Automated cherry pick of #117495: Use absolute path instead requestURI in openapiv3 discovery
Kubernetes-commit: 110415e329c4aabdff9fb4eed7a5d6aa064e7a04
Currently, openapiv3 discovery uses requestURI to discover resources.
However, that does not work when the rest endpoint contains prefixes
(e.g. `http://localhost/test-endpoint/`).
Because requestURI overwrites prefixes also in rest endpoint
(e.g. `http://localhost/openapiv3/apis/apps/v1`).
Since `absPath` keeps the prefixes in the rest endpoint,
this PR changes to absPath instead requestURI.
Kubernetes-commit: ee1d7eb5d82f3b2a76afc57bc33bc7e08c34bf27
* Add custom match conditions for CEL admission
This PR is based off of, and dependent on the following PR:
https://github.com/kubernetes/kubernetes/pull/116261
Signed-off-by: Max Smythe <smythe@google.com>
* run `make update`
Signed-off-by: Max Smythe <smythe@google.com>
* Fix unit tests
Signed-off-by: Max Smythe <smythe@google.com>
* Fix unit tests
Signed-off-by: Max Smythe <smythe@google.com>
* Update compatibility test data
Signed-off-by: Max Smythe <smythe@google.com>
* Revert "Update compatibility test data"
This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.
* Allow params during validation; make match conditions optional
Signed-off-by: Max Smythe <smythe@google.com>
* Add conditional ignoring of matcher CEL expression validation on update
Signed-off-by: Max Smythe <smythe@google.com>
* Run codegen
Signed-off-by: Max Smythe <smythe@google.com>
* Add more validation tests
Signed-off-by: Max Smythe <smythe@google.com>
* Short-circuit CEL matcher when no matchers specified
Signed-off-by: Max Smythe <smythe@google.com>
* Run codegen
Signed-off-by: Max Smythe <smythe@google.com>
* Address review comments
Signed-off-by: Max Smythe <smythe@google.com>
---------
Signed-off-by: Max Smythe <smythe@google.com>
Kubernetes-commit: e5fd204c33e90a7e8f5a0ee70242f1296a5ec7af
* api changes adding match conditions
* feature gate and registry strategy to drop fields
* matchConditions logic for admission webhooks
* feedback
* update test
* import order
* bears.com
* update fail policy ignore behavior
* update docs and matcher to hold fail policy as non-pointer
* update matcher error aggregation, fix early fail failpolicy ignore, update docs
* final cleanup
* openapi gen
Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
They contain some nice-to-have improvements (for example, better printing of
errors with gomega/format.Object) but nothing that is critical right now.
"go mod tidy" was run manually in
staging/src/k8s.io/kms/internal/plugins/mock (https://github.com/kubernetes/kubernetes/pull/116613
not merged yet).
Kubernetes-commit: fe59e091eb3331db54cff2351f16eabfe0cb681d
The structure of the error is changing, and we don't guarantee
reflect.DeepEqual(...) will remain true for ErrWaitTimeout currently.
Kubernetes-commit: 8d4004bbc77d012642db97e09238f4f65a926bca
Without this change, sometimes leaked goroutines were reported for
test/integration/scheduler_perf. The one that caused the cleanup to get delayed
was this one:
goleak.go:50: found unexpected goroutines:
[Goroutine 2704 in state chan receive, 2 minutes, with k8s.io/client-go/tools/cache.(*Reflector).watch on top of the stack:
goroutine 2704 [chan receive, 2 minutes]:
k8s.io/client-go/tools/cache.(*Reflector).watch(0xc00453f590, {0x0, 0x0}, 0x1f?, 0xc00a128080?)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:388 +0x5b3
k8s.io/client-go/tools/cache.(*Reflector).ListAndWatch(0xc00453f590, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:324 +0x3bd
k8s.io/client-go/tools/cache.(*Reflector).Run.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:279 +0x45
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0xc007aafee0)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:157 +0x49
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0xc003e18150?, {0x75e37c0, 0xc00389c280}, 0x1, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:158 +0xcf
k8s.io/client-go/tools/cache.(*Reflector).Run(0xc00453f590, 0xc006e94900)
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/client-go/tools/cache/reflector.go:278 +0x257
k8s.io/apimachinery/pkg/util/wait.(*Group).StartWithChannel.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:58 +0x3f
k8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:75 +0x74
created by k8s.io/apimachinery/pkg/util/wait.(*Group).Start
/nvme/gopath/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:73 +0xe5
watch() was stuck in an exponential backoff timeout. Logging confirmed that:
I0309 21:14:21.756149 1572727 reflector.go:387] k8s.io/client-go/informers/factory.go:150: watch of *v1.PersistentVolumeClaim returned Get "https://127.0.0.1:38269/api/v1/persistentvolumeclaims?allowWatchBookmarks=true&resourceVersion=1&timeout=7m47s&timeoutSeconds=467&watch=true": dial tcp 127.0.0.1:38269: connect: connection refused - backing off
Kubernetes-commit: b4751a52d53d4acc6a5ce3e796938c9a12f81fcb
