kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,416 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7416 Commits

Author SHA1 Message Date
Kubernetes Publisher 07ca000ce9 Merge pull request #123732 from serathius/parallel-featureflags 
Fix SetFeatureGateDuringTest handling of Parallel tests

Kubernetes-commit: e062f925aec9137ca3f06704c6adb2883812e657
 2024-03-12 00:14:01 +00:00
Kubernetes Publisher 469611c7d7 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta

Kubernetes-commit: 8f80e0146726c42edefdfaeda6123872a5ec0981
 2024-03-10 04:10:37 +00:00
Kubernetes Publisher a4d271c759 Merge pull request #123793 from aramase/aramase/f/authn_config_reload_metrics 
Add metrics for authentication config reload

Kubernetes-commit: 09093f270aa811c2c49ea45868989ad5b6eb8a53
 2024-03-09 15:58:55 -08:00
Anish Ramasekar ee481149d7 Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 62ac88b9ea5dace6a61b784f4654fcf379b958e2
 2024-03-09 13:29:56 -08:00
Kubernetes Publisher 81df735550 Merge pull request #123525 from enj/enj/f/authn_config_reload 
Add dynamic reload support for authentication configuration

Kubernetes-commit: 77ecfb7800a5ce6f139818828c8eb49af9c44077
 2024-03-10 00:12:37 +00:00
Marek Siarkowicz 3a83dc12eb Fix SetFeatureGateDuringTest handling of Parallel tests 
Stop using defer as parallel subtest will might result in main test
finishing before subtest.

Fatal when same flag is set twice.

Kubernetes-commit: 9fcf279e2b91e7549190a433373f256fb5aebe85
 2024-03-05 21:56:40 +01:00
Monis Khan aa18faf137 Mark StructuredAuthenticationConfiguration feature gate as beta 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: bc7aa13bf793148b0c6b3b51fd9a8e17bb412712
 2024-03-05 10:39:44 -05:00
Patrick Ohly 561da9109f cel: fix conversion of quantity to quantity 
The code in ConvertToType checked for conversion into typeValue (=
"kubernetes.URL") instead of conversion into quantityTypeValue (=
"kubernetes.Quantity") and thus most likely failed with an incorrect "type
conversion error".

Kubernetes-commit: 02b4e99c9f0afa4ef9fa0283670c1515e40a5278
 2024-03-04 12:23:54 +01:00
Ziqi Zhao 68eb5caed4 rename apiserver trace span to http server guidelines 
Signed-off-by: Ziqi Zhao <zhaoziqi9146@gmail.com>

Kubernetes-commit: 84b9fbbdefa3f0bcfb1c4787093aa7840079b7ce
 2024-02-29 19:03:43 +08:00
cyclinder eca9e91401 Fix data race in apiserver mux handler 
Signed-off-by: cyclinder <kuocyclinder@gmail.com>

Kubernetes-commit: 6a194182a141665cfcb9b03815d77cd1e468d34e
 2024-02-20 14:34:22 +08:00
Siyuan Zhang 22612a3528 apiserver: Add API emulation versioning. 
Co-authored-by: Siyuan Zhang <sizhang@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Alex Zielenski <zielenski@google.com>

Signed-off-by: Siyuan Zhang <sizhang@google.com>

Kubernetes-commit: 403301bfdf2c7312591077827abd2e72f445a53a
 2024-01-19 16:07:00 -08:00
Monis Khan 2c1ad21e66 Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b4935d910dcf256288694391ef675acfbdb8e7a3
 2024-01-10 12:36:55 -05:00
Kubernetes Publisher 86ddcb4842 Merge pull request #123737 from enj/enj/i/cel_email_verified 
Require email_verified to be used when email is set as username via CEL

Kubernetes-commit: 9a160fa7808755fddd5fe8573040bef4d2ba7a0c
 2024-03-08 20:12:31 +00:00
Monis Khan 5b4b237d07 Require email_verified to be used when email is set as username via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 121607e80963370c1838f9f620c2b8552041abfc
 2024-03-05 17:20:18 -05:00
Kubernetes Publisher 8763b7fa93 Merge pull request #123431 from aramase/aramase/f/kep_3331_multiple_jwt_authenticator 
Support multiple JWT authenticators with structured authn config

Kubernetes-commit: c726b2b3a3519309afbac68e0358c99977d1c805
 2024-03-07 05:34:55 +00:00
Kubernetes Publisher 5855c335a1 Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1

Kubernetes-commit: 05cb0a55c88e0cdcfe2fb184328ad9be53e94d5c
 2024-03-07 05:34:54 +00:00
Kubernetes Publisher 4beab40010 Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API

Kubernetes-commit: bd25605619cbfb46b075002a6db58b4e489fc8cb
 2024-03-07 05:34:52 +00:00
Kubernetes Publisher 17663913a4 Merge pull request #123758 from liggitt/protobump 
[CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0

Kubernetes-commit: a5f5f44157c49fdfb6384862c7cb34c2ddbd4cce
 2024-03-06 17:29:40 +00:00
Jordan Liggitt 0a86214bd0 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0 
Kubernetes-commit: c6673d2346c814ddb4629c569bdc659ffa0c583f
 2024-03-06 09:47:28 -05:00
Kubernetes Publisher 04449c9b06 Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA

Kubernetes-commit: 2b521e5f8e6b99e84d464d8fa35658aed35bd13c
 2024-03-06 05:23:36 +00:00
Anish Ramasekar f09dddfc89 Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: b502aa6f31d3f55ce87cafdf3eb5e3fb87e74b50
 2024-03-04 23:37:31 -08:00
Anish Ramasekar bc65af8e04 Support multiple JWT authenticators with structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 39e1c9108c0802024ebb01ad2286b2f09f63798e
 2024-02-21 15:19:25 -08:00
Tim Allclair 337f031e71 Stop appending AppArmor status to node ready condition 
Kubernetes-commit: 24537a91317f9fd125ee805cd0b781358ac86f35
 2024-02-21 13:11:07 -08:00
cici37 be9c733e9d Promote ValidatingAdmissionPolicy to GA. 
Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6
 2024-01-23 22:10:40 +00:00
Kubernetes Publisher ccdc9f3ae6 Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources 
ValidatingAdmissionPolicy: exclude brink-able resources.

Kubernetes-commit: df1eccae38799ea0a361a7a0626ae1fe5c1e7c4d
 2024-03-06 01:06:53 +00:00
Kubernetes Publisher 69478b14d0 Merge pull request #123721 from enj/enj/i/authn_config_doc_nesting 
Fix AuthenticationConfiguration docs around nested claims via CEL

Kubernetes-commit: 7a20def5ba9f8e399f21467a194e85f21cbd6a47
 2024-03-05 21:36:06 +00:00
Jiahui Feng 8f8266ef89 update to inject only the list of excluded resources. 
Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4
 2024-03-05 10:27:35 -08:00
Monis Khan 37809637af Fix AuthenticationConfiguration docs around nested claims via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 290f2a7e1b62d2bfce2363ec528155a9748e0adb
 2024-03-05 12:01:11 -05:00
Kubernetes Publisher e44513e500 Merge pull request #123702 from p0lyn0mial/upstream-clean-up-after-123190 
storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed

Kubernetes-commit: 777070c9a5d458cbeac7a624e00317cf0b0aecf5
 2024-03-05 13:29:16 +00:00
Lukasz Szaszkiewicz b3f5f43260 storage/cacher: mark the addition of a metric for waitUntilFreshAndBlock as completed 
Kubernetes-commit: 221ad9f7c25cc4da36e97c5feca3fc60bbe5bbfa
 2024-03-05 10:23:23 +01:00
Kubernetes Publisher 377956753f Merge pull request #123568 from enj/enj/i/jwt_username_required 
jwt: fail on empty username via CEL expression

Kubernetes-commit: 50f4b1ea471c0dbfc5a60d396619405aaf352e62
 2024-03-05 05:11:54 +00:00
Kubernetes Publisher 8b057c4a4f Merge pull request #123561 from enj/enj/i/validate_jwt_sa_iss 
Prevent conflicts between service account and jwt issuers

Kubernetes-commit: 26600b17abcbeadf7f759a66b9b5ea5d8cc7a62a
 2024-03-05 05:11:51 +00:00
Kubernetes Publisher 0a68878666 Merge pull request #123641 from liggitt/authz-config-beta-gate 
Promote StructuredAuthorizationConfiguration feature gate to beta

Kubernetes-commit: 699984f25a80a39bbb112e657f08d76779cdc3a0
 2024-03-05 05:11:42 +00:00
Kubernetes Publisher 6a1a5d2f87 Merge pull request #123532 from serathius/separate-rpc 
Move cacher watch to separate rpc preventing starvation

Kubernetes-commit: 5b6d8a42931fd0eb7ba762cd46ad1655e46018a5
 2024-03-05 05:11:39 +00:00
Kubernetes Publisher 70e2d9115d Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets

Kubernetes-commit: f745503112e06d6ff199e929d536c6a29825c01a
 2024-03-05 05:11:34 +00:00
Kubernetes Publisher 311716fd2e Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics

Kubernetes-commit: 46a2137c1ba017970c316c0ec10c074cb6450732
 2024-03-05 01:28:55 +00:00
Kubernetes Publisher 250f19d55f Merge pull request #123190 from padlar/add-apiserver-wait-cache-metric 
Add apiserver_watch_cache_read_wait metric to cache refresh time

Kubernetes-commit: 599d92f1fb6fce102ae83d6c98be1aa5749f35de
 2024-03-04 21:09:36 +00:00
Sean Sullivan 0376e5de57 adds comments to tunnelingResponseWriter 
Kubernetes-commit: 3d56ff21fd3c9c9da82ff22044691ef0671ac7b6
 2024-03-04 11:10:17 -08:00
Kubernetes Publisher 7092a3d47e Merge pull request #123660 from xigang/cacher/watch 
cleanup: if triggerValue has a value fast break

Kubernetes-commit: a4eaf6e1200fa6f2050c71ef7a7e8ab27a8e4947
 2024-03-04 13:20:46 +00:00
Kubernetes Publisher 047ed89b4a Merge pull request #123527 from aramase/aramase/f/kep_3331_discovery_url 
Add `DiscoveryURL` to Authentication Configuration

Kubernetes-commit: ee5eca2a492531139f36201b101e2a7575120337
 2024-03-03 18:51:54 -08:00
xigang 2eff540b7c cleanup: if triggerValue has a value, fast break 
Signed-off-by: xigang <wangxigang2014@gmail.com>

Kubernetes-commit: d72448a41c24911a57b24cabdef3ca63ee048bd4
 2024-03-04 10:29:31 +08:00
Jordan Liggitt 9610424488 Fix headerInterceptingConn handling 
Kubernetes-commit: 2443b3fa694462ab0438f10dea38557edea4d4e7
 2024-03-02 17:57:39 -05:00
Jordan Liggitt 4d70dec65c Promote StructuredAuthorizationConfiguration feature gate to beta 
Kubernetes-commit: 30256c8909ab8c30a64f786361543768f2719c77
 2024-03-02 02:12:36 -05:00
Jordan Liggitt 9adb3ee3c0 Add authorization webhook duration/count/failopen metrics 
Kubernetes-commit: 79b344d85e3e2f8f3192a3dcabb384cfe87136a6
 2024-03-02 01:44:28 -05:00
Marek Siarkowicz 743b53428c Test that separation of streams work by using progress notifies 
Kubernetes-commit: 1cf4cec449cb29718a694e25f4750452af3f491d
 2024-02-29 17:51:46 +01:00
Jiahui Feng a86b013fb6 make ValidatingAdmissionPolicy ignore excluded resources. 
Kubernetes-commit: 64ee859aa82c17daa8037e4e90e066ae4582d653
 2024-02-28 15:31:44 -08:00
Jiahui Feng b1e2103ed5 add resource filter to admission initializer. 
Kubernetes-commit: 5b1fffa3e40b812e81ede244f671c90e3428e2ec
 2024-02-28 15:31:18 -08:00
Monis Khan 4eaefb0cee jwt: fail on empty username via CEL expression 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 8345ad0bac4fee6d25f033f0445e2e10eae6afbe
 2024-02-28 12:53:08 -05:00
Monis Khan 9432b4df38 Prevent conflicts between service account and jwt issuers 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 05e1eff7933a440595f4bea322b54054d3c1b153
 2024-02-27 17:11:18 -05:00
Marek Siarkowicz e810084a4b Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior 
Kubernetes-commit: 31d404b182d2985ce0d3c43f75d80c29a708beda
 2024-02-27 11:25:42 +01:00