kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,424 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

63 Commits

Author SHA1 Message Date
Jefftree 28f8e6670e audit webhook use network proxy 
Kubernetes-commit: cd57b830c142e2b9938ff801619070cf601c1422
 2019-12-19 12:29:37 -08:00
Jefftree aa55f94611 authentication webhook via network proxy 
Kubernetes-commit: d318e52ffe0ba156a96cb5507026de6827d543ca
 2019-12-03 15:20:49 -08:00
Mike Danese 5737088b7f refactor 
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
 2020-01-27 18:19:44 -08:00
Mike Danese 44b9fc84ab migrate callers to g/g/uuid 
Kubernetes-commit: a4ca9e6c93e45b4a97e7d04df37362299088f64a
 2019-11-04 23:15:20 -08:00
Ziheng Liu 95180eec68 Change the way of synchronization in staging/.../apiserver 
stopAllDelegates will signal other functions to stop updating, instead of acquiring a Mutex and never unlock it

Signed-off-by: Ziheng Liu <zxl381@psu.edu>

Kubernetes-commit: b1c9ae5499b49b5630768050d92bc8ac3553d830
 2019-10-28 18:32:27 -04:00
shturec b054ff44ee custom retry strategy in GenericWebhook 
Kubernetes-commit: 4877b0b7b50bdc3eaaadd3f968fd846c1396b708
 2019-09-27 13:04:10 +03:00
wojtekt ebc87b1ba1 Cache encoder for auditlog backend 
Kubernetes-commit: 3ad42fb8ca6398ae17882a2b53cf3b65ba9fe1e7
 2019-10-03 16:38:47 +02:00
Jordan Liggitt 0ca78287c0 Propagate context to ExponentialBackoff 
Kubernetes-commit: 4c686ddc1c5f9bc5c28d711dd56551b1ac003faa
 2019-09-24 09:43:04 -04:00
Jordan Liggitt a653e5ab1a Export UserInfo conversion, use authnv1.UserInfo in audit 
Kubernetes-commit: 0e787a4b78a849fa66a02126721dd185e7c00955
 2019-09-09 08:54:54 -04:00
Joe Betz f103fcda51 Replace string concatination with trace fields 
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
 2019-08-02 23:47:24 -07:00
Joe Betz 81b56d7030 Add trace to webhook invocations 
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
 2019-05-31 16:50:54 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Patrick Barker a89b4082d9 fix shutdown audit sink concurrently 
Kubernetes-commit: d81f7205637ab1fb83cab26edfae511014ac81cd
 2019-01-12 16:47:33 -07:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure 
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
 2018-07-03 14:40:55 +02:00
Davanum Srinivas 5dfe5ac061 s/glog/klog/ - keep up with master 
Change-Id: I27ff0545bc456ed8c0900cfeb90555f9ab7ae235

Kubernetes-commit: e558e291d1a41728da23f517e51b71038e3ba93e
 2018-11-10 07:53:25 -05:00
Patrick Barker f3b69c3f89 adds dynamic audit plugins 
Kubernetes-commit: 8eb2150689159bd011aec189cf77e5b15fbcb22b
 2018-10-18 21:34:02 -05:00
Jordan Liggitt e206313b1e audit subproject owners/reviewers 
Kubernetes-commit: 4fe30e92fa655b08f819bc449ca6002a7ccd3eea
 2018-11-02 12:46:56 -04:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
xuzhonghu bc8364d7ab Add String method to audit.Backend interface 
Kubernetes-commit: 416a478cf6e4ea2aaecf5108aade563c9fc3fc53
 2018-07-18 17:35:08 +08:00
Marian Lobur 0da9a3f4a0 Fix truncating and buffering backends integration. 
Kubernetes-commit: 20fb0b5eb180fb4cb9be18ab3fc8cd259c7f7bf0
 2018-07-09 10:25:41 +02:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
David Eads bf8532c54e remove KUBE_API_VERSIONS 
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
 2018-04-25 16:07:15 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration 
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
 2018-04-24 08:21:23 -04:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
Cao Shufeng 0e5b010b14 [advanced audit]fix comment about throttle burst 
Kubernetes-commit: c6f72c20d121a8f4e161d490af0aa2db48e05caf
 2018-03-09 18:07:04 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Mik Vyatskov 054769c183 Introduce buffered audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 3f0e49aea430c30f4539d34c0f93486fd451d073
 2018-02-20 15:25:46 +01:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Cao Shufeng f7e881914a support micro time for advanced audit 
Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d
 2017-09-25 11:56:30 +08:00
Mik Vyatskov 29522c33dc Add throttling to the batching audit webhook 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 6bce120a11782caad7ea477aaaafe3ba31f797d1
 2017-10-05 23:19:45 +02:00
Mik Vyatskov bddf432ba6 Adjust defaults of audit webhook backends 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 5f4ff9f28341d58a4a905a0e86742aa6c90e81bf
 2017-10-05 23:18:55 +02:00
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature 
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
 2017-09-09 21:44:30 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Cao Shufeng cbc6b83455 remove dead code for cloner 
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0

Kubernetes-commit: 7b5c7bb711e7f15a1bf216a7a51fd40148110fba
 2017-08-29 13:16:15 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done 
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
 2017-08-29 13:16:13 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Mik Vyatskov 04aa1e08ec Implement batching audit webhook graceful shutdown 
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
 2017-08-29 13:16:12 +00:00
Dr. Stefan Schimanski 86ef841256 apiservers: add synchronous shutdown mechanism on SIGTERM+INT 
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
 2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00