kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,971 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

208 Commits

Author SHA1 Message Date
Alexander Zielenski 73db86feab fix bug with param controllers being removed if used by more than one policy 
Kubernetes-commit: ecd267d097ec7cd26fa5a6343622c3772f66486f
 2023-01-17 15:27:45 -08:00
Alexander Zielenski 9be70531b4 refactor admission controller to avoid contention 
refresh admission policies up to once per second based upon last known good data

Kubernetes-commit: 5f59f449832e5206fe9b5fd7d9a43721c4c9ae44
 2022-12-15 16:30:52 -08:00
Alexander Zielenski 3fe59ceb77 defer Done call 
safer in case of panic

Kubernetes-commit: 517df8f3051b5b0a9eb57a5bad1d6bc16fb61985
 2022-12-15 13:09:11 -08:00
Daniel Smith d053de6ca3 Enable propagration of HasSynced 
* Add tracker types and tests
* Modify ResourceEventHandler interface's OnAdd member
* Add additional ResourceEventHandlerDetailedFuncs struct
* Fix SharedInformer to let users track HasSynced for their handlers
* Fix in-tree controllers which weren't computing HasSynced correctly
* Deprecate the cache.Pop function

Kubernetes-commit: 8100efc7b3122ad119ee8fa4bbbedef3b90f2e0d
 2022-11-18 00:12:50 +00:00
Cici Huang 47687312f4 Rename FG to `ValidatingAdmissionPolicy` 
Kubernetes-commit: 29737124860b1414affa07ed6db30fccdbae3b55
 2022-11-09 17:27:20 +00:00
Cici Huang 55bc692e10 Rename admission cel package to validatingadmissionpolicy 
Kubernetes-commit: 40c21dafcdb7d4f7ee85c652b362632f3b620861
 2022-11-08 14:18:26 +00:00
Alexander Zielenski 806e2feeca add test for error when informers are not ready 
Kubernetes-commit: acf571fcbed6e762a2a654bfbe6c415e668dfed3
 2022-11-09 15:28:37 -08:00
Alexander Zielenski 2167932c69 use existing admissionHandler readyfunc to wait for sync 
is what other plugins do, and should decrease verbosity in logs

Kubernetes-commit: df315f347c911c5cc189d14f6dc70a23da52e57d
 2022-11-08 13:07:42 -08:00
Kermit Alexander II 8884260fa6 Add metrics integration. 
Kubernetes-commit: 99494e67779d0db5a1bf304256e7df273070bf95
 2022-10-31 19:22:35 +00:00
Alexander Zielenski 7c2a6f0ee8 fix possible race in admission test of listwatch 
Kubernetes-commit: 4e217159cfc1441f3c3234059fc6fca0eb13a66d
 2022-11-07 12:01:44 -08:00
Joe Betz 0e28c0c81f Fix params to be null instead of an empty map if paramRef is null 
Kubernetes-commit: 65460b14d2b9ea20aaf2c6fece191af53ae57249
 2022-11-08 13:49:50 -05:00
Cici Huang 81aeb1b5e9 Integrate cel admission with API. 
Co-authored-by: Alexander Zielenski <zielenski@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>

Kubernetes-commit: e7d83a1fb7b3e4f6a75ed73bc6e410946e12ad9f
 2022-11-07 21:38:55 +00:00
Cici Huang 58f75bc06a Add match check for policy and binding. 
Co-authored-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 46f97d4662d5b403badd29675d79d0c74875b9f0
 2022-11-07 21:33:17 +00:00
Cici Huang 9f6b13b337 Update admission initializers. 
Moved RestMapper and add DynamicClient

Kubernetes-commit: c8a089de4692ef94ec25fc5874906640d0ec9a28
 2022-11-07 21:24:46 +00:00
Cici Huang 464de72d97 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 
Kubernetes-commit: 0486e062618f2181857ae7b235dcd4b8be0964e4
 2022-10-04 04:46:55 +00:00
Max Smythe 95fe36122a Fix canonical imports 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 003fbae25bf4c76b8b71d56206b51e1ee6e80812
 2022-10-25 20:40:27 -07:00
Max Smythe 73e7490c2b Make interface for webhook predicates more specific 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 00ebe0bf623295dc589e43e8c299003f9e939f65
 2022-10-25 16:34:06 -07:00
Max Smythe 3dc8d71b8a Move webhook scoping rules into a predicates directory 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: b4ee0c0574932b99a9e877c84d880a5f00fdd3cc
 2022-10-25 16:28:16 -07:00
David Ashpole aa161f2fc0 migrate apiserver utiltrace usage to component-base/tracing 
Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13
 2022-10-20 18:15:38 +00:00
Alexander Zielenski ee983a05da fix flaky admission tests 
would fllake .04% of the time on my machine.

In tests waiting for objects to be reconciled, would erroneously treat the "Not Found" case as an error rather than waiting a bit.

also add some more context to test errors to improve debuggability

Kubernetes-commit: bfbc1f3479423b5c53231cfec58895746ef2de69
 2022-10-21 09:47:18 -07:00
Alexander Zielenski e25b9399a5 add cel admission controller tests 
84% coverage

Kubernetes-commit: 8b74e73e3825e725d05376de717ad96506a52eec
 2022-10-12 18:03:44 -07:00
Alexander Zielenski cd8f0b6cf7 add cel admission plugin and initializer 
Kubernetes-commit: a41a536dbdb72877fa48f85272e479eb628e68f8
 2022-10-12 10:21:31 -07:00
Alexander Zielenski b154760894 add generics tests 
84.1% coverage

Kubernetes-commit: 74b103cd52da3b0149aa9e50a569a89bdd46e1db
 2022-10-13 13:44:03 -07:00
Alexander Zielenski b1196b949c add cel admission controller 
Kubernetes-commit: 2286501e227ead064e95880a6f28904526f887a6
 2022-10-12 10:21:08 -07:00
Alexander Zielenski bf7388424e add OWNERS 
Kubernetes-commit: c52fae186a60f0d480f26628c55656c76c7ccac0
 2022-10-12 16:11:11 -07:00
qmloong a32e26b98a fix: remove redundant error log print 
Kubernetes-commit: 45ed5ba9939c581d0633772ea3177780fae95db0
 2022-09-26 14:52:25 +08:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
HaoJie Liu 4c5e4623d3 cleanup: use append other than for loop 
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>

Kubernetes-commit: 29b5cd04bd2c7e2676687d3b613c9b065b128e54
 2022-07-21 15:29:30 +08:00
ialidzhikov 057c272d7b Fix a typo 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: b2fc44f3f064f56fd9d772f8ecc192614ed79c69
 2022-05-18 13:18:47 +03:00
Wojciech Tyczyński 2428ade32a Fix leaking goroutines in QuotaEvaluator 
Kubernetes-commit: 9d974e6e89285e3e0cb7ff928407a3350b224084
 2022-05-26 21:10:10 +02:00
Wojciech Tyczyński 5ab2c69c4c Fix ResourceQuota admission shutdown 
Kubernetes-commit: f8211d7e447cc6c29139ebf3422f0752278d6da1
 2022-05-18 19:30:23 +02:00
David Eads 25c5c2ccf3 Handle panic during validating admission webhook admission 
Validating admission webhook evaluation can fail, if uncaught this
crashes a kube-apiserver.  Add handling to catch panic while preserving
the behavior of "must not fail".

Kubernetes-commit: d412bf92b3b02bda93707c6aaba945f28bf60c72
 2022-03-16 13:47:32 -04:00
Steve Kuznetsov 80256820ce storage: move the APIObjectVersioner definition to storage 
The means by which we extract and parse the version of an API object is
not specific to etcd3. In order to allow for a generic suite of tests
against any storage.Interface imlpementation, we need this logic to live
outside of the etcd3 package, or import cycles will exist.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>

Kubernetes-commit: 3939f3003e9605c06f65e64d1fc6f94b294f9d97
 2022-05-11 07:44:21 -07:00
Abu Kashem 72aa2c42fc refactor: rename webhook duration tracker 
Kubernetes-commit: 4a9b9028153c6984b9cf69067cc0a1aa12a00e73
 2022-02-01 15:44:59 -05:00
Luigi Tagliamonte dccc77dd13 add failopen metric 
Kubernetes-commit: 6542f4bb993ebec23ec2198aaba89b629e3ec831
 2021-12-21 14:11:12 -08:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
Paweł Banaszewski 78c055e084 Added requestSloLatencies metric 
Kubernetes-commit: 0afa569499d480df4977568454a50790891860f5
 2021-10-25 22:19:24 +00:00
Jordan Liggitt 18b69ef17d Switch from json-iterator to utiljson 
Kubernetes-commit: bba877d3a6d0e6498d5e43a54939d5e4e8baee1a
 2021-09-14 17:54:37 -04:00
wojtekt b898581360 Migrate to k8s.io/utils/clock in apiserver 
Kubernetes-commit: 859a98c0358610e2c127cd2fba1be601ca975188
 2021-09-14 20:36:07 +02:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
 2021-08-12 17:13:11 -04:00
Ryan Moriarty 0741f109f6 Add a new webhook metric tracking request totals. 
Also add a 1.0s bucket boundary to the webhook latency metric.

Kubernetes-commit: 8ed1628a6e75f4029853502dbac44fdb0edac5fc
 2021-06-22 22:32:47 +00:00
Sergiusz Urbaniak 2402d951d2 Revert "Add a namespace label to admission metrics and expand histogram range to 0-10s" 
Kubernetes-commit: 1a87ae19a62d0c61afa6b381a54c6798effa49eb
 2021-07-30 14:34:45 +02:00
Davanum Srinivas fe1610f3fe switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0
 2021-07-07 13:45:07 -04:00
Dinghua Li 7edb7c1c1e Add attr to the argument list of ObserveWebhookRejection, and remove 
operation, as it is included in attr.

Kubernetes-commit: fb23e449ab680bc53fc1aae826e377c1153d51e4
 2021-05-18 17:42:02 +00:00
Xiaojun Hu f9b4d95442 add fail-open audit logs to validating and mutating admission webhook 
Kubernetes-commit: 9fe7c8955bcb1edbb5aa4fe6bfb8bb6d93d381de
 2021-05-18 13:31:03 -04:00
Steve Kuznetsov 8c01d7fe18 apiserver: wrap errors in admission with context 
When the API server encounters an error during admission webhook
handling, lower-level errors are bubbled up without any additional
context added. This leads to fairly opaque and unintelligible errors. It
is not clear to users if the API server itself is having an error (for
instance, fetching the REST client) or if the request to the webhook
failed in some way.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>

Kubernetes-commit: ae9e71ba68cb1dd00bb5ed2635bac9aab2abbafe
 2021-04-27 11:19:01 -07:00
lala123912 887895128f staging/src/k8s.io/apiserver/pkg/admission: migrate to structured logs 
Kubernetes-commit: 2dc8cadd00962512fa90c460b9fa86a175ca73fc
 2021-01-18 17:19:32 +08:00
yoyinzyc 4c292300d7 add context to metrics in apiserver admission webhook 
Kubernetes-commit: b3aeaa4ed7bf8d419a96b4456a97bdf4c29e4330
 2020-12-09 16:46:15 -08:00
pacoxu ee05a4663e bugfix: check Spec.AllocateLoadBalancerNodePorts for nodeport and skip zero usage in delta evaluator 
Signed-off-by: pacoxu <paco.xu@daocloud.io>

When Spec.AllocateLoadBalancerNodePorts is "false" NodePort shall
not be included when computing quota for type:LoadBalancer.

Co-authored-by: uablrek

Kubernetes-commit: 15867d9e8a1faf007f6df563c26a9b5e8744b2a1
 2020-12-22 19:19:15 +08:00
Ken Sipe 5d58b175c8 fix S1021 var declaration 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 6c49299739a9819c3672248517ab3d6636d1d8c6
 2020-06-25 17:10:34 -05:00