github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2026-02-22 16:13:41 +00:00
Code Issues Projects Releases Wiki Activity
5,236 Commits 35 Branches 1,542 Tags
a48da785a9ed0beceb393c56286ccde1ff697243
Commit Graph

5236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Publisher
a48da785a9 Merge pull request #129332 from pohly/log-client-go-clientcmd 
client-go command: structured, contextual logging

Kubernetes-commit: 1c9da264ab83ac34efd0422711e1a222ffcb1b03
 2026-01-28 13:44:55 +00:00
Kubernetes Publisher
67189d0e25 Merge pull request #136582 from yongruilin/master_kubeopenapi-format 
Bump k8s.io/kube-openapi to latest and enable numeric format validation

Kubernetes-commit: b90909e4325d5375af7deb190585a5e9885c288d
 2026-01-28 01:44:00 +00:00
yongruilin
2d1d3a8458 Bump k8s.io/kube-openapi to latest 
Kubernetes-commit: 65b579a036fa3b230f9c5e22d449fe9e4790078e
 2026-01-27 21:39:39 +00:00
Kubernetes Publisher
146146cf95 Merge pull request #136574 from pohly/revert-129344-log-client-go-apimachinery-network-util 
Revert "apimachinery: contextual logging in network util code"

Kubernetes-commit: 99a2c5c6346ad84976f9bda40034670a97950f24
 2026-01-27 17:44:25 +00:00
Patrick Ohly
b0c7207279 Revert "apimachinery: contextual logging in network util code" 
Kubernetes-commit: 9d65b9be20e5ee0a4ef34f0ba071d35987da4ab0
 2026-01-27 17:21:02 +01:00
Kubernetes Publisher
5b20bd05fc Merge pull request #136441 from kannon92/remove-alpha-api-dra 
remove alpha comments for GA or beta resource fields

Kubernetes-commit: be658b44f32ee69146505094ac3a03418832f9b6
 2026-01-27 17:44:24 +00:00
Kevin Hannon
0c949f1da7 remove alpha comments for GA or beta DRA fields 
Kubernetes-commit: 159eb4cd7719a1c5de2c332e811a2b598ee1a4d2
 2026-01-22 17:03:40 -05:00
Kubernetes Publisher
c5e14be254 Merge pull request #136410 from michaelasp/addToReviewer 
Add michaelasp to client-go/tools/cache reviewers

Kubernetes-commit: 290b358acda398439f0fb6ad027b59b45777d6fa
 2026-01-22 05:49:06 +00:00
Michael Aspinwall
36db2c5c73 Add michaelasp to client-go cache reviewers 
Kubernetes-commit: 8418cf16d7d918804db1b040338ffc3c164cff8d
 2026-01-21 21:46:59 +00:00
Kubernetes Publisher
511abf454d Merge pull request #136362 from dims/update-opentelemetry-v1.39.0 
Update OpenTelemetry dependencies to latest versions

Kubernetes-commit: 69eb15ee58c9cb20b90007e9b064dfb78b66a867
 2026-01-21 21:43:59 +00:00
Kubernetes Publisher
98fd4cc5ca Merge pull request #136264 from michaelasp/unlockWhileProcess 
Ensure that processing does not block queue writers in RealFIFO

Kubernetes-commit: dff962ddbb0f5928086029e45a2fa63c28341c57
 2026-01-21 21:43:57 +00:00
Davanum Srinivas
51d0341059 Update OpenTelemetry dependencies to latest versions 
Core packages (opentelemetry-go):
- go.opentelemetry.io/otel: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/metric: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/trace: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/sdk: v1.38.0 → v1.39.0

Exporters:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.34.0 → v1.39.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.34.0 → v1.39.0

Contrib instrumentation (opentelemetry-go-contrib):
- go.opentelemetry.io/contrib/.../otelhttp: v0.61.0 → v0.64.0
- go.opentelemetry.io/contrib/.../otelrestful: v0.44.0 → v0.64.0

Protocol definitions (opentelemetry-proto-go):
- go.opentelemetry.io/proto/otlp: v1.5.0 → v1.9.0

Notable changes:
- Go 1.24 is now the minimum required version (Go 1.23 support dropped) for OTEL components
- Performance: ~4x improvement in histogram concurrent operations; xxhash
  replaces fnv for attribute hashing
- Fixed goroutine leak in span processors when context is canceled
- otelrestful migrated semantic conventions from v1.20.0 to v1.34.0
  (e.g., http.method → http.request.method)
- Partial OTLP export errors now surfaced instead of being silently dropped
- otelrestful no longer depends on json-iterator/go, modern-go/concurrent,
  or modern-go/reflect2; unwanted-dependencies.json updated accordingly

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: c40ea60b9f193fbead586f9fd6cc26f7b77312ff
 2026-01-20 17:20:21 -05:00
Kubernetes Publisher
ff70f47ee2 Merge pull request #135322 from carlory/rm-portworx 
[1.36] Remove intree volume plugin portworx

Kubernetes-commit: d047572e817aafc3af859c191d79d954cf1855d9
 2026-01-19 17:43:40 +00:00
Michael Aspinwall
914300b800 Add benchmarks for adding objects with slow handlers 
Kubernetes-commit: 082f38d97bb68e77347b48dd5b29023b1a357373
 2026-01-16 00:47:09 +00:00
Michael Aspinwall
f5283a4822 Ensure that processing does not block queue writers 
Kubernetes-commit: 40c01b99a7bac05f6de438d67dd20a60333a0ac4
 2026-01-16 00:46:52 +00:00
carlory
9cbf88a315 run hack/update-vendor.sh 
Signed-off-by: carlory <baofa.fan@daocloud.io>

Kubernetes-commit: 299ec97e6fa2295ccc14d22f501280164377914a
 2025-11-13 10:54:21 +08:00
Kubernetes Publisher
1a68af1383 Merge pull request #136212 from dims/update-security-deps-jan2026-v2 
Update security and stability dependencies

Kubernetes-commit: a94970c0c5de0fa56b0ed82823850db7e0257685
 2026-01-16 13:31:47 +00:00
Davanum Srinivas
95129d1f2f Update security and stability dependencies 
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.

- golang.org/x/crypto: v0.46.0 -> v0.47.0
  - Includes latest X509 root certificate bundle updates
  - Security hardening for cryptographic operations
  - Foundation dependency for TLS and authentication

- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
  - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
    validation security issue) - this update ensures we have the fix
  - Adds multiple audience validation support for JWT tokens
  - Go 1.21 minimum requirement (code modernization)
  - Replaced legacy interface{} with modern any keyword

- golang.org/x/net: v0.48.0 -> v0.49.0
  - HTTP/2 priority scheduler improvements (RFC 9218)
  - WebSocket security enhancements
  - Network layer stability fixes

- go.uber.org/zap: v1.27.0 -> v1.27.1
  - Fix: Prevent Object from panicking on nils (PR #1501)
  - Fix: Race condition in WithLazy (PR #1511)
  - Both fixes improve logging stability in concurrent scenarios

- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
  - Security: Disabled SHA1 authentication by default on non-Windows
    platforms (v5.2.0 change now inherited)
  - Performance: Multiple optimizations reducing memory allocations
  - Fix: Alignment issues in decoder operations
  - Fix: Allow more than 32 containers/struct fields in a signature

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 5b478645cdb3be5ed92a21d2f7b417b6328cfa6e
 2026-01-13 23:08:03 -05:00
Kubernetes Publisher
518241d079 Merge pull request #136008 from michaelasp/atomicResync 
Add atomic resync operation for real fifo

Kubernetes-commit: b82b03b9240e13b72635a39304b352afdf6a1fde
 2026-01-16 01:32:19 +00:00
Michael Aspinwall
2f59c18c8b Add atomic resync and remove usage of store in FIFO 
Kubernetes-commit: 6fbaebc054fc61f4775bb3a803beba7e924e266b
 2026-01-15 20:22:36 +00:00
Kubernetes Publisher
24e4401379 Merge pull request #136143 from pohly/client-go-fake-list-and-watch-fix 
client-go testing: fix List+Watch support

Kubernetes-commit: 8392659d3c90fea03be805968b53ec7a05dea183
 2026-01-15 17:32:16 +00:00
Kubernetes Publisher
14e71d2850 Merge pull request #135462 from michaelasp/atomicReplace 
Add atomic replace in client-go

Kubernetes-commit: 8322d26d1f0384f98baf6b640af58a471eb66f19
 2026-01-15 01:32:08 +00:00
Michael Aspinwall
aad3a6de89 Add support for ReplacedAll delta handling 
Kubernetes-commit: 3d585f1c500be795dfaf24e2c6a7b024986481c1
 2026-01-14 13:46:37 -05:00
Michael Aspinwall
0a8284b969 Plumb AtomicFIFO options into controller/store construction 
Kubernetes-commit: 022fec7ba8b0e2c71e1f38634a31f296d0090b31
 2026-01-14 13:23:12 -05:00
Michael Aspinwall
06f647297d Add AtomicFIFO feature gate 
Kubernetes-commit: 9e25c19199ece559f91615cc70947da64e740fce
 2026-01-14 12:39:28 -05:00
Michael Aspinwall
2cb222485f Guard against unexpected delta types in batch processing 
Kubernetes-commit: 64f780c1ecd7e9ec0989cb3ebd584cd9249a4c8c
 2026-01-14 12:41:04 -05:00
Michael Aspinwall
14f3889b62 Make PopBatch process a single-item batch identically to Pop 
Kubernetes-commit: b8470beda4e4a17ad38e9a58ce86c96f420bb720
 2026-01-14 13:18:37 -05:00
Michael Aspinwall
759b00eb22 Expand controller unit test coverage 
Kubernetes-commit: 1c29ee7e7b5e039b8df1a5cb75798c0359ca73d9
 2026-01-14 13:08:26 -05:00
Michael Aspinwall
4678a135e1 Plumb keyFunc to informer/controller/delta handling 
Kubernetes-commit: 4171c8cff8e79d3624f7e3bc83513fbec1671a24
 2026-01-14 13:04:31 -05:00
Michael Aspinwall
c38fc0fb1f Refactor RealFIFO#Replace delete/update handling to reconcileReplacement 
Kubernetes-commit: b94e610244ea8e37bcade7eec7e77be0ff61e572
 2026-01-14 12:56:32 -05:00
Michael Aspinwall
f3701130c2 Fix Replaced delta documentation 
Kubernetes-commit: ebd6959b126bad49c305d8088103455ce13241b2
 2026-01-14 12:45:13 -05:00
Michael Aspinwall
548663c679 Refactor delta addition/clearing 
Kubernetes-commit: 2dad39751d993757b3f218fda93a380a450a2257
 2026-01-14 12:44:38 -05:00
Patrick Ohly
bb190d443d client-go testing: start ResourceVersion at 1 for empty set 
List should never return "0", that has a special meaning in queries.

Kubernetes-commit: 3783a720e7278466859fe140d2bfbbfb054f5313
 2026-01-14 12:19:32 +01:00
Patrick Ohly
70ee41c382 client-go testing: include event handler in List+Watch unit test 
The event handler must receive both object (the initial one from List, the
newer one from Watch) and it must be considered synced.

Kubernetes-commit: 359aff0552ed3b60d544158e5edf33d28492f01a
 2026-01-14 11:57:24 +01:00
Kubernetes Publisher
d8ad3ab106 Merge pull request #136162 from dims/update-security-deps-jan2026 
Update security-critical authentication and protobuf dependencies

Kubernetes-commit: c29a5d73a6fd04896033fe615c259f2949c5e94f
 2026-01-14 01:31:55 +00:00
Davanum Srinivas
179e2aab49 Update security-critical authentication and protobuf dependencies 
This PR updates security-critical dependencies addressing authentication
and data parsing vulnerabilities.

**Authentication Security:**
- github.com/coreos/go-oidc: v2.3.0 -> v2.5.0
  - Security fix: Now verifies token signature BEFORE validating payload
  - Prevents potential processing of tampered tokens before cryptographic
    verification

- github.com/cyphar/filepath-securejoin: v0.6.0 -> v0.6.1
  - Security fix: Fixed seccomp fallback logic - library now properly falls
    back to safer O_PATH resolver when openat2(2) is denied by seccomp-bpf
  - Fixed file descriptor leak in openat2 wrapper during RESOLVE_IN_ROOT

- cyphar.com/go-pathrs: v0.2.1 -> v0.2.2
  - Companion update to filepath-securejoin

**Protobuf Security:**
- google.golang.org/protobuf: v1.36.8 -> v1.36.11
  - Security fix: Added recursion limit check in lazy decoding validation
  - Prevents potential stack exhaustion attacks via maliciously crafted
    protobuf messages
  - Also adds support for URL chars in type URLs in text-format

These updates are critical for:
- OIDC authentication in kube-apiserver
- Container filesystem path resolution (used by container runtimes)
- Protobuf message parsing throughout the codebase

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: c825d80bbf2c82666192c329478a686fa3a1d5dc
 2026-01-11 16:50:37 -05:00
Kubernetes Publisher
0b06cf5bf0 Merge pull request #129344 from pohly/log-client-go-apimachinery-network-util 
apimachinery: contextual logging in network util code

Kubernetes-commit: c6be0527684a967c1b0dd14486ae2241832723f0
 2026-01-13 21:32:02 +00:00
Kubernetes Publisher
934ba1dfa5 Merge pull request #136161 from dims/update-golang-x-deps-jan2026 
Update golang.org/x dependencies to latest versions

Kubernetes-commit: 1c894014ebe25e0b042efa91698284f527493d90
 2026-01-13 01:36:55 +00:00
Davanum Srinivas
07c57c562d Update golang.org/x dependencies to latest versions 
updates the golang.org/x package family to newer releases:

- golang.org/x/crypto: v0.45.0 -> v0.46.0
- golang.org/x/net: v0.47.0 -> v0.48.0
- golang.org/x/sys: v0.38.0 -> v0.40.0
- golang.org/x/time: v0.9.0 -> v0.14.0
- golang.org/x/oauth2: v0.30.0 -> v0.34.0
- golang.org/x/text: v0.31.0 -> v0.33.0
- golang.org/x/term: v0.37.0 -> v0.39.0
- golang.org/x/sync: v0.18.0 -> v0.19.0
- golang.org/x/mod: v0.29.0 -> v0.32.0
- golang.org/x/tools: v0.38.0 -> v0.40.0
- golang.org/x/exp: 8a7402abbf56 -> 944ab1f22d93

Security & Stability:
- x/crypto: Updated X509 root certificate bundle
- x/net: HTTP/2 PING optimization to reduce DoS detection triggers,
  data race fix in trace RenderEvents
- x/sys: Fixed out-of-bounds memory access in sockaddrIUCVToAny
- x/time: Fixed rate limiter overflow when using very low rates that
  could cause the limiter to jam open

Performance:
- x/time: ~19% improvement in Sometimes.Do when no interval configured

Maintenance:
- Various vet diagnostic fixes for Go 1.26 compatibility
- Dependency updates across the golang.org/x ecosystem

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 0e67c56a8f26ace2889fd24e098b78e13f9bbffe
 2026-01-11 16:25:45 -05:00
Patrick Ohly
42c6ae81ab client-go testing: fix List+Watch support 
56448506075c3db1d added support for List+Watch to a fake client-go instance.
However, that support was not quite working yet as seen when analyzing a test
flake:

- List returned early when there were no objects, without adding the
  ResourceVersion. The ResourceVersion should have been "0" instead.
- When encountering "" as ResourceVersion, Watch didn't deliver
  any objects. That was meant to preserve compatibility with clients
  which don't expect objects from a Watch, but the right semantic of
  "" is "Start at most recent", which includes delivering existing
  objects.

Tests which meddle with the List implementation via a reactor (like
clustertrustbundlepublisher) have to be aware that Watch now may
return objects when given an empty ResourceVersion.

Kubernetes-commit: 6bfa727bee264f5d7e4471066c1b48a28d0c1929
 2026-01-09 16:54:10 +01:00
Kubernetes Publisher
811a272277 Merge pull request #136108 from pohly/ginkgo-gomega-update 
dependencies: ginkgo v2.27.4, gomega v1.39.0

Kubernetes-commit: 758ef0ffbce5cbca7a893d839dde892d79c2738f
 2026-01-08 22:43:17 +00:00
Patrick Ohly
2e32132ba0 dependencies: ginkgo v2.27.4, gomega v1.39.0 
Latest release of both. The CurrentTreeConstructionNodeReport fix
is needed before being able to use it in the E2E framework.

Kubernetes-commit: f8a0c80ed81711f6add7a765d22b56d2d41ac522
 2026-01-08 16:53:03 +01:00
Kubernetes Publisher
52d9854c37 Merge pull request #136068 from aojea/leader_race_time 
fix leader election data race reading observedtime

Kubernetes-commit: 0f4705e12e12439b37e81ea6df2318def4b4a2c5
 2026-01-07 18:34:00 +00:00
Kubernetes Publisher
2f784525d5 Merge pull request #135959 from pohly/client-go-testing-list-and-watch-race 
client-go testing: support List+Watch with ResourceVersion

Kubernetes-commit: fe36b79c2ab54cd7cc10733ca50e5642e2304f86
 2026-01-07 14:33:55 +00:00
Kubernetes Publisher
736bd66226 Merge pull request #132145 from inkel/inkel/client-go/improve-bearerauthrt-roundtrip-perf 
fix(client): Concatenate string instead of using `fmt.Sprintf`

Kubernetes-commit: ed17ca808f5db19c9309ffa32694885d2f30ca7a
 2026-01-07 14:33:53 +00:00
Antonio Ojea
7761b3a081 leaderelection RWlock 
We need to lock on observedTime reads to avoid races, before we were
only locking to read the observed record.

Use a RW lock since there are much more reads that writes.

Kubernetes-commit: d5ac0e408a0a1e50197e1b599b9b8b2e505bfe46
 2026-01-07 13:16:25 +00:00
Kubernetes Publisher
65de5216f1 Merge pull request #134798 from aditigupta96/fix-runwithcontext-apimachinery 
apimachinery: Use informer.RunWithContext in various components

Kubernetes-commit: 6af6361e3b6a5eafc8349b05227afff54e0594ed
 2026-01-07 02:39:25 +00:00
Kubernetes Publisher
c9ded7e60b Merge pull request #136053 from tchap/kcm-leader-election-thread-mgmt 
leasecandidate: Improve goroutine management

Kubernetes-commit: 3edae6c1c49958fd10a708d9cc8c4c9e7f5fb6e8
 2026-01-06 20:59:08 +05:30
Ondra Kupka
0728b482e1 leasecandidate: Improve goroutine management 
Make sure all goroutines are terminated when Run returns.

Kubernetes-commit: 498896ec4270b790e971a6fb01a292aa4c8cdfe0
 2026-01-06 10:43:05 +01:00
Patrick Ohly
58e70dff3d client-go testing: support List+Watch with ResourceVersion 
Quite a lot of unit tests set up informers with a fake client, do
informerFactory.WaitForCacheSync, then create or modify objects. Such tests
suffered from a race: because the fake client only delivered objects to the
watch after the watch has been created, creating an object too early caused
that object to not get delivered to the informer.

Usually the timing worked out okay because WaitForCacheSync typically slept a
bit while polling, giving the Watch call time to complete, but this race has
also gone wrong occasionally. Now with WaitForCacheSync returning more promptly
without polling (work in progress), the race goes wrong more often.

Instead of working around this in unit tests it's better to improve the fake
client such that List+Watch works reliably, regardless of the timing. The fake
client has traditionally not touched ResourceVersion in stored objects and
doing so now might break unit tests, so the added support for ResourceVersion
is intentionally limited to List+Watch.

The test simulates "real" usage of informers. It runs in a synctest bubble and
completes quickly:

    go  test -v .
    === RUN   TestListAndWatch
        listandwatch_test.go:67: I0101 01:00:00.000000] Listed configMaps="&ConfigMapList{ListMeta:{ 1  <nil>},Items:[]ConfigMap{ConfigMap{ObjectMeta:{cm1  default    0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []},Data:map[string]string{},BinaryData:map[string][]byte{},Immutable:nil,},},}" err=null
        listandwatch_test.go:79: I0101 01:00:00.000000] Delaying Watch...
        listandwatch_test.go:90: I0101 01:00:00.100000] Caches synced
        listandwatch_test.go:107: I0101 01:00:00.100000] Created second ConfigMap
        listandwatch_test.go:81: I0101 01:00:00.100000] Continuing Watch...
    --- PASS: TestListAndWatch (0.00s)
    PASS
    ok  	k8s.io/client-go/testing/internal	0.009s

Some users of the fake client need to be updated to avoid test failures:
- ListMeta comparisons have to be updated.
- Optional: pass ListOptions into tracker.Watch. It's optional because
  the implementation behaves as before when options are missing,
  but the List+Watch race fix only works when options are passed.

Kubernetes-commit: 56448506075c3db1d16b5bbf0c581b833a4646f1
 2025-12-27 21:57:54 +01:00