kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,368 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

444 Commits

Author SHA1 Message Date
Dr. Stefan Schimanski a549f2934f kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 
Kubernetes-commit: d787213d1b8802d370032d17157ac1de7573ad15
 2018-08-06 16:31:23 +02:00
Dr. Stefan Schimanski 3698d7a898 apiserver: move controller-manager's insecure config into apiserver 
Kubernetes-commit: 1d9a896066b3e10e8c1a0d506e00bc354b7772f0
 2018-08-16 20:47:15 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
xuzhonghu e767cd8dbf kube-apiserver make use of GlogSetter 
Kubernetes-commit: 38d48e8d025a9cceccfc8a80d72f751b8bb65dab
 2018-06-05 10:32:46 +08:00
fqsghostcloud 0fc525d3c8 fix typo 
fix typo

Kubernetes-commit: 18f1ad7dc5392cb4537fa33bd73cdb8dc2c1e523
 2018-08-13 17:36:15 +08:00
Chao Wang b0b043eda2 list the default enabled admission plugins 
Kubernetes-commit: ee96a5638d21f0da111b1106a82976cc59bbbf67
 2018-08-06 17:25:24 +08:00
Tripathi 4e7be504bf Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA 
This commit prevents extension API server from erroring out during bootstrap when the core
API server doesn't support certificate based authentication for it's clients i.e. client-ca isn't
present in extension-apiserver-authentication ConfigMap in kube-system.

This can happen in cluster setups where core API server uses Webhook token authentication.

Fixes: https://github.com/kubernetes/kubernetes/issues/65724

Kubernetes-commit: db828a44406efe09e2db91e6dc88d1292c9a29e1
 2018-07-18 15:07:09 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
hongjian.sun 300db50c66 fix apiserver pprof redirect bug 
Kubernetes-commit: 981f2397815248e12663b01d6cc6d6d963012c95
 2018-08-06 19:35:01 +08:00
Solly Ross 42da2694e6 Autoset OpenAPI version w/o SecurityDefinitions 
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present.  This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.

Kubernetes-commit: ef73bb684bcc4402f66160f254193d2690b80f11
 2018-07-19 17:32:40 -04:00
Mikhail Mazurskiy 0ba502e8f9 Handle errors 
Kubernetes-commit: 5cab7f9a57dbbd6e2a181018aae523235843f77d
 2018-07-17 20:29:55 +10:00
Dr. Stefan Schimanski 4c6f8fdc17 apiserver: make loopback logic in SecureServingOptions reusable 
Kubernetes-commit: dc0a736d1ea924dfa35ece64cb59d551c2a0b51f
 2018-07-04 17:08:23 +02:00
Dr. Stefan Schimanski 55957fdc66 apiserver: add SecureServingOptions.ExternalAddress 
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.

Kubernetes-commit: c1c564fd4d21dd68ea14d7ea678d8619f47fe445
 2018-07-06 12:32:01 +02:00
Dr. Stefan Schimanski fa6b67b429 apiserver: use fixtures for self-signed certs in test server 
Kubernetes-commit: 7deccb5b7a7c5224d3d90e1391dd22b2d1f1b9b9
 2018-07-06 12:04:38 +02:00
Clayton Coleman 9cfed8df8c Convert TestServerRunWithSNI to subtests to isolate flake 
This test is flaking - make it easier to pin down where and why by
converting to subtests and making cleanup logic easier. Also turn an
ignored listen error into a "fatal".

Make the test run in parallel to speed up individual runs and hopefully
flush out issues.

Kubernetes-commit: 09463975c379114ef9cd42d3c7efb6254b2c3b33
 2018-07-09 21:32:15 -04:00
Dr. Stefan Schimanski 9fb7dcda85 kube-apiserver: fix tests which don't use tls yet 
Kubernetes-commit: 6bb3aba23dfbfd8b145a33e9d1a461658bd60fc0
 2018-07-06 19:20:45 +02:00
Dr. Stefan Schimanski ad29bd83ae kube-apiserver: disallow --secure-port 0 
Kubernetes-commit: e15ac9eb72c4e105e7a3d84711e5a6056c0f6a48
 2018-07-06 12:58:59 +02:00
Dr. Stefan Schimanski 25a00cd3c1 apiserver: get rid of ReadWritePort in config 
Kubernetes-commit: e32f380fa5df4361894570787814d0459baada93
 2018-07-04 17:01:49 +02:00
Dr. Stefan Schimanski a2bfc0e5f0 apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration bootstrapping 
In analogy to kube-apiserver.

Kubernetes-commit: 42f1e81488d8599c6874e467fe39b91a23654886
 2018-06-13 15:53:41 +02:00
Dr. Stefan Schimanski 5746122767 apiserver: don't create self-signed certs with disabled secure serving 
Kubernetes-commit: 798535164ae11a7e3c036ed7793aa884942edc88
 2018-07-04 19:09:26 +02:00
xuzhonghu ea67b81061 use request.UserAgent() 
Kubernetes-commit: 82003bd9acfd15011a205d938f622d9a9efcaf31
 2018-07-03 16:56:15 +08:00
Jordan Liggitt 6c34ac4aa5 Add healthz check to ensure logging is not blocked 
Kubernetes-commit: b7b4b84afe4405cde976ceeeccb62acecac1c4f0
 2018-06-09 17:32:14 -04:00
jennybuckley 900791d3ac Add additional authorization check for create-on-update 
Kubernetes-commit: cc5c17e554a4d8f802043b337ca0787ec0ce7475
 2018-07-03 11:20:16 -07:00
xuzhonghu 47a9a6d77a fix go import 
Kubernetes-commit: 57393ec932398b6f53c6593421bfe0b12d445518
 2018-06-01 14:05:44 +08:00
Cao Shufeng 8fe5561ce7 [trivial] fix option help message. 
s/andif/and if/

Kubernetes-commit: 42b93ab7244765dd744257a793b0b9c138146bb3
 2018-06-13 09:07:34 +08:00
Mikhail Mazurskiy 0f7bbcadfb Add missing error handling in schema-related code 
Kubernetes-commit: bfe313d5f351dfae086a85a97e7103183173e5b5
 2018-06-03 14:59:58 +10:00
Zhonghu Xu 42319038f6 simplify httplog.LogOf 
Kubernetes-commit: 1c5a0218ed6c1b283eb6d99d54a865d2ec99ec4b
 2018-07-02 11:47:42 +08:00
David Eads a8cd668cfc legacy api endpoints only support v1 ever 
Kubernetes-commit: b063e9f85ee28233241ae4f9071a62ac6c9b499c
 2018-06-22 08:58:32 -04:00
Tim Allclair 554c4f1986 Fix MaxAge default audit log option 
Kubernetes-commit: 3dae49c6977526aba09dc070639ebc789b458411
 2018-06-18 14:36:50 -07:00
Dr. Stefan Schimanski 65f0646df4 apiserver: add context to authn/authz kubeconfig errors 
Kubernetes-commit: 99eda24de01c8b1b84b54cb763b540de35084ade
 2018-06-14 15:30:25 +02:00
Jordan Liggitt 8d6d8aa36e Use actual etcd client for /healthz/etcd checks 
Kubernetes-commit: b39cd00982c1696d8ae8afc99931919894044ee2
 2018-06-12 14:33:48 -04:00
Jacob Tanenbaum b29c7b3192 Improve unit tests for InstallPathHandler 
When adding InstallPathHandler it was suggested to follow-up with an improvement to the unit tests.

Kubernetes-commit: 1a0eb8c7b6fc0e07e8823d635db9b70f128dee4f
 2018-05-21 11:09:13 -04:00
Jacob Tanenbaum de5159703b Modify LoopbackHostPort() so it returns an IPv6 Loopback address when given [::] address 
Currently when LoopbackHostPort() is called with 0.0.0.0 and [::] it returns the first loopback
address returned from net.InterfaceAddrs() which is typically 127.0.0.1 (golang does not
specify an order that interfaces are returned). It would be more appropriate if when calling
LoopbackHostPort() with [::] that an IPv6 loopback address is returned, this prevents some cert.
generation failures.

Kubernetes-commit: 14a03dd646e992c06a3fdfb9bd60f58ef542066e
 2018-05-22 11:03:47 -04:00
xuzhonghu f0fd6a74c2 Support dynamicly set logging verbosity 
Kubernetes-commit: 73a22b2e611647de04aa8d7fe910fd4657e6a9d8
 2018-05-14 16:19:38 +08:00
liz fd93a41263 Remove some unnecessarily gendered pronouns in comments 
Kubernetes-commit: ffeca161018fd6218532786876070a5fcfe96542
 2018-05-25 17:48:17 -04:00
Victor Garcia 37be5e4c9f Possible cipher suites values and tls versions in help for apiserver and kubelet 
Kubernetes-commit: 3dfa22e3fd8c650789176b9f4a8e46ab43ef5ebf
 2018-01-24 22:51:27 -05:00
jennybuckley f87486fed9 Expose openapi schema to handlers 
Kubernetes-commit: dee088586a76b876c473418efba8190be7fa6b26
 2018-05-24 09:55:19 -07:00
Jordan Liggitt 4645ab9a4c Correctly identify types served in the kube-apiserver openapi doc 
Kubernetes-commit: 43551e82081a1fa364879bd49e67095a3fc0926b
 2018-05-22 19:29:00 -04:00
mbohlool ee6252d015 Fix cyclic dependency of apiserver test for OpenAPI test 
Kubernetes-commit: e979b1698779b49002c3cffca70b05059773603d
 2018-02-06 04:10:18 -08:00
Jacob Tanenbaum 6a0cc50341 Add InstallPathHandler which allows for more then one path to be associated with health checking. 
Currently it is only possible to have one group of checks which must all pass for the handler to report success.
Allowing multiple paths for these checks allows use of the same machinery for other kinds of checks, i.e. readiness.

Kubernetes-commit: 2082a0f42851c47620ce31f257dcb5536abae014
 2018-05-10 16:21:39 -04:00
hangaoshuai f38497678f add checks validation MinRequestTimeout of ServerRunOptions 
Kubernetes-commit: ba20be9911091f16bb3987815172b3a348754fc2
 2018-04-26 16:02:31 +08:00
Jeff Chan ba35c04ba6 sync: squashed up to merge f8386d5b0f6d1bf69f67b01c0854b4171bca0318 in e59ae29fbc8158503538faa3f6c7f07711a412e8 2018-05-11 14:52:34 +00:00
fisherxu f9c5e9f3a1 should return error when has no RequestInfo 
Kubernetes-commit: 483ce1b1f3caf16cfda20f16bf65742fc43cff79
 2018-05-08 21:44:17 +08:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
tamal b534ae405b Don't panic is admission options is nil 
Kubernetes-commit: bc04c091c3ca0320a6fa83ef35f891d21423afbb
 2018-05-05 11:59:28 -07:00
David Eads b7f90743d0 remove rootscopedkinds from groupmeta 
Kubernetes-commit: 8ae62517da5eff6d6bad21badfd39ee88463ad42
 2018-04-30 13:27:01 -04:00
David Eads 00386b3bb0 remove incorrect static restmapper 
Kubernetes-commit: ef0d1ab81927214db80c30d5af491f67546d790b
 2018-04-26 11:55:50 -04:00
David Eads d250da9d7f remove self linker from group info 
Kubernetes-commit: 22410d4b4c0478033d5f33d68303a60866e98ce1
 2018-04-26 11:31:04 -04:00
David Eads 0d65d340ea remove versioning interface 
Kubernetes-commit: e2fc5cf259463f896213afdef15d58ef9a91eb35
 2018-04-25 10:55:17 -04:00
David Eads 14e43f49d6 rest mappings cannot logically be object converters 
Kubernetes-commit: 6900f8856f8cd9a6c94a156b9e4a9fee0c16f807
 2018-04-24 18:31:41 -04:00
David Eads 3fa442d40a stop duplicating preferred version order 
Kubernetes-commit: a89291a5dec0b63809b875e912b1563d50f86dba
 2018-04-26 09:38:43 -04:00
David Eads bf8532c54e remove KUBE_API_VERSIONS 
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
 2018-04-25 16:07:15 -04:00
Martin Vladev 3c79460222 Register Prometheus etcdmetrics only for apiserver 
Removed automatic registration with `init` funciton and use `Register` function
to register metrics for etcd storage only when requested.

Kubernetes-commit: 40cf7880135b56e2d88a04d5fce08303b249eb34
 2018-04-20 17:19:13 +03:00
David Eads b26d126ba9 core v1 API requires autoscaling/v1 to serve the Scale endpoint 
Kubernetes-commit: 1a753659cfc973e900620bf1443178b6cdda27e0
 2018-04-24 10:16:59 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration 
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
 2018-04-24 08:21:23 -04:00
Mike Danese cd0258b4d7 replace request.Context with context.Context 
Kubernetes-commit: 54fd2aaefd11e12a3ecb6d1a1326f04cdc8ea1a3
 2018-04-24 08:10:34 -07:00
David Eads 5ac4802a22 remove confusing flexibility for metadata interpretation 
Kubernetes-commit: 0710f72c65ad23e7a3726b345898ef4aaaac26fa
 2018-04-23 10:23:01 -04:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
Jordan Liggitt 25758bf0f8 Remove request context mapper 
Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e
 2018-04-18 11:12:15 -04:00
Avesh Agarwal cc0f17a725 Fix to avoid REST API calls at log level 2. 
Kubernetes-commit: 6a5c248bbb6a06a0c171f7171d3583cd006350db
 2017-02-03 12:47:03 -05:00
hzxuzhonghu 490c9a96c3 fix typo 
Kubernetes-commit: 549fb0cad39daa74c528f7f775d627f908785b61
 2018-04-04 16:03:17 +08:00
Dr. Stefan Schimanski adb35656a1 apiserver: cancel context on timeout in WithTimeoutForNonLongRunningRequests 
Kubernetes-commit: f3ba7f95585cdcce19579d757dadbf3c8a9f8e0b
 2018-03-12 17:11:11 +01:00
Dr. Stefan Schimanski 1075399c96 apiserver: enforce shared RequestContextMapper in delegation chain 
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
 2018-04-04 10:05:06 +02:00
Dr. Stefan Schimanski 28595d407b apiserver: add warning about not trusting authz of aggregator 
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
 2018-03-19 13:37:52 +01:00
David Eads 416f1ae672 update metrics to true like it is for kube-apiserver 
Kubernetes-commit: 456fd386dc6db8ba5ced338a5935de8229c14047
 2018-03-09 14:36:04 -05:00
Mik Vyatskov b2b70701e1 Make advanced audit output version configurable. 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
 2018-02-19 21:15:49 +01:00
hzxuzhonghu 240b9cf032 remove unused rls-ca-file flag 
Kubernetes-commit: 9c0803e14c0d76e2e8225db546c0d2ce0b522ab7
 2018-03-20 15:26:31 +08:00
fisherxu 716af975eb regenerated all files and remove all YEAR fields 
Kubernetes-commit: b49ef6531c11f1c834e0d7591f5c965f6193c711
 2018-01-22 20:37:53 +08:00
hzxuzhonghu 422369e23b move EtcdServersOverrides to EtcdOptions flags validate 
Kubernetes-commit: f380ac8cec8061bf6533ccecd02ec49d9a5b016f
 2018-03-05 11:32:59 +08:00
hzxuzhonghu 03f5f59a07 apiserver clean code 
Kubernetes-commit: 0feecc376cc04baa2f4979cecaabb658373d6c69
 2018-03-02 17:15:02 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Ryan Hitchman bbfe695b05 Remove unused variables (only assigned to) from test code. 
This is revealed by the go/types package, which is stricter than
the Go compiler about unused variables. See also: golang/go#8560

Kubernetes-commit: e04b91facf180c17557a44e8e462858ea2936301
 2018-02-02 13:34:57 -08:00
Haowei Cai 8080a6e06e Add new openapi endpoint in aggregator server 
Kubernetes-commit: 2eb3d046ce8b0a1b500d68d5a83fa7e575da7ca9
 2018-02-20 09:22:25 -08:00
Mike Spreitzer aa5d4f9f32 Fixes for HTTP/2 max streams per connection setting 
This PR makes two changes.  One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection.  If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).

The other change is to make the recommended options for an aggregated
api-server set this limit to 1000.  The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).

Fixes #60042

Kubernetes-commit: 201c11f147c85b029665915bee3a62eea19d6d57
 2018-02-19 14:18:07 -05:00
Marek Grabowski e36f8069aa Add a metric exposing number of objects per type 
Kubernetes-commit: f6e9ebffa2df10f7792fbea0a0fbe5ab8e388a26
 2018-02-12 15:58:57 +00:00
hzxuzhonghu 45ac728887 set default enabled admission plugins by official document 
Kubernetes-commit: 27f3fd2d79d2d669ddecdd987c8b099f1f43ce38
 2018-01-23 20:12:10 +08:00
steveperry-53 2aca9afa1d sync: squashed up to merge cc7cea74ae668cd401d99cc472569605cb640517 in b3099bcf532bc470ff7075e93025b8741da09be4 2018-02-27 01:30:07 +00:00
Wojciech Tyczynski b81f74623f Fix race in healthchecking etcds leading to crashes 
Kubernetes-commit: 38387aec0db3eda3a7debb4558a223ac92a41389
 2018-02-20 12:17:39 +01:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
Marcin Owsiany 3d1ec1c912 Improve the error message. 
Kubernetes-commit: 1ecd4bb2744ebc371e952b4d7a6b30826f60041f
 2017-12-29 09:05:14 +01:00
David Eads bf5feefec3 add an admission decorator chain 
Kubernetes-commit: 1ae856484b8a827b7ce6018ddfa103493a2cb97d
 2018-02-14 09:27:25 -05:00
Mike Danese a7b5c83c7b apiserver: fix some typos from refactor 
introduced in #59582

Kubernetes-commit: 83c1334e5110e6f492f0e375488978ebb16a62a5
 2018-02-14 17:47:42 -08:00
Dr. Stefan Schimanski 89b7bf377a Update generated files 
Kubernetes-commit: 5483ab7679dd055422131fd1c22a18eee39a775e
 2018-02-08 19:37:08 +01:00
Dr. Stefan Schimanski 0520d284e2 controller-manager: add authz/n to options, nil by default 
Kubernetes-commit: cecd663c21d139a3a5a15b43a8dda8de26180246
 2018-02-08 14:19:02 +01:00
Dr. Stefan Schimanski 338a852bbb apiserver: make SecureServingOptions and authz/n options re-usable 
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
 2018-01-31 16:17:48 +01:00
hzxuzhonghu 808a483472 pass listener in integration test to prevent port in use flake 
Kubernetes-commit: a6c43c6a5ca7cc4449684d5e68d73773be91cd41
 2018-01-29 11:58:23 +08:00
Wu Qiang 43cefec1d0 Update endpoint value in test code 
Kubernetes-commit: 31f74303fc48df5d88105c9742a103eae742f478
 2018-02-09 01:23:25 +00:00
Wu Qiang be4ee1ba37 Remove configfile for kms in encryption config 
Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d
 2018-01-26 11:53:24 +00:00
Wu Qiang a32d2bb427 Update for review comments 
Kubernetes-commit: 2e7af38d6b4c8ed9e1fb23930b98ed8d2ad68aa0
 2018-01-25 05:39:48 +00:00
Wu Qiang 580a800cad Only support unix socket for kms gRPC, also add Version method 
Kubernetes-commit: a6368bb04c1100d1dce1c6bf680056882835b395
 2017-12-18 09:29:56 +00:00
Wu Qiang e4061faec3 Fix verify error and address review comments 
Signed-off-by: Wu Qiang <qiang.q.wu@oracle.com>

Kubernetes-commit: 16b04d68b1ae180d61ea4ca06d1c8139c25a652f
 2017-11-15 11:20:12 +08:00
Wu Qiang dbe35e5c4e Update kms provider config for gRPC client service 
Kubernetes-commit: 31fb539f1735debd38e705fcb96a05ea0313c5f5
 2017-11-14 09:05:52 +00:00
hzxuzhonghu 41545372a2 fix using defer in loop in cors test 
Kubernetes-commit: b835c46c862b0074349b24a3c2a8dbd6956395f2
 2018-01-26 16:56:12 +08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
hzxuzhonghu ebf7a386f9 fix some typos in filters 
Kubernetes-commit: b9308355a64c4138ac9558f790ed0f716f44c743
 2018-01-26 16:43:22 +08:00
hzxuzhonghu 9e657b874d deprecate insecure http flags and remove already deprecated public-address-override 
Kubernetes-commit: 24c687fdad009fec01703ae0f93ab141b97c0028
 2018-01-30 16:05:33 +08:00
David Eads 531b9b5202 remove dead testing code 
Kubernetes-commit: 3e6bfcb5dbc35a9e845504043a345fd42ed5ce27
 2018-01-29 09:50:40 -05:00
David Eads 0989af6244 remove --tls-ca-file which had no effect 
Kubernetes-commit: 114711f77d1f12e10b1190db02ca17302992f5ad
 2018-01-29 10:29:14 -05:00
hzxuzhonghu db4dae8a12 refactor resource_config.go thoroughly and remove useless code in registry 
Kubernetes-commit: d0d1e1dcc473d75c5dae6d4710ac67f4f8ba44c6
 2018-01-27 15:18:25 +08:00
hzxuzhonghu 5640ff2e39 remove support enable-disable api resources 
Kubernetes-commit: 64a12258e8470405e8d628baa1d191363712763b
 2018-01-26 15:48:00 +08:00
Marek Grabowski f2c38580dc Add a metric to track usage of inflight request limit. 
Kubernetes-commit: 000d7bac29b9239a29531a526d382394d8d60353
 2018-01-16 15:48:20 +00:00
David Eads b16b687dc5 generated 
Kubernetes-commit: 4ce7bcced4cc68a833759a218f9c3be7f72fd1c0
 2018-01-19 11:55:55 -05:00
David Eads 6b198535d6 add options for min tls levels 
Kubernetes-commit: ad1680347071cb5bb66ab49c7325eb21d83e143c
 2018-01-19 11:50:47 -05:00
hzxuzhonghu 7eedbab968 run update bazel and staging-godep 
Kubernetes-commit: eff1f20ff14cc450968788974d77b472c82fface
 2018-01-20 17:21:44 +08:00
hzxuzhonghu f5af0796fc pass APIEnablement through apiserver chain 
Kubernetes-commit: 2f403b7ad18a179514f1de77e29f1a2549ef030a
 2017-12-21 11:27:20 +08:00
Marek Grabowski d8aa7399d2 Add apiserver metric for number of requests dropped by 'inflight-request' filters. 
Kubernetes-commit: 32c66c2b56afe0c716169d9705f84172155ddbb4
 2018-01-16 15:48:20 +00:00
hzxuzhonghu 215ca01104 run update bazel 
Kubernetes-commit: 5c9e020d7dfb369d3cdfb765baa3dff922d8e83d
 2018-01-13 18:09:47 +08:00
hzxuzhonghu d395a1e811 update admission test cases 
Kubernetes-commit: 82c3d2492cb43f9f81e8a18e1dce2e8ab7e4e56a
 2018-01-15 14:58:09 +08:00
hzxuzhonghu b636311708 refactor admission flag: add two admission flags and make plugins auto in recommended order 
Kubernetes-commit: 7c5f9e0bbaff15570f1709e70b7fa6952395d7cd
 2018-01-15 14:58:57 +08:00
Jordan Liggitt e090ce7de2 Fix loading structured admission plugin config 
Kubernetes-commit: 34328ea87dc9ac61bd036228102c952017cb81d0
 2018-01-18 02:32:28 -05:00
Victor Garcia 08a8cccb0a Adding support for custom TLS ciphers in api server and kubelet 
Kubernetes-commit: d7dbc96c70d480f0b81cd83ae3abd34b69c1e70d
 2017-07-12 23:49:41 -07:00
Cao Shufeng 2a2505e824 remove duplicated import 
Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3
 2018-01-11 19:15:11 +08:00
Dr. Stefan Schimanski 574b95f04b admission: do not leak admission config types outside of the plugins 
Kubernetes-commit: 1a552bbe149373c056ee004304d7e5abaa89f4c6
 2017-11-27 14:44:04 +01:00
ilackarms 346b48d948 periodically flush writer 
Kubernetes-commit: 410b4016fd3dc97cdaf0a8e2bc20726900db772e
 2018-01-13 13:14:31 -05:00
Yu Liao 3365692578 sync: squashed up to merge eb7be2699bcbecb2703d3c046b27c2a8e8b1b6dd in 188e6ebcdbcfd0617dc12e51e8e6a66ce89f3955 2018-01-13 19:39:22 +00:00
Dr. Stefan Schimanski 551699fb67 Pass RecommendedConfig into ExtraAdmissionInitializers 
Kubernetes-commit: 5a3cfd27ed818b971f36032d85e2de2db586a4e5
 2018-01-02 09:32:04 +01:00
Dr. Stefan Schimanski 73975eaf19 Simplify extra initializer logic 
Kubernetes-commit: a8127df3bb396717b4fb2a7f688c1f98e6bef6b4
 2017-12-20 12:17:44 +01:00
xuzhonghu 82b64e7264 add admission into RecommendedOption 
Kubernetes-commit: 6149df089e2667fefb740e408ece883fd76dd40e
 2017-12-01 11:07:28 +08:00
Davanum Srinivas 9dd28d8beb Fix ExternalAddress parsing problem under IPv6 
`!strings.Contains(host, ":")` will fail miserably under ipv6

Kubernetes-commit: c258d4df84089b08b9cbd37b1dee4b00576a2532
 2018-01-04 14:00:04 -05:00
hzxuzhonghu 0f7253ee99 validate admission-control param 
Kubernetes-commit: 64a7c60e00a1f6cf92710415e0e3dee133ebab7c
 2017-11-30 14:34:36 +08:00
Marcin Owsiany b703119a83 Do not time-out profiler requests. 
Kubernetes-commit: aa4fd0b69aa7804b0f3c666aa734243cdc11c51d
 2018-01-02 14:42:01 +01:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Saksham Sharma 0d11a9c252 Use []byte in place of string in envelope.Service. 
Kubernetes-commit: 5005a541d6b5b7d950ed621d9c9fd247abb9b4af
 2017-11-07 04:24:53 +05:30
Davanum Srinivas 30e6bc192e Drop using cloud provider to set host address feature 
As part of the larger plan to drop --cloud-provider and --cloud-config
from kube-apiserver, we need to stop calling Cloud Provider API to
find the external ip address when one is not specified on the command
line.

When ExternalHost is not specified, we check if AdvertiseAddress is
specified and use that, if that is missing then we use os.Hostname().

When testing this feature, found a problem that when ExternalHost
is specified, the port was not added in the generated URL. So fixed
that as well.

Kubernetes-commit: 31332fa84a0928085200ba5a2e35118516ee2c48
 2017-12-04 15:06:07 -05:00
yuexiao-wang 46f7a60026 wrong number of args in apiserver/pkg 
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>

Kubernetes-commit: 235df842fafe21fe90f5691ca5eb1ab775fbe54d
 2017-11-24 10:01:54 +08:00
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Chao Xu 53b8960359 move the MutatingAdmissionWebhook to the last in the mutating amdission 
plugin chain.

Kubernetes-commit: 8e8e32fa05f02331f724930933dfa34be995247c
 2017-11-17 14:16:37 -08:00
Kubernetes Submit Queue e16244b0bc Merge pull request #55812 from deads2k/admission-17-external 
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make versioned types for webhook admission config

Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.

@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised.  fyi.

```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
  configuration:
    kind: WebhookAdmission
    apiVersion: apiserver.config.k8s.io/v1alpha1
    kubeConfigFile: /path/to/my/file
```

`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`

Kubernetes-commit: 25ebf875b4235cb8f43be2aec699d62e78339cec
 2017-12-07 04:34:43 +00:00
hzxuzhonghu 170e8ac6dd pass listener to genericapiserver 
Kubernetes-commit: 6ba30f678c232793430a98770e7a851f1e814fd2
 2017-11-16 13:32:12 +08:00
Dr. Stefan Schimanski 2ee052ccdf admission: make metrics compositional and move to metrics sub-package 
Kubernetes-commit: baba0c827bfddfdc56b69c88e19406966ef900a2
 2017-11-17 11:49:55 +01:00
Daniel Smith 4406561b46 add detail to flag help 
Kubernetes-commit: 2956314cde74f0481be1da6107cc266f56127173
 2017-11-17 15:22:53 -08:00
Chao Xu 1b638a5be7 generated bazel 
Kubernetes-commit: 6193360eb52b00727df08f67eb8fc364a8df85e9
 2017-11-15 16:21:28 -08:00
Chao Xu cb8d15718f Adding the mutating webhook 
Kubernetes-commit: ea123f82aae5bc46b9a91c4543c8f742d0db52da
 2017-11-14 16:36:28 -08:00
Cao Shufeng b02e718318 remove duplicated import 
Kubernetes-commit: 86968e44d09e713b8cd5adca5705bba7e511c033
 2017-11-14 11:36:32 +08:00
Chao Xu f88f0f12a1 Reorganize the admission webhook code. 
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.

Kubernetes-commit: 1adfacc7eb41da109e970a9c2985fd55b4cbbdfd
 2017-11-05 18:11:47 -08:00
hzxuzhonghu c37db061da remove redundant code in admission initializer 
Kubernetes-commit: 9d1e6d3e2cc25db8e07db446d00390059c8264f8
 2017-11-08 10:54:06 +08:00
hzxuzhonghu 755a845d5a update bazel and staging godep 
Kubernetes-commit: 3c44e2a6167c349fb17c9741959ca24998ae3738
 2017-11-02 19:36:01 +08:00
hzxuzhonghu 065ff42f34 gracefully shutdown apiserver after all non-long running requests finish 
Kubernetes-commit: db4f0de28075f34bb4bfa8d821ad25cd3a7eba1f
 2017-11-02 19:29:31 +08:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Dr. Stefan Schimanski 8ae36bdf36 apiserver: remove scheme arg from NewUnsecuredEtcd3TestClientServer 
Kubernetes-commit: 11d9dd8ceca2d8f6d00b36ebc4982a142f547d5d
 2017-10-30 13:18:49 +01:00
Henrik Schmidt 9493c48653 Log error when a healthz check fails 
Kubernetes-commit: 1bcfe909125acc567258d4937fc2c08206d14d08
 2017-09-26 12:58:12 +02:00
Jordan Liggitt 198ca9b2e0 Use GVK from storage in API registration 
Kubernetes-commit: 5913fccada6097c984b168ab15c243a8b20876e5
 2017-10-27 04:29:04 -04:00
Dr. Stefan Schimanski eecedb2781 Revert "audit backend run shutdown gracefully after http handler finish" 
This reverts commit f42686081bff88e44b339562c4927775f4439671.

Kubernetes-commit: f6a89df3fb719f4db565c7dade63575ccbdb3031
 2017-10-30 15:26:51 +01:00
hzxuzhonghu d1aa17bde6 audit backend run shutdown gracefully after http handler finish 
Kubernetes-commit: f42686081bff88e44b339562c4927775f4439671
 2017-10-20 16:26:49 +08:00
Chao Xu 3843f2885c remove the nesting directory webhook/webhook 
Kubernetes-commit: ca8131877ad4fcab76388360e04ff9eb05af41a4
 2017-10-26 14:19:49 -07:00
David Eads 3cb246ace6 move webhook admission to generic apiserver 
Kubernetes-commit: 8c1fe1f61a1de754a2cfed1966f4a1f8024ca618
 2017-10-24 08:48:05 -04:00
hzxuzhonghu cc18a64aad audit backend run before http server start and register presShutdown hook 
Kubernetes-commit: b96613722f0830ad2b9b8304a21cca0ec1d8fd2e
 2017-10-20 16:26:49 +08:00