2a3f44cd21
apiserver: fix lint issue, defaulting and validation test for flowcontrol v1
...
Kubernetes-commit: 430c226709b4dfd1284f6463c7a37603154ad39c
2023-10-11 14:03:42 -04:00
a0dede6875
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: baac8bb573c8efb314b037f4fbac116556c03c83
2023-10-11 10:46:30 -07:00
77032c52b8
k8s.io/apiserver/storage: add 3 new unit tests for delete.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 26a4e06c92c248748dd3c50c74d75f8adc3c6823
2023-10-11 10:38:01 -07:00
70af178d56
k8s.io/apiserver/storage: add a new TestCreate case.
...
Add a test case of create with rv set.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 2f923e356e042d9dce88e8f78abf30f414051e71
2023-10-11 10:24:31 -07:00
e15d4d2e0b
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
...
Extract getCurrentState as a separate method that can be reused.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: ebca5d438d9cb2c82d0b99dbcb0aeca8879db441
2023-10-11 09:56:07 -07:00
0b0a995736
apiserver: apf controller, bootstrap, tests should use flowcontrol v1 API
...
Kubernetes-commit: 17bda3c3e05a75943591f61f37d7fdc0d07870ec
2023-10-11 09:20:41 -04:00
a98816fb0a
Merge pull request #121111 from dashpole/update_otel_deps
...
Update OpenTelemetry Dependencies
Kubernetes-commit: eafebcc9e368d6aeaab0ce5ec4fd56b94174d0c4
2023-10-11 07:26:19 +00:00
1234a74f8e
refactor: move correlatedObject to its own file
...
no changes except package naming
Kubernetes-commit: 27cb869e5596525cec9884ecb9b02bfcfe5273e4
2023-10-10 10:53:12 -07:00
3029a9f674
add rest of accessors to common.Schema
...
needed for declarative validation, CRD ratcheting
Kubernetes-commit: 438c0daab7587bdb094e714e68b5ba2f9f6ae963
2023-10-09 17:49:37 -07:00
bfdac7f8f4
[KMSv2] Add tracing
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 8d3a25c7c98d77419111a02917f459aab8970087
2023-10-09 23:43:46 +00:00
140ffa083d
set maxLength to longest enum.
...
Kubernetes-commit: 302d350e88eac519e1df020b82256371c171b861
2023-10-09 11:00:45 -07:00
445b713906
Prevent rapid reset http2 DOS on API server
...
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.
The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.
For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections. They can use http2, but with the performance of http1
(with keep-alive disabled).
Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default). For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection). An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.
For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
2023-10-07 21:50:37 -04:00
cca4910d25
authz: add cel expression to webhook matchconditions
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
2023-10-06 17:47:23 -07:00
d35f091281
fix missing http.target trace attribute
...
Kubernetes-commit: 80269d5d3497acc8ad155cb9bfbfaa7fd9e20d1f
2023-10-06 18:09:29 +00:00
6e80c0dfa4
dependencies: update otel-go dependencies
...
Kubernetes-commit: dc334b953d99f233b56ec2cd78bff218a00152a0
2023-10-05 12:52:33 -07:00
e7db207bf4
Merge pull request #121117 from MadhavJivrajani/bump-x-net
...
[CVE-2023-39325] .: bump golang.org/x/net to v0.17.0
Kubernetes-commit: 7ee2af5cc5fee6a6f837975a70a35ce681a8e9d4
2023-10-10 19:27:11 +00:00
bdde7b6248
.: bump golang.org/x/net to v0.17.0
...
Bumping golang.org/x/net in light of CVE-2023-39325 and CVE-2023-44487.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: fc7c951d5a5b8b75dfa105e3bea7bbddaf4c792e
2023-10-10 23:07:19 +05:30
fef0d75638
Merge pull request #121082 from pohly/ginkgo-gomega-update
...
dependencies: ginkgo v2.13.0, gomega v1.28.0
Kubernetes-commit: 755644a169ad495a34bc5e1db502962fc6dd3750
2023-10-10 15:27:37 +00:00
b82dc081b8
dependencies: ginkgo v2.13.0, gomega v1.28.0
...
Besides simply staying up-to-date, ginkgo v2.13.0 adds a `PreviewSpecs` which
will be used for introspection of the E2E test suites.
Kubernetes-commit: 79355caa565cc34e8726c427562c9f109ebe0e34
2023-10-09 19:27:06 +02:00
6ec195f3b2
Merge pull request #120985 from palnabarun/3221/fix-authorizer-name
...
[StructuredAuthorizationConfiguration] Fix the level at which authorizer name is surfaced
Kubernetes-commit: 6f5fa2eb2f4dc731243b00f7e781e95589b5621f
2023-10-05 03:42:16 +00:00
6b0a70e192
typed variables support.
...
Kubernetes-commit: c03579bfa40dcb39e1ffe24c12f933720e4eb204
2023-10-04 16:39:24 -07:00
2e1024671d
Fix v3 spec
...
Kubernetes-commit: b30c6bdff817cec28b3d88b3bb3e12f1e86488d0
2023-10-04 12:55:49 -04:00
70eb989b94
k8s.io/apiserver: fix levelling of the name field in AuthorizationConfiguration
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 11ce6d29157daf7437d6da7fdeb11cabf2e774aa
2023-10-04 10:33:58 +05:30
e014cf25b9
Generated files
...
Kubernetes-commit: c65fe450d8a3229cfe531a3806939775dd52e7e0
2023-10-03 20:16:10 +08:00
22545bb551
Merge pull request #120222 from tkashem/apf-queue-wait-ctx
...
apf: manage request queue wait with context in APF Filter
Kubernetes-commit: 6a84edb2cee68fc60d3f4bd15eb461a184303236
2023-10-03 10:31:18 +00:00
d763e7d132
Fix API docs for audit APIs
...
The `*`s in the source comment is confusing the API reference generator.
They are treated as symbols for bold texts when generating reference docs.
This PR replaces the quote marks with backtiqs so that the reference
generator can properly handle them.
Kubernetes-commit: e7b2aeee930188eec125bbb91096d9d3fd6f3b5c
2023-10-03 17:18:23 +08:00
3acfc3ce16
Merge pull request #119865 from charles-chenzz/bump_deps
...
bump github.com/emicklei/go-restful/v3 to v3.11.0
Kubernetes-commit: bf1fa0c6691bb3bc6c5c03f900c53ed609e580a4
2023-09-28 14:57:16 +00:00
6bff95ab99
Merge pull request #120908 from sttts/sttts-optional-authz
...
controlplane/apiserver: don't crash if authz or other options are explicitly disabled in options
Kubernetes-commit: 1020678366f741834f06b9f0087e57e48f93ffba
2023-09-27 18:31:56 +00:00
a8f5357696
Merge pull request #120490 from p0lyn0mial/upstream-watch-list-cache-metrics
...
collect watch-list requests latency metric
Kubernetes-commit: bdedc21fd9579d2838f1e330bb4a93d4cb8b5cbd
2023-09-27 18:31:54 +00:00
5bfa063b10
bump kube-openapi
...
Kubernetes-commit: 555c1b8091c2312e7b3f9002fc8a4787e759ef31
2023-09-27 14:02:53 -04:00
b259861486
staging/apiserver: correct KubeConfigFile type in authorization types
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 2bf2c4f3a413d3a2e070fe61aeba6fb309bf2e5e
2023-09-27 17:48:38 +05:30
4693682515
Add --authorization-config flag to apiserver
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 22e5a806a73e48486a90491fc3eb03d208b520a0
2023-09-25 09:18:11 +05:30
2f3285287e
controlplane: make option structs uniformly optional
...
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
Kubernetes-commit: 63950491764535a8635cb2c4810db59a9a1fad25
2023-09-24 11:50:38 +02:00
28ed1d7ad4
fix data race in apf unit test
...
Kubernetes-commit: 52c58d970e54bf10b78512c68602f70b0a970f31
2023-09-22 14:42:43 -04:00
340fd67b3a
storage/etcd3/metrics: add unit test for apiserver_storage_objects
...
Kubernetes-commit: a96b97e40c0837f727c8e6d42f021b66922bb26c
2023-09-22 16:12:40 +02:00
78b670287d
Implement CEL and wire it with OIDC authenticator
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 26e3a03d12d71e6e97bc7c40542cb7519051dd73
2023-09-20 23:11:37 +00:00
f2ba735b90
KEP-4193: bound service account token improvements
...
Kubernetes-commit: 76463e21d4dec90b4d49975b182a13e1fdb6b20a
2023-09-19 15:23:28 +01:00
1c49f6c8ba
endpoints/metrics: define watchListLatencies metric and associated functions
...
Kubernetes-commit: a97f4b7a3123c9768ec7136b6ca32be926e16cd6
2023-09-19 03:05:37 +02:00
cd87b8f62d
handlers/watch: calculate and record WatchList latency metric.
...
Kubernetes-commit: 772b1f4cd84a738f632716e28d4067c00f0b7f13
2023-09-19 03:05:00 +02:00
cd865f28a6
Merge pull request #120872 from p0lyn0mial/upstream-has-initial-events-annotation
...
storage/util: introduce HasInitialEventsEndBookmarkAnnotation
Kubernetes-commit: 9410de78b23eb4f88de900552d90638bc67ffcd4
2023-09-25 07:47:25 -07:00
db34e9b7c7
storage/util: introduce HasInitialEventsEndBookmarkAnnotation
...
Kubernetes-commit: 70ae9c441cee9d78a88c0526592796ac4f491096
2023-09-18 11:39:08 +02:00
9419689f30
Merge pull request #119557 from p0lyn0mial/upstream-watch-list-etcd-store
...
Add support for API streaming to the etcd store implementation
Kubernetes-commit: fcfc2d05a4737646c7951943cc70c5900bf61145
2023-09-25 14:31:28 +00:00
10be293530
Merge pull request #120836 from jkh52/knp-0.28.0
...
Bump Konnectivity to 0.28.0
Kubernetes-commit: c5cf0ac1889f55ab51749798bec684aed876709d
2023-09-23 14:33:03 +00:00
ec568d7c18
Bump Konnectivity to 0.28.0
...
Kubernetes-commit: 1b602ffd9a412fccf87de9658da56a30e1ec1a0b
2023-09-22 11:42:00 -07:00
49162f0981
Merge pull request #120807 from p0lyn0mial/upstream-extend-generic-watch-semantic-tests
...
Extend RunWatchSemantics test by a new flavour and fill the gap
Kubernetes-commit: 7a941176a7aca28845c83f450000d1e881267348
2023-09-22 14:34:15 +00:00
e7424d8207
storage/testing/watcher_tests: add new flavour to RunWatchSemantics test and fill the gap
...
the new flavour proves that a storage layer follows RV
which is equal to the global rv
Kubernetes-commit: 0e238c4c28f11d1ec7cf5f506c81195c1cc463fe
2023-09-22 09:32:23 +02:00
c52221aa17
Merge pull request #120388 from HirazawaUi/add-group-to-apiserver-tracing
...
Add group, version, namespace, name, and subresource to apiserver tracing
Kubernetes-commit: 1e862b0fec39999fd55b42cf592ab5249b2651e8
2023-09-21 22:30:46 +00:00
c1b34a994c
Merge pull request #120797 from p0lyn0mial/upstream-refactor-generic-watch-semantic-tests
...
storage/testing/watcher_tests: refactor RunWatchSemantics tests
Kubernetes-commit: 0a2a56863965987d5c0058f4aaa9fb8f0180c851
2023-09-21 18:37:18 +00:00
f0dfb17949
storage/testing/watcher_tests: refactor RunWatchSemantics tests
...
Kubernetes-commit: dc5cfe3cff289ecb97153716bfd5817579d00fb3
2023-09-21 12:16:16 +02:00
696768606f
Merge pull request #120695 from p0lyn0mial/upstream-move-watch-semantic-tests
...
storage/testing: make WatchSemantics tests storage agnostic
Kubernetes-commit: 408e45a66a82a566e4684d6a97f9810127b985f9
2023-09-19 14:33:20 +00:00
Abu Kashem
Siyuan Zhang
Kubernetes Publisher
Alexander Zielenski
Anish Ramasekar
Jiahui Feng
Monis Khan
Rita Zhang
David Ashpole
John Howard
Madhav Jivrajani
Patrick Ohly
Jefftree
Nabarun Pal
Qiming Teng
Dr. Stefan Schimanski
machine424
James Munnelly
Lukasz Szaszkiewicz
Joseph Anttila Hall