UPSTREAM: <carry>: Enable timeout validator to run in kube-apiserver

[vareti]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:

/kind api-change
/kind bug
/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test

/kind feature

/kind flake

What this PR does / why we need it:
This PR has changes to enable timeout validator in kube-apiserver. The timeout validator will not have any effect unless a timeout value is configured in KubeAPIServerConfig.

Depends openshift/cluster-kube-apiserver-operator#874 and openshift/oauth-server#49 to work

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[vareti]

/test unit

[sttts]

should we move this inside the if enablement.OpenshiftConfig().OAuthConfig != nil ?

[stlaz]

what would be the point, we mean to run it all the time, no?

[sttts]

In the oauth-off mode we will get (keycloak), don't we want to disable this?

[stlaz]

these authenticators are only configured if webhook authenticators aren't, so that's ok

[stlaz]

see

kubernetes/pkg/kubeapiserver/authenticator/config.go

Lines 185 to 199 in f325571

	if len(config.WebhookTokenAuthnConfigFile) > 0 {
	webhookTokenAuth, err := newWebhookTokenAuthenticator(config)
	if err != nil {
	return nil, nil, err
	}
	tokenAuthenticators = append(tokenAuthenticators, webhookTokenAuth)
	} else {
	// openshift gets injected here as a separate token authenticator because we also add a special group to our oauth authorized
	// tokens that allows us to recognize human users differently than machine users. The openAPI is always correct because we always
	// configuration service account tokens, so we just have to create and add another authenticator.
	// TODO make this a webhook authenticator and remove this patch.
	// TODO - remove in 4.7, kept here not to disrupt authentication during 4.5->4.6 upgrade
	tokenAuthenticators = AddOAuthServerAuthenticatorIfNeeded(tokenAuthenticators, config.APIAudiences)
	}

[stlaz]

/test unit
weird, is that a unit test flake?

https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_kubernetes/263/pull-ci-openshift-kubernetes-master-unit/1285201955584479232

[vareti]

unit test failure looks consistent?

/test unit
/test e2e-cmd

[vareti]

/test kubernetes-e2e

[vareti]

/test e2e-cmd

[stlaz]

/lgtm

[stlaz]

/retest

[vareti]

/retest

[sttts]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stlaz, sttts, vareti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[sttts]

/override ci/prow/e2e-aws-fips

[openshift-ci-robot]

@sttts: Overrode contexts on behalf of sttts: ci/prow/e2e-aws-fips

In response to this:

/override ci/prow/e2e-aws-fips

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@vareti: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-cmd	372323f	link	/test e2e-cmd

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.