kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,173 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

194 Commits

Author SHA1 Message Date
Jordan Liggitt 4b9c976f43 AdmissionConfiguration v1 
Kubernetes-commit: 1234290adfa11eb3dd34242c296e1f1dbe211c19
 2019-11-11 11:57:29 -05:00
David Eads 331894196f add featuregate inspection as admission plugin initializer 
Kubernetes-commit: 675c2fb924e82091f7ce4601e48daf4cc7030e72
 2019-11-05 14:28:40 -05:00
Clayton Coleman 3d42d38e70 namespace: Provide a special status cause when a namespace is terminating 
Clients should be able to identify when a namespace is being terminated and
take special action such as backing off or giving up. Add a helper for
getting the cause of an error and then add a special cause to the forbidden
error that namespace lifecycle admission returns. We can't change the forbidden
reason without potentially breaking older clients and so cause is the
appropriate tool.

Add `StatusCause` and `HasStatusCause` to the errors package to make checking
for causes simpler. Add `NamespaceTerminatingCause` to the v1 API as a constant.

Kubernetes-commit: a62c5b282fda7c0832d329cde45e5e0a836924e8
 2019-10-19 22:57:21 -04:00
SataQiu 630eda2c9b eliminate direct references to prometheus 
Kubernetes-commit: f99b4339681329779e44cd9f0c8ffdbabfeb6fcf
 2019-10-10 11:18:52 +08:00
Jordan Liggitt c51b9411f6 Switch admission webhook config manager to v1 
Kubernetes-commit: f247e75980061d7cf83c63c0fb1f12c7060c599f
 2019-08-01 21:57:39 -04:00
Han Kang 7400a466d2 Explicitly handle returned error values in admission metrics_test 
Kubernetes-commit: 774641ebdbdc7fe89380e7e1e77f5ebbe843ecec
 2019-08-21 12:13:33 -07:00
Jordan Liggitt d1d66bda16 Propagate context to Authorize() calls 
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
 2019-09-24 10:06:32 -04:00
Jordan Liggitt 25bf5d3b30 Add integration test for webhook client auth 
Kubernetes-commit: e734c70e037cf1311581eb61ae3e45adaa76771b
 2019-09-02 22:37:07 -04:00
Jordan Liggitt 80b9dc503b Plumb service port, URL port to webhook client auth resolution 
Kubernetes-commit: d127042cb81cbf545332ec3124161525ef84183c
 2019-09-02 22:38:36 -04:00
Jordan Liggitt ce4eaaeeb3 Make webhook benchmarks parallel 
Kubernetes-commit: 601b7d33a9cf0b724cdabb5de81b0bf2821f0fca
 2019-08-28 13:27:38 -04:00
Haowei Cai 8d86fef522 wire up the webhook rejection metrics in webhook handlers 
Kubernetes-commit: 620f5f2c587971be50cb27bb2a2d35209b3dc058
 2019-08-28 17:32:07 -07:00
Haowei Cai 466e192e26 test 
Kubernetes-commit: 71d7477c2187c0f956b90b7b55e8beee449229a2
 2019-08-28 16:54:39 -07:00
Haowei Cai c5bca07c6b add webhook rejection metrics 
Kubernetes-commit: 714dced0d1c7fbb703fa55c39a071a8a97db9176
 2019-08-28 16:49:47 -07:00
Haowei Cai e248b8b513 fix semantics of the rejected label in webhook metrics 
when error calling webhook is ignored, do not log the request as
rejected

Kubernetes-commit: f3c793512b45ea3910d5e5a379292c13b62ab64b
 2019-08-28 15:31:27 -07:00
Jordan Liggitt 58f780d1e2 Use cached selectors/client for webhooks 
Kubernetes-commit: 8c10d929cac13dc50ca4ffaca83e7ae5c8e41292
 2019-08-24 17:12:14 -04:00
Jordan Liggitt b7340127c3 Add admission benchmarks 
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating -bench . -benchmem -run DoNotRun
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating -bench . -benchmem -run DoNotRun

Kubernetes-commit: 27f535e26ad88fa30d5c0fcde4bc31897b9d521c
 2019-08-24 17:40:07 -04:00
Jordan Liggitt eb2a4467ba Let webhook accessors construct client/selectors once 
Kubernetes-commit: 14154c2345e7e467be0ff003c61cec9c0bd2be3e
 2019-08-20 17:16:21 -04:00
Han Kang b9084e350a migrate kube-apiserver metrics to stability framework 
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
 2019-08-22 15:38:42 -07:00
Haowei Cai db2bae4d84 tests 
Kubernetes-commit: d35757c653893279df566985c3368f0277fe7c02
 2019-05-31 16:22:55 -07:00
Haowei Cai f4a47ec53f mutating webhook: audit log mutation existence and actual patch 
Kubernetes-commit: 7784353a69932a4e7b4dde55b78828abf5fa4ee6
 2019-05-31 16:22:30 -07:00
Haowei Cai 70c200c6a0 audit & admission: associate annotation with audit level 
Kubernetes-commit: 318226f3403f56aaf796af3f439c13674aa2b7ab
 2019-05-31 15:36:29 -07:00
Jordan Liggitt 71ef46fa12 Use lesser of context or webhook-specific timeout in webhooks 
Kubernetes-commit: c63284b1f3996e7830c1aca85281d349d0091c82
 2019-08-19 11:23:05 -04:00
Jordan Liggitt 0c706a033c Plumb context to admission Admit/Validate 
Kubernetes-commit: 61774cd7176cae0c0324d23ab20e6c6b3038153f
 2019-08-19 10:48:08 -04:00
Joe Betz f103fcda51 Replace string concatination with trace fields 
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
 2019-08-02 23:47:24 -07:00
Joe Betz 81b56d7030 Add trace to webhook invocations 
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
 2019-05-31 16:50:54 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Chao Xu 65ba1e64bc Adding test cases to make sure objectSelector works for CRD 
Kubernetes-commit: 58fa71d1ed375876a86fe5961ad5a87a0eb23fa2
 2019-05-31 10:12:42 -07:00
Joe Betz 3c6eb3805e Fix admission metrics to use bucket sizes matching metric unit 
Kubernetes-commit: 084c52551baa3dbf0aa47f193b3abddeb8e4d673
 2019-05-31 16:17:24 -07:00
Joe Betz 32d3c876b0 Flake fix: poll for webhook registration to complete in reinvocation integration tests 
Kubernetes-commit: e51320f69d92e4d08bc25eec5a4b7a58d23184ab
 2019-06-04 14:19:26 -07:00
Chao Xu ec622aa8bd minor changes, propagating interface changes 
Kubernetes-commit: 7738c7ee8fbbaa79aed2ca221141a6b3b4f826be
 2019-05-29 17:20:43 -07:00
Chao Xu 8658264258 object matcher 
Kubernetes-commit: 6cf499db6c1dd464c6072706106dec6c5284dff7
 2019-05-29 15:56:52 -07:00
Joe Betz b22ec2bd98 Add mutating admission webhook reinvocation 
Kubernetes-commit: 95fa928ecb636e8d16af31ab613678c555fc76a3
 2019-05-29 22:31:26 -07:00
Joe Betz b2b1ef14ec split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook 
Kubernetes-commit: 55ecc45455f191c404e355097bf1beae9c42f895
 2019-05-29 21:30:45 -07:00
Joe Betz 86ad7df5fb Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 
Kubernetes-commit: cc2e3616f03518b1fe00c51b5226010df5f17cc7
 2019-05-23 22:24:20 -07:00
Jordan Liggitt 0e6c33d9b7 Consider equivalent resources when calling webhook 
Kubernetes-commit: f2abdcf43f5e0435824104fe6f1af9fb3871d455
 2019-05-20 14:36:19 -04:00
Jordan Liggitt d555b9c5d2 Move object conversion to webhook dispatch point 
convert versionedattrs as needed

Allow per-webhook kind/version

Kubernetes-commit: fc495f457f8b7c58d062d12b03a96abd0879e4d2
 2019-05-20 12:10:49 -04:00
Jordan Liggitt 6562ecd83a Add GetResourceMapper to admission ObjectInterfaces 
Kubernetes-commit: 92f735042e1cae38afe74364c036489fb7a81973
 2019-05-13 11:24:20 -04:00
Jordan Liggitt 054e44a286 make ObjectInterfaces impl generic 
Kubernetes-commit: 9071d21e3b1989ffeee4f533406e4fef6bf32aa8
 2019-05-13 11:22:11 -04:00
Jordan Liggitt afec0f3efa Skip namespace selector evaluation for 'select all' selectors 
Kubernetes-commit: e068a98f4fed7ad1fa92acc00c5d3210acd29675
 2019-05-20 17:45:34 -04:00
Joe Betz f384b59525 Update tests for: Pass {Operation}Option to Webhooks 
Kubernetes-commit: 900d652a9ac11e53293950b3d191295c21430215
 2019-05-07 13:37:07 -07:00
Joe Betz 19327df6d5 Pass {Operation}Option to Webhooks 
Kubernetes-commit: 140c8c73a64deb102b528109138ca9fb7dbb2392
 2019-05-07 13:34:18 -07:00
Jordan Liggitt 7c5dd5a07b Ensure 4xx+ response codes from webhook rejections 
Kubernetes-commit: 50076439fccb4ed6cf7b59f6f4add279ee7751aa
 2019-04-24 15:27:19 -04:00
zhouhaibing089 5ba3621283 webhook: respect the status error from webhook 
today, apiserver generates an internal server error for any call
to mutatingwebhook if it gives allowed=false. this is not right as
it is really not an intenal error, it can be a forbidden as well
if the webhook wants it to be.

Kubernetes-commit: c2fcdc818be1441dd788cae22648c04b1650d3af
 2019-01-09 14:28:33 -08:00
Mehdy Bohlool 6c13576bf2 Add port to ServiceResolvers 
Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1
 2019-03-01 16:32:50 -08:00
danielqsj 1de9bb3580 remove the deprecated admission metrics 
Kubernetes-commit: b31a3403c4b60d421900d9ddef3a27d23ea9c4c6
 2019-03-12 14:06:38 +08:00
Mehdy Bohlool 81939cee8f Add AdmissionReviewVersions to admissionregistration and default it 
Kubernetes-commit: f7dff4725f8dc694a852e7fdbdde2c8a6dd5b7d4
 2019-03-04 20:52:57 -08:00
Jordan Liggitt e63ca1e6d5 Add scope restrictions to webhook admission rules 
Kubernetes-commit: 0797d812220be9b76716d366f13215b94b70bf5d
 2019-02-24 15:18:05 -05:00
danielqsj c2c5dfe9de convert latencies in mertics name to duration 
Kubernetes-commit: c525d329effc6c6460cda947d1bf8092a927c2d3
 2019-02-22 22:19:57 +08:00
Haowei Cai 30a9fb6e25 honor timeout when dispatch 
Kubernetes-commit: e1e9ee53113413a1038a3f12c87acc61baaf726b
 2019-02-26 14:42:55 -08:00
Jordan Liggitt 3f0755b631 Explicitly set GVK when sending objects to webhooks 
Kubernetes-commit: e752a48a3012e43e4471cce0412cd9beadd3be57
 2019-02-23 00:19:47 -05:00