kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,413 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7413 Commits

Author SHA1 Message Date
Anish Ramasekar fed75d52d6 Disallow k8s.io and kubernetes.io namespaced extra key in structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 89c619f4fe698bf5b208ce86bce5da6833ca77b6
 2024-08-05 16:09:00 -07:00
Kubernetes Publisher 38586e5d94 Merge pull request #126685 from enj/enj/i/kms_resouce_logs 
Ensure transformers have access to the resource via request info

Kubernetes-commit: 026c55e40de835464e769bad65c8a19940b61459
 2024-08-15 10:52:00 +00:00
Kubernetes Publisher 11b0e0730d Merge pull request #126698 from enj/enj/i/del_kms_v2_gates 
Remove KMSv2 and KMSv2KDF feature gates

Kubernetes-commit: cd5f2083155bed7006b218ade85b584d53dfaae8
 2024-08-15 02:43:25 +00:00
Monis Khan 272e9eba82 Remove KMSv2 and KMSv2KDF feature gates 
These have been GA since v1.29 and can be safely removed.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
 2024-08-14 15:59:01 -04:00
Monis Khan cd5bba1780 Ensure transformers have access to the resource via request info 
This guarantees that logs and metrics that rely on this information
work as expected.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e
 2024-08-14 10:33:36 -04:00
Kubernetes Publisher b157511c42 Merge pull request #126649 from 0x5457/fix-panic 
apiserver: declare kubeClient and dynamicClient as interface types to avoid panic

Kubernetes-commit: 19175396280537af75d20c5ea22e877f16b40792
 2024-08-14 10:22:41 +00:00
Kubernetes Publisher 13f78e0e7e Merge pull request #126665 from liggitt/version-build-id 
Restore honoring --version build ID overrides

Kubernetes-commit: 69dbf2eee96f1c95c097370ddcb1d5c30f86bec8
 2024-08-14 06:30:43 +00:00
Kubernetes Publisher be949676bf Merge pull request #126565 from Adarsh-verma-14/remove-duplicate-call 
remove duplicate call for ServeMux

Kubernetes-commit: 54691fdc21a84a6ac3a8e052d92f81a43a19139c
 2024-08-14 06:30:41 +00:00
Kubernetes Publisher cb239f8776 Merge pull request #126354 from liangyuanpeng/celtest_update 
Using NewExpressions for CEL lazy test.

Kubernetes-commit: bc3d6fd491aec44138086e5ece4e706041761398
 2024-08-14 06:30:38 +00:00
Kubernetes Publisher c84ae4a3d4 Merge pull request #126316 from aramase/aramase/f/kep_3331_tighter_validation 
Validate structured authn feature is enabled for discovery url/multiple audiences

Kubernetes-commit: c06ea0fc81168cee6d8055182aa4b3d38bc5bb58
 2024-08-14 06:30:36 +00:00
Jordan Liggitt 77331233f8 Restore honoring --version build ID overrides 
Kubernetes-commit: c181912dc5d8559834857e69ea34ee1729c43c6b
 2024-08-13 18:48:56 -04:00
0x5457 27c3ca736b apiserver: declare kubeClient and dynamicClient as interface types to avoid panic 
Kubernetes-commit: 81824b7c2e673f64f70a6e99180bb6bfc6b738d9
 2024-08-13 11:25:11 +08:00
Adarsh-verma-14 41e1af4df2 remove duplicate call for ServeMux 
Kubernetes-commit: 838d7c9049439b5997f0947258e183d677788475
 2024-08-07 02:56:49 +05:30
Kubernetes Publisher fb0703a685 Merge pull request #126329 from serathius/concurrent-transformation-chan-of-chan 
[chan of chan] Make object transformation concurrent to remove watch cache scalability issue for conversion webhook

Kubernetes-commit: c19d9edfdee7b4ff39041f0254c92ebf66af332f
 2024-07-31 10:41:42 -07:00
Lan Liang 552e7d7170 Using NewExpressions for cel lazy test. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>

Kubernetes-commit: 9a8d6b72e4f1e33e6a30fd281fd0972fdce93f78
 2024-07-25 10:08:15 +00:00
Anish Ramasekar febd487238 Validate structured authn feature is enabled for discovery url/multiple 
audiences

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f80c73248f872769d72b620e567747a1018f8a2b
 2024-07-23 15:04:02 -07:00
Marek Siarkowicz 3adae5fd46 Make object transformation concurrent to remove watch cache scalability issue for conversion webhook 
Test by enabling consistent list from cache in storage version migrator stress test that uses
conversion webhook that bottlenects events comming to watch cache.

Set concurrency to 10, based on maximum/average transform latency when
running stress test. In my testing max was about 60-100ms, while average
was 6-10ms.

Kubernetes-commit: bb686f203308481bcd7808f767171cdef27e12a0
 2024-07-22 11:24:37 +02:00
Marek Siarkowicz 9aa7a6ac61 Introduce ConcurrentWatchObjectDecode feature gate disabled by default 
Kubernetes-commit: 93a10a75698075e86344ee4fdb56701309468b95
 2024-07-30 16:28:48 +02:00
Kubernetes Publisher bd44a99f50 Merge pull request #126469 from serathius/beta2 
Move ConsistentListFromCache to Beta default again

Kubernetes-commit: eb729d1db72fc27f495ddf397289678b180926f1
 2024-07-31 18:05:06 +00:00
Kubernetes Publisher 1b569bf504 Merge pull request #126470 from benluddy/apiservingwithroutine-alpha-disabled 
Move APIServingWithRoutine to alpha and disabled by default.

Kubernetes-commit: f9d2297298909c9f3a2be2e88f3c84df43f3a376
 2024-07-31 05:33:58 +00:00
Kubernetes Publisher bebf7ae9a1 Merge pull request #126467 from serathius/fallback 
Implement fallback for consistent reads from cache

Kubernetes-commit: 974f3d3d8ff6bfb33a375f7207c34c69b3e8b932
 2024-07-30 21:33:25 +00:00
Marek Siarkowicz c470f38c60 Move ConsistentListFromCache to Beta default again 
This reverts commit aeb51a16e369d5b823a8ae6488d1d5e12c683516.

Kubernetes-commit: 2ca56aab87d0927e568f1d896d49692433d5d93a
 2024-07-30 22:49:47 +02:00
Ben Luddy 788e7ee758 Move APIServingWithRoutine to alpha and disabled by default. 
Kubernetes-commit: c8380040848fcbd0a0cc06600b9d4531b65098d2
 2024-07-30 16:33:31 -04:00
Marek Siarkowicz 6c5ee08ccf Implement fallback for consistent reads from cache 
Kubernetes-commit: 35962561e44425fe5e23f19aeccba9269fab3a56
 2024-07-30 18:57:22 +02:00
Kubernetes Publisher c8097e3f30 Merge pull request #124012 from Jefftree/le-controller 
Coordinated Leader Election

Kubernetes-commit: 5f5c02da51cd3146f30c6ee56013c983f4999d9c
 2024-07-25 21:25:59 +00:00
Jefftree e749b346fa CLE feature gate 
Kubernetes-commit: 9b16b0dc97c3f353f60eb935a8a532ec82b5e18e
 2024-07-21 20:04:36 +00:00
Cici Huang 92ee9330ce Allowing direct CEL reserved keyword usage in CRD (#126188) 
* automatically escape reserved keywords for direct usage

* Add reserved keyword support in a ratcheting way, add tests.

---------

Co-authored-by: Wenxue Zhao <ballista01@outlook.com>

Kubernetes-commit: a48a92c72ec7d4e2a8da396309abff9360faae75
 2024-07-24 01:23:51 +00:00
Kubernetes Publisher c90207143c Merge pull request #124061 from Jefftree/conversion-webhook-invalidca 
Validate CABundle when writing CRD

Kubernetes-commit: 04d2f336419b5a824cb96cb88462ef18a90d619d
 2024-07-23 21:06:59 +00:00
Kubernetes Publisher 2b2a4b0fa8 Merge pull request #126187 from seans3/portforward-websockets-metrics 
Adds metrics to PortForward Websockets

Kubernetes-commit: 04cc0a1034ed75982b124f65648bf737f2e39eb4
 2024-07-23 03:02:33 +00:00
Kubernetes Publisher 3319859ad0 Merge pull request #125488 from pohly/dra-1.31 
DRA for 1.31

Kubernetes-commit: d21b17264e5a554724aa3ad032536630bcfd5b3f
 2024-07-22 23:02:25 +00:00
Kubernetes Publisher 4c07daf63d Merge pull request #126237 from cici37/promoteMetrics 
Promote metrics for VAP and CRD validation rules to beta.

Kubernetes-commit: 887def08b66c31b2f8bc260ea74d6c94671d474e
 2024-07-22 18:45:28 +00:00
Kubernetes Publisher d681845e4f Merge pull request #126136 from cici37/removeFG 
Remove feature gate CustomResourceValidationExpressions

Kubernetes-commit: 8f265b63050739937cd939c05a98def37002f1e8
 2024-07-20 10:45:41 +00:00
Kubernetes Publisher bd463169af Merge pull request #125571 from liggitt/filter-auth-02-sar 
add field and label selectors to authorization

Kubernetes-commit: 64ba17c605a41700f7f4c4e27dca3684b593b2b9
 2024-07-20 02:46:10 +00:00
cici37 3d5977276b Promote metrics for VAP and CRD validation rules to beta. 
Kubernetes-commit: 95dbfa1c3d2f62e5d0f52788a2dd19fc61ca0a36
 2024-07-19 20:46:33 +00:00
Sean Sullivan f438154cef Adds metrics to PortForward Websockets 
Kubernetes-commit: 90d70ed73dd7fcc9465baf452d178eb72f2aaf90
 2024-07-17 21:29:31 -07:00
Patrick Ohly c1c9700b75 CEL: add QuantityDeclType 
Most functions in k8s.io/apiserver/pkg/cel work with DeclType for type
definitions, which made the existing QuantityType unusable with them. The new
QuantityDeclType fills that gap.

Kubernetes-commit: bcececadfb5b7deb3f6ecb253a73ea98a2fdd80c
 2024-07-17 19:36:36 +02:00
Cici Huang 5678a8c44d Remove feature gate CustomResourceValidationExpressions. 
Kubernetes-commit: 67a171a1422cc5861491aadd69e51ce718196434
 2024-07-16 10:39:00 -07:00
Jordan Liggitt 6c5ca3dcf3 Fixup lint warning 
Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552
 2024-06-27 00:42:01 -04:00
Jordan Liggitt eabf12957a Add structured labelSelector / fieldSelector to authorization webhook match conditions 
Kubernetes-commit: a1398a8ccaeb7f881acb65d1276392f4cac259e8
 2024-06-26 17:17:43 -04:00
Jordan Liggitt f14fc0f445 Adjust CEL cost calculation and versioning for authorization library 
Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87
 2024-06-26 21:38:24 -04:00
David Eads efe135c937 Add CEL fieldSelector / labelSelector support to authorizer library 
Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2
 2024-06-14 14:39:54 -04:00
Jordan Liggitt b338834e91 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.

Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8
 2024-06-29 21:45:55 -04:00
Jordan Liggitt 9db3f571d5 Improve CEL cost tests to catch unhandled estimates or types 
Kubernetes-commit: 1d2ad282cff163e51e5c24569a0ac762ed814e74
 2024-06-26 21:38:48 -04:00
David Eads f26d4ed894 add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
 2024-05-23 15:12:26 -04:00
Kubernetes Publisher 6dd5496a01 Merge pull request #126124 from cici37/feature/validating-admission-policy/metrics-improvement 
Feature/validating admission policy/metrics improvement

Kubernetes-commit: acaec0c23a7e5f76b98c519d91cdf66cbe4c0263
 2024-07-19 18:45:26 +00:00
Kubernetes Publisher bf5c64d612 Merge pull request #124736 from MikeSpreitzer/exempt-borrows-more 
More assertive borrowing by exempt

Kubernetes-commit: d040043edbe8eddd806d9dadd572283e65f8233a
 2024-07-18 22:45:52 +00:00
Kubernetes Publisher 36d8f544a9 Merge pull request #126191 from p0lyn0mial/upstream-revert-promote-watch-list-to-beta 
Revert "Promote WatchList feature to Beta"

Kubernetes-commit: dda657b5982e8f9102b8df5931344262b0793163
 2024-07-18 18:50:57 +00:00
Lukasz Szaszkiewicz 708f0cf46b Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35d83ca32833e81997b6257ee4d4f369.

Kubernetes-commit: 88f47b4b4df2f099cc20381fdc0fbcfe0afcee8e
 2024-07-18 09:29:24 +02:00
Kubernetes Publisher 1ae3792914 Merge pull request #126139 from enj/enj/i/revert_list_cache 
Revert "Move ConsistentListFromCache to Beta default"

Kubernetes-commit: c3bcd4fff06566886f36d6e59536b3d00a69a637
 2024-07-17 19:10:06 +00:00
Monis Khan 17ba1a9a64 Revert "Move ConsistentListFromCache to Beta default" 
This reverts commit 0c0e19b343d48d4bea0e7fa735e3781c70298a34.

During stress test for SVM controller, the controller is unable to
make a list call due to following error:

resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"

With the feature disabled, the stress test passes.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: aeb51a16e369d5b823a8ae6488d1d5e12c683516
 2024-07-16 23:12:16 -04:00