kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,407 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

3488 Commits

Author SHA1 Message Date
0x5457 27c3ca736b apiserver: declare kubeClient and dynamicClient as interface types to avoid panic 
Kubernetes-commit: 81824b7c2e673f64f70a6e99180bb6bfc6b738d9
 2024-08-13 11:25:11 +08:00
Jordan Liggitt 77331233f8 Restore honoring --version build ID overrides 
Kubernetes-commit: c181912dc5d8559834857e69ea34ee1729c43c6b
 2024-08-13 18:48:56 -04:00
Adarsh-verma-14 41e1af4df2 remove duplicate call for ServeMux 
Kubernetes-commit: 838d7c9049439b5997f0947258e183d677788475
 2024-08-07 02:56:49 +05:30
Lan Liang 552e7d7170 Using NewExpressions for cel lazy test. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: 9a8d6b72e4f1e33e6a30fd281fd0972fdce93f78
 2024-07-25 10:08:15 +00:00
Anish Ramasekar febd487238 Validate structured authn feature is enabled for discovery url/multiple 
audiences

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f80c73248f872769d72b620e567747a1018f8a2b
 2024-07-23 15:04:02 -07:00
Marek Siarkowicz 3adae5fd46 Make object transformation concurrent to remove watch cache scalability issue for conversion webhook 
Test by enabling consistent list from cache in storage version migrator stress test that uses
conversion webhook that bottlenects events comming to watch cache.

Set concurrency to 10, based on maximum/average transform latency when
running stress test. In my testing max was about 60-100ms, while average
was 6-10ms.

Kubernetes-commit: bb686f203308481bcd7808f767171cdef27e12a0
 2024-07-22 11:24:37 +02:00
Marek Siarkowicz 9aa7a6ac61 Introduce ConcurrentWatchObjectDecode feature gate disabled by default 
Kubernetes-commit: 93a10a75698075e86344ee4fdb56701309468b95
 2024-07-30 16:28:48 +02:00
Marek Siarkowicz c470f38c60 Move ConsistentListFromCache to Beta default again 
This reverts commit aeb51a16e369d5b823a8ae6488d1d5e12c683516.

Kubernetes-commit: 2ca56aab87d0927e568f1d896d49692433d5d93a
 2024-07-30 22:49:47 +02:00
Ben Luddy 788e7ee758 Move APIServingWithRoutine to alpha and disabled by default. 
Kubernetes-commit: c8380040848fcbd0a0cc06600b9d4531b65098d2
 2024-07-30 16:33:31 -04:00
Marek Siarkowicz 6c5ee08ccf Implement fallback for consistent reads from cache 
Kubernetes-commit: 35962561e44425fe5e23f19aeccba9269fab3a56
 2024-07-30 18:57:22 +02:00
Jefftree e749b346fa CLE feature gate 
Kubernetes-commit: 9b16b0dc97c3f353f60eb935a8a532ec82b5e18e
 2024-07-21 20:04:36 +00:00
Cici Huang 92ee9330ce Allowing direct CEL reserved keyword usage in CRD (#126188) 
* automatically escape reserved keywords for direct usage

* Add reserved keyword support in a ratcheting way, add tests.

---------

Co-authored-by: Wenxue Zhao <ballista01@outlook.com>

Kubernetes-commit: a48a92c72ec7d4e2a8da396309abff9360faae75
 2024-07-24 01:23:51 +00:00
Jefftree 130a469e09 Validate CABundle when writing CRD 
Kubernetes-commit: a5791b344c04ded4f443c7e134242a29bd0e2bac
 2024-03-26 15:59:16 +00:00
Sean Sullivan f438154cef Adds metrics to PortForward Websockets 
Kubernetes-commit: 90d70ed73dd7fcc9465baf452d178eb72f2aaf90
 2024-07-17 21:29:31 -07:00
Patrick Ohly c1c9700b75 CEL: add QuantityDeclType 
Most functions in k8s.io/apiserver/pkg/cel work with DeclType for type
definitions, which made the existing QuantityType unusable with them. The new
QuantityDeclType fills that gap.

Kubernetes-commit: bcececadfb5b7deb3f6ecb253a73ea98a2fdd80c
 2024-07-17 19:36:36 +02:00
cici37 3d5977276b Promote metrics for VAP and CRD validation rules to beta. 
Kubernetes-commit: 95dbfa1c3d2f62e5d0f52788a2dd19fc61ca0a36
 2024-07-19 20:46:33 +00:00
Cici Huang 5678a8c44d Remove feature gate CustomResourceValidationExpressions. 
Kubernetes-commit: 67a171a1422cc5861491aadd69e51ce718196434
 2024-07-16 10:39:00 -07:00
Jordan Liggitt 6c5ca3dcf3 Fixup lint warning 
Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552
 2024-06-27 00:42:01 -04:00
Jordan Liggitt eabf12957a Add structured labelSelector / fieldSelector to authorization webhook match conditions 
Kubernetes-commit: a1398a8ccaeb7f881acb65d1276392f4cac259e8
 2024-06-26 17:17:43 -04:00
Jordan Liggitt f14fc0f445 Adjust CEL cost calculation and versioning for authorization library 
Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87
 2024-06-26 21:38:24 -04:00
David Eads efe135c937 Add CEL fieldSelector / labelSelector support to authorizer library 
Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2
 2024-06-14 14:39:54 -04:00
Jordan Liggitt b338834e91 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.

Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8
 2024-06-29 21:45:55 -04:00
Jordan Liggitt 9db3f571d5 Improve CEL cost tests to catch unhandled estimates or types 
Kubernetes-commit: 1d2ad282cff163e51e5c24569a0ac762ed814e74
 2024-06-26 21:38:48 -04:00
David Eads f26d4ed894 add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
 2024-05-23 15:12:26 -04:00
Cici Huang cd492e8b91 Fix the error type, Add into observation, Fix tests. 
Kubernetes-commit: b7821078b36f1cb25d903774ddf37a97966c2eac
 2024-07-16 08:27:36 -07:00
Jiahui Feng 8b22c5cc3d make use of new error reporting in the dispatcher. 
Kubernetes-commit: d61edc51b84774c158b3866ab9a0678d4ddaba96
 2024-04-26 11:49:44 -07:00
Jiahui Feng 8f577b916d remove unused policy_definition_total metric and state label 
Kubernetes-commit: 8e9232ef46d5b08ab4f95ad6c1e93671ef1bd5ba
 2024-04-25 18:30:26 -07:00
Jiahui Feng 2ae742ecb6 make Err wrap one or zero error. 
Kubernetes-commit: ce45a82346623d19168b0b85cbba5ba4ff164417
 2024-04-25 17:59:32 -07:00
Jiahui Feng 8be90f624a errors improvement. 
Kubernetes-commit: b846c39047289e69d932ea9d5d4dadc6856ad0c7
 2024-04-23 16:54:47 -07:00
Mike Spreitzer eb8f232a36 Add unit test of borrowing by exempt, fix bug 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>

Kubernetes-commit: 9aa9d3d4b7c637a0796e5a25c312a999ac628bd9
 2024-06-12 03:38:15 -04:00
Mike Spreitzer 010634c01b More assertive borrowing by exempt 
Happy middle ground with what the KEP says?

Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>

Kubernetes-commit: 56fc11f3bef9f6af16aa30731050168e732754a2
 2024-05-08 02:30:27 -04:00
Lukasz Szaszkiewicz 708f0cf46b Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35d83ca32833e81997b6257ee4d4f369.

Kubernetes-commit: 88f47b4b4df2f099cc20381fdc0fbcfe0afcee8e
 2024-07-18 09:29:24 +02:00
Monis Khan 17ba1a9a64 Revert "Move ConsistentListFromCache to Beta default" 
This reverts commit 0c0e19b343d48d4bea0e7fa735e3781c70298a34.

During stress test for SVM controller, the controller is unable to
make a list call due to following error:

resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"

With the feature disabled, the stress test passes.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: aeb51a16e369d5b823a8ae6488d1d5e12c683516
 2024-07-16 23:12:16 -04:00
Siyuan Zhang 7f5df11548 add emulated-version flag to kube-scheduler to control the feature gate. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>

Kubernetes-commit: 40cddbe21516122a528e2afb2b1fbcaed1acbe8a
 2024-06-27 11:56:49 -07:00
Matthieu MOREL 8705baa8b2 fix: enable empty and len rules from testifylint on pkg package 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>

Kubernetes-commit: f014b754fb5925dfbca6e27a44d0c3968b157e14
 2024-06-28 21:20:13 +02:00
Vinayak Goyal fd1f3aafaf Fix typo in error message for anonymous field in AuthenticationConfiguration. 
Kubernetes-commit: 27e8923c70c8bf95e0db02aeb7a0d45908ae9d62
 2024-07-09 21:04:28 +00:00
Abu Kashem 5f6927c810 add test to document request timeout behavior 
- using the default handler chain of the kube-apiserver

Kubernetes-commit: c6210ff8ab4a94d1dd31a56acc16dc9fdc2333f4
 2024-05-07 13:52:18 -04:00
Siyuan Zhang 6f7147fc9d fix lock bug for componentGlobalsRegistry 
Signed-off-by: Siyuan Zhang <sizhang@google.com>

Kubernetes-commit: d31aebe57224b678a0c17df7766d8e7f850209e8
 2024-07-05 15:50:10 +00:00
Davanum Srinivas 1292729d42 Fix for typecheck doesn't notice compile errors in test files 
- ensure we add all the staging modules so the _test files in there are "loaded"
- use build tags to skip tests that fail to build in specific os/arch pairs

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Co-Authored-By: Tim Hockin <thockin@google.com>

Kubernetes-commit: c230a45383c372e3861de3d4854cdfe28f4c482f
 2024-07-02 16:26:41 -04:00
Joe Betz b754d6e7f2 Remove special case logic in apiserver to serve all APIs when binary version is set artifically to 0.0 
Kubernetes-commit: 1864e7131eca32fc9bebf20641becb467f240eca
 2024-07-03 14:16:15 -04:00
Abu Kashem f553925235 apiserver: remove feature gate APIPriorityAndFairness 
Kubernetes-commit: ae647032a74bf8f671fa8db0602dee301cf865bf
 2024-07-02 12:55:43 -04:00
Eric Lin 5d14d72b5c Fix httplog not logging watch duration in separate goroutines 
Signed-off-by: Eric Lin <exlin@google.com>

Kubernetes-commit: 06c7058115e623126884d05c54a30db511a9cb71
 2024-06-21 10:03:31 +00:00
Wojciech Tyczyński a643e14347 Implement resilient watchcache initialization post-start-hook 
Kubernetes-commit: a5772bd42593f6492f5169eef49bc9884f95abba
 2024-06-13 11:02:18 +02:00
Lukasz Szaszkiewicz 8321755755 kube-apiserver: promote WatchList feature to beta 
Kubernetes-commit: 0b15903b35d83ca32833e81997b6257ee4d4f369
 2024-06-19 11:48:20 +02:00
Vinayak Goyal 77f498853b KEP-4633: Allow health-only anonymous auth mode. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>

Kubernetes-commit: 5e6a4937f5a3e20dd77238946220461332ecddff
 2024-05-16 21:18:34 +00:00
Lukasz Szaszkiewicz 5e71b4e71d apiserver/storage/watchcache: WaitUntilFreshAndList supports path prefix 
Kubernetes-commit: 2f9660db6b0ba37ff383559b1b0324c635f1eb66
 2024-06-26 14:34:32 +02:00
Lukasz Szaszkiewicz bc659f87fc flowcontrol/request/list_work_estimator: sync shouldDelegateList 
Kubernetes-commit: c259fe2342162a0c883845bfbdf8a838697fe085
 2024-06-17 16:14:39 +02:00
Lukasz Szaszkiewicz 54645c663b apiserver/storage/cacher: cache supports pagination 
Kubernetes-commit: 09e85983d84b5f6c3fed6c09dd0adcbdde7e9d5f
 2024-06-10 10:14:38 +02:00
Lukasz Szaszkiewicz f0e44d48b8 apiserver/storage: storagetesting.RunTestList validates RemainingItemCount 
Kubernetes-commit: f9b15700fb5a99ab74d51c7779ea2aae0f51168c
 2024-06-27 11:01:37 +02:00
Lukasz Szaszkiewicz 9afcce8b2b storage/cacher/cacher_whitebox_test.go: deflake TestWaitUntilFreshAndListFromCache 
Kubernetes-commit: 662672a6cacd71ad0cfc168a793d6a75a7e0ffff
 2024-06-26 15:04:15 +02:00