kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,607 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7607 Commits

Author SHA1 Message Date
Joe Betz cbc488649b Fix estimated cost for Kubernetes defined CEL types 
Kubernetes-commit: 0a4e863373abc1b84372b0a93c8bcd32a24d07fb
 2024-07-25 14:14:20 -04:00
Lan Liang 552e7d7170 Using NewExpressions for cel lazy test. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: 9a8d6b72e4f1e33e6a30fd281fd0972fdce93f78
 2024-07-25 10:08:15 +00:00
Richa Banker f434fbf0c7 init a common apiserver for TestAuthorizationDecisionCaching testcases 
Kubernetes-commit: 4acedb5132b2c3a7d61bd9e088c964af3fcfee3d
 2024-07-23 22:19:02 -07:00
Richa Banker 1d26753b4b split Test_ValidateNamespace_NoParams into successes and failures tests, init a common apiserver for all testcases 
Kubernetes-commit: 9df04b7c782cccc5fb068554152b4dcd9baf408b
 2024-07-23 21:41:32 -07:00
Anish Ramasekar febd487238 Validate structured authn feature is enabled for discovery url/multiple 
audiences

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f80c73248f872769d72b620e567747a1018f8a2b
 2024-07-23 15:04:02 -07:00
Sohan Kunkerkar fed8dfe736 dynamiccertificates: denoise Kubelet logs by skipping removal of non-existent file watchers 
This commit updates the DynamicFileCAContent controller to skip the removal
of non-existent file watchers. Previously, the controller attempted to remove
a file watch even if it didn't exist, which resulted in a flood of error messages
being logged in the Kubelet logs.

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>

Kubernetes-commit: 17ad4b39f8b6b299d20fb94f99083ea84083b6b2
 2024-07-23 10:55:16 -04:00
Marek Siarkowicz 3adae5fd46 Make object transformation concurrent to remove watch cache scalability issue for conversion webhook 
Test by enabling consistent list from cache in storage version migrator stress test that uses
conversion webhook that bottlenects events comming to watch cache.

Set concurrency to 10, based on maximum/average transform latency when
running stress test. In my testing max was about 60-100ms, while average
was 6-10ms.

Kubernetes-commit: bb686f203308481bcd7808f767171cdef27e12a0
 2024-07-22 11:24:37 +02:00
Marek Siarkowicz 9aa7a6ac61 Introduce ConcurrentWatchObjectDecode feature gate disabled by default 
Kubernetes-commit: 93a10a75698075e86344ee4fdb56701309468b95
 2024-07-30 16:28:48 +02:00
Kubernetes Publisher bd44a99f50 Merge pull request #126469 from serathius/beta2 
Move ConsistentListFromCache to Beta default again

Kubernetes-commit: eb729d1db72fc27f495ddf397289678b180926f1
 2024-07-31 18:05:06 +00:00
Kubernetes Publisher 1b569bf504 Merge pull request #126470 from benluddy/apiservingwithroutine-alpha-disabled 
Move APIServingWithRoutine to alpha and disabled by default.

Kubernetes-commit: f9d2297298909c9f3a2be2e88f3c84df43f3a376
 2024-07-31 05:33:58 +00:00
Kubernetes Publisher bebf7ae9a1 Merge pull request #126467 from serathius/fallback 
Implement fallback for consistent reads from cache

Kubernetes-commit: 974f3d3d8ff6bfb33a375f7207c34c69b3e8b932
 2024-07-30 21:33:25 +00:00
Marek Siarkowicz c470f38c60 Move ConsistentListFromCache to Beta default again 
This reverts commit aeb51a16e369d5b823a8ae6488d1d5e12c683516.

Kubernetes-commit: 2ca56aab87d0927e568f1d896d49692433d5d93a
 2024-07-30 22:49:47 +02:00
Ben Luddy 788e7ee758 Move APIServingWithRoutine to alpha and disabled by default. 
Kubernetes-commit: c8380040848fcbd0a0cc06600b9d4531b65098d2
 2024-07-30 16:33:31 -04:00
Marek Siarkowicz 6c5ee08ccf Implement fallback for consistent reads from cache 
Kubernetes-commit: 35962561e44425fe5e23f19aeccba9269fab3a56
 2024-07-30 18:57:22 +02:00
Kubernetes Publisher c8097e3f30 Merge pull request #124012 from Jefftree/le-controller 
Coordinated Leader Election

Kubernetes-commit: 5f5c02da51cd3146f30c6ee56013c983f4999d9c
 2024-07-25 21:25:59 +00:00
Jefftree e749b346fa CLE feature gate 
Kubernetes-commit: 9b16b0dc97c3f353f60eb935a8a532ec82b5e18e
 2024-07-21 20:04:36 +00:00
Cici Huang 92ee9330ce Allowing direct CEL reserved keyword usage in CRD (#126188) 
* automatically escape reserved keywords for direct usage

* Add reserved keyword support in a ratcheting way, add tests.

---------

Co-authored-by: Wenxue Zhao <ballista01@outlook.com>

Kubernetes-commit: a48a92c72ec7d4e2a8da396309abff9360faae75
 2024-07-24 01:23:51 +00:00
Kubernetes Publisher c90207143c Merge pull request #124061 from Jefftree/conversion-webhook-invalidca 
Validate CABundle when writing CRD

Kubernetes-commit: 04d2f336419b5a824cb96cb88462ef18a90d619d
 2024-07-23 21:06:59 +00:00
Kubernetes Publisher 2b2a4b0fa8 Merge pull request #126187 from seans3/portforward-websockets-metrics 
Adds metrics to PortForward Websockets

Kubernetes-commit: 04cc0a1034ed75982b124f65648bf737f2e39eb4
 2024-07-23 03:02:33 +00:00
Kubernetes Publisher 3319859ad0 Merge pull request #125488 from pohly/dra-1.31 
DRA for 1.31

Kubernetes-commit: d21b17264e5a554724aa3ad032536630bcfd5b3f
 2024-07-22 23:02:25 +00:00
Kubernetes Publisher 4c07daf63d Merge pull request #126237 from cici37/promoteMetrics 
Promote metrics for VAP and CRD validation rules to beta.

Kubernetes-commit: 887def08b66c31b2f8bc260ea74d6c94671d474e
 2024-07-22 18:45:28 +00:00
Kubernetes Publisher d681845e4f Merge pull request #126136 from cici37/removeFG 
Remove feature gate CustomResourceValidationExpressions

Kubernetes-commit: 8f265b63050739937cd939c05a98def37002f1e8
 2024-07-20 10:45:41 +00:00
Kubernetes Publisher bd463169af Merge pull request #125571 from liggitt/filter-auth-02-sar 
add field and label selectors to authorization

Kubernetes-commit: 64ba17c605a41700f7f4c4e27dca3684b593b2b9
 2024-07-20 02:46:10 +00:00
cici37 3d5977276b Promote metrics for VAP and CRD validation rules to beta. 
Kubernetes-commit: 95dbfa1c3d2f62e5d0f52788a2dd19fc61ca0a36
 2024-07-19 20:46:33 +00:00
Sean Sullivan f438154cef Adds metrics to PortForward Websockets 
Kubernetes-commit: 90d70ed73dd7fcc9465baf452d178eb72f2aaf90
 2024-07-17 21:29:31 -07:00
Patrick Ohly c1c9700b75 CEL: add QuantityDeclType 
Most functions in k8s.io/apiserver/pkg/cel work with DeclType for type
definitions, which made the existing QuantityType unusable with them. The new
QuantityDeclType fills that gap.

Kubernetes-commit: bcececadfb5b7deb3f6ecb253a73ea98a2fdd80c
 2024-07-17 19:36:36 +02:00
Cici Huang 5678a8c44d Remove feature gate CustomResourceValidationExpressions. 
Kubernetes-commit: 67a171a1422cc5861491aadd69e51ce718196434
 2024-07-16 10:39:00 -07:00
Marek Siarkowicz 132d3e46d6 Add paging tests 
Kubernetes-commit: 99e69569808cf746262b25a9d9d515c26256c7e5
 2024-07-07 16:15:47 +02:00
Marek Siarkowicz de0559ec7b Benchmark storage 
Kubernetes-commit: fa5008807add2776ff87f346a7b7d3c029d19efc
 2024-07-02 22:50:57 +02:00
Jordan Liggitt 6c5ca3dcf3 Fixup lint warning 
Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552
 2024-06-27 00:42:01 -04:00
Jordan Liggitt eabf12957a Add structured labelSelector / fieldSelector to authorization webhook match conditions 
Kubernetes-commit: a1398a8ccaeb7f881acb65d1276392f4cac259e8
 2024-06-26 17:17:43 -04:00
Jordan Liggitt f14fc0f445 Adjust CEL cost calculation and versioning for authorization library 
Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87
 2024-06-26 21:38:24 -04:00
Taahir Ahmed 72a449fe98 Define credential IDs for X.509 certificates 
This commit expands the existing credential ID concept to cover X.509
certificates.  We use the certificate's signature as the credential ID,
since this safe and unique.

Kubernetes-commit: 2ad2bd8907d979f709cd924af7986be71c31ce12
 2024-06-21 16:21:35 -07:00
David Eads efe135c937 Add CEL fieldSelector / labelSelector support to authorizer library 
Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2
 2024-06-14 14:39:54 -04:00
Jordan Liggitt b338834e91 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.

Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8
 2024-06-29 21:45:55 -04:00
Jordan Liggitt 9db3f571d5 Improve CEL cost tests to catch unhandled estimates or types 
Kubernetes-commit: 1d2ad282cff163e51e5c24569a0ac762ed814e74
 2024-06-26 21:38:48 -04:00
David Eads f26d4ed894 add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
 2024-05-23 15:12:26 -04:00
Kubernetes Publisher 6dd5496a01 Merge pull request #126124 from cici37/feature/validating-admission-policy/metrics-improvement 
Feature/validating admission policy/metrics improvement

Kubernetes-commit: acaec0c23a7e5f76b98c519d91cdf66cbe4c0263
 2024-07-19 18:45:26 +00:00
Kubernetes Publisher bf5c64d612 Merge pull request #124736 from MikeSpreitzer/exempt-borrows-more 
More assertive borrowing by exempt

Kubernetes-commit: d040043edbe8eddd806d9dadd572283e65f8233a
 2024-07-18 22:45:52 +00:00
Kubernetes Publisher 36d8f544a9 Merge pull request #126191 from p0lyn0mial/upstream-revert-promote-watch-list-to-beta 
Revert "Promote WatchList feature to Beta"

Kubernetes-commit: dda657b5982e8f9102b8df5931344262b0793163
 2024-07-18 18:50:57 +00:00
Lukasz Szaszkiewicz 708f0cf46b Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35d83ca32833e81997b6257ee4d4f369.

Kubernetes-commit: 88f47b4b4df2f099cc20381fdc0fbcfe0afcee8e
 2024-07-18 09:29:24 +02:00
Kubernetes Publisher 1ae3792914 Merge pull request #126139 from enj/enj/i/revert_list_cache 
Revert "Move ConsistentListFromCache to Beta default"

Kubernetes-commit: c3bcd4fff06566886f36d6e59536b3d00a69a637
 2024-07-17 19:10:06 +00:00
Monis Khan 17ba1a9a64 Revert "Move ConsistentListFromCache to Beta default" 
This reverts commit 0c0e19b343d48d4bea0e7fa735e3781c70298a34.

During stress test for SVM controller, the controller is unable to
make a list call due to following error:

resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"

With the feature disabled, the stress test passes.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: aeb51a16e369d5b823a8ae6488d1d5e12c683516
 2024-07-16 23:12:16 -04:00
Cici Huang cd492e8b91 Fix the error type, Add into observation, Fix tests. 
Kubernetes-commit: b7821078b36f1cb25d903774ddf37a97966c2eac
 2024-07-16 08:27:36 -07:00
Kubernetes Publisher d72b6cca4b Merge pull request #125769 from siyuanfoundation/api-comp-ver1 
add emulated-version flag to kube-scheduler to control the feature gate.

Kubernetes-commit: 7bbc891f9b8f278edf2c6376ffe70a94f4c85afb
 2024-07-15 18:46:49 +00:00
Kubernetes Publisher 2e2bf0d328 Merge pull request #126018 from aroradaman/bump-k8s-utils 
bump k8s.io/utils

Kubernetes-commit: 46aa8959a0659e22c924bb52b38385d441715b2b
 2024-07-13 18:50:20 +00:00
Daman Arora 74615c52f8 bump k8s.io/utils 
Signed-off-by: Daman Arora <aroradaman@gmail.com>

Kubernetes-commit: c6a129b715646163ef83f94245c3756cbc191c42
 2024-07-12 14:40:22 +05:30
Kubernetes Publisher b9f8b0569b Merge pull request #125802 from mmorel-35/testifylint/len+empty 
fix: enable empty and len rules from testifylint on pkg and staging package

Kubernetes-commit: 2d4514e1690dc5babb144542da799f6b331afd1b
 2024-07-12 06:51:23 +00:00
Kubernetes Publisher 4f89b2c0e4 Merge pull request #125986 from vinayakankugoyal/typo 
Fix typo in error message for anonymous field in AuthenticationConfig…

Kubernetes-commit: 0c8b3e5f305bf2bf56d47019199b81330d90c2c3
 2024-07-10 06:46:23 +00:00
Vinayak Goyal fd1f3aafaf Fix typo in error message for anonymous field in AuthenticationConfiguration. 
Kubernetes-commit: 27e8923c70c8bf95e0db02aeb7a0d45908ae9d62
 2024-07-09 21:04:28 +00:00