kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,549 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7549 Commits

Author SHA1 Message Date
Kubernetes Publisher 6c201a977a Merge pull request #126930 from Ruddickmg/patch-1 
kmsv2: set authority to localhost

Kubernetes-commit: 95b3fe9f15cdcaf98098be398478e70365b12dd7
 2024-08-28 07:54:31 +00:00
Kubernetes Publisher 7198d4fe04 Merge pull request #126787 from Jefftree/update-kube-openapi 
Bump k8s.io/kube-openapi and k8s.io/gengo

Kubernetes-commit: f1a922c8e6f951381450ee3c2922ca018f14a82e
 2024-08-27 23:50:08 +00:00
Kubernetes Publisher a78241fd58 Merge pull request #126359 from jpbetz/quantity-estimated-cost 
Fix estimated cost for Kubernetes defined CEL types for equals

Kubernetes-commit: f88281768c52a5729d1dccee16164b472e794922
 2024-08-27 23:50:06 +00:00
Kubernetes Publisher 12c4904eb5 Merge pull request #126295 from sohankunkerkar/denoise-watcher-events 
dynamiccertificates: denoise Kubelet logs by skipping removal of non-existent file watchers

Kubernetes-commit: 09596a57de807a9b9fb699f3ef44f0d3312bbcb1
 2024-08-27 19:43:22 +00:00
Kubernetes Publisher 932b2589d5 Merge pull request #125884 from serathius/benchmark-storage 
Benchmark storage

Kubernetes-commit: 3a849069043142b2bec8f45654b235ba0b660aad
 2024-08-27 11:52:18 +00:00
Jefftree a03dae5dab re-vendor k8s.io/kube-openapi 
Kubernetes-commit: ea2bdb6334ec1a2821a96163d83480d5fdb1861b
 2024-08-27 01:58:39 +00:00
Marcus Ruddick 9c8c6ccc4d kmsv2: fixed issue with an invalid authority header being sent by the KMSv2 service 
Kubernetes-commit: 618ca85bc9482ea11cf792331688fdf0c7b54518
 2024-08-26 14:43:02 -10:00
Lan Liang 158efa920d Bump dependency: etcd to 3.5.15. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: 81e754e7ef5cac4cd7697968b5ab8dc89648eca6
 2024-08-24 04:46:01 +00:00
Kubernetes Publisher 586ab588eb Merge pull request #126645 from cici37/cleanupFG 
Remove feature gate ValiatingAdmissionPolicy after being stable for two releases

Kubernetes-commit: 7b80cdb66a390f225d23cd612950144e3a39d1ae
 2024-08-23 19:46:20 +00:00
Kubernetes Publisher da8e2914b0 Merge pull request #126867 from piny940/master 
fix ValidatingAdmissionPolicy's Validate func to return decision with valid Evaluation

Kubernetes-commit: 1e827f4b2a46981e4f3056b54b43363e787bbaaa
 2024-08-22 23:45:21 +00:00
cici37 e9e24680dc Remove FG inspection from VAP plugin 
Kubernetes-commit: 72ad9c5fdf782f824281ecf9e18ec36caaa9472b
 2024-08-22 17:52:21 +00:00
Kubernetes Publisher 27f5f2543a Merge pull request #126854 from serathius/pagination-tests 
Add paging tests

Kubernetes-commit: cee43048c72403ae0f56f04053cb7e3361de1415
 2024-08-22 07:43:46 +00:00
piny940 2ed104b2e5 fix ValidatingAdmissionPolicy's Validate func to return decision with valid Evaluation 
Kubernetes-commit: 9f7ea45ea0ffc76be7793dbcb4730a98fa03bcf5
 2024-08-22 13:33:17 +09:00
Vinayak Goyal 491f6248d4 KEP-4633: Graduate to BETA. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>

Kubernetes-commit: 8a4e23ea30bb0af50aa425cea8af926998872ee4
 2024-08-22 01:28:57 +00:00
Kubernetes Publisher a5bbfcdce4 Merge pull request #126512 from kmala/metrics 
add resource to the transformation metrics

Kubernetes-commit: 77737c3eb37afaadbf40ec499a58c1593c9c7382
 2024-08-21 23:44:23 +00:00
Kubernetes Publisher 6830df5156 Merge pull request #126305 from richabanker/optimize-tests 
Init common apiserver for all testcases in CEL tests

Kubernetes-commit: beb696c2c9467dbc44cbaf35c5a4a3daf0321db3
 2024-08-21 03:44:11 +00:00
Kubernetes Publisher 66b4299b79 Merge pull request #126774 from aramase/aramase/c/sa_rm_unused_function 
cleanup unused fn GetOrCreateServiceAccount in serviceaccount/util

Kubernetes-commit: cb7b4ea648a97bdbf8f4f1b8655a7a110c9f78d0
 2024-08-19 06:38:09 +00:00
Anish Ramasekar 43a56206a7 cleanup unused fn GetOrCreateServiceAccount in serviceaccount/util 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 2f96a788e299ef3cea08d0cb03b13c584496891c
 2024-08-18 21:04:51 -07:00
Kubernetes Publisher 5d131b7a78 Merge pull request #126523 from enj/enj/i/ssa_authz_create_err 
SSA: improve create authz error message

Kubernetes-commit: 114900ab1f678a03e5c1bc63fe92b0892d2a9238
 2024-08-16 18:23:10 +00:00
Kubernetes Publisher 25d7e88901 Merge pull request #126553 from aramase/aramase/c/kep_3331_disallow_k8s_io_prefix 
Disallow `k8s.io` and `kubernetes.io` namespaced extra key in structured authn config

Kubernetes-commit: f26cf38a50bb38689b7674d228d004bff7a65899
 2024-08-15 18:32:46 +00:00
Kubernetes Publisher 38586e5d94 Merge pull request #126685 from enj/enj/i/kms_resouce_logs 
Ensure transformers have access to the resource via request info

Kubernetes-commit: 026c55e40de835464e769bad65c8a19940b61459
 2024-08-15 10:52:00 +00:00
Kubernetes Publisher 11b0e0730d Merge pull request #126698 from enj/enj/i/del_kms_v2_gates 
Remove KMSv2 and KMSv2KDF feature gates

Kubernetes-commit: cd5f2083155bed7006b218ade85b584d53dfaae8
 2024-08-15 02:43:25 +00:00
Monis Khan 272e9eba82 Remove KMSv2 and KMSv2KDF feature gates 
These have been GA since v1.29 and can be safely removed.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
 2024-08-14 15:59:01 -04:00
Monis Khan cd5bba1780 Ensure transformers have access to the resource via request info 
This guarantees that logs and metrics that rely on this information
work as expected.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e
 2024-08-14 10:33:36 -04:00
Kubernetes Publisher b157511c42 Merge pull request #126649 from 0x5457/fix-panic 
apiserver: declare kubeClient and dynamicClient as interface types to avoid panic

Kubernetes-commit: 19175396280537af75d20c5ea22e877f16b40792
 2024-08-14 10:22:41 +00:00
Kubernetes Publisher 13f78e0e7e Merge pull request #126665 from liggitt/version-build-id 
Restore honoring --version build ID overrides

Kubernetes-commit: 69dbf2eee96f1c95c097370ddcb1d5c30f86bec8
 2024-08-14 06:30:43 +00:00
Kubernetes Publisher be949676bf Merge pull request #126565 from Adarsh-verma-14/remove-duplicate-call 
remove duplicate call for ServeMux

Kubernetes-commit: 54691fdc21a84a6ac3a8e052d92f81a43a19139c
 2024-08-14 06:30:41 +00:00
Kubernetes Publisher cb239f8776 Merge pull request #126354 from liangyuanpeng/celtest_update 
Using NewExpressions for CEL lazy test.

Kubernetes-commit: bc3d6fd491aec44138086e5ece4e706041761398
 2024-08-14 06:30:38 +00:00
Kubernetes Publisher c84ae4a3d4 Merge pull request #126316 from aramase/aramase/f/kep_3331_tighter_validation 
Validate structured authn feature is enabled for discovery url/multiple audiences

Kubernetes-commit: c06ea0fc81168cee6d8055182aa4b3d38bc5bb58
 2024-08-14 06:30:36 +00:00
Jordan Liggitt 77331233f8 Restore honoring --version build ID overrides 
Kubernetes-commit: c181912dc5d8559834857e69ea34ee1729c43c6b
 2024-08-13 18:48:56 -04:00
0x5457 27c3ca736b apiserver: declare kubeClient and dynamicClient as interface types to avoid panic 
Kubernetes-commit: 81824b7c2e673f64f70a6e99180bb6bfc6b738d9
 2024-08-13 11:25:11 +08:00
Cici Huang fac4f5d2a0 Remove feature gate ValiatingAdmissionPolicy after stable. 
Kubernetes-commit: 0f19faf9be562f3d18880ed2ae12d6b9d059476c
 2024-08-12 12:11:02 -07:00
古九 e312f49d45 fix short circuit if the compaction request from apiserver is disabled 
Kubernetes-commit: 9fef30117f89830cc8b17610c359141b663844f1
 2024-08-12 10:21:49 +08:00
Abu Kashem 9d542feed9 apiserver: improve logging for apf tests in server/filters package 
Kubernetes-commit: 8fa3e61399b85d534566dca6566ddb287873839c
 2024-08-07 07:49:54 -04:00
Adarsh-verma-14 41e1af4df2 remove duplicate call for ServeMux 
Kubernetes-commit: 838d7c9049439b5997f0947258e183d677788475
 2024-08-07 02:56:49 +05:30
Anish Ramasekar fed75d52d6 Disallow k8s.io and kubernetes.io namespaced extra key in structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 89c619f4fe698bf5b208ce86bce5da6833ca77b6
 2024-08-05 16:09:00 -07:00
Monis Khan cc8ff8f965 ForbiddenStatusError: make linter happy on error construction 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: bff6ce4a38077c29cdf2e1ac2fce1a551082ebfe
 2024-08-05 10:50:51 -04:00
Monis Khan 757565c389 SSA: improve create authz error message 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 857127f7c44a029f6f8dd44b0b40364aa00aa13d
 2024-08-02 17:20:53 -04:00
Keerthan Reddy Mala fcf807e7b4 add resource to the transformation metrics 
Kubernetes-commit: 3a8df1efdd83015773be4afd409b0f4cb7eab654
 2024-08-01 15:46:50 -07:00
Kubernetes Publisher fb0703a685 Merge pull request #126329 from serathius/concurrent-transformation-chan-of-chan 
[chan of chan] Make object transformation concurrent to remove watch cache scalability issue for conversion webhook

Kubernetes-commit: c19d9edfdee7b4ff39041f0254c92ebf66af332f
 2024-07-31 10:41:42 -07:00
Joe Betz 28d9c91abf Add basic panicOnUnknown support for kubernetes types 
Kubernetes-commit: f6995740a6fe4b90103131516c3318f158209d21
 2024-07-25 15:53:39 -04:00
Joe Betz 65a6ca8228 support opaque kinds 
Kubernetes-commit: 953fbaca487c45e3e1fc655d212008a2be01ac53
 2024-07-25 15:04:09 -04:00
Joe Betz cbc488649b Fix estimated cost for Kubernetes defined CEL types 
Kubernetes-commit: 0a4e863373abc1b84372b0a93c8bcd32a24d07fb
 2024-07-25 14:14:20 -04:00
Lan Liang 552e7d7170 Using NewExpressions for cel lazy test. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: 9a8d6b72e4f1e33e6a30fd281fd0972fdce93f78
 2024-07-25 10:08:15 +00:00
Richa Banker f434fbf0c7 init a common apiserver for TestAuthorizationDecisionCaching testcases 
Kubernetes-commit: 4acedb5132b2c3a7d61bd9e088c964af3fcfee3d
 2024-07-23 22:19:02 -07:00
Richa Banker 1d26753b4b split Test_ValidateNamespace_NoParams into successes and failures tests, init a common apiserver for all testcases 
Kubernetes-commit: 9df04b7c782cccc5fb068554152b4dcd9baf408b
 2024-07-23 21:41:32 -07:00
Anish Ramasekar febd487238 Validate structured authn feature is enabled for discovery url/multiple 
audiences

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f80c73248f872769d72b620e567747a1018f8a2b
 2024-07-23 15:04:02 -07:00
Sohan Kunkerkar fed8dfe736 dynamiccertificates: denoise Kubelet logs by skipping removal of non-existent file watchers 
This commit updates the DynamicFileCAContent controller to skip the removal
of non-existent file watchers. Previously, the controller attempted to remove
a file watch even if it didn't exist, which resulted in a flood of error messages
being logged in the Kubelet logs.

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>

Kubernetes-commit: 17ad4b39f8b6b299d20fb94f99083ea84083b6b2
 2024-07-23 10:55:16 -04:00
Marek Siarkowicz 3adae5fd46 Make object transformation concurrent to remove watch cache scalability issue for conversion webhook 
Test by enabling consistent list from cache in storage version migrator stress test that uses
conversion webhook that bottlenects events comming to watch cache.

Set concurrency to 10, based on maximum/average transform latency when
running stress test. In my testing max was about 60-100ms, while average
was 6-10ms.

Kubernetes-commit: bb686f203308481bcd7808f767171cdef27e12a0
 2024-07-22 11:24:37 +02:00
Marek Siarkowicz 9aa7a6ac61 Introduce ConcurrentWatchObjectDecode feature gate disabled by default 
Kubernetes-commit: 93a10a75698075e86344ee4fdb56701309468b95
 2024-07-30 16:28:48 +02:00