Commit Graph

1266 Commits

Author SHA1 Message Date
Khaled (Kal) Henidak
3e56ddae67 upgrade IPv6DualStack feature to beta and turn on by default 2021-02-10 23:14:05 +00:00
Haowei Cai
dc047b183b storage version integration test: check the test server's health before running
we disabled the /healthz check because our test blocks one post-start
hook from finishing. Instead we should check all the other /healthz/...
endpoints before running the tests
2021-02-02 18:31:53 -08:00
Kubernetes Prow Robot
f81220975e
Merge pull request #98257 from lingsamuel/etcd-lease-max-count
lease manager limit max objects attached to a lease
2021-02-01 14:52:27 -08:00
Michael Taufen
6aa80d9172 Graduate ServiceAccountIssuerDiscovery to GA
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
2021-02-01 11:44:23 -08:00
Ling Samuel
c8db72c38c
api-server add --lease-max-object-count
Signed-off-by: Ling Samuel <lingsamuelgrace@gmail.com>
2021-02-01 18:20:59 +08:00
Kubernetes Prow Robot
1f5c1b6d91
Merge pull request #96722 from adtac/apfvalidation
APF: make command-line args validation error more descriptive
2021-01-11 18:38:37 -08:00
Ling Samuel
7e9fe39cd7
apiserver add metric etcd_lease_object_counts
Signed-off-by: Ling Samuel <lingsamuelgrace@gmail.com>
2021-01-11 21:22:07 +08:00
Antonio Ojea
2e4aed2d4a bind-address flag usage 2020-12-11 18:47:24 +01:00
Ling Samuel
c99567005d
apiserver add --lease-reuse-duration-seconds to config lease reuse duration
Signed-off-by: Ling Samuel <lingsamuelgrace@gmail.com>
2020-12-04 19:19:49 +08:00
Adhityaa Chandrasekar
39fb8ced93 APF: make command-line args validation error more descriptive
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>
2020-11-19 20:37:06 +00:00
yue9944882
849be447f5 APF: graduate API and types to beta
Signed-off-by: Adhityaa Chandrasekar <adtac@google.com>
2020-11-13 23:20:39 +00:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Haowei Cai
1c2d446648 require APIServerIdentity to be enabled to run StorageVersionAPI
without APIServerIdentity enabled, stale apiserver leases won't be GC'ed
and the same for stale storage version entries. In that case the storage
migrator won't operate correctly without manual intervention.
2020-11-08 19:06:30 -08:00
Haowei Cai
b5b93004b5 generated 2020-11-08 18:53:40 -08:00
Chao Xu
fa1805cc5c Add an integration test.
To make sure that the storage version filter can block certain requests until
the storage version updates are completed, and that the apiserver works
properly after the storage version updates are done.
2020-11-08 18:53:40 -08:00
Chao Xu
7218978716 Add a generic filter that blocks certain write requests before
StorageVersions are updated during apiserver bootstrap.

Also add a poststarthook to the aggregator which updates the
StorageVersions via the storageversion.Manager
2020-11-08 18:53:40 -08:00
Kubernetes Prow Robot
281866b35c
Merge pull request #95533 from roycaihw/apiserver-lease-controller
Add kube-apiserver lease controller
2020-11-06 18:09:37 -08:00
Haowei Cai
3761a00e5b add kube-apiserver-lease-controller poststart hook 2020-11-06 13:33:08 -08:00
Kubernetes Prow Robot
8d6829fe1e
Merge pull request #95896 from zshihang/flag
make flags of TokenRequest required
2020-11-05 18:36:50 -08:00
Shihang Zhang
a5021a4ddf make flags of TokenRequest required 2020-11-05 10:40:56 -08:00
Shihang Zhang
4c593b268a default service-account-extend-token-expiration to true 2020-11-05 09:07:01 -08:00
Kubernetes Prow Robot
e0a51c9e6b
Merge pull request #93244 from Sh4d1/etcd_health_timeout
Allow configuration of etcd healthcheck timeout
2020-11-05 01:06:53 -08:00
Kubernetes Prow Robot
d16112f76c
Merge pull request #96052 from wojtek-t/fix_watchcache_size
Disable watchcache for events
2020-11-02 07:30:53 -08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
2020-11-01 10:18:25 -05:00
wojtekt
5a8f94cb30 Disable watchcache for events 2020-10-31 19:51:33 +01:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Kubernetes Prow Robot
1968e96165
Merge pull request #95856 from knight42/refactor/disable-apiserver-insecure-port
refactor(apiserver): disable insecure port
2020-10-29 10:47:58 -07:00
knight42
cfc2b330a7
refactor(apiserver): ignore the insecure flags
Leave the insecure flags intact but stop serving on insecure port.
2020-10-29 23:20:17 +08:00
Kubernetes Prow Robot
8422116039
Merge pull request #95630 from masap/unit_test1
test: Add service cluster IP range unit test
2020-10-27 14:25:57 -07:00
Kubernetes Prow Robot
3d6026499b
Merge pull request #95235 from andrewsykim/controlplane-egress-selector
apiserver: support 'controlplane' as an egress selector type
2020-10-26 14:45:59 -07:00
Khaled Henidak (Kal)
6675eba3ef
dual stack services (#91824)
* api: structure change

* api: defaulting, conversion, and validation

* [FIX] validation: auto remove second ip/family when service changes to SingleStack

* [FIX] api: defaulting, conversion, and validation

* api-server: clusterIPs alloc, printers, storage and strategy

* [FIX] clusterIPs default on read

* alloc: auto remove second ip/family when service changes to SingleStack

* api-server: repair loop handling for clusterIPs

* api-server: force kubernetes default service into single stack

* api-server: tie dualstack feature flag with endpoint feature flag

* controller-manager: feature flag, endpoint, and endpointSlice controllers handling multi family service

* [FIX] controller-manager: feature flag, endpoint, and endpointSlicecontrollers handling multi family service

* kube-proxy: feature-flag, utils, proxier, and meta proxier

* [FIX] kubeproxy: call both proxier at the same time

* kubenet: remove forced pod IP sorting

* kubectl: modify describe to include ClusterIPs, IPFamilies, and IPFamilyPolicy

* e2e: fix tests that depends on IPFamily field AND add dual stack tests

* e2e: fix expected error message for ClusterIP immutability

* add integration tests for dualstack

the third phase of dual stack is a very complex change in the API,
basically it introduces Dual Stack services. Main changes are:

- It pluralizes the Service IPFamily field to IPFamilies,
and removes the singular field.
- It introduces a new field IPFamilyPolicyType that can take
3 values to express the "dual-stack(mad)ness" of the cluster:
SingleStack, PreferDualStack and RequireDualStack
- It pluralizes ClusterIP to ClusterIPs.

The goal is to add coverage to the services API operations,
taking into account the 6 different modes a cluster can have:

- single stack: IP4 or IPv6 (as of today)
- dual stack: IPv4 only, IPv6 only, IPv4 - IPv6, IPv6 - IPv4

* [FIX] add integration tests for dualstack

* generated data

* generated files

Co-authored-by: Antonio Ojea <aojea@redhat.com>
2020-10-26 13:15:59 -07:00
Andrew Sy Kim
a0aebf96ec apiserver: support egress selection name 'controlplane' and deprecate 'master'
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-10-26 10:24:16 -04:00
Masashi Honma
b7630e4168 test: Add service cluster IP range unit test
This PR adds trailing unit tests to check the service cluster IP range and
improves the code coverage of k8s.io/kubernetes/cmd/kube-apiserver/app from
5.7% to 6.2%.

1) Dual stack IPv4/IPv6
2) Invalid IPv4, IPv6 mask
3) missing IPv4, IPv6 mask
4) invalid IP address format

The tests 2, 3, 4 are suggsted by Antonio Ojea.
2020-10-22 11:42:21 +09:00
Patrik Cyvoct
2e430ba622
Allow configuration of etcd healthcheck timeout
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
2020-10-07 19:13:19 +02:00
Daniel Smith
13b6a929bc It's an 'Instance' of apiserver 2020-09-24 16:14:29 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Chao Xu
86dd4ce3b5 Let kube-apiserver host the storage version API
Co-authored-by: Haowei Cai <haoweic@google.com>
2020-09-08 19:14:36 -07:00
Daniel Smith
a86afc12df update scripts 2020-09-02 10:49:40 -07:00
Daniel Smith
15e0e3e90e rename 2020-09-02 10:48:26 -07:00
Daniel Smith
75f835aa08 move port definitions to a common location 2020-09-02 10:48:25 -07:00
Jordan Liggitt
81144d6c9a Deprioritize extensions/v1beta1 in discovery 2020-08-28 10:58:32 -04:00
Nikhita Raghunath
550ad25c0f apiserver: remove inactive members from OWNERS
As a part of cleaning up inactive members (who haven't been active since
beginning of 2019) from OWNERS files, this commit removes euank and
CaoShuFeng from the list of reviewers.
2020-08-10 15:07:34 +05:30
Kubernetes Prow Robot
54e2070722
Merge pull request #93410 from nikhita/apimachinery-triage-labels
Don't apply triage/needs-information on apimachinery and instrumentation PRs
2020-07-24 19:08:16 -07:00
Nikhita Raghunath
c00dae0607 Revert "Merge pull request #93156 from logicalhan/triage-api-machinery"
This reverts commit 32438cf269, reversing
changes made to bb6a6aa391.
2020-07-24 13:01:02 +05:30
Jordan Liggitt
22c9236741 Allow integration test servers extra time to start 2020-07-23 17:46:59 -04:00
Han Kang
9129dbc98b automatically assign triage labels to api-machinery tagged PRs
Change-Id: Ifcc8a85d190d6370423af27f6e6c4c90b8472981
2020-07-16 13:13:59 -07:00
Kubernetes Prow Robot
429f968988
Merge pull request #92791 from p0lyn0mial/aggregator-dynamic-cert-reload
adds dynamic certificate reloading for kube aggregator
2020-07-10 15:42:10 -07:00
Kubernetes Prow Robot
2d327ac455
Merge pull request #91539 from andrewsykim/fix-cloud-provider-deprecation
only log cloud provider deprecation warning for in-tree components
2020-07-10 00:59:48 -07:00
Alena Varkockova
25f0ebc827 adds dynamic certificate reloading for kube aggregator
Co-authored-by: Lukasz Szaszkiewicz <lukasz.szaszkiewicz@gmail.com>
Co-authored-by: David Eads <deads@redhat.com>
2020-07-08 11:24:21 +02:00
Kubernetes Prow Robot
8ec5747fe5
Merge pull request #91501 from tahsinrahman/add-apiserver-logging-flag
Add `--logging-format` flag for kube-apiserver
2020-07-03 12:24:47 -07:00
Chelsey Chen
75612c1746 Promote new Event API to v1 2020-07-01 10:50:28 -04:00
Kubernetes Prow Robot
7151131d79
Merge pull request #73032 from liggitt/kubectl-warning
surface server-side warnings in client-go / kubectl
2020-06-12 17:09:56 -07:00
Jordan Liggitt
df6608dc99 Generated files 2020-06-11 16:04:19 -04:00
Jordan Liggitt
0d674c4edb cmd: silence warnings in kube-controller-manager/kube-apiserver, dedupe/color warnings in kubectl 2020-06-11 16:04:19 -04:00
Kubernetes Prow Robot
9ccf6f7de7
Merge pull request #91818 from wojtek-t/remove_cachesize
Remove heuristic watchcache sizes
2020-06-10 22:43:24 -07:00
wojtekt
5ceb53987b Remove heuristic watchcache sizes 2020-06-08 13:32:52 +02:00
Jordan Liggitt
e0f5cca410 Copy CSR v1beta1 to v1
* Remove prerelease tags
* Update copyright, package, imports to v1
* Remove signerName, usages, and condition status defaulting
2020-06-05 00:47:24 -04:00
Kubernetes Prow Robot
7bd4c53b27
Merge pull request #91630 from liggitt/kube-apiserver-kubelet-https
Mark --kubelet-https deprecated, unconditionally use https for apiserver->kubelet connections
2020-06-02 02:02:14 -07:00
Jordan Liggitt
2e8461a5bc Mark --kubelet-https deprecated, unconditionally use https for apiserver->kubelet connections 2020-06-01 20:54:49 -04:00
Kubernetes Prow Robot
774c9a6db6
Merge pull request #91349 from neolit123/1.19-fail-on-unrecognized-args
cmd/*: fail on unrecognized flags/arguments for component CLI
2020-05-30 00:27:53 -07:00
Kubernetes Prow Robot
d1586ea3f9
Merge pull request #91502 from deads2k/dyn-audit-removal-00
remove --feature-gates=DynamicAuditing
2020-05-29 11:56:20 -07:00
Monis Khan
fc4f91f10b cmd/*: fail on unrecognized flags/arguments for component CLI
In case a malformed flag is passed to k8s components
such as "–foo", where "–" is not an ASCII dash character,
the components currently silently ignore the flag
and treat it as a positional argument.

Make k8s components/commands exit with an error if a positional argument
that is not empty is found. Include a custom error message for all
components except kubeadm, as cobra.NoArgs is used in a lot of
places already (can be fixed in a followup).

The kubelet already handles this properly - e.g.:
'unknown command: "–foo"'

This change affects:
- cloud-controller-manager
- kube-apiserver
- kube-controller-manager
- kube-proxy
- kubeadm {alpha|config|token|version}
- kubemark

Signed-off-by: Monis Khan <mok@vmware.com>
Signed-off-by: Lubomir I. Ivanov <lubomirivanov@vmware.com>
2020-05-28 22:06:01 +03:00
Andrew Sy Kim
ed3feac74d only log cloud provider deprecation warning for in-tree components
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-28 11:55:56 -04:00
tahsinrahman
201f869c66 Add --logging-format flag for kube-apiserver 2020-05-28 11:39:04 +08:00
David Eads
e857adbdfd remove-api 2020-05-27 16:58:05 -04:00
David Eads
ed4e6f1026 remove dynamic audit 2020-05-27 15:18:53 -04:00
Johannes M. Scheuermann
bd42094d90 Update kube-apiserver flag comments 2020-05-25 15:43:56 +02:00
Jiajie Yang
ebbd455b24 Restrict service account token metrics to kube-apiserver only. 2020-05-21 15:34:57 -07:00
Kubernetes Prow Robot
7dafbe3ff3
Merge pull request #90391 from johscheuer/improve-error-message-svc-cidr
Improve the error message for the service cidr check
2020-05-18 11:05:37 -07:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:27 -04:00
Mike Danese
bd290e924f fix some fixture path calculations
Current calculations assume that -trimpath is not passed to go tool
compile, which is not the case for test binaries built with bazel. This
causes issues for integration tests right now but is generally not
correct.

The approach taken here is a bit of a hack but it works on the
assumption that if and only if trimpath is passed, we are running under
bazel. I didn't see a good spot for pkgPath(), so I just copied it
around.
2020-05-12 15:34:55 -07:00
Johannes M. Scheuermann
4c5b46d2ae Move validation in own function with tests 2020-05-08 08:52:34 +02:00
Tomas Nozicka
b22a170d46 Fix client-ca dynamic reload in apiserver 2020-04-29 16:03:09 +02:00
Johannes M. Scheuermann
889648d6e5 Improve the error message for the service cidr check 2020-04-24 07:46:31 +02:00
Kubernetes Prow Robot
15ed3b36d1
Merge pull request #90235 from cici37/addflag
Remove CCM dependency pkg/util/flag
2020-04-22 19:22:14 -07:00
Kubernetes Prow Robot
43cd2ff239
Merge pull request #89549 from happinesstaker/sa-rotate
Monitoring safe rollout of time-bound service account token.
2020-04-22 17:01:58 -07:00
Kubernetes Prow Robot
791b4bbeea
Merge pull request #85266 from serathius/refactor-show-hidden-metric
Refactor show-hidden-metric-for-version flag
2020-04-22 17:01:44 -07:00
Jiajie Yang
ae0e52d28c Monitoring safe rollout of time-bound service account token. 2020-04-22 11:59:16 -07:00
cici37
15c844031f Remove CCM dependency pkg/util/flag 2020-04-22 10:06:11 -07:00
Kubernetes Prow Robot
8b0a7dea1d
Merge pull request #90297 from deads2k/silence-usage
stop printing usage help when the server commands exit
2020-04-20 14:05:49 -07:00
David Eads
871d6dd8bb stop printing usage help when the server commands exit 2020-04-20 08:29:52 -04:00
needkane
97d6f2cfd3 (return []error{} -> return nil) and (update annotation) 2020-04-14 00:05:35 -04:00
Kubernetes Prow Robot
d58224e4bc
Merge pull request #89929 from deads2k/flag-check
add flag check to ensure that flowcontrol API is present
2020-04-08 22:13:43 -07:00
Kubernetes Prow Robot
9d74a1e3db
Merge pull request #89724 from zhouya0/add_missing_build_info_metric
Add missing kube build version info metrics
2020-04-08 20:11:44 -07:00
Marek Siarkowicz
24321b2d4e Refactor show-hidden-metric-for-version flag 2020-04-08 22:42:14 +02:00
David Eads
45c2f4534c add flag check to ensure that flowcontrol API is present 2020-04-07 15:08:50 -04:00
zhouya0
4d3d722ebc Add missing kube build info metric 2020-04-01 17:04:45 +08:00
Kubernetes Prow Robot
0804667ff1
Merge pull request #89151 from jingyih/add_metric_etcd_db_size
apiserver: add a metric exposing etcd database size
2020-03-31 12:37:00 -07:00
jingyih
922ec728de Add a metric exposing etcd database size 2020-03-31 09:02:38 -07:00
Davanum Srinivas
1d057da2f7
Move k8s.io/apiserver/pkg/util/term to k8s.io/component-base/term
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-03-19 07:18:09 -04:00
Monis Khan
df292749c9
Remove support for basic authentication
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
2020-03-11 20:55:47 -04:00
Kubernetes Prow Robot
268d0a1d3a
Merge pull request #85870 from Jefftree/authn-netproxy
Use Network Proxy with Authentication & Authorizer Webhooks
2020-02-28 18:44:39 -08:00
Jefftree
1b38199ea8 pass Dialer instead of egressselector to webhooks 2020-02-27 17:47:23 -08:00
Jefftree
d318e52ffe authentication webhook via network proxy 2020-02-27 17:47:23 -08:00
Jonathan Tomer
711c1e1720 Rename --enable-inflight-quota-handler to --enable-priority-and-fairness.
The old flag name doesn't make sense with the renamed API Priority and
Fairness feature, and it's still safe to change the flag since it hasn't done
anything useful in a released k8s version yet.
2020-02-27 14:04:37 -08:00
Kubernetes Prow Robot
79b674d827
Merge pull request #84381 from Sh4d1/egress_selector_proxy_v2
Use network proxy for proxy subresources
2020-02-20 04:29:03 -08:00
Kubernetes Prow Robot
77e8c75f32
Merge pull request #87754 from MikeSpreitzer/apf-filter5
Add twice refactored filter and config consumer for API Priority and Fairness
2020-02-13 16:54:46 -08:00
Patrik Cyvoct
6729bfd648
use network proxy for proxy subresources
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
2020-02-13 14:42:34 +01:00
Charles Eckman
5a176ac772 Provide OIDC discovery endpoints
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>
2020-02-11 16:23:31 -08:00
Mike Spreitzer
73614ddd4e Added API Priority and Fairness filter and config consumer 2020-02-10 22:54:40 -05:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
Ted Yu
34f0767137 Add flowcontrol to apiVersionPriorities 2020-01-19 14:16:46 -08:00
Jefftree
1289bdaba4 network proxy with admission wh 2020-01-08 15:01:38 -08:00
Jordan Liggitt
3df9e86a4e Remove ability to re-enable serving deprecated APIs 2019-12-13 12:21:33 -05:00
darshanime
f4d1674827 Refactor parsing logic for service IP and ranges, add tests
Signed-off-by: darshanime <deathbullet@gmail.com>
2019-12-05 15:35:20 -05:00
darshanime
fdd25ec968 Fix bug in apiserver service cluster cidr split
Signed-off-by: darshanime <deathbullet@gmail.com>
2019-12-05 15:35:20 -05:00
yue9944882
81471c36b1 [generated] bazels and vendor/modules.txt
[generated] bazels

bazel
2019-12-04 00:49:28 +08:00
yue9944882
168f8f54f0 switch to v1 crd
switch api helper functions to v1 CRD api

switch v1 CRD for apiserver internal

switch to v1 CRD for internal controllers

api storage/validation related changes

move local-defaulting utils private to prevent spreading

boilerplate

keep the subresource status/scale spec nil unless it's enabled

clean up empty space
2019-12-04 00:49:26 +08:00
David Eads
3c1dc89d98 fix kube-apiserver poststarthook additions to avoid duplicating them 2019-11-26 14:05:06 -05:00
Jordan Liggitt
a5760dee81 Add support for --runtime-config=api/beta=false, --feature-gates=AllBeta=false
Allow disabling all beta features and APIs
2019-11-14 14:37:55 -05:00
Kubernetes Prow Robot
64f4be5b32
Merge pull request #84390 from robscott/endpointslice-beta
Promoting EndpointSlices to beta
2019-11-13 17:27:50 -08:00
Kubernetes Prow Robot
02af1dd62c
Merge pull request #85004 from deads2k/dynamic-agg-cert
dynamic reload cluster authentication info for aggregated API servers
2019-11-13 14:50:54 -08:00
Rob Scott
a7e589a8c6
Promoting EndpointSlices to beta 2019-11-13 14:20:19 -08:00
David Eads
3fbfe60ed2 make client authentication optional for test kube-apiserver 2019-11-13 10:25:28 -05:00
David Eads
3aede35b3b dynamic reload cluster authentication info for aggregated API servers 2019-11-13 07:54:27 -05:00
RainbowMango
b2fbdee9bb Deal with auto-generated files.
- Update bazel by hack/update-bazel.sh
2019-11-13 10:32:53 +08:00
RainbowMango
ac0562b00c Add metrics flag to show hidden metrics to kube-apiserver 2019-11-13 10:32:52 +08:00
Kubernetes Prow Robot
94efa988f4
Merge pull request #84813 from deads2k/admission-feature-gates
remove global variable dependency from admission plugins
2019-11-12 10:23:14 -08:00
Jordan Liggitt
7349a824df generated 2019-11-11 17:19:12 -05:00
Jordan Liggitt
d54a70db5c Switch kubelet/aggregated API servers to use v1 subjectaccessreviews 2019-11-11 17:19:11 -05:00
Jordan Liggitt
5ef4fe959a Switch kubelet/aggregated API servers to use v1 tokenreviews 2019-11-11 17:19:10 -05:00
David Eads
675c2fb924 add featuregate inspection as admission plugin initializer 2019-11-08 13:07:40 -05:00
David Eads
be8af0de1b remove exist client hooks 2019-11-06 10:17:19 -05:00
David Eads
7351c86860 publish cluster authentication trust via controller 2019-11-06 10:17:19 -05:00
Igor Zibarev
03dfa1a641 Fix golint issues in pkg/kubeapiserver 2019-11-05 22:25:32 +03:00
Wenjia Zhang
9ead9373f3 Resolve uncompatibility from update: etcd CAFile -> TrustedCAFIle 2019-10-24 14:09:24 -07:00
Kubernetes Prow Robot
46a29a0cc3
Merge pull request #71674 from grayluck/firewall-event-msg
Change XPN firewall change msg. Should be required by security admin
2019-10-14 21:09:51 -07:00
Kubernetes Prow Robot
7ac65858bb
Merge pull request #82371 from deads2k/cert-reload-delegated
add ability to authenticators for dynamic update of certs for delegated authn
2019-10-04 08:50:04 -07:00
Kubernetes Prow Robot
5fbda60c14
Merge pull request #82077 from deads2k/poststart
add ability to pre-configure poststarthooks for apiservers
2019-10-03 08:16:10 -07:00
Jordan Liggitt
8ef4566cef Limit YAML/JSON decode size 2019-10-02 21:52:19 -04:00
David Eads
51195dd860 add ability to authenticators for dynamic update of certs 2019-10-01 09:50:20 -04:00
David Eads
f14f4c933e add ability to pre-configure poststarthooks for apiservers 2019-10-01 09:08:18 -04:00
yankaiz
bd03c3a096 Change XPN firewall change message, should be required by security admin.
Add l7lbSrcRngsFlag to gce_loadbalancer.go so that ingress can have
fewer source ranges for l7 health checks.
2019-09-30 11:19:42 -07:00
Kubernetes Prow Robot
478c26c0dc
Merge pull request #82033 from logicalhan/reviewers
add logicalhan to reviewers for api-machinery directories
2019-09-26 16:55:37 -07:00
Kubernetes Prow Robot
67d928acdc
Merge pull request #82096 from logicalhan/version-deletion
remove pkg/version and some of redundant copies of it
2019-09-17 14:27:16 -07:00
Kubernetes Prow Robot
3a19f1e80b
Merge pull request #82472 from draveness/feature/remove-feature-gates-in-1-17
feat: cleanup several GA feature flags which should be removed in 1.17
2019-09-17 06:58:24 -07:00
Han Kang
866ea74326 remove pkg/version and some of redundant copies of it
Change-Id: Ia58367c1b1274bfb49c8a4784051463abaf795de
2019-09-16 16:24:35 -07:00
Kubernetes Prow Robot
7ec4f4b4a6
Merge pull request #82391 from jiachengxu/apiserver-typo
Fix a typo in cmd/kube-apiserver.
2019-09-11 15:27:23 -07:00
Kubernetes Prow Robot
1d016cc1d3
Merge pull request #81668 from darshanime/remove_default_service_cidr
Deprecate default service IP CIDR
2019-09-10 14:31:45 -07:00
draveness
14dc59ee54 feat: remove EnableAggregatedDiscoveryTimeout feature gate 2019-09-09 09:55:54 +08:00
Jiacheng Xu
637badc1f0
fix a typo in cmd/kube-apiserver. 2019-09-05 23:00:36 +02:00
Kubernetes Prow Robot
c86da8e2c1
Merge pull request #82048 from cheftako/kas-np4
Add support for konnectivity service to the etcd3 client.
2019-08-30 16:15:28 -07:00
Walter Fender
edbb0fa2fe Add support for konnectivity service to the etcd3 client.
If konnectivity service is enabled, the etcd client will now use it.
This did require moving a few methods to break circular dependencies.

Factored in feedback from lavalamp and wenjiaswe.
2019-08-30 10:31:53 -07:00
David Eads
5521bf27c5 add temporary feature gate to allow disabling aggregated discovery timeout 2019-08-30 08:30:08 -04:00
darshanime
aef96c34a9 Remove default service cidr
Signed-off-by: darshanime <deathbullet@gmail.com>
2019-08-30 11:14:25 +05:30
Kubernetes Prow Robot
7acb066dbc
Merge pull request #81969 from logicalhan/livez
add `/livez` endpoint for liveness probing on the kube-apiserver
2019-08-29 19:56:31 -07:00
Han Kang
aa1b2d6d35 add /livez as a liveness endpoint for kube-apiserver
go fmt

make func private

refactor config_test

Two primary refactorings:

1. config test checkPath method is now each a distinct test
run (which makes it easier to see what is actually failing)

2. TestNewWithDelegate's root path check now parses the json output and
does a comparison against a list of expected paths (no more whitespace
and ordering issues when updating this test, yay).

go fmt

modify and simplify existing integration test for readyz/livez

simplify integration test

set default rbac policy rules for livez

rename a few functions and the entrypoint command line argument (and etcetera)

simplify interface for installing readyz and livez and make auto-register completion a bootstrapped check

untangle some of the nested functions, restructure the code
2019-08-29 14:13:19 -07:00
Kubernetes Prow Robot
550fb1bfc3
Merge pull request #79386 from khenidak/phase2-dualstack
Phase 2 dualstack
2019-08-28 20:39:56 -07:00
Kubernetes Prow Robot
6c9f26ca3a
Merge pull request #80766 from robscott/discovery-api
Adding Discovery API for EndpointSlice
2019-08-28 14:44:09 -07:00
Khaled Henidak(Kal)
c27e0b029d phase 2: generated items 2019-08-28 16:11:46 +00:00
Khaled Henidak(Kal)
93c06821e6 Phase 2: service and endpoint processing 2019-08-28 15:59:43 +00:00
Han Kang
6eee64c308 add stability level to aggregator metrics and drop blank line in cmd file 2019-08-27 12:45:01 -07:00
Han Kang
466980dd74 migrate kube-apiserver metrics to stability framework 2019-08-27 12:45:01 -07:00
Han Kang
b6831039b7 add logicalhan to reviewers for api-machinery directories 2019-08-27 10:40:29 -07:00
Rob Scott
f80cee9280
Adding discovery/v1alpha1 API for EndpointSlices 2019-08-26 14:50:00 -07:00
Benjamin Elder
5a3301a59d s/nolegacyproviders/providerless/ 2019-08-22 15:30:56 -07:00
Benjamin Elder
ece112524b hack/update-bazel.sh 2019-08-22 14:53:35 -07:00
Benjamin Elder
101de4a677 make it possible to start kube-api-server and kube-controller-manager without legacy cloud provider flags 2019-08-22 14:53:35 -07:00
Kubernetes Prow Robot
8dea3310e5
Merge pull request #81376 from logicalhan/health-checks
rename healthz methodNames to be more consistent w/ present day usages
2019-08-22 03:48:32 -07:00
Jordan Liggitt
aa05715c0e generated 2019-08-16 13:13:40 -04:00
Jordan Liggitt
6278447bde CRD v1: install/register types 2019-08-15 12:26:13 -04:00
Han Kang
2e23788fda rename healthz methodNames to be more consistent w/ present day usages 2019-08-13 12:52:30 -07:00
Kubernetes Prow Robot
9690201481
Merge pull request #81094 from andrewsykim/deprecate-cloud-provider-gce-lb-src-cidrs
also deprecate --cloud-provider-gce-lb-src-cidrs flag in kube-apiserver
2019-08-08 07:59:58 -07:00
Kubernetes Prow Robot
4c315aa8d9
Merge pull request #78543 from cheftako/kas-np3
Get network-proxy working with GCE.
2019-08-07 14:44:44 -07:00
Andrew Sy Kim
651633cb70 also deprecate --cloud-provider-gce-lb-src-cidrs flag from kube-apiserver
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
2019-08-07 14:48:40 -04:00
Walter Fender
ebb65c5f4c Get network-proxy working with GCE.
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.

Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.

Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.

Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.

Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.

Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.

Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
2019-08-06 23:09:49 -07:00
Kubernetes Prow Robot
663796e624
Merge pull request #78345 from obitech/fix_golint_pkg_kubelet_stats_client
Fix golint pkg/kubelet/stats/client.go
2019-08-06 13:14:49 -07:00
Clayton Coleman
33521b41d4
Disable gzip compression in core control plane components
On local networks (such as the typical connection path between
control plane components) gzip compression increases CPU use and
end to end p99 latency rather than decreasing it. Disable compression
within the control plane components like a 1.15 cluster would be
configured.
2019-08-02 16:18:15 -04:00
yue9944882
3b1624f0cc remove kube-aggregator/pkg/client/*
use v1 api

[DO NOT REVIEW] bazel changes

code-gen script changes

update hack/update-vendor

remove useless interface type cast
2019-07-16 23:11:15 +08:00
Kubernetes Prow Robot
b45bfef437
Merge pull request #78473 from xichengliudui/deleteTODO
delete TODO: remove when we stop supporting the legacy group version
2019-07-09 06:34:03 -07:00
Dr. Stefan Schimanski
f82bc712de aggregator: wire OpenAPI correctly into PrepareRun flow 2019-07-08 13:59:00 +02:00
Dr. Stefan Schimanski
7c4329ed45 apiserver: chain delegated PrepareRun 2019-07-08 12:20:20 +02:00
Mike Danese
bc59028b09 Create a service account Getter when TokenRequest is enabled
Fixes a nil panic when --service-account-lookup=false and TokenRequest
is enabled.
2019-07-02 16:56:31 -07:00
Kubernetes Prow Robot
dd8a000a77
Merge pull request #79493 from odinuge/kube-cmd-double-print
Remove duplicate error messages from cli commands
2019-06-28 13:57:41 -07:00
Odin Ugedal
7caf51daa4
Remove duplicate error messages from cli commands
Since we never use the cobras "SilenceErrors" or "SilenceUsage",
a command executed with "cmd.Execute()" will never return an error
without printing it.

The current behavior results in all error messages being printed twice:

Example:

$ kubectl abc
Error: unknown command "abc" for "kubectl"
Run 'kubectl --help' for usage.
unknown command "abc" for "kubectl"

This applies to all cli commands using Cobra. To verify, follow the code
path of the Execute function:

https://github.com/spf13/cobra/blob/c439c4fa0937/command.go#L793
Signed-off-by: Odin Ugedal <odin@ugedal.com>
2019-06-27 21:55:14 +02:00
Han Kang
54dcf5c9c4 add readyz endpoint for kube-apiserver readiness checks
add startup sequence duration and readyz endpoint

add rbac bootstrapping policy for readyz

add integration test around grace period and readyz

rename startup sequence duration flag

copy health checks to fields

rename health-check installed boolean, refactor clock injection logic

cleanup clock injection code

remove todo about poststarthook url registration from healthz
2019-06-17 11:16:13 -07:00
Kubernetes Prow Robot
042b0d7e60
Merge pull request #77540 from SataQiu/fix-apiserver-20190507
Mark deprecated kubelet-read-only-port
2019-06-14 00:28:21 -07:00
Clayton Coleman
26a6cdda86
Set integration tests to use distinct namespaces
TestWatchBasedManager was racing with the default namespace creation.
To fix that flake and to ensure integration tests using a shared etcd
don't accidentally overlap in the future, move the three main tests
using the default namespace to separate namespaces, and have
TestWatchBasedManager create that namespace before it runs.

Make StartTestServer wait for default namespace creation, which will
reduce other flakes until future changes completely remove use of default
namespace.

From a failed integration run:

	watch_manager_test.go:66: namespaces "default" not found
	watch_manager_test.go:66: namespaces "default" not found
	watch_manager_test.go:66: namespaces "default" not found
2019-05-30 19:11:50 -04:00
Kubernetes Prow Robot
6e78282a82
Merge pull request #77611 from rohitsardesai83/deprecate-logs-handler-apiserver
Fix 77515 Deprecate the option to enable the log handler for apiserver
2019-05-29 05:32:47 -07:00
aaa
a55b9301da delete TODO: remove when we stop supporting the legacy group version 2019-05-29 06:04:16 -04:00
Rohit Sardesai
a50273f9d4 Fix 77515 Deprecate the option to enable the log handler for apiserver 2019-05-28 15:20:40 +05:30
obitech
2426ff8ae0 Change to EnableHTTPS in kube-apiserver options 2019-05-27 22:03:21 +02:00
Kubernetes Prow Robot
c6338cbb58
Merge pull request #76720 from xichengliudui/constant-block
Using const() defines constants together
2019-05-22 15:14:25 -07:00
Jordan Liggitt
0b88095a17 Switch admission webhook test to work with shared etcd 2019-05-17 09:54:14 -07:00
Stephen Chan
7cbe2d6c5f move signal handling for hyperkube apiserver and kubelet commands out of hyperkube main command 2019-05-09 21:27:44 -07:00
SataQiu
5724d14d54 mark deprecated kubelet-read-only-port 2019-05-07 19:03:12 +08:00
Jordan Liggitt
90cd672ab6 Enable paging by default in etcd options, by feature flag in sample-apiserver 2019-04-30 17:49:34 -04:00
aaa
5cb91e5ae3 Using const() defines constants together
Signed-off-by: aaa <1693291525@qq.com>

update pull request
Signed-off-by: xichengliudui <1693291525@qq.com>

update pull request
Signed-off-by: xichengliudui <1693291525@qq.com>

update pull request
Signed-off-by: xichengliudui <1693291525@qq.com>

update pull request
Signed-off-by: xichengliudui <1693291525@qq.com>

update pull request
Signed-off-by: xichengliudui <1693291525@qq.com>

update pull request
Signed-off-by: aaa <1693291525@qq.com>

update pull request reset marshal.go
2019-04-27 11:07:01 -04:00
Han Kang
f7c23b1c1d cleanup of reflector metric code (finish removing unused code) 2019-03-25 15:12:09 -07:00
Chao Xu
887cb93d8d generated BUILD
generated proto
2019-03-11 10:26:56 -07:00
Chao Xu
3b618af0d4 Expose storage version hash 2019-03-11 10:26:56 -07:00
Tim Allclair
820a1dc96b Add node.k8s.io/v1beta1 API 2019-03-07 11:57:12 -08:00
Tim Allclair
63f61a6714 Migrate RuntimeClass to internal API 2019-03-07 11:07:54 -08:00
Dr. Stefan Schimanski
3b504c10c2 openapi: remove postprocessing for old paths, deprecated in 1.9 2019-02-26 14:17:44 +01:00
Kubernetes Prow Robot
b5566c7818
Merge pull request #71896 from awly/client-go-keyutil
client-go: extract new keyutil package from util/cert
2019-02-23 01:43:16 -08:00
Kubernetes Prow Robot
3afa003126
Merge pull request #73555 from bsalamat/priority_to_ga
Graduate PriorityClass API to GA
2019-02-22 16:14:49 -08:00
Bobby (Babak) Salamat
453498fe2c Graduate PriorityClass to GA 2019-02-22 10:51:13 -08:00