kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,400 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

60 Commits

Author SHA1 Message Date
Vinayak Goyal 77f498853b KEP-4633: Allow health-only anonymous auth mode. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>

Kubernetes-commit: 5e6a4937f5a3e20dd77238946220461332ecddff
 2024-05-16 21:18:34 +00:00
Alvaro Aleman da88853b95 Use the generic/typed workqueue throughout 
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.

Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32
 2024-04-28 18:26:18 +02:00
Taehoon Yoon f01be2e04b Updated & added visibility to apiserver x509 test certificates expiring this year 
Kubernetes-commit: 12795107a1685d3701425db9119546b3b77b6e19
 2024-05-02 23:22:55 +00:00
Anish Ramasekar 2f368abc9f Remove unused NewSecure function in requestheader.go 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 699d1f1b7a14fea4d97c41854b6428e0b6313c2c
 2024-04-29 11:19:54 -07:00
seantywork bf05e35835 kubernetes mutual (2-way) x509 comment 
Kubernetes-commit: 48260b4a77b423b178ec5e262ac67be52d49f455
 2023-08-18 01:31:22 +00:00
Monis Khan 64eaf11221 wsstream: use a single approach to detect connection upgrade 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 62b063b74b5eb1b7e72ebac7b5348593249f732b
 2023-08-01 18:37:34 -04:00
Sean Sullivan cdd93b4685 Refactor wsstream library from apiserver to apimachinery 
Kubernetes-commit: 8f3109da7913ef17c6656893f12f0e29ceabbde0
 2023-05-22 10:03:17 -07:00
Monis Khan 9c69aab43c Clear front proxy headers after authentication is complete 
This matches the logic we have for the Authorization header as well
as the impersonation headers.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e9866d2794675aa8dc82ba2637ae45f9f3a27dff
 2023-03-20 13:11:38 -04:00
Han Kang 4ae2cd3dc6 actually resolve the computations for buckets for static analysis 
Change-Id: Icafe84e165cc14087a2811f9a3e5d5e69ef3f178

Kubernetes-commit: a07718258aef5cd20a356b4657f1054b6baeb03b
 2022-10-13 13:44:51 -07:00
Sebastian Laskawiec a0035c972c Warn on receiving a space before the token 
Kubernetes-commit: f0af12bb9d57ffb0c1e4917ba59bcd06dd766a28
 2022-04-21 09:05:33 +02:00
Ravi Gudimetla 1ee261d219 API Server Changes 
This commit includes all the changes needed for APIServer. Instead of modifying the existing signatures for the methods which either generate or return stopChannel, we generate a context from the channel and use the generated context to be passed to the controllers which are started in APIServer. This ensures we don't have to touch APIServer dependencies.

Kubernetes-commit: 8b84a793b39fed2a62af0876b2eda461a68008c9
 2022-03-07 09:20:45 -05:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
卢振兴10069964 549cbbf8de fix broken link in some files 
Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31
 2021-04-13 08:43:24 +08:00
Jiaxin Shan dfad5032fb Fix ALPHA stability level reference link 
Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2
 2021-01-31 15:37:07 -08:00
yoyinzyc 387f5c3a09 add context to metrics in apiserver/authentication 
Kubernetes-commit: 5311d711ecef241ab99266273180be81b373e43a
 2020-12-10 12:11:21 -08:00
ialidzhikov 1b82145bb1 Fix staticcheck in staging/src/k8s.io/apiserver/pkg/authentication/request/x509 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: 5771ea733ffbcff823517a4c51ebcadf11122578
 2021-01-10 00:32:42 +02:00
Tomas Nozicka 83e381874d Add context to x509 verify failures 
Kubernetes-commit: bf52770e413dc6095203cd5ec1716dc3764eee8e
 2020-08-17 14:35:48 +02:00
azush26 df032850ea Add an unit test for requests including value after token 
Kubernetes-commit: 367214dffdc070706011c6814cb2307749b0503f
 2020-09-19 01:04:35 +09:00
azush26 c0d57defce Limit the max number of splitting 
Kubernetes-commit: bf516ab99c3c2ce2b4ad6d0acaf122a4d216cc2d
 2020-09-15 23:04:57 +09:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
Lukasz Szaszkiewicz 513afab811 expose RunOnce method on RequestHeaderAuthRequest controller 
Kubernetes-commit: f3a7f057c423caf77b0c5315d7728727c4b35bde
 2020-04-28 15:35:17 +02:00
Lukasz Szaszkiewicz 07cdc792bb provides DynamicRequestHeaderController that combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController into one controller 
the unified controller will dynamically fill RequestHeaderConfig struct

Kubernetes-commit: cb4b4cb5a6ffdf1c7f199e644a8b5cac2367d504
 2020-04-28 12:48:21 +02:00
Lukasz Szaszkiewicz 259bedd4a2 provides RequestHeaderAuthRequestController for dynamically filling RequestHeaderConfig struct 
Kubernetes-commit: 6e0211b3d82c5b3b2f69f6b3c7a7840b42e6e000
 2020-04-27 17:41:42 +02:00
Alvaro Aleman 3d613a7c48 Remove stale comment re making apiserver common names dynamic 
Kubernetes-commit: 1d3b6ece63604afb3b6e672f188eb34abc3fed4d
 2019-11-29 15:14:29 +01:00
David Eads 80b16c1ce7 allow a verifyoptionsfunc to indicate that no certpool is available 
Kubernetes-commit: c672affad176c22da66c7ac17cc8805f08533ce9
 2019-11-06 10:38:45 -05:00
David Eads 703545a3db add the ability for dynamic header names in delegated authentication 
Kubernetes-commit: 58256346693717fd12f121f0cf74fe1e003edb0f
 2019-10-03 12:56:42 -04:00
David Eads eee025a27a add ability to authenticators for dynamic update of certs 
Kubernetes-commit: 51195dd86012c4c4b17a1707ef50a46fa046f74f
 2019-09-05 09:59:59 -04:00
Han Kang 3e6e1db500 add some documentation around the metrics stability migration changes for clarity 
Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5
 2019-08-26 19:15:30 -07:00
Han Kang b9084e350a migrate kube-apiserver metrics to stability framework 
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
 2019-08-22 15:38:42 -07:00
Max Leonard Inden 041b1f1718 src/k8s.io/apiserver: Increase cert expiration histogram resolution 
The `certificate_expiration_seconds` histogram measures the remaining
time of client certificates used to authenticate to the API server. It
records the lifetime of received client request certificates in buckets
of 6h, 12h, ..., 1y.

In environments with automated certificate rotation it is not uncommen
to have issued certificates expire in less than the above mentioned
minimum bucket of 6h. In such environments the above histogram is
useless given that every request will be recorded in the first bucket.

This patch increases the histogram resolution by adding a 30m, 1h and 2h
bucket. Prometheus histogram buckets are cummulative, e.g. the 12h
bucket is counting _all_ records with an expiration date lower or equal
to 12h including _all_ requests of the 6h bucket. Thereby this patch
does not break existing monitoring setups.  This histogram is exposed
once per API server, thereby the 3 additional time series do not cause a
cardinality issue.

Kubernetes-commit: f90bbc3d6bfba992831eb216161990eae1098ae5
 2019-03-01 11:34:38 +01:00
Xiang Dai ca6fc75dff delete all duplicate empty blanks 
Signed-off-by: Xiang Dai <764524258@qq.com>

Kubernetes-commit: 36065c6dd717c14e0a90131041e20345a7e5e324
 2019-02-22 09:43:51 +08:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Jordan Liggitt b5314974ae certificates subproject approvers/reviewers 
Kubernetes-commit: 4ebe084376610b88b0ac446b59ef537adcee51e3
 2018-11-02 14:11:01 -04:00
Mike Danese 1692373df9 move audience context functions to authenticator package 
Kubernetes-commit: 817cf70191b73d1ee9f4e7af83089e5854e5131d
 2018-10-31 14:50:11 -07:00
Mike Danese 7c1e7ec029 echo audiences in anonymous and insecure authenticators 
part of https://github.com/kubernetes/kubernetes/issues/69893

Kubernetes-commit: f94bc6193e1e299b1cb258b59504fab81cf8da1c
 2018-10-26 15:29:55 -07:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface. 
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
 2018-10-15 15:17:36 -07:00
David McCormick a948ad1df7 Remove excessive warnings with x509 certificate auth 
Suppress common name verify warning log and roll up into returned error

remove glog test dependency

Kubernetes-commit: bb3124c48a4d276ed280175e5825ea9db022d699
 2018-09-24 17:15:27 +01:00
Jake Sanders 41bff9cd5e Escape illegal characters in remote extra keys 
Signed-off-by: Jake Sanders <jsand@google.com>

Kubernetes-commit: f35e3d07c9898f8ec156209a868fa4451eb9afe2
 2018-07-03 21:19:15 -07:00
Jordan Liggitt 524198321e Remove unused x509 code 
Kubernetes-commit: 82f603c3274e3a1c2927a019670ec17f15281a28
 2018-07-10 13:22:24 -04:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mike Danese c463eb3137 certs: add month buckets 
Kubernetes-commit: e08c98b171ff9dd3982377103f9e43c311c7a78d
 2017-11-27 10:59:56 -08:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Jacob Simpson 68a92a4526 Add metric for remaining life of authenticating certificates 
When incoming requests to the API server are authenticated by a
certificate, the expiration of the certificate can affect the validity
of the authentication. With auto rotation of certificates, which is
starting with kubelet certificates, the goal is to use shorter lifetimes
and let the kubelet renew the certificate as desired. Monitoring
certificates which are approaching expiration and not renewing would be
an early warning sign that nodes are about to stop participating in the
cluster.

Kubernetes-commit: 49a19c6011e05363a8baf8e99c917d11a9496568
 2017-08-29 13:16:14 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
John Millikin 431caeab63 Use case-insensitive header keys for `--requestheader-group-headers`. 
This flag is documented as being case-insensitive, but the code was
doing a case-sensitive map lookup.

Kubernetes-commit: 0acdc0cdb369372e06c202aea162bce04410f643
 2017-07-28 13:56:11 +00:00
Haoran Wang da548f4af1 fix error type 
Kubernetes-commit: 45ec7d9f51c54c8312579c9a0eab83c29d6d7d06
 2017-07-05 23:59:23 +00:00