go1.24 removes the x509sha1 GODEBUG variable, and with it the
support for SHA-1 signed certs. This commit alters the regex
in unit tests to account for that and prep for go1.24.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: cff0f4009f17c84141553c143872d47756209f4d
Extends the certificate attribute deprecation RoundTrippers wrapper with
a checker that counts certificates with sha-1 signatures in server responses.
Non-root non-self-signed SHA-1 certificate signatures were deprecated in
Golang 1.18.
Kubernetes-commit: 499ee65a9b0cd45d41716b513fae0d537f7f9c88
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file. This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format. This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: fef7d0ef1e1fbff65e8d445256036704bb9dbcbd
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.
Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
webhook.WithExponentialBackoff returns an error, and the priority is:
- A: if the last invocation of the webhook function returned an error
that error should be returned, otherwise
- B: the error associated with the context if it has been canceled or
it has expired, or the ErrWaitTimeout returned by the wait package
once all retries have been exhausted.
caller should check the error returned by webhook.WithExponentialBackoff
to handle both A and B. Currently, we only handle A.
Kubernetes-commit: ae2b353fbf519b29d168c534f88c373fd67a1c31
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
- Inside WithExponentialBackoff function, handle error returned
by wait.ExponentialBackoff.
- Ensure that the wait time is bound to the given context.
Kubernetes-commit: f8e35de156f212b6989b465e608dd99b525bd5dc
Add a 30 second timeout for all HTTP requests that the webhook sends
so they timeout instead of hanging forever.
Kubernetes-commit: 2de3ee5c48503d3b3214aef55ae7fd0dacc40457
This commit adds tests for pkg/util/webhooks. The purpose of this was
not only for better code coverage but also to alleviate the need for
consumers to write their own tests for core functionality.
Kubernetes-commit: d15dba7e8bff943d91ba6f58fcb0dfefa357a7f1
Madhav Jivrajani
Stephen Kitt
HirazawaUi
Jordan Liggitt
Stanislav Laznicka
Monis Khan
Abu Kashem
Ken Sipe
Jefftree
Mike Danese
Christoph Blecker
David Eads
halfcrazy
Di Xu
Eric Chiang
Chao Xu
Jeremy Whitlock