From 2b0289962d4f33d4e6e317064e625f933e3a5a33 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 08:43:56 -0700
Subject: [PATCH 01/10] hack/shellcheck: don't output passing files

logging noise, trying to keep non-commented output actionable
---
 hack/verify-shellcheck.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hack/verify-shellcheck.sh b/hack/verify-shellcheck.sh
index bd4e8662103..be228a79da8 100755
--- a/hack/verify-shellcheck.sh
+++ b/hack/verify-shellcheck.sh
@@ -52,7 +52,7 @@ for file in "${files[@]}"; do
     else
         passed_files+=("${file}")
     fi
-done 
+done
 
 result="passed"
 code=0
@@ -65,8 +65,8 @@ echo "result: ${result}"
 echo "shellcheck_cmd: ${shellcheck_cmd[*]} {file}"
 echo "shellcheck_output: >"
 <"${SHELLCHECK_OUTPUT}" sed -e 's/^/  /'
-echo "passing_files:"
-printf "%s\n" "${passed_files[@]/#${REPO_ROOT}\//- }"
+# echo "passing_files:"
+# printf "%s\n" "${passed_files[@]/#${REPO_ROOT}\//- }"
 echo "failing_files:"
 printf "%s\n" "${failed_files[@]/#${REPO_ROOT}\//- }"
 exit "${code}"

From d9d6983ae4f497356c84e2773b4eabd80f41fa79 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 08:57:03 -0700
Subject: [PATCH 02/10] hack/yamlint: fail on trailing-spaces rule

---
 hack/.yamllint.conf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hack/.yamllint.conf b/hack/.yamllint.conf
index f22676434be..2f650e9f9e0 100644
--- a/hack/.yamllint.conf
+++ b/hack/.yamllint.conf
@@ -19,5 +19,3 @@ rules:
   # these probably are worth enforcing, so start them at warning; fix in followup PR
   new-line-at-end-of-file:
     level: warning
-  trailing-spaces:
-    level: warning

From 59b147db49bdb4e897f81f27324ff20e1f134e21 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 08:55:59 -0700
Subject: [PATCH 03/10] yamllint: fix trailing-spaces rule failures

---
 cert-manager/cert-manager.yaml                            | 8 ++++----
 groups/sig-release/groups.yaml                            | 6 +++---
 groups/sig-testing/groups.yaml                            | 6 +++---
 groups/wg-k8s-infra/groups.yaml                           | 2 +-
 .../resources/kube-dns-autoscaler-configmap.yaml          | 2 +-
 .../resources/kube-dns-autoscaler-configmap.yaml          | 2 +-
 infra/gcp/roles/audit.viewer.yaml                         | 6 +++---
 infra/gcp/roles/iam.serviceAccountLister.yaml             | 2 +-
 infra/gcp/roles/organization.admin.yaml                   | 4 ++--
 infra/gcp/roles/prow.viewer.yaml                          | 8 ++++----
 infra/gcp/roles/specs/prow.viewer.yaml                    | 4 ++--
 k8s.gcr.io/images/k8s-staging-apisnoop/images.yaml        | 4 ++--
 .../images/k8s-staging-bootkube/promoter-manifest.yaml    | 2 +-
 k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml  | 2 +-
 .../images/k8s-staging-cluster-api-azure/images.yaml      | 2 +-
 k8s.gcr.io/images/k8s-staging-dns/images.yaml             | 4 ++--
 k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml   | 2 +-
 k8s.gcr.io/images/k8s-staging-networking/images.yaml      | 2 +-
 .../k8s-staging-addon-manager/promoter-manifest.yaml      | 2 +-
 19 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/cert-manager/cert-manager.yaml b/cert-manager/cert-manager.yaml
index 3b611ca4daa..580e99412e8 100644
--- a/cert-manager/cert-manager.yaml
+++ b/cert-manager/cert-manager.yaml
@@ -6274,7 +6274,7 @@ spec:
                 fieldPath: metadata.namespace
           resources:
             {}
-            
+
 ---
 # Source: cert-manager/templates/deployment.yaml
 apiVersion: apps/v1
@@ -6335,7 +6335,7 @@ spec:
             requests:
               cpu: 10m
               memory: 32Mi
-            
+
 
 ---
 # Source: cert-manager/templates/webhook-deployment.yaml
@@ -6395,7 +6395,7 @@ spec:
                 fieldPath: metadata.namespace
           resources:
             {}
-            
+
           volumeMounts:
           - name: certs
             mountPath: /certs
@@ -6466,7 +6466,7 @@ webhooks:
 
 ---
 # Source: cert-manager/templates/webhook-psp-clusterrole.yaml
- 
+
 
 ---
 # Source: cert-manager/templates/webhook-psp-clusterrolebinding.yaml
diff --git a/groups/sig-release/groups.yaml b/groups/sig-release/groups.yaml
index 20fbbdf6c26..7ebfc087407 100644
--- a/groups/sig-release/groups.yaml
+++ b/groups/sig-release/groups.yaml
@@ -364,7 +364,7 @@ groups:
       - Damanarora@cmail.carleton.ca # 1.22 Release Notes Shadow
       - gossanth@gmail.com # 1.22 Bug Triage Shadow
       - james@jameslaverack.com # 1.22 Enhancements Lead
-      - jeeves.butler@gmail.com # 1.22 Comms Lead 
+      - jeeves.butler@gmail.com # 1.22 Comms Lead
       - jgavinray@linux.com # 1.22 Bug Triage Shadow
       - joseph.r.sandoval@gmail.com # 1.22 Enhancements Shadow
       - klkfr@amazon.com # 1.22 Comms Shadow
@@ -386,7 +386,7 @@ groups:
       - taylorchprr@gmail.com # 1.22 Bug Triage Shadow
       - victor@cloudflavor.io # 1.22 Docs Lead
       - voigt.christoph@gmail.com # 1.22 Bug Triage Shadow
-      - xander@grzy.dev # 1.22 Enhancements Shadow 
+      - xander@grzy.dev # 1.22 Enhancements Shadow
 
   - email-id: release-team-shadows@kubernetes.io
     name: release-team-shadows
@@ -412,7 +412,7 @@ groups:
       - Damanarora@cmail.carleton.ca # 1.22 Release Notes Shadow
       - sladynnunes98@gmail.com # 1.22 Release Notes Shadow
       - simran.thind@outlook.com # 1.22 Release Notes Shadow
-      - salahi.hossein@gmail.com # 1.22 CI Signal Shadow 
+      - salahi.hossein@gmail.com # 1.22 CI Signal Shadow
       - soniasingla.1812@gmail.com # 1.22 CI Signal Shadow
       - ania0102@gmail.com # 1.22 CI Signal Shadow
       - ramses.green.2@gmail.com # 1.22 CI Signal Shadow
diff --git a/groups/sig-testing/groups.yaml b/groups/sig-testing/groups.yaml
index 1e3feefbaf7..ebd8e84fb84 100644
--- a/groups/sig-testing/groups.yaml
+++ b/groups/sig-testing/groups.yaml
@@ -116,7 +116,7 @@ groups:
   #
   # Membership should correspond roughly to subproject owners for the set of
   # subproject artifacts being stored in the GCS bucket
-  #     
+  #
   - email-id: k8s-infra-push-kind@kubernetes.io
     name: k8s-infra-push-kind
     description: |-
@@ -169,7 +169,7 @@ groups:
     - ramses.green.2@gmail.com # 1.22 CI Signal Shadow
     - salahi.hossein@gmail.com # 1.22 CI Signal Shadow
     - soniasingla.1812@gmail.com # 1.22 CI Signal Shadow
-  
+
   #
   # sig-testing k8s-infra owners
   #
@@ -177,7 +177,7 @@ groups:
   # infrastructure owned or managed by sig-testing. A high level of trust is
   # required for membership in these groups.
   #
-  
+
   - email-id: k8s-infra-ci-robot@kubernetes.io
     name: k8s-infra-ci-robot
     description: |-
diff --git a/groups/wg-k8s-infra/groups.yaml b/groups/wg-k8s-infra/groups.yaml
index 4a3abb01039..6f41c787633 100644
--- a/groups/wg-k8s-infra/groups.yaml
+++ b/groups/wg-k8s-infra/groups.yaml
@@ -108,7 +108,7 @@ groups:
       - ihor@cncf.io
       - jdagostino2@gmail.com
       - justinsb@google.com
-      - k8s-infra-ii-coop@kubernetes.io      
+      - k8s-infra-ii-coop@kubernetes.io
       - spiffxp@gmail.com
       - spiffxp@google.com
       - thockin@google.com
diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kube-dns-autoscaler-configmap.yaml b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kube-dns-autoscaler-configmap.yaml
index 151d77d280d..9282977578f 100644
--- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kube-dns-autoscaler-configmap.yaml
+++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kube-dns-autoscaler-configmap.yaml
@@ -1,7 +1,7 @@
 # This is to address a known issue with node local dns cache
 # https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache#known_issues
 # TODO: remove when cluster version is >= 1.19.7-gke.1500
-# NOTE: string containing structured data, was retrieved from v1.17.15-gke.800, may fail 
+# NOTE: string containing structured data, was retrieved from v1.17.15-gke.800, may fail
 #       silently in the future if the expected schema changes
 apiVersion: v1
 data:
diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/kube-dns-autoscaler-configmap.yaml b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/kube-dns-autoscaler-configmap.yaml
index 151d77d280d..9282977578f 100644
--- a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/kube-dns-autoscaler-configmap.yaml
+++ b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/kube-dns-autoscaler-configmap.yaml
@@ -1,7 +1,7 @@
 # This is to address a known issue with node local dns cache
 # https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache#known_issues
 # TODO: remove when cluster version is >= 1.19.7-gke.1500
-# NOTE: string containing structured data, was retrieved from v1.17.15-gke.800, may fail 
+# NOTE: string containing structured data, was retrieved from v1.17.15-gke.800, may fail
 #       silently in the future if the expected schema changes
 apiVersion: v1
 data:
diff --git a/infra/gcp/roles/audit.viewer.yaml b/infra/gcp/roles/audit.viewer.yaml
index a83c70a1da5..dfad2abd4ae 100644
--- a/infra/gcp/roles/audit.viewer.yaml
+++ b/infra/gcp/roles/audit.viewer.yaml
@@ -39,7 +39,7 @@
 #   # - roles/run.viewer
 #   # read access to secrets metadata (not their contents)
 #   - roles/secretmanager.viewer
-# 
+#
 #   # meta roles (regardless of roles/viewer)
 #   #
 #   # read access for the project hierarchy (org, folders, projects)
@@ -50,12 +50,12 @@
 #   #       effectively allows an auditor to use any project they wish
 #   #       for billing or quota purposes. This seems... not right.
 #   - roles/serviceusage.serviceUsageConsumer
-# 
+#
 #   # specific permissions that don't come from a well-scoped pre-defined role
 #   permissions:
 #   # for gsutil _ get: cors, iam, label, logging, lifecycle, retention, ubla
 #   - storage.buckets.get
-# 
+#
 #   # use regexes to filter permissions pulled in from the above
 #   permissionRegexes:
 #   # only include (get|list).* (e.g. get, getIamPolicy, etc.)
diff --git a/infra/gcp/roles/iam.serviceAccountLister.yaml b/infra/gcp/roles/iam.serviceAccountLister.yaml
index 3092e20b335..60fd5f65954 100644
--- a/infra/gcp/roles/iam.serviceAccountLister.yaml
+++ b/infra/gcp/roles/iam.serviceAccountLister.yaml
@@ -8,7 +8,7 @@
 # include:
 #   permissions:
 #   - iam.serviceAccounts.list
-# 
+#
 #
 description: Can list ServiceAccounts
 includedPermissions:
diff --git a/infra/gcp/roles/organization.admin.yaml b/infra/gcp/roles/organization.admin.yaml
index 0977e679aa2..7c2cb7fa1a5 100644
--- a/infra/gcp/roles/organization.admin.yaml
+++ b/infra/gcp/roles/organization.admin.yaml
@@ -16,7 +16,7 @@
 #   - roles/billing.creator
 #   # maybe for budgets.*, this also offers accounts.updateUsageExportSpec
 #   - roles/billing.costsManager
-# 
+#
 #   # resourcemanager.* permissions missing from roles/owner
 #   # for resourcemanager.folders.*
 #   - roles/resourcemanager.folderAdmin
@@ -24,7 +24,7 @@
 #   - roles/resourcemanager.organizationAdmin
 #   # for resourcemanager.projects.create
 #   - roles/resourcemanager.projectCreator
-# 
+#
 #   # for storage.buckets.(get|update|(get|set)IamPolicy)
 #   - roles/storage.admin
 #   permissionRegexes:
diff --git a/infra/gcp/roles/prow.viewer.yaml b/infra/gcp/roles/prow.viewer.yaml
index 449cba48c46..68f6c889500 100644
--- a/infra/gcp/roles/prow.viewer.yaml
+++ b/infra/gcp/roles/prow.viewer.yaml
@@ -25,15 +25,15 @@
 #   - roles/pubsub.viewer
 #   # read access to secrets metadata (not their contents)
 #   - roles/secretmanager.viewer
-# 
+#
 #   # meta roles
-#   # 
+#   #
 #   # read access for the project hierarchy (org, folders, projects)
 #   - roles/browser
-# 
+#
 #   # specific permissions that don't come from a well-scoped pre-defined role
 #   permissions:
-#   # read access to buckets and their objects 
+#   # read access to buckets and their objects
 #   - storage.buckets.get
 #   - storage.buckets.getIamPolicy
 #   - storage.buckets.list
diff --git a/infra/gcp/roles/specs/prow.viewer.yaml b/infra/gcp/roles/specs/prow.viewer.yaml
index e55da97db47..c5d78ca3926 100644
--- a/infra/gcp/roles/specs/prow.viewer.yaml
+++ b/infra/gcp/roles/specs/prow.viewer.yaml
@@ -25,13 +25,13 @@ include:
   - roles/secretmanager.viewer
 
   # meta roles
-  # 
+  #
   # read access for the project hierarchy (org, folders, projects)
   - roles/browser
 
   # specific permissions that don't come from a well-scoped pre-defined role
   permissions:
-  # read access to buckets and their objects 
+  # read access to buckets and their objects
   - storage.buckets.get
   - storage.buckets.getIamPolicy
   - storage.buckets.list
diff --git a/k8s.gcr.io/images/k8s-staging-apisnoop/images.yaml b/k8s.gcr.io/images/k8s-staging-apisnoop/images.yaml
index 039e788b9f2..efcc1166b51 100644
--- a/k8s.gcr.io/images/k8s-staging-apisnoop/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-apisnoop/images.yaml
@@ -1,8 +1,8 @@
-- name: snoopdb 
+- name: snoopdb
   dmap:
     "sha256:c4151a15c8439265d98f66d25ef17964e9e975d894822a54ed7e72db78dba6c6": ["v0.1.0"]
     "sha256:a41a91e366e973da0bfd6fce44ba131d561ab435119ff7e1050d1e226a06dbda": ["v0.2.0"]
 - name: auditlogger
-  dmap: 
+  dmap:
     "sha256:c4151a15c8439265d98f66d25ef17964e9e975d894822a54ed7e72db78dba6c6": ["v0.1.0"]
     "sha256:2c9c8df42ac7525e556bbff81aa9a62960888c69d5faad4aad408893bc95cbc9": ["v0.2.0"]
diff --git a/k8s.gcr.io/images/k8s-staging-bootkube/promoter-manifest.yaml b/k8s.gcr.io/images/k8s-staging-bootkube/promoter-manifest.yaml
index 8611e02635f..9042d911fa6 100644
--- a/k8s.gcr.io/images/k8s-staging-bootkube/promoter-manifest.yaml
+++ b/k8s.gcr.io/images/k8s-staging-bootkube/promoter-manifest.yaml
@@ -1,4 +1,4 @@
- # google group for gcr.io/k8s-staging-bootkube is k8s-infra-staging-bootkube@kubernetes.io 
+ # google group for gcr.io/k8s-staging-bootkube is k8s-infra-staging-bootkube@kubernetes.io
 registries:
 - name: gcr.io/k8s-staging-bootkube
   src: true
diff --git a/k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml b/k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml
index 8d60e16b139..101b8d72549 100644
--- a/k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml
@@ -7,4 +7,4 @@
     "sha256:cfdd7a67771e7a3fd956205c3351ad116e912b47982a95902b120bba036d7775": ["v0.3.2"]
     "sha256:4677942f42ea5155072732f192a08abcb89372aa26411099ad4885878f927ccd": ["v0.3.3"]
     "sha256:d70989184b077972e9a3f04c38f9f2587c2314c6e8cd4a3941bb32aa3ed1b7a8": ["v0.3.4"]
-    "sha256:de79569d5cca4f3673a7fec4653e2b802184f4c5ce08447f4107ebfa692c273b": ["v0.4.0-beta.0"]    
+    "sha256:de79569d5cca4f3673a7fec4653e2b802184f4c5ce08447f4107ebfa692c273b": ["v0.4.0-beta.0"]
diff --git a/k8s.gcr.io/images/k8s-staging-cluster-api-azure/images.yaml b/k8s.gcr.io/images/k8s-staging-cluster-api-azure/images.yaml
index 8c54a9c3d04..6c8da3354d3 100644
--- a/k8s.gcr.io/images/k8s-staging-cluster-api-azure/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-cluster-api-azure/images.yaml
@@ -4,7 +4,7 @@
     "sha256:ff557c077ead935efaeea7ccb2a716c1c732554dd656763b1051ebb93208d2e9": ["v0.3.0"]
     "sha256:de9129b5afa41790569a76c6c3df6ff3bd6c82ea331a29874e61ef78e51e15bd": ["v0.3.1"]
     "sha256:1ddbf57a97a5c03dcd5e899033d36dbdac48912a0f439c04b9bd5b2707393d38": ["v0.4.0"]
-    "sha256:9771aa8209401bd3d49e8865882bdfe8f93e171d2c54f2c8d83159a04d2295a5": ["v0.4.1"] 
+    "sha256:9771aa8209401bd3d49e8865882bdfe8f93e171d2c54f2c8d83159a04d2295a5": ["v0.4.1"]
     "sha256:6ad008e4469adbbdaaa2743648e13d82d25dbf3b9160cf03df5660c3ba32731e": ["v0.4.2"]
     "sha256:89a0a77085d54b4c34e23aa7f6359fa1ee1f4b0157ffebc3992dc99a97a51d2e": ["v0.4.3"]
     "sha256:333393994b33cb075626ffc9de201f1205b1c63f96f75d0e8bd181eb1c91df39": ["v0.4.4"]
diff --git a/k8s.gcr.io/images/k8s-staging-dns/images.yaml b/k8s.gcr.io/images/k8s-staging-dns/images.yaml
index deea5e66508..47fbdb25b8f 100644
--- a/k8s.gcr.io/images/k8s-staging-dns/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-dns/images.yaml
@@ -85,7 +85,7 @@
     "sha256:52ea1f1515fc129bbe767a2318483e7d3fb1c77ae1321c0f56eee1a08e363e45": ["1.15.16"]
     "sha256:3c7197b4d21c0a5f540286dbd0fe28fef947e2177ba3e3be68cf94cc2aac2ad4": ["1.16.0"]
     "sha256:a734bd24d07198e4878a130bb9c5cf950b8c225cd05972a3426bd9509671701b": ["1.17.0"]
-    "sha256:7d2476167d4243d002c5bd141df4a04694c68ad350f13386bf1515fb63bfcede": ["1.17.1"] 
+    "sha256:7d2476167d4243d002c5bd141df4a04694c68ad350f13386bf1515fb63bfcede": ["1.17.1"]
     "sha256:3e679c1e239d5a757e9e12523ca8cf3b963d863fade03a7670e83b4f580a4349": ["1.17.3"]
     "sha256:784e5832d094781c495f17d65f40301465eed2adfac7dd9c2a84b77b160f080c": ["1.17.4"]
 - name: k8s-dns-kube-dns-ppc64le
@@ -111,7 +111,7 @@
     "sha256:9d74628cb30efd18162ce2c818bdac6d674c19ac3d063a5c9390b14d2334ca1e": ["1.15.14"]
     "sha256:a608ed64315663e0ecbe71b8bd87776b89acfa95ccc8fe5dbbabc4d352330060": ["1.15.16"]
     "sha256:deea8f03e720634e7c7334a65aa51ec8c81625c60e4a9ad6f58ebfc59110c5f9": ["1.16.0"]
-    "sha256:7a659f9051fb9c567f555e9481b9ac7972a8400e81c745ee6b26197560332946": ["1.17.0"] 
+    "sha256:7a659f9051fb9c567f555e9481b9ac7972a8400e81c745ee6b26197560332946": ["1.17.0"]
     "sha256:0724c909905ac971a9bfea9cde6a1f2c0afecccdcacf6c317669891bb53a3b4e": ["1.17.1"]
     "sha256:962ebdd7e09137b63fdb4068f1b87661daddeb3672e0131d43c9931e10c744bb": ["1.17.3"]
     "sha256:1fa271c5a59a3075e6aff3a02a5f305ecd13dd36d9ad5eff29a8621b39befa84": ["1.17.4"]
diff --git a/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml b/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml
index 2f21c1792b6..82358051721 100644
--- a/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml
@@ -41,7 +41,7 @@
     "sha256:224da667cf3047998ea691e9766fedd1eab94257a39df81374bfa14536da3688": ["v20210115-gba0502603"]
     "sha256:fcfa3e9d1f8ec3141efedbf77cf659640f452a9c22165c78006ea462b84d06f6": ["v20210324-g8baef769d"]
     "sha256:a7356029dd0c26cc3466bf7a27daec0f4df73aa14ca6c8b871a767022a812c0b": ["v20210530-g6aab4c291"]
-    
+
 # image to run tests
 # https://github.com/kubernetes/ingress-nginx/tree/master/images/test-runner
 - name: e2e-test-runner
diff --git a/k8s.gcr.io/images/k8s-staging-networking/images.yaml b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
index e1c9b401fc1..01ee6fd7980 100644
--- a/k8s.gcr.io/images/k8s-staging-networking/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
@@ -16,4 +16,4 @@
 - name: ingress-gce-404-server-with-metrics-amd64
   dmap:
     "sha256:7eb7b3cee4d33c10c49893ad3c386232b86d4067de5251294d4c620d6e072b93": ["v1.10.11"]
-    
+
diff --git a/k8s.gcr.io/manifests/k8s-staging-addon-manager/promoter-manifest.yaml b/k8s.gcr.io/manifests/k8s-staging-addon-manager/promoter-manifest.yaml
index 36b73ae4fc0..252a537f3d4 100644
--- a/k8s.gcr.io/manifests/k8s-staging-addon-manager/promoter-manifest.yaml
+++ b/k8s.gcr.io/manifests/k8s-staging-addon-manager/promoter-manifest.yaml
@@ -7,4 +7,4 @@ registries:
 - name: eu.gcr.io/k8s-artifacts-prod/addon-manager
   service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
 - name: asia.gcr.io/k8s-artifacts-prod/addon-manager
-  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com 
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com

From 7ec422d1b47101fe752e605de7beba3e3ea7f9d7 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 09:04:40 -0700
Subject: [PATCH 04/10] yamllint: fix empty-lines rule warnings

---
 .../kubernetes-external-secrets.yaml                           | 3 +--
 apps/sippy/service.yaml                                        | 3 +--
 dns/zone-configs/k8s.io._2_aws.yaml                            | 3 +--
 groups/sig-release/groups.yaml                                 | 3 +--
 groups/wg-k8s-infra/groups.yaml                                | 3 +--
 hack/.yamllint.conf                                            | 2 +-
 .../resources/kubernetes-external-secrets.yaml                 | 3 +--
 infra/gcp/roles/specs/iam.serviceAccountLister.yaml            | 1 -
 k8s.gcr.io/images/k8s-staging-descheduler/images.yaml          | 3 +--
 k8s.gcr.io/images/k8s-staging-external-dns/images.yaml         | 3 +--
 k8s.gcr.io/images/k8s-staging-networking/images.yaml           | 3 +--
 k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml    | 3 +--
 12 files changed, 11 insertions(+), 22 deletions(-)

diff --git a/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml b/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
index 35daf395f94..36892211be2 100644
--- a/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
+++ b/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
@@ -53,5 +53,4 @@ spec:
             value: "60000"
           # Params for env vars populated from k8s secrets
       securityContext:
-        runAsNonRoot: true
-
+        runAsNonRoot: true
\ No newline at end of file
diff --git a/apps/sippy/service.yaml b/apps/sippy/service.yaml
index 504bc91669e..4b1554f3929 100644
--- a/apps/sippy/service.yaml
+++ b/apps/sippy/service.yaml
@@ -13,5 +13,4 @@ spec:
   selector:
     app: sippy
   sessionAffinity: None
-  type: NodePort
-
+  type: NodePort
\ No newline at end of file
diff --git a/dns/zone-configs/k8s.io._2_aws.yaml b/dns/zone-configs/k8s.io._2_aws.yaml
index 7dc59a5e92d..23eb817012e 100644
--- a/dns/zone-configs/k8s.io._2_aws.yaml
+++ b/dns/zone-configs/k8s.io._2_aws.yaml
@@ -5,5 +5,4 @@ test-cncf-aws:
   - ns-1458.awsdns-54.org.
   - ns-1825.awsdns-36.co.uk.
   - ns-265.awsdns-33.com.
-  - ns-687.awsdns-21.net.
-
+  - ns-687.awsdns-21.net.
\ No newline at end of file
diff --git a/groups/sig-release/groups.yaml b/groups/sig-release/groups.yaml
index 7ebfc087407..2941331ac7a 100644
--- a/groups/sig-release/groups.yaml
+++ b/groups/sig-release/groups.yaml
@@ -427,5 +427,4 @@ groups:
       - xander@grzy.dev # 1.22 Enhancements Shadow
       - rlejano@gmail.com # 1.22 Enhancements Shadow
       - supriyapremkumar1@gmail.com # 1.22 Enhancements Shadow
-      - nng.grace@gmail.com # 1.22 Enhancements Shadow
-
+      - nng.grace@gmail.com # 1.22 Enhancements Shadow
\ No newline at end of file
diff --git a/groups/wg-k8s-infra/groups.yaml b/groups/wg-k8s-infra/groups.yaml
index 6f41c787633..73179810839 100644
--- a/groups/wg-k8s-infra/groups.yaml
+++ b/groups/wg-k8s-infra/groups.yaml
@@ -171,5 +171,4 @@ groups:
       ReconcileMembers: "true"
       WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
     members:
-      - k8s-infra-cluster-admins@kubernetes.io
-
+      - k8s-infra-cluster-admins@kubernetes.io
\ No newline at end of file
diff --git a/hack/.yamllint.conf b/hack/.yamllint.conf
index 2f650e9f9e0..e01732d5e16 100644
--- a/hack/.yamllint.conf
+++ b/hack/.yamllint.conf
@@ -18,4 +18,4 @@ rules:
   line-length: disable
   # these probably are worth enforcing, so start them at warning; fix in followup PR
   new-line-at-end-of-file:
-    level: warning
+    level: warning
\ No newline at end of file
diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
index 80245f92e19..68bff9f4bea 100644
--- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
+++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
@@ -55,5 +55,4 @@ spec:
             value: "60000"
           # Params for env vars populated from k8s secrets
       securityContext:
-        runAsNonRoot: true
-
+        runAsNonRoot: true
\ No newline at end of file
diff --git a/infra/gcp/roles/specs/iam.serviceAccountLister.yaml b/infra/gcp/roles/specs/iam.serviceAccountLister.yaml
index 561754b3eb4..1f08c8cc6ed 100644
--- a/infra/gcp/roles/specs/iam.serviceAccountLister.yaml
+++ b/infra/gcp/roles/specs/iam.serviceAccountLister.yaml
@@ -6,4 +6,3 @@ name: iam.serviceAccountLister
 include:
   permissions:
   - iam.serviceAccounts.list
-
diff --git a/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml b/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
index 13034f7c54e..dd66e2897ab 100644
--- a/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
@@ -15,5 +15,4 @@
     "sha256:d9001949fa3d8b3a55122f4eea833a38732fdb6af881df8a580f77a05f245c06": ["v0.21.0"]
 - name: descheduler-arm
   dmap:
-    "sha256:a71ecf15cf6df636b6739c620170dcdb02838c4cf85a47779daf12ee021e4078": ["v0.21.0"]
-
+    "sha256:a71ecf15cf6df636b6739c620170dcdb02838c4cf85a47779daf12ee021e4078": ["v0.21.0"]
\ No newline at end of file
diff --git a/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml b/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
index 939531fe25e..e0bed8f1b95 100644
--- a/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
@@ -24,5 +24,4 @@
   dmap:
     "sha256:ce66aede1bb2911813768e4c58e0d88209a439ccaaee2705c71d34f04bce1c5c": ["v0.7.5"]
     "sha256:8a93479cce5812218b1fd3766852029c651f8103bf7a889888c1312a3f1f7f48": ["v0.7.6"]
-    "sha256:8e04959a4d12c98d5e7f05f9b05d62a37158a94464fb9a4e2139a1223371fa8c": ["v0.8.0"]
-
+    "sha256:8e04959a4d12c98d5e7f05f9b05d62a37158a94464fb9a4e2139a1223371fa8c": ["v0.8.0"]
\ No newline at end of file
diff --git a/k8s.gcr.io/images/k8s-staging-networking/images.yaml b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
index 01ee6fd7980..e89dfe5e84f 100644
--- a/k8s.gcr.io/images/k8s-staging-networking/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
@@ -15,5 +15,4 @@
     "sha256:fd7449efcd712a85dbcdf6c1648f5f9bb674c208862f469c457ccd154d7d12bf": ["v2.6.0"]
 - name: ingress-gce-404-server-with-metrics-amd64
   dmap:
-    "sha256:7eb7b3cee4d33c10c49893ad3c386232b86d4067de5251294d4c620d6e072b93": ["v1.10.11"]
-
+    "sha256:7eb7b3cee4d33c10c49893ad3c386232b86d4067de5251294d4c620d6e072b93": ["v1.10.11"]
\ No newline at end of file
diff --git a/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml b/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
index dd78d5c7414..c95f8df7718 100644
--- a/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
@@ -22,5 +22,4 @@
 - name: kube-scheduler-arm64
   dmap:
     "sha256:d920cb0d251c90430ed7da0a1d12bd521ef0f996bbf909384cd7b78cd7f4d963": ["v0.19.8"]
-    "sha256:e77b158a58051fff1295a09126cbe72f3f2849c1f66346c52213e4cf01e9793e": ["v0.19.9"]
-
+    "sha256:e77b158a58051fff1295a09126cbe72f3f2849c1f66346c52213e4cf01e9793e": ["v0.19.9"]
\ No newline at end of file

From e906b141498ebdc270d0ad4d048b36092a188771 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 09:13:32 -0700
Subject: [PATCH 05/10] hack/yamllint: fail on new-line-at-end-of-file rule

---
 hack/.yamllint.conf | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/hack/.yamllint.conf b/hack/.yamllint.conf
index e01732d5e16..79da7663527 100644
--- a/hack/.yamllint.conf
+++ b/hack/.yamllint.conf
@@ -15,7 +15,4 @@ rules:
   indentation: disable
   document-start: disable
   comments: disable
-  line-length: disable
-  # these probably are worth enforcing, so start them at warning; fix in followup PR
-  new-line-at-end-of-file:
-    level: warning
\ No newline at end of file
+  line-length: disable
\ No newline at end of file

From 22c45e9a75e1a38daf6a2791593fd2dcfbfcf548 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 09:10:05 -0700
Subject: [PATCH 06/10] yamllint: fix new-line-at-end-of-file rule failures

---
 .../kubernetes-external-secrets.yaml                            | 2 +-
 apps/sippy/service.yaml                                         | 2 +-
 apps/triageparty-release/secret.yaml                            | 2 +-
 dns/zone-configs/k8s.io._2_aws.yaml                             | 2 +-
 groups/sig-release/groups.yaml                                  | 2 +-
 groups/wg-k8s-infra/groups.yaml                                 | 2 +-
 .../resources/kubernetes-external-secrets.yaml                  | 2 +-
 .../k8s-infra-prow-build/prow-build/resources/namespaces.yaml   | 2 +-
 infra/gcp/roles/specs/container.deployer.yaml                   | 2 +-
 k8s.gcr.io/images/k8s-image-staging-kind/images.yaml            | 2 +-
 k8s.gcr.io/images/k8s-staging-cri-tools/images.yaml             | 2 +-
 k8s.gcr.io/images/k8s-staging-descheduler/images.yaml           | 2 +-
 k8s.gcr.io/images/k8s-staging-external-dns/images.yaml          | 2 +-
 k8s.gcr.io/images/k8s-staging-networking/images.yaml            | 2 +-
 k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml     | 2 +-
 k8s.gcr.io/images/k8s-staging-test-infra/images.yaml            | 2 +-
 .../manifests/k8s-image-staging-kind/promoter-manifest.yaml     | 2 +-
 k8s.gcr.io/manifests/k8s-staging-cpa/promoter-manifest.yaml     | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml b/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
index 36892211be2..93edb3a0887 100644
--- a/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
+++ b/apps/kubernetes-external-secrets/kubernetes-external-secrets.yaml
@@ -53,4 +53,4 @@ spec:
             value: "60000"
           # Params for env vars populated from k8s secrets
       securityContext:
-        runAsNonRoot: true
\ No newline at end of file
+        runAsNonRoot: true
diff --git a/apps/sippy/service.yaml b/apps/sippy/service.yaml
index 4b1554f3929..f5d3e24b074 100644
--- a/apps/sippy/service.yaml
+++ b/apps/sippy/service.yaml
@@ -13,4 +13,4 @@ spec:
   selector:
     app: sippy
   sessionAffinity: None
-  type: NodePort
\ No newline at end of file
+  type: NodePort
diff --git a/apps/triageparty-release/secret.yaml b/apps/triageparty-release/secret.yaml
index d94c8e721b6..4892b620cef 100644
--- a/apps/triageparty-release/secret.yaml
+++ b/apps/triageparty-release/secret.yaml
@@ -11,4 +11,4 @@ spec:
   data:
   - key: triage-party-github-token
     name: triage-party-github-token
-    version: latest
\ No newline at end of file
+    version: latest
diff --git a/dns/zone-configs/k8s.io._2_aws.yaml b/dns/zone-configs/k8s.io._2_aws.yaml
index 23eb817012e..481d4c815c0 100644
--- a/dns/zone-configs/k8s.io._2_aws.yaml
+++ b/dns/zone-configs/k8s.io._2_aws.yaml
@@ -5,4 +5,4 @@ test-cncf-aws:
   - ns-1458.awsdns-54.org.
   - ns-1825.awsdns-36.co.uk.
   - ns-265.awsdns-33.com.
-  - ns-687.awsdns-21.net.
\ No newline at end of file
+  - ns-687.awsdns-21.net.
diff --git a/groups/sig-release/groups.yaml b/groups/sig-release/groups.yaml
index 2941331ac7a..95609d8ba91 100644
--- a/groups/sig-release/groups.yaml
+++ b/groups/sig-release/groups.yaml
@@ -427,4 +427,4 @@ groups:
       - xander@grzy.dev # 1.22 Enhancements Shadow
       - rlejano@gmail.com # 1.22 Enhancements Shadow
       - supriyapremkumar1@gmail.com # 1.22 Enhancements Shadow
-      - nng.grace@gmail.com # 1.22 Enhancements Shadow
\ No newline at end of file
+      - nng.grace@gmail.com # 1.22 Enhancements Shadow
diff --git a/groups/wg-k8s-infra/groups.yaml b/groups/wg-k8s-infra/groups.yaml
index 73179810839..383204bb8d9 100644
--- a/groups/wg-k8s-infra/groups.yaml
+++ b/groups/wg-k8s-infra/groups.yaml
@@ -171,4 +171,4 @@ groups:
       ReconcileMembers: "true"
       WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
     members:
-      - k8s-infra-cluster-admins@kubernetes.io
\ No newline at end of file
+      - k8s-infra-cluster-admins@kubernetes.io
diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
index 68bff9f4bea..a7beec7217a 100644
--- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
+++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets.yaml
@@ -55,4 +55,4 @@ spec:
             value: "60000"
           # Params for env vars populated from k8s secrets
       securityContext:
-        runAsNonRoot: true
\ No newline at end of file
+        runAsNonRoot: true
diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/namespaces.yaml b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/namespaces.yaml
index 9b81c3a2ba2..a8ed329cf09 100644
--- a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/namespaces.yaml
+++ b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/resources/namespaces.yaml
@@ -7,4 +7,4 @@ metadata:
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: test-pods
\ No newline at end of file
+  name: test-pods
diff --git a/infra/gcp/roles/specs/container.deployer.yaml b/infra/gcp/roles/specs/container.deployer.yaml
index 3f9de591f45..d41d8abc4fe 100644
--- a/infra/gcp/roles/specs/container.deployer.yaml
+++ b/infra/gcp/roles/specs/container.deployer.yaml
@@ -17,4 +17,4 @@ exclude:
   # GKE cluster permissions
   - ^container\.clusters\.(create|delete|getCredentials|update)$
   - ^container\.operations\.
-  - ^container\.hostServiceAgent\.
\ No newline at end of file
+  - ^container\.hostServiceAgent\.
diff --git a/k8s.gcr.io/images/k8s-image-staging-kind/images.yaml b/k8s.gcr.io/images/k8s-image-staging-kind/images.yaml
index 6c9ba904fc9..d48c82d0a75 100644
--- a/k8s.gcr.io/images/k8s-image-staging-kind/images.yaml
+++ b/k8s.gcr.io/images/k8s-image-staging-kind/images.yaml
@@ -1 +1 @@
-# No images yet
\ No newline at end of file
+# No images yet
diff --git a/k8s.gcr.io/images/k8s-staging-cri-tools/images.yaml b/k8s.gcr.io/images/k8s-staging-cri-tools/images.yaml
index 6c9ba904fc9..d48c82d0a75 100644
--- a/k8s.gcr.io/images/k8s-staging-cri-tools/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-cri-tools/images.yaml
@@ -1 +1 @@
-# No images yet
\ No newline at end of file
+# No images yet
diff --git a/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml b/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
index dd66e2897ab..282ee4df429 100644
--- a/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-descheduler/images.yaml
@@ -15,4 +15,4 @@
     "sha256:d9001949fa3d8b3a55122f4eea833a38732fdb6af881df8a580f77a05f245c06": ["v0.21.0"]
 - name: descheduler-arm
   dmap:
-    "sha256:a71ecf15cf6df636b6739c620170dcdb02838c4cf85a47779daf12ee021e4078": ["v0.21.0"]
\ No newline at end of file
+    "sha256:a71ecf15cf6df636b6739c620170dcdb02838c4cf85a47779daf12ee021e4078": ["v0.21.0"]
diff --git a/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml b/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
index e0bed8f1b95..112a256e875 100644
--- a/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-external-dns/images.yaml
@@ -24,4 +24,4 @@
   dmap:
     "sha256:ce66aede1bb2911813768e4c58e0d88209a439ccaaee2705c71d34f04bce1c5c": ["v0.7.5"]
     "sha256:8a93479cce5812218b1fd3766852029c651f8103bf7a889888c1312a3f1f7f48": ["v0.7.6"]
-    "sha256:8e04959a4d12c98d5e7f05f9b05d62a37158a94464fb9a4e2139a1223371fa8c": ["v0.8.0"]
\ No newline at end of file
+    "sha256:8e04959a4d12c98d5e7f05f9b05d62a37158a94464fb9a4e2139a1223371fa8c": ["v0.8.0"]
diff --git a/k8s.gcr.io/images/k8s-staging-networking/images.yaml b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
index e89dfe5e84f..9d0cda9a66f 100644
--- a/k8s.gcr.io/images/k8s-staging-networking/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-networking/images.yaml
@@ -15,4 +15,4 @@
     "sha256:fd7449efcd712a85dbcdf6c1648f5f9bb674c208862f469c457ccd154d7d12bf": ["v2.6.0"]
 - name: ingress-gce-404-server-with-metrics-amd64
   dmap:
-    "sha256:7eb7b3cee4d33c10c49893ad3c386232b86d4067de5251294d4c620d6e072b93": ["v1.10.11"]
\ No newline at end of file
+    "sha256:7eb7b3cee4d33c10c49893ad3c386232b86d4067de5251294d4c620d6e072b93": ["v1.10.11"]
diff --git a/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml b/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
index c95f8df7718..e08bc6935db 100644
--- a/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-scheduler-plugins/images.yaml
@@ -22,4 +22,4 @@
 - name: kube-scheduler-arm64
   dmap:
     "sha256:d920cb0d251c90430ed7da0a1d12bd521ef0f996bbf909384cd7b78cd7f4d963": ["v0.19.8"]
-    "sha256:e77b158a58051fff1295a09126cbe72f3f2849c1f66346c52213e4cf01e9793e": ["v0.19.9"]
\ No newline at end of file
+    "sha256:e77b158a58051fff1295a09126cbe72f3f2849c1f66346c52213e4cf01e9793e": ["v0.19.9"]
diff --git a/k8s.gcr.io/images/k8s-staging-test-infra/images.yaml b/k8s.gcr.io/images/k8s-staging-test-infra/images.yaml
index 6c9ba904fc9..d48c82d0a75 100644
--- a/k8s.gcr.io/images/k8s-staging-test-infra/images.yaml
+++ b/k8s.gcr.io/images/k8s-staging-test-infra/images.yaml
@@ -1 +1 @@
-# No images yet
\ No newline at end of file
+# No images yet
diff --git a/k8s.gcr.io/manifests/k8s-image-staging-kind/promoter-manifest.yaml b/k8s.gcr.io/manifests/k8s-image-staging-kind/promoter-manifest.yaml
index 1d3ec57c993..32c11dbfa4a 100644
--- a/k8s.gcr.io/manifests/k8s-image-staging-kind/promoter-manifest.yaml
+++ b/k8s.gcr.io/manifests/k8s-image-staging-kind/promoter-manifest.yaml
@@ -7,4 +7,4 @@ registries:
 - name: eu.gcr.io/k8s-artifacts-prod/kind
   service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
 - name: asia.gcr.io/k8s-artifacts-prod/kind
-  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
\ No newline at end of file
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
diff --git a/k8s.gcr.io/manifests/k8s-staging-cpa/promoter-manifest.yaml b/k8s.gcr.io/manifests/k8s-staging-cpa/promoter-manifest.yaml
index 0ffd64f916f..2ff46c1a14d 100644
--- a/k8s.gcr.io/manifests/k8s-staging-cpa/promoter-manifest.yaml
+++ b/k8s.gcr.io/manifests/k8s-staging-cpa/promoter-manifest.yaml
@@ -7,4 +7,4 @@ registries:
 - name: eu.gcr.io/k8s-artifacts-prod/cpa
   service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
 - name: asia.gcr.io/k8s-artifacts-prod/cpa
-  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
\ No newline at end of file
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com

From caff8c5388430d5d1dda162daee401a415dd1fb5 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 09:12:03 -0700
Subject: [PATCH 07/10] yamllint: fix commas rule warnings

---
 infra/gcp/namespaces/namespace-user-role.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/gcp/namespaces/namespace-user-role.yml b/infra/gcp/namespaces/namespace-user-role.yml
index 1b9365e9fb9..b50cb342ce5 100644
--- a/infra/gcp/namespaces/namespace-user-role.yml
+++ b/infra/gcp/namespaces/namespace-user-role.yml
@@ -21,7 +21,7 @@ rules:
     resources: ["leases"]
     verbs: ["*"]
   - apiGroups: ["networking.k8s.io"]
-    resources: ["networkpolicies","ingresses"]
+    resources: ["networkpolicies", "ingresses"]
     verbs: ["*"]
   - apiGroups: ["metrics.k8s.io"]
     resources: ["pods"]

From 8fd1106f3aacb76af6089b1ccb1fa96c496853eb Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 09:12:38 -0700
Subject: [PATCH 08/10] yamllint: fix hypens rule warnings

---
 apps/node-perf-dash/deployment.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/node-perf-dash/deployment.yaml b/apps/node-perf-dash/deployment.yaml
index 8dbb55403bd..32158263ebd 100644
--- a/apps/node-perf-dash/deployment.yaml
+++ b/apps/node-perf-dash/deployment.yaml
@@ -20,13 +20,13 @@ spec:
       - image: k8s.gcr.io/node-perf-dash:v0.3
         command:
           - /node-perf-dash
-          -   --www=true
-          -   --dir=/www
-          -   --address=0.0.0.0:8080
-          -   --builds=30
-          -   --datasource=google-gcs
-          -   --tracing=true
-          -   --jenkins-job=ci-kubernetes-node-kubelet-benchmark,ci-cri-containerd-node-e2e-benchmark
+          - --www=true
+          - --dir=/www
+          - --address=0.0.0.0:8080
+          - --builds=30
+          - --datasource=google-gcs
+          - --tracing=true
+          - --jenkins-job=ci-kubernetes-node-kubelet-benchmark,ci-cri-containerd-node-e2e-benchmark
         imagePullPolicy: Always
         name: node-perf-dash
         ports:

From 52472833b65c45693e57d8bf33bef648ebe82505 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Mon, 12 Jul 2021 08:42:57 -0700
Subject: [PATCH 09/10] hack: add verify-conftest.sh

Use conftest to verify the policies defined in policies/
---
 hack/verify-conftest.sh | 51 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100755 hack/verify-conftest.sh

diff --git a/hack/verify-conftest.sh b/hack/verify-conftest.sh
new file mode 100755
index 00000000000..a4f01e17725
--- /dev/null
+++ b/hack/verify-conftest.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd )"
+
+function usage() {
+    echo >&2 "Usage: $0"
+    exit 1
+}
+
+function ensure_dependencies() {
+    if ! command -v conftest >/dev/null 2>&1; then
+        echo "Please install conftest: https://www.conftest.dev/install/"
+        exit 1
+    fi
+}
+
+function main() {
+    ensure_dependencies
+
+    pushd "${REPO_ROOT}" >/dev/null
+    local k8s_yaml_paths=(
+        apps/
+        infra/gcp/clusters/projects/*/*/resources/*.yaml
+    )
+    conftest test --policy policies/ "${k8s_yaml_paths[@]}"
+
+}
+
+if [ $# -gt 0 ]; then
+    usage
+fi
+
+main

From fa486602a4ec3af46f61e608de31e477602420d8 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@gmail.com>
Date: Thu, 15 Jul 2021 13:10:49 -0700
Subject: [PATCH 10/10] policies: add v1.22 deprecation warns

---
 policies/deprecations.rego | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/policies/deprecations.rego b/policies/deprecations.rego
index 281ef9b1690..287a9c8964a 100644
--- a/policies/deprecations.rego
+++ b/policies/deprecations.rego
@@ -34,3 +34,16 @@ _warn = msg {
   input.kind == "Ingress"
   msg := sprintf("%s/%s: API extensions/v1beta1 for Ingress is deprecated from Kubernetes 1.14, use networking.k8s.io/v1beta1 instead.", [input.kind, input.metadata.name])
 }
+
+# ref: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/
+_warn = msg {
+  input.apiVersion == "apiextensions.k8s.io/v1beta1"
+  input.kind == "CustomResourceDefinition"
+  msg := sprintf("%s/%s: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition instead", [input.kind, input.metadata.name])
+}
+
+_warn = msg {
+  input.apiVersion == "networking.k8s.io/v1beta1"
+  input.kind == "Ingress"
+  msg := sprintf("%s/%s: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress instead", [input.kind, input.metadata.name])
+}