Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.
Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
Kubernetes-commit: 772ab8e1b4163c17d285a2789321762a8f2dc9f3
Print a better error from the response. Performs validation to ensure it
does not regress in alpha state.
Kubernetes-commit: ce972ca47591cc24a3a24362478dc61ec8e91278
When using hijacker to take over the connection, the http status code
should be 101 not 200.
PS:
Use "kubectl exec" as an example to review this change.
Kubernetes-commit: 541935b13f87e55199840a73cd3f158e7f0d7b63
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.
Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.
Initialization is currently alpha.
Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
doc for WithAudit is copyed from WithLegacyAudit, it's out of date.
This change update doc for these two functions.
Kubernetes-commit: 82390af25083031e244107527fe5d9491ade937b
Add location transformer, config for transformers
Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.
Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.
Add new files to BUILD, AEAD => k8s-aes-gcm
Use group resources to select encryption provider
Update tests for configuration parsing
Remove location transformer
Allow specifying providers per resource group in configuration
Add IdentityTransformer configuration option
Fix minor issues with initial AEAD implementation
Unified parsing of all configurations
Parse configuration using a union struct
Run configuration parsing in APIserver, refactor parsing
More gdoc, fix minor bugs
Add test coverage for combined transformers
Use table driven tests for encryptionconfig
Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
The golang stdlib resolve localhost first via the external DNS server,
not via /etc/hosts. If your DNS resolve localhost.<search-domain>, the
API server won't start.
Kubernetes-commit: 63cd572c74a40933d8e6928e084601810b724a81
Empty audit policy file or policy file contains only comments means
using default audit level for all requests.
Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b
All generic registries expose metadata output, and refactor endpoints to
allow negotiation to handle those responses. Add support for
PartialObjectMetadata being returned for objects as well.
Kubernetes-commit: f203e42cb98ed4bac7ad8ebbed717d3bd42f55b6
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*
move registration to AdmissionOptions
Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
proxy_handler now uses the endpoint router to map the cluster IP to
appropriate endpoint (Pod) IP for the given resource.
Added code to allow aggregator routing to be optional.
Updated bazel build.
Fixes to cover JLiggit comments.
Added util ResourceLocation method based on Listers.
Fixed issues from verification steps.
Updated to add an interface to obfuscate some of the routing logic.
Collapsed cluster IP resolution in to the aggregator routing
implementation.
Added 2 simple unit tests for ResolveEndpoint
Kubernetes-commit: ad8a83a7c1741efb507d924a17eb809748ee2e06
This change makes it so that errors during watch decoding panic the
server if it is in a test environment. This allows us to catch coder
errors related to storing incompatible types at the same location in
etcd.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: a13f026fd012859f04467e6007e2cafe4a788927
All registry.Store objects already set a non-nil DeleteStrategy.
This change ensures that all future objects do so as well.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: 08fcd79e1f4b9d3efe0a20ea4ce4fdf5ffea0531
Subresources are very often completely different code paths and errors
generated on those code paths are important to distinguish.
Kubernetes-commit: ad431c454c1306fdcc2134a3626444984d350f46
stuart.warren
Scott Weiss
Christoph Blecker
Fabiano Franz
Tim St. Clair
Clayton Coleman
Jordan Liggitt
mbohlool
David Ashpole
Cao Shufeng
Dr. Stefan Schimanski
Saksham Sharma
Chao Xu
Eric Chiang
Wojciech Tyczynski
p0lyn0mial
Walter Fender
deads2k
Monis Khan
Tim Hockin