b534ae405b
Don't panic is admission options is nil
...
Kubernetes-commit: bc04c091c3ca0320a6fa83ef35f891d21423afbb
2018-05-05 11:59:28 -07:00
5d3eda3ed6
Deprecate repair-malformed-updates flag, move object meta mutation into BeforeCreate
...
Kubernetes-commit: 7f840f4441957a6024f28262fafcde4696dac6c3
2018-03-21 01:20:34 -04:00
0203b2aa93
Update all script to use /usr/bin/env bash in shebang
...
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
2018-04-16 18:31:44 +02:00
4d98a75cb5
Decorator for Create should be called on out, not obj
...
obj is not what we return
Kubernetes-commit: 1002f80569d80eadff485dce74cf5d4bf05aac35
2018-05-02 01:25:24 -04:00
b7f90743d0
remove rootscopedkinds from groupmeta
...
Kubernetes-commit: 8ae62517da5eff6d6bad21badfd39ee88463ad42
2018-04-30 13:27:01 -04:00
00386b3bb0
remove incorrect static restmapper
...
Kubernetes-commit: ef0d1ab81927214db80c30d5af491f67546d790b
2018-04-26 11:55:50 -04:00
d250da9d7f
remove self linker from group info
...
Kubernetes-commit: 22410d4b4c0478033d5f33d68303a60866e98ce1
2018-04-26 11:31:04 -04:00
0d65d340ea
remove versioning interface
...
Kubernetes-commit: e2fc5cf259463f896213afdef15d58ef9a91eb35
2018-04-25 10:55:17 -04:00
91142e772a
Collapse onto request scope convertor
...
Kubernetes-commit: 2c1a689952ec34e3f9ecb7bcd1772c3fa35c9597
2018-04-26 16:21:38 -04:00
050d3a3aa4
Fix govet error
...
Kubernetes-commit: f6b08d6d76be65239e3775b52bf99fa81fec667b
2018-04-26 16:10:29 -04:00
56ec7f69aa
Remove unnecessary typer from create/update handlers
...
Kubernetes-commit: 5e23dd0517f493011e7c529464f448d6b2ae9ef7
2018-04-23 12:29:37 -07:00
14e43f49d6
rest mappings cannot logically be object converters
...
Kubernetes-commit: 6900f8856f8cd9a6c94a156b9e4a9fee0c16f807
2018-04-24 18:31:41 -04:00
68ff1d00ce
Add tests for resourceVersion precondition failures on patch
...
Kubernetes-commit: b526532c8abf3cbd4442f364377cb7c7f42f199e
2018-04-25 22:44:46 -04:00
aa2276ee48
collapse patch conflict retry onto GuaranteedUpdate
...
builds on #62868
1. When the incoming patch specified a resourceVersion that failed as a precondition,
the patch handler would retry uselessly 5 times. This PR collapses onto GuaranteedUpdate,
which immediately stops retrying in that case.
2. When the incoming patch did not specify a resourceVersion, and persisting to etcd
contended with other etcd updates, the retry would try to detect patch conflicts with
deltas from the first 'current object' retrieved from etcd and fail with a conflict error
in that case. Given that the user did not provide any information about the starting version
they expected their patch to apply to, this does not make sense, and results in arbitrary
conflict errors, depending on when the patch was submitted relative to other changes made
to the resource. This PR changes the patch application to be performed on the object retrieved
from etcd identically on every attempt.
fixes #58017
SMP is no longer computed for CRD objects
fixes #42644
No special state is retained on the first attempt, so the patch handler correctly handles
the cached storage optimistically trying with a cached object first
Kubernetes-commit: fbd6f3808480d27a83643e82a11c217601b76cbc
2018-04-24 21:55:06 -04:00
3fa442d40a
stop duplicating preferred version order
...
Kubernetes-commit: a89291a5dec0b63809b875e912b1563d50f86dba
2018-04-26 09:38:43 -04:00
bf8532c54e
remove KUBE_API_VERSIONS
...
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
2018-04-25 16:07:15 -04:00
1e20adc3e1
clean up unused code fakeRL in requestinfo_test.go
...
Kubernetes-commit: 08409554bf6b03ae7c5396cb1d1ed4473a5696fd
2018-04-24 14:33:47 +08:00
3c79460222
Register Prometheus etcdmetrics only for apiserver
...
Removed automatic registration with `init` funciton and use `Register` function
to register metrics for etcd storage only when requested.
Kubernetes-commit: 40cf7880135b56e2d88a04d5fce08303b249eb34
2018-04-20 17:19:13 +03:00
4133c302ad
remove useless alwaysAdmit in apiserver test
...
Kubernetes-commit: e1bcca681d856d68ac54f2fd26a075d79c05d2a9
2018-04-25 16:37:08 +08:00
c8a994aada
Refactor the patch handler for readability
...
This is the combination of a series of changes which individually don't
make any behavioral changes. The original commits are preserved in my
own fork in the refactor-patch-complete branch, as when squashed this is
impossible to review.
This turned a big function with lots of parameters and closures into an
object with multiple functions, fewer closures and more well documented
state transitions.
Kubernetes-commit: 349a99b80e7e6c0c92218c814ae0858fd71609fc
2018-04-18 16:59:17 -07:00
b26d126ba9
core v1 API requires autoscaling/v1 to serve the Scale endpoint
...
Kubernetes-commit: 1a753659cfc973e900620bf1443178b6cdda27e0
2018-04-24 10:16:59 -04:00
88d943c0e6
eliminate indirection from type registration
...
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
2018-04-24 08:21:23 -04:00
cd0258b4d7
replace request.Context with context.Context
...
Kubernetes-commit: 54fd2aaefd11e12a3ecb6d1a1326f04cdc8ea1a3
2018-04-24 08:10:34 -07:00
c3f6af1ec1
avoid calling Handles twice
...
Kubernetes-commit: 9ce6da671d7035c1f9bcc8db9c7f0c69f9701210
2018-04-21 13:44:14 +08:00
f11d20d5bf
fix typo: mutating validating admission should be distinguished
...
Kubernetes-commit: cd4c71422e41e9dbbc015e8b6c0e1b6b5bb67346
2018-04-21 11:37:36 +08:00
5ac4802a22
remove confusing flexibility for metadata interpretation
...
Kubernetes-commit: 0710f72c65ad23e7a3726b345898ef4aaaac26fa
2018-04-23 10:23:01 -04:00
53e0783ab7
Implemented truncating audit backend
...
Signed-off-by: Mik Vyatskov <vmik@google.com>
Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
2018-03-23 16:13:34 +01:00
63e908831c
remove repeated resourceversion
...
Kubernetes-commit: 87de76fa4893233b86f6a14fe4a2786bafabb127
2018-04-23 23:38:14 +08:00
25758bf0f8
Remove request context mapper
...
Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e
2018-04-18 11:12:15 -04:00
62408eb418
Honor existing CA bundle and TLS server name in webhook client
...
Kubernetes-commit: 54c883f27bdb9ac1bd6602e34643296644e574f7
2018-04-17 01:01:30 -04:00
cfda35d9c1
apiserver: move patch tests to their own file
...
Kubernetes-commit: 8341c48b1b1cd459f4265bf747baca62f33eea34
2018-04-18 10:54:35 -07:00
dfdceff3c6
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: bfcb3cd91f93669b94ea80eadebdff769c88952e
2018-03-16 14:25:26 -07:00
f44ea185da
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: 04a6613fb565a54b6a74e5bfad8844928e98a59b
2018-03-15 14:13:24 -07:00
959ee35394
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: e54864f53de75cd56c0fe94777e1d3de0c559c7f
2018-02-27 17:24:27 -08:00
2515aae7de
remove unused code
...
Kubernetes-commit: fffa40552cc9f6d372607d1ed40a44d97cecb314
2018-03-20 18:50:19 +08:00
dff0e6ac00
check etcd servers by a random order
...
Kubernetes-commit: ea627f987507de38dfc46ab2d9c924690eba5ee9
2018-03-15 10:04:40 +08:00
c5ff2cea2f
etcd client add dial timeout
...
Kubernetes-commit: 814401fc902a7083bfd9933e245a2be62abfed60
2018-03-21 14:45:13 +08:00
cc0f17a725
Fix to avoid REST API calls at log level 2.
...
Kubernetes-commit: 6a5c248bbb6a06a0c171f7171d3583cd006350db
2017-02-03 12:47:03 -05:00
805ad14201
add test case for request context mapper
...
Kubernetes-commit: 3f73ccfcde3bc1ff9bb24d3ec9f3154feb97e166
2018-03-07 11:44:36 +08:00
4acae24757
optimize requestcontext: use RWMutex and atomic.Value
...
Kubernetes-commit: 564d53f71b3fb52e956e4bece12483e4ba3f6248
2018-03-06 11:20:46 +08:00
6f00834df1
oidc authentication: Required claims support
...
Kubernetes-commit: dd433b595f5f0b1d9a5195b3dbefe0fd2afc425d
2018-04-03 10:54:09 -07:00
490c9a96c3
fix typo
...
Kubernetes-commit: 549fb0cad39daa74c528f7f775d627f908785b61
2018-04-04 16:03:17 +08:00
e8101c4ca7
Log rbac info into advanced audit event
...
Kubernetes-commit: e87c2c9f27f7f9756a8b664d118d357b166bbd14
2018-01-22 15:19:15 +08:00
adb35656a1
apiserver: cancel context on timeout in WithTimeoutForNonLongRunningRequests
...
Kubernetes-commit: f3ba7f95585cdcce19579d757dadbf3c8a9f8e0b
2018-03-12 17:11:11 +01:00
584fe98b64
admission/webhook: fix panic from empty response in mutating webhooks
...
Kubernetes-commit: 10969e1b8dcb89cc97d591df63be7464cefb454b
2018-02-12 14:58:57 +01:00
378bb80fc8
admission/webhook: refactor to webhook = generic-webhook + source + dispatcher
...
- unify test cases
- remove broken VersionedAttributes override abstraction
This overriding had no effect. The versioned.Attributes were never
used as admission.Attributes.Better make the versioned objects
explicit than hiding them under a wrong abstraction.
- remove wrapping of scheme.Convert
- internalize conversion package
Kubernetes-commit: 72f8a369d021037ca6179339d50ad595b5462a6c
2018-01-16 10:37:41 +01:00
1075399c96
apiserver: enforce shared RequestContextMapper in delegation chain
...
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
2018-04-04 10:05:06 +02:00
dbf3897e4f
remove unused function getEncodedPod in etcd_helper_test.go
...
Kubernetes-commit: b07071f84bbfafb9dc525c5092573d11dcc6743a
2018-04-04 18:24:48 +08:00
28595d407b
apiserver: add warning about not trusting authz of aggregator
...
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
2018-03-19 13:37:52 +01:00
eb4672a9c5
Use range in loops; misc fixes
...
Kubernetes-commit: c23a8a85cce80a1015797e9c76aae709d9910791
2018-03-29 22:55:25 +11:00
c621a422af
fix patch conflict detection in apiserver
...
Kubernetes-commit: ff18af452dafef7fc115512940e0c6250ccf31ca
2018-03-29 16:43:23 -07:00
2cb36e30a2
fix error message about DeleteOptions
...
Kubernetes-commit: c9aac2b2e0297ebb4e0b5425ad986069dd762e01
2018-01-02 19:24:32 +08:00
416f1ae672
update metrics to true like it is for kube-apiserver
...
Kubernetes-commit: 456fd386dc6db8ba5ced338a5935de8229c14047
2018-03-09 14:36:04 -05:00
6ab99203b7
Replace "golang.org/x/net/context" with "context"
...
Kubernetes-commit: 70e45eccf27726f0e63dd1024924ccc7e2cd35a0
2018-02-28 12:20:22 +08:00
b2b70701e1
Make advanced audit output version configurable.
...
Signed-off-by: Mik Vyatskov <vmik@google.com>
Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
2018-02-19 21:15:49 +01:00
240b9cf032
remove unused rls-ca-file flag
...
Kubernetes-commit: 9c0803e14c0d76e2e8225db546c0d2ce0b522ab7
2018-03-20 15:26:31 +08:00
9c6162ac42
add unit test for function FeatureGateSetFromMap and FeatureGateString
...
Kubernetes-commit: 95eaccb0959af0ec91c3c4356a528516a5dc693f
2018-03-08 18:52:36 +08:00
716af975eb
regenerated all files and remove all YEAR fields
...
Kubernetes-commit: b49ef6531c11f1c834e0d7591f5c965f6193c711
2018-01-22 20:37:53 +08:00
8d9c5be000
Grant sig leads feature approval powers
...
Kubernetes-commit: 9afc4242d367025454fc201519a29f77973ce29f
2018-03-12 11:34:33 -07:00
39fbe7ba58
remove the outdated TODO
...
Kubernetes-commit: 9be76ec461e6bd2bddb5ab26b41b3ef5938e0791
2018-03-13 20:31:01 +08:00
166387d3d7
fix bug in apiserver.k8s.io install
...
Kubernetes-commit: f66c9b388fd276293ac9b430cac2ecf88b236e5d
2018-03-13 14:47:05 +08:00
e75ab8e707
log enabled admission controller in order
...
This change log enabled mutating and validating admission controller
in order.
Kubernetes-commit: 76aaba6d247fa479763fefa2d57c625077100d78
2018-03-10 16:20:12 +08:00
422369e23b
move EtcdServersOverrides to EtcdOptions flags validate
...
Kubernetes-commit: f380ac8cec8061bf6533ccecd02ec49d9a5b016f
2018-03-05 11:32:59 +08:00
03f5f59a07
apiserver clean code
...
Kubernetes-commit: 0feecc376cc04baa2f4979cecaabb658373d6c69
2018-03-02 17:15:02 +08:00
c26e7f2e3a
more concise to merge the array
...
Kubernetes-commit: 31aad75316b6e63840ec05b8bc9205fbb6d897aa
2018-02-11 21:27:11 +08:00
627fa76a8b
sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel
2018-03-15 09:38:17 +00:00
d89e8e9460
Fix default auditing options.
...
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test
Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
2018-03-02 15:16:37 -08:00
6466b038b4
fix option --audit-webhook-initial-backoff
...
Before this change, --audit-webhook-initial-backoff has no effect
Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
2018-03-10 17:44:20 +08:00
f86f44d94d
Make admission webhooks work in custom apiservers.
...
Created a scheme that only understands admission/v1beta1 and use it to
encode/decode admissionReviews.
Also made the NegotiationSerializer setup static
Kubernetes-commit: 3ab516035d17c2b2798797eb8ee85522ccbc051e
2018-03-09 11:25:34 -08:00
c28dea8a20
Make admission webhooks not ignore scheme
...
Kubernetes-commit: 7d5696eb6d98a0ce76e4fe18c3e37aec05060b46
2018-03-08 11:35:13 -08:00
8779e14501
log enabled admission controller in order
...
Kubernetes-commit: 4c6db2516a7597bd0be5c1f3a3905b8894a18e6a
2018-03-06 17:40:34 +08:00
89e1aa5933
Prevent webhooks from affecting admission requests for webhooks
...
Kubernetes-commit: 58b43ad27d00191cf5291d8508dc346f1924b785
2018-03-05 16:35:52 -08:00
2f4fe441f5
Fix initializing watch cache
...
Kubernetes-commit: 09606310ac86932152bb582d284d02958c089af8
2018-03-02 16:53:18 +01:00
9169f6d300
Add buffering to the log audit backend
...
Signed-off-by: Mik Vyatskov <vmik@google.com>
Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
2018-02-22 19:52:33 +01:00
8e51703adb
remove unused function negotiate() and writeYAML()
...
Kubernetes-commit: 5f908c226c9df144dfc0e1665381b8ec534a60a4
2018-02-23 14:53:51 +08:00
43796a9895
Fix build tag for grpc_service_unix_test.go.
...
Kubernetes-commit: 4d2e43f53f3c057e7bddd6f09e5a82b0b97d276f
2018-02-09 12:10:25 -08:00
bbfe695b05
Remove unused variables (only assigned to) from test code.
...
This is revealed by the go/types package, which is stricter than
the Go compiler about unused variables. See also: golang/go#8560
Kubernetes-commit: e04b91facf180c17557a44e8e462858ea2936301
2018-02-02 13:34:57 -08:00
9fa0aca343
Run hack/update-all.sh
...
Kubernetes-commit: c8dacd8e631f59ef158c79156d77a99fd2a632cc
2018-02-26 17:16:14 -08:00
32fe314a1e
fix some syntax related errors
...
Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d
2018-02-11 19:50:49 +08:00
8080a6e06e
Add new openapi endpoint in aggregator server
...
Kubernetes-commit: 2eb3d046ce8b0a1b500d68d5a83fa7e575da7ca9
2018-02-20 09:22:25 -08:00
aa5d4f9f32
Fixes for HTTP/2 max streams per connection setting
...
This PR makes two changes. One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection. If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).
The other change is to make the recommended options for an aggregated
api-server set this limit to 1000. The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).
Fixes #60042
Kubernetes-commit: 201c11f147c85b029665915bee3a62eea19d6d57
2018-02-19 14:18:07 -05:00
25b054a72f
generated
...
Kubernetes-commit: fb7101ef7c9892e0a5d3a718038b93e84b9314b5
2018-02-14 16:15:12 +00:00
e36f8069aa
Add a metric exposing number of objects per type
...
Kubernetes-commit: f6e9ebffa2df10f7792fbea0a0fbe5ab8e388a26
2018-02-12 15:58:57 +00:00
1d8690c3c5
apiserver: fix testing etcd config in preparation for etcd 3.2.16+
...
Kubernetes-commit: 73971e69ac3d855b6ecbfa15c5bbe454d96e89b7
2018-02-23 13:58:08 +01:00
7fb69020af
fix typo and remove inaccurate TODO
...
Kubernetes-commit: d94925af8854031f1548466c655afd3119613785
2018-02-23 09:27:37 +08:00
3ec7dfbb59
kms: rename KMSService to KeyManagmentService
...
KMSService is redundent.
Kubernetes-commit: fc8ff61eb9e153d9e3f67549b8454cdea89bab30
2018-02-22 19:36:03 -08:00
7b21554cfc
Make Service storage a wrapper around other storages
...
The registry abstraction is unnecessary and adds direct coupling to the
core types. By using a wrapper, we carry through the default
implementations of the non-mutating operations. The DeleteCollection
method is explicitly patched out since it cannot be correctly
implemented on the storage currently.
As a result, TableConvertor is now exposed.
A few other minor refactorings
* Corrected the case of some variables
* Used functions instead of methods for several helper methods
* Removed the legacy Deleter - service was the only remaining consumer
Kubernetes-commit: 110b064d630ca39220696225dd597e7d33b95f4f
2018-02-04 22:38:39 -05:00
45ac728887
set default enabled admission plugins by official document
...
Kubernetes-commit: 27f3fd2d79d2d669ddecdd987c8b099f1f43ce38
2018-01-23 20:12:10 +08:00
cee5e95803
remove deprecated /proxy paths
...
These were depercated in v1.2.
Kubernetes-commit: 7b4722964d21c994e0fdf36c0d7f5b0dc703a9c2
2018-02-14 11:13:54 -08:00
2aca9afa1d
sync: squashed up to merge cc7cea74ae668cd401d99cc472569605cb640517 in b3099bcf532bc470ff7075e93025b8741da09be4
2018-02-27 01:30:07 +00:00
b81f74623f
Fix race in healthchecking etcds leading to crashes
...
Kubernetes-commit: 38387aec0db3eda3a7debb4558a223ac92a41389
2018-02-20 12:17:39 +01:00
1ab12b2dc8
Autogenerated: hack/update-bazel.sh
...
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
2018-02-16 13:43:01 -08:00
01b15f1056
fix invalid match rules for advanced audit policy
...
When users or groups are set in a rule, this rule should not match
attribute with unauthorized request where user and group are nil.
Kubernetes-commit: 9a7acaae1d5015886cc7c3bc46fc3d973045dc2a
2018-02-06 14:05:57 +08:00
3d1ec1c912
Improve the error message.
...
Kubernetes-commit: 1ecd4bb2744ebc371e952b4d7a6b30826f60041f
2017-12-29 09:05:14 +01:00
bf5feefec3
add an admission decorator chain
...
Kubernetes-commit: 1ae856484b8a827b7ce6018ddfa103493a2cb97d
2018-02-14 09:27:25 -05:00
107aca480b
Store labels and fields with object
...
Kubernetes-commit: 87a65b6c93db554bc91001df182672703e85edd8
2018-02-14 15:39:51 +01:00
a7b5c83c7b
apiserver: fix some typos from refactor
...
introduced in #59582
Kubernetes-commit: 83c1334e5110e6f492f0e375488978ebb16a62a5
2018-02-14 17:47:42 -08:00
89b7bf377a
Update generated files
...
Kubernetes-commit: 5483ab7679dd055422131fd1c22a18eee39a775e
2018-02-08 19:37:08 +01:00
0520d284e2
controller-manager: add authz/n to options, nil by default
...
Kubernetes-commit: cecd663c21d139a3a5a15b43a8dda8de26180246
2018-02-08 14:19:02 +01:00
338a852bbb
apiserver: make SecureServingOptions and authz/n options re-usable
...
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
2018-01-31 16:17:48 +01:00
tamal