2b2d066eda
Merge pull request #126985 from dashpole/fix_mem_leak_29
...
Cherrypick of #126957 on 1.29: Fix memory leak from global OpenTelemetry MeterProvider
Kubernetes-commit: a07ca005c089b1175df82ca6f359070820e90970
2024-10-09 15:02:17 +00:00
3b20889f09
update vendor
...
Kubernetes-commit: d9c651dc6b6ddb63633bb499f0139456910cf3d5
2024-08-29 00:20:06 +00:00
97bc22d9cd
fix memory leak from global MeterProvider
...
Kubernetes-commit: 27d1927474e71d05afd18a30f36f175a429573b1
2024-08-28 14:20:46 +00:00
d5bfbb319d
Merge pull request #126151 from xyz-li/cherrpick-125145-129
...
cherry pick of #125145 apiserver fix watch namespace
Kubernetes-commit: a18cf5d10a21bd7a767615ddad85e7e200bb04e1
2024-07-29 14:22:57 +00:00
36207c1fc4
apiserver: fix watch namespace
...
For request like '/api/v1/watch/namespaces/*', don't set scope.namespace.
Because the func `addWatcher` add a watcher to allWatchers with the value `scope.namespace` not empty.
But the function `dispatchEvent` dispatch event with an empty namespace.
Signed-off-by: xyz-li <hui0787411@163.com>
Kubernetes-commit: 70fdb7b1c533454a2cd5dfa666a0251dbdf54400
2024-05-27 17:48:49 +08:00
5c898d5aa3
Merge pull request #125024 from wojtek-t/automated-cherry-pick-of-#122027-upstream-release-1.29
...
Automated cherry pick of #122027 : Don't sort under lock
Kubernetes-commit: cad34598bcf5c543aa3ed6b60c722955f437c50f
2024-05-22 00:21:15 -07:00
d06319266f
Don't sort under lock
...
Kubernetes-commit: f6072e0d73dcb33edd3f2b1e656bb6d0cf81f9f0
2023-11-23 18:13:43 +01:00
422a5daca8
Merge pull request #124803 from seantywork/automated-cherry-pick-of-#124662-upstream-release-1.29
...
Automated cherry pick of #124662 : Updated & added visibility to apiserver x509 test
Kubernetes-commit: 50798339d3f9e095bda9a8b3d877b0ff5860536e
2024-05-21 01:00:06 -07:00
a717764a86
Updated & added visibility to apiserver x509 test certificates expiring this year
...
Kubernetes-commit: 9776912fda18b1ee83abe398280b80d7a39db772
2024-05-02 23:22:55 +00:00
aa8560e93a
Merge pull request #124294 from dims/automated-cherry-pick-of-#124283-upstream-release-1.29
...
Automated cherry pick of #124283 : Rename `cluster` to `storage_cluster_id` for
Kubernetes-commit: 61fce014473ffe6eb0418b52c5665ac2014adeb9
2024-05-10 12:59:00 +00:00
818604e006
Rename `cluster` to `storage_cluster_id` for apiserver_storage_size_bytes metric
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: d995bfa258c4c9ee6e0c866451b8305a8077bca3
2024-04-11 15:06:03 -04:00
a4273cc011
Merge pull request #124180 from MadhavJivrajani/bump-x-net-2023-45288-129
...
[CVE-2023-45288][1.29] Bump x/net to v0.23.0
Kubernetes-commit: 63d93a51fe867f8d02103e7a13743fd98c1a2020
2024-04-04 16:46:37 +00:00
661759c3a8
[CVE-2023-45288] .*: bump x/net to v0.23.0
...
Co-authored-by: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: f10341af553a57bcfd04280042518b1abe283273
2024-04-04 14:20:20 +05:30
8eca52ca6f
Merge pull request #123973 from serathius/consistent-watch-from-etcd-1.29
...
Cherry-pick of #120897 #123935 #123887 #123994 : Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage.
Kubernetes-commit: 6a9602d59415a505699d81559570e8e1155622a8
2024-03-21 00:55:49 +00:00
d432100923
Undo double run of the TestWatchSemantics test to avoid hitting timeout
...
Kubernetes-commit: cf2a337154f14b64923d3dace9bc2cab188dbb01
2024-03-19 15:16:52 +01:00
0946a0336e
apiserver/storage/cacher: decrease the running time of tests in the cacher package.
...
It turns out that kube has a custom timeout for tests of 3 minutes.
The tests in the cacher package are utilizing nearly the
entire time and are being terminated, resulting in failing jobs.
Before the change, the TestWatchSemantics took ~43s to run. With this simple change, it now takes ~18s.
When we created the tests, we didn't measure the running time and assumed that waiting 1 second on a watch channel
to make sure no more events are received was sufficient.
This PR decreases the waiting time to 300 milliseconds.
Modern computers can perform many tasks within that time.
In addition to that, the tests are serial in nature, meaning that there is no other
actor that could add items to the database, which could result in receiving new items.
After the change the total running time decreased by 17%.
Before the tests needed ~176s after they need ~146s.
The changes also improved TestWatchSemanticInitialEventsExtended.
Kubernetes-commit: d9ca300598e7195545ca38ab9e5e640a2379d553
2024-03-12 09:15:55 +01:00
582da82650
Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage.
...
Kubernetes-commit: f8f08542c911b0fd620a26ca038b4f255b7a6217
2024-03-14 15:20:29 +01:00
21e0f5b77d
Ensure that initial events are sorted for WatchList
...
Kubernetes-commit: ff2189b7c2b383a9f260444a8371bcf22d65baa6
2023-09-26 18:39:44 +02:00
d49097b826
Merge pull request #123763 from liggitt/proto-1.29
...
[1.29][CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
Kubernetes-commit: a6fe782283fbe8af43d4d8990a5b3b8b72822ab4
2024-03-13 00:56:31 +00:00
1b4c9afb8a
Merge pull request #123693 from mengqiy/automated-cherry-pick-of-#123532-upstream-release-1.29
...
Automated cherry pick of #123532 : Prevent watch cache starvation, by moving its watch to
Kubernetes-commit: b607e4e35cf98d3206d84fef6373d4d168245020
2024-03-08 12:54:59 +00:00
d138c29f00
[CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
...
Kubernetes-commit: 3ceb275cbe478ea866af363b57719085b8472b6d
2024-03-06 10:38:40 -05:00
b9037e3894
Test that separation of streams work by using progress notifies
...
Kubernetes-commit: b1e1d68cfb9acb1849423f7d0d67e87da3a359c2
2024-02-29 17:51:46 +01:00
88805caf85
Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior
...
Kubernetes-commit: 4009acb0cf17a5500041bd40514a62256bef69d9
2024-02-27 11:25:42 +01:00
bd6de43ed5
Merge pull request #123080 from alexzielenski/automated-cherry-pick-of-#123003-upstream-release-1.29
...
Cherry pick of #123003 and #123082 : bugfix: dont skip reconcile for unchanged policy if last sync
Kubernetes-commit: b39bf52c6693356fb3e3c4a91ef56aff20c13aef
2024-02-08 17:43:08 -08:00
b7459bd879
bugfix: dont skip reconcile for unchanged policy if last sync failed
...
Kubernetes-commit: cc819ed4ae7b75d0e28f567dac8c8282b647369a
2024-01-26 18:57:30 -08:00
e9b57224a2
Merge pull request #122369 from cici37/automated-cherry-pick-of-#122193-upstream-release-1.29
...
Automated cherry pick of #122193 : Keep presence cost to 0 to ensure backward compatibility.
Kubernetes-commit: 2991f6e2165003c6fe50fb46a95d7215f9e65179
2024-01-12 17:42:07 +00:00
037e27f0fe
Merge pull request #122478 from liangyuanpeng/automated-cherry-pick-of-#121624-upstream-release-1.29
...
Automated cherry pick of #121624 : use context for lazy evaluation.
Kubernetes-commit: eefb0054e84da3322b08b62eef45aa9be390bdd1
2024-01-10 18:33:27 +00:00
0065398a1f
Merge pull request #122429 from MadhavJivrajani/tools-bump-129
...
[1.29][go1.22] .*: bump golang.org/x/tools to v0.16.1
Kubernetes-commit: 0ab1828bb44713417dae360a83f74080144429d7
2024-01-10 18:33:26 +00:00
919f1ad6a1
.*: bump golang.org/x/tools to v0.16.1
...
Bumping tools to include the fix for a nil pointer
deref error in go/types. See golang/go#64812
for more details.
This fix is needed for when we bump to go1.22.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: b055126537b1e2b59890469dcfbf795596cc8556
2023-12-21 11:14:00 +05:30
ae9ed668d6
Address comment
...
Kubernetes-commit: a5f64b743e43687029173bd390854237a24b8579
2023-12-07 22:39:00 +00:00
02998b39fe
Keep presence cost to 0 to ensure backward compatibility.
...
Kubernetes-commit: ed501c1f080c054bae825e2cbdbdf9a8e99378e3
2023-12-05 23:27:51 +00:00
024724994a
Merge pull request #121822 from ritazh/webhookauthz-benchmark
...
[StructuredAuthz] Webhookauthz benchmark
Kubernetes-commit: 68e3cedce2085c4476fca17770eab9203b6fbc58
2023-11-28 19:46:15 +00:00
59c9103d07
Merge pull request #121808 from cpanato/go-update-main
...
[go] Bump images, dependencies and versions to go 1.21.4
Kubernetes-commit: 6ba7258a0f3f73629560fc30016b2e35c8e7ae9c
2023-11-13 17:32:39 +00:00
c4ab5aa41a
add false matchCondition benchmark
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 7c5dfceff8a4de3387b48e941d098a3957de2870
2023-11-13 09:22:24 -08:00
e319da4264
split compile and eval
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 11cdb8fd011a931d34506ade65e966f7c5208ae7
2023-11-08 16:37:10 -08:00
f0d5068944
authz: add benchmark for webhook authorizer
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: fe53db0dbdc25c9b2f87adbd53f1ebe4b6c1169d
2023-11-08 15:38:11 -08:00
7bd75806d6
update go.mod
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Kubernetes-commit: 9e5b8402bb95eb82541099e77c3a8b0ccd31297f
2023-11-08 08:46:15 -06:00
10c70bebf9
Merge pull request #121780 from HirazawaUi/fix-delete-collection-test-failed
...
fix test store delete collection function failed
Kubernetes-commit: f927d5b385c9d6f8870cf9ae6c38cb96d54c23df
2023-11-07 21:25:39 +00:00
f834404133
fix test store delete collection function failed
...
Kubernetes-commit: b12db6d9b55e02b232b716683a2d516e1788a9ce
2023-11-08 00:07:45 +08:00
dab5ebce44
Merge pull request #121709 from aramase/aramase/f/authn_user_info_fix
...
[StructuredAuthn] Ensure empty fields of user object are accessible by CEL
Kubernetes-commit: c3eebb233d000ac2dbbd559725124a79bf40d0f0
2023-11-03 05:24:07 +00:00
b20a2d3074
Merge pull request #121705 from liggitt/authz-config-webhook-test
...
Add multi-webhook integration test
Kubernetes-commit: fb9c94b3a50aa9f95a6153fb04d844decedbcf33
2023-11-03 01:25:01 +00:00
17a9a816ec
[StructuredAuthn] Ensure empty fields of user object are accessible by
...
CEL
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: b693f09d544b17c82af4437bd93ea0b165e2622e
2023-11-02 22:20:06 +00:00
2a9f8b8d15
Include empty string attributes for CEL authz evaluation
...
Kubernetes-commit: 44d89c8cf8c1ba883029e1244492a523d6b50b92
2023-11-02 15:14:06 -04:00
4eacc8425d
Plumb failure policy from config to webhook construction
...
Kubernetes-commit: 2e2f51a4417d93b5505091d28b319365dc95e137
2023-11-02 13:55:35 -04:00
374f72b704
Require match condition version only if matchConditions are specified
...
Kubernetes-commit: a000af25ff3bcc79fe7d8da299225ad252c9894a
2023-11-02 13:54:39 -04:00
798e645af6
Merge pull request #121573 from tukwila/bump_etcd_v3.5.10
...
bump etcd newest version: v3.5.10
Kubernetes-commit: 974735854b7fdfba2d0a67dbc15457c259e40aff
2023-11-01 17:29:14 +00:00
d0f0eebe8c
Merge pull request #121552 from pohly/klog-update
...
klog v2.110.1 update
Kubernetes-commit: da61382068671c3e16782a9b45e7f2159ac0feb9
2023-11-01 17:29:12 +00:00
09fd766b6a
bump to newest etcd: v3.5.10
...
Signed-off-by: guangli.bao <guangli.bao@daocloud.io>
Kubernetes-commit: bc1df9e7dab085b0d6301ac96f6b7e3ff90836ee
2023-11-01 10:44:07 +08:00
53481420f1
use context for lazy evaluation.
...
Kubernetes-commit: 865f214fe534c90ddfa8010a182c5f4205f05033
2023-10-30 11:29:57 -07:00
e2d4a4f3e2
dependencies: klog v2.110.1
...
Dropping a newline at the end of the message when using klog calls is an
intentional improvement (https://github.com/kubernetes/klog/pull/378 )
Kubernetes-commit: 878d037d3ba8fc4f11bf45a6cf5a66301ba89d82
2023-10-16 10:03:54 +02:00
Kubernetes Publisher
David Ashpole
xyz-li
Wojciech Tyczyński
Taehoon Yoon
Davanum Srinivas
Madhav Jivrajani
Marek Siarkowicz
Lukasz Szaszkiewicz
Jordan Liggitt
Alexander Zielenski
Cici Huang
Rita Zhang
cpanato
HirazawaUi
Anish Ramasekar
guangli.bao
Jiahui Feng
Patrick Ohly