kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,971 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

2792 Commits

Author SHA1 Message Date
David Ashpole 0cf3af5b9f add otel tracing to latency filters 
Kubernetes-commit: ed1610ad15f91b72017c5d69dc4f7d59a17c270f
 2022-10-20 16:17:02 +00:00
Andrew Sy Kim 0a5efb307f apiserver identity: use persistent identity format based on hostname 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

Kubernetes-commit: 21507902ba123c5c60eaa73436b95c4ae9b75908
 2022-10-24 11:24:26 -04:00
Mike Spreitzer 084f1abd96 apiserver: define metrics for API Priority and Fairness borrowing 
Kubernetes-commit: ba5ec78916ae5fe9e400a298da6879515029a12f
 2022-10-31 15:09:39 -07:00
Mike Spreitzer 17134f6412 apiserver: remove redundant field from seatDemandStats 
Kubernetes-commit: 4ad1c0f9cb8aa54efa127975aaa9d5bd3080e8d0
 2022-11-03 10:41:50 -07:00
kidddddddddddddddddddddd 0547548a94 strict decode policy first 
Kubernetes-commit: 5dcfaae7b90c4838e488eace376e05c9e807f23b
 2022-11-02 16:17:52 +08:00
Wojciech Tyczyński a47bbc6347 Minor cleanup in etcd3 tests 
Kubernetes-commit: 83399ccfb8822cc31a6a3a66e8352591d88feaa8
 2022-10-31 18:02:40 +01:00
Wojciech Tyczyński a24d8963d1 Refactor remaining etcd3 tests to make them generic 
Kubernetes-commit: e6ddb69e6fd06bf9a02fa731f12472f3c375762d
 2022-10-31 18:02:19 +01:00
Wojciech Tyczyński c38aa93533 Reuse generic TestGet in cache tests. 
Kubernetes-commit: 75a1ef87b32213a7d3d1c2027dd515e4f74c1777
 2022-10-27 16:00:30 +02:00
David Ashpole 0b88ce8f83 shut down tracerprovider when stopping the kube-apiserver 
Kubernetes-commit: 2342721c157e8a715747187b44af2bd9bacd432f
 2022-11-02 13:15:27 +00:00
Joseph Anttila Hall 12ce665c8d egress_selector.go: Add a dial starts metric. 
Emit this metric before any potentially blocking dial work.

Kubernetes-commit: f89bcffd55e205c610746c418062a305456cf29f
 2022-10-31 12:59:26 -07:00
Wojciech Tyczyński 07db92af49 Fix setting resource version on deletion 
Kubernetes-commit: bbcf5e38776f2b18026539a0fbcf3aa505386c1f
 2022-10-26 21:37:19 +02:00
Marcel Zięba 6887520e10 Fix APF width estimate for creating service account's token 
Kubernetes-commit: 2f7b4ca6851aa3d479c9af3c14a168b4974f2fee
 2022-10-18 12:27:50 +00:00
Max Smythe 95fe36122a Fix canonical imports 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 003fbae25bf4c76b8b71d56206b51e1ee6e80812
 2022-10-25 20:40:27 -07:00
Max Smythe 73e7490c2b Make interface for webhook predicates more specific 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: 00ebe0bf623295dc589e43e8c299003f9e939f65
 2022-10-25 16:34:06 -07:00
Max Smythe 3dc8d71b8a Move webhook scoping rules into a predicates directory 
Signed-off-by: Max Smythe <smythe@google.com>

Kubernetes-commit: b4ee0c0574932b99a9e877c84d880a5f00fdd3cc
 2022-10-25 16:28:16 -07:00
Wojciech Tyczyński 499bbb88dc Refactor WatchError test to make it generic 
Kubernetes-commit: b3f9272d57a71a9c50b38754b7309ddf68adb93f
 2022-10-28 11:35:58 +02:00
Kermit Alexander II 9129598e13 Add metrics for validation admission control. 
Kubernetes-commit: ac324cb30c938a6e8eb533feaba4bb4503416e26
 2022-10-11 20:04:13 +00:00
Mike Spreitzer 413be63b46 Add instrumentation for seat borrowing 
Kubernetes-commit: 9b684579e230f105bcaa743f06bc07c39af703df
 2022-10-20 15:21:09 -04:00
Maciej Borsz 49647f7386 Add benchmark for caching object 
Kubernetes-commit: e577a77eb8160a5f70668a5d538ab5a1498ba0db
 2022-10-25 12:57:24 +00:00
Wojciech Tyczyński 3f5a3e0ae0 Refactor etcd3 list consistency test 
Kubernetes-commit: cd5da36c92f3ed52debc22c39a7cd9d369b0eecd
 2022-10-27 10:19:09 +02:00
Wojciech Tyczyński c527f6432a Minor cleanup of etcd3 tests 
Kubernetes-commit: bbe1ebc82aa019118c91e8447517f91b9d036c1e
 2022-10-27 09:48:06 +02:00
Wojciech Tyczyński f6802e074e Refactor storage tests using compaction 
Kubernetes-commit: b02f172cbdf7e824d13a6a9c3a9b9fe4f3f92afb
 2022-10-26 20:47:19 +02:00
Wojciech Tyczyński 834cf0fc14 Refactor compaction in etcd3 tests 
Kubernetes-commit: 7da7ddd779f9ea835f0c57deae05e050c543066b
 2022-10-26 16:34:28 +02:00
David Ashpole aa161f2fc0 migrate apiserver utiltrace usage to component-base/tracing 
Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13
 2022-10-20 18:15:38 +00:00
Tim Allclair 4b329cff47 Rename WithAuditID to WithAuditInit 
Kubernetes-commit: ea28a21a6790d40c1fe540c64a296c8f0db17c65
 2022-07-12 14:46:27 -07:00
Tim Allclair bd7c7f52c2 Consolidate AuditContext 
Kubernetes-commit: f1d684b7b60b39b7dc1eb4156307c593f0ba74e1
 2022-07-12 11:53:57 -07:00
Wojciech Tyczyński 3afe8ebf5f Minor cleanup of etcd3 tests 
Kubernetes-commit: e04fe81dfcff189ef5162b9b26b55760f613a010
 2022-10-26 13:05:49 +02:00
Wojciech Tyczyński 73a664638b Refactor pagination tests 
Kubernetes-commit: 6c8ce894e18a2e2cae20edd2f6e79db9407ebce3
 2022-10-26 12:18:21 +02:00
Wojciech Tyczyński dec6f492e8 Refactor GetReads 
Kubernetes-commit: 8472e1bc13b0fa8aa3a67e5fcf2f13bfd7974cd3
 2022-10-26 11:30:32 +02:00
Wojciech Tyczyński 5a8fdf8480 Move GuaranteedUpdateChecksData test to generic package 
Kubernetes-commit: afc5ded83931cdb8a2643486d6834eb8d9b04588
 2022-10-25 14:31:20 +02:00
Wojciech Tyczyński d9a3685d6f Minor cleanup of storage tests 
Kubernetes-commit: 5344bc5e1b7e50d5ff359c714d522b421b28bd12
 2022-10-25 14:09:36 +02:00
Wojciech Tyczyński 1960fa837f Move GuaranteedUpdate test to generic test package 
Kubernetes-commit: 012676acc3dd2b235bd601e4105294d2715f155b
 2022-10-25 14:04:00 +02:00
Han Kang e9f139f163 swap name for storage metric for underlying storage db 
Change-Id: Ic7cd9bf5ef29d9c51a728ef37c94d77172fbf678

Kubernetes-commit: 3a2d1bab26bfb9e7d887207dec0c51645c7017fe
 2022-10-24 15:27:05 -04:00
Shihang Zhang 7b63db277d track legacy service account tokens 
Kubernetes-commit: 569cd70a52359a294a608fb256693445a89a9dab
 2022-03-21 14:21:41 -07:00
Mike Spreitzer b6fd67c2a7 Introduce constants for the two parameters of seat borrowing 
Kubernetes-commit: 8d826ee9f8e19f499f5c0a982bb256ae268a9010
 2022-10-20 00:47:01 -04:00
Alexander Zielenski ee983a05da fix flaky admission tests 
would fllake .04% of the time on my machine.

In tests waiting for objects to be reconciled, would erroneously treat the "Not Found" case as an error rather than waiting a bit.

also add some more context to test errors to improve debuggability

Kubernetes-commit: bfbc1f3479423b5c53231cfec58895746ef2de69
 2022-10-21 09:47:18 -07:00
scott 779d3eda81 Fix DeleteCollection API decode DeleteOptions fail 
The reason for the issue is that the apiserver uses the Scheme in the
global variable pkg/api/legacyscheme/scheme.go, and registers the
DeleteOptions corresponding to each APIGroup in the Scheme.  But
DeleteOptions in meta.k8s.io/v1 is not registered, resulting
in a notRegisteredErr.

Use metainternalversionscheme.Codecs as Serializer

Kubernetes-commit: e7d7f4a9e56fe5d9c10da437787118fe9ea9e5af
 2022-10-18 16:47:50 +08:00
Tim Allclair 8a252ba686 More useful audit error logs 
Kubernetes-commit: 8924d0e8b6d185eef8794f9144c321e2f4a0adae
 2022-08-04 15:17:13 -07:00
Alexander Zielenski e25b9399a5 add cel admission controller tests 
84% coverage

Kubernetes-commit: 8b74e73e3825e725d05376de717ad96506a52eec
 2022-10-12 18:03:44 -07:00
Alexander Zielenski cd8f0b6cf7 add cel admission plugin and initializer 
Kubernetes-commit: a41a536dbdb72877fa48f85272e479eb628e68f8
 2022-10-12 10:21:31 -07:00
Alexander Zielenski b154760894 add generics tests 
84.1% coverage

Kubernetes-commit: 74b103cd52da3b0149aa9e50a569a89bdd46e1db
 2022-10-13 13:44:03 -07:00
Alexander Zielenski b1196b949c add cel admission controller 
Kubernetes-commit: 2286501e227ead064e95880a6f28904526f887a6
 2022-10-12 10:21:08 -07:00
Alexander Zielenski bf7388424e add OWNERS 
Kubernetes-commit: c52fae186a60f0d480f26628c55656c76c7ccac0
 2022-10-12 16:11:11 -07:00
Oscar Utbult 9d3d7b483a grammar: replace all occurrences of "the the" with "the" 
Kubernetes-commit: e4f776f23098ecf942cafa898777195adbc800f1
 2022-09-17 22:58:01 +02:00
lixiaobing1 c144979a82 replace WithInsecure() with WithTransportCredentials() 
Kubernetes-commit: 7892175acdb329d44cf1f34230f78e608b3cb736
 2022-10-15 16:41:53 +08:00
Mohammad Zuber Khan 6fe4f87105 add superuser fallback to authorizer (#111558) 
* add superuser fallback to authorizer

* change the order of authorizers

* change the order of authorizers

* remove the duplicate superuser authorizer

* add integration test for superuser permissions

Kubernetes-commit: f86acbad68baf1a99d6fa153f6f0cdc7b93932e4
 2022-10-19 04:02:04 +00:00
David Ashpole 73fdf7e37b Fix bug in which APIServerTracing did not work with some egress selectors 
Kubernetes-commit: 00bcd6cf01b719d0fddc8331ffecd3de35e8896f
 2022-10-11 16:22:33 +00:00
Monis Khan f4ac8fc8bb prefixTransformers: allocate after transformation length is known 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 59e1a32fc8ed35e328a3971d3a1d640ffc28ff55
 2022-10-17 16:56:40 -04:00
Monis Khan be9579fc15 k8s.io/apiserver/pkg/storage/value: allow encryption-at-rest approval 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b68bc0678d5876e4c11c7d5289f777b6e37c4917
 2022-10-17 17:07:56 -04:00
Davanum Srinivas 96eda3624c Bump log level for health check warning for missing components 
Default api server manifest whose liveness check looks like:
"/livez?exclude=etcd&exclude=kms-provider-0&exclude=kms-provider-1"

Which causes spurious messages in apiserver logs every 10 mins:
```
W1017 00:03:39.938956       9 healthz.go:256] cannot exclude some health checks, no health checks are installed matching "kms-provider-0","kms-provider-1"
```

Let's not log excessive messages especially at warning level. We should
do this at a higher level (6 instead of 4).

NOTE: we don't change the message returned to the http request, we keep
that as-is (does not change on log level)

Also see:
https://github.com/aws/eks-distro/blob/v1-19-eks-12/projects/kubernetes/kubernetes/1-19/patches/0016-EKS-PATCH-apiserver-healthz-upper-log-verbosity-for-.patch

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 20de240d5bdb7fc50de3fe9b8cdd95f81bf47034
 2022-10-17 09:42:09 -04:00
Han Kang 4ae2cd3dc6 actually resolve the computations for buckets for static analysis 
Change-Id: Icafe84e165cc14087a2811f9a3e5d5e69ef3f178

Kubernetes-commit: a07718258aef5cd20a356b4657f1054b6baeb03b
 2022-10-13 13:44:51 -07:00
Abu Kashem 538eaa3c92 apiserver: use SSA for apf configuration client 
Kubernetes-commit: ecc640f1b40f14a894269e4b2ae6c80158626e93
 2022-09-19 14:03:16 -04:00
Abu Kashem c4de3f516b apiserver: fix typo in graceful termination test 
Kubernetes-commit: 0af2306a9a1c867fc374eb740b3be2b5a00675e7
 2022-10-10 10:47:27 -04:00
Maciej Wyrzuc bfac2bc2b9 do not print status stack in case of timeout from timeout handler 
Kubernetes-commit: 886648b820c10011350e7435a3105fd7d329c3c5
 2022-09-10 10:13:11 +00:00
twilight0620 2180db0c8d code check modify: 
receiver name obj should be consistent with previous receiver name s for SimpleStream
error var hookNotFinished should have name of the form errFoo

Kubernetes-commit: ae385ee874a81cd01ee4fef98efc1bd5c219c9b7
 2022-04-21 16:47:22 +08:00
Paco Xu c23bbb6aae fsnotify: use event.Has instead of "event.Op&h == h" 
Kubernetes-commit: 2ce7a8116902a47c0b859dff1f546e194d468064
 2022-10-13 13:42:11 +08:00
Harsha Narayana 1da54ec21a kmsv2: enable logging for kmsv2 enc/dec operations 
Kubernetes-commit: 79d741f1f8efcfc75cecd22898c7b6b689449f0a
 2022-08-31 22:08:55 +05:30
Monis Khan 8d68e6f323 Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: f507bc255382b2e2095351053bc17e74f7100d35
 2022-08-29 17:25:48 -04:00
Jiahui Feng ac0ce38abe use DefaultMaxRequestSizeBytes for maxRequestSizeBytes. 
Kubernetes-commit: 755f41a185e828d9c64ae3ac37ce829e60592ad1
 2022-10-10 14:42:24 -07:00
Jiahui Feng 870da5a58e move CEL package to apiserver package. 
only anything that does not require Structural

Kubernetes-commit: 0dd316a5c11261c0e5fc7928d8697754b16ad461
 2022-10-07 15:02:47 -07:00
Han Kang a26df69931 wire up feature-gate for component slis 
Change-Id: Iba6ffbcac9dba4f4be3023ada6ac31691c1ae17b

Kubernetes-commit: 01bfbdff2dee3be93d286a8ff53f9e52a1ee9724
 2022-10-05 15:56:06 -07:00
Manish Kumar a433b219b9 Move celopenapi/model to staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/ (#109959) 
Co-authored-by: Manish Kumar <manish.kumar1@india.nec.com>

Kubernetes-commit: 39ffd45175876fe7c846c6239d89613d31a28fa1
 2022-10-07 05:43:52 +05:30
Cici Huang 025851852a Update feature gate name to CELValidatingAdmission 
Kubernetes-commit: d8ab3fea0d5f91e273fcb3b49cffb71d1b70f7e3
 2022-10-05 19:40:50 +00:00
Cici Huang d089253bb2 Add feature gate CelValidatingAdmissionExtensibility 
Kubernetes-commit: 9dff2311eacbcde1390ad67233cf0a48f0020eea
 2022-09-29 18:45:14 +00:00
Abu Kashem 4ecff81419 rename assuredConcurrencyShares for flowcontrol v1beta3 
Kubernetes-commit: 66fc0d703794f309c9715028d3b63f64c281a5fd
 2022-09-21 15:40:33 -04:00
Abu Kashem 98ffe5507d apiserver: update apf logic to use v1beta3 
Kubernetes-commit: 0a99e6ebb1e241bf421f6df44b15a5a16063a9f2
 2022-09-10 07:26:31 -04:00
Abu Kashem e888dae968 apiserver: update apf tests to use v1beta3 
Kubernetes-commit: 6edc2516863994905b57f4386450f3e8f818bbc9
 2022-09-10 07:05:20 -04:00
Abirdcfly 487ade9f5d go1.19: change some atomic.Value to atomic.Bool 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Kubernetes-commit: 1d631f7eef4db32afe23460843c4084ed3a3f6bd
 2022-09-06 17:13:44 +08:00
SataQiu 2c587cfaab kube-apiserver: mark unused master-service-namespace flag as deprecated 
Kubernetes-commit: 3cd3ab5f943a5b0e1bc0dc53c90ed9cf0aa811ad
 2022-09-30 16:13:13 +08:00
Monis Khan 25ccbfa75c Use https links for k8s KEPs, issues, PRs, etc 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b738be9b46a899571303c8c887e32bf4d5b71a0a
 2022-09-23 16:13:22 -04:00
Alex Zielenski c4a7c1b469 Allow timestamp transformer equalities to be configurable (#112158) 
* allow noop-ignoring transformer to be configurable

* consolidate timestamp equalities initialization

* remove extra plumbing

* fix typo

* remove CustomEqualities list

Kubernetes-commit: a9a1cdbd1531df06e27029686669a8fea99d44e8
 2022-09-28 10:56:34 -04:00
Han Kang 7ede3563fe enable health check SLI metrics for apiserver 
Change-Id: I1b43e6dfea35b8c3bfdf5daaa8b42adff2fbc786

Kubernetes-commit: db13f51db97c114bb550b99efddd985548edc082
 2022-09-26 16:10:58 -07:00
Anish Ramasekar 1411f0e151 kmsv2: validate annotations key and size 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: d1fb258ff2d009f202cff3fdd25e6fd2bbda08ef
 2022-09-14 21:58:17 +00:00
qmloong a32e26b98a fix: remove redundant error log print 
Kubernetes-commit: 45ed5ba9939c581d0633772ea3177780fae95db0
 2022-09-26 14:52:25 +08:00
Wojciech Tyczyński baa5a012e9 Lock ServerSideApply feature to true 
Kubernetes-commit: 57c95fbfa12bc04456330d8b0b29f333106cf156
 2022-09-27 11:13:00 +02:00
Monis Khan c602291fa1 encryption config: no-op refactor to prepare for single loading 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: db850931a8699e780dd794e1763fd0e54b4239b5
 2022-08-29 17:25:48 -04:00
Anish Ramasekar c027ae3881 Add staging directory for kms 
- Moves kms proto apis to the staging repo
- Updates generate and verify kms proto scripts to check staging repo

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: c3794e2377016b1c18b1dcb63dc61d686c8ebcbf
 2022-08-23 20:22:09 +00:00
Anish Ramasekar ec520ccd91 [KMS]: update envelope caching unit tests 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 92dce5de71f752c8c136ec7c7417a73d50317cf5
 2022-09-15 18:01:48 +00:00
Davanum Srinivas ae4a45db07 update to v1.12.0 of semconv 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 01d8a4f0c56131de2ee8b4ba5ffd384de4b38578
 2022-09-18 19:33:02 -04:00
Davanum Srinivas 6c2030e10c update code to use newer otel api 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 3eaca7cf519808fcb98d4c43e666ea750270d825
 2022-09-17 14:27:06 -04:00
SataQiu d9a11fffae remove DeprecatedInsecureServingOptionsWithLoopback 
Kubernetes-commit: d545de2b96de094107c3b687d8d48663af8f9fae
 2022-09-11 21:22:18 +08:00
Marcel Zięba 395682d7b7 Fix list estimator for lists that are executed as gets 
Kubernetes-commit: 09f1ce9ec821c14013c775ba106e4888cb29c2c3
 2022-09-19 07:42:45 +00:00
viveksahu26 6cb2fda0ab fix warnings or linter errors 
Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

Kubernetes-commit: 386bc4a7fa3e975cb247d300fdc5ad1b14a15605
 2022-09-05 19:10:43 +05:30
Antonio Ojea 1239036585 rate limit /healthz etcd healthchecks 
return the last request error, instead of last error received
The rate limit allows 1 event per healthcheck timeout / 2

Kubernetes-commit: 510a85c53a5138babb1650fadd328e6f34baa03b
 2022-08-29 11:09:58 +02:00
Antonio Ojea d2581bb0e0 fix etcd unit tests 
stop leaking goroutines

reduce etcd test duration

Kubernetes-commit: dd6d3d95cdeb0e165e8365212d85d0f3b972d3e8
 2022-08-28 23:13:45 +02:00
Antonio Ojea fb26cb4f0c don't serialize etcd healthchecks 
Kubernetes-commit: 5a67248115ec0bc762c0351a73810117ac0bb814
 2022-08-29 17:57:01 +02:00
Monis Khan 70b4742ce2 kms: fix go routine leak in gRPC connection 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 4e68e9b5ad70ae074b3fb20f0fb2ba25d0792274
 2022-08-24 01:51:19 +00:00
Shyam Jeedigunta f7e0cdae19 Reduce default gzip compression level from 4 to 1 in apiserver 
Kubernetes-commit: 7cd5e6597e7137aa3b37a7c7ade2bf831cb7aca9
 2022-09-07 13:23:53 -07:00
HaoJie Liu e1af448867 test: use bytes.Buffer.String 
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>

Kubernetes-commit: f55d658c1c8b4c59dcb33bd07285e62344ef0186
 2022-08-29 15:45:20 +08:00
Mike Spreitzer 3419387b18 Call queueSet::boundNextDispatchLocked enough 
Fix the one path where boundNextDispatchLocked was not being called
after modifying a queue.

Also check for negative work in a request.

These are motivated by
https://github.com/kubernetes/kubernetes/issues/112169 but I do not
have a way to reproduce it and so can not check that these changes
actually remove that symptom.  But these changes are good anyway.

Kubernetes-commit: 6ee93e2cee695203a6ce4935da1b9a807b624260
 2022-09-01 22:54:53 -04:00
xueqzhan 9d6934f8fa Add DisableAnonymous to DelegatingAuthenticationOptions 
Kubernetes-commit: 5619c71eb0b9fae13c831d92797da9427094518f
 2022-09-01 11:58:51 -04:00
Alex Zielenski d46c86b62b Update kube_features.go 
Kubernetes-commit: 9dab9f3e28652b823d0589d127f84ba901ae4c65
 2022-08-30 09:06:29 -07:00
Alex Zielenski 4c7c0de421 update comments 
Kubernetes-commit: 92fac4ab8af1e90fc21163ef474c9094573b4ebd
 2022-08-30 09:04:06 -07:00
Alexander Zielenski b0ba338767 add aggregated discovery feature gate 
Kubernetes-commit: 7b54c492d9586a8c979686795283324b272ad0c6
 2022-08-29 16:21:23 -07:00
Antonio Ojea 852f0a02d4 Initialize Name (GenerateName) earlier in the Create process 
Kubernetes-commit: af9d36f9310bc3c21791bf17470a667b690573b0
 2022-08-26 13:20:43 +02:00
Antonio Ojea 89fb3670f4 test rest error generate name conflict 
Kubernetes-commit: 20d190ec2ae90bc521e7342821a3a4301fe573af
 2022-08-26 13:20:06 +02:00
Han Kang ce7b4d6e8c Add request body size metric 
Change-Id: Ica5d9b5457d4f844c4500b2c05b2f0631c27454c

Kubernetes-commit: 43c95cbf0682895cf5bb79452b1f011123ac4513
 2022-08-24 09:15:23 -07:00
Han Kang 270d177e30 add metric and test 
Change-Id: Ic2bcf39caef791b2e13448a97d2c3203ed1d94b9

Kubernetes-commit: 07020ab42e8f1a2e9d6fe4969c01d0f971324ae1
 2022-08-24 08:54:51 -07:00
Antonio Ojea ea69e5d51c remove DryRun feature gate checks 
Kubernetes-commit: a1bfb76458a219577884d312ceb93eb1bb3f7e39
 2022-08-26 11:33:56 +02:00
Andy Goldstein 8587d29223 etcd3: include GroupResource in logs/metrics 
Use GroupResource instead of object reflection when recording the
following metrics:

- etcd_request_duration_seconds
- etcd_bookmark_counts

Add GroupResource to logs and traces where only reflection-based typing
was previously used.

Both of these changes allow us to disginguish between different CRDs,
all of which are represented as *unstructured.Unstructured.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>

Kubernetes-commit: 305fa2add60ad507417304d865f001006d5175fe
 2022-08-25 13:55:55 -04:00
Andy Goldstein 7eb011f596 watch cache: metrics: objectType -> group resource 
Use the group resource instead of objectType in watch cache metrics,
because all CustomResources are grouped together as
*unstructured.Unstructured, instead of 1 entry per type.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>

Kubernetes-commit: d08b69e8d35a5aa73a178c508f9b0e1ad74b882d
 2022-08-11 15:51:21 -04:00
Andy Goldstein ecf3a57374 watch cache: log GroupResource, not objectType 
All CustomResources are treated as *unstructured.Unstructured, leading
the watch cache to log anything related to CRs as Unstructured. This
change uses the schema.GroupResource instead of object type for all type
related log messages in the watch cache, resulting in distinct output
for each CR type.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>

Kubernetes-commit: 397533a4c2df9639ff4422c907d06fae195a1835
 2022-08-11 15:45:04 -04:00
cndoit18 902be89708 style: remove redundant judgment 
Signed-off-by: cndoit18 <cndoit18@outlook.com>

Kubernetes-commit: ec43037d0f57fdfc2fdc4960fdb8a7e31ac79fae
 2022-07-29 18:25:05 +08:00
Jordan Liggitt 9397c6d674 Enforce strict handling in alpha 
Kubernetes-commit: 065cca38e937bcd517504a21472e72987e0f95a7
 2022-08-23 09:07:46 -04:00
Anish Ramasekar bdd7082eed chore(kms): remove unused plugin name and migrate from deprecated `io/ioutil` pkg 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 7db7a63959162d743f771183bf4e88e82afef868
 2022-08-23 22:55:22 +00:00
leilei.wan.cn 9f91290828 not reset when exempt pl panic 
Kubernetes-commit: aef47c3c3b2e5a66b38f073ac05825f831eeb3fd
 2022-08-18 19:13:47 +08:00
wanlei bb7342b40b fix(apf): not reset apf when panic 
Kubernetes-commit: 22b0be9842640eabac961132a42239a9f22cdf71
 2022-08-15 10:38:50 +08:00
Han Kang d5fac85195 clean-up apiserver metrics and use subsystem 
this is specifically so that we have more structured information when
the metric is parsed and stored as a stable metric. This change does not
change the name of the actual metrics.

Change-Id: I861482401ad9a0ae12306b93abf91d6f76d7a407

Kubernetes-commit: 178e57c17b66eb572a961690bd10782aeb3c3582
 2022-07-29 12:51:29 -07:00
David Eads 6a7c6a0940 Revert "Add an option to conditionally disable compression based on client ip." 
This reverts commit 023583a15586328569ccab505db2f57f398e04b3.

Kubernetes-commit: 2f3ffbed2cffaaba63304318bc1d09b0144600ff
 2022-08-17 15:08:39 -04:00
David Eads c6b4b28cf9 Revert "enforce strict alpha handling for API serving" 
This reverts commit 233e0cb8c3a723f57d578be2179284e4eb9d017d.

Kubernetes-commit: 696e41a69859f196ac02d3ceb270a3979fc2861f
 2022-08-10 09:42:37 -04:00
Anish Ramasekar 225e26ac4a Implement KMS v2alpha1 
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
 2022-06-29 20:51:35 +00:00
Sally O'Malley 4f9e133507 kubelet tracing 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: David Ashpole <dashpole@google.com>

Kubernetes-commit: 47e7d8034ff3be8e198dde6a671d05a11c30e333
 2021-10-10 09:17:27 -04:00
Maciej Borsz 40280f9889 Add an option to conditionally disable compression based on client ip. 
Kubernetes-commit: 023583a15586328569ccab505db2f57f398e04b3
 2022-07-29 08:44:14 +00:00
Anish Ramasekar 8ab3aa3011 feat:(kms) encrypt data with DEK using AES-GCM instead of AES-CBC 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: d54631a41a869f7a28d82fcab2e174ee85879027
 2022-07-13 17:14:50 +00:00
Nic Cope 9b243e9d90 Copy etcd client debug level logic from upstream 
Replicated from https://github.com/etcd-io/etcd/blob/v3.5.4/client/v3/logger.go#L47

The logic of this function doesn't make a lot of sense to me, but
copying it will avoid any behaviour change.

Signed-off-by: Nic Cope <nicc@rk0n.org>

Kubernetes-commit: c1aa7a0fe73cbcab8e70f7b73a845ae9394f9a71
 2022-07-29 14:26:31 -07:00
Nic Cope a105c2570c Give etcd client logger a name 
Logic copied from https://github.com/etcd-io/etcd/blob/v3.5.4/client/v3/client.go#L374

Signed-off-by: Nic Cope <nicc@rk0n.org>

Kubernetes-commit: f54d2606336e2e8130339d2a0bc04fac6906aa78
 2022-07-29 14:24:17 -07:00
Nic Cope 463756f91d Share a single etcd3 client logger across all clients 
Currently the API server creates one etcd client per CRD. If clients
aren't provided a logger they'll each create their own. These loggers
can account for ~20% of API server memory consumption on a cluster with
hundreds of CRDs.

Signed-off-by: Nic Cope <nicc@rk0n.org>

Kubernetes-commit: 0c81eabb853e581abbcb37ebf094af3316e1012e
 2022-07-28 19:51:55 -07:00
Nic Cope ef17269e10 Disable the etcd3 client logger 
This logger is responsible for 20% of the API server's memory usage when
many CRDs are installed. See the below issue for more context.

https://github.com/kubernetes/kubernetes/issues/111476

Signed-off-by: Nic Cope <nicc@rk0n.org>

Kubernetes-commit: 0e5401c93940126beac45264aa056507b0950075
 2022-07-27 14:44:49 -07:00
Cici Huang 45072c5fc4 Promote feature CustomResourceValidationExpressions to beta 
Kubernetes-commit: e0fb5714acf0b72bcc95fa59d62913ede51151c6
 2022-07-14 18:32:51 +00:00
Wojciech Tyczyński 6ab5ae374a Fix draining cacher tests 
Kubernetes-commit: a530a6898a36d43eef766f041eab4e4b6d5adedb
 2022-07-28 10:20:23 +02:00
Lukasz Szaszkiewicz 684cf11215 cacher: add support for consistent streaming 
design details https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/3157-watch-list#design-details

Kubernetes-commit: debace151cfffc1b5d805341efcbf5f0062e95ed
 2022-07-05 15:48:30 +02:00
Marcel Zięba 3c024b4916 Add option to retry internal api error in reflector. 
Kubernetes-commit: 0b2b6489de8f75d5299f54180617601126bb8878
 2022-07-25 08:02:54 +00:00
jupblb 16f776a534 Switch initial/final seats type to uint64 
Kubernetes-commit: 3c46482eb09d7343e0f98a930a9aaa158237e278
 2022-07-28 10:48:40 +02:00
Abirdcfly 3fde82e2dd clean Unreachable code 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Kubernetes-commit: f71718d6448418d0289b9649905a16bfb1962b68
 2022-07-19 00:58:17 +08:00
Maciej Wyrzuc cb0bb2af35 Add additional etcd check to readyz with 2 seconds timeout. 
Kubernetes-commit: b42045a64fd07fb948660839b6c7c14440bee9df
 2022-07-25 13:08:50 +00:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
Davanum Srinivas a13e0b29d5 fix patch_test for gofmt issue 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: ea7dff551f648d8a46087f59e40767216d00f60e
 2022-07-26 10:12:54 -04:00
Mikko Ylinen 12a8b7fef3 grpc: move to use grpc.WithTransportCredentials() 
v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use
what is the recommended replacement:

grpc.WithTransportCredentials(insecure.NewCredentials())

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0
 2022-05-11 12:13:28 +03:00
Alexander Zielenski 43763b31c6 use more apt name for flag 
Kubernetes-commit: c2cbc460f2c5be07b0f5762005642625b06b6a75
 2022-07-20 10:45:21 -07:00
Alexander Zielenski feb8f08b78 guard usage of timestamp transformer under fieldManager non nil 
not strictly necessary for correctness, but it is not needed unless SSA is enabled

Kubernetes-commit: 48786d90da794bd1a0ef588f6393a0dddffcc400
 2022-07-20 08:58:28 -07:00
Alexander Zielenski c2e73305f9 add envar to disable non semantic updates feature 
enabled by default. can easily be changed in backports

Kubernetes-commit: 076051135d16b70c08d8d6382e73ef983614240f
 2022-07-14 11:28:10 -07:00
Alexander Zielenski 48eb70e1d1 benchmark and metrics for new timestamp transformer comparison 
add proper metrics

rename & improve documentation for path metric dimension

Kubernetes-commit: 40343793f7b9787b2d4b88f0a0439ce9e538075a
 2022-03-01 14:24:12 -08:00
Alexander Zielenski 81749c6ee9 revert timestamp updates to object if non-managed fields do not change 
add short-circuiting logic for long comaprison

replace timestamps rather than doing a full managed fields deepcopy

add guard

Kubernetes-commit: 7233538008489c189d09bb042fbabca97d9cdbaf
 2022-07-14 11:40:20 -07:00
Mike Spreitzer eb15930b31 Fix APF metric denominator problems 
Co-authored-by: JUN YANG <yang.jun22@zte.com.cn>

Kubernetes-commit: fdd921cad0cd9308ec62c1b86c9c1cc5d12e5d21
 2022-05-22 23:39:49 -04:00
Wojciech Tyczyński 8f7c120935 Eliminate MaintainObservations function in P&F 
Kubernetes-commit: badf436ac4451590e5e84e537f2234e3632ea3b4
 2021-11-25 12:44:50 +01:00
twilight0620 9c84b3466c add test case for ToValidOperationID method: TestToValidOperationID 
Kubernetes-commit: 2ca7c8d82b4844afbcd8b6859166cf7f6c23d7b9
 2022-04-27 11:48:44 +08:00
HaoJie Liu 4c5e4623d3 cleanup: use append other than for loop 
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>

Kubernetes-commit: 29b5cd04bd2c7e2676687d3b613c9b065b128e54
 2022-07-21 15:29:30 +08:00
Mike Spreitzer 7aa625fb37 Make timeout test properly liberal 
Make the test accept all the legitimate outcomes.

Expand the explanation of how TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter/priority_level_concurrency_is_set_to_1,_queue_length_is_1,_first_request_should_time_out_and_second_(enqueued)_request_should_time_out_as_well is supposed to work.

Expand debug information that is available when the test fails.

Kubernetes-commit: 1f450695ffd5b2d028c87328b8b32630a8052129
 2022-07-14 19:45:15 -04:00
Wojciech Tyczyński 2049cfbb9e Adjust watch channel sizes in watchcache 
Kubernetes-commit: 0db5c05bdb8bbc510307a48cbade712583bb009e
 2022-04-28 11:56:41 +02:00
jupblb 738a050cda Introduce config for API Priority and Fairness 
Linked all the default values with a single config structure.

Kubernetes-commit: 1c594e7e01a899807431c806cd11c1d27c885c9c
 2022-07-20 11:33:45 +02:00
Lukasz Szaszkiewicz 27a7c443bd cacher: with expiredBookmarkWatchers 
expiredBookmarkWatchers allows us to schedule the next bookmark event after dispatching not before as it was previously.
It opens a new functionality in which a watcher might decide to change when the next bookmark should be delivered based on some internal state.

Kubernetes-commit: 0576f6a011cba8f0c8550fd3dd31111376c9dcd0
 2022-07-15 15:28:50 +02:00
Kevin Delgado 0897fdf521 Enable ServerSideFieldValidation feature gate on by default in beta 
Kubernetes-commit: 36dbecd438beefd3f7e3b9cb990c5a34c033e2c7
 2022-03-24 23:56:48 +00:00
Artur Żyliński e34c622d49 Add audit-id to storage traces 
Refactor GetAuditIDTruncated to use context instead of request

Kubernetes-commit: b1e12b01b6c578da3eb593805b48e9d4a69efe54
 2022-06-20 17:09:32 +02:00
Abirdcfly dde070e1ff cleanup: remove duplicate import 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Kubernetes-commit: 00b9ead02c37921011ebe5293558cea5277cd295
 2022-04-24 20:58:04 +08:00
Tim Allclair 9c0ce32da0 Delete dead audit code 
Kubernetes-commit: e7f0fd7cf705f2745b6e10e5846c776a9095445d
 2022-07-13 17:22:26 -07:00
Vladimir Nachev 5236515712 Ensure the dir of --audit-log-path exists 
Signed-off-by: Vladimir Nachev <vladimir.nachev@sap.com>

Kubernetes-commit: a380ef5c416194826b70ae75dc4e86776e1a3afe
 2022-06-27 17:21:02 +03:00
zk ad01c712d9 Update etcdRequestLatency metrics bucket size 
Kubernetes-commit: fb372d07982463984dfdab7cf24d937b91b0bb83
 2022-01-09 23:45:09 +08:00
Madhav Jivrajani 218ed2fae0 cacher: Use PodList type for use in GetList 
Using a Pod type in a GetList() call in a test
can panic at worst and error out at best. Here,
neither happened because the error condition
being tested for (cacher being stopped or not)
gets returned before the list pointer can be
enforced.

This commit changes the above to use PodList.

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>

Kubernetes-commit: 487761f4e2543114db158f0d59e598dedc481882
 2022-07-15 12:22:04 +05:30
Artur Żyliński 87b03dd4f5 Always log APF InitialSeats and FinalSeats values 
Add apf_additionalLatency field, to have all WorkEstimate data

Kubernetes-commit: 962eb52be433bd1302210645d8cdbb0a6f6b8b24
 2022-07-13 10:38:11 +02:00
Mike Spreitzer 959fbf9f84 Use timing ratio histograms instead of sample-and-watermark histograms 
Kubernetes-commit: 0c0b7ca49f9ade72b990bf3a6f568485586af8b4
 2022-05-18 02:56:48 -04:00