kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,292 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

6292 Commits

Author SHA1 Message Date
Kubernetes Publisher fe9b9da7ad Merge pull request #116820 from Jefftree/patch-1 
Update kube_features comment for aggregated discovery and openapi v3

Kubernetes-commit: 2f002862f0bf240aaa8e400a378400233ee315f2
 2023-03-21 14:16:12 -07:00
Jeffrey Ying a8fe83c416 Update kube_features comment for aggregated discovery and openapi v3 
Kubernetes-commit: 0e4cece0e896d3fb6ef61f2880fa4ee3fe1f3fea
 2023-03-21 15:18:41 -04:00
Kubernetes Publisher 855aee423b Merge pull request #116785 from enj/enj/i/clean_front_proxy_headers 
Clear front proxy headers after authentication is complete

Kubernetes-commit: 956fa9b9cef031a34188c2292b5f8c0db2dcd26f
 2023-03-21 20:38:48 +00:00
Kubernetes Publisher 3f91e4a9ba Merge pull request #116783 from tallclair/cel-authz 
[CEL] Clean up reference to deleted denied function

Kubernetes-commit: 9614d7c03bf97953922c6238a18a264171e52146
 2023-03-21 09:56:11 -07:00
Tim Allclair c86f7c33d0 Clean up reference to deleted denied function 
Kubernetes-commit: d109f60a0579bcc34244cbc74068be07d18443e6
 2023-03-20 18:24:10 -07:00
Monis Khan 9c69aab43c Clear front proxy headers after authentication is complete 
This matches the logic we have for the Authorization header as well
as the impersonation headers.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e9866d2794675aa8dc82ba2637ae45f9f3a27dff
 2023-03-20 13:11:38 -04:00
Alexander Zielenski 63812e2f9b allow multiple sources to add/remove from discovery without clobbering each other 
Kubernetes-commit: 0740b11073d08262d4d6687ceedd8f0c71819ebd
 2023-03-20 10:05:15 -07:00
Kubernetes Publisher 0ad7c4e505 Merge pull request #116550 from alculquicondor/fix-bind-uid 
Preserve UID and ResourceVersion in BindingREST

Kubernetes-commit: 15894cfc85cab64df081bb753b8ccf32a243da68
 2023-03-20 16:56:14 +00:00
Aldo Culquicondor 62e2e0a1b7 Preserve UID/ResourceVersion in the BindingREST endpoint 
Change-Id: If4023da10c455963a320fdb9fc2a73c099bea3db

Kubernetes-commit: 62889f416cb60f66b3f04810ef2475c425b8394a
 2023-03-16 16:35:39 -04:00
Kubernetes Publisher 0fc1d27cde Merge pull request #116172 from wojtek-t/fix_watch_cache 
Fix missed watch events when watch is initialized simultanously with reinitializing watchcache

Kubernetes-commit: 856d6d9caaae7793795b87c7ffdef1a6f7f7c113
 2023-03-16 16:12:31 +00:00
Stanislav Laznicka 7f7fd322de don't ignore UID impersonation in webhook clients 
Kubernetes-commit: 8d3a498c879aab30d90d3429ffd364c3c7afe9de
 2023-03-16 11:14:29 +01:00
Max Smythe 41adff8c93 Custom match criteria (#116350) 
* Add custom match conditions for CEL admission

This PR is based off of, and dependent on the following PR:

https://github.com/kubernetes/kubernetes/pull/116261

Signed-off-by: Max Smythe <smythe@google.com>

* run `make update`

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Update compatibility test data

Signed-off-by: Max Smythe <smythe@google.com>

* Revert "Update compatibility test data"

This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.

* Allow params during validation; make match conditions optional

Signed-off-by: Max Smythe <smythe@google.com>

* Add conditional ignoring of matcher CEL expression validation on update

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Add more validation tests

Signed-off-by: Max Smythe <smythe@google.com>

* Short-circuit CEL matcher when no matchers specified

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Address review comments

Signed-off-by: Max Smythe <smythe@google.com>

---------

Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: e5fd204c33e90a7e8f5a0ee70242f1296a5ec7af
 2023-03-16 04:20:31 +00:00
Igor Velichkovich 05d2078e68 Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen

Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
 2023-03-15 07:36:02 +00:00
Kubernetes Publisher b841df9c51 Merge pull request #115123 from aramase/v2beta1 
[KMSv2] Generate proto API and update feature gate for beta

Kubernetes-commit: 15040e1c860f057c74d6f30b609d52e3ae7a5775
 2023-03-15 07:35:58 +00:00
Kubernetes Publisher 6fb7281a6b Merge pull request #116539 from pohly/ginkgo-gomega-update 
dependencies: ginkgo v2.9.1, gomega v1.27.3

Kubernetes-commit: f22504a9bafd5e34d86853a816d10578376aadc2
 2023-03-15 07:35:53 +00:00
Kubernetes Publisher 121f10f1bd Merge pull request #116345 from aramase/aramase/f/kms_cache_key 
[KMSv2] use encDEK, keyID and annotations to generate cache key

Kubernetes-commit: 2467eb8a7b0e988f897d6eee478636d6ff6d5d3f
 2023-03-15 07:35:47 +00:00
Kubernetes Publisher bab2edbb73 Merge pull request #115935 from enj/enj/i/unsafe_str_byte 
token/cache: use go 1.20's approach for no-copy string/bytes conversions

Kubernetes-commit: 83cd5ec710539c14e872cbec4d336e28fa1c9b66
 2023-03-15 07:35:34 +00:00
Kubernetes Publisher a8f9a38ca8 Merge pull request #116155 from enj/enj/f/dek_reuse 
kmsv2: re-use DEK while key ID is unchanged

Kubernetes-commit: 4950f519039918c5f247a4cec7cf5b824bb16c92
 2023-03-15 07:35:29 +00:00
Andrew Sy Kim 53a2449e3c apiserver: exclude APF queue wait time from SLO latency metrics (#116420) 
* apiserver: add latency tracker for priority & fairness queue wait time

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* apiserver: exclude priority & fairness wait times to SLO/SLI latency metrics

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* apiserver: update TestLatencyTrackersFrom to check latency from PriorityAndFairnessTracker

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: add helper function observeQueueWaitTime to consolidate metric and latency tracker calls

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: replace time.Now() / time.Since() with clock.Now() / clock.Since() for better testability

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: add unit test TestQueueWaitTimeLatencyTracker to validate queue wait times recorded by latency tracker

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

---------

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: ee18f602523e11a80823a659bed8f70f98a12914
 2023-03-15 07:35:21 +00:00
Kubernetes Publisher d3d464578a Merge pull request #115668 from jiahuif-forks/feature/validating-admission-policy/type-system 
Type System for ValidatingAdmissionPolicy

Kubernetes-commit: 152876a3eb9c6211c48bb159c87e2bf834e4eedc
 2023-03-15 07:35:12 +00:00
Andy Goldstein bae527459c admission ApplyTo: take in clients 
Change admission ApplyTo() to take in clients instead of a rest.Config.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>

Kubernetes-commit: 364b66ddd6554a898724b6781fd90a15a38ddb41
 2023-03-14 16:24:50 -04:00
Anish Ramasekar b21cb57710 [KMSv2] use encDEK, keyID and annotations to generate cache key 
It is possible for a KMSv2 plugin to return a static value as Ciphertext
and store the actual encrypted DEK in the annotations. In this case,
using the encDEK will not work. Instead, we are now using a combination
of the encDEK, keyID and annotations to generate the cache key.

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 8eacf09649ac9042c7e998b5c24ac59d68ae7e6c
 2023-03-14 19:38:30 +00:00
Patrick Ohly 7aa13f68e2 dependencies: ginkgo v2.9.1, gomega v1.27.4 
They contain some nice-to-have improvements (for example, better printing of
errors with gomega/format.Object) but nothing that is critical right now.

"go mod tidy" was run manually in
staging/src/k8s.io/kms/internal/plugins/mock (https://github.com/kubernetes/kubernetes/pull/116613
not merged yet).

Kubernetes-commit: fe59e091eb3331db54cff2351f16eabfe0cb681d
 2023-03-13 16:06:20 +01:00
Joseph Anttila Hall d76a9f78aa Bump Konnectivity to 0.1.2 
Kubernetes-commit: 31e1df9ae6c20674bfb59518260dccb525638bc8
 2023-03-10 12:48:25 -08:00
Ben Luddy 83b0e6192f Remove vestigal err check from CEL admission controller. 
Validate no longer returns an error.

Kubernetes-commit: 13192176002ae4fd31bdaaff6083deb9e6256880
 2023-03-09 16:13:12 -05:00
Jiahui Feng fc16fc2926 implmementing type checking 
with multi-type support.

Kubernetes-commit: feb18b3f5f9d443c27dd8cccb6358f271f887744
 2023-03-07 15:49:19 -08:00
Kubernetes Publisher 194b6423a9 Merge pull request #116397 from jiahuif-forks/feature/validating-admission-policy/message-expression 
MessageExpression for ValidatingAdmissionPolicy

Kubernetes-commit: 6b3e2b7873f8518b95f5b09fa04f5f316669c7b2
 2023-03-14 05:47:52 +00:00
Jiahui Feng 52ca13e6fc implement message expression. 
Kubernetes-commit: d8be7aa9ca99070e42cdef37b8c4af07b754520e
 2023-03-08 17:36:11 -08:00
Kubernetes Publisher 5fe8da4de2 Merge pull request #116542 from enj/enj/f/go1.20 
Explicit bump to go 1.20

Kubernetes-commit: de9ce03f19e8b1ace1e79fae17119820c4232b67
 2023-03-13 21:38:00 +00:00
Monis Khan b01238ab32 Explicit bump to go 1.20 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: ba471884fba92246e1547ce4a27f9d5e735afc60
 2023-03-13 12:47:36 -04:00
Kubernetes Publisher 7a11b7b1b3 Merge pull request #116436 from wojtek-t/fix_watch_cache_2 
Fix incorrect watch events when watch is initialized simultanously with reinitializing watchcache

Kubernetes-commit: 36b29b38bb3f38db3439bdf568cad1f856998b0a
 2023-03-11 02:01:45 +00:00
Kubernetes Publisher a45b9813bc Merge pull request #114497 from dgrisonnet/pod-logs-metrics 
Remove redundant subsystem in kube-apiserver pod logs metrics name

Kubernetes-commit: 94e30facdbe4d21234a07da0b7998b4b8a3b1414
 2023-03-11 02:01:38 +00:00
Kubernetes Publisher 5494077b73 Merge pull request #111372 from HeavenTonight/master 
code cleanup

Kubernetes-commit: 7529178924a997708fa1ad93b32d00326cc27fb0
 2023-03-10 21:07:01 +00:00
Kubernetes Publisher 0202e4e14e Merge pull request #116108 from Jefftree/agg-discovery-enb 
Enable Aggregated Discovery for Beta

Kubernetes-commit: d8fe8454157cfcc79dba292e67c6919be36b6266
 2023-03-10 21:06:59 +00:00
Kubernetes Publisher 07f0d43ace Merge pull request #115630 from Jefftree/agg-discovery-metrics 
Add metrics for aggregated discovery

Kubernetes-commit: 2e3c5003b96aef29e87ee24c9086ff7f06cb8886
 2023-03-10 17:21:06 +00:00
Kubernetes Publisher 4bde4d74d6 Merge pull request #110772 from p0lyn0mial/upstream-reflector-gets-stream 
client-go: Add support for API streaming to the reflector

Kubernetes-commit: 90c3232de77aa0dd09b948ffdd27c575688fba8a
 2023-03-10 17:21:04 +00:00
Kubernetes Publisher 8b3d5d0ea8 Merge pull request #116349 from apelisse/use-smarter-cache 
Update kube-openapi to 15aac26d736a

Kubernetes-commit: a034962173e2b481d59e81178e3897870511ec7d
 2023-03-10 09:06:47 +00:00
Kubernetes Publisher 860d453bc1 Merge pull request #115969 from DangerOnTheRanger/messageExpression-for-crd 
Add messageExpression field for CRD validation

Kubernetes-commit: 16d2d55bc06158124a41f3ee8cf567e63ddd9d21
 2023-03-10 09:06:40 +00:00
Kubernetes Publisher 7a3a376fee Merge pull request #115065 from apelisse/apimachinery-managed-fields 
managedfields: Move most of fieldmanager package to managefields

Kubernetes-commit: e8ae6658ed13fb7dbeb595cf29418f74a523d895
 2023-03-10 09:06:35 +00:00
Kubernetes Publisher e97010c727 Merge pull request #115149 from nilekhc/encrypt-all 
Allow encryption for all resources

Kubernetes-commit: 30ee6914c54269c5898582c984a3f21f9c6710e9
 2023-03-09 04:00:56 +00:00
Kubernetes Publisher 2fa0308197 Merge pull request #116393 from liggitt/etcd-cancel-error 
Recognize etcd/grpc cancel errors correctly

Kubernetes-commit: 7fe0fb7fbfd3d6a8e07d6cc732d963767b2b0c58
 2023-03-09 04:00:50 +00:00
Kubernetes Publisher 629c615880 Merge pull request #116235 from Jefftree/oas-ga 
Promote OpenAPI V3 to GA

Kubernetes-commit: 4a896644de963d87bd863efc4e3ebd9984161e8d
 2023-03-08 23:55:40 +00:00
Jordan Liggitt 8ea1930d95 Recognize etcd/grpc cancel errors correctly 
Kubernetes-commit: 267eb25e60955fe8e438c6311412e7cf7d028acb
 2023-03-08 15:51:25 -05:00
Kubernetes Publisher fce9e57448 Merge pull request #116144 from dashpole/apiserver_tracing_beta_round_2 
Graduate API Server tracing to beta

Kubernetes-commit: 548e856b5820bb19a08f48211bad6d010b77de10
 2023-03-07 19:31:12 -08:00
Kermit Alexander II fb14f0e553 Implement MessageExpression. 
Kubernetes-commit: 4e26f680a9e10f0da94830bbaba9633807e22aba
 2023-03-07 23:24:23 +00:00
David Ashpole fd3a7591f6 graduate API Server tracing to beta 
Kubernetes-commit: 4014d0fbbf93f3bb9002b1e37a125840f7be131b
 2023-03-07 21:39:39 +00:00
Kubernetes Publisher 8e839569be Merge pull request #116264 from ivelichkovich/versionedattrrefactor 
migrate versionedattr to avoid circular dependency

Kubernetes-commit: 323ad355b43d408aafc164544be0ef002cf8eb5e
 2023-03-07 23:47:26 +00:00
Kubernetes Publisher 8c3361fbd6 Merge pull request #116302 from p0lyn0mial/upstream-cacher-initial-events-rv-gt-zero 
cacher: WaitUntilWatchCacheFreshAndForceAllEvents

Kubernetes-commit: 05f9e2a3aab47aaea9a2ebfedc7ac6db516e18c4
 2023-03-07 19:54:32 +00:00
Kubernetes Publisher f09ba7dd91 Merge pull request #116103 from cici37/context 
Apply context cancellation to ValidatingAdmissionPolicy

Kubernetes-commit: 1030693d4eeceb63df0e060e9c68c7bcbcf01fec
 2023-03-07 16:03:02 +00:00
Lukasz Szaszkiewicz 515ef372fb cache/controller: Add ENABLE_CLIENT_GO_WATCH_LIST_ALPHA 
Kubernetes-commit: 966b26d55c22f7fbf20841a3a993de4f984d88db
 2023-03-07 12:34:11 +01:00