kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,683 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

49 Commits

Author SHA1 Message Date
Dr. Stefan Schimanski 4b46916a7b apiserver/authconfig: wire CEL compiler through lower layers to allow sharing 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>

Kubernetes-commit: 4024390d8c8a19056ab7ced95eef5cce43c8096d
 2024-09-20 12:34:08 +02:00
Mangirdas Judeikis 07be2984cd wire in ctx to rbac plugins 
Kubernetes-commit: 4e4eb8c5c95652b4cbe672a02e4077a93d0bfe2d
 2024-09-13 12:03:47 +03:00
Jordan Liggitt eabf12957a Add structured labelSelector / fieldSelector to authorization webhook match conditions 
Kubernetes-commit: a1398a8ccaeb7f881acb65d1276392f4cac259e8
 2024-06-26 17:17:43 -04:00
David Eads f26d4ed894 add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd
 2024-05-23 15:12:26 -04:00
Cici Huang d44012e895 Adding the feature gates to fix cost for VAP and webhook matchConditions. 
Kubernetes-commit: d6e4115ead6b93d2accf688876471231b365ceae
 2024-05-01 16:26:41 -07:00
Jordan Liggitt 9adb3ee3c0 Add authorization webhook duration/count/failopen metrics 
Kubernetes-commit: 79b344d85e3e2f8f3192a3dcabb384cfe87136a6
 2024-03-02 01:44:28 -05:00
Rita Zhang b7a30e3bfb add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>

Kubernetes-commit: e76fce75666beb2771dfa15a10700f18d2d15d85
 2024-02-29 20:55:32 -08:00
Jordan Liggitt fe847b31f4 Add allowed/denied metrics for authorizers 
Kubernetes-commit: d5d3eddb95b657f03677c21498f185d70d87cdda
 2024-02-16 02:26:18 -05:00
lowang_bh 43f24ff9ee fix comment of rbac decision for NoOpinion 
Signed-off-by: lowang_bh <lhui_wang@163.com>

Kubernetes-commit: 3579674df2df72956b34fa2593e526c02beea9d6
 2023-06-06 22:36:14 +08:00
Jordan Liggitt 2a9f8b8d15 Include empty string attributes for CEL authz evaluation 
Kubernetes-commit: 44d89c8cf8c1ba883029e1244492a523d6b50b92
 2023-11-02 15:14:06 -04:00
Jordan Liggitt 4eacc8425d Plumb failure policy from config to webhook construction 
Kubernetes-commit: 2e2f51a4417d93b5505091d28b319365dc95e137
 2023-11-02 13:55:35 -04:00
Rita Zhang cca4910d25 authz: add cel expression to webhook matchconditions 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: 31c76e9abb22faaf833acd54ce75cc71465136e4
 2023-10-06 17:47:23 -07:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
Lukasz Szaszkiewicz 9ff2637133 adds metrics for authorization webhook 
Kubernetes-commit: 4a2aef00d6dd2543b011aa7e5af28df598a0cd72
 2021-03-17 16:30:40 +01:00
Monis Khan e14444ffc5 authorizer func: pass through context 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 8f00e918d84a76ea43d76a8d5b96c3f2535afa99
 2021-04-09 09:33:46 -04:00
Monis Khan 0ac9d4bf6d Update auth OWNERS files to only use aliases 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: bca4993004953041c91ad56e37ef195b32066c27
 2021-04-07 10:42:00 -04:00
Abu Kashem 6ef142596d thorw error if webhook retry backoof is not specified 
Kubernetes-commit: c09828e47d0042a547a7eb3ca9f2686038645f04
 2020-10-30 10:27:09 -04:00
Abu Kashem 5254108841 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.

Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
 2020-10-30 11:25:32 -04:00
Ken Sipe 4ad3e91efa changes in imports was unintentional 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 09cd56b561d0c31421dfc6374b68e0b18c6cc746
 2020-06-28 15:26:40 -05:00
Ken Sipe ce7f425acc fix S1002 omit comp to bool 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: e8878687b18fd961e9f3e29c1c46fe018157a77d
 2020-06-26 10:36:38 -05:00
Jordan Liggitt 52b3bfb8fa Switch kubelet/aggregated API servers to use v1 subjectaccessreviews 
Kubernetes-commit: d54a70db5cfc0887e2f5177b0c3f795947be6eb4
 2019-11-04 23:29:56 -05:00
Jordan Liggitt d1d66bda16 Propagate context to Authorize() calls 
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
 2019-09-24 10:06:32 -04:00
Justin SB bf98046128 Remove executable file permission from OWNERS files 
Kubernetes-commit: dd19b923b7c26420af39fcf4eedfa213b236c8d3
 2019-01-03 12:18:20 -05:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Jordan Liggitt 2109711572 Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config 
Kubernetes-commit: 9229399bd6049bc7766829b436d5cb5fe0dfe2f1
 2019-01-15 10:44:36 -05:00
Zhang-hoon Dennis Oh dfaa27e10c Update two doc.go files under staging/src/k8s.io/apiserver 
Signed-off-by: Zhang-hoon Dennis Oh <zhanghoondennisoh@gmail.com>

Kubernetes-commit: f48480953e00f39e108833fd88a1d614459053a7
 2018-10-11 19:10:16 +09:00
Jordan Liggitt c710b80254 authorizers subproject approvers/reviewers 
Kubernetes-commit: 9ae79f965395047ed46de110b2b45f0a91083f43
 2018-11-02 13:53:57 -04:00
Eric Chiang 13ab2dca08 Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.

Kubernetes-commit: 766f5875bfa0d8ce4d52cdb87d12faea527e1492
 2018-10-11 18:11:15 -07:00
Dr. Stefan Schimanski a8bd1ddbf7 delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz 
Kubernetes-commit: 6142e2f8f7c8b1c5d32a2f9aa3715ea0b5baf167
 2018-08-17 17:03:16 +02:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
Di Xu 9beeb59216 fix all the typos across the project 
Kubernetes-commit: 48388fec7eaad4ac8d84fbe20673ffacf41964a1
 2018-02-09 14:53:53 +08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
hzxuzhonghu bc64759ab8 rename test file and remove unused code 
Kubernetes-commit: 4685bd8f3b270fdeb4cfe4a252b3cb3ab308ac75
 2017-11-10 15:11:44 +08:00
Mike Danese f4103391b2 modify the union authorizer to return on the first Approve or Deny and to continue on Unknown 
Kubernetes-commit: cfe580c99f60b26f39cb9a5022a8edaf64187a93
 2017-09-29 14:22:08 -07:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Mike Danese 89a498de40 refactor authorizer to return a tristate decision 
Kubernetes-commit: ee4d2d0a941b4298a3e07aab8fef5b3c5b85b27d
 2017-09-29 14:21:08 -07:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Chen Rong b4c851a534 generated 
Kubernetes-commit: ed8adf6e51d76b3652be3b433b2dab590f1ff1f0
 2017-09-03 14:04:11 +00:00
xilabao a50d8a0b4f add selfsubjectrulesreview api 
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
 2017-09-03 14:04:10 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Mike Danese 2aab760a2a autogenerated 
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
 2017-04-15 20:35:23 +00:00
deads2k 9503eabb8b move genericapiserver authenticator and authorizer factories 2017-01-27 08:47:01 -05:00
deads2k d2037a9447 use apimachinery packages instead of client-go packages 2017-01-13 16:24:57 -05:00
deads2k 6687ea314a moves of genericapiserver packages without dependencies 2017-01-13 13:38:51 -05:00
deads2k f22426d63f move no k8s.io/kubernetes dependencies round one 2017-01-13 13:38:51 -05:00