Users who delete a collection expect all resources to be deleted, and
users can also delete an uninitialized resource. To preserve this
expectation, DeleteCollection selects all resources regardless of
initialization.
The namespace controller should list uninitialized resources in order to
gate cleanup of a namespace.
Kubernetes-commit: 9ad1f80fdcd77edcdd53abec3641c04c80fd9b1e
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.
Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
Kubernetes-commit: 772ab8e1b4163c17d285a2789321762a8f2dc9f3
Print a better error from the response. Performs validation to ensure it
does not regress in alpha state.
Kubernetes-commit: ce972ca47591cc24a3a24362478dc61ec8e91278
When using hijacker to take over the connection, the http status code
should be 101 not 200.
PS:
Use "kubectl exec" as an example to review this change.
Kubernetes-commit: 541935b13f87e55199840a73cd3f158e7f0d7b63
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.
Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.
Initialization is currently alpha.
Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
doc for WithAudit is copyed from WithLegacyAudit, it's out of date.
This change update doc for these two functions.
Kubernetes-commit: 82390af25083031e244107527fe5d9491ade937b
Add location transformer, config for transformers
Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.
Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.
Add new files to BUILD, AEAD => k8s-aes-gcm
Use group resources to select encryption provider
Update tests for configuration parsing
Remove location transformer
Allow specifying providers per resource group in configuration
Add IdentityTransformer configuration option
Fix minor issues with initial AEAD implementation
Unified parsing of all configurations
Parse configuration using a union struct
Run configuration parsing in APIserver, refactor parsing
More gdoc, fix minor bugs
Add test coverage for combined transformers
Use table driven tests for encryptionconfig
Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.
Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
Empty audit policy file or policy file contains only comments means
using default audit level for all requests.
Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b
Wojciech Tyczynski
Kubernetes Publisher
Matt Liggett
zhengjiajin
Saksham Sharma
Tim St. Clair
Cao Shufeng
Jordan Liggitt
Clayton Coleman
deads2k
stuart.warren
Scott Weiss
Christoph Blecker
Fabiano Franz
mbohlool
David Ashpole
Dr. Stefan Schimanski
Saksham Sharma
Chao Xu