da62838474
Merge pull request #121512 from HirazawaUi/add-decod-time-trace
...
Add decode time to the audit log
Kubernetes-commit: 11b974043604f5ccbeb6e5e62e1d9edcf00bc336
2024-01-31 21:30:53 +00:00
c1f89863c2
Merge pull request #118511 from lowang-bh/fix_spell_error
...
fix comment of rbac decision for NoOpinion
Kubernetes-commit: fb7181792b693d9248179154a2e7172f0cd405db
2024-01-31 21:30:52 +00:00
2e2157fa2f
Merge pull request #123003 from alexzielenski/apiserver/policy/crd-startup
...
ValidatingAdmissionPolicy: dont skip reconcile for unchanged policy if last sync failed
Kubernetes-commit: 4f910fe47cc9a0cf648a049a6cccc38be17b0ad6
2024-01-29 20:36:41 -08:00
1672796601
bugfix: avoid NPE possibility by making composition environment global
...
Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33
2024-01-29 13:45:27 -08:00
69adaecb9e
bugfix: dont skip reconcile for unchanged policy if last sync failed
...
Kubernetes-commit: 71559bd02670f53a2d6640714eeb4e7fbc554e86
2024-01-26 18:57:30 -08:00
0dd0e74922
Merge pull request #122886 from jiahuif-forks/feature/cel/mutating-library
...
[CEL Library] Unstructured Object Construction Support
Kubernetes-commit: 2363cdcc399cbf428210efb2c51575ddcad2b84a
2024-01-27 01:29:38 +00:00
554c2d262b
apiserver: allow zero value for the 'nominalConcurrencyShares' field
...
Kubernetes-commit: 5f75c35edf1ea0a10a64615c43b5868484c94f46
2024-01-26 14:27:09 -05:00
95a53374a5
convert the expectedValues to be cel.Val.
...
Kubernetes-commit: c89dcf52b12bf5e32f71f3ed600315242f7e44f6
2024-01-25 13:52:39 -08:00
f0c47558ed
extra case for affirmative has(map) test.
...
Kubernetes-commit: d6991638029be493e5c197b6cd0d268d8ce55457
2024-01-25 13:36:42 -08:00
9d32b8c86a
Merge pull request #120631 from liyuerich/ptrderef
...
Drop deprecated pointer package
Kubernetes-commit: fb1aea9a289e155fa21a57e9512acd61ed1b786b
2024-01-24 21:29:42 +00:00
fb760be3fc
support multiple audiences with jwt authenticator
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 18c563546a764b559ce5b74f09eaaaf9c1f0e5fb
2024-01-24 17:15:11 +00:00
26996e3679
Add AudienceMatchPolicy to AuthenticationConfiguration
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 19da90d6396ce9471f612d6e9a31f1b1c8d605b1
2024-01-25 22:35:16 +00:00
eb407cc3dd
fix convertField and its comments.
...
Kubernetes-commit: d0c323fb8fbfa5c1b91ae445cbda60a416e85e65
2024-01-23 16:47:33 -08:00
3a5a43790e
add support for equality check.
...
Kubernetes-commit: df9620c9f6f6a60f7cbcacb3ad9fa40d79d1d73e
2024-01-23 16:07:39 -08:00
9fd47abbb1
refactor: implement VAP off of policy plugin fw
...
Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058
2024-01-22 17:31:52 -08:00
f8d65cf3a6
refactor: create generic policy plugin type similar to webhook
...
Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be
2024-01-22 17:31:34 -08:00
8b89a41f3f
mutation library for CEL.
...
- TypeRef, TypeProvider interfaces.
- TypeRef, TypeProvider, ObjectVal, FieldType implementations
for unstructured.
- Tests for using optional in mutation.
Kubernetes-commit: 9bbdbc510ebf8e2dcb243d6fbbf57449f895196e
2024-01-19 17:03:34 -08:00
6f648c15a2
Add retry around create
...
Kubernetes-commit: a05db0dd22a68a9c443a9f01cc1b8f6397fd6a9f
2024-01-19 16:10:30 -05:00
06be9d025c
refactor: move matching logic into parent policy folder
...
Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3
2024-01-17 18:12:41 -08:00
57e06e43f7
refactor: move vap into parent `policy` folder
...
also renames to remove stutter
comment
Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a
2024-01-17 18:09:30 -08:00
3769e5c054
refactor: move celmetrics close to its usage in vap
...
does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics
Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7
2024-01-17 17:05:53 -08:00
76172aaa1f
storage/cacher: ensure the cache is at the Most Recent ResourceVersion when streaming was requested
...
Kubernetes-commit: f90bcf649e0f3dc233f49882468f949b0f00ac4f
2024-01-17 14:10:04 +01:00
e6f368f3b9
apiserver: refactor handleError in endpoints/filters
...
Kubernetes-commit: 9e37ccedc7fbbbacf07ecc79949c75e1e250ba58
2024-01-09 13:32:09 -05:00
d24017c506
Update konnectivity to 0.29.0
...
update konnectivity server&agent images to 0.29.0
bump konnectivity deps to 0.29.0
Signed-off-by: Lan Liang <gcslyp@gmail.com>
Kubernetes-commit: d3b8eba690f8eeaf41b4fdf56c943004be501e4e
2024-01-02 05:52:55 +00:00
c2310e1279
Implement authz config file reloading
...
Kubernetes-commit: 5dc92ada068cb80a2866cfaa1f9aa760d2524680
2023-11-08 08:49:58 -06:00
bc8676d59a
Add decoding time to the audit log
...
Kubernetes-commit: 20fe2a3539e90f7554f94359ac3b4058a5bbb363
2023-10-25 22:52:11 +08:00
f9391f6b1d
Update vendoring to take new CBOR library dependency.
...
Kubernetes-commit: 09a1abda998fc37e2e29a120a82be7c6271656e0
2023-10-17 16:51:52 -04:00
000601bdbe
Add handler to run watch serving in separate goroutine
...
This handler allows running execution prior to actual serving in a separate
goroutine when serving requests. Doing so benefits cases in serving long running
requests because it allows freeing memory used by the separate goroutine
and keeps the serving routines slim.
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 7b2698a5e5c61b303481c2006847409fc8704746
2023-10-10 08:53:26 +00:00
f709e954ab
drop deprecated pointer package
...
Signed-off-by: liyuerich <yue.li@daocloud.io>
Kubernetes-commit: e490439262fad619d83c5647a42a5382cb9c787b
2023-09-15 21:03:36 +08:00
888034e53f
Merge pull request #122518 from cici37/celEnv29
...
Update env version, add cost for previous added func, add tests, etc.
Kubernetes-commit: 31197eba75040cb0b88f488caf18a4c87182abed
2024-01-23 21:29:53 +00:00
338910dbd7
Merge pull request #122873 from p0lyn0mial/upstream-reflector-usewatchlist-pointer
...
client-go/reflector: make UseWatchList a pointer
Kubernetes-commit: 445869a59bdbd1c587b72b52c5da94c1d1c316a1
2024-01-22 21:32:29 +00:00
ca8d0aaf91
client-go/reflector: make UseWatchList a pointer
...
until #115478(use streaming against the etcd storage)
is resolved the cacher need a way to disable the streaming.
Kubernetes-commit: 41e706600aea7468f486150d951d3b8948ce89d5
2024-01-19 13:48:29 +01:00
9f9c32c4ac
Merge pull request #122842 from pohly/klog-update
...
dependencies: klog v2.120.1
Kubernetes-commit: b27b56a46c4c1e6be0dc2b1a0230d86223a7e903
2024-01-18 21:34:52 +00:00
da46024a72
Merge pull request #122839 from pohly/ginkgo-gomega-update
...
dependencies: ginkgo v2.15.0, gomega v1.31.0
Kubernetes-commit: c82da711b0e2184f851675aac4596bbd0f74763f
2024-01-18 21:34:51 +00:00
3a9c95f3b6
dependencies: klog v2.120.1
...
Kubernetes-commit: e2222f1e304831cbbc57b61afa373612297055fb
2024-01-18 16:58:40 +01:00
78fd4a492b
dependencies: ginkgo v2.15.0, gomega v1.31.0
...
The main reason for updating is support for reporting the cause of context
cancellation: Ginkgo provides that information when canceling a context and
Gomega polling code includes that when generating a failure message.
Kubernetes-commit: 18f0af1f000f95749ca1ea075d62ca89e86bb7da
2024-01-18 12:45:55 +01:00
ff6a2dc722
Negative index regression test for json-patch ( #122625 )
...
* add testcase with negative index
* exercise successful negative index patching
* use different values for testing
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
---------
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
Kubernetes-commit: 83ff8a2f49f820fb355b24c65b8629710dca8a54
2024-01-18 09:31:12 +00:00
496d7e7b8b
Merge pull request #122701 from carlory/fix-quota
...
Fix resource deletion failure caused by quota calculation error when InPlacePodVerticalScaling is turned on
Kubernetes-commit: 5ad2c12a6951deffe5394abc48c65417553dd214
2024-01-18 09:31:10 +00:00
8ad2e288d6
Merge pull request #122706 from pacoxu/klog-upgrade
...
bump klog to v2.120.0
Kubernetes-commit: 823ecb58f68fbe0a4b37b32e11e75c6f2e0f467c
2024-01-11 21:35:26 +00:00
3574aabfdd
bump klog to v2.120.0
...
Kubernetes-commit: 3c86d21316c25b52a1cf3f9703a0bc2cbe97131c
2024-01-11 17:35:07 +08:00
aa358081a5
fix evaluate resource quota if a resource is updated when the InPlacePodVerticalScaling feature-gate is on
...
Kubernetes-commit: 041e97af1f0ee40029dcd44abd63f84514eca59e
2024-01-11 16:04:02 +08:00
303f36b718
Merge pull request #122689 from enj/enj/r/ec_hash_cleanup
...
Clean up encryption config reading and hashing logic
Kubernetes-commit: 741fd84d1570caecc533152d3c6c9da6f5de8c4e
2024-01-10 21:34:48 +00:00
285e6ec394
Clean up encryption config reading and hashing logic
...
This is a no-op change that makes the internal encryption config
hash more specific to it use and explicitly marks it as unstable.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 9387a66c71fd85840cb199b468610b8fa950253f
2024-01-10 14:48:30 -05:00
2792cf227c
Merge pull request #122558 from linxiulei/webhook-http2
...
Use http/2 for localhost webhook
Kubernetes-commit: 9bd0ef5f173de3cc2d1d629a4aee499d53690aee
2024-01-04 21:29:10 +00:00
a962862e57
Merge pull request #121917 from SataQiu/clean-import-hack
...
Remove import hack about k8s.io/utils/clock/testing
Kubernetes-commit: 4cc0af1d16a37264320f982eb6d42f7e897c10cb
2024-01-04 17:28:58 +00:00
547675e994
Merge pull request #122468 from carlory/remove-fg-RemoveSelfLink
...
remove GA featuregate RemoveSelfLink
Kubernetes-commit: 838536f6641eb5b1b875af05f74fc84146ba2f05
2024-01-03 17:28:54 +00:00
9ec63da0d7
Merge pull request #122347 from aramase/aramase/c/move_kms_apis
...
kmsv2: move encryption config types to standard API server config location
Kubernetes-commit: a7af34e1b846ce06f3ec1d7d3877b531f22da3ad
2024-01-03 17:28:53 +00:00
fa628fd528
Use http/2 for localhost webhook
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 246e69fb99007412c4903fe8e7ad1d8c5f25cd8e
2024-01-03 13:49:51 +00:00
b25363ccbc
Merge pull request #122560 from aramase/aramase/c/add_unique_comment
...
[StructuredAuthnConfig] add comment for extra keys unique requirement
Kubernetes-commit: c686334d41976ca9280cee26263735ede6e1ce85
2024-01-02 23:26:28 +01:00
6bad17ce50
[StructuredAuthnConfig] add comment for extra keys unique requirement
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: af8da8e01c28286feedf528e94683781a0387a99
2024-01-02 19:58:20 +00:00
Kubernetes Publisher