Commit Graph

191 Commits

Author SHA1 Message Date
Jordan Liggitt b3ad9fb4e3 Generate and format files
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Replay of a9593d634c6a053848413e600dadbf974627515f

Kubernetes-commit: 15d9d196476d64482189f00f1cf1a2061aea5b35
2022-11-16 11:39:18 -05:00
Tim Allclair 237dd3829d generated files
Kubernetes-commit: a67b32ce9c7f1da293a8bb0fc98d3d15f111e660
2020-09-09 12:01:51 -07:00
Tim Allclair 5b8a366d87 Document the sources for the sourceIPs audit log field
Kubernetes-commit: 3fa086bcded1dfb7c4889ee28b95535d056b3408
2020-07-24 13:10:25 -07:00
carlory 871a4b7200 remove audit.k8s.io/v1[alpha|beta]1 versions
Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea
2022-02-13 13:23:49 +08:00
Jordan Liggitt 4d0c0a45de Regenerate protobuf
Change-Id: I2a563514955d7fc7559ceb7afb73df08ace8fd8b

Kubernetes-commit: 48a1c729a0c934ea7f6b893b823c9f6279aa763f
2022-02-26 18:02:52 +00:00
John Howard bd426ef17c go-to-protobuf: regenerate with full go_package
Kubernetes-commit: 0f93e4da63ea9f98d993758a30d996be672847b7
2021-11-23 09:40:00 -08:00
Mike Spreitzer 259f814897 Order suggested FlowSchemas by matching precedence
Kubernetes-commit: 798fc67a3711d83af4b25241e17b80fbcf46e9fd
2022-01-12 21:40:22 -05:00
Wojciech Tyczyński 5ff0f3f2c7 Update default PF flow schemas to avoid all endpoint/configmaps operations from controller-manager to match leader-election PL
Kubernetes-commit: 849952813be756783c3ed73ae73b34bc5143747a
2021-11-29 20:21:07 +01:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
2021-12-09 21:31:26 -05:00
Abu Kashem 8e027735f7 apiserver: add OmitManagedFields to audit API
Kubernetes-commit: 9ed4bc91d5cc9de236d9f868a0f29263aec4b33e
2021-10-06 14:47:19 -04:00
Paco Xu d1458891b4 remove deprecated validEgressSelectorNames 'master' (#102242)
* remove deprecated validEgressSelectorNames 'master'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* update gce configure: replace deprecated egress name 'master' with 'controlplane'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* add dup error for EgressSelection & fix converting alpha/beta to v1 name

Kubernetes-commit: a48a2efbd45ad77901dd09f2665d8cc1e1d8dbf6
2021-09-16 22:09:46 +08:00
Abu Kashem db8aff032b apf: update apf logic to use v1beta2
Kubernetes-commit: 28f2b42a4116a9223113e8b152e02a4f1e602ff4
2021-08-16 17:53:57 -04:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
2021-08-12 17:13:11 -04:00
David Ashpole 5927da0040 Add distributed tracing to the apiserver using OpenTelemetry
Kubernetes-commit: 79550ed40c67a70534c1cb697e1fb7e7dbf96335
2021-06-25 05:20:16 -07:00
Abu Kashem df062f56c2 add auto update for apf bootstrap configuration
Take the following approach:
On a fresh install, all bootstrap configuration objects will
have auto update enabled via the following annotation :
`apf.kubernetes.io/autoupdate: 'true'`

The kube-apiserver periodically checks the bootstrap configuration
objects on the cluster and applies update if necessary.

We enforce an 'always auto-update' policy for the mandatory
configuration object(s).

We update the suggested configuration objects when:
- auto update is enabled (`apf.kubernetes.io/autoupdate: 'true'`) or
- auto update annotation key is missing but `generation` is `1`

If the configuration object is missing the annotation key, we add
it appropriately:
it is set to `true` if `generation` is `1`, `false` otherwise.

The above approach ensures that we don't squash changes made by an
operator. Please note, we can't protect the changes made by the
operator in the following scenario:
- the user changes the spec and then deletes and recreates
  the same object. (generation resets to 1)

remove using a marker

Kubernetes-commit: 759a64136b0d4619d5535adb79a8367e124b06c6
2021-01-12 16:12:13 -05:00
Maciej Borsz b0d1b1af17 Add "node-high" priority-level
Kubernetes-commit: 8d6e76f2766e51177ee50a1fba09bc5b04d6ce53
2021-04-15 16:24:02 +02:00
Monis Khan bd0605a728 audit: make stage consts use correct type
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 84ac2398da2be7810d311c4bc9f7358618ed193b
2021-04-09 12:29:20 -04:00
Abu Kashem 64517a3e40 apf: exempt probes /healthz /livez /readyz
Kubernetes-commit: 4447f2459aae1d916742eb1cb129d9438adcea9a
2021-03-30 12:55:30 -04:00
carlory 146083d06b deprecate audit.k8s.io/v1[alpha|beta]1 versions
Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585
2021-02-08 11:22:29 +08:00
Nabarun Pal e1246225c0 update gogo/protobuf to v1.3.2
gogo/protobuf@v1.3.2 fixes https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121

Ref: https://github.com/kubernetes/client-go/issues/927

Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 9cada2ec3ba793597606a1df1375ff8e8311ccf3
2021-01-27 18:01:27 +05:30
Adhityaa Chandrasekar b8c96b50e9 APF defaults.go: use already defined catch-all name constant
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 5d2fdde1202e65bcc66ad1c038d5fe84e7dbad9a
2020-11-18 18:58:45 +00:00
Adhityaa Chandrasekar e590a0415c flowcontrol bootstrap: give catch-all PL more concurrency share
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 642b11483030e5aedbd6f43aeac3cbe40255b3b6
2020-11-13 19:26:06 +00:00
Adhityaa Chandrasekar 3d56b6662b flowcontrol bootstrap: make exempt PL last
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: bb32d51fd6eeb6a0d1c287986a3f575c8c9a180d
2020-11-13 03:44:56 +00:00
yue9944882 a4a3fc9b87 APF: graduate API and types to beta
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 849be447f563fc93a27a0827fb1185b885b57114
2020-11-04 16:33:14 +08:00
Andrew Sy Kim 5f8147ed4e apiserver: use canonical egress selection names in EgressSelectorConfiguration API docs
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: e4b45d944d54c239e1ad40af17221420f349c4f8
2020-10-26 10:24:16 -04:00
Andrew Sy Kim 6746ccadda apiserver: support egress selection name 'controlplane' and deprecate 'master'
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: a0aebf96ec2eef6517e2611335f0e6c9375dd807
2020-10-26 10:24:16 -04:00
Abu Kashem 3b4921fd00 allocate service-account flowschema to global-default
Kubernetes-commit: fd7bf9a5dc3b4a0ba51b041fc721de719d1b2e69
2020-10-02 13:58:46 -04:00
Haowei Cai 0ac797ac9e move apiserverinternal types to kube-apiserver
move versioned types to k8s.io/api;
cleanup generated files

Kubernetes-commit: 1f4a4e9040fd9f357adf563b3d17aadaeb964e2b
2020-07-14 11:43:26 -07:00
David Ashpole 4b21935c20 consistently use double quotes in proto files
Kubernetes-commit: 296f7c91bb52cd724ce6d6d120d5d41ed459d677
2020-09-03 13:50:03 -07:00
wojtekt 7561eea1c6 Remove default conversions
Kubernetes-commit: 410d575d4219ee46c3726d31acf86e555f0a5f1b
2020-09-03 10:22:11 +02:00
yue9944882 be18e41882 fixes suggested default rules
Kubernetes-commit: a98f68e5b9cad08f4fc03665ca3a52cad69ed6f0
2020-07-01 15:26:02 +08:00
Stephen Augustus 58544edbdf apiserver/pkg/apis/config/validation: Add invalidURLErrFmt
In go1.14, the following change to 'net/url' was made:
"When parsing of a URL fails (for example by Parse or ParseRequestURI),
the resulting Error message will now quote the unparsable URL. This
provides clearer structure and consistency with other parsing errors."

Here we add a new const, 'invalidURLErrFmt' to properly handle the now
quoted string in validation_test.go.

ref: https://golang.org/doc/go1.14#net/url

Signed-off-by: Stephen Augustus <saugustus@vmware.com>

Kubernetes-commit: b0f17c2918fe0d099fc59f17788ca60202a5ae1a
2020-04-18 04:37:22 -04:00
Chao Xu 2994d90069 generated
Kubernetes-commit: 5f3838b906628f907939080bac967ef8f105e92f
2020-02-26 23:56:24 -08:00
Chao Xu 9cf97e52a9 Add the StorageVersion API
Kubernetes-commit: a2ad36f1e564f81fae4f65c9ac8aa193d6b0662d
2020-02-26 23:56:07 -08:00
Chao Xu d81e3cbf28 Promote the egressselector API to beta
Kubernetes-commit: 3fbb549fb7ff707eb7c67e7ae275517c5bdc9883
2020-02-24 17:12:44 -08:00
Jefftree e8c3464402 Add tests for egress selector
Kubernetes-commit: d798ccbba166449971c8579dce57870abec9131b
2020-02-12 10:57:21 -08:00
Jefftree 95ee8d4df4 Support empty root CA for konnectivity
Kubernetes-commit: 55b89a6451d253532ede0736d7bc8af62f396596
2020-02-03 19:54:41 -08:00
Jefftree cbcdfbfd72 Network Proxy: GRPC + HTTP Connect with UDS
Kubernetes-commit: 725d2b6a8fd7733afcbc6822723f4c7e171bcd7f
2020-01-13 21:23:39 -08:00
yue9944882 0fb7c60f0a fork out a new global-default from catch-all to handle unclassified traffic
Kubernetes-commit: d1f62ead18f97f98dd01073ca47c3b19382765a3
2020-01-13 15:56:54 +08:00
Davanum Srinivas cde2338e26 update generated files
Kubernetes-commit: b3853138a4f1a0637ec3c38a5c59f8228765b261
2020-01-13 17:56:56 -05:00
Mike Spreitzer 05e620fec5 removed excess blank line
Kubernetes-commit: f1c26bf4362636bcd36fff4663cc87b567bf6603
2020-01-17 12:30:07 -05:00
Mike Spreitzer f6a6879cc4 Update validation for API Priority and Fairness
This PR fixes oversights and adds validation that rejects writes
of wrong Spec values for the four mandatory objects.

Kubernetes-commit: ec5321c6a9f23e5ad26cf88a41fda9dba0c5ce89
2020-01-17 02:43:52 -05:00
yue9944882 07fdbc261e review: several fixes and addressing comments
Kubernetes-commit: 70dea6e4a8495ff028ccc8dc8e8aec04b93287c3
2020-01-10 16:49:37 +08:00
yue9944882 54dfffd2ea bootstrap flow-control objects
typo

wrap bootstrap-creation-flow w/ wait.PollUtil

go wait

Kubernetes-commit: fe8ad90afa553314e96daa8bba5d3964c714aea1
2019-11-14 15:56:34 +08:00
Monis Khan 43f8cca801 kms: use negative cachesize value to disable caching
This change relaxes the KMS config cache size validation to allow
for negative values.  The KMS code already treats all values <= 0 to
mean that the cache is disabled (zero is still a validation error).

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: a16808f353afb6abf402c862d5f859b949d2027a
2019-12-15 23:30:36 -05:00
immutablet 5cec6b4746 Add defaulting logic for EncryptionConfiguration.
Kubernetes-commit: a151aa35dc21881d178e498141e5f58df13fb400
2019-11-14 22:53:18 -08:00
Jordan Liggitt 4b9c976f43 AdmissionConfiguration v1
Kubernetes-commit: 1234290adfa11eb3dd34242c296e1f1dbe211c19
2019-11-11 11:57:29 -05:00
wojtekt 0c1673664a Autogenerated code
Kubernetes-commit: 7b6bcdf780b778af3df5c133686ccb18d8c38fa0
2019-10-24 14:09:51 +02:00
wojtekt 920eb0f6f5 Cleanup explicitly registered functions
Kubernetes-commit: d7011f1bdbee285cdfc9bdb0f5b0716f4e02adfd
2019-10-24 13:18:31 +02:00
Jordan Liggitt 0c12043fe4 Generated files
Kubernetes-commit: bbedc4f7ed436d28ed574615a33f8d03f7c8a2f0
2019-09-09 08:55:04 -04:00