kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,057 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7057 Commits

Author SHA1 Message Date
Anish Ramasekar f2c6133c7f Add `DiscoveryURL` to AuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 84852ff56f952b4c3daab920d119d24c2e6a3476
 2024-02-07 01:41:52 +00:00
Kubernetes Publisher e92429c2ad Merge pull request #123225 from aramase/aramase/f/kep_3331_latency_metrics 
Add `apiserver_authentication_jwt_authenticator_latency_seconds` metric

Kubernetes-commit: 6d2ee131ebd13ce2ec2448300bb99f4ea942f1a9
 2024-03-04 01:15:11 +00:00
Kubernetes Publisher 6f43b57386 Merge pull request #123640 from liggitt/authz-beta-config 
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1

Kubernetes-commit: 8674282a054d3ae32e2e009dab6f8a0da3689828
 2024-03-02 21:03:19 +00:00
Jordan Liggitt 4153027735 Duplicate v1alpha1 AuthorizationConfiguration to v1beta1 
Kubernetes-commit: 0605a75c5e3590e2b0ab80d2163a76c4e77f4380
 2024-03-02 01:56:29 -05:00
Kubernetes Publisher bf894b0555 Merge pull request #123634 from liggitt/handler-race 
Fix discovery v2 conversion registration data race

Kubernetes-commit: 95875b7723fe1aa50b0a6a425ece8a0927ef83f8
 2024-03-02 05:50:08 +00:00
Kubernetes Publisher cc00aa34b6 Merge pull request #123611 from ritazh/authz-mcmetrics 
Add authz webhook matchcondition metrics

Kubernetes-commit: 3e1da218014b5a4e5c95ee79404093302104438b
 2024-03-02 05:50:07 +00:00
Kubernetes Publisher 00ac59edfa Merge pull request #122975 from aramase/aramase/c/cleanup_authn_validation 
cleanup structured authn/authz error logic

Kubernetes-commit: 4e8674f4e582c7d33143c42990d9409990d979a3
 2024-03-02 05:50:03 +00:00
Kubernetes Publisher 0d2b79b3b6 Merge pull request #122882 from Jefftree/agg-discovery-v2-usage 
Use Aggregated Discovery v2 types and promote to GA

Kubernetes-commit: 3f25211d69b4412e3e926835067918f86f629f3e
 2024-03-02 01:40:36 +00:00
Jordan Liggitt 59cba35b06 Fix discovery v2 conversion registration data race 
Kubernetes-commit: 0e9cdf76ad2e21166dd5b72f7b0c2450d648c906
 2024-03-01 19:29:39 -05:00
Rita Zhang b7a30e3bfb add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: e76fce75666beb2771dfa15a10700f18d2d15d85
 2024-02-29 20:55:32 -08:00
Anish Ramasekar 09c9be2c2e Add `apiserver_authentication_jwt_authenticator_latency_seconds` metric 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 0da5e8137b839860d55938ceb6d520caba3fc776
 2024-02-08 18:08:07 +00:00
Anish Ramasekar 7b0c197f53 cleanup structured authn/authz error logic 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: c2c4f4616d4ecea9fad5b994cdc72e3f96728962
 2024-01-25 22:45:19 +00:00
Jefftree d8d3b8c351 Use v2 types with agg discovery 
Kubernetes-commit: 462dd326c2e98d937a96d49002883000efe4b2d6
 2024-01-19 16:13:47 -05:00
Jefftree 7c8cdebce9 Promote AggregatedDiscovery to GA 
Kubernetes-commit: 301e804c3f2fb3935c2cf3d2a04967f47921fc99
 2024-02-27 16:59:46 -05:00
Jefftree fc2ef69449 Remove test for disabling aggregated discovery 
Kubernetes-commit: 0593746f6093a5a59a7a047f03a4139275fcaf11
 2024-02-27 18:27:54 -05:00
Kubernetes Publisher 4fa5c0c492 Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*

Kubernetes-commit: df366107d16aa2e2cdd620be41e592184f379da4
 2024-03-01 21:19:35 +00:00
Kubernetes Publisher 57928aa72c Merge pull request #123560 from ivelichkovich/master 
kep-3716 GA, remove feature gate

Kubernetes-commit: 6cc77a577e56c68e4fde81865e022e05e8e02538
 2024-03-01 08:22:12 +00:00
Kubernetes Publisher e3922247fe Merge pull request #123458 from aramase/aramase/i/min_jwt_payload 
add min valid jwt payload to API docs for structured authn config

Kubernetes-commit: 5cf4fbe524ca1479607a4880949a032064556f76
 2024-03-01 00:40:31 +00:00
Kubernetes Publisher 3d757e5f42 Merge pull request #122676 from p0lyn0mial/upstream-watch-cache-init-events-ordering 
apiserver/storage: improve RunWatchSemanticInitialEventsExtended test

Kubernetes-commit: 234f0fcfc32919301739c39941bcf86e99666bc7
 2024-02-29 12:27:20 +00:00
Kubernetes Publisher 9ccc257322 Merge pull request #122717 from jpbetz/crd-object-filters 
KEP-4358: Custom Resource Field Selectors

Kubernetes-commit: a67973a45c4b48585e3331889eca09425caca7c2
 2024-02-29 07:01:48 +00:00
Tim Hockin 0f77d82857 Fix up go.mod files after reviews 
Because of how the previous 100+ commits were done, so changes snuck
thru that properly belong in earlier commits but it's not really
possible to do that without a lot of effort.

We agreed it was OK to "spackle" these cracks with a final commit.

Kubernetes-commit: 21715e6bbd19c932576ff268843d8ead3edb05e4
 2024-02-28 16:50:55 -08:00
Kubernetes Publisher 0a2e73e991 Merge pull request #123562 from jpbetz/bump-cel-go-0_17_8 
Bump cel-go to v0.17.8 to pick up CEL estimated cost fix

Kubernetes-commit: fe8a12d264c88ac3cd0fb97d73c936de3fdd9788
 2024-02-28 23:18:35 +00:00
Joe Betz 414d2e2d63 Add selectableFields to CRDs 
Kubernetes-commit: 291703482d58ae030da71c6d671a96a6f960fc6f
 2024-02-28 14:06:06 -05:00
Igor Velichkovich fc7cf5fb84 kep-3716 GA, remove feature gate 
Kubernetes-commit: a51a5b462236d5eb87e6d690065f884c281a833c
 2024-02-28 10:45:51 -06:00
Joe Betz 5957e27e51 Bump cel-go to v0.17.8 to pick up CEL estimated cost fix 
Kubernetes-commit: d49949b64205ca68222d001806d127fc6d7489f9
 2024-02-28 10:52:36 -05:00
Kubernetes Publisher 4b96323a12 Merge pull request #120897 from wojtek-t/fix_order_of_init_events 
Ensure that initial events are sorted for WatchList

Kubernetes-commit: 54f9807e1e84981b2053f4daf779f5ed19962144
 2024-02-28 07:29:22 -08:00
Tim Hockin 27e765eeff Remove old gengo detritus 
Kubernetes-commit: 812d5fff4011df4693dcdace516feec30ebff8ba
 2024-02-26 23:31:41 -08:00
Anish Ramasekar b3e4dc29ef add min valid jwt payload to API docs for structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: b57d7d6ad79ed0a2a8359144c07eadeef0ea3fd3
 2024-02-22 16:33:24 -08:00
Tim Hockin 5624a05672 Remove defunct references to "vendor" 
Kubernetes-commit: d772f7719dc55ebfec2e9461b6e14bf17f5301df
 2024-01-15 15:56:21 -08:00
Lukasz Szaszkiewicz 816c9a3d12 apiserver/storage: improve RunWatchSemanticInitialEventsExtended test 
changes the test to populate the underlying data store with
more data to trigger potential ordering issues.

Kubernetes-commit: 20ded275705a6e11c1113cbeedad4de94e2dc666
 2024-01-10 11:08:35 +01:00
Tim Hockin 541bc37de9 Fix go-to-protobuf wrt gengo/v2 
There's some very fishy-smelling logic in here, but this commit is
trying to be as focused as possible.

The *.pb.go diffs are the "name" encoded in the descriptor.  The
descriptor blobs can be decoded by this program (thanks StackOverflow!):

```
package main

import (
	"bytes"
	"compress/gzip"
	"encoding/json"
	"fmt"
	"os"

	"io/ioutil"

	proto "github.com/golang/protobuf/proto"
	dpb "github.com/golang/protobuf/protoc-gen-go/descriptor"
)

func main() {
	m := map[string][]byte{
		"before": blobv1,
		"after":  blobv2,
	}
	arg := os.Args[1]
	dump(m[arg])
}

func dump(bytes []byte) {
	fd, err := decodeFileDesc(bytes)
	if err != nil {
		panic(err)
	}
	b, err := json.MarshalIndent(fd, "", "  ")
	if err != nil {
		panic(err)
	}
	fmt.Println(string(b))
}

// decompress does gzip decompression.
func decompress(b []byte) ([]byte, error) {
	r, err := gzip.NewReader(bytes.NewReader(b))
	if err != nil {
		return nil, fmt.Errorf("bad gzipped descriptor: %v", err)
	}
	out, err := ioutil.ReadAll(r)
	if err != nil {
		return nil, fmt.Errorf("bad gzipped descriptor: %v", err)
	}
	return out, nil
}

func decodeFileDesc(enc []byte) (*dpb.FileDescriptorProto, error) {
	raw, err := decompress(enc)
	if err != nil {
		return nil, fmt.Errorf("failed to decompress enc: %v", err)
	}

	fd := new(dpb.FileDescriptorProto)
	if err := proto.Unmarshal(raw, fd); err != nil {
		return nil, fmt.Errorf("bad descriptor: %v", err)
	}
	return fd, nil
}

var blobv1 = []byte{
	// insert proto "before" blob here
}

var blobv2 = []byte{
	// insert proto "after" blob here
}
```

Running this with "before" and "after" args, and diffing the output
yields something like:

```diff
--- /tmp/a	2023-12-23 23:57:04.748090836 -0800
+++ /tmp/b	2023-12-23 23:57:11.000040973 -0800
@@ -1,5 +1,5 @@
 {
-  "name": "k8s.io/kubernetes/vendor/k8s.io/api/admission/v1/generated.proto",
+  "name": "k8s.io/api/admission/v1/generated.proto",
   "package": "k8s.io.api.admission.v1",
   "dependency": [
     "github.com/gogo/protobuf/gogoproto/gogo.proto",
```

Kubernetes-commit: b0a70dec4ab4cb9f972cf39a81ca5e5555417227
 2023-12-24 10:01:42 -08:00
Tim Hockin 510f374e58 Re-vendor latest kube-openapi and gengo/v2 
./hack/pin-dependency.sh k8s.io/kube-openapi latest
./hack/pin-dependency.sh k8s.io/gengo/v2 latest
./hack/update-vendor.sh

Kubernetes-commit: 6f2f3735e04df5e4822176a2784069634c3c74a3
 2024-02-26 17:02:22 -08:00
Wojciech Tyczyński 45b7f21179 Ensure that initial events are sorted for WatchList 
Kubernetes-commit: 92bdc7b3873800e6130176e49acdf5e17110e5b9
 2023-09-26 18:39:44 +02:00
Kubernetes Publisher 04dda9abb8 Merge pull request #122830 from p0lyn0mial/upstream-watch-cache-wati-for-bk-after-rv 
storage/cacher: ensure the cache is at the Most Recent ResourceVersion when streaming was requested

Kubernetes-commit: d2b4928669c633cffb0e4aa6317d0e016ee37de6
 2024-02-28 12:29:11 +00:00
Kubernetes Publisher 3e22226ac6 Merge pull request #123281 from seans3/remote-command-websocket-beta 
RemoteCommand over WebSockets to Beta

Kubernetes-commit: f7ca532472f035db2aedc8a1f86639dfd1dc596f
 2024-02-28 12:29:10 +00:00
Kubernetes Publisher f663919323 Merge pull request #123538 from jiahuif-forks/fix/cel/mutation-library-map-support 
CEL mutation library: add support for map

Kubernetes-commit: 286cdad32d7967a5f3b84a8924448ea914d44c00
 2024-02-28 12:29:05 +00:00
Kubernetes Publisher e79edc2673 Merge pull request #123540 from enj/enj/i/jwt_iss 
jwt: strictly support compact serialization only

Kubernetes-commit: 236f1b0f6b4cbb7e372a72d181c6285bdaf74873
 2024-02-28 00:35:48 +00:00
Jiahui Feng 8485f72a96 add support for map 
to CEL mutation library.

Kubernetes-commit: dc4c92f5a5646ed8d131a8bb8ff96b5e6b3e4bb8
 2024-02-27 13:55:08 -08:00
Monis Khan 1154db23b1 jwt: strictly support compact serialization only 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e89dddd4af67d34e441ec1733bdb22ce725d621c
 2024-02-27 12:40:59 -05:00
Lukasz Szaszkiewicz e53bac21d8 storage/watch_cache: rework getAllEventsSinceLocked 
Kubernetes-commit: ecaf2093f51fed5f544520b0ac00fb33a474b7f5
 2024-02-26 12:22:05 +01:00
Sean Sullivan b5f79f8dae streamtranslator counter metric by status code 
Kubernetes-commit: 03812ddb169725b0652744c2ecaa151f5c03887b
 2024-02-24 03:55:17 +00:00
Kubernetes Publisher f08c74c02d Merge pull request #123427 from alexzielenski/apiserver/policy/matching-refactor 
ValidatingAdmissionPolicy: Factor out matching and params logic for reuse with MutatingAdmissionPolicy

Kubernetes-commit: 446afd90b2e56e3f67372f413c1be62b4fc76b6d
 2024-02-22 20:38:53 +00:00
Cici Huang c8d2257e3a [KEP-3962]Add feature gate for MAP (#123425) 
* Add feature gate for MAP

* sort feature gates.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>

Kubernetes-commit: 9bc5257c450f7dfda187bfadd96f32310a2eaa18
 2024-02-21 17:00:13 -08:00
Kubernetes Publisher fe1489716d Merge pull request #123348 from hoskeri/update-go-x-crypto-19 
Update x/crypto to 0.19.

Kubernetes-commit: 9a9028983806af26e7b48223f3a92922e94725df
 2024-02-21 20:38:58 +00:00
Kubernetes Publisher 290f0e4aff Merge pull request #123392 from thockin/depreciate 
Cleanup: s/depreciated/deprecated/g

Kubernetes-commit: 11785bb815d58eb553be3a1fa305464c35d860cc
 2024-02-21 12:41:17 +00:00
Kubernetes Publisher d23525a070 Merge pull request #123342 from logicalhan/storage-metric 
bump the stability level of apiserver_storage_size_bytes to STABLE

Kubernetes-commit: e613eb33885171a0584aa58cfad9e7c157d23326
 2024-02-21 12:41:14 +00:00
Lukasz Szaszkiewicz 19bd56380e storage/cacher: add TestGetWatchCacheResourceVersion, TestGetBookmarkAfterResourceVersionLockedFunc 
Kubernetes-commit: d629d3fa355ec90f618663b0933d28d335489c54
 2024-02-21 10:06:42 +01:00
Tim Hockin d38e8187d9 Cleanup: s/depreciated/deprecated/g 
Kubernetes-commit: 9f4b82bf3b079fe868effbd2498b61464db6d459
 2024-02-18 14:50:55 -08:00
Kubernetes Publisher 4bf12f9a46 Merge pull request #123330 from alexzielenski/flake-workaround 
flake: avoid flake by ensuring params appear in the initial list

Kubernetes-commit: 8a0147c8825ddd6afa56fd3e647e2d659683483c
 2024-02-18 04:43:13 +00:00
Kubernetes Publisher c3868a06e6 Merge pull request #123333 from liggitt/authz-metrics 
Add allowed/denied metrics for authorizers

Kubernetes-commit: 6ff6b519042b40ad9d7710ac132eb4e6231940e1
 2024-02-18 04:43:11 +00:00