Kubernetes Publisher
|
4beab40010
|
Merge pull request #123435 from tallclair/apparmor-ga
AppArmor fields API
Kubernetes-commit: bd25605619cbfb46b075002a6db58b4e489fc8cb
|
2024-03-07 05:34:52 +00:00 |
|
Kubernetes Publisher
|
17663913a4
|
Merge pull request #123758 from liggitt/protobump
[CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
Kubernetes-commit: a5f5f44157c49fdfb6384862c7cb34c2ddbd4cce
|
2024-03-06 17:29:40 +00:00 |
Jordan Liggitt
|
0a86214bd0
|
Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
Kubernetes-commit: c6673d2346c814ddb4629c569bdc659ffa0c583f
|
2024-03-06 09:47:28 -05:00 |
|
Kubernetes Publisher
|
04449c9b06
|
Merge pull request #123405 from cici37/vapGA
[KEP-3488]Promote ValidatingAdmissionPolicy to GA
Kubernetes-commit: 2b521e5f8e6b99e84d464d8fa35658aed35bd13c
|
2024-03-06 05:23:36 +00:00 |
Anish Ramasekar
|
f09dddfc89
|
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: b502aa6f31d3f55ce87cafdf3eb5e3fb87e74b50
|
2024-03-04 23:37:31 -08:00 |
|
Anish Ramasekar
|
bc65af8e04
|
Support multiple JWT authenticators with structured authn config
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 39e1c9108c0802024ebb01ad2286b2f09f63798e
|
2024-02-21 15:19:25 -08:00 |
Tim Allclair
|
337f031e71
|
Stop appending AppArmor status to node ready condition
Kubernetes-commit: 24537a91317f9fd125ee805cd0b781358ac86f35
|
2024-02-21 13:11:07 -08:00 |
cici37
|
be9c733e9d
|
Promote ValidatingAdmissionPolicy to GA.
Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6
|
2024-01-23 22:10:40 +00:00 |
|
Kubernetes Publisher
|
ccdc9f3ae6
|
Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources
ValidatingAdmissionPolicy: exclude brink-able resources.
Kubernetes-commit: df1eccae38799ea0a361a7a0626ae1fe5c1e7c4d
|
2024-03-06 01:06:53 +00:00 |
|
Kubernetes Publisher
|
69478b14d0
|
Merge pull request #123721 from enj/enj/i/authn_config_doc_nesting
Fix AuthenticationConfiguration docs around nested claims via CEL
Kubernetes-commit: 7a20def5ba9f8e399f21467a194e85f21cbd6a47
|
2024-03-05 21:36:06 +00:00 |
Jiahui Feng
|
8f8266ef89
|
update to inject only the list of excluded resources.
Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4
|
2024-03-05 10:27:35 -08:00 |
Monis Khan
|
37809637af
|
Fix AuthenticationConfiguration docs around nested claims via CEL
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 290f2a7e1b62d2bfce2363ec528155a9748e0adb
|
2024-03-05 12:01:11 -05:00 |
|
Kubernetes Publisher
|
e44513e500
|
Merge pull request #123702 from p0lyn0mial/upstream-clean-up-after-123190
storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed
Kubernetes-commit: 777070c9a5d458cbeac7a624e00317cf0b0aecf5
|
2024-03-05 13:29:16 +00:00 |
Lukasz Szaszkiewicz
|
b3f5f43260
|
storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed
Kubernetes-commit: 221ad9f7c25cc4da36e97c5feca3fc60bbe5bbfa
|
2024-03-05 10:23:23 +01:00 |
|
Kubernetes Publisher
|
377956753f
|
Merge pull request #123568 from enj/enj/i/jwt_username_required
jwt: fail on empty username via CEL expression
Kubernetes-commit: 50f4b1ea471c0dbfc5a60d396619405aaf352e62
|
2024-03-05 05:11:54 +00:00 |
|
Kubernetes Publisher
|
8b057c4a4f
|
Merge pull request #123561 from enj/enj/i/validate_jwt_sa_iss
Prevent conflicts between service account and jwt issuers
Kubernetes-commit: 26600b17abcbeadf7f759a66b9b5ea5d8cc7a62a
|
2024-03-05 05:11:51 +00:00 |
|
Kubernetes Publisher
|
0a68878666
|
Merge pull request #123641 from liggitt/authz-config-beta-gate
Promote StructuredAuthorizationConfiguration feature gate to beta
Kubernetes-commit: 699984f25a80a39bbb112e657f08d76779cdc3a0
|
2024-03-05 05:11:42 +00:00 |
|
Kubernetes Publisher
|
6a1a5d2f87
|
Merge pull request #123532 from serathius/separate-rpc
Move cacher watch to separate rpc preventing starvation
Kubernetes-commit: 5b6d8a42931fd0eb7ba762cd46ad1655e46018a5
|
2024-03-05 05:11:39 +00:00 |
|
Kubernetes Publisher
|
70e2d9115d
|
Merge pull request #123413 from seans3/tunneling-spdy-websockets
PortForward: Tunnel SPDY through WebSockets
Kubernetes-commit: f745503112e06d6ff199e929d536c6a29825c01a
|
2024-03-05 05:11:34 +00:00 |
|
Kubernetes Publisher
|
311716fd2e
|
Merge pull request #123639 from liggitt/authz-metrics
Add authorization webhook duration/count/failopen metrics
Kubernetes-commit: 46a2137c1ba017970c316c0ec10c074cb6450732
|
2024-03-05 01:28:55 +00:00 |
|
Kubernetes Publisher
|
250f19d55f
|
Merge pull request #123190 from padlar/add-apiserver-wait-cache-metric
Add apiserver_watch_cache_read_wait metric to cache refresh time
Kubernetes-commit: 599d92f1fb6fce102ae83d6c98be1aa5749f35de
|
2024-03-04 21:09:36 +00:00 |
Sean Sullivan
|
0376e5de57
|
adds comments to tunnelingResponseWriter
Kubernetes-commit: 3d56ff21fd3c9c9da82ff22044691ef0671ac7b6
|
2024-03-04 11:10:17 -08:00 |
|
Kubernetes Publisher
|
7092a3d47e
|
Merge pull request #123660 from xigang/cacher/watch
cleanup: if triggerValue has a value fast break
Kubernetes-commit: a4eaf6e1200fa6f2050c71ef7a7e8ab27a8e4947
|
2024-03-04 13:20:46 +00:00 |
|
Kubernetes Publisher
|
047ed89b4a
|
Merge pull request #123527 from aramase/aramase/f/kep_3331_discovery_url
Add `DiscoveryURL` to Authentication Configuration
Kubernetes-commit: ee5eca2a492531139f36201b101e2a7575120337
|
2024-03-03 18:51:54 -08:00 |
xigang
|
2eff540b7c
|
cleanup: if triggerValue has a value, fast break
Signed-off-by: xigang <wangxigang2014@gmail.com>
Kubernetes-commit: d72448a41c24911a57b24cabdef3ca63ee048bd4
|
2024-03-04 10:29:31 +08:00 |
|
Jordan Liggitt
|
9610424488
|
Fix headerInterceptingConn handling
Kubernetes-commit: 2443b3fa694462ab0438f10dea38557edea4d4e7
|
2024-03-02 17:57:39 -05:00 |
|
Jordan Liggitt
|
4d70dec65c
|
Promote StructuredAuthorizationConfiguration feature gate to beta
Kubernetes-commit: 30256c8909ab8c30a64f786361543768f2719c77
|
2024-03-02 02:12:36 -05:00 |
|
Jordan Liggitt
|
9adb3ee3c0
|
Add authorization webhook duration/count/failopen metrics
Kubernetes-commit: 79b344d85e3e2f8f3192a3dcabb384cfe87136a6
|
2024-03-02 01:44:28 -05:00 |
Marek Siarkowicz
|
743b53428c
|
Test that separation of streams work by using progress notifies
Kubernetes-commit: 1cf4cec449cb29718a694e25f4750452af3f491d
|
2024-02-29 17:51:46 +01:00 |
|
Jiahui Feng
|
a86b013fb6
|
make ValidatingAdmissionPolicy ignore excluded resources.
Kubernetes-commit: 64ee859aa82c17daa8037e4e90e066ae4582d653
|
2024-02-28 15:31:44 -08:00 |
|
Jiahui Feng
|
b1e2103ed5
|
add resource filter to admission initializer.
Kubernetes-commit: 5b1fffa3e40b812e81ede244f671c90e3428e2ec
|
2024-02-28 15:31:18 -08:00 |
|
Monis Khan
|
4eaefb0cee
|
jwt: fail on empty username via CEL expression
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 8345ad0bac4fee6d25f033f0445e2e10eae6afbe
|
2024-02-28 12:53:08 -05:00 |
|
Monis Khan
|
9432b4df38
|
Prevent conflicts between service account and jwt issuers
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 05e1eff7933a440595f4bea322b54054d3c1b153
|
2024-02-27 17:11:18 -05:00 |
|
Marek Siarkowicz
|
e810084a4b
|
Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior
Kubernetes-commit: 31d404b182d2985ce0d3c43f75d80c29a708beda
|
2024-02-27 11:25:42 +01:00 |
|
Anish Ramasekar
|
d456bc0c1b
|
wire up discovery url in authenticator
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 78fb0bae22f2106219d19fff060caa7866c27430
|
2024-02-26 16:17:58 -08:00 |
Sean Sullivan
|
f4bc37078e
|
portforward: tunnel spdy through websockets
Kubernetes-commit: 8b447d8c97e8823b4308eb91cf7d75693e867c61
|
2024-02-21 08:56:07 +00:00 |
Sunil Shivanand
|
9ffd1e2039
|
Add apiserver_watch_cache_read_wait metric to cache refresh time
Signed-off-by: Sunil Shivanand <padlar@live.com>
Kubernetes-commit: e6ed0f37c65fb22c16f5afa408bc4de166070ebc
|
2024-02-08 12:39:50 +01:00 |
|
Anish Ramasekar
|
f2c6133c7f
|
Add `DiscoveryURL` to AuthenticationConfiguration
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 84852ff56f952b4c3daab920d119d24c2e6a3476
|
2024-02-07 01:41:52 +00:00 |
|
Kubernetes Publisher
|
e92429c2ad
|
Merge pull request #123225 from aramase/aramase/f/kep_3331_latency_metrics
Add `apiserver_authentication_jwt_authenticator_latency_seconds` metric
Kubernetes-commit: 6d2ee131ebd13ce2ec2448300bb99f4ea942f1a9
|
2024-03-04 01:15:11 +00:00 |
|
Kubernetes Publisher
|
6f43b57386
|
Merge pull request #123640 from liggitt/authz-beta-config
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1
Kubernetes-commit: 8674282a054d3ae32e2e009dab6f8a0da3689828
|
2024-03-02 21:03:19 +00:00 |
|
Jordan Liggitt
|
4153027735
|
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1
Kubernetes-commit: 0605a75c5e3590e2b0ab80d2163a76c4e77f4380
|
2024-03-02 01:56:29 -05:00 |
|
Kubernetes Publisher
|
bf894b0555
|
Merge pull request #123634 from liggitt/handler-race
Fix discovery v2 conversion registration data race
Kubernetes-commit: 95875b7723fe1aa50b0a6a425ece8a0927ef83f8
|
2024-03-02 05:50:08 +00:00 |
|
Kubernetes Publisher
|
cc00aa34b6
|
Merge pull request #123611 from ritazh/authz-mcmetrics
Add authz webhook matchcondition metrics
Kubernetes-commit: 3e1da218014b5a4e5c95ee79404093302104438b
|
2024-03-02 05:50:07 +00:00 |
|
Kubernetes Publisher
|
00ac59edfa
|
Merge pull request #122975 from aramase/aramase/c/cleanup_authn_validation
cleanup structured authn/authz error logic
Kubernetes-commit: 4e8674f4e582c7d33143c42990d9409990d979a3
|
2024-03-02 05:50:03 +00:00 |
|
Kubernetes Publisher
|
0d2b79b3b6
|
Merge pull request #122882 from Jefftree/agg-discovery-v2-usage
Use Aggregated Discovery v2 types and promote to GA
Kubernetes-commit: 3f25211d69b4412e3e926835067918f86f629f3e
|
2024-03-02 01:40:36 +00:00 |
|
Jordan Liggitt
|
59cba35b06
|
Fix discovery v2 conversion registration data race
Kubernetes-commit: 0e9cdf76ad2e21166dd5b72f7b0c2450d648c906
|
2024-03-01 19:29:39 -05:00 |
Rita Zhang
|
b7a30e3bfb
|
add authz webhook matchcondition metrics
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
Kubernetes-commit: e76fce75666beb2771dfa15a10700f18d2d15d85
|
2024-02-29 20:55:32 -08:00 |
|
Anish Ramasekar
|
09c9be2c2e
|
Add `apiserver_authentication_jwt_authenticator_latency_seconds` metric
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 0da5e8137b839860d55938ceb6d520caba3fc776
|
2024-02-08 18:08:07 +00:00 |
|
Anish Ramasekar
|
7b0c197f53
|
cleanup structured authn/authz error logic
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: c2c4f4616d4ecea9fad5b994cdc72e3f96728962
|
2024-01-25 22:45:19 +00:00 |
Jefftree
|
d8d3b8c351
|
Use v2 types with agg discovery
Kubernetes-commit: 462dd326c2e98d937a96d49002883000efe4b2d6
|
2024-01-19 16:13:47 -05:00 |