Authorization, token authentication, imagepolicy admission, and audit webhooks configure RESTClients
that encode to JSON regardless of the ContentType of the provided rest.Config. Because this is
opaque to the RESTClient, configuring a ContentType other than "application/json" results in
requests with JSON-encoded bodies and a non-JSON media type in the Content-Type header. Webhook
servers that respect the Content-Type request header will be unable to decode an object from the
request body.
Explicitly overriding the ContentType of the provided rest.Config fixes this issue and is consistent
with how clients are constructed for conversion and admission webhooks.
Kubernetes-commit: ed07efbc57939afdf154afa80be35507d0a81d66
The metrics assertion race with the metric update, and since this
happens at the serverside, we use an active look to check the metrics
instead of expecting to be updated immidiatly.
Change-Id: I9a64b66301d5f4ac3df0c0a01de10602a20f89ea
Kubernetes-commit: f07dcd443d7335d09dc0de7a47485e2e6c87d725
Test that assert on metrics use the returned status to sync the test, if
the metric is updated AFTER the state is returned the test will flake
because the assertion on the metric will race.
Change-Id: I317708a22cb47256c37dac3cab0463a2f925ad6b
Kubernetes-commit: 7ba22700bfd12cd32ff72db022e4b53ccda1deca
Reset metrics per status code also allow to log the particular status
code that flake, in case the problem comes from an specific one.
Change-Id: I29f67d4c5d76449350f45049f45ce8325a2d0ddd
Kubernetes-commit: 0aea6a1e45d178371b44eabcaf0d318a01f9ac3d
Improve audit context handling by encapsulating event data and operations behind a structured API. Make
the Audit system more robust in concurrent environments by properly isolating mutable state. The cleaner
API simplifies interaction with audit events, improving maintainability. Encapsulation reduces bugs
by preventing direct manipulation of audit events.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Co-Authored-By: Jordan Liggitt <liggitt@google.com>
Co-Authored-By: sxllwx <scottwangsxll@gmail.com>
Kubernetes-commit: 75afa1e0acfb309d984be14937a06f796f220cd6
This doesn't matter for shouldDelegateList, but matters when picking
source of RV. RV from continue takes precedence.
Kubernetes-commit: 7da942ca7486310893d4f11f3af062957f953555
Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 8b2cee83c15b1fbc304123902e1bd8e8e06f0a12
- Remove `info` field from `Version` struct
- Modify `WithInfo` and `Info` methods to be deprecated
- Update version information retrieval to use base version info
- Simplify version information generation in compatibility tests
- Remove unnecessary version info passing in build and test scenarios
Kubernetes-commit: 14934b481ef6522d6c1003ded19002ea45abe5d1
When ResourceVersionMatch is set to NotOlderThan, there is no need to handle continue or resourceVersion="".
The validation in apimachinery will not pass and return:
* "resourceVersionMatch is forbidden when continue is provided"
* "resourceVersionMatch is forbidden unless resourceVersion is provided"
Kubernetes-commit: a0cc02e264ead76dfb0ae75a505e4d2e54219def
IIUC, before using the translator handler, the ping data can be delivered from
the client to the runtime side since kube-apiserver does not parse any client
data. However, with WebSocket, the server responds with a pong to the client
without forwarding the data to the runtime side. If a proxy is present, it may
close the connection due to inactivity. SPDY's PingPeriod can help address this
issue.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Co-authored-by: Antonio Ojea <aojea@google.com>
Kubernetes-commit: dc59c0246fb407dcf035afc224f63fcf0da8244e
Replace DefaultComponentGlobalsRegistry with new instance of componentGlobalsRegistry in test api server.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move kube effective version validation out of component base.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move DefaultComponentGlobalsRegistry out of component base.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move ComponentGlobalsRegistry out of featuregate pkg.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
remove usage of DefaultComponentGlobalsRegistry in test files.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
change non-test DefaultKubeEffectiveVersion to use DefaultBuildEffectiveVersion.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Restore useDefaultBuildBinaryVersion in effective version.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
rename DefaultKubeEffectiveVersion to DefaultKubeEffectiveVersionForTest.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
pass options.ComponentGlobalsRegistry into config for controller manager and scheduler.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Pass apiserver effective version to DefaultResourceEncodingConfig.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
change statusz registry to take effective version from the components.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Address review comments
Signed-off-by: Siyuan Zhang <sizhang@google.com>
update vendor
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 8fc3a33454ba38783bb63de41ecf5343e2ced67c
go1.24 removes the x509sha1 GODEBUG variable, and with it the
support for SHA-1 signed certs. This commit alters the regex
in unit tests to account for that and prep for go1.24.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: cff0f4009f17c84141553c143872d47756209f4d
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:
- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.
This commit was generated with
sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')
Everything was included, except for
package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
Kubernetes-commit: 8a908e0c0bd96a3455edf7e3b5f5af90564e65b0
Integration testing has to this point relied on patching serving codecs for built-in APIs. The
test-only patching is removed and replaced by feature gated checks at runtime.
Kubernetes-commit: 439d2f7b4028638b3d8d9261bb046c3ba8d9bfcb
For alpha, there is one apiserver feature gate and two client-go feature gates controlling
CBOR. They were initially wired to separate test-only feature gate instances in order to prevent
them from being configurable at runtime via command-line flags or environment variables (for
client-go feature gates outside of Kubernetes components). All of the integration tests required by
the KEP as alpha criteria have been implemented. This adds the feature gates to the usual feature
gate instances and removes the temporary code to support separate test-only feature gate instances.
Kubernetes-commit: 072dfcb416fd4e1ddab0a89ac4faf519e268bc96
To mitigate the risk of introducing a new protocol, integration tests for CBOR will be written using
a test-only feature gate instance that is not wired to runtime options. On alpha graduation, the
test-only feature gate instance will be replaced by a normal feature gate in the existing apiserver
feature gate instance.
Kubernetes-commit: 0cad1a89b6721308746cc1a12f12de31a259a0d3
Mayuka Channankaiah