4d70dec65c
Promote StructuredAuthorizationConfiguration feature gate to beta
...
Kubernetes-commit: 30256c8909ab8c30a64f786361543768f2719c77
2024-03-02 02:12:36 -05:00
743b53428c
Test that separation of streams work by using progress notifies
...
Kubernetes-commit: 1cf4cec449cb29718a694e25f4750452af3f491d
2024-02-29 17:51:46 +01:00
e810084a4b
Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior
...
Kubernetes-commit: 31d404b182d2985ce0d3c43f75d80c29a708beda
2024-02-27 11:25:42 +01:00
0376e5de57
adds comments to tunnelingResponseWriter
...
Kubernetes-commit: 3d56ff21fd3c9c9da82ff22044691ef0671ac7b6
2024-03-04 11:10:17 -08:00
9610424488
Fix headerInterceptingConn handling
...
Kubernetes-commit: 2443b3fa694462ab0438f10dea38557edea4d4e7
2024-03-02 17:57:39 -05:00
f4bc37078e
portforward: tunnel spdy through websockets
...
Kubernetes-commit: 8b447d8c97e8823b4308eb91cf7d75693e867c61
2024-02-21 08:56:07 +00:00
9adb3ee3c0
Add authorization webhook duration/count/failopen metrics
...
Kubernetes-commit: 79b344d85e3e2f8f3192a3dcabb384cfe87136a6
2024-03-02 01:44:28 -05:00
9ffd1e2039
Add apiserver_watch_cache_read_wait metric to cache refresh time
...
Signed-off-by: Sunil Shivanand <padlar@live.com>
Kubernetes-commit: e6ed0f37c65fb22c16f5afa408bc4de166070ebc
2024-02-08 12:39:50 +01:00
2eff540b7c
cleanup: if triggerValue has a value, fast break
...
Signed-off-by: xigang <wangxigang2014@gmail.com>
Kubernetes-commit: d72448a41c24911a57b24cabdef3ca63ee048bd4
2024-03-04 10:29:31 +08:00
f2c6133c7f
Add `DiscoveryURL` to AuthenticationConfiguration
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 84852ff56f952b4c3daab920d119d24c2e6a3476
2024-02-07 01:41:52 +00:00
4153027735
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1
...
Kubernetes-commit: 0605a75c5e3590e2b0ab80d2163a76c4e77f4380
2024-03-02 01:56:29 -05:00
59cba35b06
Fix discovery v2 conversion registration data race
...
Kubernetes-commit: 0e9cdf76ad2e21166dd5b72f7b0c2450d648c906
2024-03-01 19:29:39 -05:00
b7a30e3bfb
add authz webhook matchcondition metrics
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
Kubernetes-commit: e76fce75666beb2771dfa15a10700f18d2d15d85
2024-02-29 20:55:32 -08:00
7b0c197f53
cleanup structured authn/authz error logic
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: c2c4f4616d4ecea9fad5b994cdc72e3f96728962
2024-01-25 22:45:19 +00:00
d8d3b8c351
Use v2 types with agg discovery
...
Kubernetes-commit: 462dd326c2e98d937a96d49002883000efe4b2d6
2024-01-19 16:13:47 -05:00
7c8cdebce9
Promote AggregatedDiscovery to GA
...
Kubernetes-commit: 301e804c3f2fb3935c2cf3d2a04967f47921fc99
2024-02-27 16:59:46 -05:00
fc2ef69449
Remove test for disabling aggregated discovery
...
Kubernetes-commit: 0593746f6093a5a59a7a047f03a4139275fcaf11
2024-02-27 18:27:54 -05:00
5624a05672
Remove defunct references to "vendor"
...
Kubernetes-commit: d772f7719dc55ebfec2e9461b6e14bf17f5301df
2024-01-15 15:56:21 -08:00
541bc37de9
Fix go-to-protobuf wrt gengo/v2
...
There's some very fishy-smelling logic in here, but this commit is
trying to be as focused as possible.
The *.pb.go diffs are the "name" encoded in the descriptor. The
descriptor blobs can be decoded by this program (thanks StackOverflow!):
```
package main
import (
"bytes"
"compress/gzip"
"encoding/json"
"fmt"
"os"
"io/ioutil"
proto "github.com/golang/protobuf/proto"
dpb "github.com/golang/protobuf/protoc-gen-go/descriptor"
)
func main() {
m := map[string][]byte{
"before": blobv1,
"after": blobv2,
}
arg := os.Args[1]
dump(m[arg])
}
func dump(bytes []byte) {
fd, err := decodeFileDesc(bytes)
if err != nil {
panic(err)
}
b, err := json.MarshalIndent(fd, "", " ")
if err != nil {
panic(err)
}
fmt.Println(string(b))
}
// decompress does gzip decompression.
func decompress(b []byte) ([]byte, error) {
r, err := gzip.NewReader(bytes.NewReader(b))
if err != nil {
return nil, fmt.Errorf("bad gzipped descriptor: %v", err)
}
out, err := ioutil.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("bad gzipped descriptor: %v", err)
}
return out, nil
}
func decodeFileDesc(enc []byte) (*dpb.FileDescriptorProto, error) {
raw, err := decompress(enc)
if err != nil {
return nil, fmt.Errorf("failed to decompress enc: %v", err)
}
fd := new(dpb.FileDescriptorProto)
if err := proto.Unmarshal(raw, fd); err != nil {
return nil, fmt.Errorf("bad descriptor: %v", err)
}
return fd, nil
}
var blobv1 = []byte{
// insert proto "before" blob here
}
var blobv2 = []byte{
// insert proto "after" blob here
}
```
Running this with "before" and "after" args, and diffing the output
yields something like:
```diff
--- /tmp/a 2023-12-23 23:57:04.748090836 -0800
+++ /tmp/b 2023-12-23 23:57:11.000040973 -0800
@@ -1,5 +1,5 @@
{
- "name": "k8s.io/kubernetes/vendor/k8s.io/api/admission/v1/generated.proto",
+ "name": "k8s.io/api/admission/v1/generated.proto",
"package": "k8s.io.api.admission.v1",
"dependency": [
"github.com/gogo/protobuf/gogoproto/gogo.proto",
```
Kubernetes-commit: b0a70dec4ab4cb9f972cf39a81ca5e5555417227
2023-12-24 10:01:42 -08:00
fc7cf5fb84
kep-3716 GA, remove feature gate
...
Kubernetes-commit: a51a5b462236d5eb87e6d690065f884c281a833c
2024-02-28 10:45:51 -06:00
b3e4dc29ef
add min valid jwt payload to API docs for structured authn config
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: b57d7d6ad79ed0a2a8359144c07eadeef0ea3fd3
2024-02-22 16:33:24 -08:00
816c9a3d12
apiserver/storage: improve RunWatchSemanticInitialEventsExtended test
...
changes the test to populate the underlying data store with
more data to trigger potential ordering issues.
Kubernetes-commit: 20ded275705a6e11c1113cbeedad4de94e2dc666
2024-01-10 11:08:35 +01:00
414d2e2d63
Add selectableFields to CRDs
...
Kubernetes-commit: 291703482d58ae030da71c6d671a96a6f960fc6f
2024-02-28 14:06:06 -05:00
45b7f21179
Ensure that initial events are sorted for WatchList
...
Kubernetes-commit: 92bdc7b3873800e6130176e49acdf5e17110e5b9
2023-09-26 18:39:44 +02:00
e53bac21d8
storage/watch_cache: rework getAllEventsSinceLocked
...
Kubernetes-commit: ecaf2093f51fed5f544520b0ac00fb33a474b7f5
2024-02-26 12:22:05 +01:00
19bd56380e
storage/cacher: add TestGetWatchCacheResourceVersion, TestGetBookmarkAfterResourceVersionLockedFunc
...
Kubernetes-commit: d629d3fa355ec90f618663b0933d28d335489c54
2024-02-21 10:06:42 +01:00
76172aaa1f
storage/cacher: ensure the cache is at the Most Recent ResourceVersion when streaming was requested
...
Kubernetes-commit: f90bcf649e0f3dc233f49882468f949b0f00ac4f
2024-01-17 14:10:04 +01:00
b5f79f8dae
streamtranslator counter metric by status code
...
Kubernetes-commit: 03812ddb169725b0652744c2ecaa151f5c03887b
2024-02-24 03:55:17 +00:00
8485f72a96
add support for map
...
to CEL mutation library.
Kubernetes-commit: dc4c92f5a5646ed8d131a8bb8ff96b5e6b3e4bb8
2024-02-27 13:55:08 -08:00
dd139db676
refactor: use shared CollectParams from VAP
...
Kubernetes-commit: 4760e0cc44fb0ee2a92d12ee2b17f094e7ea94ec
2024-02-15 17:00:45 -08:00
9a4b2b3543
refactor: use match from generic pkg in vap
...
It is same exact code, but uses accessors now
Kubernetes-commit: 64cd09f7208e7a45d87ab6436c833c984fa6e594
2024-02-20 09:22:18 -08:00
ed64edd4e0
add generic policy dispatcher
...
similar to the generic policy source, applies common match logic
for code sharing with validating/mutating
Kubernetes-commit: 96c418a7b73f2f85be530ad9b987d70eeeab14b0
2024-02-21 13:09:49 -08:00
48e4f369ee
test: infer gvk of objects
...
avoids relying on the GVK to be written to the object
Kubernetes-commit: 11ed3032c091bab4c56d471c8d0049ccb9c20efb
2024-02-16 10:43:05 -08:00
eed515aa23
refactor: handle paramKind directly
...
remove hacks that might conceal errors
Kubernetes-commit: acf1d850c6153aae10f26ef3d3e21fa8a63b20e0
2024-02-20 09:22:35 -08:00
223ffcc3b0
add functions to policy accessors for getting match information and params
...
Kubernetes-commit: 6d5133f3ecd4ddb38a29dac69641fb56576491a2
2024-02-15 16:33:41 -08:00
c8d2257e3a
[KEP-3962]Add feature gate for MAP ( #123425 )
...
* Add feature gate for MAP
* sort feature gates.
---------
Co-authored-by: Jiahui Feng <jhf@google.com>
Kubernetes-commit: 9bc5257c450f7dfda187bfadd96f32310a2eaa18
2024-02-21 17:00:13 -08:00
d38e8187d9
Cleanup: s/depreciated/deprecated/g
...
Kubernetes-commit: 9f4b82bf3b079fe868effbd2498b61464db6d459
2024-02-18 14:50:55 -08:00
f615696539
bump the stability level of apiserver_storage_size_bytes to STABLE
...
Kubernetes-commit: f38852768e312fe7b9775b92f7228371a0a96f90
2024-02-16 09:13:46 -08:00
8e917a7cef
flake: avoid flake by ensuring params appear in the initial list
...
sometimes they would not appear in the initial list if they were added while the informer was starting up due to ObjectTracker race
Kubernetes-commit: def05a20e22f069a60f4190755e8c7244d18781c
2024-02-15 13:58:29 -08:00
fe847b31f4
Add allowed/denied metrics for authorizers
...
Kubernetes-commit: d5d3eddb95b657f03677c21498f185d70d87cdda
2024-02-16 02:26:18 -05:00
000601bdbe
Add handler to run watch serving in separate goroutine
...
This handler allows running execution prior to actual serving in a separate
goroutine when serving requests. Doing so benefits cases in serving long running
requests because it allows freeing memory used by the separate goroutine
and keeps the serving routines slim.
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 7b2698a5e5c61b303481c2006847409fc8704746
2023-10-10 08:53:26 +00:00
c2310e1279
Implement authz config file reloading
...
Kubernetes-commit: 5dc92ada068cb80a2866cfaa1f9aa760d2524680
2023-11-08 08:49:58 -06:00
7e9e7fe668
move OWNERS from validating to all new parent policy folder
...
meant to do this in refactor PR
Kubernetes-commit: bd27c99262e73955af6af19a1d6d72fce6739522
2024-02-14 16:32:08 -08:00
1bc99127a6
Add integration test for multiple audience in structured authn
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 0feb1d5173c94e28da79963fb296296b005dd6a1
2024-02-14 17:04:21 -08:00
6f648c15a2
Add retry around create
...
Kubernetes-commit: a05db0dd22a68a9c443a9f01cc1b8f6397fd6a9f
2024-01-19 16:10:30 -05:00
fb760be3fc
support multiple audiences with jwt authenticator
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 18c563546a764b559ce5b74f09eaaaf9c1f0e5fb
2024-01-24 17:15:11 +00:00
26996e3679
Add AudienceMatchPolicy to AuthenticationConfiguration
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 19da90d6396ce9471f612d6e9a31f1b1c8d605b1
2024-01-25 22:35:16 +00:00
1672796601
bugfix: avoid NPE possibility by making composition environment global
...
Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33
2024-01-29 13:45:27 -08:00
9fd47abbb1
refactor: implement VAP off of policy plugin fw
...
Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058
2024-01-22 17:31:52 -08:00
f8d65cf3a6
refactor: create generic policy plugin type similar to webhook
...
Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be
2024-01-22 17:31:34 -08:00
06be9d025c
refactor: move matching logic into parent policy folder
...
Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3
2024-01-17 18:12:41 -08:00
57e06e43f7
refactor: move vap into parent `policy` folder
...
also renames to remove stutter
comment
Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a
2024-01-17 18:09:30 -08:00
3769e5c054
refactor: move celmetrics close to its usage in vap
...
does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics
Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7
2024-01-17 17:05:53 -08:00
f6b16dddb3
Add `apiserver_encryption_config_controller_automatic_reloads_total`
...
metric
- Adds `apiserver_encryption_config_controller_automatic_reloads_total`
metric with status label for encryption config reload success/failure.
- Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total`
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 77241d31253baf051302fff7480c9601ad817399
2024-02-07 19:44:41 +00:00
6f620d4d18
add test case for error inside variables.
...
Kubernetes-commit: 3e777540fda8dda01bb72702b1e39675f21d2955
2024-02-08 13:39:25 -08:00
ab64beb117
add support of variables for Type Checking.
...
Kubernetes-commit: dc832c6e59e98f8b842efe42d3f18a67e781779d
2024-02-01 15:28:21 -08:00
1501159ecb
refactor type checking to use CompositedCompiler.
...
Kubernetes-commit: 21ba0d59d3a29b5668d4ba712d5b130d458121c6
2024-02-01 13:20:21 -08:00
f099bff723
chore: adds consistent vanity import to files and provides tooling for verifying and updating them. ( #120642 )
...
* chore: drops update vanity imports from script.
* chore: changes copyright year to 2024.
* chore: makes lint happy.
Kubernetes-commit: 6d6398ef9266abce3518a4c9a3d4e4d8feeffdc1
2024-02-08 14:10:27 +00:00
554c2d262b
apiserver: allow zero value for the 'nominalConcurrencyShares' field
...
Kubernetes-commit: 5f75c35edf1ea0a10a64615c43b5868484c94f46
2024-01-26 14:27:09 -05:00
e6f368f3b9
apiserver: refactor handleError in endpoints/filters
...
Kubernetes-commit: 9e37ccedc7fbbbacf07ecc79949c75e1e250ba58
2024-01-09 13:32:09 -05:00
c60b23f298
use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint
...
Kubernetes-commit: 7f12735fffdc490eae59e98d0f03638067b028de
2024-02-02 16:57:16 +00:00
586f61dd0f
Fix the syntax error in the comment of the checkQuotas method. ( #121428 )
...
* Update controller.go
Fix comment error.
From "It there was no quota change mark the waiter as succeeded." to "If there was no quota change mark the waiter as succeeded."
* Adjust the comments to maintain consistent tense throughout.
Adjust the comments to maintain consistent tense throughout.
Kubernetes-commit: 5855f5178f42dbc114b6c5ac1964a5dd62bb0957
2024-02-06 00:45:00 +08:00
eff38efc48
apiserver: warning should not panic when request times out
...
Kubernetes-commit: 7cab0ad2d2b2688575c1d6c8b5ecee2bfa5a39ff
2023-01-26 08:56:10 -05:00
bc8676d59a
Add decoding time to the audit log
...
Kubernetes-commit: 20fe2a3539e90f7554f94359ac3b4058a5bbb363
2023-10-25 22:52:11 +08:00
43f24ff9ee
fix comment of rbac decision for NoOpinion
...
Signed-off-by: lowang_bh <lhui_wang@163.com>
Kubernetes-commit: 3579674df2df72956b34fa2593e526c02beea9d6
2023-06-06 22:36:14 +08:00
69adaecb9e
bugfix: dont skip reconcile for unchanged policy if last sync failed
...
Kubernetes-commit: 71559bd02670f53a2d6640714eeb4e7fbc554e86
2024-01-26 18:57:30 -08:00
95a53374a5
convert the expectedValues to be cel.Val.
...
Kubernetes-commit: c89dcf52b12bf5e32f71f3ed600315242f7e44f6
2024-01-25 13:52:39 -08:00
f0c47558ed
extra case for affirmative has(map) test.
...
Kubernetes-commit: d6991638029be493e5c197b6cd0d268d8ce55457
2024-01-25 13:36:42 -08:00
eb407cc3dd
fix convertField and its comments.
...
Kubernetes-commit: d0c323fb8fbfa5c1b91ae445cbda60a416e85e65
2024-01-23 16:47:33 -08:00
3a5a43790e
add support for equality check.
...
Kubernetes-commit: df9620c9f6f6a60f7cbcacb3ad9fa40d79d1d73e
2024-01-23 16:07:39 -08:00
8b89a41f3f
mutation library for CEL.
...
- TypeRef, TypeProvider interfaces.
- TypeRef, TypeProvider, ObjectVal, FieldType implementations
for unstructured.
- Tests for using optional in mutation.
Kubernetes-commit: 9bbdbc510ebf8e2dcb243d6fbbf57449f895196e
2024-01-19 17:03:34 -08:00
f709e954ab
drop deprecated pointer package
...
Signed-off-by: liyuerich <yue.li@daocloud.io>
Kubernetes-commit: e490439262fad619d83c5647a42a5382cb9c787b
2023-09-15 21:03:36 +08:00
8b49df5c88
Update env version, Add cost for previous func, add tests, etc.
...
Kubernetes-commit: 3fb679016423e80b87cf3e540d296471223460e6
2023-12-05 23:26:13 +00:00
ca8d0aaf91
client-go/reflector: make UseWatchList a pointer
...
until #115478(use streaming against the etcd storage)
is resolved the cacher need a way to disable the streaming.
Kubernetes-commit: 41e706600aea7468f486150d951d3b8948ce89d5
2024-01-19 13:48:29 +01:00
ff6a2dc722
Negative index regression test for json-patch ( #122625 )
...
* add testcase with negative index
* exercise successful negative index patching
* use different values for testing
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
---------
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
Kubernetes-commit: 83ff8a2f49f820fb355b24c65b8629710dca8a54
2024-01-18 09:31:12 +00:00
aa358081a5
fix evaluate resource quota if a resource is updated when the InPlacePodVerticalScaling feature-gate is on
...
Kubernetes-commit: 041e97af1f0ee40029dcd44abd63f84514eca59e
2024-01-11 16:04:02 +08:00
285e6ec394
Clean up encryption config reading and hashing logic
...
This is a no-op change that makes the internal encryption config
hash more specific to it use and explicitly marks it as unstable.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 9387a66c71fd85840cb199b468610b8fa950253f
2024-01-10 14:48:30 -05:00
fa628fd528
Use http/2 for localhost webhook
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 246e69fb99007412c4903fe8e7ad1d8c5f25cd8e
2024-01-03 13:49:51 +00:00
7751f0aa90
remove import hack about k8s.io/utils/clock/testing
...
Kubernetes-commit: 81d040d538101b89bd8edd51bb78a58ea5bf793c
2023-11-16 12:30:14 +08:00
4e1e99b0ca
remove GA featuregate RemoveSelfLink
...
Kubernetes-commit: 3b67181c93be39244370b560f83fa7546f7c65c0
2023-12-25 00:29:38 +08:00
e7eedd15ec
move encryption config types to standard API server config location
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 75695dae1093cc08cb56a4930c0be8e7e4433be1
2023-12-16 00:00:21 +00:00
6bad17ce50
[StructuredAuthnConfig] add comment for extra keys unique requirement
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: af8da8e01c28286feedf528e94683781a0387a99
2024-01-02 19:58:20 +00:00
febd537a31
use build-in max and min func to instead of k8s.io/utils/integer funcs
...
Kubernetes-commit: eb8f3f194fed16484162aebdaab69168e02f8cb4
2023-12-15 15:09:11 +08:00
a2e6b85db4
handlers/watch: refactor watch serving to prepare offloading
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 87d817e62d8c6e93cf45bf90a7ecadfe4156ab1f
2023-11-27 10:06:50 +00:00
b6487a8ac1
Fix etcd repository path to prevent redirects.
...
Signed-off-by: James Blair <mail@jamesblair.net>
Kubernetes-commit: b6c1f8ef08c3451f17048447e107c509a8ed950e
2023-11-02 09:31:37 +13:00
ccc28d3f49
Add tests for CIDR type
...
Kubernetes-commit: b3285fa8df494ef174bbee1ccffcc5e3a58afcdd
2023-12-15 11:01:55 +00:00
f16e0c2a18
Add tests for IP type
...
Kubernetes-commit: 31f9384646a5cfd001f176454feb9c1040591e96
2023-12-08 18:16:30 +00:00
e5f605855d
Add costing estimations for IP and CIDR
...
Kubernetes-commit: e1f9aa450b7ecd62ce7284486a159d14f66c1761
2023-11-17 17:34:46 +00:00
e4fb1f737e
Add IP and CIDR libraries to CEL environment for 1.30
...
Kubernetes-commit: 4710f085b3d4dbf242085f4cb53708efc7ebbefd
2023-11-17 13:57:29 +00:00
f4ae0b7ca6
Add CIDR network CEL extension
...
This adds new CEL functions to the library for validating if a string is a CIDR notation.
This will work in conjunction with the IPAddr to allow checking if an IPAddr exists within a particular network.
Kubernetes-commit: 2f585b451232814d6563329241e96f09bfd1cb73
2023-11-15 19:04:48 +00:00
3fe1439ba9
Add special IP validations to IP CEL type
...
Kubernetes-commit: 13b22b23a1a5f8976fa608c7bc8b3048470b5c51
2023-11-17 12:51:32 +00:00
ccfdc9aba1
Add IP address CEL extension
...
This adds new CEL functions to the library for validating if a string is an IP address,
and, if it can be parsed as an IP address, adds additional accessors to get properties
of the IP address.
Kubernetes-commit: c6aa360d3ef9895323b239686719dd9223ee4f37
2023-11-15 18:35:34 +00:00
2b59a3f14c
Don't sort under lock
...
Kubernetes-commit: 3e1dbccf4d3de59b31596f1664ff5ac9c02d1eea
2023-11-23 18:13:43 +01:00
fdd26489db
Fix etcd storage_events_received_total metric not being registered
...
Kubernetes-commit: ceb7ca93875cd74bea60500812cf7f024d3b1f2d
2023-12-04 09:12:21 +00:00
697d456e35
Minor cleanup in watch handlers
...
Kubernetes-commit: d907062308563b1a9e52152c48f4240a6e11aade
2023-11-29 22:31:05 +01:00
442cc39449
Unify watch handler across http and websockets
...
Kubernetes-commit: 55e60db88b126013f00135f49df3296f52b2572a
2023-11-29 21:57:39 +01:00
88c6f038a0
Address comment
...
Kubernetes-commit: 44898f7909940e786aeed701e87af0c799f4a660
2023-12-07 22:39:00 +00:00
fb788ccf7f
Keep presence cost to 0 to ensure backward compatibility.
...
Kubernetes-commit: 048cb8b2ed38febdb7cbbf719b6badbed8f0044c
2023-12-05 23:27:51 +00:00
06103a07ae
k8s.io/apiserver: refactor GenericAPIServer healthz code.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 12c9bfc21d6c9799c2cd6bf0e9dcca6f1534812d
2023-11-15 12:36:04 -08:00
16536b9b63
support pod namespace indexer
...
fix comments
optimize code
small optimization for the namespace scope check
Kubernetes-commit: d8bd150784bb4825ae891dd0ec84625bdba0f2b8
2023-11-29 15:51:24 +08:00
Jordan Liggitt