github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
116,902 Commits 1 Branch 31 Tags 1,019 MiB
2ee01fb673
Commit Graph

1287 Commits

Author SHA1 Message Date
Dr. Stefan Schimanski
764da8a01d
FIXUP: cmd/kube-apiserver/app/options: split apart controlplane part 2023-06-26 21:50:38 +02:00
Dr. Stefan Schimanski
1b3779baa0
MOVE: cmd/kube-apiserver/app/options: split apart controlplane part 2023-06-26 21:50:37 +02:00
Dr. Stefan Schimanski
6e079545c4
cmd/kube-apiserver: move options completion into options package 2023-06-26 15:20:40 +02:00
Dr. Stefan Schimanski
77cf37ee54
STRUCTURE: cmd/kube-apiserver: move admission construction back from controlplane 2023-06-07 10:11:04 +03:00
Dr. Stefan Schimanski
7961812bed
STRUCTURE: cmd/kube-apiserver: move OpenAPI construction back from controlplane 2023-06-07 10:11:04 +03:00
Dr. Stefan Schimanski
43be9c3a0a
MOVE: cmd/kube-apiserver: move genericapiserver construction into controlplane package 2023-06-07 10:11:04 +03:00
Dr. Stefan Schimanski
9be6e7bb33
STRUCTURE: cmd/kube-apiserver/app: stratify construction with options/config/server 2023-06-07 10:05:43 +03:00
Dr. Stefan Schimanski
e6ed4c7934
CLEANUP: cmd/kube-apiserver/app: remove trivial funcs 2023-06-07 10:05:43 +03:00
Dr. Stefan Schimanski
f7d4e90b5c
MOVE: cmd/kube-apiserver/app.createAPIExtensionsConfig -> pkg/controlplane 2023-06-07 10:05:43 +03:00
Dr. Stefan Schimanski
e9e4acb1dd
k8s.io/apiserver: remove skewed completion from EtcdOptions 2023-06-06 08:32:34 +03:00
Dr. Stefan Schimanski
f351c6d1ec
k8s.io/apiserver: apply storage object count tracker implicitly 2023-06-02 20:24:06 +02:00
Jordan Liggitt
e4102d5e30
Test APIService safe handling at startup 2023-05-18 12:17:37 -04:00
Jordan Liggitt
3be3997193
Fix waiting for CRD sync at server start 2023-05-18 11:07:53 -04:00
Joe Betz
f0f92853ad Add api-machinery TL owners permissions for jpbetz 2023-05-15 11:09:54 -04:00
Daniel Smith
1ffe3f467e lavalamp is taking a long break 2023-05-11 16:43:38 +00:00
Kubernetes Prow Robot
98cf297e57
Merge pull request #117391 from catandcoder/master 
fix doc mismatch
 2023-05-06 08:35:17 -07:00
Alexander Zielenski
ffb9c076d7 add OpenAPIV3 config to tests and server options 2023-05-01 13:18:44 -07:00
cui fliter
1359ebcc5b fix doc mismatch 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-04-16 18:29:45 +08:00
Andy Goldstein
432a3016a4 Revert "Merge pull request #113151 from ncdc/refactor-crd-conversion" 
This reverts commit f524d765f4, reversing
changes made to c2b5457dfa.
 2023-04-13 11:27:39 -04:00
Kubernetes Prow Robot
61457b939d
Merge pull request #116648 from ncdc/admission-clients 
admission ApplyTo: take in clients
 2023-04-11 18:18:41 -07:00
Taahir Ahmed
6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
 2023-03-15 20:10:18 -07:00
Andy Goldstein
364b66ddd6
admission ApplyTo: take in clients 
Change admission ApplyTo() to take in clients instead of a rest.Config.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
 2023-03-15 11:15:49 -04:00
Antonio Ojea
811c2f50a1 remove apiserver limitations 
Change-Id: I97b35d912ba5d86857cf82d3eddd65b648030005
 2023-03-14 22:58:11 +00:00
Patrick Ohly
29941b8d3e api: resource.k8s.io v1alpha1 -> v1alpha2 
For Kubernetes 1.27, we intend to make some breaking API changes:
- rename PodScheduling -> PodSchedulingHints (https://github.com/kubernetes/kubernetes/issues/114283)
- extend ResourceClaimStatus (https://github.com/kubernetes/enhancements/pull/3802)

We need to switch from v1alpha1 to v1alpha2 for that.
 2023-03-14 07:52:03 +01:00
Jiahui Feng
feb18b3f5f implmementing type checking 
with multi-type support.
 2023-03-07 15:49:19 -08:00
Kubernetes Prow Robot
2e3c5003b9
Merge pull request #115630 from Jefftree/agg-discovery-metrics 
Add metrics for aggregated discovery
 2023-03-10 07:44:41 -08:00
Kubernetes Prow Robot
c58c1efd03
Merge pull request #112882 from pintuiitbhi/comment 
apiserver: grammar correction of comment
 2023-03-09 21:32:54 -08:00
Jefftree
387d97605e Add metrics for aggregated discovery 2023-03-09 17:24:02 +00:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Alexander Zielenski
c485cb2435 supply OpenAPIV3Config unconditionally 
the handlers are still gated, but OpenAPIV3 is required for SSA
 2023-02-28 13:29:57 -08:00
Monis Khan
754cb3d601
kubelet/client: collapse transport wiring onto standard approach 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-02-06 20:34:49 -05:00
TommyStarK
527b905aaa cmd/kubeapiserver: Clean code, avoid unnecessary condition, avoid non-nil but zero-length slice 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-06 18:03:41 +01:00
Jordan Liggitt
78cb3862f1
Fix indentation/spacing in comments to render correctly in godoc 2022-12-17 23:27:38 -05:00
Andy Goldstein
0bdcb93b06 Create new conversion Factory interface 
Create a new conversion Factory interface for CRDs, and split out
NewDelegatingConverter as a standalone package-level function, instead
of being part of CRConverterFactory.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
 2022-12-13 14:38:21 -05:00
Kubernetes Prow Robot
6d823a3815
Merge pull request #113823 from TommyStarK/unit-tests/cmd-kube-apiserver-app-options 
cmd/kube-apiserver/app/options: Improving test coverage
 2022-12-09 14:34:33 -08:00
TommyStarK
44c94f98b6 fix typo in cmd/kube-apiserver/app/options/validation_test.go 
Put back test case that was dropped by mistake.

Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2022-11-16 19:25:31 +01:00
Kubernetes Prow Robot
d1c0171aed
Merge pull request #111023 from pohly/dynamic-resource-allocation 
dynamic resource allocation
 2022-11-11 16:21:56 -08:00
Alexander Zielenski
3c68fe6596 fix aggregated discovery version sorting 
add test for level based priorities
 2022-11-10 17:16:14 -08:00
Patrick Ohly
5cca60f0b8 api: dynamic resource allocation API 
This adds a new resource.k8s.io API group with v1alpha1 as version. It contains
four new types: resource.ResourceClaim, resource.ResourceClass, resource.ResourceClaimTemplate, and
resource.PodScheduling.
 2022-11-10 20:08:24 +01:00
TommyStarK
47fdbd97d3 cmd/kube-apiserver/app/options: Improving test coverage 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2022-11-10 16:20:20 +01:00
Kubernetes Prow Robot
8058e8eff8
Merge pull request #113171 from Jefftree/aggregated-discovery-generic 
Aggregated discovery server changes
 2022-11-09 00:08:12 -08:00
Kubernetes Prow Robot
e62cfabf93
Merge pull request #112050 from nilekhc/kms-hot-reload 
Implements hot reload of the KMS `EncryptionConfiguration`
 2022-11-08 17:24:12 -08:00
Alexander Zielenski
b64df605b4 add aggregated-apiservices to aggregated discovery 
Co-authored-by: Jeffrey Ying <jeffrey.ying86@live.com>
 2022-11-08 14:44:50 -08:00
Alexander Zielenski
6e83f67505 add new aggregated resourcemanager to genericapiserver 
Co-authored-by: Jeffrey Ying <jeffrey.ying86@live.com>
 2022-11-08 14:44:49 -08:00
Nilekh Chaudhari
761b7822fc
feat: implements kms encryption config hot reload 
This change enables hot reload of encryption config file when api server
flag --encryption-provider-config-automatic-reload is set to true. This
allows the user to change the encryption config file without restarting
kube-apiserver. The change is detected by polling the file and is done
by using fsnotify watcher. When file is updated it's process to generate
new set of transformers and close the old ones.

Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2022-11-08 21:47:59 +00:00
Kubernetes Prow Robot
3a99a5954d
Merge pull request #113629 from andrewsykim/apiserver-identity-beta 
Promote APIServerIdentity to Beta
 2022-11-08 12:43:10 -08:00
Kubernetes Prow Robot
595ea32411
Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Andrew Sy Kim
02020b20e7 kube-apiserver: remove flags --identity-lease-duration-seconds and --identity-lease-renew-interval-seconds 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-07 19:36:22 -05:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Kubernetes Prow Robot
b1dd1cd2f1
Merge pull request #113529 from enj/enj/i/kms_single_healthz 
kms: add wiring to support automatic encryption config reload
 2022-11-07 11:20:42 -08:00