Add location transformer, config for transformers
Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.
Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.
Add new files to BUILD, AEAD => k8s-aes-gcm
Use group resources to select encryption provider
Update tests for configuration parsing
Remove location transformer
Allow specifying providers per resource group in configuration
Add IdentityTransformer configuration option
Fix minor issues with initial AEAD implementation
Unified parsing of all configurations
Parse configuration using a union struct
Run configuration parsing in APIserver, refactor parsing
More gdoc, fix minor bugs
Add test coverage for combined transformers
Use table driven tests for encryptionconfig
Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.
Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
Empty audit policy file or policy file contains only comments means
using default audit level for all requests.
Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b
All generic registries expose metadata output, and refactor endpoints to
allow negotiation to handle those responses. Add support for
PartialObjectMetadata being returned for objects as well.
Kubernetes-commit: f203e42cb98ed4bac7ad8ebbed717d3bd42f55b6
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
proxy_handler now uses the endpoint router to map the cluster IP to
appropriate endpoint (Pod) IP for the given resource.
Added code to allow aggregator routing to be optional.
Updated bazel build.
Fixes to cover JLiggit comments.
Added util ResourceLocation method based on Listers.
Fixed issues from verification steps.
Updated to add an interface to obfuscate some of the routing logic.
Collapsed cluster IP resolution in to the aggregator routing
implementation.
Added 2 simple unit tests for ResolveEndpoint
Kubernetes-commit: ad8a83a7c1741efb507d924a17eb809748ee2e06
This change makes it so that errors during watch decoding panic the
server if it is in a test environment. This allows us to catch coder
errors related to storing incompatible types at the same location in
etcd.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: a13f026fd012859f04467e6007e2cafe4a788927
All registry.Store objects already set a non-nil DeleteStrategy.
This change ensures that all future objects do so as well.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: 08fcd79e1f4b9d3efe0a20ea4ce4fdf5ffea0531
Subresources are very often completely different code paths and errors
generated on those code paths are important to distinguish.
Kubernetes-commit: ad431c454c1306fdcc2134a3626444984d350f46
The underlying storage has always returned the old object on watch
delete events when filtering. The cache watcher does not, which means a
downsteam caller gets different behavior.
This fixes the cache watcher to be consistent with our long term
behavior for watch. It may result in a behavior change (the filter
becomes more precise) but this was a regression in behavior.
Kubernetes-commit: e9e69356e4907fa4d0f45ea7e7768357ba71aba9
Saksham Sharma
Tim St. Clair
Chao Xu
Jordan Liggitt
Dr. Stefan Schimanski
Cao Shufeng
Eric Chiang
mbohlool
Wojciech Tyczynski
Clayton Coleman
p0lyn0mial
Walter Fender
deads2k
Monis Khan
Tim Hockin
Ma Shimiao
xilabao
Morgan Bauer
Di Xu
Kubernetes Publisher