3c7f54740f
apf: add plumbing to estimate width" of a request
...
- add plumbing that allows us to estimated "width" of a request
- the default implementation returns 1 as the "width" of all
incoming requests, this is in keeping with the current behavior.
Kubernetes-commit: 9b72eb1929a64b9d5a5234090a631ba312fb4d41
2021-05-11 07:03:05 -04:00
f410577081
apiserver: close handler chain right after shutdown delay duration
...
Kubernetes-commit: de7e56bf37440ca6a4c634ede8abaf1315fe9de3
2021-06-07 18:13:24 -04:00
da18259e5b
hotfix(staging_apiserver_pkg_httplog): restore depth to log calls
...
/kind bug
This PR adds depth to logging which was removed when migrating to structured logging in the file
Ref #102353
```release-note
NONE
```
```docs
```
Kubernetes-commit: 5d4c1162b944ff34374313103d0555ac0b334a1d
2021-05-30 01:42:54 +02:00
9421ee44c4
apf: fix flake in test
...
Kubernetes-commit: 8847a25026711f51ae694fe8288e285a48e70675
2021-06-01 20:07:51 -04:00
dd5fc094cd
Use objGV instead of gvk.GroupVersion
...
Kubernetes-commit: 15c4d579f08335f33555d3cab5eff41c74e671b9
2021-06-02 14:27:30 +08:00
f0159a94e3
Simplify objGV construction
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 58d7bf67d4694d52610097c72fe79012e19c5da0
2021-06-02 10:53:05 +08:00
da0758027d
Simplify objGV construction
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: b9b01a0f901513370cf3e981544a79f57e321d67
2021-06-02 10:52:44 +08:00
e7a594074a
Simplify objGV construction
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 19c72a6cd05da805b1bec9fe567614ef82bf7beb
2021-06-02 10:52:35 +08:00
1b73b18c80
Simplify objGV construction
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 0ae6a7bac6ba268c59e82222d69ad91e381e79bc
2021-06-02 10:52:22 +08:00
790f5a21a7
Fix auditing failed of request: encoding failed
...
Kubernetes-commit: 329f7d55d1344f728e28ce49728234f9f8f4c5d3
2021-05-17 02:31:08 +08:00
84ac736f8e
Fix audit unit test file location
...
Kubernetes-commit: 91e5d98b572a74bf827a575559238cc0a4be6c57
2021-06-04 17:23:34 -04:00
584c18160b
Fix closing of decorated watcher channel on timeout
...
Kubernetes-commit: bd2d63dd57e6011bfa3218e59e27fddaa295426b
2021-06-02 14:05:52 -04:00
9b71cff19c
Fix watch rejections in P&F filter
...
Kubernetes-commit: 8054b0f808d116658ac086e4b71fb34d1502cd57
2021-06-02 08:22:29 +02:00
d000916ae7
Address watch panics in P&F handler and extend testing.
...
Kubernetes-commit: d9d51541a87ec627160d7d6a1fcd4b357a0fa493
2021-05-27 14:49:54 +02:00
5290a24345
Implement support for watch initialization in P&F
...
Kubernetes-commit: 0cc217647ca8be0820973b970124a072c27b6575
2021-05-07 12:49:06 +02:00
4f1bee1bff
fix watch_cache_capacity metrics
...
Kubernetes-commit: e3841e91c81e842f2a591b80b67d46c3f7f7adde
2021-06-01 21:42:45 +08:00
a18ab75c53
depracate ValidateProxyRedirects as it is with StreamingProxyRedirects
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Kubernetes-commit: 27044f4855209c515c57a77378fce970af097b14
2021-05-26 20:18:49 +08:00
d636703205
Default StreamingProxyRedirects to disabled
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Kubernetes-commit: 2eb90f9b80982d31efa971450ea7ac60359f9442
2021-04-30 14:07:43 +08:00
f753bce9f8
Make a public ValidateAnnotationsSize
...
Kubernetes-commit: 2e771b8e745c4a3be0d5bae3a6dc94087284c73b
2021-05-25 16:01:38 -04:00
a01d02b7fd
Make validation totalAnnotationSizeLimitB public.
...
Replace the forked totalAnnotationSizeLimitB with
apimachineryvalidation.TotalAnnotationSizeLimitB.
Kubernetes-commit: 55ff96301797a503b6ee1d09f0eb2ffc827f01b1
2021-05-18 17:28:11 -04:00
f9b4d95442
add fail-open audit logs to validating and mutating admission webhook
...
Kubernetes-commit: 9fe7c8955bcb1edbb5aa4fe6bfb8bb6d93d381de
2021-05-18 13:31:03 -04:00
ec22c8bdd8
apf: add "width" for request
...
all requests have a width of 1 to maintain current behavior.
Kubernetes-commit: b50507d98bd12503592ea62d2be2aadef49bdf70
2021-05-11 07:03:05 -04:00
689a6cc12f
Graduate WarningHeader feature to GA
...
Kubernetes-commit: e3ea169d7d8b2c1417ef5a71ee1015f186ca0e3c
2021-04-01 02:51:48 -04:00
754e90a0a3
Promote apiserver_requested_deprecated_apis metric to stable
...
Kubernetes-commit: 7877539e3095669629e81633019836d2cdb7c368
2021-05-11 16:24:58 -04:00
15750850e0
specify pod name and hostname in indexed job
...
Kubernetes-commit: e64e34e0298d27d4099b632f5b7c1ba38fc66561
2021-04-29 03:33:36 +00:00
8dd82c2391
Add WarningsOnCreate,WarningsOnUpdate
...
Kubernetes-commit: 8c8a4cf3e4a18e97359ce750530a4fa27bbd3b88
2021-04-30 21:46:54 -04:00
c10cbf5412
Respect annotation size limit for SSA last-applied.
...
To support CSA and SSA interoperability, SSA updates the CSA
last-applied annotation.
This change ensures we don't set a big last-applied annotation if the
value is over the annotation limits.
Also, make sure that it's possible to opt-out of this behavior by
setting the CSA annotation to "" the empty string.
Kubernetes-commit: 6054320be1e50a450e9d1e19a79caa96f2035d4d
2021-05-18 15:06:48 -04:00
489e43cad9
Add logging of filters to api calls logs
...
Kubernetes-commit: 7e01b7260ac5cc20c1fc236cae220857726dc330
2021-05-17 11:52:33 +00:00
1d2b77256f
adds a unit test for checking if graceful shutdown of HTTP2 server works
...
Kubernetes-commit: 373fc7d711a2fb39b7e94737b2b880feca596171
2020-12-11 13:12:46 +01:00
d15d62d4df
enforce strict alpha handling for API serving
...
Kubernetes-commit: 21faec925459bce93954e0f0110ebd3a4f207c24
2021-05-12 09:17:15 -04:00
2286099903
update integration tests to reflect the kube version to stop serving removed APIs
...
Kubernetes-commit: d6a4afa5b8f6b7a17868649ea40b370c7f12a37f
2021-05-11 15:17:40 -04:00
1b6c1bf2dd
Structured Logging migration: for package staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates
...
Signed-off-by: sanwishe <jiang.mingzhi35@zte.com.cn>
Kubernetes-commit: 6eb645088c41f5f9309ad27a3fe80ccebd18460d
2021-05-10 20:08:14 +08:00
640ba0e40e
docs: fix outdated enhancement doc link
...
Signed-off-by: zhuangqh <zhuangqhc@gmail.com>
Kubernetes-commit: adf28648cb32d17cd186a6c7e8b264419e6d0759
2021-02-24 15:22:50 +08:00
e11aa23b6b
wait for poststarthook/max-in-flight-filter to be initialized asynchronously
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Kubernetes-commit: 3c4eb55b4acd4bc4740b15a58fc7da0d5b516300
2021-05-07 15:17:03 +08:00
770eb2bc44
Update watcher.go
...
Kubernetes-commit: 532e35ba31e4df0a2df7dd5f2930035ce9379559
2021-05-07 16:07:34 +02:00
549cbbf8de
fix broken link in some files
...
Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31
2021-04-13 08:43:24 +08:00
df062f56c2
add auto update for apf bootstrap configuration
...
Take the following approach:
On a fresh install, all bootstrap configuration objects will
have auto update enabled via the following annotation :
`apf.kubernetes.io/autoupdate: 'true'`
The kube-apiserver periodically checks the bootstrap configuration
objects on the cluster and applies update if necessary.
We enforce an 'always auto-update' policy for the mandatory
configuration object(s).
We update the suggested configuration objects when:
- auto update is enabled (`apf.kubernetes.io/autoupdate: 'true'`) or
- auto update annotation key is missing but `generation` is `1`
If the configuration object is missing the annotation key, we add
it appropriately:
it is set to `true` if `generation` is `1`, `false` otherwise.
The above approach ensures that we don't squash changes made by an
operator. Please note, we can't protect the changes made by the
operator in the following scenario:
- the user changes the spec and then deletes and recreates
the same object. (generation resets to 1)
remove using a marker
Kubernetes-commit: 759a64136b0d4619d5535adb79a8367e124b06c6
2021-01-12 16:12:13 -05:00
8f650d1e76
Move the comment to the right line
...
Kubernetes-commit: 6001c70c7274d88b566ac3ff40e4f8900cc23c54
2021-04-23 00:05:15 +00:00
f0cd8bd9bf
Fix staticcheck on vendor/k8s.io/apiserver/pkg/server/httplog
...
Kubernetes-commit: eaaa803d48e8d78e5ad6d49324169e9d775ed7bc
2021-01-08 17:57:20 -05:00
b84fa01322
add more context to post timeout request activities
...
Kubernetes-commit: 66587afb60b10569aa4ed35d53a4a91fcc40abd2
2021-04-09 12:09:35 -04:00
2a99e7e764
Fix misspelling of condition.
...
Signed-off-by: JUN YANG <yang.jun22@zte.com.cn>
Kubernetes-commit: 6c566f6dfa5b76d105ce24b3b0cb7f5e3d50d018
2021-03-14 00:17:58 +08:00
eca89e844c
Fix staticcheck failures for vendor/k8s.io/apiserver/pkg/registry/rest/resttest
...
Kubernetes-commit: 92ece853be2969fd8f9716434c8fb062e1ebef9b
2021-04-17 16:07:19 +08:00
5a479e600e
fix hardcoding and format error log
...
Kubernetes-commit: c468a02718402bf42ffc0cd8cdbdf805fdf903a2
2021-04-14 20:19:41 +08:00
218926b065
Switch the order of adding SNICert and creating LoopbackClientConfig
...
Kubernetes-commit: 1df4503b859a2b7b2b7f9c5bcf400f61cc29d349
2021-04-22 23:17:39 +00:00
5289a15a1a
client-go transport: assert that final CA data is valid
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 440ea3ef49e0ac77353ceeaebc2aad6c995d5b35
2021-05-03 10:11:54 -04:00
7eb7056b38
webhooks,aggregation: add metrics to count certs missing SAN
...
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.
Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
2020-10-06 13:02:52 +02:00
4e12e0cd34
apf: use a list instead of slice for queueset
...
Kubernetes-commit: 69f9bc181f155ded7c5d5cc0ca9f026a6b42f431
2021-03-29 11:31:12 -04:00
04c8c14809
admission metrics reset metrics after tests
...
Kubernetes-commit: b1a81d2fb8b4528172a8de6de01b53526b7b2277
2021-03-13 21:26:22 +01:00
c233874954
[k8s.io/apiserver/pkg/endpoints/discovery/]: improve readability
...
Do not wrap code here
Signed-off-by: Zhou Peng <p@ctriple.cn>
Kubernetes-commit: 95f7b4d8544eeba0bc06122b1a35db1ab603f19d
2021-04-27 13:55:31 +08:00
a9e68c9b32
let objects without metadata pass through the managedFields admission controller
...
Not all objects provide metadata. There might be extention servers that allow for creating objects without the metadata field.
This PR changes the managedFileds admission to deal with objects without the metadata field.
Object without that field will be passed directly to the wrapped admission controller for further validation.
Kubernetes-commit: 3dbaf305ae1e52105a338987f3770ff104def68b
2021-04-29 14:08:36 +02:00
8c01d7fe18
apiserver: wrap errors in admission with context
...
When the API server encounters an error during admission webhook
handling, lower-level errors are bubbled up without any additional
context added. This leads to fairly opaque and unintelligible errors. It
is not clear to users if the API server itself is having an error (for
instance, fetching the REST client) or if the request to the webhook
failed in some way.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: ae9e71ba68cb1dd00bb5ed2635bac9aab2abbafe
2021-04-27 11:19:01 -07:00
332add01ef
Ensure audit log permissions are restricted
...
While the apiserver audit options merely use the lumberjack logger in
order to write the appropriate log files, this library has very loose
permissions by default for these files [1]. However, this library will
respect the permissions that the file has, if it exists already. This is
also the most tested scenario in the library [2].
So, let's follow the pattern marked in the library's tests and
pre-create the audit log file with an appropriate mode.
[1] https://github.com/natefinch/lumberjack/blob/v2.0/lumberjack.go#L280
[2] https://github.com/natefinch/lumberjack/blob/v2.0/linux_test.go
Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Kubernetes-commit: 42df7bc5b3aa26bf545b6392b557833c7162c472
2020-10-08 09:38:57 +03:00
285024a6b7
Promote SSA GA
...
Kubernetes-commit: 94cf48a2d16d7eaa915b7f685746a0e63870d5ff
2021-03-11 06:40:43 -08:00
e9a1de1bba
add user-agent for audit log format legacy
...
Kubernetes-commit: 358b33519cdcb3561b41a665558306967cc1d1b9
2021-02-25 20:23:51 +08:00
ca3910bf4a
Add nil path to mapping when a CR has no "scale" subresource
...
This is to prevent the ScaleHandler to drop the entry. In this way
entries just get ignored.
Kubernetes-commit: 5b666a61a170f61c7e223085478b24a03612fa99
2021-04-18 13:55:15 +02:00
a178a9c5d1
Drop managed fields entries with unknown fields
...
This is aligned to the behaviour of server-side apply on main resources.
Kubernetes-commit: c10dd884c494734d12aceb41daaccd1d8da9356b
2021-04-09 17:17:23 +02:00
9c3786c066
Do not add managed fields if a scale entry doesn't own replicas
...
This happens when a request changes the .status.replicas but not
.spec.replicas
Kubernetes-commit: 8e4b5c849b67b3a12dbd63391a4e75234382ba2c
2021-04-04 19:05:45 +02:00
8c0975e184
Check request info when updating managed fields during scale
...
- Test all versions to make sure each resource version is in the
mappings
- Fail when request info contains an unrecognized version. We have tests
that guarantee that all known versions are in the mappings. If we
get a version in request info that is not there we should fail fast to
prevent inconsistent behaviour (e.g. for some reason the mappings is
not up to date).
Ensure all known versions are in mappings
Kubernetes-commit: 09649e58b5a1368929e194991a763afc8011795e
2021-03-11 16:51:46 +01:00
ddd271ff4e
Use ScaleHandler for all scalable resources
...
Kubernetes-commit: 816e80206c169006de9d0a76cd385ee31c5aff39
2021-03-11 11:05:05 -08:00
8df8282eaf
Track ownership of deployments scale subresource
...
Kubernetes-commit: a9ea98b3b9272a7f7788a0d37891e4b13b9be38d
2021-01-23 18:50:14 +01:00
af9424d2c9
remove go-openapi/spec
...
Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
Kubernetes-commit: 34b0fcef5fc47e3fcddf7f6ca1b3e6176b2a5323
2021-04-20 17:48:33 +02:00
b86a0eee08
Add more test code for SelectionPredicate
...
Kubernetes-commit: 5468db05f0ca33e78ebf96420281097d28971140
2021-04-09 22:28:51 +08:00
a6a121887a
force implementors of dyanmiccertificates providers to think about notify
...
Right now, `_, ok := provider.(Notifier); !ok` can mean one of two
things:
1. The provider does not support notification because the provided
content is static.
2. The implementor of the provider hasn't gotten around to implementing
Notifier yet.
These have very different implications. We should not force consumers of
these interfaces to have to figure out the static of Notifier across
sometimes numerous different implementations. Instead, we should force
implementors to implement Notifier, even if it's a noop.
Change-Id: Ie7a26697a9a17790bfaa58d67045663bcc71e3cb
Kubernetes-commit: 9b7d654a08d694d20226609f7075b112fb18639b
2021-04-09 16:59:17 -07:00
d7e2a0bbee
Update kube-openapi and gnostic dependencies
...
Pulling in https://github.com/kubernetes/kube-openapi/pull/220
Kubernetes-commit: a849c8998c1ed71f25387a560f8359596aec8bd3
2021-03-23 08:33:15 -07:00
87ac3f57d4
allow multiple of --service-account-issuer
...
Kubernetes-commit: 925900317e43e58435082f624f5969e3cfe25c67
2021-04-15 09:50:43 -07:00
2ec597ed01
Add "subresource" field to ManagedFieldEntry
...
This field is useful to namespace the managed field entries of a
subresource and differentiate them from the ones of the main resource.
Kubernetes-commit: 862d256195adf3be5475b1a6935e5feb78f884a5
2021-02-27 17:16:46 +01:00
b0d1b1af17
Add "node-high" priority-level
...
Kubernetes-commit: 8d6e76f2766e51177ee50a1fba09bc5b04d6ce53
2021-04-15 16:24:02 +02:00
e14444ffc5
authorizer func: pass through context
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 8f00e918d84a76ea43d76a8d5b96c3f2535afa99
2021-04-09 09:33:46 -04:00
bd0605a728
audit: make stage consts use correct type
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 84ac2398da2be7810d311c4bc9f7358618ed193b
2021-04-09 12:29:20 -04:00
b97dfc761c
allow evictions subresource to accept policy/v1 and policy/v1beta1
...
Kubernetes-commit: 33ad842480353f2816873bf728d75333948e4817
2021-03-31 16:54:55 -04:00
2ad661f8c5
Prune stale entries from OWNERS files
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 91241eac9b7a7e62cc31e663147294bf6dc8f875
2021-04-07 10:38:27 -04:00
49d90ce0ad
DelegatingAuthenticationOptions TokenReview request timeout
...
it turns out that setting a timeout on HTTP client affect watch requests made by the delegated authentication component.
with a 10 second timeout watch requests are being re-established exactly after 10 seconds even though the default request timeout for them is ~5 minutes.
this is because if multiple timeouts were set, the stdlib picks the smaller timeout to be applied, leaving other useless.
for more details see a937729c2c/src/net/http/client.go (L364)
2021-04-09 13:20:51 +02:00
ea32c4f47f
Chain the field manager creation calls in newDefaultFieldManager and test
...
Kubernetes-commit: d37461180a1e5a52aeb85cf5853e000acfeb852d
2021-04-13 16:15:25 +00:00
bb69e234a6
apiserver: improve correlation by using the audit ID
...
- when we forward the request to the aggregated server, set the audit
ID in the new request header. This allows audit logs from aggregated
apiservers to be correlated with the kube-apiserver.
- use the audit ID in the current tracer
- use the audit ID in httplog
- when a request panics, log an error with the audit ID.
Kubernetes-commit: b607ca1bf3e1cf6152c446ea61ac7fdd9014e1f1
2021-03-02 19:27:43 -05:00
f1a76db888
apiserver: manage audit ID associated with a request
...
Manage the audit ID early in the request handling logic so that it can
be used by different layers to improve correlation.
- If the caller does not specify a value for Audit-ID in the request
header, we generate a new audit ID
- If a user specified Audit-ID is too large, we truncate it
- We echo the Audit-ID value to the caller via the response
Header 'Audit-ID'
Kubernetes-commit: 31653bacb9b979ee2f878ebece7e25f79d3f9aa6
2021-03-02 19:22:39 -05:00
0ac9d4bf6d
Update auth OWNERS files to only use aliases
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: bca4993004953041c91ad56e37ef195b32066c27
2021-04-07 10:42:00 -04:00
64517a3e40
apf: exempt probes /healthz /livez /readyz
...
Kubernetes-commit: 4447f2459aae1d916742eb1cb129d9438adcea9a
2021-03-30 12:55:30 -04:00
c74d3bdddc
Fixed several spelling mistakes
...
Kubernetes-commit: fec272a7b290a34776eac6698f12be043367a4c2
2021-03-30 15:28:23 +02:00
3ba2299cd2
Fix api installer to indicate PATCH may return a 201 for server side apply
...
Kubernetes-commit: cb72ce975630b44ec8786d5b72b1e0ee8bb1a0e4
2021-03-11 17:06:33 +00:00
bf34b41185
refactor finishRequest
...
Kubernetes-commit: a8ff821a19b819a54a54d027ec631eab2ffaedc3
2021-03-22 18:01:33 -04:00
28c097bee7
move FinishRequest to its own package
...
Kubernetes-commit: 393a1f73fbaa1bf1facb8882eaf4fead16b94f58
2021-03-22 16:39:14 -04:00
49b6ebdaae
fieldmanager: Strip managedfields BEFORE we update the timestamp
...
Kubernetes-commit: c8be9651ce0de1eee3fa785882fe01dee4b15d37
2021-03-09 12:46:07 -08:00
1e7338b1ea
use request received timestamp in httplog
...
Kubernetes-commit: 71199664be6d26e435a78566818379ff43110352
2021-03-02 18:05:51 -05:00
b5be45a80f
DelegatingAuthOptions: allows for specifying a middleware function for custom HTTP behaviour for the auth webhook client
...
Kubernetes-commit: ea7d94497b5fef2fe7b925d378f425b94448f01b
2021-03-04 12:35:09 +01:00
fbe8ccc9bd
Optimize some codes
...
Kubernetes-commit: 4a24a08f936a295bf332b9567bea182e2feff554
2021-02-28 01:00:09 +08:00
de3d390777
Make selectors atomic
...
Ensure that all label selectors are treated as atomic values,
to exclude situations when selectors are being corrupted by
different actors attempting to apply their overlapping definition
for this field with server-side-apply.
Kubernetes-commit: d8a7764b6396b90313ae7bd50a845f4da4705d67
2021-01-12 18:29:56 +01:00
7c07064678
apf: fix test flake
...
Kubernetes-commit: fa0952ee778aaf7df3e593305575f5d121b55cf1
2021-03-29 16:09:49 -04:00
d21d96225a
bump the deprecated version to 1.22
...
Change-Id: Ibefaa94151704fcaaa920541bbb9a8ad714c1d24
Kubernetes-commit: e7ee76efc0813da419045c80cc06a513fba6fc37
2021-03-29 07:54:12 -07:00
4a7c21439a
webhook config manager: HasSynced returns true when the manager is synced with existing webhookconfig objects at startup
...
Kubernetes-commit: 37d171e5bc6ca5b7aab7bfe52c8baabdea536415
2021-03-17 14:34:06 -07:00
a11399dd98
Add ability to skip OpenAPI handler installation
...
Kubernetes-commit: 66d2f4359efadd2cf85f9d901676f2ea28555951
2021-03-17 00:26:23 +00:00
7635650788
Fix incorret authentication metrics
...
Kubernetes-commit: 7dffc11abc37c4bd750a27553b6d983894bf865c
2021-03-08 13:34:55 +00:00
db01b261c4
disable flaky TestClientReceivedGOAWAY test case
...
Kubernetes-commit: d6f9369126dcaa3c94902108ec1aa3d01f658163
2021-03-15 21:12:22 +08:00
4ac82c26cf
rename apiserver_storage_object_counts to conform to best practices (apiserver_storage_objects)
...
Change-Id: I8c08a37cd3ed7c943a6691185f750e55d389dd3a
Kubernetes-commit: 50e6f15deec3f9b9ffe52accd6aab5f9560b88ad
2021-03-10 04:32:27 -08:00
14406b8e7c
Revert SSA GA
...
Kubernetes-commit: 4a41c474cc3e8fb0320f67dca581aaea6167a72c
2021-03-10 18:04:40 -08:00
63ca1f6039
delegated authn: allow client CA override based on non-empty opts
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 6686d8b846546f682d1a449cc9cd0e3c0de977b4
2021-03-09 22:53:04 -05:00
86db6c67fb
Server-Side Apply: Status Wiping/Reset Fields
...
Adds and implements ResetFieldsProvder interface in order to ensure that
the fieldmanager no longer owns fields that get reset before the object
is persisted.
Co-authored-by: Kevin Wiesmueller <kwiesmul@redhat.com>
Co-authored-by: Kevin Delgado <kevindelgado@google.com>
Kubernetes-commit: a1fac8cbd9289d95db4831a83239292ed56ce59d
2021-03-09 23:54:55 +00:00
a5c8a1e98c
Promote SSA to GA
...
Kubernetes-commit: fe1d8682845c2db2f2baa5046d7c782f5c0ca55e
2021-03-02 10:39:33 -08:00
3f9e652c39
provide directly decodable versions for storageversion API
...
Kubernetes-commit: fa03dee68cea605b285b00ae5b6ce22659d95026
2021-03-08 09:33:46 -05:00
09fb3448ff
metrics: promote apiserver_storage_object_counts to stable
...
- rename etcd_object_counts to apiserver_storage_object_counts
CONTEXT https://github.com/kubernetes/kubernetes/issues/98270
FIXES https://github.com/kubernetes/kubernetes/issues/98270
Kubernetes-commit: 77950ba79b8b56bae34291093c69006975c7b775
2021-03-04 14:42:42 +00:00
4c81a6672b
Enable, rate limit, and test APF controller fights
...
Using real time.
Kubernetes-commit: 80ff06fe846c5e565e0cbd4b70f5f1e8a4ea7295
2020-12-02 16:50:05 -05:00
43c20c5bfe
enable goaway testcases which will not flake any more with new golang.org/x/net version.
...
Kubernetes-commit: f1b23fe7679f3c650cabcd13a60b5a08b8cda36f
2021-02-05 23:34:30 +08:00
fdbe19987d
promote apiserver_request_duration_seconds to STABLE
...
Change-Id: I1b050b812738719aedd7ac6f4794ec742812e12d
Kubernetes-commit: 69e3d89a38b198d6261e675a31853583f3cce8f7
2021-03-07 17:14:36 -08:00
a70d9c48f0
Deflake TestPrepareRun
...
Kubernetes-commit: ba4aade23a76969d7598fb7ac170891c183e7327
2021-03-06 19:46:00 -05:00
b101f44b76
cleanup managedFields admission and test
...
Kubernetes-commit: 2d1ba0c35829a2f146a712d49cb21f382c9894cb
2021-03-04 23:20:51 +01:00
8ef7c0686d
only use managedFields decoding for admission check
...
Kubernetes-commit: 98d498117b5566c1229d754d97923f61600660d8
2021-03-01 20:29:15 +01:00
7c5bd1b084
harden managedFields decoding
...
Kubernetes-commit: 470ad03d076cae44bc98c64a08eea32e65f1bb9f
2021-03-01 19:58:56 +01:00
543879f479
fix test dependencies
...
Kubernetes-commit: 295e47f60b64332ef4e3268db282184357440675
2021-02-26 20:33:36 +01:00
e4b883c5c7
update licenses and bazel
...
Kubernetes-commit: 1a8e2bf0358651151a6440717b4de1f662c4571b
2021-02-26 20:14:22 +01:00
04593d2277
prevent fieldManager admission from wrapping nil
...
Kubernetes-commit: 22dfa6ae1b431cb8e8afe72ce7d60360bf766337
2021-02-26 20:14:11 +01:00
a69b2cb302
use existing validation code and decoding in fieldManager admission
...
Kubernetes-commit: fc1841d72f7418dd2606fb796f2a1b664bb3a721
2021-02-26 20:03:10 +01:00
f9c68c0e80
export and cleanup managedFields decoding
...
Kubernetes-commit: 589ca1be1c9e75b1730feacd1af6e2c817f693ac
2021-02-26 17:47:52 +01:00
82e671a5f8
add managedFields admission
...
Kubernetes-commit: f86b59ab79227929e7f283b859b4c59317399807
2021-02-11 16:22:16 +01:00
81cd3ef7b0
fix admission controller
...
Kubernetes-commit: 429a96da5e856c435b08b50791d462120724c475
2021-02-11 16:11:43 +01:00
7da058f6bb
disable webhook for testing
...
Kubernetes-commit: ffbae9c5b4a3df9f7400d0047a5d7a957adf295d
2021-02-01 17:56:49 +01:00
08a5711ffb
update bazel
...
Kubernetes-commit: a06f981fb1388976cd6427d7a4284d36dd2f2448
2021-01-14 20:33:50 +01:00
a29734176f
use managedFields admission controller in create/patch/update
...
Kubernetes-commit: 3d306e222de3b13a55030a53fef93622bb300646
2021-01-14 20:15:11 +01:00
4a5fdad93b
implement managedFields admission controller
...
Kubernetes-commit: d5ae113e8dfba62709b1fccb8dbc26c6dde9b3e5
2021-01-14 20:14:38 +01:00
1cd0838bc2
bump apiserver_request_total to STABLE status
...
We've dropped the content-type field since it is effectively unbounded
(we had a sec-vuln about this before actually). We retain all other
fields, despite their unboundedness due to the fact that we can now
explicitly set bounds on label values.
Change-Id: Icc483fc6a17ea6382928f4448643cda6f3e21adb
Kubernetes-commit: cfd00de6866e636332bdcd3f46d6d2ffd8d2bc88
2021-03-04 07:52:00 -08:00
2422ff2d3b
fix staticcheck for k8s.io/apiserver/pkg/endpoints
...
Kubernetes-commit: 9b02c89acd1c2c5664fdaa98884d17dfd5dad135
2021-02-27 15:37:00 +08:00
f16dfd3478
add myself to owners for etcd metrics
...
Kubernetes-commit: 5bc56ef4e6a255a0ca7ec86fbe9a078c284eab1a
2021-03-04 07:46:34 -08:00
4180bf5339
Fix flake test timeout
...
Kubernetes-commit: bd2655be235a00fe9db47dfe03220b691599f5f0
2021-02-23 13:59:31 +08:00
e4ff37f227
refact RemoveDeletedKinds to eliminate questions about interating over mutated maps
...
Kubernetes-commit: ab429a3120deafb64104d113ca86274e73b18314
2021-03-03 16:02:08 -05:00
04ee9b3397
Use a versioner to convert an internal type into an external type for
...
beta serving
Kubernetes-commit: 3cf9bc547fcd9d3e93bf7ccdbf989fa7d8c32221
2021-02-23 11:13:50 -05:00
146083d06b
deprecate audit.k8s.io/v1[alpha|beta]1 versions
...
Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585
2021-02-08 11:22:29 +08:00
2b123cdcbb
Fix staticcheck failures for vendor/k8s.io/apiserver/pkg/registry/generic
...
Signed-off-by: chymy <chang.min1@zte.com.cn>
Kubernetes-commit: 3bab70b06a9f84b4aeb6dd39ba56f813b4febe44
2021-02-27 03:25:24 -05:00
f5152b019f
Fix static failures for vendor/k8s.io/apiserver/pkg/endpoints/handlers
...
Kubernetes-commit: 04515b9c0a8634ddbb48883cdceb1c265ae97015
2021-02-26 21:01:55 -05:00
3292215ff4
at most every may result in less than expected times if overloaded
...
Signed-off-by: Alan Zhu <zg.zhu@daocloud.io>
Kubernetes-commit: 67234271ef50da475b4627b484b3b45ee54e8f8d
2021-02-25 16:27:42 +08:00
d2f628b12a
Promote efficient watch resumption to beta
...
Kubernetes-commit: 6b3b561bc0eaba67de5b7543a64cbf3c65cc893a
2021-02-12 11:33:48 +01:00
d3f04fd7c9
support storage encryption for aa server
...
Kubernetes-commit: dcf4821cd4c798aa08e6b31c5474717c7164945a
2021-02-18 19:10:50 +08:00
9c9a096f68
move removed kind evaluation to genericapiserver
...
Kubernetes-commit: f6941fcfa227beb78d0bdda2b85c81514cf64e12
2021-02-11 16:45:53 -05:00
8cbefb5817
apf: set response headers for rejected requests
...
Kubernetes-commit: de73ac519867b3ce41adcb9a419c3c28c7a99c41
2021-02-16 12:13:36 -05:00
302deaf21a
add myself to approvers for apiserver metrics
...
Change-Id: Iaf78c3ffb2779701ba50cbbf38c0d7642930572f
Kubernetes-commit: be4db5ac559cc4ac49a6a6e279b8054c0808ec54
2021-02-18 13:55:35 -08:00
b4f179e734
Use more real world examples in BenchmarkSerializeObject
...
Kubernetes-commit: f01f2b122923798d60893c6c189a204b94fe5723
2021-02-18 10:56:51 +01:00
1d45e7fbbc
fix the address of restful-CORS-filter.go and restful-basic-authentication.go in the comment of ./staging/src/k8s.io/apiserver/pkg/server/filters/cors.go
...
Kubernetes-commit: 66459d3386db74ba02a06ee29f68248bd695aa8f
2021-02-06 09:07:58 +08:00
b29ffb4398
Update generated code
...
Kubernetes-commit: 284e03e1abde67cae5520a9b61497a71cca78e90
2021-02-15 22:50:30 +00:00
f407d7228e
Add BenchmarkSerializeObject* benchmarks
...
Kubernetes-commit: 2228d7ce2650ba4cc5811a761d9f54e09ea6d99e
2021-02-17 15:03:53 +01:00
f4899d2eda
Allow adding healthz and livez checks independent to each other
...
Kubernetes-commit: 67f3204b408ce71bab1f3c6102f8c06f50919337
2021-02-13 17:29:34 +01:00
353b45e333
Update etcd.go
...
Kubernetes-commit: f6ac24bfd86d9dfce6a8ff0d611b4fdabc7bc504
2020-04-13 13:29:18 -04:00
68a0c4dbb1
Update etcd.go
...
Kubernetes-commit: 368e976113ca035854083212275a0c39373f152e
2020-04-10 13:21:59 -04:00
05f1caa35b
Update etcd.go
...
Kubernetes-commit: 5c3d6a26a11875a8305832fa681cc5929d159eb2
2020-04-10 11:12:26 -04:00
442d715210
added note on --etcd-servers-overrides
...
Added a note on etcd-servers-overrides option, to clarify CRDs are not supported (yet).
Kubernetes-commit: 4a71f84a30107abde63b66424c2f8d55acde7ffe
2020-04-10 10:14:50 -04:00
d22b238769
*: remove nikhiljindal from OWNERS
...
Kubernetes-commit: 6cef3a4e33c10c27bb301a1070ea3ff4cdad0c39
2021-02-16 10:50:50 +05:30
b0b0548e35
*: remove mbohlool from reviewers
...
Kubernetes-commit: dc3f59c8819d2985939645f4f08cfd98678295e3
2021-02-16 10:45:13 +05:30
2b88377b23
*: remove madhusudancs from reviewers
...
Kubernetes-commit: 6b12c96a9b7fe4d7c03d0dfed447edd6b1055067
2021-02-16 10:40:42 +05:30
148a4561b0
*: remove jianhuiz from reviewers
...
Kubernetes-commit: e1b6089e7e9f3b80a911a4ec86cec6491729c89c
2021-02-16 10:35:01 +05:30
cce93bd25d
*: move gmarek to emeritus_approvers
...
Kubernetes-commit: b11516d69f2131327931a2cf7452d5e891d7e520
2021-02-16 10:31:19 +05:30
482cbd8dcc
apiserver: add --permit-address-sharing flag to listen with SO_REUSEADDR
...
Kubernetes-commit: cef2ab700fc7d9ce226ab51f78344c907dfbb831
2020-08-10 15:51:37 +02:00
dfad5032fb
Fix ALPHA stability level reference link
...
Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2
2021-01-31 15:37:07 -08:00
1a8abfc56f
add context to metrics in util/flowcontrol.
...
Kubernetes-commit: 57d0bc301a017c41d890baee0a3a287f448c664d
2020-12-16 17:08:43 -08:00
74c8267082
add context to metrics in apiserver/endpoint
...
Kubernetes-commit: 266d67bd5124725befe775d580289b67a59f496c
2021-01-20 13:13:00 -08:00
Abu Kashem