kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
585 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

133 Commits

Author SHA1 Message Date
mbohlool f26c819f3d Update Bazel 
Kubernetes-commit: 1806609596aa05f3ee2d941fd26978451b946383
 2017-08-29 13:13:04 +00:00
mbohlool e671fe20d7 Update main repo references to new kube-openapi repo 
Kubernetes-commit: 400b77b48f972b1e10854980586559d5852088c7
 2017-08-29 13:13:04 +00:00
mbohlool 72a8a7817c Revert "Separate Build and Serving parts of OpenAPI spec handler" 
This reverts commit 0a886ffaf8b9de97ef8134a4182b719ba2c6f22f.

Kubernetes-commit: 56fd5853b347e985b4fd02e251ee8da4ae6e35a2
 2017-08-29 13:13:04 +00:00
mbohlool 2de4d08b67 Revert "Aggregate OpenAPI specs" 
This reverts commit 1a1d9a0394cbdb1d1e2412ae8f0157799eb5329c.

Kubernetes-commit: 88868402b863b1f59a339d3a218bf62c264721ee
 2017-08-29 13:13:04 +00:00
Saksham Sharma fe5fc30248 Add cloudprovidedkms provider support 
Kubernetes-commit: 68a32c06b4d69970ac2489ff5177d5703ca604cd
 2017-08-01 23:56:38 +00:00
Saksham Sharma 55fe632ce2 Add unit tests for KMS transformer initialization 
Kubernetes-commit: b76c63a9f086d978532c5b7ca565cb3ccd90b32e
 2017-08-01 23:56:38 +00:00
Saksham Sharma c75b59c1cd Add KMS plugin registry 
Kubernetes-commit: 49989439d7dab525d22b73936d533ae736b50491
 2017-08-01 23:56:38 +00:00
Shyam Jeedigunta d156370a82 Add apiserver metric for response sizes split by namespace scope 
Kubernetes-commit: 5facb62806a7f5d442bff8f77418b53cd58544f9
 2017-07-29 13:55:24 +00:00
deads2k 7f0ff974d5 rate limiting should not affect system masters 
Kubernetes-commit: 8a3b4d81e6c3a74fa1afa5fd17d3bf42ba1e856d
 2017-07-28 13:56:11 +00:00
Slava Semushin a2a05bd86f ParseEncryptionConfiguration: simplify code. 
Also improves function name in godoc and many error messages.

Kubernetes-commit: bf51722ffbfa5521b8c516b8751435f004aacacf
 2017-07-28 13:56:11 +00:00
Dr. Stefan Schimanski 7def9ae6ce Fixup go2idl references 
Kubernetes-commit: edfbb9aa6424ef975d717177886ca9cbdabe34c6
 2017-07-28 13:56:11 +00:00
xiangpengzhao 5f2f70a255 Validate --storage-backend type. 
Kubernetes-commit: fcf2df9ad7ea688d75b2e9abb036b9d7abcc6e7c
 2017-07-28 13:56:10 +00:00
huangjiuyuan 530dec4a81 adding validations on kube-apiserver audit log options 
Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>

Kubernetes-commit: 21d0f815645ca3452719faf1ad69c63a9c3f3db2
 2017-07-19 03:49:08 +00:00
Shyam Jeedigunta 817e4db05c maxinflight handler should let panicrecovery handler call NewLogged 
Kubernetes-commit: 6ffbbad21790ccf1f1f7063a0800a4696a572c76
 2017-07-16 04:08:42 +00:00
sakeven f3f629bfe7 remove svg mime type extension 
Signed-off-by: sakeven <jc5930@sina.cn>

Kubernetes-commit: 795953c0c4db03d182b941af5af03ff51652de72
 2017-07-16 04:08:42 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Clayton Coleman c521c8f6b5 Record 429 and timeout errors to prometheus 
Allows gathering of load being shed.

Kubernetes-commit: 2e33a2f0bc8ac82aecadcb19cf6e41259454d182
 2017-07-16 04:08:41 +00:00
Aaron Crickenberger e110054277 TestLoopbackHostPort should accept IPv6 loopback host 
Kubernetes-commit: 8469b013333baec0dc2fc43a6bfb7493fcf019e8
 2017-07-16 04:08:40 +00:00
Shiyang Wang 276c240fae Fix 401/403 apiserver errors do not return 'Status' objects 
Kubernetes-commit: 3d6479f7216dcb61e56ab6dd53fad7176930645d
 2017-07-05 23:59:23 +00:00
deads2k fc0bd6b232 make the panic handler first 
Kubernetes-commit: 9b43bd4a5b234d528ebc0fd059ae69eedced8c7f
 2017-07-05 23:59:22 +00:00
Cao Shufeng 924adf12df Add Validate() function for audit options 
Kubernetes-commit: cf8e3ccf1959942342ed0c10f6b43d46beb65e04
 2017-07-05 08:39:49 +00:00
Antoine Pelisse d57ea42cc0 Add NYTimes/gziphandler dependency 
Kubernetes-commit: f617df7d6a63692ae8e0b2863f3b44f6ea02d355
 2017-07-01 08:39:43 +00:00
Antoine Pelisse 242da91bc8 openapi: Read Accept-Content to send gzip if needed 
Kubernetes-commit: bd38dd4d12b77126ba9c129b74b2b444f9f2a3a1
 2017-07-01 08:39:43 +00:00
Scott Weiss b74e5942e2 add compression to GET and LIST api requests 
this feature is gated; disabled by default

Kubernetes-commit: c305f72315a83c16c40fbbfd06b563f9e67208ff
 2017-06-28 00:14:31 +00:00
p0lyn0mial c4948f98da incluster config will be used when creating external shared informers. 
previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.

Kubernetes-commit: 074544b3b024156e4ce91de5778281dbe1b47a72
 2017-06-28 00:14:31 +00:00
Chao Xu 0fc5fed423 manually fix openapi-gen 
Kubernetes-commit: 4379bbdafbd38bdc67f2ceb5cb7a4e778baebf04
 2017-06-28 00:14:31 +00:00
zhengjiajin 6ed25fddc6 Fix api description 
Kubernetes-commit: f7ce20d2e4b4c24cfa7440e135abf78e538673bb
 2017-06-16 22:11:33 +00:00
Saksham Sharma 205eddae2b Fix typo in secretbox transformer prefix 
Kubernetes-commit: 2c820c205073ec96acf8c0cf140db2381f377425
 2017-06-15 22:11:39 +00:00
Jordan Liggitt e4286c2402 Revert "add gzip compression to GET and LIST requests" 
This reverts commit fc650a54d02f358c7fc65fa25b8312028bd4e944.

Kubernetes-commit: 63e3e2fa7b04bd3d3f1fccb63391f17ea01e06a8
 2017-06-13 20:47:32 +00:00
Saksham Sharma f1876a2211 Add configuration for AESCBC, Secretbox encryption 
Add tests for new transformers

Kubernetes-commit: 13073407422c62ee2131968060c85ce8b6488de4
 2017-06-13 20:47:32 +00:00
deads2k 8401e3b61b change the default storage location to avoid double prefixing 
Kubernetes-commit: bc3434c084e405769417a08195700cd6be02211f
 2017-06-13 20:47:32 +00:00
Scott Weiss 8c02c5efc4 add gzip compression to GET and LIST requests 
closes #44164

Kubernetes-commit: fc650a54d02f358c7fc65fa25b8312028bd4e944
 2017-06-13 20:47:32 +00:00
Clayton Coleman fcc6b93d70 Load initializers from dynamic config 
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).

Kubernetes-commit: 772ab8e1b4163c17d285a2789321762a8f2dc9f3
 2017-06-13 20:47:31 +00:00
Jordan Liggitt 8ab96afbb9 Avoid * in filenames 
Kubernetes-commit: b5e5e93201ccbc1b4ed1da0378c1f550508bfc4f
 2017-06-13 20:47:31 +00:00
mbohlool 0bd6ffe372 Update Bazel 
Kubernetes-commit: c2f2a33dc51e33634317dcc125543d3d05dab500
 2017-06-13 20:47:31 +00:00
mbohlool f03a4943d7 Aggregate OpenAPI specs 
Kubernetes-commit: 1a1d9a0394cbdb1d1e2412ae8f0157799eb5329c
 2017-06-13 20:47:31 +00:00
mbohlool f10f5391f1 Separate Build and Serving parts of OpenAPI spec handler 
Kubernetes-commit: 0a886ffaf8b9de97ef8134a4182b719ba2c6f22f
 2017-06-13 20:47:31 +00:00
mbohlool bfb371141a Remove unused servePath from GetOperationIDAndTags and GetDefinitionName 
Kubernetes-commit: ef8ee84cd07dedf0a441d455f54b55a6468b4b3d
 2017-06-13 20:47:31 +00:00
Clayton Coleman 5fa08b8c5e Allow initialization of resources 
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.

Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.

Initialization is currently alpha.

Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
 2017-06-13 20:47:30 +00:00
Saksham Sharma 0b1c13686c Add configuration options for encryption providers 
Add location transformer, config for transformers

Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.

Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.

Add new files to BUILD, AEAD => k8s-aes-gcm

Use group resources to select encryption provider

Update tests for configuration parsing

Remove location transformer

Allow specifying providers per resource group in configuration

Add IdentityTransformer configuration option

Fix minor issues with initial AEAD implementation

Unified parsing of all configurations

Parse configuration using a union struct

Run configuration parsing in APIserver, refactor parsing

More gdoc, fix minor bugs

Add test coverage for combined transformers

Use table driven tests for encryptionconfig

Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
 2017-06-13 20:47:30 +00:00
Jordan Liggitt efae6ed84b Pre-generate SNI test certs 
Kubernetes-commit: 6554dfc4456869e299b8f6a8f686e8c3cee073d9
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski d6f1990c7c apiserver: avoid resolving 'localhost' 
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.

Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
 2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
p0lyn0mial 42d367c84c register all generic admission plugins when AdmissionOptions are created. 
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*

move registration to AdmissionOptions

Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
 2017-06-13 20:47:29 +00:00
deads2k 10de73bc53 move CRD behind TPR 
Kubernetes-commit: 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff
 2017-06-13 20:47:29 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00
p0lyn0mial ecba80695f remove init blocks from all admission plugins 
Kubernetes-commit: c5019bf6962475ffff94ef4993bdc651b79f650c
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski ec8d130fa7 audit: wire through non-nil context everywhere 
Kubernetes-commit: ce942d19c378ecd335e7e158e30cdc184f9d6184
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00