kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
649 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

395 Commits

Author SHA1 Message Date
Dr. Stefan Schimanski aaf3784254 Unify fuzzers and roundtrip tests 
Kubernetes-commit: ecc811d263894ae54bbe62a3b1ba14847a260e95
 2017-07-28 13:56:11 +00:00
Michail Kargakis 4906405ecb Remove myself from a bunch of places 
Signed-off-by: Michail Kargakis <mkargaki@redhat.com>

Kubernetes-commit: e884eac6fe422bd6ba2910a527defe9fd5e94392
 2017-07-28 13:56:11 +00:00
Dr. Stefan Schimanski 7def9ae6ce Fixup go2idl references 
Kubernetes-commit: edfbb9aa6424ef975d717177886ca9cbdabe34c6
 2017-07-28 13:56:11 +00:00
Cao Shufeng 157dcc8988 fix NamespaceLifecycle admission 
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.

Kubernetes-commit: a8693b63b910d02397eb4a27873cd7da08242a14
 2017-07-28 13:56:11 +00:00
xiangpengzhao 5f2f70a255 Validate --storage-backend type. 
Kubernetes-commit: fcf2df9ad7ea688d75b2e9abb036b9d7abcc6e7c
 2017-07-28 13:56:10 +00:00
Dr. Stefan Schimanski e24df9a2e5 Update generated code 
Kubernetes-commit: 8dd0989b395b29b872e1f5e06934721863e4a210
 2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 36b2f4560f deepcopy: add interface deepcopy funcs 
- add DeepCopyObject() to runtime.Object interface
- add DeepCopyObject() via deepcopy-gen
- add DeepCopyObject() manually
- add DeepCopySelector() to selector interfaces
- add custom DeepCopy func for TableRow.Cells

Kubernetes-commit: 39d95b9b065fffebe5b6f233d978fe1723722085
 2017-07-19 03:49:08 +00:00
huangjiuyuan 530dec4a81 adding validations on kube-apiserver audit log options 
Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>

Kubernetes-commit: 21d0f815645ca3452719faf1ad69c63a9c3f3db2
 2017-07-19 03:49:08 +00:00
Jordan Liggitt 4c5bbed295 Never prevent deletion of resources as part of namespace lifecycle 
Kubernetes-commit: 95bf4983dec5909c536d6d602b4cf7a9b5c78c99
 2017-07-19 03:49:08 +00:00
jianglingxia 57a29126d7 amend the comment 
Kubernetes-commit: fe13072443289a87ac2bf89fa7818f0ba8a5c64d
 2017-07-19 03:49:08 +00:00
Clayton Coleman a9bfd91dd9 Do not persist SelfLink into etcd storage 
This behavior regressed in an earlier release. Clearing the self link
ensures that a new version is always written and reduces the size of the
stored object by a small amount. Add tests to verify that Create and
Update result in no SelfLink stored in etcd.

Kubernetes-commit: 461c3701f0915acbf49c339f5321fa86879a963e
 2017-07-16 04:08:42 +00:00
Mike Danese 4944e218bd remove some people from OWNERS so they don't get reviews anymore 
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- bprashanth
- rjnagal
- vmarmol

Kubernetes-commit: c201553f2776ac401549d561485f9a5cb4841ae8
 2017-07-16 04:08:42 +00:00
Shyam Jeedigunta 817e4db05c maxinflight handler should let panicrecovery handler call NewLogged 
Kubernetes-commit: 6ffbbad21790ccf1f1f7063a0800a4696a572c76
 2017-07-16 04:08:42 +00:00
Tim Allclair b817dfcc02 Name change: s/timstclair/tallclair/ 
Kubernetes-commit: a2f2e1d4918effb4f0994333c7b88086674e4a5b
 2017-07-16 04:08:42 +00:00
Cao Shufeng aeff5f2a0a add a regression test for Audit-ID http header 
This change add a test for: https://github.com/kubernetes/kubernetes/pull/48492

Kubernetes-commit: a5df09ba89f4c010eed76ffd985895aa80de9845
 2017-07-16 04:08:42 +00:00
sakeven f3f629bfe7 remove svg mime type extension 
Signed-off-by: sakeven <jc5930@sina.cn>

Kubernetes-commit: 795953c0c4db03d182b941af5af03ff51652de72
 2017-07-16 04:08:42 +00:00
Clayton Coleman ec4f695076 generated: bazel / godeps 
Kubernetes-commit: c73622108ccd285b245cf9fe2dc218a47398d31d
 2017-07-16 04:08:42 +00:00
Dr. Stefan Schimanski 5c33fc4de4 apimachinery: remove unneeded GetObjectKind() impls 
Kubernetes-commit: da3322c2d93671b7cbff9b090dd5e1ce9984130e
 2017-07-16 04:08:42 +00:00
Dr. Stefan Schimanski 51b28748a4 Update generated files 
Kubernetes-commit: d358cb168d60deec2c84b68003680307a6565bbd
 2017-07-16 04:08:42 +00:00
Dr. Stefan Schimanski 15712b92c3 apimachinery+apiserver: extract test types to work w/ deepcopy-gen 
Kubernetes-commit: 205cd90d465b7287fdad5f77d1dc4ac13624b067
 2017-07-16 04:08:41 +00:00
Dr. Stefan Schimanski 8304eb8a20 audit: fix deepcopy registration 
Kubernetes-commit: ad23081273785668ee2520e5349cf0b05f64e41f
 2017-07-16 04:08:41 +00:00
Cao Shufeng 7723f2ca07 remove extra WriteHeader function 
The deleted two functions will be called later in the function
SerializeObject(). Not necessary to call them twice.

Kubernetes-commit: f41eb67798c574b531b5dd542d3284604b142801
 2017-07-16 04:08:41 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Clayton Coleman bcc0d0a6d0 Unify generic proxy code in apimachinery 
Make the utility package truly generic, consolidate all generic proxy in
apimachinery.

Kubernetes-commit: edc12aafe2fbfe3475bdf03c34ffa26cc4322673
 2017-07-16 04:08:41 +00:00
Clayton Coleman c521c8f6b5 Record 429 and timeout errors to prometheus 
Allows gathering of load being shed.

Kubernetes-commit: 2e33a2f0bc8ac82aecadcb19cf6e41259454d182
 2017-07-16 04:08:41 +00:00
deads2k aa72cc77b2 remove dead code 
Kubernetes-commit: 0801ded4252684c47d8a50700f9f5ff8ff88b964
 2017-07-16 04:08:41 +00:00
Aaron Crickenberger e110054277 TestLoopbackHostPort should accept IPv6 loopback host 
Kubernetes-commit: 8469b013333baec0dc2fc43a6bfb7493fcf019e8
 2017-07-16 04:08:40 +00:00
Cao Shufeng 6040aeb60d Fix invalid Content-Type for 403 error 
https://github.com/kubernetes/kubernetes/pull/47384 makes 403 errors
return Status Object. How the Content-Type is still "text/plain"
This change fix it.

Kubernetes-commit: 36e0a5ed14ae0fb9fd88980f0fce57d076216e2e
 2017-07-06 23:56:07 +00:00
Cao Shufeng d248b52a81 Fix Audit-ID header key 
Now http header key "Audit-ID" doesn't have effect, because golang
automaticly transforms "Audit-ID" into "Audit-Id". This change use
http.Header.Get() function to canonicalize "Audit-ID" to "Audit-Id".

Kubernetes-commit: f21bc7bb9a82378e8b24f72c66dfd23bc8113f20
 2017-07-06 23:56:07 +00:00
Haoran Wang da548f4af1 fix error type 
Kubernetes-commit: 45ec7d9f51c54c8312579c9a0eab83c29d6d7d06
 2017-07-05 23:59:23 +00:00
Shiyang Wang 276c240fae Fix 401/403 apiserver errors do not return 'Status' objects 
Kubernetes-commit: 3d6479f7216dcb61e56ab6dd53fad7176930645d
 2017-07-05 23:59:23 +00:00
deads2k fc0bd6b232 make the panic handler first 
Kubernetes-commit: 9b43bd4a5b234d528ebc0fd059ae69eedced8c7f
 2017-07-05 23:59:22 +00:00
Cao Shufeng 924adf12df Add Validate() function for audit options 
Kubernetes-commit: cf8e3ccf1959942342ed0c10f6b43d46beb65e04
 2017-07-05 08:39:49 +00:00
deads2k f73160e236 allow a deletestrategy to opt-out of GC 
Kubernetes-commit: 312fb1e1fa198f4715598feac659f5eeffd05032
 2017-07-04 08:39:44 +00:00
Cao Shufeng af4570c690 update events' ResponseStatus at Metadata level 
ResponseStatus is populated in MetadataLevel, so we also update it in
MetadataLevel.

Kubernetes-commit: b6abcacb38d5da7c70ea9f3e6f673c8beeb90092
 2017-07-04 08:39:44 +00:00
Cao Shufeng 0ce81fed2f add validate for advanced audit policy 
This change checks group name and non-resrouce URLs format for audit
policy.

Kubernetes-commit: 7437b88386665ff4a16fe37d02818285636ec8ce
 2017-07-04 08:39:44 +00:00
Clayton Coleman 2f829d739b GuaranteedUpdate must write if stored data is not canonical 
An optimization added to the GuaranteedUpdate loop changed the
comparison of the current objects serialization against the stored data,
instead comparing to the in memory object, which defeated the mechanism
we use to migrate stored data.

This commit preserves that optimization but correctly verifies the in
memory serialization against the on disk serialization by fetching the
latest serialized data. Since most updates are not no-ops, this should
not regress the performance of the normal path.

Kubernetes-commit: b851614adfe2b39941d518485480ff527fa4f0c1
 2017-07-04 08:39:44 +00:00
Cao Shufeng 755b51396c remove useless check from impersonation filter 
When groupsSpecified is false, that means no other groups are added
rather than the service account groups. So this check doesn't make
any sense.

Kubernetes-commit: 0a1e24f31e5dc1a4f193a6d564ed06e2535b2830
 2017-07-01 08:39:43 +00:00
Antoine Pelisse d57ea42cc0 Add NYTimes/gziphandler dependency 
Kubernetes-commit: f617df7d6a63692ae8e0b2863f3b44f6ea02d355
 2017-07-01 08:39:43 +00:00
Antoine Pelisse 242da91bc8 openapi: Read Accept-Content to send gzip if needed 
Kubernetes-commit: bd38dd4d12b77126ba9c129b74b2b444f9f2a3a1
 2017-07-01 08:39:43 +00:00
Kyâne Pichou a0b4bc5639 Fix a typo in deletion log of apiserver 
Kubernetes-commit: 7adf8d8cac89eb68bc10a58827ef08e74e047913
 2017-07-01 08:39:43 +00:00
Mikhail Mazurskiy 7039fe1e17 Refactor unstructured converter 
Kubernetes-commit: dc1ee493a29251492403e4282b5df3e897de2214
 2017-06-30 08:44:46 +00:00
Tim St. Clair dc4be7ced9 s/count/total/ in audit prometheus metrics 
Kubernetes-commit: b34d6ab890d3d73b391a876125d1ea3141c54f1d
 2017-06-28 00:14:32 +00:00
Eric Paris b7f543928d prioritize messages for long steps 
Kubernetes-commit: f4767c270dde1de68235fd21ac4b907f6ef33385
 2017-06-28 00:14:32 +00:00
Scott Weiss b74e5942e2 add compression to GET and LIST api requests 
this feature is gated; disabled by default

Kubernetes-commit: c305f72315a83c16c40fbbfd06b563f9e67208ff
 2017-06-28 00:14:31 +00:00
sakeven a238a912d3 add level for print flags 
Signed-off-by: sakeven <jc5930@sina.cn>

Kubernetes-commit: 8b1a08a9194cf423ba53e6662f9e746852f60164
 2017-06-28 00:14:31 +00:00
p0lyn0mial c4948f98da incluster config will be used when creating external shared informers. 
previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.

Kubernetes-commit: 074544b3b024156e4ce91de5778281dbe1b47a72
 2017-06-28 00:14:31 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 0fc5fed423 manually fix openapi-gen 
Kubernetes-commit: 4379bbdafbd38bdc67f2ceb5cb7a4e778baebf04
 2017-06-28 00:14:31 +00:00
Chao Xu 230d302a85 manually fix kubectl openapi unit test 
Kubernetes-commit: 239613b521b5180d01d2de004e793234bfa6be07
 2017-06-28 00:14:31 +00:00
Chao Xu e5d0493897 make all works. generated harmless covnersion/deepcoy chagnes 
Kubernetes-commit: 847b048fa0b2e83d4d4c39ceb37e9e0262d5a968
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
Chao Xu 150b64eff5 run hack/update-codegen.sh 
Kubernetes-commit: e185f7e2770039a799a21af9362ed999197dcc33
 2017-06-28 00:14:31 +00:00
Jordan Liggitt 63a940e4f9 Remove redirect verb parsing 
Kubernetes-commit: e8b24679dc457d3321073b9ae8e1c17a1763c56a
 2017-06-28 00:14:31 +00:00
Jordan Liggitt 6a99774546 Use websocket protocol authenticator in apiserver 
Kubernetes-commit: 6a872c09ebc8bff4efccc6d0206b0b5639be31ae
 2017-06-28 00:14:31 +00:00
Jordan Liggitt 5c2f76950a Add websocket protocol authentication method 
Kubernetes-commit: e2a03bcf2a568b5c40e8f92e1009440038f5e5ee
 2017-06-28 00:14:31 +00:00
NickrenREN 080796b69a Lower etcd compacted loglevel 
Kubernetes-commit: 151b6a04e1355c1b47191f46283a3bfe98dfc393
 2017-06-28 00:14:31 +00:00
Clayton Coleman a93da9eb77 Don't bother with a mutable transformer for identity 
Kubernetes-commit: dac0d07546f50636ae7f140415aa949325494b2e
 2017-06-28 00:14:31 +00:00
Jordan Liggitt 3d01cde9c2 Fix rawextension decoding in update 
Kubernetes-commit: a536ee3615e15954c63b0ccea0885837e2846e1e
 2017-06-22 04:00:53 +00:00
Clayton Coleman 5f00d0e8e2 generated: protobuf with stable map ordering 
Kubernetes-commit: 606825eea47f41c72a3da1d4d2a769a340e1b69d
 2017-06-20 00:06:38 +00:00
Wojciech Tyczynski 6c72e52da3 Add logging to debug conflicts in kubemark-scale test 
Kubernetes-commit: 1504c7fc31d1a1f8a37e106b056cc261cdff7a47
 2017-06-19 20:36:09 +00:00
Matt Liggett 1526f6a57c Add version and flag info to apiserver and CM logs. 
Should help debugging.
Specifically for #45706

Kubernetes-commit: f6bcac3fecbc5ef105b903d8e14252ccb2b55e51
 2017-06-16 22:11:33 +00:00
zhengjiajin 6ed25fddc6 Fix api description 
Kubernetes-commit: f7ce20d2e4b4c24cfa7440e135abf78e538673bb
 2017-06-16 22:11:33 +00:00
Saksham Sharma 205eddae2b Fix typo in secretbox transformer prefix 
Kubernetes-commit: 2c820c205073ec96acf8c0cf140db2381f377425
 2017-06-15 22:11:39 +00:00
Tim St. Clair 64014c6e25 audit: Fill in full ObjectRef, include in LevelMetadata 
Kubernetes-commit: 28beb4572e676b9073f400fb6ccf2720381a41d0
 2017-06-14 20:44:08 +00:00
Cao Shufeng 97b762c21b remove leaked socket file in unit test 
Kubernetes-commit: 2c19b9e143cd9fde4365f3f9913b23d955d9ceda
 2017-06-14 20:44:08 +00:00
Cao Shufeng 9b573e7060 Remove extra empty lines from log 
remove extra "\n" from Everything()

Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
 2017-06-13 20:47:33 +00:00
Jordan Liggitt e4286c2402 Revert "add gzip compression to GET and LIST requests" 
This reverts commit fc650a54d02f358c7fc65fa25b8312028bd4e944.

Kubernetes-commit: 63e3e2fa7b04bd3d3f1fccb63391f17ea01e06a8
 2017-06-13 20:47:32 +00:00
Clayton Coleman 05d333de3f DeleteCollection should include uninitialized resources 
Users who delete a collection expect all resources to be deleted, and
users can also delete an uninitialized resource. To preserve this
expectation, DeleteCollection selects all resources regardless of
initialization.

The namespace controller should list uninitialized resources in order to
gate cleanup of a namespace.

Kubernetes-commit: 9ad1f80fdcd77edcdd53abec3641c04c80fd9b1e
 2017-06-13 20:47:32 +00:00
Saksham Sharma f1876a2211 Add configuration for AESCBC, Secretbox encryption 
Add tests for new transformers

Kubernetes-commit: 13073407422c62ee2131968060c85ce8b6488de4
 2017-06-13 20:47:32 +00:00
Cao Shufeng c396142d93 [legacy audit] add response audit for hijack 
Kubernetes-commit: 9212b0240de33344034c829f78a0f5c86aea6a0d
 2017-06-13 20:47:32 +00:00
Wojciech Tyczynski f6771d9ae8 Revert "Optimize selector for single-matching items" 
This reverts commit f93a270edcefc3780247ae89eea02cd13b81237b.

Kubernetes-commit: dbafff3eea4648c8dc6d8ce0d46f7f3932c73bb6
 2017-06-13 20:47:32 +00:00
Clayton Coleman 5556dcce58 Add an AES-CBC mode for encrypt at rest 
Kubernetes-commit: 395399ab3d93e004e5f59cea5ded675b15a5f250
 2017-06-13 20:47:32 +00:00
deads2k 7e0854d484 test header removal for impersonation 
Kubernetes-commit: 38c25393df7bddd8356126634d70aa333ca1ac3b
 2017-06-13 20:47:32 +00:00
deads2k 8401e3b61b change the default storage location to avoid double prefixing 
Kubernetes-commit: bc3434c084e405769417a08195700cd6be02211f
 2017-06-13 20:47:32 +00:00
Clayton Coleman 8076c4cbf2 Add a secretbox implementation for encryption 
Uses nacl/secretbox

Kubernetes-commit: 23cd6c52ba4b62e9c333b1fa9e550537f9fd66c2
 2017-06-13 20:47:32 +00:00
Clayton Coleman d7dab9510e bump(golang.org/x/crypto/nacl):d172538b2cfce0c13cee31e647d0367aa8cd2486 
Kubernetes-commit: 868cdeca8aee343d3b58107cfb12da5b99b86394
 2017-06-13 20:47:32 +00:00
Scott Weiss 8c02c5efc4 add gzip compression to GET and LIST requests 
closes #44164

Kubernetes-commit: fc650a54d02f358c7fc65fa25b8312028bd4e944
 2017-06-13 20:47:32 +00:00
Christoph Blecker 4587b5cf81 Update docs/ URLs to point to proper locations 
Kubernetes-commit: 1bdc7a29aee051ccef4bb21dcd9d43ee47b2a5d8
 2017-06-13 20:47:32 +00:00
Fabiano Franz e06c9d2f84 Add group alias names to discovery in registry 
Kubernetes-commit: 058f9b4f32f085075f7c2cc6c2caabc80ef41815
 2017-06-13 20:47:31 +00:00
Tim St. Clair fe3c2f4191 Generate protobuf for the audit API 
Kubernetes-commit: d7d54357205e62a2912ded53f2b307205bfccf2b
 2017-06-13 20:47:31 +00:00
Clayton Coleman fcc6b93d70 Load initializers from dynamic config 
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).

Kubernetes-commit: 772ab8e1b4163c17d285a2789321762a8f2dc9f3
 2017-06-13 20:47:31 +00:00
Jordan Liggitt 8ab96afbb9 Avoid * in filenames 
Kubernetes-commit: b5e5e93201ccbc1b4ed1da0378c1f550508bfc4f
 2017-06-13 20:47:31 +00:00
mbohlool 0bd6ffe372 Update Bazel 
Kubernetes-commit: c2f2a33dc51e33634317dcc125543d3d05dab500
 2017-06-13 20:47:31 +00:00
mbohlool f03a4943d7 Aggregate OpenAPI specs 
Kubernetes-commit: 1a1d9a0394cbdb1d1e2412ae8f0157799eb5329c
 2017-06-13 20:47:31 +00:00
mbohlool f10f5391f1 Separate Build and Serving parts of OpenAPI spec handler 
Kubernetes-commit: 0a886ffaf8b9de97ef8134a4182b719ba2c6f22f
 2017-06-13 20:47:31 +00:00
mbohlool bfb371141a Remove unused servePath from GetOperationIDAndTags and GetDefinitionName 
Kubernetes-commit: ef8ee84cd07dedf0a441d455f54b55a6468b4b3d
 2017-06-13 20:47:31 +00:00
David Ashpole 5b1bafe4d2 update prometheus dependency for staging 
Kubernetes-commit: 56f53b92074b5da5de8e2307d791c466ec59bf58
 2017-06-13 20:47:31 +00:00
Clayton Coleman 90d1b25a67 Add an e2e test for server side get 
Print a better error from the response. Performs validation to ensure it
does not regress in alpha state.

Kubernetes-commit: ce972ca47591cc24a3a24362478dc61ec8e91278
 2017-06-13 20:47:31 +00:00
Cao Shufeng 42b5738617 fix invalid status code for hijacker 
When using hijacker to take over the connection, the http status code
should be 101 not 200.

PS:
Use "kubectl exec" as an example to review this change.

Kubernetes-commit: 541935b13f87e55199840a73cd3f158e7f0d7b63
 2017-06-13 20:47:31 +00:00
Dr. Stefan Schimanski e10c78ea7c apiserver: return BadRequest 400 for invalid query params 
Kubernetes-commit: 4846c0d16700bb7cb3c3e02fa3919f2de36d4685
 2017-06-13 20:47:31 +00:00
Clayton Coleman 5fa08b8c5e Allow initialization of resources 
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.

Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.

Initialization is currently alpha.

Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
 2017-06-13 20:47:30 +00:00
Cao Shufeng 89caee803d update copyed doc for advanced audit 
doc for WithAudit is copyed from WithLegacyAudit, it's out of date.
This change update doc for these two functions.

Kubernetes-commit: 82390af25083031e244107527fe5d9491ade937b
 2017-06-13 20:47:30 +00:00
Saksham Sharma 0b1c13686c Add configuration options for encryption providers 
Add location transformer, config for transformers

Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.

Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.

Add new files to BUILD, AEAD => k8s-aes-gcm

Use group resources to select encryption provider

Update tests for configuration parsing

Remove location transformer

Allow specifying providers per resource group in configuration

Add IdentityTransformer configuration option

Fix minor issues with initial AEAD implementation

Unified parsing of all configurations

Parse configuration using a union struct

Run configuration parsing in APIserver, refactor parsing

More gdoc, fix minor bugs

Add test coverage for combined transformers

Use table driven tests for encryptionconfig

Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
 2017-06-13 20:47:30 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing 
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
 2017-06-13 20:47:30 +00:00
Chao Xu 3f8656c5e3 generated defaults files 
generated bazel

Kubernetes-commit: 902c501595dfd044b3e7062e1518f7f3025751a5
 2017-06-13 20:47:30 +00:00
Jordan Liggitt efae6ed84b Pre-generate SNI test certs 
Kubernetes-commit: 6554dfc4456869e299b8f6a8f686e8c3cee073d9
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski d6f1990c7c apiserver: avoid resolving 'localhost' 
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.

Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
 2017-06-13 20:47:30 +00:00
Cao Shufeng df4801fa4e empty audit policy file is legal configuration 
Empty audit policy file or policy file contains only comments means
using default audit level for all requests.

Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski c0e7280688 Update bazel 
Kubernetes-commit: c7d9a396fdf9ef63272896200ab90afa0581c8f3
 2017-06-13 20:47:30 +00:00