0x9f, 0x7c, 0xf0,
-	0xb7, 0xf6, 0xcd, 0xb3, 0x57, 0x1c, 0x1c, 0x4d, 0x15, 0xdc, 0xd9, 0x19, 0x58, 0xa9, 0xc4, 0x30,
-	0x0a, 0xfa, 0x50, 0x1a, 0x3e, 0xc2, 0x21, 0x8e, 0x7a, 0x93, 0x93, 0x6a, 0x3f, 0x46, 0x6e, 0x3f,
-	0xee, 0xdf, 0x97, 0x86, 0x7f, 0x77, 0x67, 0xec, 0x89, 0xe1, 0x45, 0x30, 0x90, 0x0a, 0x1e, 0x92,
-	0xd5, 0xe8, 0x5f, 0x88, 0xa3, 0xff, 0x93, 0xe3, 0x8e, 0x1d, 0x4c, 0x7d, 0x1b, 0x77, 0x6b, 0xc3,
-	0xe5, 0x60, 0x1b, 0xae, 0x17, 0xe2, 0xe8, 0xf0, 0x97, 0x9b, 0xf9, 0x36, 0xee, 0xd6, 0x9b, 0x83,
-	0xb7, 0xf7, 0x31, 0xda, 0x7c, 0x84, 0x68, 0x72, 0x59, 0xd5, 0x04, 0x6d, 0x6b, 0x82, 0x76, 0x35,
-	0x41, 0x1b, 0x47, 0x70, 0xe5, 0x08, 0xde, 0x3a, 0x82, 0x77, 0x8e, 0xe0, 0x4f, 0x47, 0xf0, 0xcb,
-	0x17, 0x41, 0x8f, 0x83, 0xf6, 0xc3, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x52, 0xa0, 0xb5, 0xc9,
-	0x64, 0x01, 0x00, 0x00,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x90, 0xb1, 0x4a, 0x03, 0x31,
+	0x1c, 0xc6, 0x13, 0x5b, 0x8b, 0x9e, 0xe0, 0x50, 0x1c, 0x8a, 0x43, 0x7a, 0x58, 0x90, 0x5b, 0x4c,
+	0x56, 0x71, 0xec, 0x56, 0x10, 0x84, 0x56, 0x1c, 0xdc, 0xee, 0xda, 0x98, 0x86, 0x6b, 0x93, 0x90,
+	0xfb, 0x9f, 0x70, 0x5b, 0x1f, 0x41, 0x37, 0x47, 0x1f, 0xe7, 0xc6, 0x8e, 0x1d, 0xa4, 0x78, 0xf1,
+	0x2d, 0x9c, 0xe4, 0x72, 0x07, 0x3a, 0x3a, 0x25, 0xdf, 0xf7, 0xfd, 0x7e, 0x19, 0x12, 0xdc, 0xa6,
+	0xd7, 0x19, 0x95, 0x9a, 0xa5, 0x79, 0xc2, 0xad, 0xe2, 0xc0, 0x33, 0xf6, 0xcc, 0xd5, 0x42, 0x5b,
+	0xd6, 0x0e, 0xb1, 0x91, 0xeb, 0x78, 0xbe, 0x94, 0x8a, 0xdb, 0x82, 0x99, 0x54, 0xb0, 0x1c, 0xe4,
+	0x8a, 0x49, 0x05, 0x19, 0x58, 0x26, 0xb8, 0xe2, 0x36, 0x06, 0xbe, 0xa0, 0xc6, 0x6a, 0xd0, 0xfd,
+	0x51, 0x23, 0xd1, 0xbf, 0x12, 0x35, 0xa9, 0xa0, 0xb5, 0x44, 0x1b, 0xe9, 0xfc, 0x4a, 0x48, 0x58,
+	0xe6, 0x09, 0x9d, 0xeb, 0x35, 0x13, 0x5a, 0x68, 0xe6, 0xdd, 0x24, 0x7f, 0xf2, 0xc9, 0x07, 0x7f,
+	0x6b, 0xde, 0xbc, 0x78, 0xc5, 0xc1, 0xc9, 0x44, 0xc1, 0x9d, 0x9d, 0x81, 0x95, 0x4a, 0xf4, 0xa3,
+	0xa0, 0x0b, 0x85, 0xe1, 0x03, 0x1c, 0xe2, 0xa8, 0x33, 0x3e, 0x2b, 0xf7, 0x43, 0xe4, 0xf6, 0xc3,
+	0xee, 0x7d, 0x61, 0xf8, 0x77, 0x7b, 0x4e, 0x3d, 0xd1, 0xbf, 0x0c, 0x7a, 0x52, 0xc1, 0x43, 0xbc,
+	0x1a, 0x1c, 0x84, 0x38, 0x3a, 0x1c, 0x9f, 0xb6, 0x6c, 0x6f, 0xe2, 0xdb, 0x69, 0xbb, 0xd6, 0x5c,
+	0x06, 0xb6, 0xe6, 0x3a, 0x21, 0x8e, 0x8e, 0x7f, 0xb9, 0x99, 0x6f, 0xa7, 0xed, 0x7a, 0x73, 0xf4,
+	0xf6, 0x3e, 0x44, 0x9b, 0x8f, 0x10, 0x8d, 0x27, 0x65, 0x45, 0xd0, 0xb6, 0x22, 0x68, 0x57, 0x11,
+	0xb4, 0x71, 0x04, 0x97, 0x8e, 0xe0, 0xad, 0x23, 0x78, 0xe7, 0x08, 0xfe, 0x74, 0x04, 0xbf, 0x7c,
+	0x11, 0xf4, 0x38, 0xfa, 0xc7, 0x17, 0xfe, 0x04, 0x00, 0x00, 0xff, 0xff, 0xdc, 0xc4, 0xf0, 0xa0,
+	0x81, 0x01, 0x00, 0x00,
 }
 
 func (m *IntOrString) Marshal() (dAtA []byte, err error) {

vendor/k8s.io/apimachinery/pkg/util/intstr/generated.proto

@@ -22,7 +22,7 @@ syntax = "proto2";
 package k8s.io.apimachinery.pkg.util.intstr;
 
 // Package-wide variables from generator "generated".
-option go_package = "intstr";
+option go_package = "k8s.io/apimachinery/pkg/util/intstr";
 
 // IntOrString is a type that can hold an int32 or a string.  When used in
 // JSON or YAML marshalling and unmarshalling, it produces or consumes the

vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go

@@ -131,6 +131,10 @@ func (IntOrString) OpenAPISchemaType() []string { return []string{"string"} }
 // the OpenAPI spec of this type.
 func (IntOrString) OpenAPISchemaFormat() string { return "int-or-string" }
 
+// OpenAPIV3OneOfTypes is used by the kube-openapi generator when constructing
+// the OpenAPI v3 spec of this type.
+func (IntOrString) OpenAPIV3OneOfTypes() []string { return []string{"integer", "string"} }
+
 func ValueOrDefault(intOrPercent *IntOrString, defaultValue IntOrString) *IntOrString {
 	if intOrPercent == nil {
 		return &defaultValue

vendor/k8s.io/apimachinery/pkg/util/managedfields/gvkparser.go

@@ -22,6 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/kube-openapi/pkg/schemaconv"
 	"k8s.io/kube-openapi/pkg/util/proto"
+	smdschema "sigs.k8s.io/structured-merge-diff/v4/schema"
 	"sigs.k8s.io/structured-merge-diff/v4/typed"
 )
 
@@ -58,7 +59,7 @@ func NewGVKParser(models proto.Models, preserveUnknownFields bool) (*GvkParser,
 	parser := GvkParser{
 		gvks: map[schema.GroupVersionKind]string{},
 	}
-	parser.parser = typed.Parser{Schema: *typeSchema}
+	parser.parser = typed.Parser{Schema: smdschema.Schema{Types: typeSchema.Types}}
 	for _, modelName := range models.ListModels() {
 		model := models.LookupModel(modelName)
 		if model == nil {

vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS

@@ -1,7 +1,6 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 
 approvers:
-- pwittrock
+  - pwittrock
 reviewers:
-- mengqiy
-- apelisse
+  - apelisse

vendor/k8s.io/apimachinery/pkg/util/net/http.go

@@ -17,7 +17,6 @@ limitations under the License.
 package net
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"crypto/tls"
@@ -446,104 +445,6 @@ type Dialer interface {
 	Dial(req *http.Request) (net.Conn, error)
 }
 
-// ConnectWithRedirects uses dialer to send req, following up to 10 redirects (relative to
-// originalLocation). It returns the opened net.Conn and the raw response bytes.
-// If requireSameHostRedirects is true, only redirects to the same host are permitted.
-func ConnectWithRedirects(originalMethod string, originalLocation *url.URL, header http.Header, originalBody io.Reader, dialer Dialer, requireSameHostRedirects bool) (net.Conn, []byte, error) {
-	const (
-		maxRedirects    = 9     // Fail on the 10th redirect
-		maxResponseSize = 16384 // play it safe to allow the potential for lots of / large headers
-	)
-
-	var (
-		location         = originalLocation
-		method           = originalMethod
-		intermediateConn net.Conn
-		rawResponse      = bytes.NewBuffer(make([]byte, 0, 256))
-		body             = originalBody
-	)
-
-	defer func() {
-		if intermediateConn != nil {
-			intermediateConn.Close()
-		}
-	}()
-
-redirectLoop:
-	for redirects := 0; ; redirects++ {
-		if redirects > maxRedirects {
-			return nil, nil, fmt.Errorf("too many redirects (%d)", redirects)
-		}
-
-		req, err := http.NewRequest(method, location.String(), body)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		req.Header = header
-
-		intermediateConn, err = dialer.Dial(req)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		// Peek at the backend response.
-		rawResponse.Reset()
-		respReader := bufio.NewReader(io.TeeReader(
-			io.LimitReader(intermediateConn, maxResponseSize), // Don't read more than maxResponseSize bytes.
-			rawResponse)) // Save the raw response.
-		resp, err := http.ReadResponse(respReader, nil)
-		if err != nil {
-			// Unable to read the backend response; let the client handle it.
-			klog.Warningf("Error reading backend response: %v", err)
-			break redirectLoop
-		}
-
-		switch resp.StatusCode {
-		case http.StatusFound:
-			// Redirect, continue.
-		default:
-			// Don't redirect.
-			break redirectLoop
-		}
-
-		// Redirected requests switch to "GET" according to the HTTP spec:
-		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3
-		method = "GET"
-		// don't send a body when following redirects
-		body = nil
-
-		resp.Body.Close() // not used
-
-		// Prepare to follow the redirect.
-		redirectStr := resp.Header.Get("Location")
-		if redirectStr == "" {
-			return nil, nil, fmt.Errorf("%d response missing Location header", resp.StatusCode)
-		}
-		// We have to parse relative to the current location, NOT originalLocation. For example,
-		// if we request http://foo.com/a and get back "http://bar.com/b", the result should be
-		// http://bar.com/b. If we then make that request and get back a redirect to "/c", the result
-		// should be http://bar.com/c, not http://foo.com/c.
-		location, err = location.Parse(redirectStr)
-		if err != nil {
-			return nil, nil, fmt.Errorf("malformed Location header: %v", err)
-		}
-
-		// Only follow redirects to the same host. Otherwise, propagate the redirect response back.
-		if requireSameHostRedirects && location.Hostname() != originalLocation.Hostname() {
-			return nil, nil, fmt.Errorf("hostname mismatch: expected %s, found %s", originalLocation.Hostname(), location.Hostname())
-		}
-
-		// Reset the connection.
-		intermediateConn.Close()
-		intermediateConn = nil
-	}
-
-	connToReturn := intermediateConn
-	intermediateConn = nil // Don't close the connection when we return it.
-	return connToReturn, rawResponse.Bytes(), nil
-}
-
 // CloneRequest creates a shallow copy of the request along with a deep copy of the Headers.
 func CloneRequest(req *http.Request) *http.Request {
 	r := new(http.Request)

vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go

@@ -27,9 +27,10 @@ import (
 )
 
 var (
-	// ReallyCrash controls the behavior of HandleCrash and now defaults
-	// true. It's still exposed so components can optionally set to false
-	// to restore prior behavior.
+	// ReallyCrash controls the behavior of HandleCrash and defaults to
+	// true. It's exposed so components can optionally set to false
+	// to restore prior behavior. This flag is mostly used for tests to validate
+	// crash conditions.
 	ReallyCrash = true
 )
 

vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS

@@ -1,8 +1,8 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 
 approvers:
-- pwittrock
-- mengqiy
+  - pwittrock
 reviewers:
-- mengqiy
-- apelisse
+  - apelisse
+emeritus_approvers:
+  - mengqiy

vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go

@@ -1330,6 +1330,9 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 		if !ok {
 			if !isDeleteList {
 				// If it's not in the original document, just take the patch value.
+				if mergeOptions.IgnoreUnmatchedNulls {
+					discardNullValuesFromPatch(patchV)
+				}
 				original[k] = patchV
 			}
 			continue
@@ -1339,6 +1342,9 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 		patchType := reflect.TypeOf(patchV)
 		if originalType != patchType {
 			if !isDeleteList {
+				if mergeOptions.IgnoreUnmatchedNulls {
+					discardNullValuesFromPatch(patchV)
+				}
 				original[k] = patchV
 			}
 			continue
@@ -1375,6 +1381,25 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 	return original, nil
 }
 
+// discardNullValuesFromPatch discards all null property values from patch.
+// It traverses all slices and map types.
+func discardNullValuesFromPatch(patchV interface{}) {
+	switch patchV := patchV.(type) {
+	case map[string]interface{}:
+		for k, v := range patchV {
+			if v == nil {
+				delete(patchV, k)
+			} else {
+				discardNullValuesFromPatch(v)
+			}
+		}
+	case []interface{}:
+		for _, v := range patchV {
+			discardNullValuesFromPatch(v)
+		}
+	}
+}
+
 // mergeMapHandler handles how to merge `patchV` whose key is `key` with `original` respecting
 // fieldPatchStrategy and mergeOptions.
 func mergeMapHandler(original, patch interface{}, schema LookupPatchMeta,

vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.go

@@ -42,12 +42,24 @@ func (v *Error) Error() string {
 	return fmt.Sprintf("%s: %s", v.Field, v.ErrorBody())
 }
 
+type omitValueType struct{}
+
+var omitValue = omitValueType{}
+
 // ErrorBody returns the error message without the field name.  This is useful
 // for building nice-looking higher-level error reporting.
 func (v *Error) ErrorBody() string {
 	var s string
-	switch v.Type {
-	case ErrorTypeRequired, ErrorTypeForbidden, ErrorTypeTooLong, ErrorTypeInternal:
+	switch {
+	case v.Type == ErrorTypeRequired:
+		s = v.Type.String()
+	case v.Type == ErrorTypeForbidden:
+		s = v.Type.String()
+	case v.Type == ErrorTypeTooLong:
+		s = v.Type.String()
+	case v.Type == ErrorTypeInternal:
+		s = v.Type.String()
+	case v.BadValue == omitValue:
 		s = v.Type.String()
 	default:
 		value := v.BadValue
@@ -123,6 +135,8 @@ const (
 	// ErrorTypeInternal is used to report other errors that are not related
 	// to user input.  See InternalError().
 	ErrorTypeInternal ErrorType = "InternalError"
+	// ErrorTypeTypeInvalid is for the value did not match the schema type for that field
+	ErrorTypeTypeInvalid ErrorType = "FieldValueTypeInvalid"
 )
 
 // String converts a ErrorType into its corresponding canonical error message.
@@ -146,11 +160,18 @@ func (t ErrorType) String() string {
 		return "Too many"
 	case ErrorTypeInternal:
 		return "Internal error"
+	case ErrorTypeTypeInvalid:
+		return "Invalid value"
 	default:
 		panic(fmt.Sprintf("unrecognized validation error: %q", string(t)))
 	}
 }
 
+// TypeInvalid returns a *Error indicating "type is invalid"
+func TypeInvalid(field *Path, value interface{}, detail string) *Error {
+	return &Error{ErrorTypeTypeInvalid, field.String(), value, detail}
+}
+
 // NotFound returns a *Error indicating "value not found".  This is
 // used to report failure to find a requested value (e.g. looking up an ID).
 func NotFound(field *Path, value interface{}) *Error {
@@ -207,11 +228,40 @@ func TooLong(field *Path, value interface{}, maxLength int) *Error {
 	return &Error{ErrorTypeTooLong, field.String(), value, fmt.Sprintf("must have at most %d bytes", maxLength)}
 }
 
+// TooLongMaxLength returns a *Error indicating "too long".  This is used to
+// report that the given value is too long.  This is similar to
+// Invalid, but the returned error will not include the too-long
+// value. If maxLength is negative, no max length will be included in the message.
+func TooLongMaxLength(field *Path, value interface{}, maxLength int) *Error {
+	var msg string
+	if maxLength >= 0 {
+		msg = fmt.Sprintf("may not be longer than %d", maxLength)
+	} else {
+		msg = "value is too long"
+	}
+	return &Error{ErrorTypeTooLong, field.String(), value, msg}
+}
+
 // TooMany returns a *Error indicating "too many". This is used to
 // report that a given list has too many items. This is similar to TooLong,
 // but the returned error indicates quantity instead of length.
 func TooMany(field *Path, actualQuantity, maxQuantity int) *Error {
-	return &Error{ErrorTypeTooMany, field.String(), actualQuantity, fmt.Sprintf("must have at most %d items", maxQuantity)}
+	var msg string
+
+	if maxQuantity >= 0 {
+		msg = fmt.Sprintf("must have at most %d items", maxQuantity)
+	} else {
+		msg = "has too many items"
+	}
+
+	var actual interface{}
+	if actualQuantity >= 0 {
+		actual = actualQuantity
+	} else {
+		actual = omitValue
+	}
+
+	return &Error{ErrorTypeTooMany, field.String(), actual, msg}
 }
 
 // InternalError returns a *Error indicating "internal error".  This is used