kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,292 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

187 Commits

Author SHA1 Message Date
Monis Khan 9c69aab43c Clear front proxy headers after authentication is complete 
This matches the logic we have for the Authorization header as well
as the impersonation headers.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e9866d2794675aa8dc82ba2637ae45f9f3a27dff
 2023-03-20 13:11:38 -04:00
Jefftree 31f3fb382d Add metrics for aggregated discovery 
Kubernetes-commit: 387d97605ee81cb8beacad990255439ee464b5f3
 2023-02-08 21:11:15 +00:00
Abu Kashem 62a4b39be7 apiserver: make watch termination during shutdown configurable 
Kubernetes-commit: 791fcd6fb429002349b3f697b1bcc68ff7146dde
 2023-02-10 11:43:06 -05:00
Abu Kashem 61a789ab70 apiserver: terminate watch with a rate limiter during shutdown 
Kubernetes-commit: 6385b86a9b124eb03848af9a3029e8bc9058d72f
 2023-01-13 18:04:13 -05:00
Andrew Sy Kim 885060394e apiserver: use the identity value in the apiserver identity hash 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: a7de3e15a50bafdd65adf55f5fdc14567e3fa3e2
 2023-01-13 15:49:30 -05:00
Andrew Sy Kim 2d94c4699b apiserver: update lease identity prefix from kube-apiserver- to apiserver- 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: fb066a883de2b56e533eb622677056bd723748ce
 2022-12-19 13:33:24 -05:00
Abu Kashem 9e60654b8a apiserver: refactor WithWaitGroup handler 
Kubernetes-commit: 9093f126b87cb686784bb27b08be9eb12b4d5453
 2023-01-10 15:55:19 -05:00
Antoine Pelisse 76a233ebec Allow profiling information to be served on Unix-Domain Socket 
Serving profiling information can leak information or expose the
apiserver to possible DoS attacks. Serving on a UDS is more secure
though slightly less convenient. One can't use `go tool pprof` directly
against the socket since it's not supported, but can either run a proxy
to copy from the socket over to http, or use `curl --unix-socket` to
download the profile and then use `go tool pprof`.

Kubernetes-commit: 667599b0ddfad8ba760d3bbfe006aae0d8f7dec6
 2022-11-29 11:07:15 -08:00
Jefftree 987645aaa7 add aggregated /apis handler for genericapiserver 
so that aggregated-apiservers can also take advantage. discovered by e2e tests with feature enabled

Kubernetes-commit: c9b34884004079ed3f184b475f7408984f9226f4
 2022-11-09 18:29:27 +00:00
Alexander Zielenski b2bf3ca966 add new aggregated resourcemanager to genericapiserver 
Co-authored-by: Jeffrey Ying <jeffrey.ying86@live.com>

Kubernetes-commit: 6e83f6750598d394fb257f66c5d0721cf88f45db
 2022-11-08 12:37:50 -08:00
Andrew Sy Kim c4a89b8fc6 apiserver identity : use SHA256 hash in lease names 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: 5b3a9e2d758650ff2919b8343d2a34ba8ca84b2b
 2022-11-05 13:52:07 -04:00
David Ashpole 0cf3af5b9f add otel tracing to latency filters 
Kubernetes-commit: ed1610ad15f91b72017c5d69dc4f7d59a17c270f
 2022-10-20 16:17:02 +00:00
Andrew Sy Kim 0a5efb307f apiserver identity: use persistent identity format based on hostname 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: 21507902ba123c5c60eaa73436b95c4ae9b75908
 2022-10-24 11:24:26 -04:00
David Ashpole 0b88ce8f83 shut down tracerprovider when stopping the kube-apiserver 
Kubernetes-commit: 2342721c157e8a715747187b44af2bd9bacd432f
 2022-11-02 13:15:27 +00:00
Tim Allclair 4b329cff47 Rename WithAuditID to WithAuditInit 
Kubernetes-commit: ea28a21a6790d40c1fe540c64a296c8f0db17c65
 2022-07-12 14:46:27 -07:00
Tim Allclair bd7c7f52c2 Consolidate AuditContext 
Kubernetes-commit: f1d684b7b60b39b7dc1eb4156307c593f0ba74e1
 2022-07-12 11:53:57 -07:00
Mohammad Zuber Khan 6fe4f87105 add superuser fallback to authorizer (#111558) 
* add superuser fallback to authorizer

* change the order of authorizers

* change the order of authorizers

* remove the duplicate superuser authorizer

* add integration test for superuser permissions

Kubernetes-commit: f86acbad68baf1a99d6fa153f6f0cdc7b93932e4
 2022-10-19 04:02:04 +00:00
Jiahui Feng ac0ce38abe use DefaultMaxRequestSizeBytes for maxRequestSizeBytes. 
Kubernetes-commit: 755f41a185e828d9c64ae3ac37ce829e60592ad1
 2022-10-10 14:42:24 -07:00
Han Kang a26df69931 wire up feature-gate for component slis 
Change-Id: Iba6ffbcac9dba4f4be3023ada6ac31691c1ae17b

Kubernetes-commit: 01bfbdff2dee3be93d286a8ff53f9e52a1ee9724
 2022-10-05 15:56:06 -07:00
Manish Kumar a433b219b9 Move celopenapi/model to staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/ (#109959) 
Co-authored-by: Manish Kumar <manish.kumar1@india.nec.com>

Kubernetes-commit: 39ffd45175876fe7c846c6239d89613d31a28fa1
 2022-10-07 05:43:52 +05:30
Han Kang 7ede3563fe enable health check SLI metrics for apiserver 
Change-Id: I1b43e6dfea35b8c3bfdf5daaa8b42adff2fbc786

Kubernetes-commit: db13f51db97c114bb550b99efddd985548edc082
 2022-09-26 16:10:58 -07:00
David Eads 6a7c6a0940 Revert "Add an option to conditionally disable compression based on client ip." 
This reverts commit 023583a15586328569ccab505db2f57f398e04b3.

Kubernetes-commit: 2f3ffbed2cffaaba63304318bc1d09b0144600ff
 2022-08-17 15:08:39 -04:00
Sally O'Malley 4f9e133507 kubelet tracing 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: David Ashpole <dashpole@google.com>

Kubernetes-commit: 47e7d8034ff3be8e198dde6a671d05a11c30e333
 2021-10-10 09:17:27 -04:00
Maciej Borsz 40280f9889 Add an option to conditionally disable compression based on client ip. 
Kubernetes-commit: 023583a15586328569ccab505db2f57f398e04b3
 2022-07-29 08:44:14 +00:00
Maciej Wyrzuc cb0bb2af35 Add additional etcd check to readyz with 2 seconds timeout. 
Kubernetes-commit: b42045a64fd07fb948660839b6c7c14440bee9df
 2022-07-25 13:08:50 +00:00
Wojciech Tyczyński 8f7c120935 Eliminate MaintainObservations function in P&F 
Kubernetes-commit: badf436ac4451590e5e84e537f2234e3632ea3b4
 2021-11-25 12:44:50 +01:00
HaoJie Liu 4c5e4623d3 cleanup: use append other than for loop 
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>

Kubernetes-commit: 29b5cd04bd2c7e2676687d3b613c9b065b128e54
 2022-07-21 15:29:30 +08:00
jupblb 738a050cda Introduce config for API Priority and Fairness 
Linked all the default values with a single config structure.

Kubernetes-commit: 1c594e7e01a899807431c806cd11c1d27c885c9c
 2022-07-20 11:33:45 +02:00
Abirdcfly dde070e1ff cleanup: remove duplicate import 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Kubernetes-commit: 00b9ead02c37921011ebe5293558cea5277cd295
 2022-04-24 20:58:04 +08:00
Abu Kashem 658eeac034 fix preshutdown hook behavor with graceful termination 
Kubernetes-commit: 9644edc321e3b7e5180eb7c15a27bf28e19485db
 2022-05-12 19:58:33 -04:00
Wojciech Tyczyński 2f9a2acafb Fix stop signal to drained signal in genericapiserver config 
Kubernetes-commit: b56491e6cfe216adc245abfa099757e779403982
 2022-05-18 18:55:45 +02:00
Wojciech Tyczyński f5d65d90e9 Avoid leaking StorageObjectCountTracker goroutine 
Kubernetes-commit: 564b376812836fb1e77452d478ab16eee5101447
 2022-05-15 09:57:26 +02:00
Wojciech Tyczyński 0a7c4bcca1 Cleanup etcd healthcheck on shutdown 
Kubernetes-commit: cb80082f666e0e5fe220df32e31a8face18e9393
 2022-05-10 11:12:08 +02:00
Jefftree e4486afb41 Separate OpenAPI V2 and V3 Config 
Kubernetes-commit: 67d3dbfaae87a5bf3325fadda7266ed223766a53
 2022-03-28 13:18:56 -07:00
Abu Kashem 1b651c5994 add latency tracker for storage and transform 
Kubernetes-commit: eca90856940e9251ecf3fde95c5e4d2d16f5ad68
 2022-02-01 18:13:03 -05:00
Kermit Alexander c679395394 Add maxLength/maxItems/maxProperties support to cel.Compile. 
Kubernetes-commit: 83e4d192b136ac3a28ea26a9d09dc9fee7c6b665
 2022-02-15 08:49:37 +00:00
Abu Kashem 72aa2c42fc refactor: rename webhook duration tracker 
Kubernetes-commit: 4a9b9028153c6984b9cf69067cc0a1aa12a00e73
 2022-02-01 15:44:59 -05:00
Paweł Banaszewski 78c055e084 Added requestSloLatencies metric 
Kubernetes-commit: 0afa569499d480df4977568454a50790891860f5
 2021-10-25 22:19:24 +00:00
Lukasz Szaszkiewicz 67be998d0f rename to muxAndDiscoveryComplete 
Kubernetes-commit: 9e2bdfee02a6851fbb13ffe28611e9d2b6242785
 2021-10-19 12:24:00 +02:00
Lukasz Szaszkiewicz 5c13ee7dbf genericapiserver: indroduce muxCompleteSignals for holding signals that indicate all known HTTP paths have been registered 
the new field exists primarily to avoid returning a 404 response when a resource actually exists but we haven't installed the path to a handler.
it is exposed for easier composition of the individual servers.
the primary users of this field are the WithMuxCompleteProtection filter and the NotFoundHandler.

Kubernetes-commit: ddfbb5d2bb57ee44b3e10f0b58f9cc7001f55802
 2021-10-15 18:14:20 +02:00
wojtekt c18ab3e1b1 Estimate width of the request based on watchers count in P&F 
Kubernetes-commit: 223f9be59778b6ec2e44fd57df523f00e246bd95
 2021-07-07 10:48:29 +02:00
wojtekt b898581360 Migrate to k8s.io/utils/clock in apiserver 
Kubernetes-commit: 859a98c0358610e2c127cd2fba1be601ca975188
 2021-09-14 20:36:07 +02:00
Abu Kashem 033ff70436 Revert "Merge pull request #104281 from tkashem/not-ready-429" 
This reverts commit fc5863b8b276e0789f717859e8cce58d7d060181, reversing
changes made to 027fe2554fd18343b8be39eddc8ff6570a6c390f.

Kubernetes-commit: f9f08725907b7db2104ee5fe9f82ab0752726533
 2021-08-31 10:10:46 -04:00
Abu Kashem 450b7e8f12 rename audit Checker interface 
Kubernetes-commit: 27f150351475adaef416bd893403e7066b70d33a
 2021-03-24 13:07:21 -04:00
Abu Kashem f3ae70d0cf send retry-after until ready 
Kubernetes-commit: 6e3923d0a4f4720d2d9f628eb9c073d2d3ee291a
 2021-08-10 12:03:21 -04:00
Abu Kashem 030819c510 apiserver: refactor WithRetryAfter server filter 
Kubernetes-commit: 83889ae5940036d89b9822a1e38f0f939308e408
 2021-08-09 18:25:29 -04:00
Abu Kashem ffb869e08f apiserver: add a new mode for graceful termination 
add a new mode for graceful termination with the new server run option
'shutdown-send-retry-after'
- shutdown-send-retry-after=true: we initiate shutdown of the
  HTTP Server when all in-flight request(s) have been drained. during
  this window all incoming requests are rejected with status code
  429 and the following response headers:
    - 'Retry-After: N' - client should retry after N seconds
    - 'Connection: close' - tear down the TCP connection
- shutdown-send-retry-after=false: we initiate shutdown of the
  HTTP Server as soon as shutdown-delay-duration has elapsed. This
  is in keeping with the current behavior.

Kubernetes-commit: 3182b69e970bd1fd036ff839fdf811f14e790244
 2021-07-14 10:39:29 -04:00
Abu Kashem bd2ef9810a apf: estimate list width 
Kubernetes-commit: 296c18ec323328bf1c6a621a9ca3a094d78bb9d0
 2021-06-22 19:38:00 -04:00
Abu Kashem feb4eefe1c apiserver: add callback to get notified of object count 
Kubernetes-commit: 2c60feffbee690af4632d068158e640abe10f678
 2021-07-14 16:44:34 -04:00
wojtekt b4c306e1e8 Rename width to workEstimate in P&F code 
Kubernetes-commit: 73211256e8f15cf84ee69d6fe8258c3a912e0f94
 2021-07-13 15:10:58 +02:00