To support CSA and SSA interoperability, SSA updates the CSA
last-applied annotation.
This change ensures we don't set a big last-applied annotation if the
value is over the annotation limits.
Also, make sure that it's possible to opt-out of this behavior by
setting the CSA annotation to "" the empty string.
Kubernetes-commit: 6054320be1e50a450e9d1e19a79caa96f2035d4d
Not all objects provide metadata. There might be extention servers that allow for creating objects without the metadata field.
This PR changes the managedFileds admission to deal with objects without the metadata field.
Object without that field will be passed directly to the wrapped admission controller for further validation.
Kubernetes-commit: 3dbaf305ae1e52105a338987f3770ff104def68b
This is to prevent the ScaleHandler to drop the entry. In this way
entries just get ignored.
Kubernetes-commit: 5b666a61a170f61c7e223085478b24a03612fa99
- Test all versions to make sure each resource version is in the
mappings
- Fail when request info contains an unrecognized version. We have tests
that guarantee that all known versions are in the mappings. If we
get a version in request info that is not there we should fail fast to
prevent inconsistent behaviour (e.g. for some reason the mappings is
not up to date).
Ensure all known versions are in mappings
Kubernetes-commit: 09649e58b5a1368929e194991a763afc8011795e
This field is useful to namespace the managed field entries of a
subresource and differentiate them from the ones of the main resource.
Kubernetes-commit: 862d256195adf3be5475b1a6935e5feb78f884a5
- when we forward the request to the aggregated server, set the audit
ID in the new request header. This allows audit logs from aggregated
apiservers to be correlated with the kube-apiserver.
- use the audit ID in the current tracer
- use the audit ID in httplog
- when a request panics, log an error with the audit ID.
Kubernetes-commit: b607ca1bf3e1cf6152c446ea61ac7fdd9014e1f1
Manage the audit ID early in the request handling logic so that it can
be used by different layers to improve correlation.
- If the caller does not specify a value for Audit-ID in the request
header, we generate a new audit ID
- If a user specified Audit-ID is too large, we truncate it
- We echo the Audit-ID value to the caller via the response
Header 'Audit-ID'
Kubernetes-commit: 31653bacb9b979ee2f878ebece7e25f79d3f9aa6
Ensure that all label selectors are treated as atomic values,
to exclude situations when selectors are being corrupted by
different actors attempting to apply their overlapping definition
for this field with server-side-apply.
Kubernetes-commit: d8a7764b6396b90313ae7bd50a845f4da4705d67
Adds and implements ResetFieldsProvder interface in order to ensure that
the fieldmanager no longer owns fields that get reset before the object
is persisted.
Co-authored-by: Kevin Wiesmueller <kwiesmul@redhat.com>
Co-authored-by: Kevin Delgado <kevindelgado@google.com>
Kubernetes-commit: a1fac8cbd9289d95db4831a83239292ed56ce59d
We've dropped the content-type field since it is effectively unbounded
(we had a sec-vuln about this before actually). We retain all other
fields, despite their unboundedness due to the fact that we can now
explicitly set bounds on label values.
Change-Id: Icc483fc6a17ea6382928f4448643cda6f3e21adb
Kubernetes-commit: cfd00de6866e636332bdcd3f46d6d2ffd8d2bc88
Jordan Liggitt
Julian V. Modesto
Marcel Zięba
zhuangqh
卢振兴10069964
Abu Kashem
Zhou Peng
Lukasz Szaszkiewicz
Andrea Nodari
Antoine Pelisse
Gautier Delorme
Monis Khan
Kevin Delgado
Brendan Burns
Danil-Grigorev
David Eads
Han Kang
Kevin Wiesmueller
Kagaya
chymy
Alan Zhu
Maciej Borsz