5678a8c44d
Remove feature gate CustomResourceValidationExpressions.
...
Kubernetes-commit: 67a171a1422cc5861491aadd69e51ce718196434
2024-07-16 10:39:00 -07:00
6c5ca3dcf3
Fixup lint warning
...
Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552
2024-06-27 00:42:01 -04:00
eabf12957a
Add structured labelSelector / fieldSelector to authorization webhook match conditions
...
Kubernetes-commit: a1398a8ccaeb7f881acb65d1276392f4cac259e8
2024-06-26 17:17:43 -04:00
f14fc0f445
Adjust CEL cost calculation and versioning for authorization library
...
Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87
2024-06-26 21:38:24 -04:00
efe135c937
Add CEL fieldSelector / labelSelector support to authorizer library
...
Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2
2024-06-14 14:39:54 -04:00
b338834e91
Move CEL env initialization out of package init()
...
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.
Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8
2024-06-29 21:45:55 -04:00
9db3f571d5
Improve CEL cost tests to catch unhandled estimates or types
...
Kubernetes-commit: 1d2ad282cff163e51e5c24569a0ac762ed814e74
2024-06-26 21:38:48 -04:00
f26d4ed894
add field and label selectors to authorization attributes
...
Co-authored-by: Jordan Liggitt <liggitt@google.com>
Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
2024-05-23 15:12:26 -04:00
cd492e8b91
Fix the error type, Add into observation, Fix tests.
...
Kubernetes-commit: b7821078b36f1cb25d903774ddf37a97966c2eac
2024-07-16 08:27:36 -07:00
8b22c5cc3d
make use of new error reporting in the dispatcher.
...
Kubernetes-commit: d61edc51b84774c158b3866ab9a0678d4ddaba96
2024-04-26 11:49:44 -07:00
8f577b916d
remove unused policy_definition_total metric and state label
...
Kubernetes-commit: 8e9232ef46d5b08ab4f95ad6c1e93671ef1bd5ba
2024-04-25 18:30:26 -07:00
2ae742ecb6
make Err wrap one or zero error.
...
Kubernetes-commit: ce45a82346623d19168b0b85cbba5ba4ff164417
2024-04-25 17:59:32 -07:00
8be90f624a
errors improvement.
...
Kubernetes-commit: b846c39047289e69d932ea9d5d4dadc6856ad0c7
2024-04-23 16:54:47 -07:00
eb8f232a36
Add unit test of borrowing by exempt, fix bug
...
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
Kubernetes-commit: 9aa9d3d4b7c637a0796e5a25c312a999ac628bd9
2024-06-12 03:38:15 -04:00
010634c01b
More assertive borrowing by exempt
...
Happy middle ground with what the KEP says?
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
Kubernetes-commit: 56fc11f3bef9f6af16aa30731050168e732754a2
2024-05-08 02:30:27 -04:00
708f0cf46b
Revert "kube-apiserver: promote WatchList feature to beta"
...
This reverts commit 0b15903b35d83ca32833e81997b6257ee4d4f369.
Kubernetes-commit: 88f47b4b4df2f099cc20381fdc0fbcfe0afcee8e
2024-07-18 09:29:24 +02:00
17ba1a9a64
Revert "Move ConsistentListFromCache to Beta default"
...
This reverts commit 0c0e19b343d48d4bea0e7fa735e3781c70298a34.
During stress test for SVM controller, the controller is unable to
make a list call due to following error:
resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"
With the feature disabled, the stress test passes.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: aeb51a16e369d5b823a8ae6488d1d5e12c683516
2024-07-16 23:12:16 -04:00
7f5df11548
add emulated-version flag to kube-scheduler to control the feature gate.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 40cddbe21516122a528e2afb2b1fbcaed1acbe8a
2024-06-27 11:56:49 -07:00
8705baa8b2
fix: enable empty and len rules from testifylint on pkg package
...
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
Kubernetes-commit: f014b754fb5925dfbca6e27a44d0c3968b157e14
2024-06-28 21:20:13 +02:00
fd1f3aafaf
Fix typo in error message for anonymous field in AuthenticationConfiguration.
...
Kubernetes-commit: 27e8923c70c8bf95e0db02aeb7a0d45908ae9d62
2024-07-09 21:04:28 +00:00
5f6927c810
add test to document request timeout behavior
...
- using the default handler chain of the kube-apiserver
Kubernetes-commit: c6210ff8ab4a94d1dd31a56acc16dc9fdc2333f4
2024-05-07 13:52:18 -04:00
6f7147fc9d
fix lock bug for componentGlobalsRegistry
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: d31aebe57224b678a0c17df7766d8e7f850209e8
2024-07-05 15:50:10 +00:00
1292729d42
Fix for typecheck doesn't notice compile errors in test files
...
- ensure we add all the staging modules so the _test files in there are "loaded"
- use build tags to skip tests that fail to build in specific os/arch pairs
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Co-Authored-By: Tim Hockin <thockin@google.com>
Kubernetes-commit: c230a45383c372e3861de3d4854cdfe28f4c482f
2024-07-02 16:26:41 -04:00
b754d6e7f2
Remove special case logic in apiserver to serve all APIs when binary version is set artifically to 0.0
...
Kubernetes-commit: 1864e7131eca32fc9bebf20641becb467f240eca
2024-07-03 14:16:15 -04:00
f553925235
apiserver: remove feature gate APIPriorityAndFairness
...
Kubernetes-commit: ae647032a74bf8f671fa8db0602dee301cf865bf
2024-07-02 12:55:43 -04:00
5d14d72b5c
Fix httplog not logging watch duration in separate goroutines
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 06c7058115e623126884d05c54a30db511a9cb71
2024-06-21 10:03:31 +00:00
a643e14347
Implement resilient watchcache initialization post-start-hook
...
Kubernetes-commit: a5772bd42593f6492f5169eef49bc9884f95abba
2024-06-13 11:02:18 +02:00
8321755755
kube-apiserver: promote WatchList feature to beta
...
Kubernetes-commit: 0b15903b35d83ca32833e81997b6257ee4d4f369
2024-06-19 11:48:20 +02:00
77f498853b
KEP-4633: Allow health-only anonymous auth mode.
...
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
Kubernetes-commit: 5e6a4937f5a3e20dd77238946220461332ecddff
2024-05-16 21:18:34 +00:00
5e71b4e71d
apiserver/storage/watchcache: WaitUntilFreshAndList supports path prefix
...
Kubernetes-commit: 2f9660db6b0ba37ff383559b1b0324c635f1eb66
2024-06-26 14:34:32 +02:00
bc659f87fc
flowcontrol/request/list_work_estimator: sync shouldDelegateList
...
Kubernetes-commit: c259fe2342162a0c883845bfbdf8a838697fe085
2024-06-17 16:14:39 +02:00
54645c663b
apiserver/storage/cacher: cache supports pagination
...
Kubernetes-commit: 09e85983d84b5f6c3fed6c09dd0adcbdde7e9d5f
2024-06-10 10:14:38 +02:00
f0e44d48b8
apiserver/storage: storagetesting.RunTestList validates RemainingItemCount
...
Kubernetes-commit: f9b15700fb5a99ab74d51c7779ea2aae0f51168c
2024-06-27 11:01:37 +02:00
9afcce8b2b
storage/cacher/cacher_whitebox_test.go: deflake TestWaitUntilFreshAndListFromCache
...
Kubernetes-commit: 662672a6cacd71ad0cfc168a793d6a75a7e0ffff
2024-06-26 15:04:15 +02:00
58b911dc71
Fix test flakes for TestWatchSemantics
...
Kubernetes-commit: 5081ba45f9ed84784a250338ee6d96b485ff4e4a
2024-06-26 17:49:54 +02:00
5a2cafd6ec
drop deprecated PollWithContext and adopt PollUntilContextTimeout instead
...
Signed-off-by: yintong.huang <yintong.huang@daocloud.io>
Kubernetes-commit: 2db1b321e0edf9e3c4e434353d505cec96bfb319
2024-06-21 19:23:31 +08:00
4500696478
apiserver/storage: decrease running time of RunWatchSemantics
...
Kubernetes-commit: c6ef512b5bb15aa3c2430ae03dad91e16a342bce
2024-06-26 10:49:20 +02:00
6c1033e89d
Remove 5 seconds from TestWatchStreamSeparation execution by reusing etcdserver
...
Kubernetes-commit: 1c111c603e1962b4bfd5aae40d8a5ecc0e3ad9d5
2024-06-26 11:32:57 +02:00
1c9c46740e
Revert "apiserver/storage/cacher: consistent read from cache supports limit"
...
Kubernetes-commit: df17ea2e37d1b36dcda10fe20de5484c41c615b5
2024-06-26 11:51:12 +08:00
b26fefe178
add DefaultComponentGlobalsRegistry flags in ServerRunOptions
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 379676c4bef48e5d2add28851302b55b41fcabcf
2024-06-10 17:50:22 +00:00
00857ca9ec
Add version mapping in ComponentGlobalsRegistry.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 4352c4ad2762ce49ce30e62381f8ceb24723fbcc
2024-05-31 20:29:48 -07:00
c80af88d21
Add composition flags for emulation version and feature gate.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 701e5fc3744c2b21ba5b1ca3399b71c9becf06d0
2024-05-30 12:08:52 -07:00
22612a3528
apiserver: Add API emulation versioning.
...
Co-authored-by: Siyuan Zhang <sizhang@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Alex Zielenski <zielenski@google.com>
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 403301bfdf2c7312591077827abd2e72f445a53a
2024-01-19 16:07:00 -08:00
11d0eb6174
drop OWNERS in kubeadm
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 16e24513b76f66bfa47a93291ec52a2fcd1e11c0
2024-06-25 06:36:05 -04:00
cca712b8b8
Add sig/etcd labels for related directories
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 1390ac0e250da4697b706c68cbb955268e27037d
2024-06-24 17:03:34 -04:00
2aadb1cb38
cacher: returns an error when watch list was requested and storage.RequestWatchProgress is disabled
...
Kubernetes-commit: cb8cbc60a15dd340ea834974355bd2f03453727c
2024-06-17 15:29:59 +02:00
b5d1135b94
Apply feedback
...
Kubernetes-commit: 13f809478f9322341a04715cda1b3912a9e470d5
2024-06-03 14:59:31 -04:00
dfdf159360
Handle unstructured objects correctly in IgnoreManagedFieldsTimestampsTransformer
...
Kubernetes-commit: c942ab6900ddb7b6e3e7c550c521409693180968
2024-05-31 21:25:25 -04:00
1e440f380b
flowcontrol/request/list_work_estimator: sync shouldDelegateList
...
Kubernetes-commit: a7b1a9bb267cd721e673ae8352f068b4bc0b2f05
2024-06-17 16:14:39 +02:00
062ed2e6c0
apiserver/storage/cacher: cache supports pagination
...
Kubernetes-commit: 87536f367dd67b4fd9b1c7ee31189896921f2f9e
2024-06-10 10:14:38 +02:00
Cici Huang