kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,988 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

6988 Commits

Author SHA1 Message Date
Anish Ramasekar 1bc99127a6 Add integration test for multiple audience in structured authn 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 0feb1d5173c94e28da79963fb296296b005dd6a1
 2024-02-14 17:04:21 -08:00
Kubernetes Publisher 8242123b04 Merge pull request #122887 from jpbetz/retry-generate-name-create 
Implement KEP-4420: Retry Generate Name

Kubernetes-commit: 58c77d7b63d0a027b37e2189f9de2728e5674169
 2024-02-15 05:33:54 +00:00
Kubernetes Publisher aa40040fbc Merge pull request #123282 from enj/enj/i/authn_config_algs 
Support all key algs with structured authn config

Kubernetes-commit: 72c3c7c924ec88bfb852fd75740ed7b0ab915c38
 2024-02-15 05:33:52 +00:00
Kubernetes Publisher 6d4e589c29 Merge pull request #123165 from aramase/aramase/f/kep_3331_audience_match_policy 
Add `AudienceMatchPolicy` and support multiple audiences in AuthenticationConfiguration

Kubernetes-commit: ba450636a455eedb78a18d21db8919e9afdd4e77
 2024-02-15 01:39:13 +00:00
Kubernetes Publisher f980dbe8f0 Merge pull request #123250 from benluddy/dep-bump-cbor-v2.6.0 
Bump github.com/fxamacker/cbor/v2 to v2.6.0.

Kubernetes-commit: e305e773bbfe8c5bdf9c57881a875e168b004b8c
 2024-02-15 01:39:12 +00:00
Kubernetes Publisher ffe03d21f3 Merge pull request #122919 from alexzielenski/apiserver/policy/mutating-initial 
Refactor AdmissionPolicy for code sharing with mutating

Kubernetes-commit: 684a9975fe0e1dac4ffe00c9826590f231bdd030
 2024-02-15 01:39:10 +00:00
Monis Khan d887d80e81 Support all key algs with structured authn config 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b5e0068325da7aa5ca42a7d5ea6b0f012a519765
 2024-02-13 13:45:53 -05:00
Kubernetes Publisher 503dabd7e9 Merge pull request #123179 from aramase/aramase/f/encryption_config_reload_metric 
Add `apiserver_encryption_config_controller_automatic_reloads_total` metric and deprecate success/failure counter

Kubernetes-commit: 7abb063b42c7770628ee2b69e25370cf6334882a
 2024-02-13 17:30:58 +00:00
Ben Luddy 137045a592 Bump github.com/fxamacker/cbor/v2 to v2.6.0. 
Kubernetes-commit: aac43dc96f2b679f0ab030fd3512c7e03b0f2df4
 2024-02-12 15:46:17 -05:00
Anish Ramasekar f6b16dddb3 Add `apiserver_encryption_config_controller_automatic_reloads_total` 
metric

- Adds `apiserver_encryption_config_controller_automatic_reloads_total`
  metric with status label for encryption config reload success/failure.
- Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total`

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 77241d31253baf051302fff7480c9601ad817399
 2024-02-07 19:44:41 +00:00
Kubernetes Publisher 9d6ad00bf4 Merge pull request #121486 from benluddy/cbor-stub 
KEP-4222: Add stub CBOR serializer.

Kubernetes-commit: 48228bf9dbac308f43abd59a53fdc069fbddee0f
 2024-02-10 01:48:31 +00:00
Kubernetes Publisher 76d76deeaf Merge pull request #123083 from jiahuif-forks/feature/validating-admission-policy/typechecking-variables 
ValidatingAdmissionPolicy: support variables

Kubernetes-commit: 002b0f00033e3fd4650dd4da3717b9187b8621e1
 2024-02-09 01:38:56 +00:00
Jiahui Feng 6f620d4d18 add test case for error inside variables. 
Kubernetes-commit: 3e777540fda8dda01bb72702b1e39675f21d2955
 2024-02-08 13:39:25 -08:00
José Carlos Chávez f099bff723 chore: adds consistent vanity import to files and provides tooling for verifying and updating them. (#120642) 
* chore: drops update vanity imports from script.

* chore: changes copyright year to 2024.

* chore: makes lint happy.

Kubernetes-commit: 6d6398ef9266abce3518a4c9a3d4e4d8feeffdc1
 2024-02-08 14:10:27 +00:00
Kubernetes Publisher 970932bc20 Merge pull request #123001 from tkashem/apf-allow-zero-concurrency 
Allow zero value for the 'nominalConcurrencyShares' field

Kubernetes-commit: 862ff187baad9373d59d19e5d736dcda1e25e90d
 2024-02-06 17:33:50 +00:00
Kubernetes Publisher 5bcf390db2 Merge pull request #122925 from tkashem/timeout-refactor-handle-error 
apiserver: refactor handleError in endpoints/filters

Kubernetes-commit: 35b1bc45ef380f8a95ccd6d24b0485d22ac41b68
 2024-02-06 13:30:57 +00:00
Kubernetes Publisher 8340bec347 Merge pull request #123098 from munnerz/4193-jti-audit-changes 
use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint

Kubernetes-commit: 8c6e940a970e3a910b02442c001735619a8c7ba4
 2024-02-05 17:30:48 +00:00
Kubernetes Publisher 7b91578b43 Merge pull request #122557 from liangyuanpeng/anp_0.29 
Bump konnectivity-client to v0.29.0

Kubernetes-commit: 6972fd7d0be4f85b98737aaf8c2e105b42c0de6e
 2024-02-05 17:30:47 +00:00
buddie.wei 586f61dd0f Fix the syntax error in the comment of the checkQuotas method. (#121428) 
* Update controller.go

Fix comment error.
From "It there was no quota change mark the waiter as succeeded." to "If there was no quota change mark the waiter as succeeded."

* Adjust the comments to maintain consistent tense throughout.

Adjust the comments to maintain consistent tense throughout.

Kubernetes-commit: 5855f5178f42dbc114b6c5ac1964a5dd62bb0957
 2024-02-06 00:45:00 +08:00
James Munnelly c60b23f298 use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint 
Kubernetes-commit: 7f12735fffdc490eae59e98d0f03638067b028de
 2024-02-02 16:57:16 +00:00
Kubernetes Publisher 9dc08c72a8 Merge pull request #115282 from tkashem/panic-warning 
apiserver: warning.AddWarning should not panic when request times out

Kubernetes-commit: ac6d67d27c63822298a9c725daec47f70dde94dc
 2024-02-02 01:30:00 +00:00
Jiahui Feng ab64beb117 add support of variables for Type Checking. 
Kubernetes-commit: dc832c6e59e98f8b842efe42d3f18a67e781779d
 2024-02-01 15:28:21 -08:00
Jiahui Feng 1501159ecb refactor type checking to use CompositedCompiler. 
Kubernetes-commit: 21ba0d59d3a29b5668d4ba712d5b130d458121c6
 2024-02-01 13:20:21 -08:00
Kubernetes Publisher da62838474 Merge pull request #121512 from HirazawaUi/add-decod-time-trace 
Add decode time to the audit log

Kubernetes-commit: 11b974043604f5ccbeb6e5e62e1d9edcf00bc336
 2024-01-31 21:30:53 +00:00
Kubernetes Publisher c1f89863c2 Merge pull request #118511 from lowang-bh/fix_spell_error 
fix comment of rbac decision for NoOpinion

Kubernetes-commit: fb7181792b693d9248179154a2e7172f0cd405db
 2024-01-31 21:30:52 +00:00
Kubernetes Publisher 2e2157fa2f Merge pull request #123003 from alexzielenski/apiserver/policy/crd-startup 
ValidatingAdmissionPolicy: dont skip reconcile for unchanged policy if last sync failed

Kubernetes-commit: 4f910fe47cc9a0cf648a049a6cccc38be17b0ad6
 2024-01-29 20:36:41 -08:00
Alexander Zielenski 1672796601 bugfix: avoid NPE possibility by making composition environment global 
Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33
 2024-01-29 13:45:27 -08:00
Alexander Zielenski 69adaecb9e bugfix: dont skip reconcile for unchanged policy if last sync failed 
Kubernetes-commit: 71559bd02670f53a2d6640714eeb4e7fbc554e86
 2024-01-26 18:57:30 -08:00
Kubernetes Publisher 0dd0e74922 Merge pull request #122886 from jiahuif-forks/feature/cel/mutating-library 
[CEL Library] Unstructured Object Construction Support

Kubernetes-commit: 2363cdcc399cbf428210efb2c51575ddcad2b84a
 2024-01-27 01:29:38 +00:00
Abu Kashem 554c2d262b apiserver: allow zero value for the 'nominalConcurrencyShares' field 
Kubernetes-commit: 5f75c35edf1ea0a10a64615c43b5868484c94f46
 2024-01-26 14:27:09 -05:00
Jiahui Feng 95a53374a5 convert the expectedValues to be cel.Val. 
Kubernetes-commit: c89dcf52b12bf5e32f71f3ed600315242f7e44f6
 2024-01-25 13:52:39 -08:00
Jiahui Feng f0c47558ed extra case for affirmative has(map) test. 
Kubernetes-commit: d6991638029be493e5c197b6cd0d268d8ce55457
 2024-01-25 13:36:42 -08:00
Kubernetes Publisher 9d32b8c86a Merge pull request #120631 from liyuerich/ptrderef 
Drop deprecated pointer package

Kubernetes-commit: fb1aea9a289e155fa21a57e9512acd61ed1b786b
 2024-01-24 21:29:42 +00:00
Anish Ramasekar fb760be3fc support multiple audiences with jwt authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 18c563546a764b559ce5b74f09eaaaf9c1f0e5fb
 2024-01-24 17:15:11 +00:00
Anish Ramasekar 26996e3679 Add AudienceMatchPolicy to AuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 19da90d6396ce9471f612d6e9a31f1b1c8d605b1
 2024-01-25 22:35:16 +00:00
Jiahui Feng eb407cc3dd fix convertField and its comments. 
Kubernetes-commit: d0c323fb8fbfa5c1b91ae445cbda60a416e85e65
 2024-01-23 16:47:33 -08:00
Jiahui Feng 3a5a43790e add support for equality check. 
Kubernetes-commit: df9620c9f6f6a60f7cbcacb3ad9fa40d79d1d73e
 2024-01-23 16:07:39 -08:00
Alexander Zielenski 9fd47abbb1 refactor: implement VAP off of policy plugin fw 
Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058
 2024-01-22 17:31:52 -08:00
Alexander Zielenski f8d65cf3a6 refactor: create generic policy plugin type similar to webhook 
Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be
 2024-01-22 17:31:34 -08:00
Jiahui Feng 8b89a41f3f mutation library for CEL. 
- TypeRef, TypeProvider interfaces.
- TypeRef, TypeProvider, ObjectVal, FieldType implementations
   for unstructured.
- Tests for using optional in mutation.

Kubernetes-commit: 9bbdbc510ebf8e2dcb243d6fbbf57449f895196e
 2024-01-19 17:03:34 -08:00
Joe Betz 6f648c15a2 Add retry around create 
Kubernetes-commit: a05db0dd22a68a9c443a9f01cc1b8f6397fd6a9f
 2024-01-19 16:10:30 -05:00
Alexander Zielenski 06be9d025c refactor: move matching logic into parent policy folder 
Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3
 2024-01-17 18:12:41 -08:00
Alexander Zielenski 57e06e43f7 refactor: move vap into parent `policy` folder 
also renames to remove stutter

comment

Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a
 2024-01-17 18:09:30 -08:00
Alexander Zielenski 3769e5c054 refactor: move celmetrics close to its usage in vap 
does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics

Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7
 2024-01-17 17:05:53 -08:00
Abu Kashem e6f368f3b9 apiserver: refactor handleError in endpoints/filters 
Kubernetes-commit: 9e37ccedc7fbbbacf07ecc79949c75e1e250ba58
 2024-01-09 13:32:09 -05:00
Lan Liang d24017c506 Update konnectivity to 0.29.0 
update konnectivity server&agent images to 0.29.0

  bump konnectivity deps to 0.29.0

Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: d3b8eba690f8eeaf41b4fdf56c943004be501e4e
 2024-01-02 05:52:55 +00:00
HirazawaUi bc8676d59a Add decoding time to the audit log 
Kubernetes-commit: 20fe2a3539e90f7554f94359ac3b4058a5bbb363
 2023-10-25 22:52:11 +08:00
Ben Luddy f9391f6b1d Update vendoring to take new CBOR library dependency. 
Kubernetes-commit: 09a1abda998fc37e2e29a120a82be7c6271656e0
 2023-10-17 16:51:52 -04:00
liyuerich f709e954ab drop deprecated pointer package 
Signed-off-by: liyuerich <yue.li@daocloud.io>

Kubernetes-commit: e490439262fad619d83c5647a42a5382cb9c787b
 2023-09-15 21:03:36 +08:00
Kubernetes Publisher 888034e53f Merge pull request #122518 from cici37/celEnv29 
Update env version, add cost for previous added func, add tests, etc.

Kubernetes-commit: 31197eba75040cb0b88f488caf18a4c87182abed
 2024-01-23 21:29:53 +00:00