a096b0dd8d
API emulation versioning honors cohabitating resources
...
Kubernetes-commit: cd5b27304f58f6b634be800ec4ec9990d28550a3
2024-09-09 17:54:35 +08:00
206e39c6f1
Test library and type names
...
Kubernetes-commit: 430b1de921b85611b409887fe94988f81ec4d39f
2024-09-10 17:07:29 -04:00
c90ac4722a
Move CEL semver library into common libs, fix cost tests to use registered types
...
Kubernetes-commit: e085f3818a3a1d04d895532cbdd233d797e0913b
2024-09-10 16:55:57 -04:00
6999423628
Add equality cost checking
...
Kubernetes-commit: 0a2dfba067d7c75fafb9844f3cf4539153b582cf
2024-08-27 14:42:58 -04:00
7896cd7b57
add a type for each CEL library, register all types
...
Kubernetes-commit: d2affe304847aa0bef3f81fa622d0b9c70a7f975
2024-07-25 16:33:18 -04:00
8a5b9105e9
add missing comment
...
Kubernetes-commit: 8619996319a07d5c5f777b6e06f54ce3884a73b4
2024-09-07 00:07:31 +05:30
f014f4a768
Fix unit tests for filtering
...
Kubernetes-commit: 6a4170607291288e9b01be8435b82537309c547d
2024-09-09 16:45:32 -04:00
8a764cf9c3
cacher: apply key for initial events only if the call is not recursive
...
Kubernetes-commit: 7cb51b1c278f9eb57c43f929fcc80bfed8438e17
2024-09-10 10:58:26 +02:00
cf15325096
delegate authn: don't default the ReqHeaders UID header
...
Kubernetes-commit: 26902de531620d2df5ce1bb572d2ea6965a7b7e9
2024-05-20 13:43:22 +02:00
60f20c32c7
client-go: add the UID to the auth-proxy roundtripper
...
Kubernetes-commit: 2cc0370169ea1fcf45429f9586e0ffd4ab32ed26
2023-02-16 14:01:53 +01:00
b9e6a66c69
requestheaders: add a "requestheader-uid-headers" flag and wire it up
...
Kubernetes-commit: 7fabd06c2be41f4134f425fa967d79ac31dc5756
2023-02-16 11:28:50 +01:00
e778ced9b7
Remove example feature gate from pkg/apiserver/kube_features.go
...
Kubernetes-commit: 79deb21ac1d0837fbafdf9e1556019062590c1d8
2024-09-04 14:50:41 +00:00
491f6248d4
KEP-4633: Graduate to BETA.
...
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
Kubernetes-commit: 8a4e23ea30bb0af50aa425cea8af926998872ee4
2024-08-22 01:28:57 +00:00
af2142bfe4
Remove GAed feature gates ServerSideApply/ServerSideFieldValidation
...
Kubernetes-commit: de7e4318d6b2ad0de4472dcaef7d97c34057d3d8
2024-09-02 13:52:48 +08:00
cfa44309dd
Revert "apiserver: fix data race in apf tests in server/filters package"
...
This reverts commit dde23bb0b103a00ac9c8e568e81826149b42472c.
Kubernetes-commit: d26772120531617e897a745b1bfd1178648fb995
2024-09-03 19:39:38 +09:00
6bd08c5dc4
Revert "apiserver: improve logging for apf tests in server/filters package"
...
This reverts commit 8fa3e61399b85d534566dca6566ddb287873839c.
Kubernetes-commit: 9fe3b8410726b0276d2d65a79ce7645660d491f9
2024-09-03 19:39:32 +09:00
13c06f3696
Set credential-id in userinfo.extra for jwt authenticators if jti claim present
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: c22a41e879e72ba4c925b06d8aa00e43160a0f86
2024-08-29 17:09:07 -07:00
9d542feed9
apiserver: improve logging for apf tests in server/filters package
...
Kubernetes-commit: 8fa3e61399b85d534566dca6566ddb287873839c
2024-08-07 07:49:54 -04:00
644a2519ca
apiserver: fix data race in apf tests in server/filters package
...
Signed-off-by: jonyhy96 <hy352144278@gmail.com>
Co-authored-by: chenwen <wen.chen@daocloud.io>
Kubernetes-commit: dde23bb0b103a00ac9c8e568e81826149b42472c
2022-01-28 15:03:11 +08:00
a8c26a18b8
Extract watch cache store to separate file and cover with tests
...
Kubernetes-commit: c93d2e8fb19da0082765cb3e5a6db952eca628ce
2024-08-28 13:31:02 +02:00
94a5e3cd04
Refactor WaitUntilFreshAndList to split out filtering to separate function
...
Kubernetes-commit: 7400d57943cf7576925d54e7daa42e397e71dfe4
2024-08-28 12:59:38 +02:00
daa75f8bec
fix memory leak from global MeterProvider
...
Kubernetes-commit: b86cab8c4c3421c6b195fc82990a63c859449072
2024-08-28 14:20:46 +00:00
e312f49d45
fix short circuit if the compaction request from apiserver is disabled
...
Kubernetes-commit: 9fef30117f89830cc8b17610c359141b663844f1
2024-08-12 10:21:49 +08:00
72a449fe98
Define credential IDs for X.509 certificates
...
This commit expands the existing credential ID concept to cover X.509
certificates. We use the certificate's signature as the credential ID,
since this safe and unique.
Kubernetes-commit: 2ad2bd8907d979f709cd924af7986be71c31ce12
2024-06-21 16:21:35 -07:00
9c8c6ccc4d
kmsv2: fixed issue with an invalid authority header being sent by the KMSv2 service
...
Kubernetes-commit: 618ca85bc9482ea11cf792331688fdf0c7b54518
2024-08-26 14:43:02 -10:00
28d9c91abf
Add basic panicOnUnknown support for kubernetes types
...
Kubernetes-commit: f6995740a6fe4b90103131516c3318f158209d21
2024-07-25 15:53:39 -04:00
65a6ca8228
support opaque kinds
...
Kubernetes-commit: 953fbaca487c45e3e1fc655d212008a2be01ac53
2024-07-25 15:04:09 -04:00
cbc488649b
Fix estimated cost for Kubernetes defined CEL types
...
Kubernetes-commit: 0a4e863373abc1b84372b0a93c8bcd32a24d07fb
2024-07-25 14:14:20 -04:00
fed8dfe736
dynamiccertificates: denoise Kubelet logs by skipping removal of non-existent file watchers
...
This commit updates the DynamicFileCAContent controller to skip the removal
of non-existent file watchers. Previously, the controller attempted to remove
a file watch even if it didn't exist, which resulted in a flood of error messages
being logged in the Kubelet logs.
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
Kubernetes-commit: 17ad4b39f8b6b299d20fb94f99083ea84083b6b2
2024-07-23 10:55:16 -04:00
de0559ec7b
Benchmark storage
...
Kubernetes-commit: fa5008807add2776ff87f346a7b7d3c029d19efc
2024-07-02 22:50:57 +02:00
e9e24680dc
Remove FG inspection from VAP plugin
...
Kubernetes-commit: 72ad9c5fdf782f824281ecf9e18ec36caaa9472b
2024-08-22 17:52:21 +00:00
fac4f5d2a0
Remove feature gate ValiatingAdmissionPolicy after stable.
...
Kubernetes-commit: 0f19faf9be562f3d18880ed2ae12d6b9d059476c
2024-08-12 12:11:02 -07:00
2ed104b2e5
fix ValidatingAdmissionPolicy's Validate func to return decision with valid Evaluation
...
Kubernetes-commit: 9f7ea45ea0ffc76be7793dbcb4730a98fa03bcf5
2024-08-22 13:33:17 +09:00
132d3e46d6
Add paging tests
...
Kubernetes-commit: 99e69569808cf746262b25a9d9d515c26256c7e5
2024-07-07 16:15:47 +02:00
fcf807e7b4
add resource to the transformation metrics
...
Kubernetes-commit: 3a8df1efdd83015773be4afd409b0f4cb7eab654
2024-08-01 15:46:50 -07:00
f434fbf0c7
init a common apiserver for TestAuthorizationDecisionCaching testcases
...
Kubernetes-commit: 4acedb5132b2c3a7d61bd9e088c964af3fcfee3d
2024-07-23 22:19:02 -07:00
1d26753b4b
split Test_ValidateNamespace_NoParams into successes and failures tests, init a common apiserver for all testcases
...
Kubernetes-commit: 9df04b7c782cccc5fb068554152b4dcd9baf408b
2024-07-23 21:41:32 -07:00
43a56206a7
cleanup unused fn GetOrCreateServiceAccount in serviceaccount/util
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 2f96a788e299ef3cea08d0cb03b13c584496891c
2024-08-18 21:04:51 -07:00
cc8ff8f965
ForbiddenStatusError: make linter happy on error construction
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: bff6ce4a38077c29cdf2e1ac2fce1a551082ebfe
2024-08-05 10:50:51 -04:00
757565c389
SSA: improve create authz error message
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 857127f7c44a029f6f8dd44b0b40364aa00aa13d
2024-08-02 17:20:53 -04:00
fed75d52d6
Disallow k8s.io and kubernetes.io namespaced extra key in structured authn config
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 89c619f4fe698bf5b208ce86bce5da6833ca77b6
2024-08-05 16:09:00 -07:00
cd5bba1780
Ensure transformers have access to the resource via request info
...
This guarantees that logs and metrics that rely on this information
work as expected.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e
2024-08-14 10:33:36 -04:00
272e9eba82
Remove KMSv2 and KMSv2KDF feature gates
...
These have been GA since v1.29 and can be safely removed.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
2024-08-14 15:59:01 -04:00
27c3ca736b
apiserver: declare kubeClient and dynamicClient as interface types to avoid panic
...
Kubernetes-commit: 81824b7c2e673f64f70a6e99180bb6bfc6b738d9
2024-08-13 11:25:11 +08:00
77331233f8
Restore honoring --version build ID overrides
...
Kubernetes-commit: c181912dc5d8559834857e69ea34ee1729c43c6b
2024-08-13 18:48:56 -04:00
41e1af4df2
remove duplicate call for ServeMux
...
Kubernetes-commit: 838d7c9049439b5997f0947258e183d677788475
2024-08-07 02:56:49 +05:30
552e7d7170
Using NewExpressions for cel lazy test.
...
Signed-off-by: Lan Liang <gcslyp@gmail.com>
Kubernetes-commit: 9a8d6b72e4f1e33e6a30fd281fd0972fdce93f78
2024-07-25 10:08:15 +00:00
febd487238
Validate structured authn feature is enabled for discovery url/multiple
...
audiences
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: f80c73248f872769d72b620e567747a1018f8a2b
2024-07-23 15:04:02 -07:00
3adae5fd46
Make object transformation concurrent to remove watch cache scalability issue for conversion webhook
...
Test by enabling consistent list from cache in storage version migrator stress test that uses
conversion webhook that bottlenects events comming to watch cache.
Set concurrency to 10, based on maximum/average transform latency when
running stress test. In my testing max was about 60-100ms, while average
was 6-10ms.
Kubernetes-commit: bb686f203308481bcd7808f767171cdef27e12a0
2024-07-22 11:24:37 +02:00
9aa7a6ac61
Introduce ConcurrentWatchObjectDecode feature gate disabled by default
...
Kubernetes-commit: 93a10a75698075e86344ee4fdb56701309468b95
2024-07-30 16:28:48 +02:00
xuzhenglun