kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,897 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

3242 Commits

Author SHA1 Message Date
David Ashpole 97bc22d9cd fix memory leak from global MeterProvider 
Kubernetes-commit: 27d1927474e71d05afd18a30f36f175a429573b1
 2024-08-28 14:20:46 +00:00
xyz-li 36207c1fc4 apiserver: fix watch namespace 
For request like '/api/v1/watch/namespaces/*', don't set scope.namespace.
Because the func `addWatcher` add a watcher to allWatchers with the value `scope.namespace` not empty.
But the function `dispatchEvent` dispatch event with an empty namespace.

Signed-off-by: xyz-li <hui0787411@163.com>

Kubernetes-commit: 70fdb7b1c533454a2cd5dfa666a0251dbdf54400
 2024-05-27 17:48:49 +08:00
Wojciech Tyczyński d06319266f Don't sort under lock 
Kubernetes-commit: f6072e0d73dcb33edd3f2b1e656bb6d0cf81f9f0
 2023-11-23 18:13:43 +01:00
Taehoon Yoon a717764a86 Updated & added visibility to apiserver x509 test certificates expiring this year 
Kubernetes-commit: 9776912fda18b1ee83abe398280b80d7a39db772
 2024-05-02 23:22:55 +00:00
Davanum Srinivas 818604e006 Rename `cluster` to `storage_cluster_id` for apiserver_storage_size_bytes metric 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: d995bfa258c4c9ee6e0c866451b8305a8077bca3
 2024-04-11 15:06:03 -04:00
Marek Siarkowicz d432100923 Undo double run of the TestWatchSemantics test to avoid hitting timeout 
Kubernetes-commit: cf2a337154f14b64923d3dace9bc2cab188dbb01
 2024-03-19 15:16:52 +01:00
Lukasz Szaszkiewicz 0946a0336e apiserver/storage/cacher: decrease the running time of tests in the cacher package. 
It turns out that kube has a custom timeout for tests of 3 minutes.
The tests in the cacher package are utilizing nearly the
entire time and are being terminated, resulting in failing jobs.

Before the change, the TestWatchSemantics took ~43s to run. With this simple change, it now takes ~18s.

When we created the tests, we didn't measure the running time and assumed that waiting 1 second on a watch channel
to make sure no more events are received was sufficient.
This PR decreases the waiting time to 300 milliseconds.
Modern computers can perform many tasks within that time.
In addition to that, the tests are serial in nature, meaning that there is no other
actor that could add items to the database, which could result in receiving new items.

After the change the total running time decreased by 17%.
Before the tests needed ~176s after they need ~146s.
The changes also improved TestWatchSemanticInitialEventsExtended.

Kubernetes-commit: d9ca300598e7195545ca38ab9e5e640a2379d553
 2024-03-12 09:15:55 +01:00
Marek Siarkowicz 582da82650 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. 
Kubernetes-commit: f8f08542c911b0fd620a26ca038b4f255b7a6217
 2024-03-14 15:20:29 +01:00
Wojciech Tyczyński 21e0f5b77d Ensure that initial events are sorted for WatchList 
Kubernetes-commit: ff2189b7c2b383a9f260444a8371bcf22d65baa6
 2023-09-26 18:39:44 +02:00
Marek Siarkowicz b9037e3894 Test that separation of streams work by using progress notifies 
Kubernetes-commit: b1e1d68cfb9acb1849423f7d0d67e87da3a359c2
 2024-02-29 17:51:46 +01:00
Marek Siarkowicz 88805caf85 Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior 
Kubernetes-commit: 4009acb0cf17a5500041bd40514a62256bef69d9
 2024-02-27 11:25:42 +01:00
Alexander Zielenski b7459bd879 bugfix: dont skip reconcile for unchanged policy if last sync failed 
Kubernetes-commit: cc819ed4ae7b75d0e28f567dac8c8282b647369a
 2024-01-26 18:57:30 -08:00
Cici Huang ae9ed668d6 Address comment 
Kubernetes-commit: a5f64b743e43687029173bd390854237a24b8579
 2023-12-07 22:39:00 +00:00
Cici Huang 02998b39fe Keep presence cost to 0 to ensure backward compatibility. 
Kubernetes-commit: ed501c1f080c054bae825e2cbdbdf9a8e99378e3
 2023-12-05 23:27:51 +00:00
Jiahui Feng 53481420f1 use context for lazy evaluation. 
Kubernetes-commit: 865f214fe534c90ddfa8010a182c5f4205f05033
 2023-10-30 11:29:57 -07:00
HirazawaUi f834404133 fix test store delete collection function failed 
Kubernetes-commit: b12db6d9b55e02b232b716683a2d516e1788a9ce
 2023-11-08 00:07:45 +08:00
Jordan Liggitt 2a9f8b8d15 Include empty string attributes for CEL authz evaluation 
Kubernetes-commit: 44d89c8cf8c1ba883029e1244492a523d6b50b92
 2023-11-02 15:14:06 -04:00
Jordan Liggitt 4eacc8425d Plumb failure policy from config to webhook construction 
Kubernetes-commit: 2e2f51a4417d93b5505091d28b319365dc95e137
 2023-11-02 13:55:35 -04:00
Jordan Liggitt 374f72b704 Require match condition version only if matchConditions are specified 
Kubernetes-commit: a000af25ff3bcc79fe7d8da299225ad252c9894a
 2023-11-02 13:54:39 -04:00
Anish Ramasekar 78b670287d Implement CEL and wire it with OIDC authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 26e3a03d12d71e6e97bc7c40542cb7519051dd73
 2023-09-20 23:11:37 +00:00
Anish Ramasekar 9032e4e6da add new fields in v1alpha1 StructuredAuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 6b971153d75534a768a67a6b50ee44423611f5b0
 2023-09-07 22:30:28 +00:00
Lukasz Szaszkiewicz 7c5f6db7bf cacher: when forgeting a watcher, call stopWatcherLocked multiple times 
It's possible that the watcher is already not in the structure (e.g. in case of
simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked()
on a watcher multiple times.

Kubernetes-commit: 7e35823690df01bd019a88d3346bd3ac820afaca
 2023-10-30 14:24:39 +01:00
Jiahui Feng d463ec4cab avoid infinite recursion for type resolvers. 
Kubernetes-commit: e4776e0f85b8aceb8f1da7a87822b0d086045a8a
 2023-10-31 10:23:50 -07:00
Monis Khan 3097e77b18 encryptionconfig/controller: run unit tests faster 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 6ac7da1da87bb0e739806cad94676da915be6d9c
 2023-10-31 11:59:37 -04:00
Antonio Ojea bdad50b280 Revert "cacher: when forgeting a watcher, call stopWatcherLocked multiple times" 
This reverts commit bbca4a4b9add0f6c58e132500fd89dd39ee077f4.

Kubernetes-commit: c2cb3209138d852520da2743b9bd3a9795b2b7fb
 2023-10-31 15:28:01 +00:00
Wojciech Tyczynski 6caf326620 Revert "Make the decode function respect the timeout context" 
Kubernetes-commit: 98a2f22e740ccd2c30711f1b21d6383f1b91595e
 2023-10-31 16:27:17 +01:00
Cici Huang 4cd5207f69 Add set ext library into Kubernetes and pick up the new option cel provides 
Kubernetes-commit: 8d804078f9707297d1edfa26a3295d75c4f3bf40
 2023-10-17 20:27:55 +00:00
Abu Kashem b3499eec62 apiserver: set APF featuregate to ga 
Kubernetes-commit: c7fcef187562e1b3ffdaa2e2109c65d800b8f5d5
 2023-10-31 08:35:52 -04:00
Lukasz Szaszkiewicz 3f81d0cca7 cacher: when forgeting a watcher, call stopWatcherLocked multiple times 
It's possible that the watcher is already not in the structure (e.g. in case of
simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked()
on a watcher multiple times.

Kubernetes-commit: bbca4a4b9add0f6c58e132500fd89dd39ee077f4
 2023-10-30 14:24:39 +01:00
Rita Zhang cca4910d25 authz: add cel expression to webhook matchconditions 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
 2023-10-06 17:47:23 -07:00
Siyuan Zhang ef409f941b k8s.io/apiserver/storage/etcd: refactor etcd GetList. 
Reorder some code.

Signed-off-by: Siyuan Zhang <sizhang@google.com>

Kubernetes-commit: a968f51fa2f87ed57f9e48ba436e11421c403b27
 2023-10-20 12:39:51 -07:00
Siyuan Zhang 49886c205c k8s.io/apiserver/storage/etcd: refactor etcd GetList. 
reduce redundant update of withRev after request.

Signed-off-by: Siyuan Zhang <sizhang@google.com>

Kubernetes-commit: 84ec5e2eccbc07b17f3b3e3e00dc3996105e0346
 2023-10-20 12:06:46 -07:00
Abu Kashem b041969f97 apiserver: allow zero value for the 'nominalConcurrencyShares' field 
Kubernetes-commit: 9fd2ab419ad771790d3cb80ea7b8e6828d9ce305
 2023-10-27 19:26:08 -04:00
Abu Kashem 2a3f44cd21 apiserver: fix lint issue, defaulting and validation test for flowcontrol v1 
Kubernetes-commit: 430c226709b4dfd1284f6463c7a37603154ad39c
 2023-10-11 14:03:42 -04:00
Abu Kashem 0b0a995736 apiserver: apf controller, bootstrap, tests should use flowcontrol v1 API 
Kubernetes-commit: 17bda3c3e05a75943591f61f37d7fdc0d07870ec
 2023-10-11 09:20:41 -04:00
James Munnelly f2ba735b90 KEP-4193: bound service account token improvements 
Kubernetes-commit: 76463e21d4dec90b4d49975b182a13e1fdb6b20a
 2023-09-19 15:23:28 +01:00
Wojciech Tyczyński d64b183dbd Address review comments 
Kubernetes-commit: 0dd495e6dc253f94b0ad0bb92178fb5e8981116b
 2023-10-13 10:48:16 +02:00
Wojciech Tyczyński 65d3be7b39 Refactor watch event serialization to allow caching 
Kubernetes-commit: 7ff866463af46b5f7cf068ba8d51c68e417b9ece
 2023-08-25 15:41:14 +02:00
HirazawaUi be73f76247 Make the decode function respect the timeout context 
Kubernetes-commit: f78b367db6393a449b8f456e725cbe155d9b90e6
 2023-10-25 23:12:16 +08:00
Cici Huang 789ac1ae18 Promote CRD validation rule to stable 
Kubernetes-commit: cbe3d897629691507c2992659ca748e32366da1a
 2023-10-19 20:31:17 +00:00
Nilekh Chaudhari f0fe5d558c chore: updates api doc 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>

Kubernetes-commit: d3de47ceeedd1fae3f3c95595186a028002526d6
 2023-10-17 22:17:43 +00:00
Nilekh Chaudhari d93aaa8d93 feat: updates encryption config file watch logic to polling 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>

fix (#2)

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e95b7c6d8b889e42ee44e626914e457e228ce8d4
 2023-10-17 21:21:00 +00:00
Jiahui Feng a026b6fcf5 extend SchemaResolver for more types of schemas. 
Kubernetes-commit: 3f73cdcf2ad00d3200a216a9f19090950fea12f5
 2023-10-26 10:25:41 -07:00
Jiahui Feng 9493e52cdc opportunistically attempt to refresh RESTMapper 
if GVK resolution fails.

Kubernetes-commit: 38fecc8319d884aa4d4b98b013bf853e6072aa77
 2023-10-26 10:24:21 -07:00
Cici Huang cd938d26a7 Add cel new validator into Kubernetes. 
Kubernetes-commit: 04b21126e589cebf888a8839a69c81761e558861
 2023-10-17 20:27:55 +00:00
Ben Luddy cd9457dbfc Deep disablement for APF based on --enable-priority-and-fairness. 
Avoids starting informers or the config-consuming controller when
--enable-priority-and-fairness=false. For kube-apiserver, the config-producing controller runs if
and only if flowcontrol API storage is enabled.

Kubernetes-commit: 83f5b5c240e5cced1371bbd22e458dae43975238
 2023-06-26 17:00:26 -04:00
Yao Cheng 2b3f11cba2 Register metrics for apiserver handlers 
Signed-off-by: Yao Cheng <chengyao09@hotmail.com>

Kubernetes-commit: 18c3b6fce43edd76620a07707af2d851b52c3fad
 2023-09-06 17:25:12 +00:00
Alexander Zielenski 618cf622c1 add time tracking to CorrelatedObject 
Kubernetes-commit: d0328df04e06384a0456606c708e5b62ec18d9c2
 2023-10-18 19:31:39 -07:00
Rita Zhang 26219aabef [KMSv2] promote KMSv2 and KMSv2KDF to GA 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: a9b1adbafc7fe52f669dc98aada21bc3e46cdce3
 2023-10-24 09:50:45 -07:00
guangli.bao e59c50c660 Remove GAed feature gates OpenAPIV3 
Signed-off-by: guangli.bao <guangli.bao@daocloud.io>

Kubernetes-commit: 27bb40a9d839589ac9f97b6ce80b18a7635e9ae4
 2023-10-19 22:30:58 +08:00