71463feb30
Adding test case for the webhook behavior change
...
Authored-by: Jordan Liggitt <liggitt@google.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 3be3051fb77be1a1ad250c04a68efe8c6bf61940
2025-05-06 09:23:46 -04:00
0f91510ab0
Treat error decoding a mutating webhook patch as error calling the webhook
...
Co-Authored-By: Matthew Wong <mattwon@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: cf82fd7e9ceac60b7a336c90958835865c4f2f0a
2024-10-23 15:52:41 -07:00
23913f0bf4
Merge pull request #131559 from jpbetz/fix-unstructured-to-val-equality
...
Fix UnstructuredToVal map equality to respect nil fields
Kubernetes-commit: 3f808638076e9e2be5f53a4aec9d2d5d00b997e1
2025-05-06 03:34:58 +00:00
eeced267ad
Merge pull request #131595 from aojea/utils_fake_clock
...
update k8s.io/utils to bring fakeClock.Waiters()
Kubernetes-commit: e3e1f80c0110c847acf4381b1790c1c667395010
2025-05-03 03:42:20 +00:00
d8f5cf79ad
Merge pull request #131574 from enj/enj/t/oidc_cel_unescape
...
jwt: support CEL expressions with escaped names
Kubernetes-commit: 43a5c18ebacf57b23f8431f270bef6c361631f20
2025-05-03 03:42:17 +00:00
3dae57efb5
Merge pull request #130989 from liggitt/creationTimestamp-omitzero
...
Omit null creationTimestamp
Kubernetes-commit: 01899a7c86337b05a16a4155c9351cf947beaee9
2025-05-02 23:43:09 +00:00
73b2a2235b
update k8s.io/utils to bring fakeClock.Waiters()
...
Change-Id: I7e25338df225c2c27457403fbc2f158d08638f87
Kubernetes-commit: c2c003a71fc52fa79c2fff0109afad58573d0216
2025-05-02 11:21:11 +00:00
f2b320dc52
jwt: support CEL expressions with escaped names
...
This is purely for consistency with other uses of CEL in the
project. Using `[` for accessing claims or user data is preferred
when names contain characters that would need to be escaped. CEL
optionals via `?` can be used in places where `has` cannot be used,
i.e. `claims[?"kubernetes.io"]` or `user.extra[?"domain.io/foo"]`.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 7b50c8a510f2645219ee05da5195042c02552932
2025-05-01 13:22:52 -04:00
c199f9d392
Fix CEL equality bug for structs will nil field not marked as omitempty
...
Kubernetes-commit: 66b8a8427cf0be6f6a87ea3384e7213696bdfd4c
2025-04-30 09:16:44 -04:00
0d11839195
Drop null creationTimestamp from test fixtures
...
Kubernetes-commit: 6bb6c9934294d8265197c9dfc4c9dd3adaca147a
2025-03-24 09:37:26 -04:00
b5e431bd82
bump cbor to add omitzero support
...
Kubernetes-commit: bc6051717137cef288b82305588e675de4a32c0d
2025-03-25 12:27:43 -04:00
d22318d3d2
bump structured-merge-diff to add omitzero support
...
Kubernetes-commit: 06b0784062f68566daa8eed83c475b738dcf620c
2025-03-24 16:34:01 -04:00
8776678b52
Merge pull request #131573 from enj/enj/t/oidc_nested_cel
...
jwt: add unit tests for using CEL with deeply nested claims
Kubernetes-commit: 03a3c0c89161935bc2338f5754ebb1104f779af1
2025-05-01 12:41:56 -07:00
cb5a7a865d
jwt: add unit tests for using CEL with deeply nested claims
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 5441f5fdef781298cd7d924eecd00e20e08831ce
2025-04-30 00:03:25 -04:00
a18370ff46
Merge pull request #131536 from enj/enj/r/oidc_cel_activation
...
jwt: refactor CEL eval to drop `unstructured` and `map[string]any`
Kubernetes-commit: 1b517e55013479f674f3fac7196f3af307d6e23f
2025-04-30 03:30:37 +00:00
de95d3511f
Merge pull request #131460 from jpbetz/cel-value-reflect
...
Add lazy reflective CEL object wrapper
Kubernetes-commit: 25f124886c37d07d5550d94306dcd3e677f97b10
2025-04-29 13:43:54 -07:00
847f0cb7d3
Appease linters
...
Kubernetes-commit: ea64418271408a6db07b3e6c30f5e42504222af5
2025-04-29 15:37:26 -04:00
dbbb6a075e
jwt: refactor CEL eval to drop unstructured and map[string]any
...
This prepares us to add support for distributed claims support in
CEL expressions.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 43d6ea12e3f757e46e17311801a596aa5e70b06e
2025-04-28 17:19:54 -04:00
f52dfa0eb4
Add lazy reflective CEL object wrapper
...
Kubernetes-commit: 064074c07ac3c521483b592f37f2a58d4583ee39
2025-04-04 10:03:38 -04:00
a50d13fe86
Merge pull request #131434 from pacoxu/fsnotify
...
bump fsnotify v1.9.0
Kubernetes-commit: 1b509a888327c0a7bcbae21b78b1bf3c447cc666
2025-04-25 19:37:03 +00:00
201e7749f2
Merge pull request #131444 from erdii/update-cel-go
...
chore: update github.com/google/cel-go dependency to v0.25.0
Kubernetes-commit: e9379e92db19d826d46edd502dd3a61609b32c52
2025-04-25 11:36:08 +00:00
3a062dc7cb
chore: update github.com/google/cel-go dependency to v0.25.0
...
Signed-off-by: Josh Gwosdz <jgwosdz@redhat.com>
Kubernetes-commit: 7a24c4ce5d96aab2e9a33c4d62617cfb1c83c9f8
2025-04-24 14:59:35 +02:00
4a106441d6
Merge pull request #131435 from wojtek-t/fix_watcher
...
Fix etcd3 watcher flake
Kubernetes-commit: 6e1d5e310ae1c37667a20655720b3cecc62b50ef
2025-04-24 09:18:31 -07:00
fc69168d19
Fix etcd3 watcher flake
...
Kubernetes-commit: c3bb59d078a023153c6ea0c9a93e535b48f2557d
2025-04-24 11:32:49 +02:00
f541759309
bump fsnotify v1.9.0
...
Kubernetes-commit: a2281f97bb06233ece3f601f73a7ac1137433610
2025-04-24 17:01:00 +08:00
85b0cb4ae1
Merge pull request #129515 from nojnhuh/typos
...
Fix comment typos
Kubernetes-commit: e0f9955130fd007b66e89594dbed3d9067a301b4
2025-04-24 07:29:44 +00:00
42db0bf60a
Merge pull request #131366 from xigang/resource_encoding
...
Fix typo in ResourceEncodingConfig comment
Kubernetes-commit: 25edc4237a346ffaf5afd4fbc1eea6e8e6321c6b
2025-04-24 03:39:17 +00:00
fe06bdc873
Merge pull request #131323 from karlkfi/karl-watch-test-move
...
chore: move watch handler tests to handlers pkg
Kubernetes-commit: 360a3bfb3c36a19066d7c93f347d6d029b9aaa16
2025-04-24 03:39:14 +00:00
cab2303b49
Merge pull request #131215 from tosi3k/cleanup-leader-election
...
Remove FlowSchemas handling non-leases-backed leader election
Kubernetes-commit: 27de9a82b7de600fa40b4b2add081cefaec6cdc0
2025-04-24 03:39:12 +00:00
c160237b46
Merge pull request #131162 from wojtek-t/simplify_etcd3_watcher
...
Simplify etcd3 watcher
Kubernetes-commit: db21f3df3f44b5b4545c8164d0d6030b01db2ed0
2025-04-24 03:39:11 +00:00
492c873a80
Merge pull request #130995 from xigang/utils
...
bump k8s.io/utils for improvements
Kubernetes-commit: 43a7d3be12425cc80ca6ad3599809a19728c5566
2025-04-23 23:44:15 +00:00
6da3566330
Merge pull request #130994 from BenTheElder/host-network-no-port
...
Remove inaccurate doc comment from podspec hostNetwork field
Kubernetes-commit: b775f9b92f98f7b3acbb3864ed53c2f5b835e917
2025-04-23 23:44:14 +00:00
213eed6ea1
Allow disabling caching for webhook authorizers when using `apiserver.config.k8s.io/v1{alpha1,beta1}.AuthorizationConfiguration` ( #129237 )
...
* Introduce new boolean `cache{Una,A}uthorizedRequests` field
* Run `hack/update-codegen.sh`
* Respect legacy flags values for caching
With the legacy `--authorization-webhook-cache-{un}authorized-ttl`
flags, caching was disabled when the TTL was set to `0`, so let's
continue doing so when building the authz configuration struct.
* Pass TTL=0 to webhook authz plugin when cache disabled
Kubernetes-commit: fa8e37f7805d608c121f07da5259d3086436d397
2025-04-23 22:30:52 +02:00
82f6fe39b0
Merge pull request #127126 from mengqiy/patch-2
...
Correct etcd override flag help text
Kubernetes-commit: f16176317310b5b920236feb9fd4cb7c6b7df6a2
2025-04-23 23:44:10 +00:00
8181c85b8b
Merge pull request #131359 from deads2k/disable
...
Stop exposing list-via-watch from the server
Kubernetes-commit: 66931f07d9c3a4b8b7aecb5649d710896001047c
2025-04-18 07:55:08 -07:00
056896e970
Fix typo in ResourceEncodingConfig comment
...
Signed-off-by: xigang <wangxigang2014@gmail.com>
Kubernetes-commit: f844abfc6f950fd90a3b66355641ec53879d79a2
2025-04-18 15:55:38 +08:00
f5da7d2a32
Stop exposing list-via-watch from the server
...
With StreamingCollectionEncodingToJSON and
StreamingCollectionEncodingToProtobuf, the WatchList must re-justify its
necessity. To prevent an ecosystem from building around a feature that
may not be promoted, we will stop serving list-via-watch until
performance numbers can justify its inclusion.
This also stops the kube-controller-manager from using the
list-via-watch by default. The fallback is a regular list, so during
the skew during an upgrade the "right" thing will happen and the new
StreamingCollectionEncoding will be used.
Kubernetes-commit: 660df229bf3929741cf31659187060d0c651dcf9
2025-04-17 16:34:46 -04:00
4c858d18eb
chore: move watch handler tests to handlers pkg
...
- Move the watch handler unit tests to the same package as the
WatchServer implementation.
k8s.io/apiserver/pkg/endpoints -> k8s.io/apiserver/endpoints/handlers
- Copy over minimal scheme and codec test setup
- Refactor the tests to use testify assert and require
This unblocks making WatchServer private, if we decide to do that.
Kubernetes-commit: 7fcc1bcf1d1fdb2da6ea1c5b49798a7c7eeb6e6d
2025-04-15 16:34:28 -07:00
03ddc411f7
Merge pull request #131196 from siyuanfoundation/forward-api
...
bug fix: fix version order in emulation forward compatibility.
Kubernetes-commit: 640489ae0cefea2358b4d248aaae9b3b2128cf7d
2025-04-08 22:46:41 +00:00
2a113dbe6b
Merge pull request #131204 from dims/move-to-released-version-of-prometheus/client_golang-v1.22.0-from-rc.0
...
Move to released version of prometheus/client_golang v1.22.0 from rc.0
Kubernetes-commit: 92af6ab6926f192a3d4543a1d6fa39f20edad3ea
2025-04-08 22:46:39 +00:00
e87c9dbf8f
Move to released version of prometheus/client_golang v1.22.0 from rc.0
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 2ef4a8426c2c1b6e3495de08c4686382a752f8f7
2025-04-08 08:35:18 -04:00
cd728bc91b
Remove FlowSchemas handling non-leases-backed leader election
...
Kubernetes-commit: 2800c16c8b97991b228c00b86934daa134f08add
2025-04-08 13:57:46 +02:00
5a4ec0a797
bug fix: fix version order in emulation forward compatibility.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: b1a9cc347311012bade7230b55ab95229a1e22c9
2025-04-07 18:38:43 -07:00
d4f2fc56b5
Merge pull request #131020 from wojtek-t/fix_asynchronous_error
...
Fix race for sending errors in watch
Kubernetes-commit: b4d139094698687043b36f1c378dfeb1b654198a
2025-04-02 22:40:48 +00:00
beaef1d3ec
Merge pull request #131103 from ahrtr/etcd_sdk_20250328
...
Bump etcd 3.5.21 sdk
Kubernetes-commit: f4d1686120d2367dd4c00df53e93dad51c414435
2025-04-01 10:59:01 +00:00
1776f0c3f2
Parallelize cacher list tests
...
Kubernetes-commit: eca90dab3f553c5794e780c67e17ae75d9acb65b
2025-03-31 15:17:04 -04:00
e228aeaf39
Don't start etcd for skipped test
...
Kubernetes-commit: 1a15d582ae5fc84177f305d93ff473cca5de6f93
2025-03-31 21:06:54 +02:00
29a5d82129
Stop cacher in TestWatchStreamSeparation to speed up shutdown
...
Kubernetes-commit: 75186095c58630fde0b3f89892c69c8ef91fffab
2025-03-31 21:28:21 +02:00
30b60eb0a6
Fix flake, non-consistent list doesn't give any guarantees about staleness
...
Kubernetes-commit: 38d5cb368dd95b7f185dbba97fc3e193f48a83f2
2025-03-31 08:10:42 +02:00
aed144f141
Ensure that cacher is terminated in TestGetListRecursivePrefix
...
Kubernetes-commit: 9b5c4504ee49c366be3d7c806482ef4665dc5f70
2025-03-31 18:17:08 +02:00
Davanum Srinivas
Kubernetes Publisher
Antonio Ojea
Monis Khan
Joe Betz
Jordan Liggitt
Josh Gwosdz
Wojciech Tyczyński
Paco Xu
Rafael Franzke
xigang
David Eads
Karl Isenberg
Antoni Zawodny
Siyuan Zhang
Marek Siarkowicz