Integration testing has to this point relied on patching serving codecs for built-in APIs. The
test-only patching is removed and replaced by feature gated checks at runtime.
Kubernetes-commit: 439d2f7b4028638b3d8d9261bb046c3ba8d9bfcb
For alpha, there is one apiserver feature gate and two client-go feature gates controlling
CBOR. They were initially wired to separate test-only feature gate instances in order to prevent
them from being configurable at runtime via command-line flags or environment variables (for
client-go feature gates outside of Kubernetes components). All of the integration tests required by
the KEP as alpha criteria have been implemented. This adds the feature gates to the usual feature
gate instances and removes the temporary code to support separate test-only feature gate instances.
Kubernetes-commit: 072dfcb416fd4e1ddab0a89ac4faf519e268bc96
This expands the generic plugin support to both validating and mutating policies. It also adds the
mutating policy admission plugin using the generics plugin support.
This also implements both ApplyConfiguration and JSONPatch support.
Co-authored-by: Alexander Zielensk <alexzielenski@gmail.com>
Kubernetes-commit: 25e11cd1c143ef136418c33bfbbbd4f24e32e529
To mitigate the risk of introducing a new protocol, integration tests for CBOR will be written using
a test-only feature gate instance that is not wired to runtime options. On alpha graduation, the
test-only feature gate instance will be replaced by a normal feature gate in the existing apiserver
feature gate instance.
Kubernetes-commit: 0cad1a89b6721308746cc1a12f12de31a259a0d3
This change updates the KDF "feature flag" to be per KMS provider
instead of global to the API server. This allows integration tests
that use distinct provider names to run in parallel.
Locally this change reduced the runtime of
test/integration/controlplane/transformation by 3.5 minutes.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 43740c0def10f22a0ab7f522c1569188913b35a3
all bookkeeping must complete before the apf handler returns,
whether it panics or returns normally
Kubernetes-commit: 71d9307eaeda86d6a205548ecdeb7fbf226d7d82
the assert to verify that 'atomicReadOnlyExecuting' is zero
should be executed if the apf handler panics, all apf
bookkeeping must be completed before the handler returns
Kubernetes-commit: 0c8632de57075191e6c4e34897fb7871034c7081
This commit updates the DynamicFileCAContent controller to skip the removal
of non-existent file watchers. Previously, the controller attempted to remove
a file watch even if it didn't exist, which resulted in a flood of error messages
being logged in the Kubelet logs.
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
Kubernetes-commit: 17ad4b39f8b6b299d20fb94f99083ea84083b6b2
This guarantees that logs and metrics that rely on this information
work as expected.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e
These have been GA since v1.29 and can be safely removed.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).
Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 5300466a5c8988b479a151ceb77f49dd00065c83
This is to mitigate CVE-2023-44487
until the Go standard library and golang.org/x/net
are fully fixed.
Signed-off-by: Jayapriya Pai <janantha@redhat.com>
Kubernetes-commit: e2503e50381cc9cc2e4a4c90f0738e54992558f8
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.
Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32
27a68aee3a4834 introduced context support for events. Creating an event
broadcaster with context makes tests more resilient against leaking goroutines
when that context gets canceled at the end of a test and enables per-test
output via ktesting.
The context could get passed to the constructor. A cleaner solution is to
enhance context support for the apiserver and then pass the context into the
controller's run method. This ripples up the call stack to all places which
start an apiserver.
Kubernetes-commit: b92273a760503cc57aba37c4d3a28554f7fec7f8
Ben Luddy
Joe Betz
Kubernetes Prow Robot
Mangirdas Judeikis
Vinayak Goyal
Monis Khan
Sean Sullivan
Lukasz Szaszkiewicz
Abu Kashem
Matthieu MOREL
Abhishek Kr Srivastav
xuzhenglun
Stanislav Láznička
Kensei Nakada
jonyhy96
David Ashpole
Sohan Kunkerkar
0x5457
Adarsh-verma-14
Eric Lin
Wojciech Tyczyński
Siyuan Zhang
Stephen Kitt
Jayapriya Pai
Alvaro Aleman
Andrew DeMaria
cyclinder
Patrick Ohly
Marek Siarkowicz