kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,897 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

230 Commits

Author SHA1 Message Date
Jordan Liggitt 374f72b704 Require match condition version only if matchConditions are specified 
Kubernetes-commit: a000af25ff3bcc79fe7d8da299225ad252c9894a
 2023-11-02 13:54:39 -04:00
Anish Ramasekar 78b670287d Implement CEL and wire it with OIDC authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 26e3a03d12d71e6e97bc7c40542cb7519051dd73
 2023-09-20 23:11:37 +00:00
Anish Ramasekar 9032e4e6da add new fields in v1alpha1 StructuredAuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 6b971153d75534a768a67a6b50ee44423611f5b0
 2023-09-07 22:30:28 +00:00
Rita Zhang cca4910d25 authz: add cel expression to webhook matchconditions 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
 2023-10-06 17:47:23 -07:00
Abu Kashem b041969f97 apiserver: allow zero value for the 'nominalConcurrencyShares' field 
Kubernetes-commit: 9fd2ab419ad771790d3cb80ea7b8e6828d9ce305
 2023-10-27 19:26:08 -04:00
Abu Kashem 0b0a995736 apiserver: apf controller, bootstrap, tests should use flowcontrol v1 API 
Kubernetes-commit: 17bda3c3e05a75943591f61f37d7fdc0d07870ec
 2023-10-11 09:20:41 -04:00
Nabarun Pal 4693682515 Add --authorization-config flag to apiserver 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 22e5a806a73e48486a90491fc3eb03d208b520a0
 2023-09-25 09:18:11 +05:30
Nabarun Pal b259861486 staging/apiserver: correct KubeConfigFile type in authorization types 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 2bf2c4f3a413d3a2e070fe61aeba6fb309bf2e5e
 2023-09-27 17:48:38 +05:30
Qiming Teng e014cf25b9 Generated files 
Kubernetes-commit: c65fe450d8a3229cfe531a3806939775dd52e7e0
 2023-10-03 20:16:10 +08:00
Qiming Teng d763e7d132 Fix API docs for audit APIs 
The `*`s in the source comment is confusing the API reference generator.
They are treated as symbols for bold texts when generating reference docs.
This PR replaces the quote marks with backtiqs so that the reference
generator can properly handle them.

Kubernetes-commit: e7b2aeee930188eec125bbb91096d9d3fd6f3b5c
 2023-10-03 17:18:23 +08:00
Nabarun Pal 70eb989b94 k8s.io/apiserver: fix levelling of the name field in AuthorizationConfiguration 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 11ce6d29157daf7437d6da7fdeb11cabf2e774aa
 2023-10-04 10:33:58 +05:30
Nabarun Pal 1eae2482e2 Bootstrap API Types for Structured Authorization Configuration 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>

Kubernetes-commit: 52c582ca77c775ee13300a999a29f8c4180750a2
 2023-09-14 19:19:29 +05:30
Anish Ramasekar 25d893ad5f add loading config and wire feature flag 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 9e1ff1e51201ac41ddb1eed0d5cc015b4b6aa3df
 2023-08-10 22:45:07 +00:00
Anish Ramasekar fdfc990c33 wiring existing oidc flags with internal API struct 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 1bad3cbbf59a61805a48f609b8cc0a2a40c168ef
 2023-06-28 06:04:45 +00:00
Anish Ramasekar 496ba1943b add AuthenticationConfiguration v1alpha1 api 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f909eb630cac310adf7267b85922f1340508ca79
 2023-06-27 21:07:47 +00:00
Abu Kashem dfc035926b apf: add validation to exempt for borrowing 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>

Kubernetes-commit: f8e4e8abac8637f6510838d7d476a838ce612659
 2023-05-15 12:08:18 -04:00
Tim Hockin 6fa34a3ae5 Clean up brace whitespace in **/validation_test.go 
This was making my eyes bleed as I read over code.

I used the following in vim.  I made them up on the fly, but they seemed
to pass manual inspection.

:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w

Kubernetes-commit: d55b67b349021b6c46fc6ce78f2a36bd4217145f
 2023-05-02 00:36:15 -07:00
Igor Velichkovich 05d2078e68 Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen

Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
 2023-03-15 07:36:02 +00:00
Kermit Alexander II fb14f0e553 Implement MessageExpression. 
Kubernetes-commit: 4e26f680a9e10f0da94830bbaba9633807e22aba
 2023-03-07 23:24:23 +00:00
Nilekh Chaudhari 9bc62d2547 feat: implements encrypt all 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>

Kubernetes-commit: 9382fab9b65669e74e8fb77247b14e6cb3ec6b3f
 2023-01-18 00:54:47 +00:00
David Ashpole fd3a7591f6 graduate API Server tracing to beta 
Kubernetes-commit: 4014d0fbbf93f3bb9002b1e37a125840f7be131b
 2023-03-07 21:39:39 +00:00
Cici Huang 16f5e2148c Update CRD validation rules path accordingly. 
Kubernetes-commit: 1f4a9dd9187899a46a4fb86b52af50198da59aaf
 2023-03-05 20:43:58 +00:00
Cici Huang c4a92f1b65 Apply resource constraints to ValidatingAdmissionPolicy. 
Kubernetes-commit: 244c63a2e6c8d859be8f4c6c23fbe1263dbfab0a
 2023-02-14 06:37:57 +00:00
Paco Xu f4e378eb7b API docs: point to current docs instead of archived designs 
Kubernetes-commit: 3d536bd14bba0586f20d1d96560073e5d9e82f97
 2023-02-16 15:29:56 +08:00
Paco Xu 1e1b60ce05 archived design proposals are now moved to Design Proposals Archive Repo. 
Kubernetes-commit: 019d2615af3f7fd0ed0d593ef9df348f6d85b204
 2023-02-08 11:12:22 +08:00
Anish Ramasekar 9fb6b944f0 kmsv2: implement expire cache with clock 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 4804baa01187b4251bd632e07721d875f567d6f1
 2022-09-14 20:01:45 +00:00
Tim Hockin db316c3a3c Fix apiserver example2 to update gen'ed protobufs 
regen apiserver example2

Kubernetes-commit: 9a491f79a8770e9eca8e19516b01018ed16cbe8a
 2023-01-04 13:55:48 -08:00
Rita Zhang 911df25617 Update the godoc on the encryption config API on how to specify group/resources to be encrypted 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: c085031a8f3f366708f9b7aa7ab1695d802d9f5a
 2022-11-28 07:18:02 -08:00
David Ashpole 34af8dc84a Revert "Graduate API Server tracing to beta" 
Kubernetes-commit: e799fcdadd3cc3e8aa4ebde75d1bf0c05465b110
 2022-11-09 22:37:28 -05:00
David Ashpole 855ac5dd3a embed component-base tracing configuration 
Kubernetes-commit: 6e13cf69f62e54622d45269e9ae33799a85f7cff
 2022-11-08 22:43:28 +00:00
David Ashpole 4bd488aae1 promote TracingConfiguration to v1beta1 
Kubernetes-commit: 4be473c774aa1ccd018d6430dc860629a5b22022
 2022-11-08 15:15:05 +00:00
Abu Kashem 087be8a557 apiserver: update borrowing parameters for apf bootstrap objects 
Kubernetes-commit: 172b27c80cc76f4dcb75973bd5f64fe5ec93f58c
 2022-10-12 12:25:39 -04:00
Abu Kashem 63cc9bca2c apiserver: fix defaulting for apf bootstrap configuration 
Kubernetes-commit: 424b23bb15d21d8c710e101b6f3a86c24d0249d3
 2022-10-20 18:50:14 -04:00
Anish Ramasekar 525c6769a4 [KMS]: validate duplicate kms config name for v1 and v2 when reload=true 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 47f8c4bec63a2c4d6406cd615b41cd16f12be434
 2022-11-07 20:16:04 +00:00
Anish Ramasekar 9adc12f501 [KMSv2]: add validation for duplicate kms config name 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 176919c4cfb0dc7ecc4987442c6d70b676cea156
 2022-10-26 21:18:01 +00:00
Monis Khan 8d68e6f323 Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: f507bc255382b2e2095351053bc17e74f7100d35
 2022-08-29 17:25:48 -04:00
Abu Kashem 4ecff81419 rename assuredConcurrencyShares for flowcontrol v1beta3 
Kubernetes-commit: 66fc0d703794f309c9715028d3b63f64c281a5fd
 2022-09-21 15:40:33 -04:00
Abu Kashem 98ffe5507d apiserver: update apf logic to use v1beta3 
Kubernetes-commit: 0a99e6ebb1e241bf421f6df44b15a5a16063a9f2
 2022-09-10 07:26:31 -04:00
Anish Ramasekar 225e26ac4a Implement KMS v2alpha1 
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
 2022-06-29 20:51:35 +00:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
Tim Allclair 237dd3829d generated files 
Kubernetes-commit: a67b32ce9c7f1da293a8bb0fc98d3d15f111e660
 2020-09-09 12:01:51 -07:00
Tim Allclair 5b8a366d87 Document the sources for the sourceIPs audit log field 
Kubernetes-commit: 3fa086bcded1dfb7c4889ee28b95535d056b3408
 2020-07-24 13:10:25 -07:00
carlory 871a4b7200 remove audit.k8s.io/v1[alpha|beta]1 versions 
Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea
 2022-02-13 13:23:49 +08:00
Jordan Liggitt 4d0c0a45de Regenerate protobuf 
Change-Id: I2a563514955d7fc7559ceb7afb73df08ace8fd8b

Kubernetes-commit: 48a1c729a0c934ea7f6b893b823c9f6279aa763f
 2022-02-26 18:02:52 +00:00
John Howard bd426ef17c go-to-protobuf: regenerate with full go_package 
Kubernetes-commit: 0f93e4da63ea9f98d993758a30d996be672847b7
 2021-11-23 09:40:00 -08:00
Mike Spreitzer 259f814897 Order suggested FlowSchemas by matching precedence 
Kubernetes-commit: 798fc67a3711d83af4b25241e17b80fbcf46e9fd
 2022-01-12 21:40:22 -05:00
Wojciech Tyczyński 5ff0f3f2c7 Update default PF flow schemas to avoid all endpoint/configmaps operations from controller-manager to match leader-election PL 
Kubernetes-commit: 849952813be756783c3ed73ae73b34bc5143747a
 2021-11-29 20:21:07 +01:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
Abu Kashem 8e027735f7 apiserver: add OmitManagedFields to audit API 
Kubernetes-commit: 9ed4bc91d5cc9de236d9f868a0f29263aec4b33e
 2021-10-06 14:47:19 -04:00
Paco Xu d1458891b4 remove deprecated validEgressSelectorNames 'master' (#102242) 
* remove deprecated validEgressSelectorNames 'master'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* update gce configure: replace deprecated egress name 'master' with 'controlplane'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* add dup error for EgressSelection & fix converting alpha/beta to v1 name

Kubernetes-commit: a48a2efbd45ad77901dd09f2665d8cc1e1d8dbf6
 2021-09-16 22:09:46 +08:00