56aa0e9a59
Merge pull request #120503 from dgrisonnet/body-size
...
Rename request body size metric to conform with Prometheus best practices
Kubernetes-commit: c40bc8c7d896ac14dee79571ba1ec143ca239401
2023-10-15 07:22:14 +00:00
75989aef3e
Merge pull request #121001 from jiahuif-forks/feature/validating-admission-policy/typed-composition-variables
...
ValidatingAdmissionPolicy: typed variables support.
Kubernetes-commit: b87cae907d032ba6412e369a86349c220b12b82c
2023-10-14 03:39:35 +00:00
ae2fbe99b7
Merge pull request #121096 from alexzielenski/common-schema
...
add rest of accessors to common.Schema
Kubernetes-commit: 088f8c0ec52a690189a0cec5d0660751d0e3f6b3
2023-10-13 23:21:26 +00:00
8a3fe0e45c
ratcheting: disable correlation by index
...
discussion: https://github.com/kubernetes/kubernetes/pull/121118#discussion_r1358865893
Kubernetes-commit: fb1fc8b4a72758688d1251278579b2b0ac666fc7
2023-10-13 14:36:46 -07:00
b5ac4f9a61
comments: clear up correlateOldValueForChildAtNewIndex godoc
...
Kubernetes-commit: d991ed56c29e646c0c5c51ce1ebd2376f34fce28
2023-10-13 14:11:02 -07:00
fbd7474961
cleanup: use swtich in CachedDeepEqual and add more comments
...
Kubernetes-commit: 0ed67c9e41dcfc3eef6953ca63082454c189443b
2023-10-13 14:05:47 -07:00
a504910cff
cleanup: consistently support nil receiver and document
...
Kubernetes-commit: 60c90fc0854eb04b95e74d445d88f45c212900fe
2023-10-13 13:57:55 -07:00
541189e16c
cleanup: clarify correlatedOldValueForChildAtNewIndex comment
...
Kubernetes-commit: abb68591afd30cf263b0d6bb2942f9693eb420d7
2023-10-13 13:54:53 -07:00
2970233dd7
cleanup: consistent interface{} and any
...
Kubernetes-commit: e1fa1df3ae8414104f3710c064014e323e45aade
2023-10-13 13:50:52 -07:00
fecc880526
cleanup: add godoc
...
Kubernetes-commit: 0495616230a13dcc19c9da8ec7b8b2a38e2b6a33
2023-10-13 13:50:19 -07:00
2ef0851b9f
Merge pull request #121158 from siyuanfoundation/test-list
...
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests.
Kubernetes-commit: 0851995a61cb83645734183cb49250e0fc3b14a4
2023-10-13 15:21:35 +00:00
9bea6efd35
Merge pull request #120990 from tkashem/fix-race-apf-test
...
APF: fix data race in unit tests
Kubernetes-commit: 86ba008787975a0a2bfd0a63247331750b67e42a
2023-10-13 15:21:33 +00:00
d64b183dbd
Address review comments
...
Kubernetes-commit: 0dd495e6dc253f94b0ad0bb92178fb5e8981116b
2023-10-13 10:48:16 +02:00
34269fdf41
Merge pull request #121203 from enj/enj/i/h2_dos_flake
...
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
Kubernetes-commit: b40f1c00e26a5e4e90f85212d493793243c4460f
2023-10-13 05:03:05 +02:00
87ef6687ab
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
...
These occasionally flake on CI:
https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312
=== Failed
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
authentication_test.go:653: expect TCP connection: 1, actual: 2
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s)
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: cd5db9b7f23b0156bf5535fc0124361fbef0ce6a
2023-10-12 19:13:07 -04:00
c183390d3f
Merge pull request #121120 from enj/enj/i/h2_dos
...
Prevent rapid reset http2 DOS on API server
Kubernetes-commit: cb713c15e99d59cb5b2f9015d1d978fee8142965
2023-10-12 23:36:45 +00:00
01f2ec510d
Merge pull request #120735 from Jefftree/request-body
...
Bump kube-openapi with v3 marshal and requestBody required marking
Kubernetes-commit: e93e8eac0ef1b26384e5481b67c7d04fe211a243
2023-10-12 23:36:43 +00:00
0c6dca8321
Merge pull request #121159 from siyuanfoundation/getCurrentState
...
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
Kubernetes-commit: 32ea66d524693b6760f4b1c776c4a6091c870a4a
2023-10-12 23:36:42 +00:00
662079f048
test: fix boilerplate
...
Kubernetes-commit: 4dedabf2a659ee702cbcd93a482c63296910d5c6
2023-10-12 15:51:25 -07:00
0c4ec7694a
bump kube-openapi
...
Kubernetes-commit: e3098225eaf7b5bb9d5de1f259c2dbdc2062faa8
2023-10-12 18:22:05 -04:00
c453b3b056
Merge pull request #120976 from tengqm/fix-audit-apidoc
...
Fix API docs for audit APIs
Kubernetes-commit: d4a6a674de061ef57558f0a5996fc5f2106c52a6
2023-10-12 19:30:35 +00:00
e501fcbbf6
test: few more correlatedobject test cases
...
Kubernetes-commit: 0149c1f8b315d704d6d80c00861526e2899001e5
2023-10-11 15:45:48 -07:00
4ec87cdde2
test: add correlatedobject test cases
...
Kubernetes-commit: ba9347230e6577140eaa0ac3d9ef99d0163a7934
2023-10-11 14:03:28 -07:00
5edc046b33
cleanup: add header and fix spelling
...
Kubernetes-commit: c08a9321eed6a917a2fbc13b8e023d2f4122ee36
2023-10-11 13:51:49 -07:00
2a3f44cd21
apiserver: fix lint issue, defaulting and validation test for flowcontrol v1
...
Kubernetes-commit: 430c226709b4dfd1284f6463c7a37603154ad39c
2023-10-11 14:03:42 -04:00
a0dede6875
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: baac8bb573c8efb314b037f4fbac116556c03c83
2023-10-11 10:46:30 -07:00
77032c52b8
k8s.io/apiserver/storage: add 3 new unit tests for delete.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 26a4e06c92c248748dd3c50c74d75f8adc3c6823
2023-10-11 10:38:01 -07:00
70af178d56
k8s.io/apiserver/storage: add a new TestCreate case.
...
Add a test case of create with rv set.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 2f923e356e042d9dce88e8f78abf30f414051e71
2023-10-11 10:24:31 -07:00
e15d4d2e0b
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
...
Extract getCurrentState as a separate method that can be reused.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: ebca5d438d9cb2c82d0b99dbcb0aeca8879db441
2023-10-11 09:56:07 -07:00
0b0a995736
apiserver: apf controller, bootstrap, tests should use flowcontrol v1 API
...
Kubernetes-commit: 17bda3c3e05a75943591f61f37d7fdc0d07870ec
2023-10-11 09:20:41 -04:00
a98816fb0a
Merge pull request #121111 from dashpole/update_otel_deps
...
Update OpenTelemetry Dependencies
Kubernetes-commit: eafebcc9e368d6aeaab0ce5ec4fd56b94174d0c4
2023-10-11 07:26:19 +00:00
1234a74f8e
refactor: move correlatedObject to its own file
...
no changes except package naming
Kubernetes-commit: 27cb869e5596525cec9884ecb9b02bfcfe5273e4
2023-10-10 10:53:12 -07:00
3029a9f674
add rest of accessors to common.Schema
...
needed for declarative validation, CRD ratcheting
Kubernetes-commit: 438c0daab7587bdb094e714e68b5ba2f9f6ae963
2023-10-09 17:49:37 -07:00
bfdac7f8f4
[KMSv2] Add tracing
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 8d3a25c7c98d77419111a02917f459aab8970087
2023-10-09 23:43:46 +00:00
140ffa083d
set maxLength to longest enum.
...
Kubernetes-commit: 302d350e88eac519e1df020b82256371c171b861
2023-10-09 11:00:45 -07:00
445b713906
Prevent rapid reset http2 DOS on API server
...
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.
The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.
For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections. They can use http2, but with the performance of http1
(with keep-alive disabled).
Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default). For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection). An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.
For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
2023-10-07 21:50:37 -04:00
cca4910d25
authz: add cel expression to webhook matchconditions
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
2023-10-06 17:47:23 -07:00
d35f091281
fix missing http.target trace attribute
...
Kubernetes-commit: 80269d5d3497acc8ad155cb9bfbfaa7fd9e20d1f
2023-10-06 18:09:29 +00:00
6e80c0dfa4
dependencies: update otel-go dependencies
...
Kubernetes-commit: dc334b953d99f233b56ec2cd78bff218a00152a0
2023-10-05 12:52:33 -07:00
e7db207bf4
Merge pull request #121117 from MadhavJivrajani/bump-x-net
...
[CVE-2023-39325] .: bump golang.org/x/net to v0.17.0
Kubernetes-commit: 7ee2af5cc5fee6a6f837975a70a35ce681a8e9d4
2023-10-10 19:27:11 +00:00
bdde7b6248
.: bump golang.org/x/net to v0.17.0
...
Bumping golang.org/x/net in light of CVE-2023-39325 and CVE-2023-44487.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: fc7c951d5a5b8b75dfa105e3bea7bbddaf4c792e
2023-10-10 23:07:19 +05:30
fef0d75638
Merge pull request #121082 from pohly/ginkgo-gomega-update
...
dependencies: ginkgo v2.13.0, gomega v1.28.0
Kubernetes-commit: 755644a169ad495a34bc5e1db502962fc6dd3750
2023-10-10 15:27:37 +00:00
b82dc081b8
dependencies: ginkgo v2.13.0, gomega v1.28.0
...
Besides simply staying up-to-date, ginkgo v2.13.0 adds a `PreviewSpecs` which
will be used for introspection of the E2E test suites.
Kubernetes-commit: 79355caa565cc34e8726c427562c9f109ebe0e34
2023-10-09 19:27:06 +02:00
6ec195f3b2
Merge pull request #120985 from palnabarun/3221/fix-authorizer-name
...
[StructuredAuthorizationConfiguration] Fix the level at which authorizer name is surfaced
Kubernetes-commit: 6f5fa2eb2f4dc731243b00f7e781e95589b5621f
2023-10-05 03:42:16 +00:00
6b0a70e192
typed variables support.
...
Kubernetes-commit: c03579bfa40dcb39e1ffe24c12f933720e4eb204
2023-10-04 16:39:24 -07:00
2e1024671d
Fix v3 spec
...
Kubernetes-commit: b30c6bdff817cec28b3d88b3bb3e12f1e86488d0
2023-10-04 12:55:49 -04:00
70eb989b94
k8s.io/apiserver: fix levelling of the name field in AuthorizationConfiguration
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 11ce6d29157daf7437d6da7fdeb11cabf2e774aa
2023-10-04 10:33:58 +05:30
e014cf25b9
Generated files
...
Kubernetes-commit: c65fe450d8a3229cfe531a3806939775dd52e7e0
2023-10-03 20:16:10 +08:00
22545bb551
Merge pull request #120222 from tkashem/apf-queue-wait-ctx
...
apf: manage request queue wait with context in APF Filter
Kubernetes-commit: 6a84edb2cee68fc60d3f4bd15eb461a184303236
2023-10-03 10:31:18 +00:00
d763e7d132
Fix API docs for audit APIs
...
The `*`s in the source comment is confusing the API reference generator.
They are treated as symbols for bold texts when generating reference docs.
This PR replaces the quote marks with backtiqs so that the reference
generator can properly handle them.
Kubernetes-commit: e7b2aeee930188eec125bbb91096d9d3fd6f3b5c
2023-10-03 17:18:23 +08:00
Kubernetes Publisher