kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,741 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

1745 Commits

Author SHA1 Message Date
Johannes M. Scheuermann b0438a0d98 Update kube-apiserver flag comments 
Kubernetes-commit: bd42094d90124ba79cbacac6f41336e1d39999c1
 2020-05-25 15:43:56 +02:00
Lingfei Kong 76c4d459f2 fix the wrong function description 
Kubernetes-commit: fa73cacc5d4d2250f3ea8fe519bcbb0a02309b28
 2020-05-25 15:04:01 +08:00
wojtekt 8371df6187 Watch should return "too old RV" if it can't serve it. 
Kubernetes-commit: ef1e5b6d3ac25431d890bfe4f540d9aa956a856d
 2020-05-25 20:46:27 +02:00
Tariq Ibrahim d8082ddfe6 s/RelicaSets/ReplicaSets 
Kubernetes-commit: 9760dec9dc84d68c6613887128de192b4a66feff
 2020-04-29 12:59:05 -07:00
Abu Kashem 8dd6013700 Reset flow control metrics on /metrcis DELETE 
Kubernetes-commit: 01c5818b63fd7c4a1d83ad33fc6a7ef78529cbd7
 2020-05-20 17:25:05 -04:00
Tim Allclair 5d41955c07 Remove tallclair from some OWNERS files 
Kubernetes-commit: 029a144ae9e143ea3f648a8d14fdddb7c845246d
 2020-02-20 15:07:06 -08:00
Jordan Liggitt d501f7b597 Revert "Rely on default watch cache capacity and ignore its requested size" 
This reverts PR 91260

Kubernetes-commit: 6249f287e1d3d9fb63b60961c8625a82d7db360e
 2020-05-23 09:21:22 -04:00
wojtekt 31ffec3302 Rely on default watch cache capacity and ignore its requested size 
Kubernetes-commit: 99dff90d613e2014873dc2fae0a00acaf95c3bd2
 2020-05-19 18:13:28 +02:00
Mike Spreitzer 705ee42713 Clean up fairqueuing/interface.go 
Fixed outdated comment on QueueSet::StartRequest.

Removed unused interface EmptyHandler.

Kubernetes-commit: 28671fc4cf34e9e34eee545312c848ce40ab148b
 2020-05-17 22:36:30 -04:00
Paulo Gomes 749479fedb Warn when insecure TLS ciphers are selected. 
Kubernetes-commit: 550a67869a7290688dde4aeedbcdd72a10e448cf
 2020-05-13 16:11:28 +01:00
Davanum Srinivas c78dd46c27 fix API change in apiserver-network-proxy 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: ce6292f6c6da22eb48cadae1d8a7a87fd5ff6798
 2020-05-14 21:43:26 -04:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
yue9944882 099ec78c1b exclude openapi params for DELETECOLLECTION 
Kubernetes-commit: 6a7aa377f2894fe392906982afade19501783aa6
 2020-05-14 11:14:23 +08:00
RainbowMango b635b7fa33 Switch deprecated RegisterOpenAPIVersionedService function by OpenAPIService.RegisterOpenAPIVersionedService. 
Kubernetes-commit: ec234467f8bf1584d84ae35c4674565be0e93fda
 2020-05-08 11:27:22 +08:00
Julian V. Modesto a470b96352 Mark the server-side dry-run feature as GA 
Kubernetes-commit: df0ee9f88b7d308b6668ece02711ca01b1698af1
 2020-05-05 16:20:29 -04:00
wojtekt 6332f98216 Update duration to be kept in watchcache 
Kubernetes-commit: d1de6295bb8047cbfd2a4ecbb0d264197f4cd8a4
 2020-05-04 17:21:40 +02:00
Wojciech Tyczynski 4589c74d5e Send watch bookmarks every minute 
Kubernetes-commit: 9f1e4620379028754f2da4223adf4d1a445e90f4
 2020-04-27 18:41:31 +02:00
Lukasz Szaszkiewicz 513afab811 expose RunOnce method on RequestHeaderAuthRequest controller 
Kubernetes-commit: f3a7f057c423caf77b0c5315d7728727c4b35bde
 2020-04-28 15:35:17 +02:00
Lukasz Szaszkiewicz 07cdc792bb provides DynamicRequestHeaderController that combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController into one controller 
the unified controller will dynamically fill RequestHeaderConfig struct

Kubernetes-commit: cb4b4cb5a6ffdf1c7f199e644a8b5cac2367d504
 2020-04-28 12:48:21 +02:00
Lukasz Szaszkiewicz 259bedd4a2 provides RequestHeaderAuthRequestController for dynamically filling RequestHeaderConfig struct 
Kubernetes-commit: 6e0211b3d82c5b3b2f69f6b3c7a7840b42e6e000
 2020-04-27 17:41:42 +02:00
Wojciech Tyczynski 7686f3528b Revert "Send watch bookmarks every minute" 
Kubernetes-commit: 1cb98ed2376b1f7777ca3d7bfac98cbb5f8b9ce3
 2020-04-27 17:07:27 +02:00
tanjunchen 529b6da9bb remove prometheus dependencies from k/k and add testcases for LabelsMatch 
Kubernetes-commit: 6e986249ee4252f83037f229a8773869feaab15a
 2020-04-22 14:07:53 +08:00
Jordan Liggitt b6e46cd151 Restore cache-control header filter 
Kubernetes-commit: 5efcc9e63327b5054fb636bda56176e8546bd9be
 2020-04-24 15:36:12 -04:00
wojtekt f1c77ba823 Send watch bookmarks every minute 
Kubernetes-commit: d4b532e7190c2ad12a0317ff946e2cd0b33f0ada
 2020-04-17 19:42:26 +02:00
Jie Shen 6873ed332b Use utils.net to parse ports instead of atoi (#89120) 
Kubernetes-commit: 363bb3914296d5330dce29631fb6003c335cfcf7
 2020-04-22 06:24:23 +00:00
louisgong 4c8b97679c Use dynamic size watch-cache. 
If all cached events occur inside eventFreshDuration, increase cache capacity by 2x.
Decrease cache capacity by 2x when recent half events occur outside eventFreshDuration.

Kubernetes-commit: 56407b656c7acf6039cead0192070429e53a0c70
 2020-04-12 17:22:38 +08:00
louisgong 1117ccdc72 move watchCache metrics to a seperate file 
Kubernetes-commit: 21ba510ef0e02f64a813cb460212cb832f8f4d78
 2020-04-16 15:45:16 +08:00
Monis Khan 1873d19869 Allow handlers early in the request chain to set audit annotations 
This change adds the generic ability for request handlers that run
before WithAudit to set annotations in the audit.Event.Annotations
map.

Note that this change does not use this capability yet. Determining
which handlers should set audit annotations and what keys and values
should be used requires further discussion (this data will become
part of our public API).

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b
 2020-03-19 20:02:37 -04:00
Gaurav Singh 43ce4f9092 Remove double import of k8s.io/apimachinery/pkg/util/net 
Kubernetes-commit: 29ceb8d5f2fc48d1fe4974110b7f60579668c00e
 2020-04-08 16:25:23 -04:00
Michael Gasch 0cdbc006ea Add etcd WithRequireLeader option to API watches 
Watches against etcd in the API server can hang forever if the etcd
cluster loses quorum, e.g. the majority of nodes crashes. This fix
improves responsiveness (detection and reaction time) of API server
watches against etcd in some rare (but still possible) edge cases so
that watches are terminated with `"etcdserver: no leader"
(ErrNoLeader)`.

Implementation behavior described by jingyih:

```
The etcd server waits until it cannot find a leader for 3 election
timeouts to cancel existing streams. 3 is currently a hard coded
constant. The election timeout defaults to 1000ms.

If the cluster is healthy, when the leader is stopped, the leadership
transfer should be smooth. (leader transfers its leadership before
stopping). If leader is hard killed, other servers will take an election
timeout to realize leader lost and start campaign.
```

For further details, discussion and validation see
https://github.com/kubernetes/kubernetes/issues/89488#issuecomment-606491110
and https://github.com/etcd-io/etcd/issues/8980.

Closes: https://github.com/kubernetes/kubernetes/issues/89488

Signed-off-by: Michael Gasch <mgasch@vmware.com>

Kubernetes-commit: 70c9f770d7aa2194bfd3f58fe01756a7d200b866
 2020-03-31 12:01:53 +02:00
Jordan Liggitt 08f23b5217 github.com/googleapis/gnostic v0.4.1 
Kubernetes-commit: 93c7b24562d80959f45c308e7412456a410b9b25
 2020-03-31 17:18:56 -04:00
wojtekt 59604ff55c Not rely on default conversions in apiserver test 
Kubernetes-commit: 8c59c2133cabe70039f67986383a3598c174e546
 2020-02-11 14:53:17 +01:00
jingyih 9303178e27 Add a metric exposing etcd database size 
Kubernetes-commit: 922ec728de9248657f026eb6cfb8fdaeb11049ac
 2020-03-16 07:55:38 -07:00
Jordan Liggitt c4368f3db2 Clarify cached object type in apiserver log 
Kubernetes-commit: a941755a39afd366dad6d005dfaf41fd584dec08
 2020-03-09 15:09:30 -04:00
Davanum Srinivas c15d16953f Move k8s.io/apiserver/pkg/util/term to k8s.io/component-base/term 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 1d057da2f73118893b5cc27c15d59ff03beb271e
 2020-03-16 16:27:44 -04:00
Abu Kashem 6d0de7f4cb Fix data race issue in unit test 
TestDispatchingBookmarkEventsWithConcurrentStop can use processEvent
instead of `dispatchEvent` to avoid data race conditions with
`Cacher.watchersBuffer`.

Kubernetes-commit: 7dc075673c24ffd8bde08a4c7ec55a8b633b20e2
 2020-03-16 17:43:32 -04:00
Monis Khan 7fa523535d Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: df292749c9d063b06861d0f4f1741c37b815a2fa
 2020-03-11 14:31:31 -04:00
Jordan Liggitt 532d284317 Require listers to implement TableConverter 
Kubernetes-commit: 7cbb74d089f88c3323b7be2dcd8a8d39d8aad271
 2020-03-09 10:08:13 -04:00
Mateusz Gozdek e843f3790e kube-apiserver: use SO_REUSEPORT when creating listener on Unix systems 
So multiple instances of kube-apiserver can bind on the same address and
port, to provide seamless upgrades.

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

Kubernetes-commit: dfe1f968ac31ba9b81a353d4de86d28e73d22d4e
 2020-03-06 09:59:20 +01:00
immutablet 209aff3d4b Hide methods in the encryption config that are not used outside the package. 
Kubernetes-commit: 922e0bfaec0a8b25fdb04e559ac454c416f8c2e8
 2020-03-05 16:54:27 -08:00
Jordan Liggitt 1a93b794ed Preserve target apiVersion when decoding into unstructured lists 
Kubernetes-commit: fa12441ab99cac81b0034208fd10d8a4fc3d5bd0
 2020-03-10 03:13:20 -04:00
Antoine Pelisse 05f95a480d managedfields: Update Apply time if neither object nor managedfields have changed 
Kubernetes-commit: 5231c6815c7b06248575892f3ec96c15c634d368
 2020-03-05 13:13:27 -08:00
Antoine Pelisse c81c86d33f Bump sigs.k8s.io/structured-merge-diff to v3 
Kubernetes-commit: df41fd932bef1686b30a1abee477c5009ebabe80
 2020-03-05 13:09:50 -08:00
Antoine Pelisse 2ff45c3592 fieldmanager: Add failing test for no-op apply actually writing to etcd 
Kubernetes-commit: 7120abe6989afff0d4ad879a4590a960f4ab19f0
 2020-03-05 10:09:08 -08:00
Antoine Pelisse 5de3b6339e fieldmanager: Move ManagedFields update logic into its own class 
Kubernetes-commit: 39681aa5800492b8e4b4ff5fb82e034376864a37
 2020-03-05 10:01:37 -08:00
Abu Kashem 6d7d21c695 /readyz should start returning failure on shutdown initiation 
Currently, /readyz starts reporting failure after ShutdownDelayDuration
elapses. We expect /readyz to start returning failure as soon as
shutdown is initiated. This gives the load balancer a window defined by
ShutdownDelayDuration to detect that /readyz is red and stop sending
traffic to this server.

Kubernetes-commit: 4134494fa51402ec5e5ea3fa1c51c0be55c955fd
 2020-03-06 10:55:45 -05:00
Jordan Liggitt 2e70c9ff51 client-go dynamic client: add context to callers 
Kubernetes-commit: b7c2faf26c2a25427794478c6265e6d55e8acb5a
 2020-03-06 10:17:41 -05:00
Mike Spreitzer 9df60c9fe6 Renaming: "Change" -> "Add" for consistency with underlying method 
Kubernetes-commit: c7b098ac6c276d65a79db6cfeb04f5f0f86eb315
 2020-03-05 15:17:33 -05:00
Mike Spreitzer 8235385f97 Fix queued request accounting, extended queueset test 
Kubernetes-commit: 8a1b60320986eca05cb281bcce45332e0969268e
 2020-03-05 15:13:46 -05:00
Mike Spreitzer 6ae3e470a2 Make some metrics finer-grained, add dispatch counts, note immediate reject 
Also add testing of metrics for queuesets.

Kubernetes-commit: f535a9c9ed4b6a0def47c354acad0ac2a8f961b0
 2020-03-01 20:22:58 -05:00
Chao Xu 359feb5450 refactor egress dialer construction code and add unit test 
Kubernetes-commit: bac9351c64671ce4d5198d431c97bf1ccd72752f
 2020-02-26 16:00:43 -08:00
Chao Xu 079efffdb4 add metrics and traces for egress dials 
Kubernetes-commit: fbb1fb8902c06cbcce47a025ce22fe260b27a697
 2020-02-25 14:23:24 -08:00
Monis Khan b37d21cc60 dynamic certs: pass valid object to event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 2cd6abece45bc62121097ce7cbe7f0d14b9be5e0
 2020-03-04 09:54:27 -05:00
Monis Khan dd3ae9c175 dynamic certs: use correct name with event recorder 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 3bc918e48427720938c731a6b26e9474b4819716
 2020-03-03 18:40:34 -05:00
Monis Khan 091c53ac7a dynamic certs: do not copy mutex via shallow copy of tls.Config 
go vet error:

call of dynamiccertificates.NewDynamicServingCertificateController
copies lock value: crypto/tls.Config contains sync.Once contains
sync.Mutex

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 86a5993007e3c781749a5099b540307f65a4f377
 2020-03-03 14:58:43 -05:00
Mike Spreitzer 219ab512ff Generalized NonResourcePolicyRule.NonResourceURLs impl 
... to match the comment on that field.

Also generalized the test case generator to exercise the new
generality.

Kubernetes-commit: 2e97d3c8732147c3ba2f11d668f50b44e6374348
 2020-03-04 00:00:39 -05:00
Mike Spreitzer f9c1780311 Hopefully plainer test strings 
Kubernetes-commit: 4a4852ca9a1ffc439e2c476d7057a8be9f081055
 2020-03-04 21:47:19 -05:00
Mike Spreitzer f44645645b Added non-randomized tests of matching FlowSchema rules 
Kubernetes-commit: 21f78f3348736f242541f7b66e191aa1dce78c47
 2020-02-27 23:36:19 -05:00
Chao Xu d81e3cbf28 Promote the egressselector API to beta 
Kubernetes-commit: 3fbb549fb7ff707eb7c67e7ae275517c5bdc9883
 2020-02-24 17:12:44 -08:00
Lukasz Szaszkiewicz 3ae793e2b7 cleans up dynamiccertificates package 
Kubernetes-commit: 413960e49bea4b5558ea4dda3d18137eceaf7f16
 2020-03-03 14:38:18 +01:00
Antoine Pelisse 82ecbdb375 Don't log "SHOULD NOT HAPPEN" errors more than once per second 
Kubernetes-commit: 389dd0a499e4fa79d3d2ef4261aa9f25aa94e6b0
 2020-02-26 15:58:57 -08:00
chenjun.cj e5c6ec44de add a new generic filter goaway 
Kubernetes-commit: 81f46b64a35f3af096d50620dfcc78b003de8263
 2020-02-28 05:27:25 +08:00
immutablet e6ae7336e6 Factor-out metrics related logic from authentication logic. 
Kubernetes-commit: c0bad80e5b4bf56757e1a4999e831a5341693203
 2020-01-28 15:53:25 -08:00
jennybuckley a87d964ed1 Don't save managedFields if object is too large 
Kubernetes-commit: ccd9e4e2de32b8708f3a7be159f7a4316449c433
 2020-01-22 15:38:27 -08:00
Mike Spreitzer 8ad2cc1389 Replaced uber atomic with sync atomic, removed unneded "blank import" 
Kubernetes-commit: dbe84361440697af5c53d12209524aad9068c81a
 2020-03-01 18:10:20 -05:00
yue9944882 f452a698b0 register metrics from comp-base 
Kubernetes-commit: 11656478be93d4a9e54129ec35cd2b9558e901ac
 2020-02-27 17:04:17 +08:00
Rob Scott 7adab84d8a Adding IngressClass to networking/v1beta1 
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>

Kubernetes-commit: 132d2afca0794b4bcaedb6dbbefe4e9d66e80239
 2020-02-24 21:20:45 -08:00
Monis Khan f5c1e085ed storage: confirm that paging and predicate filtering work together 
This change adds the TestListContinuationWithFilter test which
confirms that paging with a predicate that does not match everything
results in the correct amount of calls to TransformFromStorage and
KV.Get.  The partial result of each paging call is also asserted.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 002c75442d768d2bcc51047667354ff16bbfa2e8
 2020-02-28 15:35:22 -05:00
Jefftree 13613a1c15 Address comment and remove if condition 
Kubernetes-commit: 61fa4e6c098559b65fe28c1bf55cb817697e38e5
 2020-02-27 17:18:57 -08:00
Jefftree 28f8e6670e audit webhook use network proxy 
Kubernetes-commit: cd57b830c142e2b9938ff801619070cf601c1422
 2019-12-19 12:29:37 -08:00
Jefftree f1c9537c7b pass Dialer instead of egressselector to webhooks 
Kubernetes-commit: 1b38199ea8b220be0b645af8a4cbdef4c87ce7fc
 2019-12-05 17:28:59 -08:00
Jefftree aa55f94611 authentication webhook via network proxy 
Kubernetes-commit: d318e52ffe0ba156a96cb5507026de6827d543ca
 2019-12-03 15:20:49 -08:00
Jonathan Tomer 3a2c32b513 Rename --enable-inflight-quota-handler to --enable-priority-and-fairness. 
The old flag name doesn't make sense with the renamed API Priority and
Fairness feature, and it's still safe to change the flag since it hasn't done
anything useful in a released k8s version yet.

Kubernetes-commit: 711c1e17209cc410440eecd3723e7b4906ca0e42
 2020-02-27 14:04:37 -08:00
Jordan Liggitt 15ffd4d5c4 Remove global variable dependency from runtimeclass admission 
Kubernetes-commit: 57ea7a11a646e5ad9b3f5c42ba42c0b1d279286b
 2020-02-27 15:20:26 -05:00
Antoine Pelisse 07f3bde07d Enable field management for all new objects 
Kubernetes-commit: a54a52c5de3458bfa5dbe1973d12584f59a5581c
 2020-02-10 09:06:18 -08:00
immutablet 66b663f223 Instrument DEK cache fill and request inter-arrival times. 
Kubernetes-commit: 684d6fb0ade6ac088af391cedd70bc847941a54f
 2020-02-18 16:39:53 -08:00
Tim Allclair daf1b2ae21 Start deprecation process for StreamingProxyRedirects 
Kubernetes-commit: 98ad7416faa5d393e18f29ccff11bc131338cab4
 2020-02-18 14:36:02 -08:00
Jefftree e8c3464402 Add tests for egress selector 
Kubernetes-commit: d798ccbba166449971c8579dce57870abec9131b
 2020-02-12 10:57:21 -08:00
Jefftree 62ed58125e vendor network proxy client 
Kubernetes-commit: 907ab25b6fc2d96b19fba1beae6ad3c749bc14e7
 2020-02-12 10:29:34 -08:00
Jefftree 95ee8d4df4 Support empty root CA for konnectivity 
Kubernetes-commit: 55b89a6451d253532ede0736d7bc8af62f396596
 2020-02-03 19:54:41 -08:00
Jefftree cbcdfbfd72 Network Proxy: GRPC + HTTP Connect with UDS 
Kubernetes-commit: 725d2b6a8fd7733afcbc6822723f4c7e171bcd7f
 2020-01-13 21:23:39 -08:00
Vincent C 27ae2b291d replaced tokenaccessreview with tokenreview 
Kubernetes-commit: b410f77d3140ebc19037e6089d0d45980f0c6edf
 2020-02-19 22:41:35 +08:00
yue9944882 1c89464ba6 adding response headers 
Kubernetes-commit: da6f89217d357a6683ca4a7825c673d7c2af92f0
 2020-02-17 16:06:13 +08:00
yue9944882 f93a7a8312 homogenize metrics naming 
Kubernetes-commit: a1523a049ff9fc47d7dc2c4354b16b69d2eb4be2
 2020-02-19 16:34:49 +08:00
Fabian Ruff 71203b3ff4 Fix wrong alpha version for ValidateProxyRedirects 
This feature gate apparently never made it into 1.10 or 1.11
https://github.com/kubernetes/kubernetes/pull/69943

Kubernetes-commit: 9eb45d22a43f83c0ed957a580744ddbe1ef2dccd
 2020-02-18 09:22:42 +01:00
Ted Yu f2eace2821 Do not dereference qcAPI which maybe nil 
Kubernetes-commit: 583f804652ffff898437c80ce357e4f0c379bfb9
 2020-02-14 13:30:40 -08:00
Mike Spreitzer 1ef67fe134 Version the API Priority and Fairness FieldManager values 
Kubernetes-commit: b142868eaf46b24fce0e6b01e06087c924351857
 2020-02-14 13:50:11 -05:00
Mike Spreitzer 1c79014daa Added API Priority and Fairness filter and config consumer 
Kubernetes-commit: 73614ddd4e42728a36c7ac6b7b20f27c8032cafb
 2020-01-25 19:47:12 -05:00
Yu-Ju Hong 809bbdf7f8 Replace Beta OS/arch labels with the GA ones 
Beta OS/arch labels have been deprecated since 1.14.
This change replaces these labels with the GA ones.

Kubernetes-commit: bcd975aa6575ae37ec3be3481e44cd0dccd02337
 2020-02-12 11:30:39 -08:00
Charles Eckman af3997fcac Provide OIDC discovery endpoints 
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>

Kubernetes-commit: 5a176ac77241ff059f22609fc569ac219334238c
 2019-01-29 13:46:37 -08:00
Ted Yu d4282ddc2e Return the error from copyInto 
Kubernetes-commit: 5b49d03b8440fbe531b8ebd978c18e7d3809cd50
 2020-01-23 07:48:39 -08:00
jennybuckley 4e7f113e29 Round times to nearest second before sorting 
Kubernetes-commit: 888a322d9ca3070b811b348e05ee4a3ce7da6ae9
 2020-02-11 11:54:21 -08:00
shaloulcy 1b0da4e553 add index for pod cacher 
Signed-off-by: shaloulcy <lcy041536@gmail.com>

Kubernetes-commit: fe312ed74afea539cf54ed993d79257df08ae1f1
 2020-02-08 10:13:20 +08:00
Jordan Liggitt 51a2cc34eb Lower server-side apply percentage to 10% 
Kubernetes-commit: a657d51ce35eb3886a56ed710805cd68732461ee
 2020-02-11 09:15:12 -05:00
Antoine Pelisse 3104ef647b Enable field management for all new objects 
Kubernetes-commit: 8438bba5fd911c4674e46519228e6c47b5057346
 2020-02-10 09:06:18 -08:00
Joe Betz dced5f29d8 Bump to latest SMD to pick up performance optimizations 
Kubernetes-commit: d9faaca64738a50455f38dd88845e8b4b5ca37e2
 2020-02-06 15:10:25 -08:00
Mike Danese 337d7943db generated: run refactor 
Kubernetes-commit: 3aa59f7f3077642592dc8a864fcef8ba98699894
 2020-02-07 18:16:47 -08:00
Mike Danese 5b8058738a token cache: make fetch_total a counter 
Downstreams assume process restarts when counters decrement. Currently,
the "active" label is expected to decrement but the "ok" and "error"
labels are intended to be handled as counters. This is unneccesary and
hard to deal with. This changes consolidate "blocking" and "in_flight"
tracking into a single guage, which allows fetch completion to be a pure
counter.

Kubernetes-commit: dc5934f58456d95b0264665871c0c48e16ee6469
 2020-01-07 08:48:25 -08:00
shaloulcy 2c701b633b validate storage cache indexers 
Signed-off-by: shaloulcy <lcy041536@gmail.com>

Kubernetes-commit: fa9ba80a67deeb9089e1be8ebac21063ebc07904
 2020-02-05 12:08:14 +08:00
shaloulcy 6099d76e39 add indexer for storage cacher 
Signed-off-by: shaloulcy <lcy041536@gmail.com>

Kubernetes-commit: 87582e2c3c1cb8c8e10ec05a4700f865c759b7b2
 2019-11-19 16:52:07 +08:00