remove pod security policy; additional policy/v1beta1 cleanup; use informers for descheduler unit tests

update go to 1.19 and helm kubernetes cluster to 1.25
bump -rc.0 to 1.25 GA
bump k8s utils library
bump golang-ci
use go 1.19 for helm github action
upgrade kubectl from 0.20 to 0.25

Signed-off-by: Amir Alavi <amiralavi7@gmail.com>

vendor/k8s.io/apiserver/pkg/endpoints/filters/disable_compression.go

@@ -1,43 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package filters
-
-import (
-	"fmt"
-	"net/http"
-
-	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
-	"k8s.io/apiserver/pkg/endpoints/request"
-)
-
-// CompressionDisabledFunc checks if a given request should disable compression.
-type CompressionDisabledFunc func(*http.Request) (bool, error)
-
-// WithCompressionDisabled stores result of CompressionDisabledFunc in context.
-func WithCompressionDisabled(handler http.Handler, predicate CompressionDisabledFunc) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		ctx := req.Context()
-		decision, err := predicate(req)
-		if err != nil {
-			responsewriters.InternalError(w, req, fmt.Errorf("failed to determine if request should disable compression: %v", err))
-			return
-		}
-
-		req = req.WithContext(request.WithCompressionDisabled(ctx, decision))
-		handler.ServeHTTP(w, req)
-	})
-}

vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/writers.go

@@ -87,21 +87,19 @@ func StreamObject(statusCode int, gv schema.GroupVersion, s runtime.NegotiatedSe
 // The context is optional and can be nil. This method will perform optional content compression if requested by
 // a client and the feature gate for APIResponseCompression is enabled.
 func SerializeObject(mediaType string, encoder runtime.Encoder, hw http.ResponseWriter, req *http.Request, statusCode int, object runtime.Object) {
-	disableCompression := request.CompressionDisabledFrom(req.Context())
 	trace := utiltrace.New("SerializeObject",
 		utiltrace.Field{"audit-id", request.GetAuditIDTruncated(req.Context())},
 		utiltrace.Field{"method", req.Method},
 		utiltrace.Field{"url", req.URL.Path},
 		utiltrace.Field{"protocol", req.Proto},
 		utiltrace.Field{"mediaType", mediaType},
-		utiltrace.Field{"encoder", encoder.Identifier()},
-		utiltrace.Field{"disableCompression", disableCompression})
+		utiltrace.Field{"encoder", encoder.Identifier()})
 	defer trace.LogIfLong(5 * time.Second)
 
 	w := &deferredResponseWriter{
 		mediaType:       mediaType,
 		statusCode:      statusCode,
-		contentEncoding: negotiateContentEncoding(req, disableCompression),
+		contentEncoding: negotiateContentEncoding(req),
 		hw:              hw,
 		trace:           trace,
 	}
@@ -157,12 +155,12 @@ const (
 // negotiateContentEncoding returns a supported client-requested content encoding for the
 // provided request. It will return the empty string if no supported content encoding was
 // found or if response compression is disabled.
-func negotiateContentEncoding(req *http.Request, disableCompression bool) string {
+func negotiateContentEncoding(req *http.Request) string {
 	encoding := req.Header.Get("Accept-Encoding")
 	if len(encoding) == 0 {
 		return ""
 	}
-	if !utilfeature.DefaultFeatureGate.Enabled(features.APIResponseCompression) || disableCompression {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.APIResponseCompression) {
 		return ""
 	}
 	for len(encoding) > 0 {

vendor/k8s.io/apiserver/pkg/endpoints/request/disable_compression.go

@@ -1,37 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package request
-
-import (
-	"context"
-)
-
-type disableCompressionIDKeyType int
-
-const disableCompressionIDKey disableCompressionIDKeyType = iota
-
-// WithCompressionDisabled stores bool in context.
-func WithCompressionDisabled(parent context.Context, disableCompression bool) context.Context {
-	return WithValue(parent, disableCompressionIDKey, disableCompression)
-}
-
-// CompressionDisabledFrom retrieves bool from context.
-// Defaults to false if not set.
-func CompressionDisabledFrom(ctx context.Context) bool {
-	decision, _ := ctx.Value(disableCompressionIDKey).(bool)
-	return decision
-}

vendor/k8s.io/apiserver/pkg/server/config.go

@@ -257,9 +257,6 @@ type Config struct {
 
 	// StorageVersionManager holds the storage versions of the API resources installed by this server.
 	StorageVersionManager storageversion.Manager
-
-	// CompressionDisabledFunc returns whether compression should be disabled for a given request.
-	CompressionDisabledFunc genericapifilters.CompressionDisabledFunc
 }
 
 type RecommendedConfig struct {
@@ -859,9 +856,6 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler {
 	if c.ShutdownSendRetryAfter {
 		handler = genericfilters.WithRetryAfter(handler, c.lifecycleSignals.NotAcceptingNewRequest.Signaled())
 	}
-	if c.CompressionDisabledFunc != nil {
-		handler = genericapifilters.WithCompressionDisabled(handler, c.CompressionDisabledFunc)
-	}
 	handler = genericfilters.WithHTTPLogging(handler)
 	if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerTracing) {
 		handler = genericapifilters.WithTracing(handler, c.TracerProvider)

vendor/k8s.io/apiserver/pkg/server/deleted_kinds.go

@@ -54,10 +54,7 @@ type ResourceExpirationEvaluator interface {
 }
 
 func NewResourceExpirationEvaluator(currentVersion apimachineryversion.Info) (ResourceExpirationEvaluator, error) {
-	ret := &resourceExpirationEvaluator{
-		// TODO https://github.com/kubernetes/kubernetes/issues/109799 set this back to false after beta is tagged.
-		strictRemovedHandlingInAlpha: true,
-	}
+	ret := &resourceExpirationEvaluator{}
 	if len(currentVersion.Major) > 0 {
 		currentMajor64, err := strconv.ParseInt(currentVersion.Major, 10, 32)
 		if err != nil {

vendor/k8s.io/apiserver/pkg/server/options/server_run_options.go

@@ -26,9 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apiserver/pkg/server"
-	"k8s.io/apiserver/pkg/util/disablecompression"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
-	netutils "k8s.io/utils/net"
 
 	"github.com/spf13/pflag"
 )
@@ -65,27 +63,21 @@ type ServerRunOptions struct {
 	// If enabled, after ShutdownDelayDuration elapses, any incoming request is
 	// rejected with a 429 status code and a 'Retry-After' response.
 	ShutdownSendRetryAfter bool
-
-	// DisableCompressionForClientIPs is a comma separated list of CIDR IP ranges
-	// (parsable by net.ParseCIDR, as defined in RFC 4632 and RFC 4291) for which
-	// traffic compression should be disabled.
-	DisableCompressionForClientIPs []string
 }
 
 func NewServerRunOptions() *ServerRunOptions {
 	defaults := server.NewConfig(serializer.CodecFactory{})
 	return &ServerRunOptions{
-		MaxRequestsInFlight:            defaults.MaxRequestsInFlight,
-		MaxMutatingRequestsInFlight:    defaults.MaxMutatingRequestsInFlight,
-		RequestTimeout:                 defaults.RequestTimeout,
-		LivezGracePeriod:               defaults.LivezGracePeriod,
-		MinRequestTimeout:              defaults.MinRequestTimeout,
-		ShutdownDelayDuration:          defaults.ShutdownDelayDuration,
-		JSONPatchMaxCopyBytes:          defaults.JSONPatchMaxCopyBytes,
-		MaxRequestBodyBytes:            defaults.MaxRequestBodyBytes,
-		EnablePriorityAndFairness:      true,
-		ShutdownSendRetryAfter:         false,
-		DisableCompressionForClientIPs: nil,
+		MaxRequestsInFlight:         defaults.MaxRequestsInFlight,
+		MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
+		RequestTimeout:              defaults.RequestTimeout,
+		LivezGracePeriod:            defaults.LivezGracePeriod,
+		MinRequestTimeout:           defaults.MinRequestTimeout,
+		ShutdownDelayDuration:       defaults.ShutdownDelayDuration,
+		JSONPatchMaxCopyBytes:       defaults.JSONPatchMaxCopyBytes,
+		MaxRequestBodyBytes:         defaults.MaxRequestBodyBytes,
+		EnablePriorityAndFairness:   true,
+		ShutdownSendRetryAfter:      false,
 	}
 }
 
@@ -105,13 +97,6 @@ func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
 	c.MaxRequestBodyBytes = s.MaxRequestBodyBytes
 	c.PublicAddress = s.AdvertiseAddress
 	c.ShutdownSendRetryAfter = s.ShutdownSendRetryAfter
-	if len(s.DisableCompressionForClientIPs) != 0 {
-		pred, err := disablecompression.NewClientIPPredicate(s.DisableCompressionForClientIPs)
-		if err != nil {
-			return err
-		}
-		c.CompressionDisabledFunc = pred.Predicate
-	}
 
 	return nil
 }
@@ -176,10 +161,6 @@ func (s *ServerRunOptions) Validate() []error {
 	if err := validateHSTSDirectives(s.HSTSDirectives); err != nil {
 		errors = append(errors, err)
 	}
-
-	if _, err := netutils.ParseCIDRs(s.DisableCompressionForClientIPs); err != nil {
-		errors = append(errors, err)
-	}
 	return errors
 }
 
@@ -275,8 +256,5 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 		"during this window all incoming requests will be rejected with a status code 429 and a 'Retry-After' response header, "+
 		"in addition 'Connection: close' response header is set in order to tear down the TCP connection when idle.")
 
-	fs.StringSliceVar(&s.DisableCompressionForClientIPs, "disable-compression-for-client-ips", s.DisableCompressionForClientIPs, ""+
-		"A comma separated list of client IP ranges in CIDR notation like \"192.0.2.0/24\" or \"2001:db8::/32\", as defined in RFC 4632 and RFC 4291, for which traffic compression will be disabled.")
-
 	utilfeature.DefaultMutableFeatureGate.AddFlag(fs)
 }

vendor/k8s.io/apiserver/pkg/util/disablecompression/disablecompression.go

@@ -1,57 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package disablecompression
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-
-	utilnet "k8s.io/apimachinery/pkg/util/net"
-	netutils "k8s.io/utils/net"
-)
-
-// ClientIPPredicate.Predicate implements CompressionDisabledFunc interface that decides
-// based on client IP.
-type ClientIPPredicate struct {
-	cidrs []*net.IPNet
-}
-
-// NewClientIPPredicate creates a new ClientIPPredicate instance.
-func NewClientIPPredicate(cidrStrings []string) (*ClientIPPredicate, error) {
-	cidrs, err := netutils.ParseCIDRs(cidrStrings)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse cidrs: %v", err)
-	}
-	return &ClientIPPredicate{cidrs: cidrs}, nil
-}
-
-// Predicate checks if ClientIP matches any cidr.
-func (c *ClientIPPredicate) Predicate(req *http.Request) (bool, error) {
-	ip := utilnet.GetClientIP(req)
-	if ip == nil {
-		return false, fmt.Errorf("unable to determine source IP for %v", req)
-	}
-
-	for _, cidr := range c.cidrs {
-		if cidr.Contains(ip) {
-			return true, nil
-		}
-	}
-
-	return false, nil
-}