kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,119 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7119 Commits

Author SHA1 Message Date
Marek Siarkowicz 67b6245fc3 Fix enabling consistent list from watch cache also works for resourceVersion=0 
Kubernetes-commit: 0b8e79580eb3a63ca7707626b4894adfb9125586
 2024-03-04 19:35:34 +01:00
Kubernetes Publisher d5a8607203 Merge pull request #123926 from p0lyn0mial/upstream-deflake-test-get-list-non-recursive-with-consistent-list 
apiserver/storage/cacher: deflake TestGetListNonRecursiveWithConsistentListFromCache

Kubernetes-commit: 89f03e3988a4e7fed90ffce22f355ff248520ad2
 2024-03-14 21:14:25 +00:00
Kubernetes Publisher f6a2b2b2cb Merge pull request #123925 from p0lyn0mial/upstream-cacher-decrease-watch-not-hanging-on-startup-failure 
apiserver/storage/cacher: decrease running time of TestWatchNotHangingOnStartupFailure

Kubernetes-commit: d1a2a134c532109540025c990697a6900c2e62fc
 2024-03-14 02:06:09 -07:00
Lukasz Szaszkiewicz b8c7d7868f apiserver/storage/cacher: deflake TestGetListNonRecursiveWithConsistentListFromCache 
Kubernetes-commit: c44cc9a575f3bf1248b2fdc8e3a7ba61ab844618
 2024-03-14 09:08:29 +01:00
Lukasz Szaszkiewicz a2c5722d64 apiserver/storage/cacher: decrease running time of TestWatchNotHangingOnStartupFailure 
before:
go test -v -race -count 1 -run ^TestWatchNotHangingOnStartupFailure$
ok  	k8s.io/apiserver/pkg/storage/cacher	6.775s

after:
go test -v -race -count 1 -run ^TestWatchNotHangingOnStartupFailure$
ok  	k8s.io/apiserver/pkg/storage/cacher	2.781s

Kubernetes-commit: f5d945eb43c7bf8036a4bad8c22448e1146a7498
 2024-03-14 08:59:47 +01:00
Kubernetes Publisher 7dbc368d22 Merge pull request #123891 from p0lyn0mial/upstream-cacher-decrease-running-time-of-test-wait-unti-fresh 
apiserver/storage/cacher: decrease of running time of TestWaitUntilWatchCacheFreshAndForceAllEvents

Kubernetes-commit: 3a75a8c8d9e6a1ebd98d8572132e675d4980f184
 2024-03-13 16:08:38 +00:00
Kubernetes Publisher fb5c182ce6 Merge pull request #123887 from p0lyn0mial/upstream-cacher-decrease-running-time-of-tests 
apiserver/storage/cacher: decrease the running time of tests in the cacher package.

Kubernetes-commit: 308d664e3fdb73c4436e812d2f1395dcf9e0e2e9
 2024-03-13 16:08:37 +00:00
Kubernetes Publisher 6a24b53962 Merge pull request #123897 from p0lyn0mial/upstream-cacher-decrease-running-time-of-empty-watch-event-cache 
apiserver/storage/cacher: decrease of running time of TestEmptyWatchEventCache

Kubernetes-commit: 881cc5bc968276b05eba9be9a162873c29c2fda2
 2024-03-13 12:20:44 +00:00
Kubernetes Publisher 342a6b899d Merge pull request #123674 from serathius/non-recursive 
Fix non-recursive list returning "resource version too high" error when consistent list from cache is enabled

Kubernetes-commit: 3409f0594c94185010217f3e5156c1de9f08b405
 2024-03-12 08:34:06 -07:00
Lukasz Szaszkiewicz 80f9ab2a6a apiserver/storage/cacher: decrease of running time of TestEmptyWatchEventCache 
updates the test to wait 300 ms instead of 3s
the watch was established otherwise
we would be blocking on a call to cache.Watch(...)
in addition to that, the tests are serial in nature,
meaning that there is no other actor
that could add items to the database,
which could result in receiving new items.

Before:
go test -race  -run TestEmptyWatchEventCache
ok  	k8s.io/apiserver/pkg/storage/cacher	8.450s

After:
go test -race  -run TestEmptyWatchEventCache
ok  	k8s.io/apiserver/pkg/storage/cacher	2.635s

Kubernetes-commit: 926122c035a4f47a880db24d1a0be7ec129dd44d
 2024-03-12 13:34:04 +01:00
Lukasz Szaszkiewicz c14671349b apiserver/storage/cacher: decrease of running time of TestWaitUntilWatchCacheFreshAndForceAllEvents 
The individual cases can be safely run in parallel.

Before
go test -race  -run TestWaitUntilWatchCacheFreshAndForceAllEvents
ok  	k8s.io/apiserver/pkg/storage/cacher	10.787s

After:
go test -race  -run TestWaitUntilWatchCacheFreshAndForceAllEvents
ok  	k8s.io/apiserver/pkg/storage/cacher	4.857s

Kubernetes-commit: 3ecbb4dee00a5dd1e43e24a5952c2a90ef507ef1
 2024-03-12 10:50:44 +01:00
Lukasz Szaszkiewicz 361687d2ad apiserver/storage/cacher: decrease the running time of tests in the cacher package. 
It turns out that kube has a custom timeout for tests of 3 minutes.
The tests in the cacher package are utilizing nearly the
entire time and are being terminated, resulting in failing jobs.

Before the change, the TestWatchSemantics took ~43s to run. With this simple change, it now takes ~18s.

When we created the tests, we didn't measure the running time and assumed that waiting 1 second on a watch channel
to make sure no more events are received was sufficient.
This PR decreases the waiting time to 300 milliseconds.
Modern computers can perform many tasks within that time.
In addition to that, the tests are serial in nature, meaning that there is no other
actor that could add items to the database, which could result in receiving new items.

After the change the total running time decreased by 17%.
Before the tests needed ~176s after they need ~146s.
The changes also improved TestWatchSemanticInitialEventsExtended.

Kubernetes-commit: 5a74c8e2202044b664efce4be5d86d700e74506f
 2024-03-12 09:15:55 +01:00
Marek Siarkowicz 483da2032d Fix non-recursive list when consistent list from cache is enabled 
Kubernetes-commit: a527cab9fce0b0234db8b4e1e95a0fc20e135df1
 2024-03-04 17:59:04 +01:00
Kubernetes Publisher 07ca000ce9 Merge pull request #123732 from serathius/parallel-featureflags 
Fix SetFeatureGateDuringTest handling of Parallel tests

Kubernetes-commit: e062f925aec9137ca3f06704c6adb2883812e657
 2024-03-12 00:14:01 +00:00
Kubernetes Publisher 469611c7d7 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta

Kubernetes-commit: 8f80e0146726c42edefdfaeda6123872a5ec0981
 2024-03-10 04:10:37 +00:00
Kubernetes Publisher a4d271c759 Merge pull request #123793 from aramase/aramase/f/authn_config_reload_metrics 
Add metrics for authentication config reload

Kubernetes-commit: 09093f270aa811c2c49ea45868989ad5b6eb8a53
 2024-03-09 15:58:55 -08:00
Anish Ramasekar ee481149d7 Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 62ac88b9ea5dace6a61b784f4654fcf379b958e2
 2024-03-09 13:29:56 -08:00
Kubernetes Publisher 81df735550 Merge pull request #123525 from enj/enj/f/authn_config_reload 
Add dynamic reload support for authentication configuration

Kubernetes-commit: 77ecfb7800a5ce6f139818828c8eb49af9c44077
 2024-03-10 00:12:37 +00:00
Marek Siarkowicz 3a83dc12eb Fix SetFeatureGateDuringTest handling of Parallel tests 
Stop using defer as parallel subtest will might result in main test
finishing before subtest.

Fatal when same flag is set twice.

Kubernetes-commit: 9fcf279e2b91e7549190a433373f256fb5aebe85
 2024-03-05 21:56:40 +01:00
Monis Khan aa18faf137 Mark StructuredAuthenticationConfiguration feature gate as beta 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: bc7aa13bf793148b0c6b3b51fd9a8e17bb412712
 2024-03-05 10:39:44 -05:00
Monis Khan 2c1ad21e66 Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b4935d910dcf256288694391ef675acfbdb8e7a3
 2024-01-10 12:36:55 -05:00
Kubernetes Publisher 86ddcb4842 Merge pull request #123737 from enj/enj/i/cel_email_verified 
Require email_verified to be used when email is set as username via CEL

Kubernetes-commit: 9a160fa7808755fddd5fe8573040bef4d2ba7a0c
 2024-03-08 20:12:31 +00:00
Monis Khan 5b4b237d07 Require email_verified to be used when email is set as username via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 121607e80963370c1838f9f620c2b8552041abfc
 2024-03-05 17:20:18 -05:00
Kubernetes Publisher 8763b7fa93 Merge pull request #123431 from aramase/aramase/f/kep_3331_multiple_jwt_authenticator 
Support multiple JWT authenticators with structured authn config

Kubernetes-commit: c726b2b3a3519309afbac68e0358c99977d1c805
 2024-03-07 05:34:55 +00:00
Kubernetes Publisher 5855c335a1 Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1

Kubernetes-commit: 05cb0a55c88e0cdcfe2fb184328ad9be53e94d5c
 2024-03-07 05:34:54 +00:00
Kubernetes Publisher 4beab40010 Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API

Kubernetes-commit: bd25605619cbfb46b075002a6db58b4e489fc8cb
 2024-03-07 05:34:52 +00:00
Kubernetes Publisher 17663913a4 Merge pull request #123758 from liggitt/protobump 
[CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0

Kubernetes-commit: a5f5f44157c49fdfb6384862c7cb34c2ddbd4cce
 2024-03-06 17:29:40 +00:00
Jordan Liggitt 0a86214bd0 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0 
Kubernetes-commit: c6673d2346c814ddb4629c569bdc659ffa0c583f
 2024-03-06 09:47:28 -05:00
Kubernetes Publisher 04449c9b06 Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA

Kubernetes-commit: 2b521e5f8e6b99e84d464d8fa35658aed35bd13c
 2024-03-06 05:23:36 +00:00
Anish Ramasekar f09dddfc89 Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: b502aa6f31d3f55ce87cafdf3eb5e3fb87e74b50
 2024-03-04 23:37:31 -08:00
Anish Ramasekar bc65af8e04 Support multiple JWT authenticators with structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 39e1c9108c0802024ebb01ad2286b2f09f63798e
 2024-02-21 15:19:25 -08:00
Tim Allclair 337f031e71 Stop appending AppArmor status to node ready condition 
Kubernetes-commit: 24537a91317f9fd125ee805cd0b781358ac86f35
 2024-02-21 13:11:07 -08:00
cici37 be9c733e9d Promote ValidatingAdmissionPolicy to GA. 
Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6
 2024-01-23 22:10:40 +00:00
Kubernetes Publisher ccdc9f3ae6 Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources 
ValidatingAdmissionPolicy: exclude brink-able resources.

Kubernetes-commit: df1eccae38799ea0a361a7a0626ae1fe5c1e7c4d
 2024-03-06 01:06:53 +00:00
Kubernetes Publisher 69478b14d0 Merge pull request #123721 from enj/enj/i/authn_config_doc_nesting 
Fix AuthenticationConfiguration docs around nested claims via CEL

Kubernetes-commit: 7a20def5ba9f8e399f21467a194e85f21cbd6a47
 2024-03-05 21:36:06 +00:00
Jiahui Feng 8f8266ef89 update to inject only the list of excluded resources. 
Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4
 2024-03-05 10:27:35 -08:00
Monis Khan 37809637af Fix AuthenticationConfiguration docs around nested claims via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 290f2a7e1b62d2bfce2363ec528155a9748e0adb
 2024-03-05 12:01:11 -05:00
Kubernetes Publisher e44513e500 Merge pull request #123702 from p0lyn0mial/upstream-clean-up-after-123190 
storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed

Kubernetes-commit: 777070c9a5d458cbeac7a624e00317cf0b0aecf5
 2024-03-05 13:29:16 +00:00
Lukasz Szaszkiewicz b3f5f43260 storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed 
Kubernetes-commit: 221ad9f7c25cc4da36e97c5feca3fc60bbe5bbfa
 2024-03-05 10:23:23 +01:00
Kubernetes Publisher 377956753f Merge pull request #123568 from enj/enj/i/jwt_username_required 
jwt: fail on empty username via CEL expression

Kubernetes-commit: 50f4b1ea471c0dbfc5a60d396619405aaf352e62
 2024-03-05 05:11:54 +00:00
Kubernetes Publisher 8b057c4a4f Merge pull request #123561 from enj/enj/i/validate_jwt_sa_iss 
Prevent conflicts between service account and jwt issuers

Kubernetes-commit: 26600b17abcbeadf7f759a66b9b5ea5d8cc7a62a
 2024-03-05 05:11:51 +00:00
Kubernetes Publisher 0a68878666 Merge pull request #123641 from liggitt/authz-config-beta-gate 
Promote StructuredAuthorizationConfiguration feature gate to beta

Kubernetes-commit: 699984f25a80a39bbb112e657f08d76779cdc3a0
 2024-03-05 05:11:42 +00:00
Kubernetes Publisher 6a1a5d2f87 Merge pull request #123532 from serathius/separate-rpc 
Move cacher watch to separate rpc preventing starvation

Kubernetes-commit: 5b6d8a42931fd0eb7ba762cd46ad1655e46018a5
 2024-03-05 05:11:39 +00:00
Kubernetes Publisher 70e2d9115d Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets

Kubernetes-commit: f745503112e06d6ff199e929d536c6a29825c01a
 2024-03-05 05:11:34 +00:00
Kubernetes Publisher 311716fd2e Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics

Kubernetes-commit: 46a2137c1ba017970c316c0ec10c074cb6450732
 2024-03-05 01:28:55 +00:00
Kubernetes Publisher 250f19d55f Merge pull request #123190 from padlar/add-apiserver-wait-cache-metric 
Add apiserver_watch_cache_read_wait metric to cache refresh time

Kubernetes-commit: 599d92f1fb6fce102ae83d6c98be1aa5749f35de
 2024-03-04 21:09:36 +00:00
Sean Sullivan 0376e5de57 adds comments to tunnelingResponseWriter 
Kubernetes-commit: 3d56ff21fd3c9c9da82ff22044691ef0671ac7b6
 2024-03-04 11:10:17 -08:00
Kubernetes Publisher 7092a3d47e Merge pull request #123660 from xigang/cacher/watch 
cleanup: if triggerValue has a value fast break

Kubernetes-commit: a4eaf6e1200fa6f2050c71ef7a7e8ab27a8e4947
 2024-03-04 13:20:46 +00:00
Kubernetes Publisher 047ed89b4a Merge pull request #123527 from aramase/aramase/f/kep_3331_discovery_url 
Add `DiscoveryURL` to Authentication Configuration

Kubernetes-commit: ee5eca2a492531139f36201b101e2a7575120337
 2024-03-03 18:51:54 -08:00
xigang 2eff540b7c cleanup: if triggerValue has a value, fast break 
Signed-off-by: xigang <wangxigang2014@gmail.com>

Kubernetes-commit: d72448a41c24911a57b24cabdef3ca63ee048bd4
 2024-03-04 10:29:31 +08:00