13a3aab581
apiserver/httplog: pretty up impersonation output
...
```
I0807 09:09:16.419239 1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo=<
&{kubernetes-admin [system:masters system:authenticated] map[]} is acting as &{foo [system:authenticated] map[]}
>
```
to
```
I0807 09:09:16.419239 1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo="kubernetes-admin[system:masters system:authenticated] is impersonating foo[system:authenticated]"
```
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
Kubernetes-commit: 37730c07dd658ba585ffee3861780e18947ca534
2023-08-07 11:23:30 +02:00
a11da9bae8
Merge pull request #119577 from jiahuif-forks/tests/validating-admission-policy/lazy-map-short-circuiting
...
CEL lazy map: add test for boolean short-circuiting
Kubernetes-commit: 112a4726a4af33b5e3d7cb3f6d51547262587669
2023-08-16 04:21:03 +00:00
6b6cfe5d12
Merge pull request #119385 from andrewsykim/current_inqueue_seats_metric
...
Add apiserver flowcontrol metric `current_inqueue_seats`
Kubernetes-commit: 338d68bbc2b5e69c18fed5eea11cc683e72dcbdf
2023-08-16 00:32:47 +00:00
9ece5c3b70
Merge pull request #118399 from skitt/ioutil-sig-api-machinery
...
api-machinery: stop using deprecated io/ioutil
Kubernetes-commit: 10beda334e360b6b2988d5d2d30c011cc50d4aa8
2023-08-16 00:32:44 +00:00
e78a7391c4
Merge pull request #119888 from dgrisonnet/panic-storage-metric
...
Fix segfault during storage size metric collection
Kubernetes-commit: 8a7df727820bafed8cef27e094a0212d758fcd40
2023-08-11 04:46:45 +00:00
245d131967
apiserver/etcd3: fix segv during metric collection
...
Fix a segfault when collecting the storage size metrics when the getters
used to collect the data on etcd haven't been initialized properly. This
happens when the EtcdOptions are not applied which is the case for
aggregated apiservers that don't care about storage.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: c6efaf16c1ed07ce37485b7a272628f653cbf06f
2023-08-10 17:01:17 +02:00
e7a7329b64
Merge pull request #119835 from liggitt/mitigate-aggregated-discovery-npe
...
Avoid returning nil responseKind in v1beta1 aggregated discovery
Kubernetes-commit: 3d941afece97b284c764e5320cc8c80b0e88cba8
2023-08-10 01:27:20 +00:00
1edd7d6157
Avoid returning nil responseKind in v1beta1 aggregated discovery
...
Kubernetes-commit: 1876ddf71497bad349f7c4df24c2e22356d3bad9
2023-08-08 14:25:56 -04:00
cc544e7bf1
Merge pull request #119725 from MadhavJivrajani/bump-net-dep
...
[CVE-2023-3978] .*: bump golang.org/x/net to v0.13.0
Kubernetes-commit: 1620473a9a01dd6bbef3398c0acb2e581d0a13c3
2023-08-07 21:21:27 +00:00
499e610e3d
.*: bump golang.org/x/net to v0.13.0
...
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: 1b90dff5276f3cb37236b446f1821175dad802c4
2023-08-02 11:11:22 +05:30
bf2563c6cd
CEL lazy map: add test for boolean short-circuiting
...
Kubernetes-commit: 66aa2af0979cc6007cd63720876fd21dda3b17dc
2023-07-25 14:37:20 -07:00
d2172f30e1
Merge pull request #119409 from alexzielenski/apiserver/policy/vap-tests
...
Add test cases for ValidatingAdmissionPolicy
Kubernetes-commit: b53830590fc2eff8a219d7bc225091878263ebe6
2023-07-24 15:12:13 -07:00
066c7cb8cc
apiserver: add flow control metric current_inqueue_seats
...
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
Kubernetes-commit: fb9646fd60d4b8e79223b729c1cb54fc6818fdd1
2023-07-24 19:40:05 +00:00
09a47412b5
bugfix: use matched resource for AdmissionRequest.resource, not the resource it was converted from
...
use existing admission request for audit annotation eval
populate matchResource in empty rules case
Kubernetes-commit: e1b0bc3d0a7fb89a1e60f4ec1ee34b10de22d00a
2023-07-21 18:13:24 -07:00
eea6b57f73
bump validatingadmissionpolicy alpha->beta
...
Kubernetes-commit: 5e2e8c806475d21bc22f10ccc810451c1bcb21a7
2023-07-21 16:27:51 -07:00
62fa4fb0fe
Merge pull request #118644 from alexzielenski/apiserver/policy/namespaceParamRef
...
KEP-3488: Promote ValidatingAdmissionPolicy to Beta
Kubernetes-commit: 18f8cb83989ff64beb0c7f47cdd3ad9df7bdbbeb
2023-07-22 03:29:38 +00:00
1b09d3c04f
Merge pull request #118828 from enj/enj/f/kms_v2_hkdf_expand
...
kmsv2: KDF based nonce extension
Kubernetes-commit: 773a6b1e460360538ce4d85a7c0d009efed81836
2023-07-22 03:29:36 +00:00
cf66e8fde8
Merge pull request #119437 from serathius/etcd-semantics
...
Fix the semantic meaning of etcd server within component statuses and metrics.
Kubernetes-commit: 5766947ab87d459266210945d6d1df9e138f3908
2023-07-20 23:08:44 +00:00
06c891133c
Merge pull request #119215 from alexzielenski/apiserver/policy/namespaceParamRef-alpha
...
KEP-3488: Per namespace policy params
Kubernetes-commit: 8a053c700a3abc30717860e0b6a13243a7250743
2023-07-20 23:08:43 +00:00
a690957dd1
update codegen
...
Kubernetes-commit: d6479587445a5a6fa736ee7fb3012a29f4e6e5e7
2023-07-19 16:21:22 -07:00
df86e524c7
refactor: replace usage of v1alpha1 with v1beta1
...
v1alpha -> v1beta
fill in DenyAction where there is no ParameterNotFoundAction
Kubernetes-commit: ef8670c946d53fda523341658919f9d8bd242d40
2023-07-19 15:53:31 -07:00
e9acd0c76d
Fix the semantic meaning of etcd server within component statuses and metrics.
...
Instead of numerating all the etcd endpoints known by apiserver, we will
group them by purpose. `etcd-0` will be the default etcd, `etcd-1` will
be the first resource override, `etcd-2` will be the second override and
so on.
Kubernetes-commit: 03aad1f823cb719fa6e6b6d33fefa2a2140cc760
2023-07-19 14:25:54 +02:00
d501de662c
feature: add multiple params capability to VAP controller
...
Kubernetes-commit: b5e9e0168cf9383dacbd730893c6bc426581e64b
2023-07-10 18:40:45 -07:00
1f9118f187
refactor: make scope of ParamKind available to vap controller
...
Kubernetes-commit: 3f63a2d17d4f70dc3ac191a52ad36897086efa7c
2023-07-11 12:04:07 -07:00
6a8d8652f7
refactor: use the provided sharedInformerFactory for params
...
Kubernetes-commit: 6323c106e9b5b0edd452a2a223d569a5dae8a832
2023-06-12 18:19:33 -07:00
00a0da2cb8
Merge pull request #119166 from nilekhc/log-decryption-failure
...
feat: improves metric and logging
Kubernetes-commit: 90c362b3430bcbbf8f245fadbcd521dab39f1d7c
2023-07-19 10:07:21 +00:00
0e9644ed24
Merge pull request #117740 from Richabanker/uvip-impl
...
Unknown Version Interoperability Proxy Impl
Kubernetes-commit: 66e99b3ff1649fc9bd3d9ef36affa1b16c5e2e21
2023-07-19 06:04:00 +00:00
3373784322
feat: improves metric and logging
...
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Kubernetes-commit: 2c8288ac873b89ae6e351df5e805b1a825aae60d
2023-07-07 23:01:05 +00:00
7fb4ad7511
api-machinery: stop using deprecated io/ioutil
...
This replaces deprecated ioutil functions as follows:
* ioutil.ReadAll -> io.ReadAll
* ioutil.ReadFile -> os.ReadFile
* ioutil.TempDir -> os.MkdirTemp
* ioutil.TempFile -> os.CreateTemp
* ioutil.WriteFile -> os.WriteFile
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: b60a3a58df2791ae67764f6325be31aea5eca5a0
2023-05-02 15:08:18 +02:00
8a38d429d8
Add impl for uvip
...
Kubernetes-commit: cd5f3d9f9d5ae3153206178e6114d573dc24ad73
2023-03-29 17:20:25 -07:00
f100f84ac4
Merge pull request #119009 from MikeSpreitzer/track-executing-requests
...
Track executing requests
Kubernetes-commit: 31d662e58e9679ada73208fe63759c06793b013c
2023-07-18 21:53:00 +00:00
367a5f819d
Merge pull request #118601 from andrewsykim/apf-tune-max-seats
...
priority & fairness: support dynamic max seats
Kubernetes-commit: f6bcef0fd36f2f8312d8c6f14f17d804dcf97600
2023-07-18 10:03:54 +00:00
149a4e6556
Merge pull request #119321 from mingregister/mingregister-patch-1
...
replace strings.Index with strings.Contains
Kubernetes-commit: b2a9c06b2e7419691de5ea4f7d112baa2e00bc29
2023-07-18 06:14:23 +00:00
8e2b0eca2e
Merge pull request #118204 from sttts/sttts-openapi-v2-parameter-refs
...
openapi: reference shared parameters
Kubernetes-commit: f42ff8687026f8e12fb3d3b0da0760525d8d8ab2
2023-07-18 06:14:21 +00:00
b2ff4347db
Merge pull request #119380 from A-Hilaly/api-server/webhooks/match-conditions-beta-graduations
...
Graduate `AdmissionWebhookMatchCondition` to beta
Kubernetes-commit: 704970877e827908fc231d76f545feaa376bb6ed
2023-07-18 02:20:14 +00:00
bb61e75257
Merge pull request #119341 from divyasri537/remove-ctx-canceled-failopen
...
Ignore context canceled from validate and mutate webhook failopen metric
Kubernetes-commit: fab1f606ddaa640629d25f5f3e63c21582476ce1
2023-07-18 02:20:10 +00:00
90b43d6784
Merge pull request #119312 from pacoxu/prometheus/common-v0.44
...
upgrade prometheus common to v0.44.0
Kubernetes-commit: d627c4b41cdd9ef08b13604ce1c460eca26684f8
2023-07-18 02:20:08 +00:00
085dadbea3
Merge pull request #118959 from MikeSpreitzer/fix-118957b
...
Fix, deprecate apiserver_flowcontrol_request_concurrency_limit
Kubernetes-commit: af33d7a5af49cc841f8b58466b59e8dfdfe185ed
2023-07-17 22:22:43 +00:00
e613190aba
Skip apiserver_admission_webhook_request_total during context-canceled
...
Kubernetes-commit: d3c506133f1d5da6b8681423fc855d0513e8647e
2023-07-17 19:52:43 +00:00
6704aba021
Merge pull request #119110 from andrewsykim/apf-metrics-beta
...
Promote kube-apiserver flowcontrol metrics to Beta
Kubernetes-commit: 4f60a8d493ab9571eb328b9d98da477a50bc7446
2023-07-17 18:29:55 +00:00
623afac324
Enable admissionWebhookMatchCondition by default
...
Kubernetes-commit: 94c8ad289bb83c6457d1711a94c8a2cce9a7e8bc
2023-07-17 18:40:07 +01:00
5782becb79
Graduate AdmissionWebhookMatchCondition to beta
...
Kubernetes-commit: 0074b24ca42c8afca43f4ef3360f2d101594a567
2023-07-17 18:19:35 +01:00
04b26c4697
ValidatingAdmissionPolicy: support namespace access ( #118267 )
...
* Support namespace access from cel expression in validatingadmissionpolicy.
* Whitelist the exposed fields in namespace object and add test
* better handling of cluster-scoped resources.
* [API REVIEW] namespaceObject in Expression doc.
* compatibility with composition.
* generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh
* workaround namespace of namespace is unexpectedly set.
* basic test coverage for namespaceObject.
---------
Co-authored-by: Jiahui Feng <jhf@google.com>
Kubernetes-commit: 13172cba5c0e1c6a076dbda4aeebbccaf658c7f1
2023-07-15 01:33:59 +00:00
2af49f82c0
Merge pull request #119311 from ivelichkovich/metrics
...
matchCondition metrics for beta graduation
Kubernetes-commit: d5a653fd8791f25f44109e4626c1b34a7eec4164
2023-07-15 01:33:56 +00:00
eb9d761704
Merge pull request #119272 from deads2k/resources
...
add list of served versions to storage version
Kubernetes-commit: 47aeec63a839703e962ebd97e26edbc86fe6d99c
2023-07-14 21:44:27 +00:00
e725ece543
Merge pull request #119330 from bertinatto/fix-conn-reuse-test
...
Proactively bump golang.org/x/net to v0.12.0
Kubernetes-commit: c79be34fba3ad20532c9648216924afaa8434e06
2023-07-14 21:44:24 +00:00
437ae54e84
Ignore context canceled from validate and mutate webhook failopen metric
...
Kubernetes-commit: 1732b23a343bc0cedbab3dd1df3b7eee4d280036
2023-07-14 20:20:33 +00:00
616472f02a
Merge pull request #118782 from MikeSpreitzer/exempt-borrowing-impl
...
Exempt borrowing implementation
Kubernetes-commit: 2a91bd1dfdd2e293b9ec017ea3a976ecc2ecd545
2023-07-14 17:45:44 +00:00
643497556b
Merge pull request #118051 from A-Hilaly/api-server/webhooks/smart-reload
...
support `WebhookAccessors` smart reload
Kubernetes-commit: 4e9b487e7e6f23234fc60c6fcb09544185f6d174
2023-07-14 17:45:39 +00:00
a541a7b473
remove todo/spelling
...
Kubernetes-commit: 8a4a29d59177699a78f6194861f83789763aac25
2023-07-14 11:08:00 -05:00
Dr. Stefan Schimanski
Kubernetes Publisher
Damien Grisonnet
Jordan Liggitt
Madhav Jivrajani
Jiahui Feng
Andrew Sy Kim
Alexander Zielenski
Marek Siarkowicz
Nilekh Chaudhari
Stephen Kitt
Richa Banker
Divya Sri Sanaganapalli
Amine
Cici Huang
Igor Velichkovich