kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,727 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

593 Commits

Author SHA1 Message Date
Li Bo 7f8013437d log tls handshake error at trace level to avoid error flooding, and add 
metric to count such errors

Kubernetes-commit: eabb362aa37f7acc85bc64f2035dadc5511d3716
 2020-05-20 11:29:44 +08:00
chenjun.cj 0cdc30602c make Kubelet bootstrap certificate signal aware 
Kubernetes-commit: db7194177538d5efc84af621c4400174a2836b3b
 2020-07-04 12:08:04 +08:00
Maciej Borsz ea82586fc5 Wait for all informers to sync in /readyz. 
Kubernetes-commit: 3f680002038c81b02541e4cc4bd7c019b7e7d6e6
 2020-06-18 15:21:12 +02:00
David Eads 75c70e8856 make log output of failed healthchecks more focused 
Kubernetes-commit: e87f62dcd57fb455135e8cd6fb7e604afbc2e1c4
 2020-06-16 15:35:26 -04:00
Marek Siarkowicz 5587d5c607 Improve performance of http access logs 
Fixes:
* Don't call LogArgs if log will not be written due low verbosity
* Create separate slice for hijacked to avoid append on main path
* Shorten log message as this log is to common to be verbose

name           old time/op    new time/op    delta
WithLogging-4    4.95µs ± 3%    3.52µs ± 1%  -28.80%  (p=0.000 n=10+8)

name           old alloc/op   new alloc/op   delta
WithLogging-4    2.93kB ± 0%    1.22kB ± 0%  -58.45%  (p=0.000 n=10+9)

name           old allocs/op  new allocs/op  delta
WithLogging-4      32.0 ± 0%      20.0 ± 0%  -37.50%  (p=0.000 n=10+10)

Kubernetes-commit: 303e1c19225149868d735b5c876d8ca9d3e1b5c9
 2020-06-23 13:56:01 +02:00
AkashSarda e0d29c69be Migrate API server logs to Structured logging framewrok 
Kubernetes-commit: af60e7b34d59d635740880a03e7e2587ec9ba041
 2020-06-17 21:06:35 +00:00
yue9944882 7f1f8c2578 introduce apf debug endpoint 
Kubernetes-commit: 567becd5eedd9a1f3802f2b3b0b6b8efc445d2a1
 2020-05-22 13:02:10 +08:00
Dr. Stefan Schimanski 4b2cf85d1b apiserver: fix secure serving cast for non-tcp listeners 
Kubernetes-commit: 2c3687c255c014f7049eed159de30a82082656b6
 2020-06-16 13:31:32 +02:00
Jordan Liggitt c02923d8c7 apiserver: increment metric for deprecated API use 
Kubernetes-commit: e4bb1daecf36aac3051d36a20dfdf7ea3050de58
 2020-04-30 12:21:29 -04:00
Jordan Liggitt d7d5d84691 apiserver: add API server plumbing for adding warnings 
Kubernetes-commit: e5e557e90257d5bc69f1fabf253f87491e0868b2
 2020-04-14 16:10:54 -04:00
Lukasz Szaszkiewicz 2785853faa genericapiserver library must wait for server.Shutdown 
Kubernetes-commit: 4362d613f243a02558f03e90b8fcb58b4c6efb06
 2020-06-10 14:05:24 +02:00
wojtekt db5fe3e7d4 Remove heuristic watchcache sizes 
Kubernetes-commit: 5ceb53987be7fe9ea6b43ba568f6f6f500ca2488
 2020-06-05 14:37:01 +02:00
David Eads a3201bc883 remove dynamic audit 
Kubernetes-commit: ed4e6f10265ae32b1c2c0b254a4d2c20590cfadd
 2020-05-27 14:04:09 -04:00
Han Kang 64913bcbc2 fix a number of unbounded dimensions in request metrics (#89451) 
* fix a number of unbounded dimensions in request metrics

* add test suite for cleanVerb and cleanContentType

* Properly validate that the content-type and charset (if applicable) are RFC compliant

* add additional test case

* truncate list of content-types

Change-Id: Ia5fe0d2e2c602e4def4b8e0849cc19f3f9251818

Kubernetes-commit: 6c588c3f441252f42fd37526297ed92d1e1f3acf
 2020-05-29 08:29:03 +00:00
Johannes M. Scheuermann b0438a0d98 Update kube-apiserver flag comments 
Kubernetes-commit: bd42094d90124ba79cbacac6f41336e1d39999c1
 2020-05-25 15:43:56 +02:00
Lingfei Kong 76c4d459f2 fix the wrong function description 
Kubernetes-commit: fa73cacc5d4d2250f3ea8fe519bcbb0a02309b28
 2020-05-25 15:04:01 +08:00
Abu Kashem 8dd6013700 Reset flow control metrics on /metrcis DELETE 
Kubernetes-commit: 01c5818b63fd7c4a1d83ad33fc6a7ef78529cbd7
 2020-05-20 17:25:05 -04:00
Paulo Gomes 749479fedb Warn when insecure TLS ciphers are selected. 
Kubernetes-commit: 550a67869a7290688dde4aeedbcdd72a10e448cf
 2020-05-13 16:11:28 +01:00
Davanum Srinivas c78dd46c27 fix API change in apiserver-network-proxy 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: ce6292f6c6da22eb48cadae1d8a7a87fd5ff6798
 2020-05-14 21:43:26 -04:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
RainbowMango b635b7fa33 Switch deprecated RegisterOpenAPIVersionedService function by OpenAPIService.RegisterOpenAPIVersionedService. 
Kubernetes-commit: ec234467f8bf1584d84ae35c4674565be0e93fda
 2020-05-08 11:27:22 +08:00
Lukasz Szaszkiewicz 513afab811 expose RunOnce method on RequestHeaderAuthRequest controller 
Kubernetes-commit: f3a7f057c423caf77b0c5315d7728727c4b35bde
 2020-04-28 15:35:17 +02:00
Lukasz Szaszkiewicz 07cdc792bb provides DynamicRequestHeaderController that combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController into one controller 
the unified controller will dynamically fill RequestHeaderConfig struct

Kubernetes-commit: cb4b4cb5a6ffdf1c7f199e644a8b5cac2367d504
 2020-04-28 12:48:21 +02:00
Jordan Liggitt b6e46cd151 Restore cache-control header filter 
Kubernetes-commit: 5efcc9e63327b5054fb636bda56176e8546bd9be
 2020-04-24 15:36:12 -04:00
Jie Shen 6873ed332b Use utils.net to parse ports instead of atoi (#89120) 
Kubernetes-commit: 363bb3914296d5330dce29631fb6003c335cfcf7
 2020-04-22 06:24:23 +00:00
Monis Khan 1873d19869 Allow handlers early in the request chain to set audit annotations 
This change adds the generic ability for request handlers that run
before WithAudit to set annotations in the audit.Event.Annotations
map.

Note that this change does not use this capability yet. Determining
which handlers should set audit annotations and what keys and values
should be used requires further discussion (this data will become
part of our public API).

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b
 2020-03-19 20:02:37 -04:00
jingyih 9303178e27 Add a metric exposing etcd database size 
Kubernetes-commit: 922ec728de9248657f026eb6cfb8fdaeb11049ac
 2020-03-16 07:55:38 -07:00
Monis Khan 7fa523535d Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: df292749c9d063b06861d0f4f1741c37b815a2fa
 2020-03-11 14:31:31 -04:00
Mateusz Gozdek e843f3790e kube-apiserver: use SO_REUSEPORT when creating listener on Unix systems 
So multiple instances of kube-apiserver can bind on the same address and
port, to provide seamless upgrades.

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

Kubernetes-commit: dfe1f968ac31ba9b81a353d4de86d28e73d22d4e
 2020-03-06 09:59:20 +01:00
immutablet 209aff3d4b Hide methods in the encryption config that are not used outside the package. 
Kubernetes-commit: 922e0bfaec0a8b25fdb04e559ac454c416f8c2e8
 2020-03-05 16:54:27 -08:00
Abu Kashem 6d7d21c695 /readyz should start returning failure on shutdown initiation 
Currently, /readyz starts reporting failure after ShutdownDelayDuration
elapses. We expect /readyz to start returning failure as soon as
shutdown is initiated. This gives the load balancer a window defined by
ShutdownDelayDuration to detect that /readyz is red and stop sending
traffic to this server.

Kubernetes-commit: 4134494fa51402ec5e5ea3fa1c51c0be55c955fd
 2020-03-06 10:55:45 -05:00
Chao Xu 359feb5450 refactor egress dialer construction code and add unit test 
Kubernetes-commit: bac9351c64671ce4d5198d431c97bf1ccd72752f
 2020-02-26 16:00:43 -08:00
Chao Xu 079efffdb4 add metrics and traces for egress dials 
Kubernetes-commit: fbb1fb8902c06cbcce47a025ce22fe260b27a697
 2020-02-25 14:23:24 -08:00
Monis Khan b37d21cc60 dynamic certs: pass valid object to event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 2cd6abece45bc62121097ce7cbe7f0d14b9be5e0
 2020-03-04 09:54:27 -05:00
Monis Khan dd3ae9c175 dynamic certs: use correct name with event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 3bc918e48427720938c731a6b26e9474b4819716
 2020-03-03 18:40:34 -05:00
Monis Khan 091c53ac7a dynamic certs: do not copy mutex via shallow copy of tls.Config 
go vet error:

call of dynamiccertificates.NewDynamicServingCertificateController
copies lock value: crypto/tls.Config contains sync.Once contains
sync.Mutex

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 86a5993007e3c781749a5099b540307f65a4f377
 2020-03-03 14:58:43 -05:00
Chao Xu d81e3cbf28 Promote the egressselector API to beta 
Kubernetes-commit: 3fbb549fb7ff707eb7c67e7ae275517c5bdc9883
 2020-02-24 17:12:44 -08:00
Lukasz Szaszkiewicz 3ae793e2b7 cleans up dynamiccertificates package 
Kubernetes-commit: 413960e49bea4b5558ea4dda3d18137eceaf7f16
 2020-03-03 14:38:18 +01:00
chenjun.cj e5c6ec44de add a new generic filter goaway 
Kubernetes-commit: 81f46b64a35f3af096d50620dfcc78b003de8263
 2020-02-28 05:27:25 +08:00
Mike Spreitzer 8ad2cc1389 Replaced uber atomic with sync atomic, removed unneded "blank import" 
Kubernetes-commit: dbe84361440697af5c53d12209524aad9068c81a
 2020-03-01 18:10:20 -05:00
yue9944882 f452a698b0 register metrics from comp-base 
Kubernetes-commit: 11656478be93d4a9e54129ec35cd2b9558e901ac
 2020-02-27 17:04:17 +08:00
Jefftree 13613a1c15 Address comment and remove if condition 
Kubernetes-commit: 61fa4e6c098559b65fe28c1bf55cb817697e38e5
 2020-02-27 17:18:57 -08:00
Jefftree 28f8e6670e audit webhook use network proxy 
Kubernetes-commit: cd57b830c142e2b9938ff801619070cf601c1422
 2019-12-19 12:29:37 -08:00
Jonathan Tomer 3a2c32b513 Rename --enable-inflight-quota-handler to --enable-priority-and-fairness. 
The old flag name doesn't make sense with the renamed API Priority and
Fairness feature, and it's still safe to change the flag since it hasn't done
anything useful in a released k8s version yet.

Kubernetes-commit: 711c1e17209cc410440eecd3723e7b4906ca0e42
 2020-02-27 14:04:37 -08:00
Jefftree e8c3464402 Add tests for egress selector 
Kubernetes-commit: d798ccbba166449971c8579dce57870abec9131b
 2020-02-12 10:57:21 -08:00
Jefftree 62ed58125e vendor network proxy client 
Kubernetes-commit: 907ab25b6fc2d96b19fba1beae6ad3c749bc14e7
 2020-02-12 10:29:34 -08:00
Jefftree 95ee8d4df4 Support empty root CA for konnectivity 
Kubernetes-commit: 55b89a6451d253532ede0736d7bc8af62f396596
 2020-02-03 19:54:41 -08:00
Jefftree cbcdfbfd72 Network Proxy: GRPC + HTTP Connect with UDS 
Kubernetes-commit: 725d2b6a8fd7733afcbc6822723f4c7e171bcd7f
 2020-01-13 21:23:39 -08:00
Vincent C 27ae2b291d replaced tokenaccessreview with tokenreview 
Kubernetes-commit: b410f77d3140ebc19037e6089d0d45980f0c6edf
 2020-02-19 22:41:35 +08:00
yue9944882 1c89464ba6 adding response headers 
Kubernetes-commit: da6f89217d357a6683ca4a7825c673d7c2af92f0
 2020-02-17 16:06:13 +08:00