kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,085 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Igor Velichkovich 496cd9c142 matchCondition metrics 
Kubernetes-commit: 01b9f4b6eb819e4cd4a6d192d703961b34841f18
 2023-07-13 19:59:27 -05:00
Amine 408cf7b500 Improve naming and code comments 
Kubernetes-commit: 0695853a3061ece0f602c1f267c82ced3f8c880d
 2023-07-12 16:20:14 +01:00
Amine 83bf64e6cc Properly handle parameter in `shareInformer.DeleteFunc` 
Kubernetes-commit: aeefb762ece0f866e99def259d6714aa4deb6d31
 2023-05-17 18:42:56 -05:00
Amine daa816b27c Fix webhook accessors caching pattern 
Kubernetes-commit: a01a8cb07e7bfe6dacadc51206ae4ef93d5f4352
 2023-05-17 10:54:17 -05:00
Amine d886c0446d Webhook Accessors Smart Recompilation 
Addresses https://github.com/kubernetes/kubernetes/issues/116588

This is an WIP patch trying to avoid recompiling CELs expressions when
recreation Validating/Mutating WebhookAccessors.

Maybe we should also concider using generatic.Controller from
5f59f44983/staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/controller.go

Kubernetes-commit: 99875b3fb73728caad3efb62556428b555ce02f4
 2023-05-09 16:47:11 -05:00
Ben Luddy 330dca5753 Cache authz decisions within validating policy admission. 
This avoids the surprise of identical authorization checks within a
policy evaluating to different decisions during the same admission
pass, and reduces the overhead of repeatedly referencing the same
authorization check.

Kubernetes-commit: f1700e4b95b404b37312084800ab8022f7069fee
 2023-03-09 14:52:09 -05:00
Joe Betz f32e391a45 Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables 
Kubernetes-commit: e740f8340eedc89baccd120329b454a860385e2d
 2023-04-28 14:16:56 -04:00
Igor Velichkovich 05d2078e68 Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen

Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
 2023-03-15 07:36:02 +00:00
Max Smythe 73e7490c2b Make interface for webhook predicates more specific 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 00ebe0bf623295dc589e43e8c299003f9e939f65
 2022-10-25 16:34:06 -07:00
Jordan Liggitt c51b9411f6 Switch admission webhook config manager to v1 
Kubernetes-commit: f247e75980061d7cf83c63c0fb1f12c7060c599f
 2019-08-01 21:57:39 -04:00
Jordan Liggitt 58f780d1e2 Use cached selectors/client for webhooks 
Kubernetes-commit: 8c10d929cac13dc50ca4ffaca83e7ae5c8e41292
 2019-08-24 17:12:14 -04:00
Jordan Liggitt eb2a4467ba Let webhook accessors construct client/selectors once 
Kubernetes-commit: 14154c2345e7e467be0ff003c61cec9c0bd2be3e
 2019-08-20 17:16:21 -04:00
Joe Betz 81b56d7030 Add trace to webhook invocations 
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
 2019-05-31 16:50:54 -07:00
Joe Betz 32d3c876b0 Flake fix: poll for webhook registration to complete in reinvocation integration tests 
Kubernetes-commit: e51320f69d92e4d08bc25eec5a4b7a58d23184ab
 2019-06-04 14:19:26 -07:00
Chao Xu 8658264258 object matcher 
Kubernetes-commit: 6cf499db6c1dd464c6072706106dec6c5284dff7
 2019-05-29 15:56:52 -07:00
Joe Betz b22ec2bd98 Add mutating admission webhook reinvocation 
Kubernetes-commit: 95fa928ecb636e8d16af31ab613678c555fc76a3
 2019-05-29 22:31:26 -07:00
Joe Betz b2b1ef14ec split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook 
Kubernetes-commit: 55ecc45455f191c404e355097bf1beae9c42f895
 2019-05-29 21:30:45 -07:00