kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,557 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

1677 Commits

Author SHA1 Message Date
Lukasz Szaszkiewicz 07cdc792bb provides DynamicRequestHeaderController that combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController into one controller 
the unified controller will dynamically fill RequestHeaderConfig struct

Kubernetes-commit: cb4b4cb5a6ffdf1c7f199e644a8b5cac2367d504
 2020-04-28 12:48:21 +02:00
Lukasz Szaszkiewicz 259bedd4a2 provides RequestHeaderAuthRequestController for dynamically filling RequestHeaderConfig struct 
Kubernetes-commit: 6e0211b3d82c5b3b2f69f6b3c7a7840b42e6e000
 2020-04-27 17:41:42 +02:00
Wojciech Tyczynski 7686f3528b Revert "Send watch bookmarks every minute" 
Kubernetes-commit: 1cb98ed2376b1f7777ca3d7bfac98cbb5f8b9ce3
 2020-04-27 17:07:27 +02:00
tanjunchen 529b6da9bb remove prometheus dependencies from k/k and add testcases for LabelsMatch 
Kubernetes-commit: 6e986249ee4252f83037f229a8773869feaab15a
 2020-04-22 14:07:53 +08:00
Jordan Liggitt b6e46cd151 Restore cache-control header filter 
Kubernetes-commit: 5efcc9e63327b5054fb636bda56176e8546bd9be
 2020-04-24 15:36:12 -04:00
wojtekt f1c77ba823 Send watch bookmarks every minute 
Kubernetes-commit: d4b532e7190c2ad12a0317ff946e2cd0b33f0ada
 2020-04-17 19:42:26 +02:00
Jie Shen 6873ed332b Use utils.net to parse ports instead of atoi (#89120) 
Kubernetes-commit: 363bb3914296d5330dce29631fb6003c335cfcf7
 2020-04-22 06:24:23 +00:00
louisgong 4c8b97679c Use dynamic size watch-cache. 
If all cached events occur inside eventFreshDuration, increase cache capacity by 2x.
Decrease cache capacity by 2x when recent half events occur outside eventFreshDuration.

Kubernetes-commit: 56407b656c7acf6039cead0192070429e53a0c70
 2020-04-12 17:22:38 +08:00
louisgong 1117ccdc72 move watchCache metrics to a seperate file 
Kubernetes-commit: 21ba510ef0e02f64a813cb460212cb832f8f4d78
 2020-04-16 15:45:16 +08:00
Monis Khan 1873d19869 Allow handlers early in the request chain to set audit annotations 
This change adds the generic ability for request handlers that run
before WithAudit to set annotations in the audit.Event.Annotations
map.

Note that this change does not use this capability yet. Determining
which handlers should set audit annotations and what keys and values
should be used requires further discussion (this data will become
part of our public API).

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b
 2020-03-19 20:02:37 -04:00
Gaurav Singh 43ce4f9092 Remove double import of k8s.io/apimachinery/pkg/util/net 
Kubernetes-commit: 29ceb8d5f2fc48d1fe4974110b7f60579668c00e
 2020-04-08 16:25:23 -04:00
Michael Gasch 0cdbc006ea Add etcd WithRequireLeader option to API watches 
Watches against etcd in the API server can hang forever if the etcd
cluster loses quorum, e.g. the majority of nodes crashes. This fix
improves responsiveness (detection and reaction time) of API server
watches against etcd in some rare (but still possible) edge cases so
that watches are terminated with `"etcdserver: no leader"
(ErrNoLeader)`.

Implementation behavior described by jingyih:

```
The etcd server waits until it cannot find a leader for 3 election
timeouts to cancel existing streams. 3 is currently a hard coded
constant. The election timeout defaults to 1000ms.

If the cluster is healthy, when the leader is stopped, the leadership
transfer should be smooth. (leader transfers its leadership before
stopping). If leader is hard killed, other servers will take an election
timeout to realize leader lost and start campaign.
```

For further details, discussion and validation see
https://github.com/kubernetes/kubernetes/issues/89488#issuecomment-606491110
and https://github.com/etcd-io/etcd/issues/8980.

Closes: https://github.com/kubernetes/kubernetes/issues/89488

Signed-off-by: Michael Gasch <mgasch@vmware.com>

Kubernetes-commit: 70c9f770d7aa2194bfd3f58fe01756a7d200b866
 2020-03-31 12:01:53 +02:00
Jordan Liggitt 08f23b5217 github.com/googleapis/gnostic v0.4.1 
Kubernetes-commit: 93c7b24562d80959f45c308e7412456a410b9b25
 2020-03-31 17:18:56 -04:00
wojtekt 59604ff55c Not rely on default conversions in apiserver test 
Kubernetes-commit: 8c59c2133cabe70039f67986383a3598c174e546
 2020-02-11 14:53:17 +01:00
jingyih 9303178e27 Add a metric exposing etcd database size 
Kubernetes-commit: 922ec728de9248657f026eb6cfb8fdaeb11049ac
 2020-03-16 07:55:38 -07:00
Jordan Liggitt c4368f3db2 Clarify cached object type in apiserver log 
Kubernetes-commit: a941755a39afd366dad6d005dfaf41fd584dec08
 2020-03-09 15:09:30 -04:00
Davanum Srinivas c15d16953f Move k8s.io/apiserver/pkg/util/term to k8s.io/component-base/term 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 1d057da2f73118893b5cc27c15d59ff03beb271e
 2020-03-16 16:27:44 -04:00
Abu Kashem 6d0de7f4cb Fix data race issue in unit test 
TestDispatchingBookmarkEventsWithConcurrentStop can use processEvent
instead of `dispatchEvent` to avoid data race conditions with
`Cacher.watchersBuffer`.

Kubernetes-commit: 7dc075673c24ffd8bde08a4c7ec55a8b633b20e2
 2020-03-16 17:43:32 -04:00
Monis Khan 7fa523535d Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: df292749c9d063b06861d0f4f1741c37b815a2fa
 2020-03-11 14:31:31 -04:00
Jordan Liggitt 532d284317 Require listers to implement TableConverter 
Kubernetes-commit: 7cbb74d089f88c3323b7be2dcd8a8d39d8aad271
 2020-03-09 10:08:13 -04:00
Mateusz Gozdek e843f3790e kube-apiserver: use SO_REUSEPORT when creating listener on Unix systems 
So multiple instances of kube-apiserver can bind on the same address and
port, to provide seamless upgrades.

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

Kubernetes-commit: dfe1f968ac31ba9b81a353d4de86d28e73d22d4e
 2020-03-06 09:59:20 +01:00
immutablet 209aff3d4b Hide methods in the encryption config that are not used outside the package. 
Kubernetes-commit: 922e0bfaec0a8b25fdb04e559ac454c416f8c2e8
 2020-03-05 16:54:27 -08:00
Jordan Liggitt 1a93b794ed Preserve target apiVersion when decoding into unstructured lists 
Kubernetes-commit: fa12441ab99cac81b0034208fd10d8a4fc3d5bd0
 2020-03-10 03:13:20 -04:00
Antoine Pelisse 05f95a480d managedfields: Update Apply time if neither object nor managedfields have changed 
Kubernetes-commit: 5231c6815c7b06248575892f3ec96c15c634d368
 2020-03-05 13:13:27 -08:00
Antoine Pelisse c81c86d33f Bump sigs.k8s.io/structured-merge-diff to v3 
Kubernetes-commit: df41fd932bef1686b30a1abee477c5009ebabe80
 2020-03-05 13:09:50 -08:00
Antoine Pelisse 2ff45c3592 fieldmanager: Add failing test for no-op apply actually writing to etcd 
Kubernetes-commit: 7120abe6989afff0d4ad879a4590a960f4ab19f0
 2020-03-05 10:09:08 -08:00
Antoine Pelisse 5de3b6339e fieldmanager: Move ManagedFields update logic into its own class 
Kubernetes-commit: 39681aa5800492b8e4b4ff5fb82e034376864a37
 2020-03-05 10:01:37 -08:00
Abu Kashem 6d7d21c695 /readyz should start returning failure on shutdown initiation 
Currently, /readyz starts reporting failure after ShutdownDelayDuration
elapses. We expect /readyz to start returning failure as soon as
shutdown is initiated. This gives the load balancer a window defined by
ShutdownDelayDuration to detect that /readyz is red and stop sending
traffic to this server.

Kubernetes-commit: 4134494fa51402ec5e5ea3fa1c51c0be55c955fd
 2020-03-06 10:55:45 -05:00
Jordan Liggitt 2e70c9ff51 client-go dynamic client: add context to callers 
Kubernetes-commit: b7c2faf26c2a25427794478c6265e6d55e8acb5a
 2020-03-06 10:17:41 -05:00
Mike Spreitzer 9df60c9fe6 Renaming: "Change" -> "Add" for consistency with underlying method 
Kubernetes-commit: c7b098ac6c276d65a79db6cfeb04f5f0f86eb315
 2020-03-05 15:17:33 -05:00
Mike Spreitzer 8235385f97 Fix queued request accounting, extended queueset test 
Kubernetes-commit: 8a1b60320986eca05cb281bcce45332e0969268e
 2020-03-05 15:13:46 -05:00
Mike Spreitzer 6ae3e470a2 Make some metrics finer-grained, add dispatch counts, note immediate reject 
Also add testing of metrics for queuesets.

Kubernetes-commit: f535a9c9ed4b6a0def47c354acad0ac2a8f961b0
 2020-03-01 20:22:58 -05:00
Chao Xu 359feb5450 refactor egress dialer construction code and add unit test 
Kubernetes-commit: bac9351c64671ce4d5198d431c97bf1ccd72752f
 2020-02-26 16:00:43 -08:00
Chao Xu 079efffdb4 add metrics and traces for egress dials 
Kubernetes-commit: fbb1fb8902c06cbcce47a025ce22fe260b27a697
 2020-02-25 14:23:24 -08:00
Monis Khan b37d21cc60 dynamic certs: pass valid object to event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 2cd6abece45bc62121097ce7cbe7f0d14b9be5e0
 2020-03-04 09:54:27 -05:00
Monis Khan dd3ae9c175 dynamic certs: use correct name with event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 3bc918e48427720938c731a6b26e9474b4819716
 2020-03-03 18:40:34 -05:00
Monis Khan 091c53ac7a dynamic certs: do not copy mutex via shallow copy of tls.Config 
go vet error:

call of dynamiccertificates.NewDynamicServingCertificateController
copies lock value: crypto/tls.Config contains sync.Once contains
sync.Mutex

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 86a5993007e3c781749a5099b540307f65a4f377
 2020-03-03 14:58:43 -05:00
Mike Spreitzer 219ab512ff Generalized NonResourcePolicyRule.NonResourceURLs impl 
... to match the comment on that field.

Also generalized the test case generator to exercise the new
generality.

Kubernetes-commit: 2e97d3c8732147c3ba2f11d668f50b44e6374348
 2020-03-04 00:00:39 -05:00
Mike Spreitzer f9c1780311 Hopefully plainer test strings 
Kubernetes-commit: 4a4852ca9a1ffc439e2c476d7057a8be9f081055
 2020-03-04 21:47:19 -05:00
Mike Spreitzer f44645645b Added non-randomized tests of matching FlowSchema rules 
Kubernetes-commit: 21f78f3348736f242541f7b66e191aa1dce78c47
 2020-02-27 23:36:19 -05:00
Chao Xu d81e3cbf28 Promote the egressselector API to beta 
Kubernetes-commit: 3fbb549fb7ff707eb7c67e7ae275517c5bdc9883
 2020-02-24 17:12:44 -08:00
Lukasz Szaszkiewicz 3ae793e2b7 cleans up dynamiccertificates package 
Kubernetes-commit: 413960e49bea4b5558ea4dda3d18137eceaf7f16
 2020-03-03 14:38:18 +01:00
Antoine Pelisse 82ecbdb375 Don't log "SHOULD NOT HAPPEN" errors more than once per second 
Kubernetes-commit: 389dd0a499e4fa79d3d2ef4261aa9f25aa94e6b0
 2020-02-26 15:58:57 -08:00
chenjun.cj e5c6ec44de add a new generic filter goaway 
Kubernetes-commit: 81f46b64a35f3af096d50620dfcc78b003de8263
 2020-02-28 05:27:25 +08:00
immutablet e6ae7336e6 Factor-out metrics related logic from authentication logic. 
Kubernetes-commit: c0bad80e5b4bf56757e1a4999e831a5341693203
 2020-01-28 15:53:25 -08:00
jennybuckley a87d964ed1 Don't save managedFields if object is too large 
Kubernetes-commit: ccd9e4e2de32b8708f3a7be159f7a4316449c433
 2020-01-22 15:38:27 -08:00
Mike Spreitzer 8ad2cc1389 Replaced uber atomic with sync atomic, removed unneded "blank import" 
Kubernetes-commit: dbe84361440697af5c53d12209524aad9068c81a
 2020-03-01 18:10:20 -05:00
yue9944882 f452a698b0 register metrics from comp-base 
Kubernetes-commit: 11656478be93d4a9e54129ec35cd2b9558e901ac
 2020-02-27 17:04:17 +08:00
Rob Scott 7adab84d8a Adding IngressClass to networking/v1beta1 
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>

Kubernetes-commit: 132d2afca0794b4bcaedb6dbbefe4e9d66e80239
 2020-02-24 21:20:45 -08:00
Monis Khan f5c1e085ed storage: confirm that paging and predicate filtering work together 
This change adds the TestListContinuationWithFilter test which
confirms that paging with a predicate that does not match everything
results in the correct amount of calls to TransformFromStorage and
KV.Get.  The partial result of each paging call is also asserted.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 002c75442d768d2bcc51047667354ff16bbfa2e8
 2020-02-28 15:35:22 -05:00