DamianSawicki
DamianSawicki
Add a benchmark for addition of k8s services and endpoints, reflecting them to StateDB tables, and reconciliation to BPF maps. --- Please ensure your pull request adheres to the following...
**This is a draft** and contains some `TODO` comments in the code to be discussed. ----- This adds support for the Maglev load-balancing algorithm to the experimental StateDB load balancing....
`pull-kubernetes-dns-test` fails at HEAD ([verified](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/dns/645/pull-kubernetes-dns-test/1842956917769506816) for the no-op PR https://github.com/kubernetes/dns/pull/645) as below: ``` ... 2024/10/06 16:17:58 test | 2024/10/06 16:17:53 sidecar started 2024/10/06 16:17:58 test | 2024/10/06 16:17:53 running `dig`...
This adds a feature flag `--logInterval` for periodic triggering dnsmasq to log its statistics by sending `SIGUSR1` to it. The new motivation for adding this feature comes from dnsmasq changes...
Tests fail in the same manner for both https://github.com/kubernetes/dns/pull/638 (which is a dependencies bump) and https://github.com/kubernetes/dns/pull/644. I'm creating this empty PR to check if it's not an issue with the...
Since last week, we've merged 4 PRs bumping various dependencies, and yet new vulnerabilities keep popping up. And in the last 3 months, we've merged 8 PRs bumping dependencies. Theoretically,...
Follow-up to https://github.com/kubernetes/dns/issues/691. Golang imports play nice with dependabot, but kubernetes/dns also requires keeping [base](https://github.com/kubernetes/dns/pull/685/files) [images](https://github.com/kubernetes/dns/pull/688/files) up to date. It would be good to update and expand the relevant section...
[GEP-1767](https://gateway-api.sigs.k8s.io/geps/gep-1767/) cites https://fetch.spec.whatwg.org/#cors-safelisted-method saying that CORS-safelisted methods are `GET`, `HEAD`, and `POST` (this is consistent with the Mozilla [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Methods)). According to the GEP, these "are always allowed, regardless of whether...
GEP-1767 confuses HTTPCORSFilter.AllowCredentials being set with HTTP request containing credentials
There are multiple places [[1](https://github.com/kubernetes-sigs/gateway-api/blob/1a9fdd310de40f83c5ad58c1215d1c6c2c6832cb/geps/gep-1767/index.md?plain=1#L224-L241)], [[2](https://github.com/kubernetes-sigs/gateway-api/blob/1a9fdd310de40f83c5ad58c1215d1c6c2c6832cb/geps/gep-1767/index.md?plain=1#L319-L340)], [[3](https://github.com/kubernetes-sigs/gateway-api/blob/1a9fdd310de40f83c5ad58c1215d1c6c2c6832cb/geps/gep-1767/index.md?plain=1#L387-L408)], [[4](https://github.com/kubernetes-sigs/gateway-api/blob/1a9fdd310de40f83c5ad58c1215d1c6c2c6832cb/geps/gep-1767/index.md?plain=1#L457-L459)] in GEP-1767 saying that a certain response header cannot contain the wildcard (`*`) if the Gateway API `HTTPCORSFilter.AllowCredentials` field is set, e.g.:...
This is a fix of https://github.com/kubernetes-sigs/gateway-api/issues/3861 in GEP-1767. It specifies that wildcards are not allowed in CORS response headers (`Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, `Access-Control-Allow-Headers`, and `Access-Control-Expose-Headers`) when the request is credentialed (rather...