github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,748 Commits 1 Branch 31 Tags 1,019 MiB
48daa91857
Commit Graph

255 Commits

Author SHA1 Message Date
cici37
de506ce7ac Promote ValidatingAdmissionPolicy to GA. 2024-03-05 16:00:21 -08:00
Tim Hockin
b3dd724174
Remove dep on set-gen: gone in gengo/v2 2024-02-29 22:06:18 -08:00
Jordan Liggitt
5dc92ada06
Implement authz config file reloading 2024-02-14 18:09:15 -05:00
Paco Xu
f73bba51c9 flowcontrol: set the serialization version to v1 2023-12-25 14:24:50 +08:00
weilaaa
eb8f3f194f use build-in max and min func to instead of k8s.io/utils/integer funcs 2023-12-15 15:09:11 +08:00
Antonio Ojea
99f7df3e1c improve default_servicecidr_controller startup 
The default service-cidr controller blocks the apiserver because it
needs to create the default ServiceCIDR so Services can be allocated.

If the apiserver is started without the default ServiceCIDR any attempt
to createa  new Service will fail, and this is a breaking change for
users and installers that does not retry on this operation.

Instead of using a channel to signal the controller is ready, just
implement two loops, a first one that verifies that is ready and that
polls with a shorted interval, and leave the second loop with the
existing interval.

Change-Id: I54303af9faeaa9c5cce2a840b6b7b0320cd2f4ad
 2023-11-14 23:31:58 +00:00
Jordan Liggitt
264cd64824
Run RBAC hook correctly when running from authz config file 2023-11-08 14:36:01 -06:00
Jordan Liggitt
1f40e0916e
Only default mode to AlwaysAllow when config file is unspecified 2023-11-08 11:24:28 -06:00
Antonio Ojea
7e87806fab default_servicecidr_controller: use new ServiceCIDR API 
Change-Id: I2c53815136e0d985959420911339aacd62e01e78
 2023-10-31 21:05:06 +00:00
Antonio Ojea
3b450378e0 bootstrap controller for default ServiceCIDR 
The bootstrap controller for ServiceCIDR ensures that the default
ServiceCIDR is created from the existing flags.

It follows the same behavior than the kubernetes.default Service,
it only creates the default ServiceCIDR if it doesn't exist, but
does not modify it despite the parameters doesn't match.

review: bootstrap controller for default ServiceCIDR
 2023-10-31 21:05:04 +00:00
Abu Kashem
c7fcef1875
apiserver: set APF featuregate to ga 2023-10-31 08:46:24 -04:00
Abu Kashem
233bc2449d
apiserver: fix apf enablement with runtime-config 2023-10-30 08:18:41 -04:00
Abu Kashem
25aebca8d5
apiserver: add etcd data and storage version hash for apf v1 2023-10-30 07:48:23 -04:00
Abu Kashem
b24dd44904
apiserver: enable apf v1 API 2023-10-30 07:48:22 -04:00
Ben Luddy
83f5b5c240
Deep disablement for APF based on --enable-priority-and-fairness. 
Avoids starting informers or the config-consuming controller when
--enable-priority-and-fairness=false. For kube-apiserver, the config-producing controller runs if
and only if flowcontrol API storage is enabled.
 2023-10-24 17:53:51 -04:00
Kubernetes Prow Robot
722503e9e5
Merge pull request #121390 from wojtek-t/disable_paging 
Remove ability to disable pagination at store level
 2023-10-24 18:55:16 +02:00
Wojciech Tyczyński
b386120da2 Remove storageConfig.Paging parameter 2023-10-20 15:35:58 +02:00
Nabarun Pal
22e5a806a7
Add --authorization-config flag to apiserver 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-10-18 11:58:47 +05:30
Dr. Stefan Schimanski
581af9ba6d
kube-apiserver: use only one client in apiserver controllers 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2023-10-10 16:49:56 +02:00
Kubernetes Prow Robot
6a84edb2ce
Merge pull request #120222 from tkashem/apf-queue-wait-ctx 
apf: manage request queue wait with context in APF Filter
 2023-10-03 11:16:18 +02:00
Kubernetes Prow Robot
ef838ca27c
Merge pull request #120912 from sttts/sttts-cluster-authn-filter 
controller/clusterauthenticationtrust: complete event filter
 2023-09-28 14:21:39 -07:00
Dr. Stefan Schimanski
59ad81a615
controller/clusterauthenticationtrust: complete event filter 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2023-09-27 15:39:58 +02:00
Dr. Stefan Schimanski
6395049176
controlplane: make option structs uniformly optional 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2023-09-27 11:22:37 +02:00
Abu Kashem
11ef9514da
apf: remove RequestWaitLimit from queueset config 2023-09-26 08:55:23 -04:00
Nabarun Pal
108d195595
use AuthorizationConfiguration in kube-apiserver for storing authorizer config 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-09-18 11:33:18 +05:30
Antonio Ojea
3a1a67e33d add aojea as controplane reviewer 
Change-Id: Ie1aa38791c1cf1399c762120e687fedd360f6067
 2023-09-07 21:26:32 +00:00
Kubernetes Prow Robot
440eb7eadb
Merge pull request #119495 from bzsuni/cleanup/api/legacyBetaEnabledByDefaultResources 
remove resource flowschemas and prioritylevelconfigurations from legacyBetaEnabledByDefaultResources in v1.29
 2023-09-07 08:10:58 -07:00
Kubernetes Prow Robot
f68c66f96d
Merge pull request #119142 from aramase/aramase/f/kep_3331_add_feature_flag 
[StructuredAuthenticationConfig] Add feature flag and wire up `--authentication-config` flag
 2023-09-05 13:08:51 -07:00
bzsuni
7c33b78418
remove resource flowschemas and prioritylevelconfigurations for legacyBetaEnabledByDefaultResources in v1.29 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2023-09-04 21:54:51 +08:00
Anish Ramasekar
9e1ff1e512
add loading config and wire feature flag 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-08-30 23:14:56 +00:00
SataQiu
2825519da2 apf: remove v1alpha1 API 2023-08-30 20:48:42 +08:00
Kubernetes Prow Robot
9c25ce6f3e
Merge pull request #119540 from SataQiu/clean-apiserver-20230724 
Remove the deprecated kube-apiserver identity lease garbage collector for k8s.io/component=kube-apiserver
 2023-08-28 10:49:42 -07:00
Kubernetes Prow Robot
df8bfdf55e
Merge pull request #120102 from p0lyn0mial/upstream-storage-etcd-new-params 
storage/factory: extend the Create method by newList and resourcePrefix params
 2023-08-24 05:22:32 -07:00
Lukasz Szaszkiewicz
ccabc01093 storage/factory: extend the Create method by newList and resourcePrefix params 2023-08-24 11:23:05 +02:00
Kubernetes Prow Robot
2e6eafca3f
Merge pull request #119503 from wojtek-t/pagination_ga 
Graduate APIListChunking to GA
 2023-08-23 10:39:29 -07:00
git-jxj
a5b3a4b738
cleanup: Update deprecated FromInt to FromInt32 (#119858) 
* redo commit

* apply suggestions from liggitt

* update Parse function based on suggestions
 2023-08-16 09:33:01 -07:00
Kubernetes Prow Robot
10beda334e
Merge pull request #118399 from skitt/ioutil-sig-api-machinery 
api-machinery: stop using deprecated io/ioutil
 2023-08-15 15:17:05 -07:00
SataQiu
213ed03c00 remove deprecated kube-apiserver identity lease garbage collector 2023-07-25 10:10:18 +08:00
Wojciech Tyczyński
6acfa3cb4a Graduate APIListChunking to GA 2023-07-21 14:09:40 +02:00
Alexander Zielenski
88becfc0ba api: add v1beta1 ValidatingAdmissionPolicy/Binding types and storage 2023-07-20 13:24:09 -07:00
Richa Banker
cd5f3d9f9d Add impl for uvip 2023-07-18 17:36:22 -07:00
carlory
850dc6123a Remove ability to re-enable serving deprecated policyv1beta1 APIs 2023-07-18 10:24:26 +08:00
Antonio Ojea
c5147c91b8 controlplane: kubernetes.default controller stop polling 
the kubernetesservice controller is in charge of reconciling the
kubernetes.default service with the first IP in the service CIDR range
and port 443, it also maintains the Endpoints associated to the Service
using the configure EndpointReconciler.

Until now, the controller was creating the default namespace if it
doesn't exist , and creating the kubernetes.default service if it
doesn't exist too. However, it was polling the Service in each loop,
with this change we reuse the apiserver informers to watch the Service
instead of polling.

It also removes the logic to create the default network namespace, since
this is part of the systemnamespaces controller now.

Change-Id: I70954f8e6309e7af8e4b749bf0752168f0ec2c42
Signed-off-by: Antonio Ojea <aojea@google.com>
 2023-07-13 10:41:06 +00:00
Dr. Stefan Schimanski
a34e06e74c
kube-apiserver/corerest: structure Config 2023-07-11 17:27:20 +02:00
Dr. Stefan Schimanski
75e3576523
kube-apiserver: rewire service controllers: kubernetesservice + IP repair 2023-07-11 17:27:20 +02:00
Dr. Stefan Schimanski
c733c57962
pkg/controlplane: wire core storage as RESTStorageProvider 2023-07-05 16:46:40 +02:00
Dr. Stefan Schimanski
65b34221eb
kube-apiserver: remove IP repair plumbing from kubernetes service controller 2023-07-05 16:45:31 +02:00
Dr. Stefan Schimanski
68aee61d4f
SPLIT: kube-apiserver/corerest: split out service IP setup logic 2023-07-05 11:00:37 +02:00
Dr. Stefan Schimanski
dad3e4d211
SPLIT: kube-apiserver/corerest: split constructor 2023-07-05 09:45:20 +02:00
Kubernetes Prow Robot
68b7685b2a
Merge pull request #119081 from sttts/sttts-public-ip-validation-move 
kube-apiserver: move "public IP matches IP family" check to option validation
 2023-07-04 14:28:54 -07:00