This change updates the KDF "feature flag" to be per KMS provider
instead of global to the API server. This allows integration tests
that use distinct provider names to run in parallel.
Locally this change reduced the runtime of
test/integration/controlplane/transformation by 3.5 minutes.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 43740c0def10f22a0ab7f522c1569188913b35a3
all bookkeeping must complete before the apf handler returns,
whether it panics or returns normally
Kubernetes-commit: 71d9307eaeda86d6a205548ecdeb7fbf226d7d82
the assert to verify that 'atomicReadOnlyExecuting' is zero
should be executed if the apf handler panics, all apf
bookkeeping must be completed before the handler returns
Kubernetes-commit: 0c8632de57075191e6c4e34897fb7871034c7081
This commit updates the DynamicFileCAContent controller to skip the removal
of non-existent file watchers. Previously, the controller attempted to remove
a file watch even if it didn't exist, which resulted in a flood of error messages
being logged in the Kubelet logs.
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
Kubernetes-commit: 17ad4b39f8b6b299d20fb94f99083ea84083b6b2
This guarantees that logs and metrics that rely on this information
work as expected.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e
These have been GA since v1.29 and can be safely removed.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).
Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 5300466a5c8988b479a151ceb77f49dd00065c83
This is to mitigate CVE-2023-44487
until the Go standard library and golang.org/x/net
are fully fixed.
Signed-off-by: Jayapriya Pai <janantha@redhat.com>
Kubernetes-commit: e2503e50381cc9cc2e4a4c90f0738e54992558f8
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.
Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32
27a68aee3a4834 introduced context support for events. Creating an event
broadcaster with context makes tests more resilient against leaking goroutines
when that context gets canceled at the end of a test and enables per-test
output via ktesting.
The context could get passed to the constructor. A cleaner solution is to
enhance context support for the apiserver and then pass the context into the
controller's run method. This ripples up the call stack to all places which
start an apiserver.
Kubernetes-commit: b92273a760503cc57aba37c4d3a28554f7fec7f8
The project does not recommend using insecure ports. Even
unauthenticated TLS is an improvement since it provides confidentiality.
If you relied upon this, please update to secure serving options.
Kubernetes-commit: de302c73e9558c192fde1cd7d6dcbea7eb76e950
In contrast to the original HandleError and HandleCrash, the new
HandleErrorWithContext and HandleCrashWithContext functions properly do contextual
logging, so if a problem occurs while e.g. dealing with a certain request and
WithValues was used for that request, then the error log entry will also
contain information about it.
The output changes from unstructured to structured, which might be a breaking
change for users who grep for panics. Care was taken to format panics
as similar as possible to the original output.
For errors, a message string gets added. There was none before, which made it
impossible to find all error output coming from HandleError.
Keeping HandleError and HandleCrash around without deprecating while changing
the signature of callbacks is a compromise between not breaking existing code
and not adding too many special cases that need to be supported. There is some
code which uses PanicHandlers or ErrorHandlers, but less than code that uses
the Handle* calls.
In Kubernetes, we want to replace the calls. logcheck warns about them in code
which is supposed to be contextual. The steps towards that are:
- add TODO remarks as reminder (this commit)
- locally remove " TODO(pohly): " to enable the check with `//logcheck:context`,
merge fixes for linter warnings
- once there are none, remove the TODO to enable the check permanently
Kubernetes-commit: 5a130d2b71e5d70cfff15087f4d521c6b68fb01e
Mangirdas Judeikis
Vinayak Goyal
Monis Khan
Sean Sullivan
Lukasz Szaszkiewicz
Abu Kashem
Matthieu MOREL
Abhishek Kr Srivastav
xuzhenglun
Stanislav Láznička
Kensei Nakada
jonyhy96
David Ashpole
Sohan Kunkerkar
0x5457
Adarsh-verma-14
Joe Betz
Eric Lin
Wojciech Tyczyński
Siyuan Zhang
Stephen Kitt
Jayapriya Pai
Alvaro Aleman
Andrew DeMaria
cyclinder
Patrick Ohly
Marek Siarkowicz
chenk008
David Eads
Anish Ramasekar
cici37
Jefftree