8485f72a96
add support for map
...
to CEL mutation library.
Kubernetes-commit: dc4c92f5a5646ed8d131a8bb8ff96b5e6b3e4bb8
2024-02-27 13:55:08 -08:00
dd139db676
refactor: use shared CollectParams from VAP
...
Kubernetes-commit: 4760e0cc44fb0ee2a92d12ee2b17f094e7ea94ec
2024-02-15 17:00:45 -08:00
9a4b2b3543
refactor: use match from generic pkg in vap
...
It is same exact code, but uses accessors now
Kubernetes-commit: 64cd09f7208e7a45d87ab6436c833c984fa6e594
2024-02-20 09:22:18 -08:00
ed64edd4e0
add generic policy dispatcher
...
similar to the generic policy source, applies common match logic
for code sharing with validating/mutating
Kubernetes-commit: 96c418a7b73f2f85be530ad9b987d70eeeab14b0
2024-02-21 13:09:49 -08:00
48e4f369ee
test: infer gvk of objects
...
avoids relying on the GVK to be written to the object
Kubernetes-commit: 11ed3032c091bab4c56d471c8d0049ccb9c20efb
2024-02-16 10:43:05 -08:00
eed515aa23
refactor: handle paramKind directly
...
remove hacks that might conceal errors
Kubernetes-commit: acf1d850c6153aae10f26ef3d3e21fa8a63b20e0
2024-02-20 09:22:35 -08:00
223ffcc3b0
add functions to policy accessors for getting match information and params
...
Kubernetes-commit: 6d5133f3ecd4ddb38a29dac69641fb56576491a2
2024-02-15 16:33:41 -08:00
c8d2257e3a
[KEP-3962]Add feature gate for MAP ( #123425 )
...
* Add feature gate for MAP
* sort feature gates.
---------
Co-authored-by: Jiahui Feng <jhf@google.com>
Kubernetes-commit: 9bc5257c450f7dfda187bfadd96f32310a2eaa18
2024-02-21 17:00:13 -08:00
d38e8187d9
Cleanup: s/depreciated/deprecated/g
...
Kubernetes-commit: 9f4b82bf3b079fe868effbd2498b61464db6d459
2024-02-18 14:50:55 -08:00
f615696539
bump the stability level of apiserver_storage_size_bytes to STABLE
...
Kubernetes-commit: f38852768e312fe7b9775b92f7228371a0a96f90
2024-02-16 09:13:46 -08:00
8e917a7cef
flake: avoid flake by ensuring params appear in the initial list
...
sometimes they would not appear in the initial list if they were added while the informer was starting up due to ObjectTracker race
Kubernetes-commit: def05a20e22f069a60f4190755e8c7244d18781c
2024-02-15 13:58:29 -08:00
fe847b31f4
Add allowed/denied metrics for authorizers
...
Kubernetes-commit: d5d3eddb95b657f03677c21498f185d70d87cdda
2024-02-16 02:26:18 -05:00
000601bdbe
Add handler to run watch serving in separate goroutine
...
This handler allows running execution prior to actual serving in a separate
goroutine when serving requests. Doing so benefits cases in serving long running
requests because it allows freeing memory used by the separate goroutine
and keeps the serving routines slim.
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 7b2698a5e5c61b303481c2006847409fc8704746
2023-10-10 08:53:26 +00:00
c2310e1279
Implement authz config file reloading
...
Kubernetes-commit: 5dc92ada068cb80a2866cfaa1f9aa760d2524680
2023-11-08 08:49:58 -06:00
7e9e7fe668
move OWNERS from validating to all new parent policy folder
...
meant to do this in refactor PR
Kubernetes-commit: bd27c99262e73955af6af19a1d6d72fce6739522
2024-02-14 16:32:08 -08:00
1bc99127a6
Add integration test for multiple audience in structured authn
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 0feb1d5173c94e28da79963fb296296b005dd6a1
2024-02-14 17:04:21 -08:00
6f648c15a2
Add retry around create
...
Kubernetes-commit: a05db0dd22a68a9c443a9f01cc1b8f6397fd6a9f
2024-01-19 16:10:30 -05:00
fb760be3fc
support multiple audiences with jwt authenticator
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 18c563546a764b559ce5b74f09eaaaf9c1f0e5fb
2024-01-24 17:15:11 +00:00
26996e3679
Add AudienceMatchPolicy to AuthenticationConfiguration
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 19da90d6396ce9471f612d6e9a31f1b1c8d605b1
2024-01-25 22:35:16 +00:00
1672796601
bugfix: avoid NPE possibility by making composition environment global
...
Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33
2024-01-29 13:45:27 -08:00
9fd47abbb1
refactor: implement VAP off of policy plugin fw
...
Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058
2024-01-22 17:31:52 -08:00
f8d65cf3a6
refactor: create generic policy plugin type similar to webhook
...
Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be
2024-01-22 17:31:34 -08:00
06be9d025c
refactor: move matching logic into parent policy folder
...
Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3
2024-01-17 18:12:41 -08:00
57e06e43f7
refactor: move vap into parent `policy` folder
...
also renames to remove stutter
comment
Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a
2024-01-17 18:09:30 -08:00
3769e5c054
refactor: move celmetrics close to its usage in vap
...
does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics
Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7
2024-01-17 17:05:53 -08:00
f6b16dddb3
Add `apiserver_encryption_config_controller_automatic_reloads_total`
...
metric
- Adds `apiserver_encryption_config_controller_automatic_reloads_total`
metric with status label for encryption config reload success/failure.
- Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total`
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 77241d31253baf051302fff7480c9601ad817399
2024-02-07 19:44:41 +00:00
6f620d4d18
add test case for error inside variables.
...
Kubernetes-commit: 3e777540fda8dda01bb72702b1e39675f21d2955
2024-02-08 13:39:25 -08:00
ab64beb117
add support of variables for Type Checking.
...
Kubernetes-commit: dc832c6e59e98f8b842efe42d3f18a67e781779d
2024-02-01 15:28:21 -08:00
1501159ecb
refactor type checking to use CompositedCompiler.
...
Kubernetes-commit: 21ba0d59d3a29b5668d4ba712d5b130d458121c6
2024-02-01 13:20:21 -08:00
f099bff723
chore: adds consistent vanity import to files and provides tooling for verifying and updating them. ( #120642 )
...
* chore: drops update vanity imports from script.
* chore: changes copyright year to 2024.
* chore: makes lint happy.
Kubernetes-commit: 6d6398ef9266abce3518a4c9a3d4e4d8feeffdc1
2024-02-08 14:10:27 +00:00
554c2d262b
apiserver: allow zero value for the 'nominalConcurrencyShares' field
...
Kubernetes-commit: 5f75c35edf1ea0a10a64615c43b5868484c94f46
2024-01-26 14:27:09 -05:00
e6f368f3b9
apiserver: refactor handleError in endpoints/filters
...
Kubernetes-commit: 9e37ccedc7fbbbacf07ecc79949c75e1e250ba58
2024-01-09 13:32:09 -05:00
c60b23f298
use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint
...
Kubernetes-commit: 7f12735fffdc490eae59e98d0f03638067b028de
2024-02-02 16:57:16 +00:00
586f61dd0f
Fix the syntax error in the comment of the checkQuotas method. ( #121428 )
...
* Update controller.go
Fix comment error.
From "It there was no quota change mark the waiter as succeeded." to "If there was no quota change mark the waiter as succeeded."
* Adjust the comments to maintain consistent tense throughout.
Adjust the comments to maintain consistent tense throughout.
Kubernetes-commit: 5855f5178f42dbc114b6c5ac1964a5dd62bb0957
2024-02-06 00:45:00 +08:00
eff38efc48
apiserver: warning should not panic when request times out
...
Kubernetes-commit: 7cab0ad2d2b2688575c1d6c8b5ecee2bfa5a39ff
2023-01-26 08:56:10 -05:00
bc8676d59a
Add decoding time to the audit log
...
Kubernetes-commit: 20fe2a3539e90f7554f94359ac3b4058a5bbb363
2023-10-25 22:52:11 +08:00
43f24ff9ee
fix comment of rbac decision for NoOpinion
...
Signed-off-by: lowang_bh <lhui_wang@163.com>
Kubernetes-commit: 3579674df2df72956b34fa2593e526c02beea9d6
2023-06-06 22:36:14 +08:00
69adaecb9e
bugfix: dont skip reconcile for unchanged policy if last sync failed
...
Kubernetes-commit: 71559bd02670f53a2d6640714eeb4e7fbc554e86
2024-01-26 18:57:30 -08:00
95a53374a5
convert the expectedValues to be cel.Val.
...
Kubernetes-commit: c89dcf52b12bf5e32f71f3ed600315242f7e44f6
2024-01-25 13:52:39 -08:00
f0c47558ed
extra case for affirmative has(map) test.
...
Kubernetes-commit: d6991638029be493e5c197b6cd0d268d8ce55457
2024-01-25 13:36:42 -08:00
eb407cc3dd
fix convertField and its comments.
...
Kubernetes-commit: d0c323fb8fbfa5c1b91ae445cbda60a416e85e65
2024-01-23 16:47:33 -08:00
3a5a43790e
add support for equality check.
...
Kubernetes-commit: df9620c9f6f6a60f7cbcacb3ad9fa40d79d1d73e
2024-01-23 16:07:39 -08:00
8b89a41f3f
mutation library for CEL.
...
- TypeRef, TypeProvider interfaces.
- TypeRef, TypeProvider, ObjectVal, FieldType implementations
for unstructured.
- Tests for using optional in mutation.
Kubernetes-commit: 9bbdbc510ebf8e2dcb243d6fbbf57449f895196e
2024-01-19 17:03:34 -08:00
f709e954ab
drop deprecated pointer package
...
Signed-off-by: liyuerich <yue.li@daocloud.io>
Kubernetes-commit: e490439262fad619d83c5647a42a5382cb9c787b
2023-09-15 21:03:36 +08:00
8b49df5c88
Update env version, Add cost for previous func, add tests, etc.
...
Kubernetes-commit: 3fb679016423e80b87cf3e540d296471223460e6
2023-12-05 23:26:13 +00:00
ca8d0aaf91
client-go/reflector: make UseWatchList a pointer
...
until #115478(use streaming against the etcd storage)
is resolved the cacher need a way to disable the streaming.
Kubernetes-commit: 41e706600aea7468f486150d951d3b8948ce89d5
2024-01-19 13:48:29 +01:00
ff6a2dc722
Negative index regression test for json-patch ( #122625 )
...
* add testcase with negative index
* exercise successful negative index patching
* use different values for testing
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
---------
Co-authored-by: Chris Bandy <bandy.chris@gmail.com>
Kubernetes-commit: 83ff8a2f49f820fb355b24c65b8629710dca8a54
2024-01-18 09:31:12 +00:00
aa358081a5
fix evaluate resource quota if a resource is updated when the InPlacePodVerticalScaling feature-gate is on
...
Kubernetes-commit: 041e97af1f0ee40029dcd44abd63f84514eca59e
2024-01-11 16:04:02 +08:00
285e6ec394
Clean up encryption config reading and hashing logic
...
This is a no-op change that makes the internal encryption config
hash more specific to it use and explicitly marks it as unstable.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 9387a66c71fd85840cb199b468610b8fa950253f
2024-01-10 14:48:30 -05:00
fa628fd528
Use http/2 for localhost webhook
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 246e69fb99007412c4903fe8e7ad1d8c5f25cd8e
2024-01-03 13:49:51 +00:00
7751f0aa90
remove import hack about k8s.io/utils/clock/testing
...
Kubernetes-commit: 81d040d538101b89bd8edd51bb78a58ea5bf793c
2023-11-16 12:30:14 +08:00
4e1e99b0ca
remove GA featuregate RemoveSelfLink
...
Kubernetes-commit: 3b67181c93be39244370b560f83fa7546f7c65c0
2023-12-25 00:29:38 +08:00
e7eedd15ec
move encryption config types to standard API server config location
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 75695dae1093cc08cb56a4930c0be8e7e4433be1
2023-12-16 00:00:21 +00:00
6bad17ce50
[StructuredAuthnConfig] add comment for extra keys unique requirement
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: af8da8e01c28286feedf528e94683781a0387a99
2024-01-02 19:58:20 +00:00
febd537a31
use build-in max and min func to instead of k8s.io/utils/integer funcs
...
Kubernetes-commit: eb8f3f194fed16484162aebdaab69168e02f8cb4
2023-12-15 15:09:11 +08:00
a2e6b85db4
handlers/watch: refactor watch serving to prepare offloading
...
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 87d817e62d8c6e93cf45bf90a7ecadfe4156ab1f
2023-11-27 10:06:50 +00:00
b6487a8ac1
Fix etcd repository path to prevent redirects.
...
Signed-off-by: James Blair <mail@jamesblair.net>
Kubernetes-commit: b6c1f8ef08c3451f17048447e107c509a8ed950e
2023-11-02 09:31:37 +13:00
ccc28d3f49
Add tests for CIDR type
...
Kubernetes-commit: b3285fa8df494ef174bbee1ccffcc5e3a58afcdd
2023-12-15 11:01:55 +00:00
f16e0c2a18
Add tests for IP type
...
Kubernetes-commit: 31f9384646a5cfd001f176454feb9c1040591e96
2023-12-08 18:16:30 +00:00
e5f605855d
Add costing estimations for IP and CIDR
...
Kubernetes-commit: e1f9aa450b7ecd62ce7284486a159d14f66c1761
2023-11-17 17:34:46 +00:00
e4fb1f737e
Add IP and CIDR libraries to CEL environment for 1.30
...
Kubernetes-commit: 4710f085b3d4dbf242085f4cb53708efc7ebbefd
2023-11-17 13:57:29 +00:00
f4ae0b7ca6
Add CIDR network CEL extension
...
This adds new CEL functions to the library for validating if a string is a CIDR notation.
This will work in conjunction with the IPAddr to allow checking if an IPAddr exists within a particular network.
Kubernetes-commit: 2f585b451232814d6563329241e96f09bfd1cb73
2023-11-15 19:04:48 +00:00
3fe1439ba9
Add special IP validations to IP CEL type
...
Kubernetes-commit: 13b22b23a1a5f8976fa608c7bc8b3048470b5c51
2023-11-17 12:51:32 +00:00
ccfdc9aba1
Add IP address CEL extension
...
This adds new CEL functions to the library for validating if a string is an IP address,
and, if it can be parsed as an IP address, adds additional accessors to get properties
of the IP address.
Kubernetes-commit: c6aa360d3ef9895323b239686719dd9223ee4f37
2023-11-15 18:35:34 +00:00
2b59a3f14c
Don't sort under lock
...
Kubernetes-commit: 3e1dbccf4d3de59b31596f1664ff5ac9c02d1eea
2023-11-23 18:13:43 +01:00
fdd26489db
Fix etcd storage_events_received_total metric not being registered
...
Kubernetes-commit: ceb7ca93875cd74bea60500812cf7f024d3b1f2d
2023-12-04 09:12:21 +00:00
697d456e35
Minor cleanup in watch handlers
...
Kubernetes-commit: d907062308563b1a9e52152c48f4240a6e11aade
2023-11-29 22:31:05 +01:00
442cc39449
Unify watch handler across http and websockets
...
Kubernetes-commit: 55e60db88b126013f00135f49df3296f52b2572a
2023-11-29 21:57:39 +01:00
88c6f038a0
Address comment
...
Kubernetes-commit: 44898f7909940e786aeed701e87af0c799f4a660
2023-12-07 22:39:00 +00:00
fb788ccf7f
Keep presence cost to 0 to ensure backward compatibility.
...
Kubernetes-commit: 048cb8b2ed38febdb7cbbf719b6badbed8f0044c
2023-12-05 23:27:51 +00:00
06103a07ae
k8s.io/apiserver: refactor GenericAPIServer healthz code.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 12c9bfc21d6c9799c2cd6bf0e9dcca6f1534812d
2023-11-15 12:36:04 -08:00
16536b9b63
support pod namespace indexer
...
fix comments
optimize code
small optimization for the namespace scope check
Kubernetes-commit: d8bd150784bb4825ae891dd0ec84625bdba0f2b8
2023-11-29 15:51:24 +08:00
88cd5253fa
make the decode function respect the timeout context
...
Kubernetes-commit: 3fb16abfca43f53048a28758f2366cb52e31d2b7
2023-11-08 23:39:10 +08:00
7674c1a859
Fix list_type_missing in k8s.io/apiserver
...
Kubernetes-commit: eddf65849dfa1b3c351597d7018a2700371d8955
2023-11-17 11:46:28 -08:00
cef6db2cfb
k8s.io/apiserver/storage/etcd: refactor etcd GetList.
...
Extract the logic to determine withRev to a separate method for better readability.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 624169c5b50ee8a6e9a761e9488134985334817e
2023-10-20 12:59:46 -07:00
59297e78dd
use context for lazy evaluation.
...
Kubernetes-commit: 4fa3247a61e21abcb31778f8bfb85af844a6bd03
2023-10-30 11:29:57 -07:00
f834404133
fix test store delete collection function failed
...
Kubernetes-commit: b12db6d9b55e02b232b716683a2d516e1788a9ce
2023-11-08 00:07:45 +08:00
2a9f8b8d15
Include empty string attributes for CEL authz evaluation
...
Kubernetes-commit: 44d89c8cf8c1ba883029e1244492a523d6b50b92
2023-11-02 15:14:06 -04:00
4eacc8425d
Plumb failure policy from config to webhook construction
...
Kubernetes-commit: 2e2f51a4417d93b5505091d28b319365dc95e137
2023-11-02 13:55:35 -04:00
374f72b704
Require match condition version only if matchConditions are specified
...
Kubernetes-commit: a000af25ff3bcc79fe7d8da299225ad252c9894a
2023-11-02 13:54:39 -04:00
78b670287d
Implement CEL and wire it with OIDC authenticator
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 26e3a03d12d71e6e97bc7c40542cb7519051dd73
2023-09-20 23:11:37 +00:00
9032e4e6da
add new fields in v1alpha1 StructuredAuthenticationConfiguration
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 6b971153d75534a768a67a6b50ee44423611f5b0
2023-09-07 22:30:28 +00:00
7c5f6db7bf
cacher: when forgeting a watcher, call stopWatcherLocked multiple times
...
It's possible that the watcher is already not in the structure (e.g. in case of
simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked()
on a watcher multiple times.
Kubernetes-commit: 7e35823690df01bd019a88d3346bd3ac820afaca
2023-10-30 14:24:39 +01:00
d463ec4cab
avoid infinite recursion for type resolvers.
...
Kubernetes-commit: e4776e0f85b8aceb8f1da7a87822b0d086045a8a
2023-10-31 10:23:50 -07:00
3097e77b18
encryptionconfig/controller: run unit tests faster
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 6ac7da1da87bb0e739806cad94676da915be6d9c
2023-10-31 11:59:37 -04:00
bdad50b280
Revert "cacher: when forgeting a watcher, call stopWatcherLocked multiple times"
...
This reverts commit bbca4a4b9add0f6c58e132500fd89dd39ee077f4.
Kubernetes-commit: c2cb3209138d852520da2743b9bd3a9795b2b7fb
2023-10-31 15:28:01 +00:00
6caf326620
Revert "Make the decode function respect the timeout context"
...
Kubernetes-commit: 98a2f22e740ccd2c30711f1b21d6383f1b91595e
2023-10-31 16:27:17 +01:00
4cd5207f69
Add set ext library into Kubernetes and pick up the new option cel provides
...
Kubernetes-commit: 8d804078f9707297d1edfa26a3295d75c4f3bf40
2023-10-17 20:27:55 +00:00
b3499eec62
apiserver: set APF featuregate to ga
...
Kubernetes-commit: c7fcef187562e1b3ffdaa2e2109c65d800b8f5d5
2023-10-31 08:35:52 -04:00
3f81d0cca7
cacher: when forgeting a watcher, call stopWatcherLocked multiple times
...
It's possible that the watcher is already not in the structure (e.g. in case of
simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked()
on a watcher multiple times.
Kubernetes-commit: bbca4a4b9add0f6c58e132500fd89dd39ee077f4
2023-10-30 14:24:39 +01:00
cca4910d25
authz: add cel expression to webhook matchconditions
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
2023-10-06 17:47:23 -07:00
ef409f941b
k8s.io/apiserver/storage/etcd: refactor etcd GetList.
...
Reorder some code.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: a968f51fa2f87ed57f9e48ba436e11421c403b27
2023-10-20 12:39:51 -07:00
49886c205c
k8s.io/apiserver/storage/etcd: refactor etcd GetList.
...
reduce redundant update of withRev after request.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 84ec5e2eccbc07b17f3b3e3e00dc3996105e0346
2023-10-20 12:06:46 -07:00
b041969f97
apiserver: allow zero value for the 'nominalConcurrencyShares' field
...
Kubernetes-commit: 9fd2ab419ad771790d3cb80ea7b8e6828d9ce305
2023-10-27 19:26:08 -04:00
2a3f44cd21
apiserver: fix lint issue, defaulting and validation test for flowcontrol v1
...
Kubernetes-commit: 430c226709b4dfd1284f6463c7a37603154ad39c
2023-10-11 14:03:42 -04:00
0b0a995736
apiserver: apf controller, bootstrap, tests should use flowcontrol v1 API
...
Kubernetes-commit: 17bda3c3e05a75943591f61f37d7fdc0d07870ec
2023-10-11 09:20:41 -04:00
f2ba735b90
KEP-4193: bound service account token improvements
...
Kubernetes-commit: 76463e21d4dec90b4d49975b182a13e1fdb6b20a
2023-09-19 15:23:28 +01:00
d64b183dbd
Address review comments
...
Kubernetes-commit: 0dd495e6dc253f94b0ad0bb92178fb5e8981116b
2023-10-13 10:48:16 +02:00
65d3be7b39
Refactor watch event serialization to allow caching
...
Kubernetes-commit: 7ff866463af46b5f7cf068ba8d51c68e417b9ece
2023-08-25 15:41:14 +02:00
be73f76247
Make the decode function respect the timeout context
...
Kubernetes-commit: f78b367db6393a449b8f456e725cbe155d9b90e6
2023-10-25 23:12:16 +08:00
789ac1ae18
Promote CRD validation rule to stable
...
Kubernetes-commit: cbe3d897629691507c2992659ca748e32366da1a
2023-10-19 20:31:17 +00:00
f0fe5d558c
chore: updates api doc
...
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Kubernetes-commit: d3de47ceeedd1fae3f3c95595186a028002526d6
2023-10-17 22:17:43 +00:00
d93aaa8d93
feat: updates encryption config file watch logic to polling
...
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
fix (#2 )
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: e95b7c6d8b889e42ee44e626914e457e228ce8d4
2023-10-17 21:21:00 +00:00
a026b6fcf5
extend SchemaResolver for more types of schemas.
...
Kubernetes-commit: 3f73cdcf2ad00d3200a216a9f19090950fea12f5
2023-10-26 10:25:41 -07:00
9493e52cdc
opportunistically attempt to refresh RESTMapper
...
if GVK resolution fails.
Kubernetes-commit: 38fecc8319d884aa4d4b98b013bf853e6072aa77
2023-10-26 10:24:21 -07:00
cd938d26a7
Add cel new validator into Kubernetes.
...
Kubernetes-commit: 04b21126e589cebf888a8839a69c81761e558861
2023-10-17 20:27:55 +00:00
cd9457dbfc
Deep disablement for APF based on --enable-priority-and-fairness.
...
Avoids starting informers or the config-consuming controller when
--enable-priority-and-fairness=false. For kube-apiserver, the config-producing controller runs if
and only if flowcontrol API storage is enabled.
Kubernetes-commit: 83f5b5c240e5cced1371bbd22e458dae43975238
2023-06-26 17:00:26 -04:00
2b3f11cba2
Register metrics for apiserver handlers
...
Signed-off-by: Yao Cheng <chengyao09@hotmail.com>
Kubernetes-commit: 18c3b6fce43edd76620a07707af2d851b52c3fad
2023-09-06 17:25:12 +00:00
618cf622c1
add time tracking to CorrelatedObject
...
Kubernetes-commit: d0328df04e06384a0456606c708e5b62ec18d9c2
2023-10-18 19:31:39 -07:00
26219aabef
[KMSv2] promote KMSv2 and KMSv2KDF to GA
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: a9b1adbafc7fe52f669dc98aada21bc3e46cdce3
2023-10-24 09:50:45 -07:00
e59c50c660
Remove GAed feature gates OpenAPIV3
...
Signed-off-by: guangli.bao <guangli.bao@daocloud.io>
Kubernetes-commit: 27bb40a9d839589ac9f97b6ce80b18a7635e9ae4
2023-10-19 22:30:58 +08:00
ec8ba61837
allow empty object to be CEL value.
...
Kubernetes-commit: c6b3a2f477c9ed051ace8ae1c479424e4a5c066d
2023-10-23 15:30:17 -07:00
bfdac7f8f4
[KMSv2] Add tracing
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 8d3a25c7c98d77419111a02917f459aab8970087
2023-10-09 23:43:46 +00:00
00ae118a76
Add stability tests for CEL cost estimation.
...
Kubernetes-commit: 93951bc00d3656c42bec050b82f2fc364b1cad31
2023-10-22 23:12:44 -07:00
324d2bc3cf
Cleanup paging parameters in etcd3 store
...
Kubernetes-commit: 3f4d3b67682335db510f85deb65b322127a3a0a1
2023-10-20 15:38:59 +02:00
5bf4f58ab8
Remove storageConfig.Paging parameter
...
Kubernetes-commit: b386120da239bf9652fc02b2d2cbbd0fcc3cd121
2023-10-20 15:35:58 +02:00
71519801e7
Remove disablePaging param
...
Kubernetes-commit: 106f58686d58a790a86dc05b4c93a5da041de389
2023-10-20 15:30:03 +02:00
10cbfd9a3c
StreamTranslator and FallbackExecutor for WebSockets
...
Kubernetes-commit: 168998e87bfd49a1b0bc6402761fafd5ace3bb3b
2023-07-06 21:22:07 -07:00
47998d1ee6
cleanup: omit comparison with bool constants
...
Signed-off-by: tao.yang <tao.yang@daocloud.io>
Kubernetes-commit: b35357b6c08f21ba0fd312536051394c2567ec79
2023-09-04 16:59:23 +08:00
a270d45ae5
Add validation for --storage-media-type option.
...
Kubernetes-commit: cf836309dc278d8d4f046e1580649179b1531143
2023-10-19 10:54:16 -04:00
91d0f39545
Restrict supported media types for new apiservers.
...
This is to prevent the enablement of new data formats (CBOR) in the early stages of phased
implementation.
Kubernetes-commit: ced56a6adabdd86f99455b100b1c0c7a2b4f3c55
2023-10-17 14:06:46 -04:00
340fd67b3a
storage/etcd3/metrics: add unit test for apiserver_storage_objects
...
Kubernetes-commit: a96b97e40c0837f727c8e6d42f021b66922bb26c
2023-09-22 16:12:40 +02:00
5ac339fec6
update pretty param description
...
Kubernetes-commit: 75f20ee64da5317f4473de643eac43686fe9215e
2023-10-16 16:36:31 +08:00
4693682515
Add --authorization-config flag to apiserver
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 22e5a806a73e48486a90491fc3eb03d208b520a0
2023-09-25 09:18:11 +05:30
5873bbb7bf
add feature gates for authorization config
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 007ef653ad089180d02a58782bbd3912e875354d
2023-08-24 15:56:56 +05:30
140ffa083d
set maxLength to longest enum.
...
Kubernetes-commit: 302d350e88eac519e1df020b82256371c171b861
2023-10-09 11:00:45 -07:00
b259861486
staging/apiserver: correct KubeConfigFile type in authorization types
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 2bf2c4f3a413d3a2e070fe61aeba6fb309bf2e5e
2023-09-27 17:48:38 +05:30
77032c52b8
k8s.io/apiserver/storage: add 3 new unit tests for delete.
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 26a4e06c92c248748dd3c50c74d75f8adc3c6823
2023-10-11 10:38:01 -07:00
2e1024671d
Fix v3 spec
...
Kubernetes-commit: b30c6bdff817cec28b3d88b3bb3e12f1e86488d0
2023-10-04 12:55:49 -04:00
70af178d56
k8s.io/apiserver/storage: add a new TestCreate case.
...
Add a test case of create with rv set.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: 2f923e356e042d9dce88e8f78abf30f414051e71
2023-10-11 10:24:31 -07:00
8a3fe0e45c
ratcheting: disable correlation by index
...
discussion: https://github.com/kubernetes/kubernetes/pull/121118#discussion_r1358865893
Kubernetes-commit: fb1fc8b4a72758688d1251278579b2b0ac666fc7
2023-10-13 14:36:46 -07:00
b5ac4f9a61
comments: clear up correlateOldValueForChildAtNewIndex godoc
...
Kubernetes-commit: d991ed56c29e646c0c5c51ce1ebd2376f34fce28
2023-10-13 14:11:02 -07:00
fbd7474961
cleanup: use swtich in CachedDeepEqual and add more comments
...
Kubernetes-commit: 0ed67c9e41dcfc3eef6953ca63082454c189443b
2023-10-13 14:05:47 -07:00
a504910cff
cleanup: consistently support nil receiver and document
...
Kubernetes-commit: 60c90fc0854eb04b95e74d445d88f45c212900fe
2023-10-13 13:57:55 -07:00
541189e16c
cleanup: clarify correlatedOldValueForChildAtNewIndex comment
...
Kubernetes-commit: abb68591afd30cf263b0d6bb2942f9693eb420d7
2023-10-13 13:54:53 -07:00
2970233dd7
cleanup: consistent interface{} and any
...
Kubernetes-commit: e1fa1df3ae8414104f3710c064014e323e45aade
2023-10-13 13:50:52 -07:00
fecc880526
cleanup: add godoc
...
Kubernetes-commit: 0495616230a13dcc19c9da8ec7b8b2a38e2b6a33
2023-10-13 13:50:19 -07:00
662079f048
test: fix boilerplate
...
Kubernetes-commit: 4dedabf2a659ee702cbcd93a482c63296910d5c6
2023-10-12 15:51:25 -07:00
e501fcbbf6
test: few more correlatedobject test cases
...
Kubernetes-commit: 0149c1f8b315d704d6d80c00861526e2899001e5
2023-10-11 15:45:48 -07:00
4ec87cdde2
test: add correlatedobject test cases
...
Kubernetes-commit: ba9347230e6577140eaa0ac3d9ef99d0163a7934
2023-10-11 14:03:28 -07:00
5edc046b33
cleanup: add header and fix spelling
...
Kubernetes-commit: c08a9321eed6a917a2fbc13b8e023d2f4122ee36
2023-10-11 13:51:49 -07:00
1234a74f8e
refactor: move correlatedObject to its own file
...
no changes except package naming
Kubernetes-commit: 27cb869e5596525cec9884ecb9b02bfcfe5273e4
2023-10-10 10:53:12 -07:00
b5b4cd7758
apiserver: rename request body size metric
...
Rename the apiserver_request_body_sizes metric to
apiserver_request_body_size_bytes to conform with Prometheus best
practices.
This can be done safely without deprecation because that metric wasn't
registered before.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Kubernetes-commit: 08006c842fd6a584bb8e2511587c999ffe7ced9d
2023-09-07 19:16:31 +02:00
6b0a70e192
typed variables support.
...
Kubernetes-commit: c03579bfa40dcb39e1ffe24c12f933720e4eb204
2023-10-04 16:39:24 -07:00
3029a9f674
add rest of accessors to common.Schema
...
needed for declarative validation, CRD ratcheting
Kubernetes-commit: 438c0daab7587bdb094e714e68b5ba2f9f6ae963
2023-10-09 17:49:37 -07:00
a0dede6875
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests
...
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: baac8bb573c8efb314b037f4fbac116556c03c83
2023-10-11 10:46:30 -07:00
28ed1d7ad4
fix data race in apf unit test
...
Kubernetes-commit: 52c58d970e54bf10b78512c68602f70b0a970f31
2023-09-22 14:42:43 -04:00
87ef6687ab
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
...
These occasionally flake on CI:
https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312
=== Failed
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
authentication_test.go:653: expect TCP connection: 1, actual: 2
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
--- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s)
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: cd5db9b7f23b0156bf5535fc0124361fbef0ce6a
2023-10-12 19:13:07 -04:00
445b713906
Prevent rapid reset http2 DOS on API server
...
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.
The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.
For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections. They can use http2, but with the performance of http1
(with keep-alive disabled).
Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default). For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection). An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.
For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
2023-10-07 21:50:37 -04:00
e15d4d2e0b
k8s.io/apiserver/storage/etcd: refactor getCurrentState.
...
Extract getCurrentState as a separate method that can be reused.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Kubernetes-commit: ebca5d438d9cb2c82d0b99dbcb0aeca8879db441
2023-10-11 09:56:07 -07:00
e014cf25b9
Generated files
...
Kubernetes-commit: c65fe450d8a3229cfe531a3806939775dd52e7e0
2023-10-03 20:16:10 +08:00
d763e7d132
Fix API docs for audit APIs
...
The `*`s in the source comment is confusing the API reference generator.
They are treated as symbols for bold texts when generating reference docs.
This PR replaces the quote marks with backtiqs so that the reference
generator can properly handle them.
Kubernetes-commit: e7b2aeee930188eec125bbb91096d9d3fd6f3b5c
2023-10-03 17:18:23 +08:00
d35f091281
fix missing http.target trace attribute
...
Kubernetes-commit: 80269d5d3497acc8ad155cb9bfbfaa7fd9e20d1f
2023-10-06 18:09:29 +00:00
70eb989b94
k8s.io/apiserver: fix levelling of the name field in AuthorizationConfiguration
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 11ce6d29157daf7437d6da7fdeb11cabf2e774aa
2023-10-04 10:33:58 +05:30
04acc93a12
apf: request ejected from queue should use reason 'time-out'
...
Kubernetes-commit: 6297067ff1afaa2d63d83183a23e8744865d7c2b
2023-08-29 16:30:02 -04:00
d64c9b18da
apf: remove RequestWaitLimit from queueset config
...
Kubernetes-commit: 11ef9514dad6f46a4315198978fee14132c4bbca
2023-08-29 12:11:08 -04:00
290096a4d0
apf: remove timeoutOldRequestsAndRejectOrEnqueueLocked function
...
Kubernetes-commit: da8a472206623d0727ba486489d34780c4b6c1d9
2023-08-28 17:26:11 -04:00
a2e63604f2
apf: use context for queue wait
...
Kubernetes-commit: f39213a7e44f21a8cedcdf38d3c2531456a526d6
2023-08-28 17:01:16 -04:00
2f3285287e
controlplane: make option structs uniformly optional
...
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
Kubernetes-commit: 63950491764535a8635cb2c4810db59a9a1fad25
2023-09-24 11:50:38 +02:00
1c49f6c8ba
endpoints/metrics: define watchListLatencies metric and associated functions
...
Kubernetes-commit: a97f4b7a3123c9768ec7136b6ca32be926e16cd6
2023-09-19 03:05:37 +02:00
cd87b8f62d
handlers/watch: calculate and record WatchList latency metric.
...
Kubernetes-commit: 772b1f4cd84a738f632716e28d4067c00f0b7f13
2023-09-19 03:05:00 +02:00
db34e9b7c7
storage/util: introduce HasInitialEventsEndBookmarkAnnotation
...
Kubernetes-commit: 70ae9c441cee9d78a88c0526592796ac4f491096
2023-09-18 11:39:08 +02:00
90ba08909c
storage/etcd: the watcher supports the API streaming
...
Kubernetes-commit: ca562fd280a9dd5db952eb8c14b93fcf6668cc49
2023-08-22 14:02:39 +02:00
e7424d8207
storage/testing/watcher_tests: add new flavour to RunWatchSemantics test and fill the gap
...
the new flavour proves that a storage layer follows RV
which is equal to the global rv
Kubernetes-commit: 0e238c4c28f11d1ec7cf5f506c81195c1cc463fe
2023-09-22 09:32:23 +02:00
91aa0e1c62
Add namespace to apiserver tracing
...
Kubernetes-commit: 45b9b0df41fb67cf2c71263b3577f3b3daff4899
2023-09-03 21:50:47 +08:00
f5f4a6148a
Add subresource to apiserver tracing
...
Kubernetes-commit: c83eb6dcaaacfe8b5706f7fdc969000fbef2d119
2023-09-03 21:37:13 +08:00
2b665e42e6
Add name to apiserver tracing
...
Kubernetes-commit: bcb59a03ebb50a966cc6921dea016cc68e0bf843
2023-09-03 21:33:48 +08:00
79f4968b20
Add api-version to apiserver tracing
...
Kubernetes-commit: 646053d73dbda9cae5df5fd105a720661ff051dc
2023-09-03 21:24:13 +08:00
c51632c143
Add group to apiserver tracing
...
Kubernetes-commit: 8c34208a62f09904cd270906889d57c7a613b5d6
2023-09-03 21:11:08 +08:00
f0dfb17949
storage/testing/watcher_tests: refactor RunWatchSemantics tests
...
Kubernetes-commit: dc5cfe3cff289ecb97153716bfd5817579d00fb3
2023-09-21 12:16:16 +02:00
c8dcfeed34
storage/testing/watcher_tests: make TestCacherWatchSemantics storage agnostic
...
Kubernetes-commit: 91bb75883c613d45563f3b7c01a69dde8194bfdc
2023-09-15 12:28:36 +02:00
c13e210d56
storage/testing/watcher_tests: move TestCacherWatchSemantics (no-op)
...
Kubernetes-commit: afbb1a6ef98b548b9e57b168614ca6e15fd0034c
2023-09-14 11:19:36 +02:00
3c3bb86696
storage/testing/utils: add helper functions
...
Kubernetes-commit: 3a96baf3fa8e837159b27b98b05c5024143b06a3
2023-09-15 12:26:11 +02:00
fe7ae035ef
storage/etcd3/watcher_test: refactor TestWatchErrorWhenNoNewFunc to a table test
...
Kubernetes-commit: 4b60c18183f11207d0cb2d89bf28090156222c61
2023-09-19 10:35:09 +02:00
1eae2482e2
Bootstrap API Types for Structured Authorization Configuration
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Kubernetes-commit: 52c582ca77c775ee13300a999a29f8c4180750a2
2023-09-14 19:19:29 +05:30
f5adfca95e
storage/testing: a simple refactor
...
Kubernetes-commit: 39af594f312ad46715dfb705d71ad4e607e27e5d
2023-09-14 11:16:10 +02:00
bd7db816d7
promote component SLIs to GA; remove feature gates for component slis
...
Kubernetes-commit: e6435e98eda93fbf96e94110af6ca5a10ad1e926
2023-09-11 08:52:50 -07:00
98d028d0d0
clarify the description of the metric apiserver_storage_objects
...
Kubernetes-commit: 084deb7a7cf147bbafd131ab1a36852a79f08a64
2023-09-12 11:16:36 +02:00
cdb2cea24a
kms: remove livez check
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 7710128636a16c73045291d4729675339a7d57f7
2023-09-11 16:47:29 -07:00
2bed5d11d9
kmsv2: add apiserver identity to metrics
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Kubernetes-commit: 43ccf6c4e8f173d981edebb6146c58b523fc21b7
2023-09-05 13:03:18 -07:00
9c40486020
kmsv2: enable KMSv2KDF feature gate by default
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 657cc2045ee46922b00d4fd7c126f57d1e8ecc43
2023-09-05 12:27:55 -04:00
9b1c514777
register API types only once for encryption config
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 418af0f4dcbe15147b21462b9e5db5a5ba769c12
2023-09-01 17:24:20 +00:00
25d893ad5f
add loading config and wire feature flag
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 9e1ff1e51201ac41ddb1eed0d5cc015b4b6aa3df
2023-08-10 22:45:07 +00:00
1fbafe88b9
add StructuredAuthenticationConfiguration feature flag
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 1bf90f9484c5dbcd941251f0036af65fa25ee193
2023-08-10 22:06:41 +00:00
87aad93082
kmsv2: add legacy data integration test
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 95121fe846f875c4f3feb2b1bf42a9553566f097
2023-09-01 11:21:38 -04:00
49c6151dee
kmsv2: fix race in simpleCache.set when setting cache size metric
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: b10697c7880848d7ec110fd6b3e67015bbe74fa8
2023-08-27 15:14:04 -04:00
957c305d94
storage/etcd: add TestWatchDispatchBookmarkEvents unit test
...
Kubernetes-commit: 875b00137fdfbc74756a0fc5b1c9b2adbeb78e55
2023-09-01 13:45:44 +02:00
51e79bdd97
storage: document ProgressNotify from storage.ListOptions
...
At first glance, it seems that the fields storage.ListOptions.ProgressNotify and storage.ListOptions.Predicate.AllowWatchBookmarks
are the same. Unfortunately, this is not the case.
This PR documents the differences and motivations for why these fields are actually distinct.
Kubernetes-commit: 6058540f3d0edc405a1f1b8a96bd82ceca99c240
2023-09-01 10:48:36 +02:00
8b7824a7e8
Avoid creating local variables that don't change
...
Having local variables gives false impression that this is overwritten
in the function block.
Kubernetes-commit: e01bd641447a315e28fab8148e99ac6afba9bcd7
2023-08-30 16:51:40 +02:00
90adbb75eb
Flatten switch case
...
Kubernetes-commit: 10553a1966892e305252c65ebeb9043416304f48
2023-08-30 16:42:34 +02:00
5f9b5dda94
Refactor common WithRange case
...
From API call WithRange and WithPrefix work the same, they just set the range end.
The difference is when the range end is provided:
* WithRange(end) requires providing the end while calling
* WithPrefix() calculates the end based on key provided to the Get.
For example, those are equal:
* client.Get(ctx, "/pods/", WithPrefix())
* client.Get(ctx, "/pods/", WithRange(GetPrfixRangeEnd("/pods/")))
As keyPrefix is equal preparedKey there should not be a difference.
Kubernetes-commit: 1f4f2a5d6014dc8f98b25a9484d4a6064a6ae18e
2023-08-30 16:26:20 +02:00
3bcdefc0fd
Refactor transformers for watch to implement Encoder interface
...
Kubernetes-commit: 160589a0edb2038f2e22e376b6a0b71a24d21f22
2023-08-11 21:43:49 +02:00
70b023f369
Minor cleanup tranformers interface
...
Kubernetes-commit: 3fcc045bce9d77704f872d6089d7c09342e26a44
2023-08-09 19:49:59 +02:00
6311828461
Cleanup setting non-nil Items field
...
Kubernetes-commit: 172a41192c65324b1dc9dc4d90903552c538d664
2023-08-07 21:17:03 +02:00
3fd71eeb11
Refactor WatchServer to prepare for using encoders
...
Kubernetes-commit: ff56d3b6914dbc9e16683ab731eb8c0a485b4ab4
2023-08-03 21:50:08 +02:00
a8fba27b08
Remove duplicated returnRV variable
...
returnRV was was equal to withRev, but updated at different time.
When preparing the request they are set equal to each other.
The only difference was during the for loop.
returnRV was always set no matter if pagination was enabled, while withRev only when paginating.
Kubernetes-commit: be4692864bb983e94e8d7b6b6aa1a9c22fe23bce
2023-08-30 17:36:05 +02:00
f40bea647b
paginate initial list inside the storage watcher
...
Signed-off-by: wackxu <xushiwei5@huawei.com>
Kubernetes-commit: f5d6c65186d63647a46400762f849d500e6ac591
2023-07-28 16:43:34 +08:00
206231e0d0
storage/etcd3: error when progressNotify option set and newFunc was provided for a registry
...
Kubernetes-commit: 1988c31fc8115bf9eec1adf2bffed3fd677d1a9f
2023-08-28 17:50:42 +02:00
037fa7c2c2
apiserver: fix data race in etcd metrics
...
7a63997c8a1a9ba1 added a global variable which gets set multiple times by
different goroutines in integration tests, leading to a data race:
WARNING: DATA RACE
Write at 0x00000a626928 by goroutine 87080:
k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics.SetStorageMonitorGetter()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go:231 +0x104
k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/options.(*EtcdOptions).ApplyWithStorageFactoryTo()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/options/etcd.go:242 +0xbd
k8s.io/kubernetes/pkg/controlplane/apiserver.BuildGenericConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/controlplane/apiserver/config.go:124 +0x1c3d
k8s.io/kubernetes/cmd/kube-apiserver/app.CreateKubeAPIServerConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:218 +0xeb
k8s.io/kubernetes/cmd/kube-apiserver/app.NewConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/config.go:74 +0xd5
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.StartTestServer()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/testing/testserver.go:299 +0x2e97
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.StartTestServerOrDie()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/testing/testserver.go:423 +0xb2
k8s.io/kubernetes/test/integration/controlplane.testReconcilersAPIServerLease.func3()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/integration/controlplane/kube_apiserver_test.go:486 +0x1dd
k8s.io/kubernetes/test/integration/controlplane.testReconcilersAPIServerLease.func7()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/integration/controlplane/kube_apiserver_test.go:488 +0x47
Previous write at 0x00000a626928 by goroutine 87079:
k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics.SetStorageMonitorGetter()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go:231 +0x104
k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/options.(*EtcdOptions).ApplyWithStorageFactoryTo()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/options/etcd.go:242 +0xbd
k8s.io/kubernetes/pkg/controlplane/apiserver.BuildGenericConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/pkg/controlplane/apiserver/config.go:124 +0x1c3d
k8s.io/kubernetes/cmd/kube-apiserver/app.CreateKubeAPIServerConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go:218 +0xeb
k8s.io/kubernetes/cmd/kube-apiserver/app.NewConfig()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/config.go:74 +0xd5
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.StartTestServer()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/testing/testserver.go:299 +0x2e97
k8s.io/kubernetes/cmd/kube-apiserver/app/testing.StartTestServerOrDie()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kube-apiserver/app/testing/testserver.go:423 +0xb2
k8s.io/kubernetes/test/integration/controlplane.testReconcilersAPIServerLease.func3()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/integration/controlplane/kube_apiserver_test.go:486 +0x1dd
k8s.io/kubernetes/test/integration/controlplane.testReconcilersAPIServerLease.func7()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/integration/controlplane/kube_apiserver_test.go:488 +0x47
Mutex locking avoids the data race. Whether this variable really can be used
safely by those concurrent (?) tests is a different question...
Kubernetes-commit: 13a8ad12b8296c0360afe3f66218027dae6c1805
2023-08-25 10:42:17 +02:00
fdfc990c33
wiring existing oidc flags with internal API struct
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 1bad3cbbf59a61805a48f609b8cc0a2a40c168ef
2023-06-28 06:04:45 +00:00
Jiahui Feng