kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,798 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

150 Commits

Author SHA1 Message Date
Cici Huang 81aeb1b5e9 Integrate cel admission with API. 
Co-authored-by: Alexander Zielenski <zielenski@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>

Kubernetes-commit: e7d83a1fb7b3e4f6a75ed73bc6e410946e12ad9f
 2022-11-07 21:38:55 +00:00
Max Smythe 95fe36122a Fix canonical imports 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 003fbae25bf4c76b8b71d56206b51e1ee6e80812
 2022-10-25 20:40:27 -07:00
Max Smythe 73e7490c2b Make interface for webhook predicates more specific 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 00ebe0bf623295dc589e43e8c299003f9e939f65
 2022-10-25 16:34:06 -07:00
Max Smythe 3dc8d71b8a Move webhook scoping rules into a predicates directory 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: b4ee0c0574932b99a9e877c84d880a5f00fdd3cc
 2022-10-25 16:28:16 -07:00
David Ashpole aa161f2fc0 migrate apiserver utiltrace usage to component-base/tracing 
Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13
 2022-10-20 18:15:38 +00:00
ialidzhikov 057c272d7b Fix a typo 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: b2fc44f3f064f56fd9d772f8ecc192614ed79c69
 2022-05-18 13:18:47 +03:00
David Eads 25c5c2ccf3 Handle panic during validating admission webhook admission 
Validating admission webhook evaluation can fail, if uncaught this
crashes a kube-apiserver.  Add handling to catch panic while preserving
the behavior of "must not fail".

Kubernetes-commit: d412bf92b3b02bda93707c6aaba945f28bf60c72
 2022-03-16 13:47:32 -04:00
Abu Kashem 72aa2c42fc refactor: rename webhook duration tracker 
Kubernetes-commit: 4a9b9028153c6984b9cf69067cc0a1aa12a00e73
 2022-02-01 15:44:59 -05:00
Luigi Tagliamonte dccc77dd13 add failopen metric 
Kubernetes-commit: 6542f4bb993ebec23ec2198aaba89b629e3ec831
 2021-12-21 14:11:12 -08:00
Paweł Banaszewski 78c055e084 Added requestSloLatencies metric 
Kubernetes-commit: 0afa569499d480df4977568454a50790891860f5
 2021-10-25 22:19:24 +00:00
Jordan Liggitt 18b69ef17d Switch from json-iterator to utiljson 
Kubernetes-commit: bba877d3a6d0e6498d5e43a54939d5e4e8baee1a
 2021-09-14 17:54:37 -04:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
 2021-08-12 17:13:11 -04:00
Ryan Moriarty 0741f109f6 Add a new webhook metric tracking request totals. 
Also add a 1.0s bucket boundary to the webhook latency metric.

Kubernetes-commit: 8ed1628a6e75f4029853502dbac44fdb0edac5fc
 2021-06-22 22:32:47 +00:00
Sergiusz Urbaniak 2402d951d2 Revert "Add a namespace label to admission metrics and expand histogram range to 0-10s" 
Kubernetes-commit: 1a87ae19a62d0c61afa6b381a54c6798effa49eb
 2021-07-30 14:34:45 +02:00
Dinghua Li 7edb7c1c1e Add attr to the argument list of ObserveWebhookRejection, and remove 
operation, as it is included in attr.

Kubernetes-commit: fb23e449ab680bc53fc1aae826e377c1153d51e4
 2021-05-18 17:42:02 +00:00
Xiaojun Hu f9b4d95442 add fail-open audit logs to validating and mutating admission webhook 
Kubernetes-commit: 9fe7c8955bcb1edbb5aa4fe6bfb8bb6d93d381de
 2021-05-18 13:31:03 -04:00
Steve Kuznetsov 8c01d7fe18 apiserver: wrap errors in admission with context 
When the API server encounters an error during admission webhook
handling, lower-level errors are bubbled up without any additional
context added. This leads to fairly opaque and unintelligible errors. It
is not clear to users if the API server itself is having an error (for
instance, fetching the REST client) or if the request to the webhook
failed in some way.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>

Kubernetes-commit: ae9e71ba68cb1dd00bb5ed2635bac9aab2abbafe
 2021-04-27 11:19:01 -07:00
lala123912 887895128f staging/src/k8s.io/apiserver/pkg/admission: migrate to structured logs 
Kubernetes-commit: 2dc8cadd00962512fa90c460b9fa86a175ca73fc
 2021-01-18 17:19:32 +08:00
yoyinzyc 4c292300d7 add context to metrics in apiserver admission webhook 
Kubernetes-commit: b3aeaa4ed7bf8d419a96b4456a97bdf4c29e4330
 2020-12-09 16:46:15 -08:00
Ken Sipe 5d58b175c8 fix S1021 var declaration 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 6c49299739a9819c3672248517ab3d6636d1d8c6
 2020-06-25 17:10:34 -05:00
Marcio Caroso 8e88bf25dd Fix go lint on folder apimachinery/pkg/runtime/serializer/json 
Kubernetes-commit: 4b8b9c92bfc4bffe2fbaca3c5a5f731b77dc8915
 2020-11-06 20:20:57 -03:00
Haowei Cai 8622b05104 fix duplicate testcase names 
Kubernetes-commit: c3f71ad5487844e4cdd01702d4df3ac8606ca397
 2020-09-17 17:15:05 -07:00
gongguan ada9fc3d08 extend ShouldCallHook benchmark to verify performance imporvement 
Kubernetes-commit: 850a913ea98a070e26cc62cbf95508084e8cc66b
 2020-07-28 10:09:37 +08:00
gongguan 7e3b5e44da skip mismatched webhookAccessor and object 
Kubernetes-commit: c1d78f2619b69585713597e4ffdaeef12b6c20ec
 2020-07-01 23:57:04 +08:00
Joe Betz 97937c66f2 Revert nested trace PR#88936 
Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d
 2020-07-20 09:55:05 -07:00
Joe Betz 7a467399ac Enable nested tracing, add request filter chain tracing incl. authn/authz tracing 
Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20
 2020-03-06 16:11:21 -08:00
Jordan Liggitt ff5372c83d Add warnings capability for admission webhooks 
Kubernetes-commit: 5eef60a00aeb18eda4238dbd8f6dc96930a6a05a
 2020-06-30 16:27:56 -04:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
Mike Danese 337d7943db generated: run refactor 
Kubernetes-commit: 3aa59f7f3077642592dc8a864fcef8ba98699894
 2020-02-07 18:16:47 -08:00
Mike Danese f7c2e26715 cleanup req.Context() and ResponseWrapper 
Kubernetes-commit: 968adfa99362f733ef82f4aabb34a59dbbd6e56a
 2020-01-27 18:52:27 -08:00
Mike Danese 5737088b7f refactor 
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
 2020-01-27 18:19:44 -08:00
Jordan Liggitt b858bded65 Promote WebhookAdmissionConfiguration to v1 
Kubernetes-commit: 71fad812caf6be07be3c5eabe9fdc39c29f7b2a9
 2019-11-12 09:43:35 -05:00
Jordan Liggitt c51b9411f6 Switch admission webhook config manager to v1 
Kubernetes-commit: f247e75980061d7cf83c63c0fb1f12c7060c599f
 2019-08-01 21:57:39 -04:00
Jordan Liggitt 25bf5d3b30 Add integration test for webhook client auth 
Kubernetes-commit: e734c70e037cf1311581eb61ae3e45adaa76771b
 2019-09-02 22:37:07 -04:00
Jordan Liggitt 80b9dc503b Plumb service port, URL port to webhook client auth resolution 
Kubernetes-commit: d127042cb81cbf545332ec3124161525ef84183c
 2019-09-02 22:38:36 -04:00
Jordan Liggitt ce4eaaeeb3 Make webhook benchmarks parallel 
Kubernetes-commit: 601b7d33a9cf0b724cdabb5de81b0bf2821f0fca
 2019-08-28 13:27:38 -04:00
Haowei Cai 8d86fef522 wire up the webhook rejection metrics in webhook handlers 
Kubernetes-commit: 620f5f2c587971be50cb27bb2a2d35209b3dc058
 2019-08-28 17:32:07 -07:00
Haowei Cai e248b8b513 fix semantics of the rejected label in webhook metrics 
when error calling webhook is ignored, do not log the request as
rejected

Kubernetes-commit: f3c793512b45ea3910d5e5a379292c13b62ab64b
 2019-08-28 15:31:27 -07:00
Jordan Liggitt 58f780d1e2 Use cached selectors/client for webhooks 
Kubernetes-commit: 8c10d929cac13dc50ca4ffaca83e7ae5c8e41292
 2019-08-24 17:12:14 -04:00
Jordan Liggitt b7340127c3 Add admission benchmarks 
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating -bench . -benchmem -run DoNotRun
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating -bench . -benchmem -run DoNotRun

Kubernetes-commit: 27f535e26ad88fa30d5c0fcde4bc31897b9d521c
 2019-08-24 17:40:07 -04:00
Jordan Liggitt eb2a4467ba Let webhook accessors construct client/selectors once 
Kubernetes-commit: 14154c2345e7e467be0ff003c61cec9c0bd2be3e
 2019-08-20 17:16:21 -04:00
Haowei Cai db2bae4d84 tests 
Kubernetes-commit: d35757c653893279df566985c3368f0277fe7c02
 2019-05-31 16:22:55 -07:00
Haowei Cai f4a47ec53f mutating webhook: audit log mutation existence and actual patch 
Kubernetes-commit: 7784353a69932a4e7b4dde55b78828abf5fa4ee6
 2019-05-31 16:22:30 -07:00
Haowei Cai 70c200c6a0 audit & admission: associate annotation with audit level 
Kubernetes-commit: 318226f3403f56aaf796af3f439c13674aa2b7ab
 2019-05-31 15:36:29 -07:00
Jordan Liggitt 71ef46fa12 Use lesser of context or webhook-specific timeout in webhooks 
Kubernetes-commit: c63284b1f3996e7830c1aca85281d349d0091c82
 2019-08-19 11:23:05 -04:00
Jordan Liggitt 0c706a033c Plumb context to admission Admit/Validate 
Kubernetes-commit: 61774cd7176cae0c0324d23ab20e6c6b3038153f
 2019-08-19 10:48:08 -04:00
Joe Betz f103fcda51 Replace string concatination with trace fields 
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
 2019-08-02 23:47:24 -07:00
Joe Betz 81b56d7030 Add trace to webhook invocations 
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
 2019-05-31 16:50:54 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Chao Xu 65ba1e64bc Adding test cases to make sure objectSelector works for CRD 
Kubernetes-commit: 58fa71d1ed375876a86fe5961ad5a87a0eb23fa2
 2019-05-31 10:12:42 -07:00