kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,738 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

337 Commits

Author SHA1 Message Date
Patrick Ohly b84662911c remove import doc comments 
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:

- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.

This commit was generated with
   sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')

Everything was included, except for
   package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".

Kubernetes-commit: 8a908e0c0bd96a3455edf7e3b5f5af90564e65b0
 2024-12-02 14:43:58 +01:00
Mariam Fahmy b858201395 fix: remove duplicated unit tests in JSONPatch and ApplyConfiguration 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

Kubernetes-commit: f87bcd9b3a8166acb62e3f39e207bda3673f0ed6
 2024-11-19 15:42:29 +02:00
Kevin Conner a69b1ea2d5 Fix error check 
Signed-off-by: Kevin Conner <kev.conner@gmail.com>

Kubernetes-commit: e7e1fb7234264b6f0785ad9fdd29e90c5da36002
 2024-10-21 08:09:55 -07:00
Joe Betz 490aa4761a Add defaulting to tests 
Kubernetes-commit: a6e0a7b17bfd8e95e7cc1206f6c5e67aebec6495
 2024-11-06 21:45:55 -05:00
Joe Betz 6b49c2289e Fix defaulting for native types 
Kubernetes-commit: fd6900131446465bb6f1216b0de53279c5b84209
 2024-11-06 20:42:27 -05:00
Joe Betz accfd98e20 Wrap unversioned CEL library initializer calls with guard 
Kubernetes-commit: dc5e2f3fa295276029535359246154021861fdd6
 2024-11-06 15:32:15 -05:00
Anish Shah cb02f4a386 support for resize subresource in ResourceQuota admission. 
Kubernetes-commit: 1b98fe6079059cb1d7bfda4f4b318f614449fee5
 2024-10-24 14:00:57 -07:00
Joe Betz f7ccc75f9f Reorganize and expand unit test coverage 
Also apply reviewer feedback

Kubernetes-commit: 0dc08eded95c2d620de70648dee07254f2e771b3
 2024-11-04 10:50:53 -05:00
Joe Betz 9843fd95fb Rename dispatcher Run to Start to match naming conventions 
Kubernetes-commit: 0dfbc85cd9f7c0578ed385928e6990a496112e6c
 2024-10-25 18:44:10 -04:00
Joe Betz b738c82d70 Fix comment in mutating webhook dispatcher 
Kubernetes-commit: 1031e07e8325fc043d741b697c197d5416bfcc98
 2024-10-25 14:37:39 -04:00
Joe Betz c259217340 Improve error messaging for validating admission policy authz 
Kubernetes-commit: 1ad6fd7a0fa454cc3302b579dc73eb5c9afec49a
 2024-10-25 13:52:34 -04:00
Joe Betz a5e93cb37c Add MutatingAdmissionPolicy plugin to admission chain 
This expands the generic plugin support to both validating and mutating policies.  It also adds the
mutating policy admission plugin using the generics plugin support.

This also implements both ApplyConfiguration and JSONPatch support.

Co-authored-by: Alexander Zielensk <alexzielenski@gmail.com>

Kubernetes-commit: 25e11cd1c143ef136418c33bfbbbd4f24e32e529
 2024-10-25 13:46:58 -04:00
Joe Betz 0e6467b270 Add mutation support into CompositedCompiler and reorganize for clarity 
Kubernetes-commit: 081353bf8ad963d43c5da6714a24f62cfe0b8401
 2024-10-25 14:37:17 -04:00
Joe Betz 9ead80d1bb Add MutatingAdmissionPolicy API 
This is closely aligned with ValidatingAdmissionPolicy
except that instead of validations that can fail with
messages, there are mutations, which can be defined
either with as an ApplyConfiguration or JSONPatch.

Co-authored-by: cici37 <cicih@google.com>

Kubernetes-commit: 3a1733f302d0fe9994bcc8e91fa2191c94606c2b
 2024-10-25 13:25:46 -04:00
Joe Betz b09b8016b6 Move caching authorizer to shared location to be used by mutating and validating policy 
Kubernetes-commit: 910c2e2dad58b08d7a5ee6c59a2970454e241e2a
 2024-10-25 13:20:14 -04:00
Kevin Conner b91c4326ba Fix elapsed time tracking for validating admission policies 
Signed-off-by: Kevin Conner <kev.conner@gmail.com>

Kubernetes-commit: 9538747d4d6f7f3bc01e79d2d4781df1d7535f16
 2024-10-29 11:26:46 -07:00
Jordan Liggitt 1e62dc23aa KEP-4601: AuthorizeNodeWithSelectors / AuthorizeWithSelectors to beta 
Kubernetes-commit: 9caca7312645b5ffba964cc8170484b4e7f7b602
 2024-10-17 19:51:07 -04:00
Antonio Ojea 402e1cdd43 use same name as the folder for the package 
Kubernetes-commit: 62bdb27420bbc3c45b0232612acf9ecf3816c805
 2024-10-16 09:55:10 +00:00
Sean Sullivan 15f8ad59da Enable strict validation for ResourceQuotaConfiguration 
Kubernetes-commit: a95c0c5499c54c16d561d0ad4537d4b43d500184
 2024-10-13 17:50:18 -07:00
Cici Huang f79926bf43 Revert pr 127400 
Kubernetes-commit: 95ec1637253c2458d0ed41f257df932907602ca4
 2024-10-07 16:11:30 +00:00
Matthieu MOREL e32a42cf11 fix: enable expected-actual rule from testifylint in module `k8s.io/apiserver` 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

Kubernetes-commit: fbd773ecb82aa0afef3c02274db901afe1788220
 2024-09-27 07:49:07 +02:00
Dr. Stefan Schimanski 9a5bc0a561 apiserver/admission/webhook: construct static CEL compiler only once 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>

Kubernetes-commit: 26aeda3cc21db86b1440515f63cd09e2321d568e
 2024-09-16 18:23:01 +02:00
liyuerich 535f09400e drop deprecated json/yaml newSerializers, use json.NewSerializerWithOptions instead 
Signed-off-by: liyuerich <yue.li@daocloud.io>

Kubernetes-commit: 3c9309db463679c348934429d8487d190ed5e64a
 2024-05-29 19:00:00 +08:00
Jordan Liggitt f014f4a768 Fix unit tests for filtering 
Kubernetes-commit: 6a4170607291288e9b01be8435b82537309c547d
 2024-09-09 16:45:32 -04:00
cici37 e9e24680dc Remove FG inspection from VAP plugin 
Kubernetes-commit: 72ad9c5fdf782f824281ecf9e18ec36caaa9472b
 2024-08-22 17:52:21 +00:00
Cici Huang fac4f5d2a0 Remove feature gate ValiatingAdmissionPolicy after stable. 
Kubernetes-commit: 0f19faf9be562f3d18880ed2ae12d6b9d059476c
 2024-08-12 12:11:02 -07:00
piny940 2ed104b2e5 fix ValidatingAdmissionPolicy's Validate func to return decision with valid Evaluation 
Kubernetes-commit: 9f7ea45ea0ffc76be7793dbcb4730a98fa03bcf5
 2024-08-22 13:33:17 +09:00
Richa Banker f434fbf0c7 init a common apiserver for TestAuthorizationDecisionCaching testcases 
Kubernetes-commit: 4acedb5132b2c3a7d61bd9e088c964af3fcfee3d
 2024-07-23 22:19:02 -07:00
Richa Banker 1d26753b4b split Test_ValidateNamespace_NoParams into successes and failures tests, init a common apiserver for all testcases 
Kubernetes-commit: 9df04b7c782cccc5fb068554152b4dcd9baf408b
 2024-07-23 21:41:32 -07:00
cici37 3d5977276b Promote metrics for VAP and CRD validation rules to beta. 
Kubernetes-commit: 95dbfa1c3d2f62e5d0f52788a2dd19fc61ca0a36
 2024-07-19 20:46:33 +00:00
Jordan Liggitt 6c5ca3dcf3 Fixup lint warning 
Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552
 2024-06-27 00:42:01 -04:00
Jordan Liggitt f14fc0f445 Adjust CEL cost calculation and versioning for authorization library 
Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87
 2024-06-26 21:38:24 -04:00
David Eads efe135c937 Add CEL fieldSelector / labelSelector support to authorizer library 
Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2
 2024-06-14 14:39:54 -04:00
Jordan Liggitt b338834e91 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.

Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8
 2024-06-29 21:45:55 -04:00
David Eads f26d4ed894 add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
 2024-05-23 15:12:26 -04:00
Cici Huang cd492e8b91 Fix the error type, Add into observation, Fix tests. 
Kubernetes-commit: b7821078b36f1cb25d903774ddf37a97966c2eac
 2024-07-16 08:27:36 -07:00
Jiahui Feng 8b22c5cc3d make use of new error reporting in the dispatcher. 
Kubernetes-commit: d61edc51b84774c158b3866ab9a0678d4ddaba96
 2024-04-26 11:49:44 -07:00
Jiahui Feng 8f577b916d remove unused policy_definition_total metric and state label 
Kubernetes-commit: 8e9232ef46d5b08ab4f95ad6c1e93671ef1bd5ba
 2024-04-25 18:30:26 -07:00
Jiahui Feng 2ae742ecb6 make Err wrap one or zero error. 
Kubernetes-commit: ce45a82346623d19168b0b85cbba5ba4ff164417
 2024-04-25 17:59:32 -07:00
Jiahui Feng 8be90f624a errors improvement. 
Kubernetes-commit: b846c39047289e69d932ea9d5d4dadc6856ad0c7
 2024-04-23 16:54:47 -07:00
Matthieu MOREL 8705baa8b2 fix: enable empty and len rules from testifylint on pkg package 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>

Kubernetes-commit: f014b754fb5925dfbca6e27a44d0c3968b157e14
 2024-06-28 21:20:13 +02:00
yintong.huang 5a2cafd6ec drop deprecated PollWithContext and adopt PollUntilContextTimeout instead 
Signed-off-by: yintong.huang <yintong.huang@daocloud.io>

Kubernetes-commit: 2db1b321e0edf9e3c4e434353d505cec96bfb319
 2024-06-21 19:23:31 +08:00
Stephen Kitt 942c16fb6a Use canonical json-patch v4 import 
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).

Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).

Signed-off-by: Stephen Kitt <skitt@redhat.com>

Kubernetes-commit: 5300466a5c8988b479a151ceb77f49dd00065c83
 2024-02-16 13:57:24 +01:00
Jeremy Shih feabdb6d52 make test parallel in for loop 
Kubernetes-commit: 40a25463fa48ee49a713b80b2157c362438960e2
 2024-03-25 09:39:01 +08:00
Cici Huang d44012e895 Adding the feature gates to fix cost for VAP and webhook matchConditions. 
Kubernetes-commit: d6e4115ead6b93d2accf688876471231b365ceae
 2024-05-01 16:26:41 -07:00
Alvaro Aleman da88853b95 Use the generic/typed workqueue throughout 
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.

Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32
 2024-04-28 18:26:18 +02:00
liyuerich d8646c593d drop deprecated workqueue NewNamed package 
Signed-off-by: liyuerich <yue.li@daocloud.io>

Kubernetes-commit: 98dfaed4bec33b4995572685eb084d8202ac235b
 2023-10-16 18:11:17 +08:00
Flavian Missi 20894ccdfa resourcequota: use singleflight.Group to reduce apiserver load 
relates to #22422 and #123806

Kubernetes-commit: e13ff5ece2691988503d183b495cc7c39e899647
 2024-04-03 09:58:27 +02:00
cici37 be9c733e9d Promote ValidatingAdmissionPolicy to GA. 
Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6
 2024-01-23 22:10:40 +00:00
Jiahui Feng 8f8266ef89 update to inject only the list of excluded resources. 
Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4
 2024-03-05 10:27:35 -08:00