This commit adds an option for controlling request of compaction to
etcd3 from apiserver. There is a situation that apiserver cannot fully
own its etcd cluster (e.g. sharing it with canal). In such a case,
apiserver should have limited access in terms of etcd's auth
functionality so it don't have a priviledge to issue compaction
requests. It means that the compaction requests should be issued by
other component and apiserver's compaction requests are needless.
For such use cases, this commit adds a new flag
`storagebackend.Config.CompactionInterval`. If the flag is non 0,
apiserver issues the compaction requests like current behaviour (the
default is 5 minutes). If it is 0, apiserver doesn't issue the
requests. It can be configured with a newly added option of apiserver
`--etcd-compaction-interval`.
Kubernetes-commit: 87d4d3e92be6b93517f189082b0451cee6957ee5
optionsExternalVersion is being used for shared types (meta.k8s.io). The
installer should first look in the current API group for GET and CONNECT
options objects before checking in `v1`.
Kubernetes-commit: 0e4b20fbf9ff299c37a5055e082fa27dbf2b49c0
The first one being RecommendedPluginOrder the second one being DefaultOffPlugins.
In case a cluster-admin did not provide plugin names they will be derived from these fields.
Kubernetes-commit: 7a92947588070a8eedd0bf50edcfbf0fcc1d4096
Allows a caller to know how many exec, log, proxy, and watch calls are
running at the current moment.
Kubernetes-commit: fabce1b893f96bdf466c1fdb1fcf825210c008ae
Remove the MonitorRequest method and replace with a method that takes
request.RequestInfo, which is our default way to talk about API objects.
Preserves existing semantics for calls.
Kubernetes-commit: 10e6dc5ed3573118c56fa8823b387e47c8e8ae06
Trying to make sure we always log the flags an instance of apiserver
starts with.
This can be especially valuable for emailed logs or e2e/kubemark tests.
Kubernetes-commit: 366459aee84a4de1f0342a464bd479a5d12e6f0f
In GuaranteedUpdate, if it was called with a suggestion (e.g. via the
watch cache), and the suggested object is stale, perform a live lookup
and then retry the update.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Kubernetes-commit: bf33df16b52508974ddedacd814010cfe0fb79f0
Currently setting watch cache size for a given resource does not disable
the watch cache. This commit adds a new `default-watch-cache-size` flag
to map to the existing field, and refactors how watch cache sizes are
calculated to bring all of the code into one place. It also adds debug
logging to startup to allow us to verify watch cache enablement in
production.
Kubernetes-commit: fc2d201e155296f311ae0a9278b00dcae2d68708
This change does three things:
1. use auditinternal for unit test in filter stage
2. add a seperate unit test for Audit-ID http header
3. add unit test for audit log backend
Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
Updates https://github.com/kubernetes/kubernetes/issues/48561
This provide a way to omit some stages for each audit policy rule.
For example:
apiVersion: audit.k8s.io/v1beta1
kind: Policy
- level: Metadata
resources:
- group: "rbac.authorization.k8s.io"
resources: ["roles"]
omitStages:
- "RequestReceived"
RequestReceived stage will not be emitted to audit backends with
previous config.
Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f
p0lyn0mial