kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,292 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

213 Commits

Author SHA1 Message Date
Igor Velichkovich 05d2078e68 Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen

Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
 2023-03-15 07:36:02 +00:00
Kermit Alexander II fb14f0e553 Implement MessageExpression. 
Kubernetes-commit: 4e26f680a9e10f0da94830bbaba9633807e22aba
 2023-03-07 23:24:23 +00:00
Nilekh Chaudhari 9bc62d2547 feat: implements encrypt all 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>

Kubernetes-commit: 9382fab9b65669e74e8fb77247b14e6cb3ec6b3f
 2023-01-18 00:54:47 +00:00
David Ashpole fd3a7591f6 graduate API Server tracing to beta 
Kubernetes-commit: 4014d0fbbf93f3bb9002b1e37a125840f7be131b
 2023-03-07 21:39:39 +00:00
Cici Huang 16f5e2148c Update CRD validation rules path accordingly. 
Kubernetes-commit: 1f4a9dd9187899a46a4fb86b52af50198da59aaf
 2023-03-05 20:43:58 +00:00
Cici Huang c4a92f1b65 Apply resource constraints to ValidatingAdmissionPolicy. 
Kubernetes-commit: 244c63a2e6c8d859be8f4c6c23fbe1263dbfab0a
 2023-02-14 06:37:57 +00:00
Paco Xu f4e378eb7b API docs: point to current docs instead of archived designs 
Kubernetes-commit: 3d536bd14bba0586f20d1d96560073e5d9e82f97
 2023-02-16 15:29:56 +08:00
Paco Xu 1e1b60ce05 archived design proposals are now moved to Design Proposals Archive Repo. 
Kubernetes-commit: 019d2615af3f7fd0ed0d593ef9df348f6d85b204
 2023-02-08 11:12:22 +08:00
Anish Ramasekar 9fb6b944f0 kmsv2: implement expire cache with clock 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 4804baa01187b4251bd632e07721d875f567d6f1
 2022-09-14 20:01:45 +00:00
Tim Hockin db316c3a3c Fix apiserver example2 to update gen'ed protobufs 
regen apiserver example2

Kubernetes-commit: 9a491f79a8770e9eca8e19516b01018ed16cbe8a
 2023-01-04 13:55:48 -08:00
Rita Zhang 911df25617 Update the godoc on the encryption config API on how to specify group/resources to be encrypted 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: c085031a8f3f366708f9b7aa7ab1695d802d9f5a
 2022-11-28 07:18:02 -08:00
David Ashpole 34af8dc84a Revert "Graduate API Server tracing to beta" 
Kubernetes-commit: e799fcdadd3cc3e8aa4ebde75d1bf0c05465b110
 2022-11-09 22:37:28 -05:00
David Ashpole 855ac5dd3a embed component-base tracing configuration 
Kubernetes-commit: 6e13cf69f62e54622d45269e9ae33799a85f7cff
 2022-11-08 22:43:28 +00:00
David Ashpole 4bd488aae1 promote TracingConfiguration to v1beta1 
Kubernetes-commit: 4be473c774aa1ccd018d6430dc860629a5b22022
 2022-11-08 15:15:05 +00:00
Abu Kashem 087be8a557 apiserver: update borrowing parameters for apf bootstrap objects 
Kubernetes-commit: 172b27c80cc76f4dcb75973bd5f64fe5ec93f58c
 2022-10-12 12:25:39 -04:00
Abu Kashem 63cc9bca2c apiserver: fix defaulting for apf bootstrap configuration 
Kubernetes-commit: 424b23bb15d21d8c710e101b6f3a86c24d0249d3
 2022-10-20 18:50:14 -04:00
Anish Ramasekar 525c6769a4 [KMS]: validate duplicate kms config name for v1 and v2 when reload=true 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 47f8c4bec63a2c4d6406cd615b41cd16f12be434
 2022-11-07 20:16:04 +00:00
Anish Ramasekar 9adc12f501 [KMSv2]: add validation for duplicate kms config name 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 176919c4cfb0dc7ecc4987442c6d70b676cea156
 2022-10-26 21:18:01 +00:00
Monis Khan 8d68e6f323 Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: f507bc255382b2e2095351053bc17e74f7100d35
 2022-08-29 17:25:48 -04:00
Abu Kashem 4ecff81419 rename assuredConcurrencyShares for flowcontrol v1beta3 
Kubernetes-commit: 66fc0d703794f309c9715028d3b63f64c281a5fd
 2022-09-21 15:40:33 -04:00
Abu Kashem 98ffe5507d apiserver: update apf logic to use v1beta3 
Kubernetes-commit: 0a99e6ebb1e241bf421f6df44b15a5a16063a9f2
 2022-09-10 07:26:31 -04:00
Anish Ramasekar 225e26ac4a Implement KMS v2alpha1 
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
 2022-06-29 20:51:35 +00:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
Tim Allclair 237dd3829d generated files 
Kubernetes-commit: a67b32ce9c7f1da293a8bb0fc98d3d15f111e660
 2020-09-09 12:01:51 -07:00
Tim Allclair 5b8a366d87 Document the sources for the sourceIPs audit log field 
Kubernetes-commit: 3fa086bcded1dfb7c4889ee28b95535d056b3408
 2020-07-24 13:10:25 -07:00
carlory 871a4b7200 remove audit.k8s.io/v1[alpha|beta]1 versions 
Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea
 2022-02-13 13:23:49 +08:00
Jordan Liggitt 4d0c0a45de Regenerate protobuf 
Change-Id: I2a563514955d7fc7559ceb7afb73df08ace8fd8b

Kubernetes-commit: 48a1c729a0c934ea7f6b893b823c9f6279aa763f
 2022-02-26 18:02:52 +00:00
John Howard bd426ef17c go-to-protobuf: regenerate with full go_package 
Kubernetes-commit: 0f93e4da63ea9f98d993758a30d996be672847b7
 2021-11-23 09:40:00 -08:00
Mike Spreitzer 259f814897 Order suggested FlowSchemas by matching precedence 
Kubernetes-commit: 798fc67a3711d83af4b25241e17b80fbcf46e9fd
 2022-01-12 21:40:22 -05:00
Wojciech Tyczyński 5ff0f3f2c7 Update default PF flow schemas to avoid all endpoint/configmaps operations from controller-manager to match leader-election PL 
Kubernetes-commit: 849952813be756783c3ed73ae73b34bc5143747a
 2021-11-29 20:21:07 +01:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
Abu Kashem 8e027735f7 apiserver: add OmitManagedFields to audit API 
Kubernetes-commit: 9ed4bc91d5cc9de236d9f868a0f29263aec4b33e
 2021-10-06 14:47:19 -04:00
Paco Xu d1458891b4 remove deprecated validEgressSelectorNames 'master' (#102242) 
* remove deprecated validEgressSelectorNames 'master'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* update gce configure: replace deprecated egress name 'master' with 'controlplane'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* add dup error for EgressSelection & fix converting alpha/beta to v1 name

Kubernetes-commit: a48a2efbd45ad77901dd09f2665d8cc1e1d8dbf6
 2021-09-16 22:09:46 +08:00
Abu Kashem db8aff032b apf: update apf logic to use v1beta2 
Kubernetes-commit: 28f2b42a4116a9223113e8b152e02a4f1e602ff4
 2021-08-16 17:53:57 -04:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
 2021-08-12 17:13:11 -04:00
David Ashpole 5927da0040 Add distributed tracing to the apiserver using OpenTelemetry 
Kubernetes-commit: 79550ed40c67a70534c1cb697e1fb7e7dbf96335
 2021-06-25 05:20:16 -07:00
Abu Kashem df062f56c2 add auto update for apf bootstrap configuration 
Take the following approach:
On a fresh install, all bootstrap configuration objects will
have auto update enabled via the following annotation :
`apf.kubernetes.io/autoupdate: 'true'`

The kube-apiserver periodically checks the bootstrap configuration
objects on the cluster and applies update if necessary.

We enforce an 'always auto-update' policy for the mandatory
configuration object(s).

We update the suggested configuration objects when:
- auto update is enabled (`apf.kubernetes.io/autoupdate: 'true'`) or
- auto update annotation key is missing but `generation` is `1`

If the configuration object is missing the annotation key, we add
it appropriately:
it is set to `true` if `generation` is `1`, `false` otherwise.

The above approach ensures that we don't squash changes made by an
operator. Please note, we can't protect the changes made by the
operator in the following scenario:
- the user changes the spec and then deletes and recreates
  the same object. (generation resets to 1)

remove using a marker

Kubernetes-commit: 759a64136b0d4619d5535adb79a8367e124b06c6
 2021-01-12 16:12:13 -05:00
Maciej Borsz b0d1b1af17 Add "node-high" priority-level 
Kubernetes-commit: 8d6e76f2766e51177ee50a1fba09bc5b04d6ce53
 2021-04-15 16:24:02 +02:00
Monis Khan bd0605a728 audit: make stage consts use correct type 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 84ac2398da2be7810d311c4bc9f7358618ed193b
 2021-04-09 12:29:20 -04:00
Abu Kashem 64517a3e40 apf: exempt probes /healthz /livez /readyz 
Kubernetes-commit: 4447f2459aae1d916742eb1cb129d9438adcea9a
 2021-03-30 12:55:30 -04:00
carlory 146083d06b deprecate audit.k8s.io/v1[alpha|beta]1 versions 
Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585
 2021-02-08 11:22:29 +08:00
Nabarun Pal e1246225c0 update gogo/protobuf to v1.3.2 
gogo/protobuf@v1.3.2 fixes https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121

Ref: https://github.com/kubernetes/client-go/issues/927

Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 9cada2ec3ba793597606a1df1375ff8e8311ccf3
 2021-01-27 18:01:27 +05:30
Adhityaa Chandrasekar b8c96b50e9 APF defaults.go: use already defined catch-all name constant 
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 5d2fdde1202e65bcc66ad1c038d5fe84e7dbad9a
 2020-11-18 18:58:45 +00:00
Adhityaa Chandrasekar e590a0415c flowcontrol bootstrap: give catch-all PL more concurrency share 
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 642b11483030e5aedbd6f43aeac3cbe40255b3b6
 2020-11-13 19:26:06 +00:00
Adhityaa Chandrasekar 3d56b6662b flowcontrol bootstrap: make exempt PL last 
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: bb32d51fd6eeb6a0d1c287986a3f575c8c9a180d
 2020-11-13 03:44:56 +00:00
yue9944882 a4a3fc9b87 APF: graduate API and types to beta 
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>

Kubernetes-commit: 849be447f563fc93a27a0827fb1185b885b57114
 2020-11-04 16:33:14 +08:00
Andrew Sy Kim 5f8147ed4e apiserver: use canonical egress selection names in EgressSelectorConfiguration API docs 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: e4b45d944d54c239e1ad40af17221420f349c4f8
 2020-10-26 10:24:16 -04:00
Andrew Sy Kim 6746ccadda apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: a0aebf96ec2eef6517e2611335f0e6c9375dd807
 2020-10-26 10:24:16 -04:00
Abu Kashem 3b4921fd00 allocate service-account flowschema to global-default 
Kubernetes-commit: fd7bf9a5dc3b4a0ba51b041fc721de719d1b2e69
 2020-10-02 13:58:46 -04:00
Haowei Cai 0ac797ac9e move apiserverinternal types to kube-apiserver 
move versioned types to k8s.io/api;
cleanup generated files

Kubernetes-commit: 1f4a4e9040fd9f357adf563b3d17aadaeb964e2b
 2020-07-14 11:43:26 -07:00