kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,278 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

226 Commits

Author SHA1 Message Date
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Chao Xu f60d1ce95c Set the maximum size increase the copy operations in a json patch can cause 
Kubernetes-commit: f001f9e1dbce644a1b7d22b370ab37fc7d770c7e
 2019-02-04 11:15:16 -08:00
Jordan Liggitt 123cf8011f Remove alpha InitializerConfiguration types, Initializers admission plugin 
Kubernetes-commit: dc1fa870bff65c20f48a83ea3af54adb3f526e28
 2019-01-16 10:19:44 -05:00
Patrick Barker 3039935d60 adds dynamic audit integration test 
Kubernetes-commit: d995047366153d86f0061b829ee4e7657f17996b
 2018-10-16 16:17:33 -06:00
qingsenLi 1e20513561 fix typo and instead of amd 
Kubernetes-commit: 3e83f0f08abab4c10dfab7053529709883c9b834
 2018-10-30 01:27:50 +08:00
Jordan Liggitt 2109711572 Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config 
Kubernetes-commit: 9229399bd6049bc7766829b436d5cb5fe0dfe2f1
 2019-01-15 10:44:36 -05:00
immutableT 9c474d9c53 require timeout to be greater than zero. 
add unit test to cover timeout behaviour.

Kubernetes-commit: 39aca564749cd92ed1cfec7129eb3f6593549137
 2019-01-04 17:06:07 -08:00
immutableT d9414ee2ab Expose kms timeout value via encryption config. 
Kubernetes-commit: a4dc53cfeb91ee07cedcc6959e88e30cb0c3cca8
 2019-01-03 14:26:57 -08:00
David Eads 1702e95788 fix typo in warning advice for permissions 
Kubernetes-commit: 1105e4e0d1c0e78e2a203a136e9f8bcaff5c36ab
 2019-01-04 09:58:06 -05:00
Dr. Stefan Schimanski 7d47897b55 apiserver: separate transport setting from storagebackend.Config 
Kubernetes-commit: 7b242533a217bd809e2c846c3e3fadf7bf6edee8
 2018-09-12 10:59:01 +02:00
Jordan Liggitt a3f2a871b3 Surface help for insecure ports to explain how to disable 
Kubernetes-commit: 819b502768034b8104904cd7031db8c4838f900a
 2018-11-30 10:52:37 -05:00
Jordan Liggitt 232ebfaeaf Allow kube-scheduler to tolerate cluster auth config lookup failure 
Kubernetes-commit: 416e11421590838f0022242bff1db10da595b074
 2018-12-05 13:51:06 -05:00
Jordan Liggitt d294e6b5b4 Update non-test code to use DefaultMutableFeatureGate 
Kubernetes-commit: d440ecdd3b41a4fc4a207195e1bb976422d6d35e
 2018-11-20 23:59:52 -05:00
Mike Spreitzer ee7fb67d6e Clarified syntax doc on --watch-cache-sizes 
Noted that group must be omitted for resources of apiVersion v1 (the
legacy core API) and included for others.

Fixes #65393

Kubernetes-commit: fc20359fed5e3d0e89a60653b9b0d638d4d757d8
 2018-11-12 14:45:45 -05:00
Sergei Orlov e485f8578d kubeapiserver: rename '--experimental-encryption-provider-config' to '--encryption-provider-config'. 
This change renames the '--experimental-encryption-provider-config'
flag to '--encryption-provider-config'. The old flag is accepted but
generates a warning.

In 1.14, we will drop support for '--experimental-encryption-provider-config'
entirely.

Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>

Kubernetes-commit: 21c1bb883081b13244002271bccc9cf119d4db4f
 2018-03-23 14:16:04 +03:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure 
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
 2018-07-03 14:40:55 +02:00
Slava Semushin e2bc8e4617 Introduce kubeapiserver.config.k8s.io/v1 with EncryptionConfiguration and use a standard method for parsing config file. 
Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>

Kubernetes-commit: c21cb548e6c7d4ab019fce8a35c9b99c035c2071
 2018-05-02 18:21:38 +02:00
WanLinghao f78d7e624c fix a description error in DynamicAuditing feature 
Kubernetes-commit: 84aa00c03df00eade6615ca009fa9b2943a98b8c
 2018-11-17 01:49:02 +08:00
Patrick Barker 9fd62b6f47 adds dynamic audit configuration 
Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380
 2018-10-18 21:34:17 -05:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
tanshanshan 631dda550e kube-scheduler: enable secure ports 10259 
Kubernetes-commit: cb95edafe8bf4f294beb53d0a7bc04d62584577c
 2018-09-05 16:42:16 +08:00
Davanum Srinivas 032ec9d79b Switch to sigs.k8s.io/yaml from ghodss/yaml 
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31

Kubernetes-commit: 43f523d405b012fa8d90dd95b667f520e036f6bc
 2018-11-02 16:41:57 -04:00
David Eads 257a06e88a add With method for allowed URL options on delegated authorization 
Kubernetes-commit: 77b56ec9e36dd721c341ce838d608e8af10ce51f
 2018-11-06 10:44:29 -05:00
Jordan Liggitt 136e478e9f encryption-at-rest approvers/reviewers 
Kubernetes-commit: 666c93a8343029a499ea64de8a6d09596097ccb3
 2018-11-02 17:38:17 -04:00
David Eads 83c8e657ed allow delegated authorization to have privileged groups 
Kubernetes-commit: 0b70b7a7c975589f7019e5017c334cf0ee6b819f
 2018-11-05 16:23:20 -05:00
Chao Wang f8fa426bd3 Use `audit.k8s.io/v1` as default value of option --audit-webhook-version and --audit-log-version in release 1.13 
Kubernetes-commit: 9671a035f7e7308ac804b4637af19bac2ecce0f4
 2018-10-31 17:22:37 +08:00
Jordan Liggitt 22df332aff Allow components to generate certificates in-memory 
Kubernetes-commit: b7160d4ee2073f06293d7c3b20acdf4620fadf61
 2018-10-16 17:22:13 -04:00
Jordan Liggitt c7c9a358c2 etcd2 code cleanup, remove deserialization cache 
Kubernetes-commit: c8db31b84adc40aa875917fbca27b2a787902088
 2018-10-15 22:17:44 -04:00
Eric Chiang 13ab2dca08 Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.

Kubernetes-commit: 766f5875bfa0d8ce4d52cdb87d12faea527e1492
 2018-10-11 18:11:15 -07:00
Jordan Liggitt bd604a62aa Remove deprecated --etcd-quorum-read flag 
Kubernetes-commit: cff79c542130831f4a212099974570244a0c9586
 2018-10-08 11:04:28 -04:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Solly Ross 41e5031224 Populate ClientCA in delegating auth setup 
kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.

Kubernetes-commit: 65cea86e4413cb5899c3b89bda375bb326de5093
 2018-10-04 12:48:18 -04:00
Jordan Liggitt 3b6fc08803 Remove etcd2 storage backend 
Kubernetes-commit: 85ae79500fba7d6e51292b12daff829027b59872
 2018-10-01 16:48:14 -04:00
immutablet e9bce895cf Lazily dial kms-plugin. 
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
 2018-09-12 14:56:44 -07:00
Dr. Stefan Schimanski 1a58e1c6ad apiserver: make InClusterConfig errs for delegated authn/z non-fatal 
Kubernetes-commit: 04e793e65ad70df5c4ab280c42740864e54163cd
 2018-09-05 09:12:19 +02:00
Dr. Stefan Schimanski c8f47fd79c apiserver: fix misleading delegated authn/z warnings 
Kubernetes-commit: 059fce63b755ef6052db273fd6c91f3090036389
 2018-09-05 09:11:45 +02:00
Justin Santa Barbara ecbc9eada2 Fix grammar in secure-port flag help 
The phrasing made it difficult to understand the message.

Kubernetes-commit: c0ded2d9f5beb5eb02b356076166c365073a639a
 2018-08-30 18:50:26 -04:00
Dr. Stefan Schimanski c726863192 apiserver: make not-found external-apiserver-authn configmap non-fatal 
Kubernetes-commit: 5d56e791bb932cc297de08db302540684e6f9d4c
 2018-08-24 18:30:58 +02:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Dr. Stefan Schimanski 16d4968bf9 authn/z: optionally opt-out of mandatory authn/authz kubeconfig 
Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
 2018-08-22 11:56:07 +02:00
David Eads 34ff0933dd expose generic storage factory primitives 
Kubernetes-commit: 81b9213ac2cc7744b8a62ac42b269b97c1d17b5a
 2018-08-27 10:45:52 -04:00
Dr. Stefan Schimanski cfb1e16b55 apiserver: unify handling of unspecified options in authn+z 
Kubernetes-commit: 0ede948e47d33474a4e30c845d7896c58a319e39
 2018-08-21 16:42:13 +02:00
Dr. Stefan Schimanski a8bd1ddbf7 delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz 
Kubernetes-commit: 6142e2f8f7c8b1c5d32a2f9aa3715ea0b5baf167
 2018-08-17 17:03:16 +02:00
hangaoshuai c27f181946 add unit test func TestServerRunOptionsValidate 
Kubernetes-commit: cdef8029d4aea52e607da4101ad44b1b4163f869
 2018-08-22 10:19:13 +08:00
hangaoshuai 7e18a5d0a6 add unit test func TestToAuthenticationRequestHeaderConfig 
Kubernetes-commit: 0da04d61ab4b70817083c8208af12397b818546a
 2018-08-22 10:18:30 +08:00
hangaoshuai 769565b214 add unit test func TestAPIEnablementOptionsValidate 
Kubernetes-commit: 73ee10495b5be414b9fae718e5129765c7c3ed19
 2018-08-22 10:17:58 +08:00
hangaoshuai c872082b0a add unit test func TestEtcdOptionsValidate and TestParseWatchCacheSizes 
Kubernetes-commit: 67a1d53bd74265637718b67c80f48a26b6e653cf
 2018-08-22 10:17:26 +08:00
Dr. Stefan Schimanski a549f2934f kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 
Kubernetes-commit: d787213d1b8802d370032d17157ac1de7573ad15
 2018-08-06 16:31:23 +02:00
Dr. Stefan Schimanski 3698d7a898 apiserver: move controller-manager's insecure config into apiserver 
Kubernetes-commit: 1d9a896066b3e10e8c1a0d506e00bc354b7772f0
 2018-08-16 20:47:15 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00