5fa08b8c5e
Allow initialization of resources
...
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.
Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.
Initialization is currently alpha.
Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
2017-06-13 20:47:30 +00:00
0b1c13686c
Add configuration options for encryption providers
...
Add location transformer, config for transformers
Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.
Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.
Add new files to BUILD, AEAD => k8s-aes-gcm
Use group resources to select encryption provider
Update tests for configuration parsing
Remove location transformer
Allow specifying providers per resource group in configuration
Add IdentityTransformer configuration option
Fix minor issues with initial AEAD implementation
Unified parsing of all configurations
Parse configuration using a union struct
Run configuration parsing in APIserver, refactor parsing
More gdoc, fix minor bugs
Add test coverage for combined transformers
Use table driven tests for encryptionconfig
Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
2017-06-13 20:47:30 +00:00
efae6ed84b
Pre-generate SNI test certs
...
Kubernetes-commit: 6554dfc4456869e299b8f6a8f686e8c3cee073d9
2017-06-13 20:47:30 +00:00
d6f1990c7c
apiserver: avoid resolving 'localhost'
...
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.
Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
2017-06-13 20:47:30 +00:00
be1a712a68
apiserver: add a webhook implementation of the audit backend
...
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
2017-06-13 20:47:30 +00:00
42d367c84c
register all generic admission plugins when AdmissionOptions are created.
...
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
2017-06-13 20:47:29 +00:00
10de73bc53
move CRD behind TPR
...
Kubernetes-commit: 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff
2017-06-13 20:47:29 +00:00
8ff532a4cb
Implement audit policy logic
...
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
2017-06-13 20:47:28 +00:00
ecba80695f
remove init blocks from all admission plugins
...
Kubernetes-commit: c5019bf6962475ffff94ef4993bdc651b79f650c
2017-06-13 20:47:28 +00:00
94ea219615
Update bazel
...
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
2017-06-13 20:47:28 +00:00
ec8d130fa7
audit: wire through non-nil context everywhere
...
Kubernetes-commit: ce942d19c378ecd335e7e158e30cdc184f9d6184
2017-06-13 20:47:28 +00:00
f7d766d92d
audit: add audit event to the context and fill in handlers
...
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
2017-06-13 20:47:28 +00:00
6bd3c73150
apiserver: move LongRunningRequestCheck type into endpoints/request
...
Kubernetes-commit: c1bf6e832e2887ef6cd0e7b7fa97a168fdf474e5
2017-06-13 20:47:27 +00:00
283dd09ef7
tighten and simplify owners in some staging repos
...
Kubernetes-commit: e7871dbab26459163fd916b83563c4815c7ca43c
2017-06-13 20:47:27 +00:00
032de8d661
Update bazel
...
Kubernetes-commit: 4d4abf3ba625488bd8a1b577f15b85db3c0fccac
2017-05-21 17:28:01 +00:00
e57f74f648
bugfix: form parameters should have type in OpenAPI spec
...
Kubernetes-commit: 4b0fbfe1ee23e5498ecc4786d3eeec222710473b
2017-05-21 17:28:01 +00:00
d5a4874935
Add protobuf binary version of openapi spec
...
Kubernetes-commit: 161b480107d94fae0373a2d7221413ec7a816229
2017-05-21 17:28:01 +00:00
b10e93e2f5
bazel update
...
Kubernetes-commit: 7b0950b298c876668d469d4b5b2ad7a4dcd344fc
2017-05-16 17:27:51 +00:00
ceeef3670c
This PR implements AdmissionOptions.ApplyTo
...
ApplyTo adds the admission chain to the server configuration the method lazily initializes a generic plugin
that is appended to the list of pluginInitializers.
apiserver.Config will hold an instance of SharedInformerFactory to ensure we only have once instance.
The field will be initialized in apisever.SecureServingOptions
Kubernetes-commit: 8cea69aa9812d6627ebdfa4f8b9c1d7624a8f3f5
2017-05-16 17:27:50 +00:00
00b83db9b8
plumb stopch to post start hook index since many of them are starting go funcs
...
Kubernetes-commit: be39283923650ad96539640ca988fbf194db2be4
2017-05-12 17:30:09 +00:00
f72563011c
Remove mentioning insecure server (which is not supported anymore)
...
Kubernetes-commit: 6c448319ac4b6e05db87b126db136c609eceec55
2017-05-12 17:30:09 +00:00
49f3eb05d8
refactor names for the apiserver handling chain
...
Kubernetes-commit: 4389f715768661731f0aae7438b2cc8414c9746a
2017-05-12 17:30:09 +00:00
234a9303e9
apiserver: tri-state watch cache capacity: off, default, value
...
Kubernetes-commit: b799e62e1aa82a1f1ff87597e762734cd702cdee
2017-05-12 17:30:09 +00:00
1ce699c0dd
Add GroupVersionKind and Action extensions to OpenAPI operations
...
Kubernetes-commit: fca7003dc5bd122e2123ef260e8612663f74a65b
2017-05-12 17:30:09 +00:00
a44fceadf3
Update go-restful dependency
...
Kubernetes-commit: ea042c6ca0fc7eb8017012ca56d6879b8cf10637
2017-05-12 17:30:08 +00:00
e640e78936
apiserver: fix --tls-sni-cert-key doc string
...
Kubernetes-commit: 53365880086f0d0d53002de7ce816284da41f4d0
2017-05-12 17:30:08 +00:00
ec0ac3b1aa
update the doc of function NewPathRecorderMux
...
Kubernetes-commit: 8b54081939c400d904dbf02fe5143c9dc11ad0ac
2017-05-12 17:30:08 +00:00
0a32c6d3e2
Fix yet another bug in OpenAPI extension generation
...
Kubernetes-commit: bcd0288e607ee1a1eba3d69dbb7d533f7ef2e4ba
2017-05-05 20:36:47 +00:00
585812f439
use our own serve mux that directs how we want
...
Kubernetes-commit: c837c7fb1a227ef8c772ad15b08ff47593379543
2017-05-04 20:36:37 +00:00
2b31ba8b9c
separate discovery from the apiserver
...
Kubernetes-commit: e099f5eee60ad32661d28a2eda9d615ac25ba9a4
2017-05-02 20:36:05 +00:00
1512c30ca6
Delete "hard-coded" default value in flags usage.
...
Kubernetes-commit: 420caf200cdb1ba41d6af43c5695c29de2082851
2017-04-29 20:35:54 +00:00
79f762de77
componentstatus: support client cert health check
...
etcd has support for client-cert-auth, which can be configured via the flag `--ca-file`,
when that is enabled, all the client requests must present with a client certificate,
however, the current component status check uses a single transport for all of the checks,
this is wrong, the checks should be different for each of different component, and make
each of them use different transport(tls configurations).
Kubernetes-commit: b1040171b68217dccb617de85defa4a5063c638b
2017-04-22 20:36:06 +00:00
fdb6bac0df
bazel update
...
Kubernetes-commit: 4a3dcff3bfb49317cee8fb209f6b915fc9e82f1a
2017-04-21 20:35:37 +00:00
3422dafac7
Split out AdmissionOptions
...
In the long term AdmissionOptions will accepts various dependencies
and spit out AdmissionControl
Kubernetes-commit: de9706bc15ffc3a6a4ef30a00d5c7ea9a8881396
2017-04-21 20:35:37 +00:00
6c1b74403d
apiserver: Update genericapiserver to panic on listener error
...
Previously runServer would try to listen again if a listener error
occurred. This commit changes the response to a panic to allow a
process manager (systemd/kubelet/etc) to react to the failure.
Kubernetes-commit: 30fb3be4d29179cf551e3030ade37d94d9acc8c9
2017-04-20 20:35:32 +00:00
6d6242ff50
Fix gofmt errors
...
Kubernetes-commit: 6681835b0c00122a408bd4addd47b02840b6208c
2017-04-18 20:35:41 +00:00
2aab760a2a
autogenerated
...
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
2017-04-15 20:35:23 +00:00
631ed9acef
add deregistration for paths
...
Kubernetes-commit: cd950364e5259659a771caf5b564de7a8319969b
2017-04-13 20:35:21 +00:00
320e34b1d9
pkg/admission: make plugin registry non-global
...
Kubernetes-commit: 63f547e1b15ed94ef91c69a7e294b3506bd8c918
2017-04-12 20:35:22 +00:00
f8217a24e4
Bugfix: OpenAPI generator should pass generate type extensions
...
Kubernetes-commit: ab5bcf6d2da5fc9cd2374e966f87e20a95d59ed6
2017-04-12 20:35:22 +00:00
01f14fece5
only log stacks on server errors
...
Kubernetes-commit: b73cddb2278d792c7e07d4e69969df32636ecb6d
2017-04-10 20:35:11 +00:00
72998a2b11
Allow disabling specific post-start hooks
...
Kubernetes-commit: 2c89ff59e22e0d9c825203c4cb94613a3b246d64
2017-03-31 20:37:16 +00:00
b137e92ccf
Plumb cipher/tls version serving options
...
Kubernetes-commit: e156aca4f21331465ba9406be362b9f16b8aba9e
2017-03-31 20:37:15 +00:00
1d9d56a19e
Update godoc for discovery registration
...
Kubernetes-commit: 85b23bb98a2c80fe631e20785e5e7172cb69e518
2017-03-31 20:37:15 +00:00
38fb6e78f7
move legacy insecure options out of the main flow
...
Kubernetes-commit: cd297546807fc08546905a2b96879d13bcf3a30b
2017-03-31 20:37:15 +00:00
c2afcd59a6
move insecure options to kubeapiserver
...
Kubernetes-commit: c2f8ef1b1a4e0e60379b7b7447d59a87b0b0ccf9
2017-03-31 20:37:15 +00:00
b3af46c0dc
wire in aggregation
...
Kubernetes-commit: 8e26fa25da6d3b1deb333fe2484f794795d1c6b9
2017-03-31 20:37:15 +00:00
8c644986dc
require codecfactory
...
Kubernetes-commit: 087a03022106c02f82a497f65b945f3cbab3f643
2017-03-31 20:37:15 +00:00
6e5dbf8e26
rewire aggregation handling chain to be normal
...
Kubernetes-commit: b28966b48ae8e3e10427e0347f33a36053884e0a
2017-03-31 20:37:15 +00:00
91f0fac434
force callers to specify the cert dns names
...
Kubernetes-commit: f31eb0a77f0616a5c4c3477b6d87a5a6726845cc
2017-03-31 20:37:15 +00:00
ba9d99da29
React to go-systemd changes
...
Kubernetes-commit: 085db20a02b222e8a909da02fc5025aeee6ebc57
2017-03-31 20:37:15 +00:00
e314f85f65
Preserve API group order in discovery, prefer extensions over apps
...
Kubernetes-commit: 707f0fb131b5ff89caae7c45a0e4b59991bd7bc2
2017-03-31 20:37:15 +00:00
43ba6dde7a
allow combining API servers
...
Kubernetes-commit: bccef75d7ae43be333e068748bb6f998dafa6d9d
2017-03-31 20:37:15 +00:00
4620c09303
allow fallthrough handling from go-restful routes
...
Kubernetes-commit: 02efeeaf4087533803299356de1673c8400bc351
2017-03-31 20:37:15 +00:00
1e6581d944
use - to indicate audit log goes to system out
...
Kubernetes-commit: 91f461283ec25dd43d55db97f981723a94f208b8
2017-03-31 20:37:15 +00:00
0f41d276a9
Force etcd2 to use application/json, add base64-wrapper decoder as fallback
...
Kubernetes-commit: 87e32c75321bad09707683cb15d6a0c41f4b6f0d
2017-03-18 19:56:09 +00:00
8543f589d2
Ensure patched objects are defaulted correctly
...
Kubernetes-commit: 464db160b410b22dba53af6d11fa097f0fa4fd6b
2017-03-18 19:56:09 +00:00
48679afa87
apiserver: Add non-blocking run method to simplify testing
...
Kubernetes-commit: 6f70b977ff6c6f9ba7ba1971d38ce3bd49243266
2017-03-18 19:56:09 +00:00
33e10a040b
Add pprof trace support
...
Add pprof trace support and --enable-contention-profiling to those
components that don't already have it.
Kubernetes-commit: b011529d8a1486bc2316a049db35759086d2994b
2017-03-18 19:56:09 +00:00
1c5eb397bb
Server timeout returns an incorrect error
...
Not a valid Status object in JSON
Kubernetes-commit: 60d83657516f63b51e43f5b2350821cb5b6835f0
2017-03-18 19:56:09 +00:00
8aacf17ba5
allow incluster authentication info lookup
...
Kubernetes-commit: 3d039f60cf998746a95181cacf5d3d69b83b46b0
2017-03-18 19:56:09 +00:00
9c5ae42f4d
add aggregation integration test
...
Kubernetes-commit: 5cfe26dece13c77bd17fd10e47d2c00bf5da9b6d
2017-03-18 19:56:09 +00:00
51e6651c84
apiserver/pkg/server: include scheme in insecure self client config
...
Kubernetes-commit: 6891505db9c02769b903446946a2506276329eb9
2017-03-18 19:56:09 +00:00
7170396682
tweak defaults for recommended apiserver options
...
Kubernetes-commit: acba2cbd6d188a34f4c3032c933921ba22a0f77c
2017-03-18 19:56:08 +00:00
63e29dca6f
Use new runtime.Object <-> map[string]interface{} converter
2017-02-27 15:10:34 -05:00
954f7be538
apiserver: self-signed in-memory cert for loopback
2017-02-27 15:10:34 -05:00
025f3f79e4
redact detailed errors from healthz and expose in default policy
2017-02-27 15:10:33 -05:00
1e2d8fe122
remove cycle that snuck into tests
2017-02-23 09:48:09 -05:00
36ad26fdd3
Don't use base64 encoding with etcd v3
2017-02-23 09:48:09 -05:00
0446eafcdb
fix misspell "roughly" in config.go
2017-02-23 09:48:09 -05:00
73c30cda7e
staging/src/*: run gofmt
2017-02-23 09:48:09 -05:00
585aca0c2c
k8s.io/apiserver: straighten EtcdOptions, backend Config and kube RESTOptionsFactory
2017-02-16 08:03:03 -05:00
1a57a29c12
k8s.io/apiserver: fixup imports and renamed packages
2017-02-16 08:03:03 -05:00
9f1d603944
k8s.io/apiserver: move server storage code into subpackage
2017-02-16 08:03:03 -05:00
147d3934cf
auto-create the loopback token
2017-02-14 14:04:06 -05:00
bed500fca9
fix bug of runServer function in server.go
2017-02-13 07:36:42 -05:00
c2c4ecb2ff
create sample-apiserver repo for people to inspect
2017-02-13 07:36:42 -05:00
9d21f84d8f
streamline etcd options for aggregated api server
2017-02-13 07:36:42 -05:00
5566a0ef65
move storage serialization type to etcd options
2017-02-13 07:36:42 -05:00
2e34520350
add feature enablement options to recommendedoptions
2017-02-13 07:36:42 -05:00
8c39f8c871
move --runtime-config to kubeapiserver
2017-02-13 07:36:42 -05:00
d3c1c03062
move auditoptions to separate struct
2017-02-13 07:36:42 -05:00
aed020968e
add recommended aggregated api server options
2017-02-13 07:36:42 -05:00
284a95797b
apiserver command line options lead to config
2017-02-13 07:36:41 -05:00
ad39e3715b
add apiserver API group for structured configuration
2017-02-13 07:36:41 -05:00
ac15385364
add liggitt to apimachinery/apiserver packages
2017-02-13 07:36:41 -05:00
a372fcad62
Mechanical fixup imports: pkg/genericapiserver
2017-02-13 07:36:41 -05:00
f3c3e07241
Mechanical move: pkg/genericapiserver -> k8s.io/apiserver
2017-02-13 07:36:41 -05:00
6025c228e6
pkg/storage/etcd: cut off pkg/api scheme
2017-02-02 09:36:48 -05:00
c4b078bb1d
move apiserver options
2017-02-02 09:36:48 -05:00
b0801a1423
move swagger route to apiserver
2017-02-02 09:36:48 -05:00
32ddb5c9d2
move genericapiserver/server/filters to apiserver
2017-01-27 14:15:18 -05:00
466822b370
remove go get failing import comment
2017-01-19 13:02:01 -05:00
855c38d53e
genericapiserver: fix imports
2017-01-19 10:27:27 -05:00
dc90e9a003
genericapiserver: move packages
...
Towards a sane k8s.io/apiserver package structure.
2017-01-19 10:27:27 -05:00
Clayton Coleman
Saksham Sharma
Jordan Liggitt
Dr. Stefan Schimanski
Eric Chiang
p0lyn0mial
deads2k
Tim St. Clair
mbohlool
Nail Islamov
Cao Shufeng
xiangpengzhao
zhouhaibing089
Maru Newby
Christoph Blecker
Mike Danese
Andy Goldstein
Wojciech Tyczynski
jg Chen
linyouchong