47998d1ee6
cleanup: omit comparison with bool constants
...
Signed-off-by: tao.yang <tao.yang@daocloud.io>
Kubernetes-commit: b35357b6c08f21ba0fd312536051394c2567ec79
2023-09-04 16:59:23 +08:00
611ba24d58
Merge pull request #121325 from benluddy/check-apiserver-serializers
...
KEP-4222: Restrict supported media types for new apiservers.
Kubernetes-commit: 2014ce2313591b3bbf217587cbaf62e4c44e1217
2023-10-23 16:25:34 +00:00
133975e0c8
Merge pull request #120827 from machine424/apiserver_storage_objects
...
storage/etcd3/metrics: add unit test for apiserver_storage_objects
Kubernetes-commit: 04e38b2de8ad16f1e778106c35f6d2cf94799ed4
2023-10-21 00:07:31 +00:00
7089867c00
Merge pull request #121364 from sxd/update_grpc
...
bump golang.org/grpc to v1.56.3
Kubernetes-commit: 239537e74d956aaf1ff1395adb602696405088ce
2023-10-21 00:07:30 +00:00
40b9c4e124
Merge pull request #120757 from alexzielenski/apiserver/openapi/invalid-default
...
Update `kube-openapi` to Remove invalid defaults from fields with custom marshalling
Kubernetes-commit: 31c679f65cbf62efec7597133e6d8e78d8473c4d
2023-10-21 00:07:28 +00:00
def3258f0f
bump golang.org/grpc to v1.56.3
...
Bumping golang.org/grpc in light of CVE-2023-44487.
Signed-off-by: Jonathan Gonzalez V <jonathan.abdiel@gmail.com>
Kubernetes-commit: a7adde53be415d5609288b3998ab67ee18be76a3
2023-10-19 14:58:49 -03:00
a270d45ae5
Add validation for --storage-media-type option.
...
Kubernetes-commit: cf836309dc278d8d4f046e1580649179b1531143
2023-10-19 10:54:16 -04:00
4e501586ef
pin openapi
...
Kubernetes-commit: 4d21a23be35a03852e0e7b188de11d9f8dc6bc57
2023-10-17 16:48:10 -07:00
554e3cadd7
Merge pull request #121250 from carlory/fix-120882
...
update pretty param description
Kubernetes-commit: 54e0922d1f9d0d590df3b820b6e9f70ef6e203ed
2023-10-21 00:07:26 +00:00
7742d76eab
Merge pull request #120154 from palnabarun/authz-config-external-changes
...
[StructuredAuthorizationConfiguration] Add --authorization-config flag and guard it using a Feature Gate
Kubernetes-commit: ca43bf0582f86437032d5c7f83e0eaa7413bc83d
2023-10-18 15:33:43 +00:00
25f4c5e3dc
Merge pull request #121085 from jiahuif-forks/fix/crd-validation-expressions/enum-cost
...
CRD Validation Expresions: set maxLength to longest enum.
Kubernetes-commit: 0304c567b68845a829d6d285418e650875a4701d
2023-10-17 23:21:46 +00:00
58458d5002
Merge pull request #120910 from palnabarun/3221/fix-kubeconfig-file-type-name
...
staging/apiserver: correct KubeConfig type name in authorization types
Kubernetes-commit: d22e315c4ae45b293a5af38f3c2e387fcd8d8631
2023-10-17 19:22:24 +00:00
f2c8b3163e
Merge pull request #121161 from siyuanfoundation/test-delete
...
k8s.io/apiserver/storage: add 3 new unit tests for delete.
Kubernetes-commit: 86bcca47134fcf53dead66ae4f213bd5515a93f2
2023-10-17 19:22:22 +00:00
91d0f39545
Restrict supported media types for new apiservers.
...
This is to prevent the enablement of new data formats (CBOR) in the early stages of phased
implementation.
Kubernetes-commit: ced56a6adabdd86f99455b100b1c0c7a2b4f3c55
2023-10-17 14:06:46 -04:00
2a6d038562
Merge pull request #121010 from Jefftree/decouple-openapi-v2v3-config
...
Decouple openapi v2v3 config
Kubernetes-commit: ac66f3d466caee27bcc0f66a04ceec9bf63750bd
2023-10-16 23:26:30 +00:00
e6bba9e4ab
Merge pull request #121160 from siyuanfoundation/test-create
...
k8s.io/apiserver/storage: add a new TestCreate case.
Kubernetes-commit: 6224f2f43fd1b0c4a087fdfa4301bf089c5bd4a1
2023-10-16 23:26:28 +00:00
c5b253644c
Merge pull request #121118 from alexzielenski/apiserver/apiextensions/ratcheting-factor-correlation
...
CRDValidationRatcheting: Factor object correlation and comparison into reusable component
Kubernetes-commit: 3a3dc870a24645bb7114c0217aa743bd10c6122e
2023-10-16 23:26:27 +00:00
5ac339fec6
update pretty param description
...
Kubernetes-commit: 75f20ee64da5317f4473de643eac43686fe9215e
2023-10-16 16:36:31 +08:00
56aa0e9a59
Merge pull request #120503 from dgrisonnet/body-size
...
Rename request body size metric to conform with Prometheus best practices
Kubernetes-commit: c40bc8c7d896ac14dee79571ba1ec143ca239401
2023-10-15 07:22:14 +00:00
75989aef3e
Merge pull request #121001 from jiahuif-forks/feature/validating-admission-policy/typed-composition-variables
...
ValidatingAdmissionPolicy: typed variables support.
Kubernetes-commit: b87cae907d032ba6412e369a86349c220b12b82c
2023-10-14 03:39:35 +00:00
ae2fbe99b7
Merge pull request #121096 from alexzielenski/common-schema
...
add rest of accessors to common.Schema
Kubernetes-commit: 088f8c0ec52a690189a0cec5d0660751d0e3f6b3
2023-10-13 23:21:26 +00:00
8a3fe0e45c
ratcheting: disable correlation by index
...
discussion: https://github.com/kubernetes/kubernetes/pull/121118#discussion_r1358865893
Kubernetes-commit: fb1fc8b4a72758688d1251278579b2b0ac666fc7
2023-10-13 14:36:46 -07:00
b5ac4f9a61
comments: clear up correlateOldValueForChildAtNewIndex godoc
...
Kubernetes-commit: d991ed56c29e646c0c5c51ce1ebd2376f34fce28
2023-10-13 14:11:02 -07:00
fbd7474961
cleanup: use swtich in CachedDeepEqual and add more comments
...
Kubernetes-commit: 0ed67c9e41dcfc3eef6953ca63082454c189443b
2023-10-13 14:05:47 -07:00
a504910cff
cleanup: consistently support nil receiver and document
...
Kubernetes-commit: 60c90fc0854eb04b95e74d445d88f45c212900fe
2023-10-13 13:57:55 -07:00
541189e16c
cleanup: clarify correlatedOldValueForChildAtNewIndex comment
...
Kubernetes-commit: abb68591afd30cf263b0d6bb2942f9693eb420d7
2023-10-13 13:54:53 -07:00
2970233dd7
cleanup: consistent interface{} and any
...
Kubernetes-commit: e1fa1df3ae8414104f3710c064014e323e45aade
2023-10-13 13:50:52 -07:00
fecc880526
cleanup: add godoc
...
Kubernetes-commit: 0495616230a13dcc19c9da8ec7b8b2a38e2b6a33
2023-10-13 13:50:19 -07:00
2ef0851b9f
Merge pull request #121158 from siyuanfoundation/test-list
...
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests.
Kubernetes-commit: 0851995a61cb83645734183cb49250e0fc3b14a4
2023-10-13 15:21:35 +00:00
9bea6efd35
Merge pull request #120990 from tkashem/fix-race-apf-test
...
APF: fix data race in unit tests
Kubernetes-commit: 86ba008787975a0a2bfd0a63247331750b67e42a
2023-10-13 15:21:33 +00:00
34269fdf41
Merge pull request #121203 from enj/enj/i/h2_dos_flake
...
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
Kubernetes-commit: b40f1c00e26a5e4e90f85212d493793243c4460f
2023-10-13 05:03:05 +02:00
87ef6687ab
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
...
These occasionally flake on CI:
https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312
=== Failed
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
authentication_test.go:653: expect TCP connection: 1, actual: 2
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s)
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: cd5db9b7f23b0156bf5535fc0124361fbef0ce6a
2023-10-12 19:13:07 -04:00
c183390d3f
Merge pull request #121120 from enj/enj/i/h2_dos
...
Prevent rapid reset http2 DOS on API server
Kubernetes-commit: cb713c15e99d59cb5b2f9015d1d978fee8142965
2023-10-12 23:36:45 +00:00
01f2ec510d
Merge pull request #120735 from Jefftree/request-body
...
Bump kube-openapi with v3 marshal and requestBody required marking
Kubernetes-commit: e93e8eac0ef1b26384e5481b67c7d04fe211a243
2023-10-12 23:36:43 +00:00
0c6dca8321
Merge pull request #121159 from siyuanfoundation/getCurrentState
...
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
Kubernetes-commit: 32ea66d524693b6760f4b1c776c4a6091c870a4a
2023-10-12 23:36:42 +00:00
662079f048
test: fix boilerplate
...
Kubernetes-commit: 4dedabf2a659ee702cbcd93a482c63296910d5c6
2023-10-12 15:51:25 -07:00
0c4ec7694a
bump kube-openapi
...
Kubernetes-commit: e3098225eaf7b5bb9d5de1f259c2dbdc2062faa8
2023-10-12 18:22:05 -04:00
c453b3b056
Merge pull request #120976 from tengqm/fix-audit-apidoc
...
Fix API docs for audit APIs
Kubernetes-commit: d4a6a674de061ef57558f0a5996fc5f2106c52a6
2023-10-12 19:30:35 +00:00
e501fcbbf6
test: few more correlatedobject test cases
...
Kubernetes-commit: 0149c1f8b315d704d6d80c00861526e2899001e5
2023-10-11 15:45:48 -07:00
4ec87cdde2
test: add correlatedobject test cases
...
Kubernetes-commit: ba9347230e6577140eaa0ac3d9ef99d0163a7934
2023-10-11 14:03:28 -07:00
5edc046b33
cleanup: add header and fix spelling
...
Kubernetes-commit: c08a9321eed6a917a2fbc13b8e023d2f4122ee36
2023-10-11 13:51:49 -07:00
a0dede6875
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: baac8bb573c8efb314b037f4fbac116556c03c83
2023-10-11 10:46:30 -07:00
77032c52b8
k8s.io/apiserver/storage: add 3 new unit tests for delete.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 26a4e06c92c248748dd3c50c74d75f8adc3c6823
2023-10-11 10:38:01 -07:00
70af178d56
k8s.io/apiserver/storage: add a new TestCreate case.
...
Add a test case of create with rv set.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 2f923e356e042d9dce88e8f78abf30f414051e71
2023-10-11 10:24:31 -07:00
e15d4d2e0b
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
...
Extract getCurrentState as a separate method that can be reused.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: ebca5d438d9cb2c82d0b99dbcb0aeca8879db441
2023-10-11 09:56:07 -07:00
a98816fb0a
Merge pull request #121111 from dashpole/update_otel_deps
...
Update OpenTelemetry Dependencies
Kubernetes-commit: eafebcc9e368d6aeaab0ce5ec4fd56b94174d0c4
2023-10-11 07:26:19 +00:00
1234a74f8e
refactor: move correlatedObject to its own file
...
no changes except package naming
Kubernetes-commit: 27cb869e5596525cec9884ecb9b02bfcfe5273e4
2023-10-10 10:53:12 -07:00
3029a9f674
add rest of accessors to common.Schema
...
needed for declarative validation, CRD ratcheting
Kubernetes-commit: 438c0daab7587bdb094e714e68b5ba2f9f6ae963
2023-10-09 17:49:37 -07:00
140ffa083d
set maxLength to longest enum.
...
Kubernetes-commit: 302d350e88eac519e1df020b82256371c171b861
2023-10-09 11:00:45 -07:00
445b713906
Prevent rapid reset http2 DOS on API server
...
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.
The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.
For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections. They can use http2, but with the performance of http1
(with keep-alive disabled).
Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default). For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection). An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.
For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
2023-10-07 21:50:37 -04:00
tao.yang