kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,400 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7400 Commits

Author SHA1 Message Date
Alexander Zielenski eed515aa23 refactor: handle paramKind directly 
remove hacks that might conceal errors

Kubernetes-commit: acf1d850c6153aae10f26ef3d3e21fa8a63b20e0
 2024-02-20 09:22:35 -08:00
Alexander Zielenski 223ffcc3b0 add functions to policy accessors for getting match information and params 
Kubernetes-commit: 6d5133f3ecd4ddb38a29dac69641fb56576491a2
 2024-02-15 16:33:41 -08:00
Alexander Zielenski 8e917a7cef flake: avoid flake by ensuring params appear in the initial list 
sometimes they would not appear in the initial list if they were added while the informer was starting up due to ObjectTracker race

Kubernetes-commit: def05a20e22f069a60f4190755e8c7244d18781c
 2024-02-15 13:58:29 -08:00
Kubernetes Publisher 2c41261361 Merge pull request #123306 from alexzielenski/apiserver/policy/move-owners 
move OWNERS from validating to all new parent policy folder

Kubernetes-commit: 8a57e3cc2b57ff6889643a0900324996c52eaac0
 2024-02-15 20:34:51 +00:00
Kubernetes Publisher 53b26606c5 Merge pull request #123305 from aramase/aramase/f/kep_3331_audience_match_policy_follow_up 
Add integration test for multiple audience in structured authn

Kubernetes-commit: 50bf3a2060ea798600af1a4c125e0b62d08e9680
 2024-02-15 16:34:53 +00:00
Kubernetes Publisher 8242123b04 Merge pull request #122887 from jpbetz/retry-generate-name-create 
Implement KEP-4420: Retry Generate Name

Kubernetes-commit: 58c77d7b63d0a027b37e2189f9de2728e5674169
 2024-02-15 05:33:54 +00:00
Kubernetes Publisher aa40040fbc Merge pull request #123282 from enj/enj/i/authn_config_algs 
Support all key algs with structured authn config

Kubernetes-commit: 72c3c7c924ec88bfb852fd75740ed7b0ab915c38
 2024-02-15 05:33:52 +00:00
Kubernetes Publisher 6d4e589c29 Merge pull request #123165 from aramase/aramase/f/kep_3331_audience_match_policy 
Add `AudienceMatchPolicy` and support multiple audiences in AuthenticationConfiguration

Kubernetes-commit: ba450636a455eedb78a18d21db8919e9afdd4e77
 2024-02-15 01:39:13 +00:00
Kubernetes Publisher f980dbe8f0 Merge pull request #123250 from benluddy/dep-bump-cbor-v2.6.0 
Bump github.com/fxamacker/cbor/v2 to v2.6.0.

Kubernetes-commit: e305e773bbfe8c5bdf9c57881a875e168b004b8c
 2024-02-15 01:39:12 +00:00
Kubernetes Publisher ffe03d21f3 Merge pull request #122919 from alexzielenski/apiserver/policy/mutating-initial 
Refactor AdmissionPolicy for code sharing with mutating

Kubernetes-commit: 684a9975fe0e1dac4ffe00c9826590f231bdd030
 2024-02-15 01:39:10 +00:00
Anish Ramasekar 1bc99127a6 Add integration test for multiple audience in structured authn 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 0feb1d5173c94e28da79963fb296296b005dd6a1
 2024-02-14 17:04:21 -08:00
Alexander Zielenski 7e9e7fe668 move OWNERS from validating to all new parent policy folder 
meant to do this in refactor PR

Kubernetes-commit: bd27c99262e73955af6af19a1d6d72fce6739522
 2024-02-14 16:32:08 -08:00
Monis Khan d887d80e81 Support all key algs with structured authn config 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b5e0068325da7aa5ca42a7d5ea6b0f012a519765
 2024-02-13 13:45:53 -05:00
Kubernetes Publisher 503dabd7e9 Merge pull request #123179 from aramase/aramase/f/encryption_config_reload_metric 
Add `apiserver_encryption_config_controller_automatic_reloads_total` metric and deprecate success/failure counter

Kubernetes-commit: 7abb063b42c7770628ee2b69e25370cf6334882a
 2024-02-13 17:30:58 +00:00
Ben Luddy 137045a592 Bump github.com/fxamacker/cbor/v2 to v2.6.0. 
Kubernetes-commit: aac43dc96f2b679f0ab030fd3512c7e03b0f2df4
 2024-02-12 15:46:17 -05:00
Anish Ramasekar f6b16dddb3 Add `apiserver_encryption_config_controller_automatic_reloads_total` 
metric

- Adds `apiserver_encryption_config_controller_automatic_reloads_total`
  metric with status label for encryption config reload success/failure.
- Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total`

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 77241d31253baf051302fff7480c9601ad817399
 2024-02-07 19:44:41 +00:00
Kubernetes Publisher 9d6ad00bf4 Merge pull request #121486 from benluddy/cbor-stub 
KEP-4222: Add stub CBOR serializer.

Kubernetes-commit: 48228bf9dbac308f43abd59a53fdc069fbddee0f
 2024-02-10 01:48:31 +00:00
Kubernetes Publisher 76d76deeaf Merge pull request #123083 from jiahuif-forks/feature/validating-admission-policy/typechecking-variables 
ValidatingAdmissionPolicy: support variables

Kubernetes-commit: 002b0f00033e3fd4650dd4da3717b9187b8621e1
 2024-02-09 01:38:56 +00:00
Jiahui Feng 6f620d4d18 add test case for error inside variables. 
Kubernetes-commit: 3e777540fda8dda01bb72702b1e39675f21d2955
 2024-02-08 13:39:25 -08:00
José Carlos Chávez f099bff723 chore: adds consistent vanity import to files and provides tooling for verifying and updating them. (#120642) 
* chore: drops update vanity imports from script.

* chore: changes copyright year to 2024.

* chore: makes lint happy.

Kubernetes-commit: 6d6398ef9266abce3518a4c9a3d4e4d8feeffdc1
 2024-02-08 14:10:27 +00:00
Kubernetes Publisher 970932bc20 Merge pull request #123001 from tkashem/apf-allow-zero-concurrency 
Allow zero value for the 'nominalConcurrencyShares' field

Kubernetes-commit: 862ff187baad9373d59d19e5d736dcda1e25e90d
 2024-02-06 17:33:50 +00:00
Kubernetes Publisher 5bcf390db2 Merge pull request #122925 from tkashem/timeout-refactor-handle-error 
apiserver: refactor handleError in endpoints/filters

Kubernetes-commit: 35b1bc45ef380f8a95ccd6d24b0485d22ac41b68
 2024-02-06 13:30:57 +00:00
Kubernetes Publisher 8340bec347 Merge pull request #123098 from munnerz/4193-jti-audit-changes 
use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint

Kubernetes-commit: 8c6e940a970e3a910b02442c001735619a8c7ba4
 2024-02-05 17:30:48 +00:00
Kubernetes Publisher 7b91578b43 Merge pull request #122557 from liangyuanpeng/anp_0.29 
Bump konnectivity-client to v0.29.0

Kubernetes-commit: 6972fd7d0be4f85b98737aaf8c2e105b42c0de6e
 2024-02-05 17:30:47 +00:00
buddie.wei 586f61dd0f Fix the syntax error in the comment of the checkQuotas method. (#121428) 
* Update controller.go

Fix comment error.
From "It there was no quota change mark the waiter as succeeded." to "If there was no quota change mark the waiter as succeeded."

* Adjust the comments to maintain consistent tense throughout.

Adjust the comments to maintain consistent tense throughout.

Kubernetes-commit: 5855f5178f42dbc114b6c5ac1964a5dd62bb0957
 2024-02-06 00:45:00 +08:00
James Munnelly c60b23f298 use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint 
Kubernetes-commit: 7f12735fffdc490eae59e98d0f03638067b028de
 2024-02-02 16:57:16 +00:00
Kubernetes Publisher 9dc08c72a8 Merge pull request #115282 from tkashem/panic-warning 
apiserver: warning.AddWarning should not panic when request times out

Kubernetes-commit: ac6d67d27c63822298a9c725daec47f70dde94dc
 2024-02-02 01:30:00 +00:00
Jiahui Feng ab64beb117 add support of variables for Type Checking. 
Kubernetes-commit: dc832c6e59e98f8b842efe42d3f18a67e781779d
 2024-02-01 15:28:21 -08:00
Jiahui Feng 1501159ecb refactor type checking to use CompositedCompiler. 
Kubernetes-commit: 21ba0d59d3a29b5668d4ba712d5b130d458121c6
 2024-02-01 13:20:21 -08:00
Kubernetes Publisher da62838474 Merge pull request #121512 from HirazawaUi/add-decod-time-trace 
Add decode time to the audit log

Kubernetes-commit: 11b974043604f5ccbeb6e5e62e1d9edcf00bc336
 2024-01-31 21:30:53 +00:00
Kubernetes Publisher c1f89863c2 Merge pull request #118511 from lowang-bh/fix_spell_error 
fix comment of rbac decision for NoOpinion

Kubernetes-commit: fb7181792b693d9248179154a2e7172f0cd405db
 2024-01-31 21:30:52 +00:00
Kubernetes Publisher 2e2157fa2f Merge pull request #123003 from alexzielenski/apiserver/policy/crd-startup 
ValidatingAdmissionPolicy: dont skip reconcile for unchanged policy if last sync failed

Kubernetes-commit: 4f910fe47cc9a0cf648a049a6cccc38be17b0ad6
 2024-01-29 20:36:41 -08:00
Alexander Zielenski 1672796601 bugfix: avoid NPE possibility by making composition environment global 
Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33
 2024-01-29 13:45:27 -08:00
Alexander Zielenski 69adaecb9e bugfix: dont skip reconcile for unchanged policy if last sync failed 
Kubernetes-commit: 71559bd02670f53a2d6640714eeb4e7fbc554e86
 2024-01-26 18:57:30 -08:00
Kubernetes Publisher 0dd0e74922 Merge pull request #122886 from jiahuif-forks/feature/cel/mutating-library 
[CEL Library] Unstructured Object Construction Support

Kubernetes-commit: 2363cdcc399cbf428210efb2c51575ddcad2b84a
 2024-01-27 01:29:38 +00:00
Abu Kashem 554c2d262b apiserver: allow zero value for the 'nominalConcurrencyShares' field 
Kubernetes-commit: 5f75c35edf1ea0a10a64615c43b5868484c94f46
 2024-01-26 14:27:09 -05:00
Jiahui Feng 95a53374a5 convert the expectedValues to be cel.Val. 
Kubernetes-commit: c89dcf52b12bf5e32f71f3ed600315242f7e44f6
 2024-01-25 13:52:39 -08:00
Jiahui Feng f0c47558ed extra case for affirmative has(map) test. 
Kubernetes-commit: d6991638029be493e5c197b6cd0d268d8ce55457
 2024-01-25 13:36:42 -08:00
Kubernetes Publisher 9d32b8c86a Merge pull request #120631 from liyuerich/ptrderef 
Drop deprecated pointer package

Kubernetes-commit: fb1aea9a289e155fa21a57e9512acd61ed1b786b
 2024-01-24 21:29:42 +00:00
Anish Ramasekar fb760be3fc support multiple audiences with jwt authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 18c563546a764b559ce5b74f09eaaaf9c1f0e5fb
 2024-01-24 17:15:11 +00:00
Anish Ramasekar 26996e3679 Add AudienceMatchPolicy to AuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 19da90d6396ce9471f612d6e9a31f1b1c8d605b1
 2024-01-25 22:35:16 +00:00
Jiahui Feng eb407cc3dd fix convertField and its comments. 
Kubernetes-commit: d0c323fb8fbfa5c1b91ae445cbda60a416e85e65
 2024-01-23 16:47:33 -08:00
Jiahui Feng 3a5a43790e add support for equality check. 
Kubernetes-commit: df9620c9f6f6a60f7cbcacb3ad9fa40d79d1d73e
 2024-01-23 16:07:39 -08:00
Alexander Zielenski 9fd47abbb1 refactor: implement VAP off of policy plugin fw 
Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058
 2024-01-22 17:31:52 -08:00
Alexander Zielenski f8d65cf3a6 refactor: create generic policy plugin type similar to webhook 
Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be
 2024-01-22 17:31:34 -08:00
Jiahui Feng 8b89a41f3f mutation library for CEL. 
- TypeRef, TypeProvider interfaces.
- TypeRef, TypeProvider, ObjectVal, FieldType implementations
   for unstructured.
- Tests for using optional in mutation.

Kubernetes-commit: 9bbdbc510ebf8e2dcb243d6fbbf57449f895196e
 2024-01-19 17:03:34 -08:00
Joe Betz 6f648c15a2 Add retry around create 
Kubernetes-commit: a05db0dd22a68a9c443a9f01cc1b8f6397fd6a9f
 2024-01-19 16:10:30 -05:00
Alexander Zielenski 06be9d025c refactor: move matching logic into parent policy folder 
Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3
 2024-01-17 18:12:41 -08:00
Alexander Zielenski 57e06e43f7 refactor: move vap into parent `policy` folder 
also renames to remove stutter

comment

Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a
 2024-01-17 18:09:30 -08:00
Alexander Zielenski 3769e5c054 refactor: move celmetrics close to its usage in vap 
does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics

Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7
 2024-01-17 17:05:53 -08:00