kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,133 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7133 Commits

Author SHA1 Message Date
Kubernetes Publisher ba6e7aabe5 Merge pull request #116781 from muff1nman/protobuf-fully-qualified-types 
generate fully qualified type references

Kubernetes-commit: 0dc45103d879c3b280671f009d3f830650903894
 2024-04-18 01:44:36 +00:00
Kubernetes Publisher 38b28e9ee5 Merge pull request #124283 from dims/rename-cluster-to-storage_cluster_id-for-apiserver_storage_size_bytes-metric 
Rename Label `cluster` to `storage_cluster_id` for apiserver_storage_size_bytes metric

Kubernetes-commit: cae35dba5a3060711a2a3f958537003bc74a59c0
 2024-04-12 00:13:00 -07:00
Davanum Srinivas a22f7973bf Rename `cluster` to `storage_cluster_id` for apiserver_storage_size_bytes metric 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: fb5140f562289f3ffe596b4a3af4650b850a0941
 2024-04-11 15:06:03 -04:00
Kubernetes Publisher 8bbbe76e96 Merge pull request #124174 from dims/update-x/net-for-CVE-2023-45288 
Update x/net for CVE-2023-45288

Kubernetes-commit: d9c54f69d4bb7ae1bb655e1a2a50297d615025b5
 2024-04-04 04:07:30 +00:00
Davanum Srinivas 2a3f6c8b16 Update x/net for CVE-2023-45288 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 99fac38d2864e6bc9bb7cd1743d658caa1360c0c
 2024-04-03 16:37:18 -04:00
Kubernetes Publisher 2a4a82c50e Merge pull request #123994 from serathius/undo-double-run-test-watch-semantics 
Undo double run of the TestWatchSemantics test to avoid hitting timeout

Kubernetes-commit: fe9e4698a33565e9d334439f3a6e494366d8ee8d
 2024-03-19 20:10:09 +00:00
Marek Siarkowicz 7a3a726271 Undo double run of the TestWatchSemantics test to avoid hitting timeout 
Kubernetes-commit: 225749eb68b3aa3485a1f2dc5d0cafb5dfe53421
 2024-03-19 15:16:52 +01:00
Kubernetes Publisher e166c44e22 Merge pull request #123785 from seans3/streamtunnel-unit-tests 
Adds unit tests to `PortForward` streamtunnel

Kubernetes-commit: 065a0f2d5116cc6f66eb8a0c6296e05b90838ec8
 2024-03-18 16:10:00 +00:00
Kubernetes Publisher ec72042fc5 Merge pull request #123935 from serathius/consistent-watch-from-etcd 
Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage

Kubernetes-commit: a1605fb3dd2d45474751ec3de30633ac1ec15c41
 2024-03-18 05:51:14 -07:00
Marek Siarkowicz 13a815b7c8 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. 
Kubernetes-commit: 0130072b053f85fb736c24d34552208cdd1bccfe
 2024-03-14 15:20:29 +01:00
Kubernetes Publisher 7661bd2fe3 sync: update go.mod 2024-03-18 12:15:34 +00:00
Kubernetes Publisher 05c844e2a2 Merge pull request #123676 from serathius/rv0 
Fix enabling consistent list from watch cache also works for resourceVersion=0

Kubernetes-commit: 89b1db79d75e367f567ea06c0528ef4b8f3fecb4
 2024-03-15 21:39:11 +00:00
Kubernetes Publisher d5a8607203 Merge pull request #123926 from p0lyn0mial/upstream-deflake-test-get-list-non-recursive-with-consistent-list 
apiserver/storage/cacher: deflake TestGetListNonRecursiveWithConsistentListFromCache

Kubernetes-commit: 89f03e3988a4e7fed90ffce22f355ff248520ad2
 2024-03-14 21:14:25 +00:00
Kubernetes Publisher f6a2b2b2cb Merge pull request #123925 from p0lyn0mial/upstream-cacher-decrease-watch-not-hanging-on-startup-failure 
apiserver/storage/cacher: decrease running time of TestWatchNotHangingOnStartupFailure

Kubernetes-commit: d1a2a134c532109540025c990697a6900c2e62fc
 2024-03-14 02:06:09 -07:00
Lukasz Szaszkiewicz b8c7d7868f apiserver/storage/cacher: deflake TestGetListNonRecursiveWithConsistentListFromCache 
Kubernetes-commit: c44cc9a575f3bf1248b2fdc8e3a7ba61ab844618
 2024-03-14 09:08:29 +01:00
Lukasz Szaszkiewicz a2c5722d64 apiserver/storage/cacher: decrease running time of TestWatchNotHangingOnStartupFailure 
before:
go test -v -race -count 1 -run ^TestWatchNotHangingOnStartupFailure$
ok  	k8s.io/apiserver/pkg/storage/cacher	6.775s

after:
go test -v -race -count 1 -run ^TestWatchNotHangingOnStartupFailure$
ok  	k8s.io/apiserver/pkg/storage/cacher	2.781s

Kubernetes-commit: f5d945eb43c7bf8036a4bad8c22448e1146a7498
 2024-03-14 08:59:47 +01:00
Kubernetes Publisher 7dbc368d22 Merge pull request #123891 from p0lyn0mial/upstream-cacher-decrease-running-time-of-test-wait-unti-fresh 
apiserver/storage/cacher: decrease of running time of TestWaitUntilWatchCacheFreshAndForceAllEvents

Kubernetes-commit: 3a75a8c8d9e6a1ebd98d8572132e675d4980f184
 2024-03-13 16:08:38 +00:00
Kubernetes Publisher fb5c182ce6 Merge pull request #123887 from p0lyn0mial/upstream-cacher-decrease-running-time-of-tests 
apiserver/storage/cacher: decrease the running time of tests in the cacher package.

Kubernetes-commit: 308d664e3fdb73c4436e812d2f1395dcf9e0e2e9
 2024-03-13 16:08:37 +00:00
Kubernetes Publisher 6a24b53962 Merge pull request #123897 from p0lyn0mial/upstream-cacher-decrease-running-time-of-empty-watch-event-cache 
apiserver/storage/cacher: decrease of running time of TestEmptyWatchEventCache

Kubernetes-commit: 881cc5bc968276b05eba9be9a162873c29c2fda2
 2024-03-13 12:20:44 +00:00
Kubernetes Publisher 342a6b899d Merge pull request #123674 from serathius/non-recursive 
Fix non-recursive list returning "resource version too high" error when consistent list from cache is enabled

Kubernetes-commit: 3409f0594c94185010217f3e5156c1de9f08b405
 2024-03-12 08:34:06 -07:00
Lukasz Szaszkiewicz 80f9ab2a6a apiserver/storage/cacher: decrease of running time of TestEmptyWatchEventCache 
updates the test to wait 300 ms instead of 3s
the watch was established otherwise
we would be blocking on a call to cache.Watch(...)
in addition to that, the tests are serial in nature,
meaning that there is no other actor
that could add items to the database,
which could result in receiving new items.

Before:
go test -race  -run TestEmptyWatchEventCache
ok  	k8s.io/apiserver/pkg/storage/cacher	8.450s

After:
go test -race  -run TestEmptyWatchEventCache
ok  	k8s.io/apiserver/pkg/storage/cacher	2.635s

Kubernetes-commit: 926122c035a4f47a880db24d1a0be7ec129dd44d
 2024-03-12 13:34:04 +01:00
Lukasz Szaszkiewicz c14671349b apiserver/storage/cacher: decrease of running time of TestWaitUntilWatchCacheFreshAndForceAllEvents 
The individual cases can be safely run in parallel.

Before
go test -race  -run TestWaitUntilWatchCacheFreshAndForceAllEvents
ok  	k8s.io/apiserver/pkg/storage/cacher	10.787s

After:
go test -race  -run TestWaitUntilWatchCacheFreshAndForceAllEvents
ok  	k8s.io/apiserver/pkg/storage/cacher	4.857s

Kubernetes-commit: 3ecbb4dee00a5dd1e43e24a5952c2a90ef507ef1
 2024-03-12 10:50:44 +01:00
Lukasz Szaszkiewicz 361687d2ad apiserver/storage/cacher: decrease the running time of tests in the cacher package. 
It turns out that kube has a custom timeout for tests of 3 minutes.
The tests in the cacher package are utilizing nearly the
entire time and are being terminated, resulting in failing jobs.

Before the change, the TestWatchSemantics took ~43s to run. With this simple change, it now takes ~18s.

When we created the tests, we didn't measure the running time and assumed that waiting 1 second on a watch channel
to make sure no more events are received was sufficient.
This PR decreases the waiting time to 300 milliseconds.
Modern computers can perform many tasks within that time.
In addition to that, the tests are serial in nature, meaning that there is no other
actor that could add items to the database, which could result in receiving new items.

After the change the total running time decreased by 17%.
Before the tests needed ~176s after they need ~146s.
The changes also improved TestWatchSemanticInitialEventsExtended.

Kubernetes-commit: 5a74c8e2202044b664efce4be5d86d700e74506f
 2024-03-12 09:15:55 +01:00
Sean Sullivan 5e1f7568bd adds portforward streamtunnel unit tests 
Kubernetes-commit: ffafb2b9ca94c14c07fb6c1fc75fccd3aba26f1f
 2024-03-06 16:37:17 -08:00
Marek Siarkowicz 67b6245fc3 Fix enabling consistent list from watch cache also works for resourceVersion=0 
Kubernetes-commit: 0b8e79580eb3a63ca7707626b4894adfb9125586
 2024-03-04 19:35:34 +01:00
Marek Siarkowicz 483da2032d Fix non-recursive list when consistent list from cache is enabled 
Kubernetes-commit: a527cab9fce0b0234db8b4e1e95a0fc20e135df1
 2024-03-04 17:59:04 +01:00
Kubernetes Publisher 07ca000ce9 Merge pull request #123732 from serathius/parallel-featureflags 
Fix SetFeatureGateDuringTest handling of Parallel tests

Kubernetes-commit: e062f925aec9137ca3f06704c6adb2883812e657
 2024-03-12 00:14:01 +00:00
Kubernetes Publisher 469611c7d7 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta

Kubernetes-commit: 8f80e0146726c42edefdfaeda6123872a5ec0981
 2024-03-10 04:10:37 +00:00
Kubernetes Publisher a4d271c759 Merge pull request #123793 from aramase/aramase/f/authn_config_reload_metrics 
Add metrics for authentication config reload

Kubernetes-commit: 09093f270aa811c2c49ea45868989ad5b6eb8a53
 2024-03-09 15:58:55 -08:00
Anish Ramasekar ee481149d7 Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 62ac88b9ea5dace6a61b784f4654fcf379b958e2
 2024-03-09 13:29:56 -08:00
Kubernetes Publisher 81df735550 Merge pull request #123525 from enj/enj/f/authn_config_reload 
Add dynamic reload support for authentication configuration

Kubernetes-commit: 77ecfb7800a5ce6f139818828c8eb49af9c44077
 2024-03-10 00:12:37 +00:00
Marek Siarkowicz 3a83dc12eb Fix SetFeatureGateDuringTest handling of Parallel tests 
Stop using defer as parallel subtest will might result in main test
finishing before subtest.

Fatal when same flag is set twice.

Kubernetes-commit: 9fcf279e2b91e7549190a433373f256fb5aebe85
 2024-03-05 21:56:40 +01:00
Monis Khan aa18faf137 Mark StructuredAuthenticationConfiguration feature gate as beta 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: bc7aa13bf793148b0c6b3b51fd9a8e17bb412712
 2024-03-05 10:39:44 -05:00
Monis Khan 2c1ad21e66 Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b4935d910dcf256288694391ef675acfbdb8e7a3
 2024-01-10 12:36:55 -05:00
Kubernetes Publisher 86ddcb4842 Merge pull request #123737 from enj/enj/i/cel_email_verified 
Require email_verified to be used when email is set as username via CEL

Kubernetes-commit: 9a160fa7808755fddd5fe8573040bef4d2ba7a0c
 2024-03-08 20:12:31 +00:00
Monis Khan 5b4b237d07 Require email_verified to be used when email is set as username via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 121607e80963370c1838f9f620c2b8552041abfc
 2024-03-05 17:20:18 -05:00
Kubernetes Publisher 8763b7fa93 Merge pull request #123431 from aramase/aramase/f/kep_3331_multiple_jwt_authenticator 
Support multiple JWT authenticators with structured authn config

Kubernetes-commit: c726b2b3a3519309afbac68e0358c99977d1c805
 2024-03-07 05:34:55 +00:00
Kubernetes Publisher 5855c335a1 Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1

Kubernetes-commit: 05cb0a55c88e0cdcfe2fb184328ad9be53e94d5c
 2024-03-07 05:34:54 +00:00
Kubernetes Publisher 4beab40010 Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API

Kubernetes-commit: bd25605619cbfb46b075002a6db58b4e489fc8cb
 2024-03-07 05:34:52 +00:00
Kubernetes Publisher 17663913a4 Merge pull request #123758 from liggitt/protobump 
[CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0

Kubernetes-commit: a5f5f44157c49fdfb6384862c7cb34c2ddbd4cce
 2024-03-06 17:29:40 +00:00
Jordan Liggitt 0a86214bd0 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0 
Kubernetes-commit: c6673d2346c814ddb4629c569bdc659ffa0c583f
 2024-03-06 09:47:28 -05:00
Kubernetes Publisher 04449c9b06 Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA

Kubernetes-commit: 2b521e5f8e6b99e84d464d8fa35658aed35bd13c
 2024-03-06 05:23:36 +00:00
Anish Ramasekar f09dddfc89 Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: b502aa6f31d3f55ce87cafdf3eb5e3fb87e74b50
 2024-03-04 23:37:31 -08:00
Anish Ramasekar bc65af8e04 Support multiple JWT authenticators with structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 39e1c9108c0802024ebb01ad2286b2f09f63798e
 2024-02-21 15:19:25 -08:00
Tim Allclair 337f031e71 Stop appending AppArmor status to node ready condition 
Kubernetes-commit: 24537a91317f9fd125ee805cd0b781358ac86f35
 2024-02-21 13:11:07 -08:00
cici37 be9c733e9d Promote ValidatingAdmissionPolicy to GA. 
Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6
 2024-01-23 22:10:40 +00:00
Kubernetes Publisher ccdc9f3ae6 Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources 
ValidatingAdmissionPolicy: exclude brink-able resources.

Kubernetes-commit: df1eccae38799ea0a361a7a0626ae1fe5c1e7c4d
 2024-03-06 01:06:53 +00:00
Kubernetes Publisher 69478b14d0 Merge pull request #123721 from enj/enj/i/authn_config_doc_nesting 
Fix AuthenticationConfiguration docs around nested claims via CEL

Kubernetes-commit: 7a20def5ba9f8e399f21467a194e85f21cbd6a47
 2024-03-05 21:36:06 +00:00
Jiahui Feng 8f8266ef89 update to inject only the list of excluded resources. 
Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4
 2024-03-05 10:27:35 -08:00
Monis Khan 37809637af Fix AuthenticationConfiguration docs around nested claims via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 290f2a7e1b62d2bfce2363ec528155a9748e0adb
 2024-03-05 12:01:11 -05:00